Public bug reported: Binary package hint: cobbler
Description: The latest packages for cobbler, cobbler-common and cobbler-web in Natty, (cobbler-2.1.0-0ubuntu2) give an errors when trying to use the web-based editor to modify kickstart or snippet files: Release: Ubuntu Natty (development Branch) 11.04 Steps To Recreate 1) Install cobbler, cobbler-web and cobbler-common 2) Login to the web-interface 3) Navigate to "Snippets" and/or "Kickstart Templates" 4) Click "Edit" next to any file and get the error bellow: What should happen: - You should be able to edit files using the in-browser editor What does happen: - You get an error like the one bellow -------------------------------------------------------------------------------------------------------------------------------- Fault at /ksfile/edit/var/lib/cobbler/kickstarts/default.ks <Fault 1: "<class 'cobbler.cexceptions.CX'>:'tainted file location'"> Request Method: GET Request URL: http://<servername-scrubbed>/cobbler_web/ksfile/edit/var/lib/cobbler/kickstarts/default.ks Django Version: 1.2.5 Exception Type: Fault Exception Value: <Fault 1: "<class 'cobbler.cexceptions.CX'>:'tainted file location'"> Exception Location: /usr/lib/python2.7/xmlrpclib.py in close, line 793 Python Executable: /usr/bin/python Python Version: 2.7.1 Python Path: ['/usr/lib/python2.7', '/usr/lib/python2.7/plat-linux2', '/usr/lib/python2.7/lib-tk', '/usr/lib/python2.7/lib-old', '/usr/lib/python2.7/lib-dynload', '/usr/local/lib/python2.7/dist-packages', '/usr/lib/python2.7/dist-packages', '/usr/lib/python2.7/dist-packages/gtk-2.0', '/usr/lib/pymodules/python2.7', '/usr/share/cobbler/web', '/usr/share/cobbler/web/cobbler_web'] Server time: Mon, 4 Apr 2011 15:32:43 +0000 -------------------------------------------------------------------------------------------------------------------------------- This appears to be a regression in the latest code for cobbler in upstream (see initial reporting here: http://www.mail-archive.com /cobbler-de...@lists.fedorahosted.org/msg01200.html) where the in-place editor does not like handling files that don't begin with a "/". A patch has been released (http://www.mail-archive.com/cobbler- de...@lists.fedorahosted.org/msg01202.html): -------------------------------------------------------------------------------------------------------------------------------- commit 41a92b11969ab9c30b749ab99be70566cd943093 Author: James Cammarata <j...@sngx.net> Date: Wed Mar 30 16:42:18 2011 -0500 Fix for snippet/kickstart editing via the web interface, where a 'tainted file path' error was thrown -------------------------------------------------------------------------------------------------------------------------------- URL: https://github.com/jimi1283/cobbler/commit/41a92b11969ab9c30b749ab99be70566cd943093 Not sure if the decision will be to apply the patch to the Ubuntu package, or wait for it to get put into upstream (seems serious enough that it will be included though). Cheers, David. ** Affects: cobbler (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to cobbler in Ubuntu. https://bugs.launchpad.net/bugs/750402 Title: Editing Kickstarts/Snippets errors with "tainted file location" -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
