Bug 1443130

Summary: No input validation for HW models name
Product: Red Hat Satellite Reporter: Roman Plevka <rplevka>
Component: HostsAssignee: satellite6-bugs <satellite6-bugs>
Status: CLOSED DUPLICATE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 6.2.9CC: bbuckingham, inecas, jcallaha, mhulan, sgraessl, tbrisker
Target Milestone: UnspecifiedKeywords: Triaged
Target Release: Unused   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-04-18 19:39:50 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Roman Plevka 2017-04-18 14:20:35 UTC 
Description of problem:
There is no input validation or restriction during creating a new HW model.
The fields accept all sorts of characters that causes trouble in the url, since e.g. the hw model name is used in the url path.


Version-Release number of selected component (if applicable):
6.2.9-3

Steps to Reproduce:
1. create a new hw model with name e.g. "foo/" "<h>bar</h>"
2. after the hw model is being created, navigate to it > hw models>your model
3. receive 404

Actual results:
404 (the unescaped name is being used in the url path)

Expected results:
- restrict the valid characters and do the input validation
- escape or urlencode the characters
Comment 2 Tomer Brisker 2017-04-18 19:39:50 UTC 

*** This bug has been marked as a duplicate of bug 1265150 ***