Bug 853018
| Summary: | Templates batch cleanup: rel links, "forgotten password" feature, consistent titles | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 5 | Reporter: | Radek Steiger <rsteiger> | ||||
| Component: | conga | Assignee: | Jan Pokorný [poki] <jpokorny> | ||||
| Status: | CLOSED ERRATA | QA Contact: | Cluster QE <mspqa-list> | ||||
| Severity: | low | Docs Contact: | |||||
| Priority: | low | ||||||
| Version: | 5.9 | CC: | bgollahe, cluster-maint, jpokorny, rsteiger | ||||
| Target Milestone: | rc | ||||||
| Target Release: | --- | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | conga-0.12.2-67.el5 | Doc Type: | Bug Fix | ||||
| Doc Text: |
Proposed text:
Prior to this update, luci, the web-based frontend of conga cluster
management, contained non-visual links dedicated to better browsing
experience in the agents supporting it, such as a navigation to
the a site map, access of which resulted in the error. Another
minor inconvenience was a rare inconsistency in the page titles.
The luci templates cleanup was done to fix respective corner cases.
|
Story Points: | --- | ||||
| Clone Of: | |||||||
| : | 969202 (view as bug list) | Environment: | |||||
| Last Closed: | 2013-10-01 00:39:58 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Bug Depends On: | 514679 | ||||||
| Bug Blocks: | 969202 | ||||||
| Attachments: |
|
||||||
|
Description
Radek Steiger
2012-08-30 09:35:51 UTC
Created attachment 608100 [details]
logs
Thanks, Radek. In fact, there is more places like this, but generally this technical debt regarding templates is very minor. I prefer solving this bug (as batch of templates editting) together with any other requiring to modify Data.fs. For the time being, this bug can be used to track all these tiny things that will show up. In parallel, some of them are tracked in luci/TODO [1], such as completely disabling the "forgotten password" feature, which equally well cannot be triggered in a standard-user mode (as opposed to nit-picking-tech-savvy one). [1] http://git.fedorahosted.org/cgit/conga-luci-1stgen.git/tree/?h=RHEL5-active Attaching [bug 514679], credit for discovery belongs to Radek (who unfortunately didn't look into conga's bug history to find it reported ages ago). Another thing: there is (AFAIK) JS-based title rewriting that works everywhere except for "cluster" tab, making it inconsistent. The next one is that every explicit logout is accompanied with
> 2012-11-09T20:26:47 INFO CMFFormController
> You have triggered the form controller action "logout" using
> a GET REQUEST. This is a potential security hazard.
> In Plone 3.0 this will FAIL unless you explicitly enable your form
> to support GET requests in the ZMI (or using the .metadata file).
in /var/lib/luci/log/event.log.
This could be prevent by turning "log out" link into trigger of
a POST form with hidden ":default_method=logout" parameter.
re: [comment 4]: This will be kept, only non-rewritten titles will change from: <page title> — <portal title> to <Capitalized portal title> — <page title> so that it conforms to the format in rewritten titles (i.e., no harassing inconsistence). re [comment 5]: This seems to be outside our scope, it's rather an internal Plone inconsistency (or, less likely, leftover from historic updates). The action handler is declated in: > CMFPlone/profiles/default/actions.xml Recap: > - non-existent pages linked from page head section ('search_form', 'author' > and 'sitemap') Radek knows best :) The only <link> tag kept is the one referring to the main page (should point to /luci), as it indeed exists. > - disabled sending recovery email in (failsafe_)login_form completely IIRC, was possible when logged in and accessing /luci/require_login, /luci/login_form or something like that. Will look at more if cannot be located. Originally, it lead to non-servable address. > - JS-based title rewriting in cluster tab It would be swimming against the stream, so I instead made JS-based and native titles more consistent: see [comment 4]. Visible change at /luci/homebase, luci/storage (native titles) -- now they should conform to /luci/cluster, /luci/homebase?pagetype=2 and others where JS rewriting applies (basically all three-items-titles like "Luci - foo - bar"). > - logout action using more appropriate request method More like internal Plone implementation/integration issue, see [comment 8] and [comment 9]. Not addressed, nor a big deal with that. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2013-1358.html |