Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

XHTML templates Don't Use Schema URNs #6661

Closed
astorm opened this issue Sep 18, 2016 · 4 comments
Closed

XHTML templates Don't Use Schema URNs #6661

astorm opened this issue Sep 18, 2016 · 4 comments
Assignees
@eug123
Labels
Area: Frontend bug report Fixed in 2.2.x The issue has been fixed in 2.2 release line Fixed in 2.3.x The issue has been fixed in 2.3 release line Issue: Confirmed Gate 3 Passed. Manual verification of the issue completed. Issue is confirmed Issue: Format is valid Gate 1 Passed. Automatic verification of issue format passed Issue: Ready for Work Gate 4. Acknowledged. Issue is added to backlog and ready for development Reproduced on 2.1.x The issue has been reproduced on latest 2.1 release Reproduced on 2.2.x The issue has been reproduced on latest 2.2 release Reproduced on 2.3.x The issue has been reproduced on latest 2.3 release

Comments

@astorm
Copy link

astorm commented Sep 18, 2016

Preconditions

  1. Magento 2.1.1 installed via integrator method

Steps to reproduce

  1. Open any XHTML template in the system (vendor/magento//module-ui/view/base/ui_component/templates/container/default.xhtml, or vendor/magento//module-ui/view/base/ui_component/templates/export/button.xhtml, or vendor/magento//module-ui/view/base/ui_component/templates/form/collapsible.xhtml, or vendor/magento//module-ui/view/base/ui_component/templates/form/default.xhtml, or vendor/magento//module-ui/view/base/ui_component/templates/listing/default.xhtml)
  2. Examine the xsi:noNamespaceSchemaLocation attribute

Expected result

  1. I see a urn style path (xsi:noNamespaceSchemaLocation="urn:magento:framework:ObjectManager/etc/config.xsd")

Actual result

  1. I see an upwards directory traversal path (../../../../../../Ui/etc/ui_template.xsd)
@magento-engcom-team magento-engcom-team added 2.1.x bug report Area: Frontend Issue: Format is valid Gate 1 Passed. Automatic verification of issue format passed labels Sep 11, 2017
@magento-engcom-team
Copy link
Contributor

@astorm, thank you for your report.
We've created internal ticket(s) MAGETWO-81748 to track progress on the issue.

@magento-engcom-team magento-engcom-team added 2.2.x Issue: Ready for Work Gate 4. Acknowledged. Issue is added to backlog and ready for development Issue: Confirmed Gate 3 Passed. Manual verification of the issue completed. Issue is confirmed Reproduced on 2.1.x The issue has been reproduced on latest 2.1 release Reproduced on 2.2.x The issue has been reproduced on latest 2.2 release Reproduced on 2.3.x The issue has been reproduced on latest 2.3 release labels Oct 12, 2017
@enriquei4 enriquei4 mentioned this issue Nov 5, 2017
Merged
4 tasks
@enriquei4
Copy link
Contributor

I'm working on this issue for #MM17ES

@dmanners dmanners added the mm17es label Nov 5, 2017
@okorshenko
Copy link
Contributor

The issue has been fixed in 2.2-develop branch. Will be available with 2.2.2 release

@okorshenko okorshenko added the Fixed in 2.2.x The issue has been fixed in 2.2 release line label Nov 9, 2017
@magento-team
Copy link
Contributor

Hi @astorm. Thank you for your report.
The issue has been fixed in magento-engcom/magento2ce#1287 by @magento-engcom-team in 2.3-develop branch
Related commit(s):

The fix will be available with the upcoming patch release.

@magento-team magento-team added the Fixed in 2.3.x The issue has been fixed in 2.3 release line label Jan 25, 2018
magento-engcom-team pushed a commit that referenced this issue Mar 6, 2021
@gabrieldagama
Merge pull request #6661 from magento-l3/PRodubovyk20210225
d1a2753 
2.4 Bugfix Delivery L3 team
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@eug123 eug123

Labels
Area: Frontend bug report Fixed in 2.2.x The issue has been fixed in 2.2 release line Fixed in 2.3.x The issue has been fixed in 2.3 release line Issue: Confirmed Gate 3 Passed. Manual verification of the issue completed. Issue is confirmed Issue: Format is valid Gate 1 Passed. Automatic verification of issue format passed Issue: Ready for Work Gate 4. Acknowledged. Issue is added to backlog and ready for development Reproduced on 2.1.x The issue has been reproduced on latest 2.1 release Reproduced on 2.2.x The issue has been reproduced on latest 2.2 release Reproduced on 2.3.x The issue has been reproduced on latest 2.3 release
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
8 participants
@astorm @magento-team @dmanners @veloraven @okorshenko @eug123 @enriquei4 @magento-engcom-team