[freeside-commits] branch FREESIDE_2_3_BRANCH updated. 6463e31262e433cf2f085a993fdcf57b04d569f0

Ivan ivan at 420.am
Sun Sep 23 15:05:50 PDT 2012 

The branch, FREESIDE_2_3_BRANCH has been updated
       via  6463e31262e433cf2f085a993fdcf57b04d569f0 (commit)
       via  a6496a4e8ec80b43074f59a1f9bf2cc79a082075 (commit)
      from  affb7e72a94a429a1f68bf425b82c87ff4fcbed1 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 6463e31262e433cf2f085a993fdcf57b04d569f0
Merge: a6496a4 affb7e7
Author: Ivan Kohler <ivan at freeside.biz>
Date:   Sun Sep 23 15:05:45 2012 -0700

    Merge branch 'FREESIDE_2_3_BRANCH' of git.freeside.biz:/home/git/freeside into FREESIDE_2_3_BRANCH


commit a6496a4e8ec80b43074f59a1f9bf2cc79a082075
Author: Ivan Kohler <ivan at freeside.biz>
Date:   Sun Sep 23 15:05:41 2012 -0700

    rt 3.8.14

diff --git a/rt/lib/RT/Interface/Web.pm b/rt/lib/RT/Interface/Web.pm
index aafca1a..61c06ac 100644
--- a/rt/lib/RT/Interface/Web.pm
+++ b/rt/lib/RT/Interface/Web.pm
@@ -1035,6 +1035,17 @@ our %is_whitelisted_component = (
     # information for the search.  Because it's a straight-up read, in
     # addition to embedding its own auth, it's fine.
     '/NoAuth/rss/dhandler' => 1,
+
+    # IE doesn't send referer in window.open()
+    # besides, as a harmless calendar select page, it's fine
+    '/Helpers/CalPopup.html' => 1,
+
+    # While both of these can be used for denial-of-service against RT
+    # (construct a very inefficient query and trick lots of users into
+    # running them against RT) it's incredibly useful to be able to link
+    # to a search result or bookmark a result page.
+    '/Search/Results.html' => 1,
+    '/Search/Simple.html'  => 1,
 );
 
 sub IsCompCSRFWhitelisted {
diff --git a/rt/sbin/rt-email-dashboards.in b/rt/sbin/rt-email-dashboards.in
index 0b3686a..2323a5e 100644
--- a/rt/sbin/rt-email-dashboards.in
+++ b/rt/sbin/rt-email-dashboards.in
@@ -384,9 +384,9 @@ sub get_from {
                 autohandler_name => '', # disable forced login and more
                 data_dir => $data_dir,
             );
-            $mason->interp->set_escape( h => \&RT::Interface::Web::EscapeUTF8 );
-            $mason->interp->set_escape( u => \&RT::Interface::Web::EscapeURI  );
-            $mason->interp->set_escape( j => \&RT::Interface::Web::EscapeJS   );
+            $mason->set_escape( h => \&RT::Interface::Web::EscapeUTF8 );
+            $mason->set_escape( u => \&RT::Interface::Web::EscapeURI  );
+            $mason->set_escape( j => \&RT::Interface::Web::EscapeJS   );
         }
         return $mason;
     }

-----------------------------------------------------------------------

Summary of changes:
 rt/lib/RT/Interface/Web.pm     |   11 +++++++++++
 rt/sbin/rt-email-dashboards.in |    6 +++---
 2 files changed, 14 insertions(+), 3 deletions(-)

More information about the freeside-commits mailing list