New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Properly escape username/roles in web interface (#3570) #3588

Merged
merged 1 commit into from Mar 7, 2017

Conversation

Projects
None yet
2 participants
@dennisoelkers
Member

dennisoelkers commented Mar 7, 2017

Description

Motivation and Context

This is the port of #3570 to the 2.2 branch.

Before this change it was possible to create user/role names containing one or more slashes or other special characters, but it was not possible to delete them afterwards from the web interface.

After this change, the user/role name used to construct the URL to the backend is escaped properly, so deletions suceed even if the user/role name contains one or more special characters.

Fixes #3569.

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)

Checklist:

  • My code follows the code style of this project.
  • My change requires a change to the documentation.
  • I have updated the documentation accordingly.
  • I have read the CONTRIBUTING document.
  • I have added tests to cover my changes.
  • All new and existing tests passed.
Properly escape username/roles in web interface (#3570)
* Escaping username component to allow usernames with slash.
* Allowing to handle deletion/updates of roles with special characters.
* Allowing editing/updating/deleting users with special characters in name
* Using proper route methods, escaping username in CurrentUserStore.

Fixes #3569

(cherry picked from commit 34446c2)

@dennisoelkers dennisoelkers added this to the 2.2.2 milestone Mar 7, 2017

@joschi joschi self-assigned this Mar 7, 2017

@joschi joschi modified the milestones: 2.2.2, 2.2.3 Mar 7, 2017

@joschi

joschi approved these changes Mar 7, 2017

@joschi joschi merged commit f9a9d2b into 2.2 Mar 7, 2017

4 checks passed

ci-web-linter Jenkins build graylog-pr-linter-check 1408 has succeeded
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
continuous-integration/travis-ci/push The Travis CI build passed
Details
licence/cla Contributor License Agreement is signed.
Details

@joschi joschi deleted the issue-3569-to-2.2 branch Mar 7, 2017

@joschi joschi removed the ready-for-review label Mar 7, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment