Properly encode links to edit user page #81562
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
legrego
added
1
release_note:fix
Team:Security
legrego
changed the title
This reverts commit 85463f2.
legrego
changed the title
|
Pinging @elastic/kibana-security (Team:Security) |
|
ACK: reviewing... |
azasypkin
reviewed
Oct 26, 2020
| @@ -112,7 +112,7 @@ export class UsersGridPage extends Component<Props, State> { | |||
| render: (username: string) => ( | |||
| <EuiLink | |||
| data-test-subj="userRowUserName" | |||
| {...reactRouterNavigate(this.props.history, `/edit/${username}`)} | |||
| {...reactRouterNavigate(this.props.history, `/edit/${encodeURIComponent(username)}`)} | |||
There was a problem hiding this comment.
question: how do you feel about doing the same for the role name in Roles Grid? I see we don't do encoding there. I know Kibana UI doesn't allow creating roles with such names, but ES API does. At least I managed to create role with such a name using Kibana DevTools and it broke our UI:
POST /_security/role/my_admin%25role
{
"cluster": ["all"],
"indices": [
{
"names": [ "index1", "index2" ],
"privileges": ["all"]
}
],
"applications": [
{
"application": "myapp",
"privileges": [ "admin", "read" ],
"resources": [ "*" ]
}
]
}There was a problem hiding this comment.
Done in 13be3a0 (#81562)
💚 Build SucceededMetrics [docs]async chunks size
History
To update your PR or re-run it, just comment with: |
This was referenced Oct 26, 2020
legrego
added a commit
to legrego/kibana
that referenced
this pull request
Oct 26, 2020
legrego
added a commit
that referenced
this pull request
Oct 26, 2020
legrego
added a commit
that referenced
this pull request
Oct 26, 2020
gmmorris
added a commit
to gmmorris/kibana
that referenced
this pull request
Oct 27, 2020
* master: (37 commits) [ILM] Migrate Warm phase to Form Lib (elastic#81323) [Security Solutions][Detection Engine] Fixes critical bug with error reporting that was doing a throw (elastic#81549) [Detection Rules] Add 7.10 rules (elastic#81676) [kbn/optimizer] ignore missing metrics when updating limits with --focus (elastic#81696) [SECURITY SOLUTIONS] Bugs overview page + investigate eql in timeline (elastic#81550) [Maps] fix unable to edit cluster vector styles styled by count when switching to super fine grid resolution (elastic#81525) Fixed migration issue for case specific actions, by extending email action migrator checks (elastic#81673) [CI] Preparation for APM tracking on CI (elastic#80399) [Home] Fixes Kibana app description order on home page and updates Canvas copy (elastic#80057) Make sure `to` is 'now' and not the same as `from` (elastic#81524) Nitpicking the 8.0 Breaking Change issue template (elastic#81678) [SECURITY_SOLUTION] Fix text on onboarding screen (elastic#81672) [data.search] Skip async search tests in build candidates and production builds (elastic#81547) Fix previousStartedAt by not changing when execution fails (elastic#81388) [Monitoring] Fix a couple of issues with the cpu usage alert (elastic#80737) Telemetry collection xpack to ts project references (elastic#81269) Elasticsearch: don't use url authentication for new client (elastic#81564) [App Search] Credentials: implement working flyout form (elastic#81541) Properly encode links to edit user page (elastic#81562) [Alerting UI] Don't wait for health check before showing Create Alert flyout (elastic#80996) ...
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Updates the user and role grid pages to create properly encoded links (Resolves #66412)