J.Daniel Schmidt write:
> ref: refs/heads/master
> commit 1fea4633765f3ce407f3053869a5a7ca751e53bb
> Author: J. Daniel Schmidt <[email protected]>
> Date: Thu Oct 22 21:10:43 2009 +0200
>
> try to fix arguments handling - adding debug output (to be removed
> later) ---
> .../registration/registration_controller.rb | 16 ++++++--
> plugins/registration/app/models/register.rb | 36
> +++++++++++++++----- 2 files changed, 39 insertions(+), 13 deletions(-)
>
> diff --git
> a/plugins/registration/app/controllers/registration/registration_controlle
> r.rb
> b/plugins/registration/app/controllers/registration/registration_controlle
> r.rb index 9427aae..6159269 100644
> ---
> a/plugins/registration/app/controllers/registration/registration_controlle
> r.rb +++
> b/plugins/registration/app/controllers/registration/registration_controlle
> r.rb @@ -8,14 +8,22 @@ class Registration::RegistrationController <
> ApplicationController def create
> # POST to registration => run registration
> permission_check("org.opensuse.yast.modules.ysr.statelessregister")
> - raise InvalidParameters.new :registration => "Missing" unless
> params.has_key? :registration + raise InvalidParameters.new
> :registration => "Missing" unless params.has_key?(:registration)
>
> @register = Register.new
> - @register.arguments = params[:registration][:arguments] if
> params[:registration].has_key? :arguments && -
>
> !params[:registration][:arguments].blank? + if
> params[:registration].has_key?(:arguments) &&
> !params[:registration][:arguments].blank? + then
> + @register.arguments = {}
> + params[:registration][:arguments].each do |h|
> + if h.class == Hash || h.class == HashWithIndifferentAccess
> + then
> + @register.arguments[ h['name'] ] = h['value'] if ( h['name'] &&
> h['value'] ) + end
> + end
> + end
>
> #overwriting default options
> - if params[:registration].has_key? :options &&
> params[:registration][:options].is_a?(Hash) + if
> params[:registration].has_key?(:options) &&
> params[:registration][:options].is_a?(Hash)
> params[:registration][:options].each do |key, value|
> @register.context[key] = value if @register.context.has_key? key
> end
> diff --git a/plugins/registration/app/models/register.rb
> b/plugins/registration/app/models/register.rb index 95de5fe..772954e
> 100644
> --- a/plugins/registration/app/models/register.rb
> +++ b/plugins/registration/app/models/register.rb
> @@ -55,16 +55,35 @@ class Register
> ctx = Hash.new
> args = Hash.new
> begin
> - self.context.each { |k, v| ctx[k] = [ 's', v.to_s ] }
> - self.arguments.each { |k, v| args[k] = [ 'a{ss}', { 'value' =>
> v.to_s } ] } + self.context.each { |k, v| ctx[k.to_s] = [ 's',
> v.to_s ] } +#puts "CCCCCCCCCCCCCTX #{ctx.inspect}"
> + self.arguments.each { |k, v| args[k.to_s] = [ 's', v.to_s ] }
> +#puts "AAAAAAAAAAAARGS #{args.inspect}"
> rescue
> Rails.logger.error "When registration was called, the context or the
> arguments data was invalid." raise InvalidParameters.new :registrationdata
> => "Invalid"
> end
>
> @reg = YastService.Call("YSR::statelessregister", ctx, args )
> - @arguments = Hash.from_xml(@reg['missingarguments']) if @reg.has_key?
> 'missingarguments' - @arguments = @arguments["missingarguments"] if
> @arguments.has_key? "missingarguments" +
> +#puts "ATREG: #[email protected]}"
> +
> + # SCHUBI !! SCHUBI !! SCHUBI
> + # FIXME FIXME FIXME FIXME FIXME FIXME FIXME FIXME FIXME FIXME FIXME
> FIXME FIXME FIXME FIXME + # Hash.from_xml converts dashes in keys to
> underscores
> + # by this we can not find out the correct key name (whether it was a
> dash or an underscore) + # unfortunately the regcode keys in
> registration make excessive use of dashes AND underscores + # that way
> the information gets lost what key to assign the correct value + # This
> needs urgently to be fixed
^^^
Hi,
I think that reason why it do it, is security - http://osvdb.org/40717 , so
please pay attention when you change it. I think that your work around is
good, if you properly document it.
Josef
> + @arguments = Hash.from_xml(@reg['missingarguments']) if @reg &&
> @reg.has_key?('missingarguments') +#puts "ARGS after XML transformation
> #[email protected]}\n"
> + @arguments = @arguments["missingarguments"] if @arguments &&
> @arguments.has_key?('missingarguments') +
> +# UGLY WORKAROUND
> [email protected] { | k, v | if k =~ /_/ then @arguments[ k.sub(/_/, '-')
> ] = v end } +# UGLY !!!!!!!!!
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> +
> +#puts "ARGS after correction #[email protected]}\n"
> @reg['exitcode'] rescue 99
> end
>
> @@ -102,17 +121,16 @@ class Register
> end
> end
>
> -
> def to_xml( options = {} )
> xml = options[:builder] ||= Builder::XmlMarkup.new(options)
> xml.instruct! unless options[:skip_instruct]
>
> - status = if @reg['error'] then 'error'
> - elsif @reg['missinginfo'] then 'missinginfo'
> - elsif @reg['success'] then 'finished'
> + status = if !...@reg || @reg['error'] then 'error'
> + elsif @reg['missinginfo'] then 'missinginfo'
> + elsif @reg['success'] then 'finished'
> end
>
> - tasklist = Hash.from_xml @reg['tasklist'] if @reg['tasklist']
> + tasklist = Hash.from_xml @reg['tasklist'] if @reg && @reg['tasklist']
> changedrepos = tasklist.collect { | k, v | v.class == Hash &&
> v['TYPE'] == 'zypp' } if tasklist changedservices = tasklist.collect { |
> k, v | v.class == Hash && v['TYPE'] == 'nu' } if tasklist tasknic = {
> 'a' => 'added', 'd' => 'deleted',
>
--
Josef Reidinger
YaST team
maintainer of perl-Bootloader, YaST2-Repair, webyast modules language and time
--
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
