diff options
| author | ivan <ivan> | 2011-07-15 20:28:15 +0000 |
|---|---|---|
| committer | ivan <ivan> | 2011-07-15 20:28:15 +0000 |
| commit | 945580551410383965a86beadb095a760fa4ce5b (patch) | |
| tree | b87a1027e4aacf6287ad2ab8252a29218223a8eb | |
| parent | 529764ae84fd653e2807e29247faaccdfcb53d33 (diff) | |
fix 403 errors pulling up RTx-Statistics charts, RT#13546
| -rw-r--r-- | rt/FREESIDE_MODIFIED | 1 | ||||
| -rw-r--r-- | rt/lib/RT/Interface/Web.pm | 7 |
2 files changed, 6 insertions, 2 deletions
diff --git a/rt/FREESIDE_MODIFIED b/rt/FREESIDE_MODIFIED index 364eacb21..1f7af7cd7 100644 --- a/rt/FREESIDE_MODIFIED +++ b/rt/FREESIDE_MODIFIED @@ -16,6 +16,7 @@ lib/RT/CustomField_Vendor.pm #mandatory fields lib/RT/Interface/Web.pm #customfield date patch #fix transaction custom fields #fix Web.pm Overlay/Vendor/Local inclusion + #fix MaybeRejectPrivateComponentRequest for RTx::Statistics lib/RT/Action.pm #create ticket on custom field change lib/RT/Condition.pm #create ticket on custom field change lib/RT/Scrip_Overlay.pm #create ticket on custom field change diff --git a/rt/lib/RT/Interface/Web.pm b/rt/lib/RT/Interface/Web.pm index 3e0b8b349..ace24e4f7 100644 --- a/rt/lib/RT/Interface/Web.pm +++ b/rt/lib/RT/Interface/Web.pm @@ -438,7 +438,11 @@ sub MaybeRejectPrivateComponentRequest { autohandler | # requesting this directly is suspicious l ) # loc component ( $ | / ) # trailing slash or end of path - }xi) { + }xi + && $path !~ m{ /RTx/Statistics/\w+/Elements/Chart }xi + ) + { + warn "rejecting private component $path\n"; $m->abort(403); } @@ -2317,7 +2321,6 @@ sub _parse_saved_search { return ( _load_container_object( $obj_type, $obj_id ), $search_id ); } -package RT::Interface::Web; RT::Base->_ImportOverlays(); 1; |