Bug 1515355 - Text Injection possible
Summary: Text Injection possible
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat CloudForms Management Engine
Classification: Red Hat
Component: UI - OPS
Version: 5.8.0
Hardware: Unspecified
OS: Unspecified
low
low
Target Milestone: GA
: 5.8.4
Assignee: Martin Povolny
QA Contact: Vatsal Parekh
URL:
Whiteboard: ui:flash_msg
Depends On: 1475303
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-11-20 16:24 UTC by Satoe Imaishi
Modified: 2018-04-18 10:05 UTC (History)
8 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 1475303
Environment:
Last Closed: 2018-04-18 10:05:05 UTC
Category: ---
Cloudforms Team: CFME Core
Target Upstream Version:


Attachments (Terms of Use)

Comment 2 CFME Bot 2017-11-20 16:38:23 UTC
New commit detected on ManageIQ/manageiq-ui-classic/fine:
https://github.com/ManageIQ/manageiq-ui-classic/commit/da77dafa31e78d1d9f10b6f145d4f5167c850621

commit da77dafa31e78d1d9f10b6f145d4f5167c850621
Author:     Milan Zázrivec <mzazrivec@redhat.com>
AuthorDate: Tue Oct 17 12:42:01 2017 +0200
Commit:     Satoe Imaishi <simaishi@redhat.com>
CommitDate: Mon Nov 20 11:36:40 2017 -0500

    Merge pull request #2412 from martinpovolny/redirect_flash_orchestration_stack
    
    OrchestrationStack template copy: use session, not URL to pass the fl…
    (cherry picked from commit 64451638e04dc909b5d31c4ff23c7710342bc3d5)
    
    https://bugzilla.redhat.com/show_bug.cgi?id=1515355

 app/controllers/orchestration_stack_controller.rb | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

Comment 3 Vatsal Parekh 2017-12-15 10:05:45 UTC
Still seeing this at some places, like after ordering a Catalog.

Comment 5 Martin Povolny 2018-04-18 10:05:05 UTC
Here's the latest PR on this:

https://github.com/ManageIQ/manageiq-ui-classic/pull/3643

Changes are in too many places to put this into 5.8.x so closing this as won't fix.

This is going to be fixed in the next release (6.0), clone: https://bugzilla.redhat.com/show_bug.cgi?id=1475303


Note You need to log in before you can comment on or make changes to this bug.