RT 3.8.13

4 files changed, 14 insertions, 4 deletions

diff --git a/rt/share/html/Search/Chart.html b/rt/share/html/Search/Chart.html
index 1a80ee385..dd782c30c 100644
--- a/rt/share/html/Search/Chart.html
+++ b/rt/share/html/Search/Chart.html
@@ -90,7 +90,7 @@ my @actions = $m->comp( '/Widgets/SavedSearch:process', args => \%ARGS, self =>
 <form method="get" action="<%RT->Config->Get('WebPath')%>/Search/Chart.html">
 <input type="hidden" class="hidden" name="Query" value="<% $ARGS{Query} %>" />
 <input type="hidden" class="hidden" name="SavedChartSearchId" value="<% $saved_search->{SearchId} || 'new' %>" />
-<&|/l, $m->scomp('Elements/SelectChartType', Name => 'ChartStyle', Default => $ChartStyle), $m->scomp('Elements/SelectGroupBy', Name => 'PrimaryGroupBy', Query => $ARGS{Query}, Default => $PrimaryGroupBy) 
+<&|/l_unsafe, $m->scomp('Elements/SelectChartType', Name => 'ChartStyle', Default => $ChartStyle), $m->scomp('Elements/SelectGroupBy', Name => 'PrimaryGroupBy', Query => $ARGS{Query}, Default => $PrimaryGroupBy) 
 &>[_1] chart by [_2]</&><input type="submit" class="button" value="<%loc('Update Graph')%>" />
 </form>
 </&>
diff --git a/rt/share/html/Search/Elements/ResultViews b/rt/share/html/Search/Elements/ResultViews
index 9ddbd1359..64c914c37 100644
--- a/rt/share/html/Search/Elements/ResultViews
+++ b/rt/share/html/Search/Elements/ResultViews
@@ -71,7 +71,7 @@ $ShortQueryString => undef
 % foreach my $key (keys(%hiddens)) {
 <input type="hidden" class="hidden" name="<%$key%>" value="<%defined($hiddens{$key})?$hiddens{$key}:''%>" />
 % }
-<&|/l, $m->scomp('SelectChartType', Name => 'ChartStyle'), $m->scomp('SelectGroupBy', Name => 'PrimaryGroupBy', Query => $Query) 
+<&|/l_unsafe, $m->scomp('SelectChartType', Name => 'ChartStyle'), $m->scomp('SelectGroupBy', Name => 'PrimaryGroupBy', Query => $Query) 
 &>[_1] chart by [_2]</&><input type="submit" class="button" value="<%loc('Go')%>" />
 </form>
 <%init>
diff --git a/rt/share/html/Search/Elements/ResultsRSSView b/rt/share/html/Search/Elements/ResultsRSSView
index f3b416a4e..e79c51b38 100644
--- a/rt/share/html/Search/Elements/ResultsRSSView
+++ b/rt/share/html/Search/Elements/ResultsRSSView
@@ -102,7 +102,7 @@ $r->content_type('application/rss+xml');
 
         # create an RSS 1.0 file (http://purl.org/rss/1.0/)
         use XML::RSS;
-        my $rss = new XML::RSS (version => '1.0');
+        my $rss = XML::RSS->new(version => '1.0');
         $rss->channel(
           title        => RT->Config->Get('rtname').": Search " . $ARGS{'Query'},
           link         => RT->Config->Get('WebURL'),
diff --git a/rt/share/html/Search/Results.html b/rt/share/html/Search/Results.html
index 8aea1fc58..c072d9a89 100755
--- a/rt/share/html/Search/Results.html
+++ b/rt/share/html/Search/Results.html
@@ -46,7 +46,7 @@
 %#
 %# END BPS TAGGED BLOCK }}}
 <& /Elements/Header, Title => $title,
-    Refresh => $session{'tickets_refresh_interval'} || RT->Config->Get('SearchResultsRefreshInterval', $session{'CurrentUser'} ),
+    Refresh => $refresh,
     RSSAutoDiscovery => $RSSFeedURL,
     LinkRel => \%link_rel &>
 <& /Ticket/Elements/Tabs, 
@@ -174,6 +174,16 @@ if ($ARGS{'TicketsRefreshInterval'}) {
 	$session{'tickets_refresh_interval'} = $ARGS{'TicketsRefreshInterval'};
 }
 
+my $refresh = $session{'tickets_refresh_interval'}
+    || RT->Config->Get('SearchResultsRefreshInterval', $session{'CurrentUser'} );
+
+if (RT->Config->Get('RestrictReferrer') and $refresh and not $m->request_args->{CSRF_Token}) {
+    my $token = RT::Interface::Web::StoreRequestToken( $session{'CurrentSearchHash'} );
+    $m->notes->{RefreshURL} = RT->Config->Get('WebURL')
+        . "Search/Results.html?CSRF_Token="
+            . $token;
+}
+
 my %link_rel;
 my $genpage = sub {
     return $m->comp(