summaryrefslogtreecommitdiff
path: root/rt/share/html/Dashboards/Elements/ShowPortlet
diff options
context:
space:
mode:
Diffstat (limited to 'rt/share/html/Dashboards/Elements/ShowPortlet')
-rw-r--r--rt/share/html/Dashboards/Elements/ShowPortlet/component12
-rw-r--r--rt/share/html/Dashboards/Elements/ShowPortlet/dashboard1
2 files changed, 11 insertions, 2 deletions
diff --git a/rt/share/html/Dashboards/Elements/ShowPortlet/component b/rt/share/html/Dashboards/Elements/ShowPortlet/component
index 5218843..3b54da2 100644
--- a/rt/share/html/Dashboards/Elements/ShowPortlet/component
+++ b/rt/share/html/Dashboards/Elements/ShowPortlet/component
@@ -51,4 +51,14 @@ $Portlet
$Rows => 20
$Preview => 0
</%args>
-% $m->comp($Portlet->{path});
+<%init>
+my $full_path = $Portlet->{path};
+(my $path = $full_path) =~ s{^/Elements/}{};
+
+my $allowed = grep { $_ eq $path } @{RT->Config->Get('HomepageComponents')};
+</%init>
+% if (!$allowed) {
+% $m->out( $m->interp->apply_escapes( loc("Invalid portlet [_1]", $path), "h" ) );
+% } else {
+% $m->comp($full_path);
+% }
diff --git a/rt/share/html/Dashboards/Elements/ShowPortlet/dashboard b/rt/share/html/Dashboards/Elements/ShowPortlet/dashboard
index d2ae85d..3c35ea8 100644
--- a/rt/share/html/Dashboards/Elements/ShowPortlet/dashboard
+++ b/rt/share/html/Dashboards/Elements/ShowPortlet/dashboard
@@ -56,7 +56,6 @@ $Depth => 0
<%init>
my $current_dashboard;
-use Scalar::Util 'blessed';
if (blessed($Portlet) && $Portlet->isa('RT::Dashboard')) {
$current_dashboard = $Portlet;
}
generated by cgit v1.1 at 2024-06-29 13:30:37 +0000