diff options
Diffstat (limited to 'rt/share/html')
| -rwxr-xr-x | rt/share/html/Admin/Groups/Modify.html | 5 | ||||
| -rwxr-xr-x | rt/share/html/Admin/Queues/Modify.html | 6 | ||||
| -rw-r--r-- | rt/share/html/Admin/Users/GnuPG.html | 15 | ||||
| -rw-r--r-- | rt/share/html/Elements/CSRF | 6 | ||||
| -rw-r--r-- | rt/share/html/Elements/GnuPG/SignEncryptWidget | 10 | ||||
| -rwxr-xr-x | rt/share/html/Elements/Login | 2 | ||||
| -rw-r--r-- | rt/share/html/Elements/LoginRedirectWarning | 20 | ||||
| -rwxr-xr-x | rt/share/html/Elements/Tabs | 1 | ||||
| -rw-r--r-- | rt/share/html/NoAuth/css/base/login.css | 8 | ||||
| -rw-r--r-- | rt/share/html/NoAuth/iCal/dhandler | 2 | ||||
| -rwxr-xr-x | rt/share/html/Ticket/Elements/ShowMessageHeaders | 5 |
11 files changed, 64 insertions, 16 deletions
diff --git a/rt/share/html/Admin/Groups/Modify.html b/rt/share/html/Admin/Groups/Modify.html index 148c98e1f..4491a71c8 100755 --- a/rt/share/html/Admin/Groups/Modify.html +++ b/rt/share/html/Admin/Groups/Modify.html @@ -162,10 +162,7 @@ MaybeRedirectForResults( push @results, @warnings; -unless ($Group->Disabled()) { - $EnabledChecked ='checked="checked"'; -} - +$EnabledChecked = ( $Group->Disabled() ? '' : 'checked="checked"' ); </%INIT> diff --git a/rt/share/html/Admin/Queues/Modify.html b/rt/share/html/Admin/Queues/Modify.html index 85cd62f16..c2cf09422 100755 --- a/rt/share/html/Admin/Queues/Modify.html +++ b/rt/share/html/Admin/Queues/Modify.html @@ -119,6 +119,8 @@ <td align="right"><input type="checkbox" class="checkbox" name="Encrypt" value="1" <% $QueueObj->Encrypt? 'checked="checked"': '' |n%> /></td> <td><&|/l&>Encrypt by default</&></td> </tr> +<tr><td align="right"><input type="checkbox" class="checkbox" name="SignAuto" value="1" <% $QueueObj->SignAuto? 'checked="checked"': '' |n%> /></td> +<td colspan="3"><&|/l_unsafe, "<b>","</b>","<i>","</i>"&>Sign all auto-generated mail. [_1]Caution[_2]: Enabling this option alters the signature from providing [_3]authentication[_4] to providing [_3]integrity[_4].</&></td></tr> % } <tr><td align="right"><input type="checkbox" class="checkbox" name="Enabled" value="1" <%$EnabledChecked|n%> /></td> @@ -181,13 +183,13 @@ unless ($Create) { if ( $QueueObj->Id ) { $title = loc('Configuration for queue [_1]', $QueueObj->Name ); my @attribs= qw(Description CorrespondAddress CommentAddress Name - InitialPriority FinalPriority DefaultDueIn Sign Encrypt Lifecycle SubjectTag Disabled); + InitialPriority FinalPriority DefaultDueIn Sign SignAuto Encrypt Lifecycle SubjectTag Disabled); # we're asking about enabled on the web page but really care about disabled if ( $SetEnabled ) { $Disabled = $ARGS{'Disabled'} = $Enabled? 0: 1; $ARGS{$_} = 0 foreach grep !defined $ARGS{$_} || !length $ARGS{$_}, - qw(Sign Encrypt Disabled); + qw(Sign SignAuto Encrypt Disabled); } $m->callback( diff --git a/rt/share/html/Admin/Users/GnuPG.html b/rt/share/html/Admin/Users/GnuPG.html index 90408e449..ee58c4485 100644 --- a/rt/share/html/Admin/Users/GnuPG.html +++ b/rt/share/html/Admin/Users/GnuPG.html @@ -64,7 +64,7 @@ <& /Widgets/Form/Select, Name => 'PrivateKey', Description => loc('Private Key'), - Values => [ map $_->{'Key'}, @{ $keys_meta{'info'} } ], + Values => \@potential_keys, CurrentValue => $UserObj->PrivateKey, DefaultLabel => loc('No private key'), &> @@ -91,7 +91,8 @@ unless ( $UserObj->id ) { $id = $ARGS{'id'} = $UserObj->id; my $email = $UserObj->EmailAddress; -my %keys_meta = RT::Crypt::GnuPG::GetKeysForSigning( $email, 'force' ); +my %keys_meta = RT::Crypt::GnuPG::GetKeysForSigning( $email ); +my @potential_keys = map $_->{'Key'}, @{ $keys_meta{'info'} || [] }; $ARGS{'PrivateKey'} = $m->comp('/Widgets/Form/Select:Process', Name => 'PrivateKey', @@ -100,8 +101,14 @@ $ARGS{'PrivateKey'} = $m->comp('/Widgets/Form/Select:Process', ); if ( $Update ) { - my ($status, $msg) = $UserObj->SetPrivateKey( $ARGS{'PrivateKey'} ); - push @results, $msg; + if (not $ARGS{'PrivateKey'} or grep {$_ eq $ARGS{'PrivateKey'}} @potential_keys) { + if (($ARGS{'PrivateKey'}||'') ne ($UserObj->PrivateKey||'')) { + my ($status, $msg) = $UserObj->SetPrivateKey( $ARGS{'PrivateKey'} ); + push @results, $msg; + } + } else { + push @results, loc("Invalid key [_1] for address '[_2]'", $ARGS{'PrivateKey'}, $email); + } } my $title = loc("[_1]'s GnuPG keys",$UserObj->Name); diff --git a/rt/share/html/Elements/CSRF b/rt/share/html/Elements/CSRF index 4893c1216..a3c19430e 100644 --- a/rt/share/html/Elements/CSRF +++ b/rt/share/html/Elements/CSRF @@ -52,11 +52,11 @@ % my $strong_start = "<strong>"; % my $strong_end = "</strong>"; -<p><&|/l_unsafe, $strong_start, $strong_end, $Reason &>RT has detected a possible [_1]cross-site request forgery[_2] for this request, because [_3]. This is possibly caused by a malicious attacker trying to perform actions against RT on your behalf. If you did not initiate this request, then you should alert your security team.</&></p> +<p><&|/l_unsafe, $strong_start, $strong_end, $Reason, $action &>RT has detected a possible [_1]cross-site request forgery[_2] for this request, because [_3]. A malicious attacker may be trying to [_1][_4][_2] on your behalf. If you did not initiate this request, then you should alert your security team.</&></p> % my $start = qq|<strong><a href="$url_with_token">|; % my $end = qq|</a></strong>|; -<p><&|/l_unsafe, $escaped_path, $start, $end &>If you really intended to visit [_1], then [_2]click here to resume your request[_3].</&></p> +<p><&|/l_unsafe, $escaped_path, $action, $start, $end &>If you really intended to visit [_1] and [_2], then [_3]click here to resume your request[_4].</&></p> <& /Elements/Footer, %ARGS &> % $m->abort; @@ -71,4 +71,6 @@ $escaped_path = "<tt>$escaped_path</tt>"; my $url_with_token = URI->new($OriginalURL); $url_with_token->query_form([CSRF_Token => $Token]); + +my $action = RT::Interface::Web::PotentialPageAction($OriginalURL) || loc("perform actions"); </%INIT> diff --git a/rt/share/html/Elements/GnuPG/SignEncryptWidget b/rt/share/html/Elements/GnuPG/SignEncryptWidget index 0ae0f841f..2f3f1035d 100644 --- a/rt/share/html/Elements/GnuPG/SignEncryptWidget +++ b/rt/share/html/Elements/GnuPG/SignEncryptWidget @@ -129,12 +129,16 @@ if ( $self->{'Sign'} ) { $QueueObj ||= $TicketObj->QueueObj if $TicketObj; - my $address = $self->{'SignUsing'}; - $address ||= ($self->{'UpdateType'} && $self->{'UpdateType'} eq "private") + my $private = $session{'CurrentUser'}->UserObj->PrivateKey || ''; + my $queue = ($self->{'UpdateType'} && $self->{'UpdateType'} eq "private") ? ( $QueueObj->CommentAddress || RT->Config->Get('CommentAddress') ) : ( $QueueObj->CorrespondAddress || RT->Config->Get('CorrespondAddress') ); - unless ( RT::Crypt::GnuPG::DrySign( $address ) ) { + my $address = $self->{'SignUsing'} || $queue; + if ($address ne $private and $address ne $queue) { + push @{ $self->{'GnuPGCanNotSignAs'} ||= [] }, $address; + $checks_failure = 1; + } elsif ( not RT::Crypt::GnuPG::DrySign( $address ) ) { push @{ $self->{'GnuPGCanNotSignAs'} ||= [] }, $address; $checks_failure = 1; } else { diff --git a/rt/share/html/Elements/Login b/rt/share/html/Elements/Login index b86bfef16..b3f1a24ab 100755 --- a/rt/share/html/Elements/Login +++ b/rt/share/html/Elements/Login @@ -61,6 +61,8 @@ <div id="login-box"> <&| /Widgets/TitleBox, title => loc('Login'), titleright => $RT::VERSION, hideable => 0 &> +<& LoginRedirectWarning, %ARGS &> + % unless (RT->Config->Get('WebExternalAuth') and !RT->Config->Get('WebFallbackToInternalAuth')) { <form id="login" name="login" method="post" action="<% RT->Config->Get('WebPath') %>/NoAuth/Login.html"> diff --git a/rt/share/html/Elements/LoginRedirectWarning b/rt/share/html/Elements/LoginRedirectWarning new file mode 100644 index 000000000..891e38114 --- /dev/null +++ b/rt/share/html/Elements/LoginRedirectWarning @@ -0,0 +1,20 @@ +<%args> +$next => undef +</%args> +<%init> +return unless $next; + +my $destination = RT::Interface::Web::FetchNextPage($next); +return unless ref $destination and $destination->{'HasSideEffects'}; + +my $consequence = RT::Interface::Web::PotentialPageAction($destination->{'url'}) || loc("perform actions"); + $consequence = $m->interp->apply_escapes($consequence => "h"); +</%init> +<div class="redirect-warning"> + <p> + <&|/l&>After logging in you'll be sent to your original destination:</&> + <tt title="<% $destination->{'url'} %>"><% $destination->{'url'} %></tt> + <&|/l_unsafe, "<strong>$consequence</strong>" &>which may [_1] on your behalf.</&> + </p> + <p><&|/l&>If this is not what you expect, leave this page now without logging in.</&></p> +</div> diff --git a/rt/share/html/Elements/Tabs b/rt/share/html/Elements/Tabs index 3aac9d803..d899071fa 100755 --- a/rt/share/html/Elements/Tabs +++ b/rt/share/html/Elements/Tabs @@ -51,6 +51,7 @@ #my $request_path = $HTML::Mason::Commands::r->path_info; my $request_path = $m->request_comp->path; +$request_path =~ s!/{2,}!/!g; my $query_string = sub { my %args = @_; diff --git a/rt/share/html/NoAuth/css/base/login.css b/rt/share/html/NoAuth/css/base/login.css index bd05a2845..608ebf87f 100644 --- a/rt/share/html/NoAuth/css/base/login.css +++ b/rt/share/html/NoAuth/css/base/login.css @@ -100,3 +100,11 @@ margin-right:auto;margin-left:auto; padding-left: 1em; } +.redirect-warning tt { + display: block; + margin: 0.5em 0 0.5em 1em; + white-space: nowrap; + overflow: hidden; + text-overflow: ellipsis; + width: 90%; +} diff --git a/rt/share/html/NoAuth/iCal/dhandler b/rt/share/html/NoAuth/iCal/dhandler index c86f4cf7b..0e9e81204 100644 --- a/rt/share/html/NoAuth/iCal/dhandler +++ b/rt/share/html/NoAuth/iCal/dhandler @@ -94,7 +94,7 @@ while (my $t = $tickets->Next) { my $start = Data::ICal::Entry::Event->new; my $end = Data::ICal::Entry::Event->new; $_->add_properties( - url => RT->Config->Get('WebURL') . "?q=".$t->id, + url => RT->Config->Get('WebURL') . "Ticket/Display.html?id=".$t->id, organizer => $t->OwnerObj->Name, dtstamp => $now->iCal, created => $t->CreatedObj->iCal, diff --git a/rt/share/html/Ticket/Elements/ShowMessageHeaders b/rt/share/html/Ticket/Elements/ShowMessageHeaders index 3c86162b1..5a91668c1 100755 --- a/rt/share/html/Ticket/Elements/ShowMessageHeaders +++ b/rt/share/html/Ticket/Elements/ShowMessageHeaders @@ -80,6 +80,11 @@ foreach my $f (@headers) { $m->comp('/Elements/MakeClicky', content => \$f->{'Value'}, ticket => $ticket, %ARGS); } +$m->callback( + CallbackName => 'BeforeLocalization', + headers => \@headers, +); + if ( $Localize ) { $_->{'Tag'} = loc($_->{'Tag'}) foreach @headers; } |