Bug 1023093
Summary: | User can break Domains UI by entering a nasty string for 'name' | ||
---|---|---|---|
Product: | Red Hat Satellite | Reporter: | Corey Welton <cwelton> |
Component: | Provisioning | Assignee: | Dmitri Dolguikh <dmitri> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Corey Welton <cwelton> |
Severity: | high | Docs Contact: | |
Priority: | unspecified | ||
Version: | 6.0.2 | CC: | dcleal, mmccune, ohadlevy |
Target Milestone: | Unspecified | Keywords: | Triaged |
Target Release: | Unused | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
URL: | http://projects.theforeman.org/issues/3516 | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2014-07-02 14:04:47 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Corey Welton
2013-10-24 15:19:28 UTC
Satellite-6.0.2-RHEL-6-20131023.1 A side note: The resulting error page also references tracking issues in foreman bug tracker. We fixed this elsewhere but apparently this is a new place where we need to point to BZ. I'd prefer we fix this at the same time since it's hard to try and verify such things when the underlying breakage is fixed. I think the actual string used was 你好/`cat /etc/passwd` bad copy and paste from screen in the initial report. from hammer -u admin -p admin domain list 3 | 你好/`cat /etc/passwd/` So there's your proper string It does appear we can remove it via CLI hammer -u admin -p admin domain delete --id 3 So as we have a workaround, I will remove blocker. A basic "a/b" causes it to fail too, much the same reason behind bug #1023062 as we're not sanitising names sufficiently in URLs. Merged as 39558b7200a7e1d4d5976ee62e25491d9016e56f in develop. Verified in Satellite/Satellite-6.0.3-RHEL-6-20140430.4 This was delivered with 6.0.3, which is the Satellite 6 Beta. |