4 files changed, 26 insertions, 20 deletions
diff --git a/rt/t/security/CVE-2011-2083-clickable-xss.t b/rt/t/security/CVE-2011-2083-clickable-xss.t
index 008c80378..753d8c770 100644
--- a/rt/t/security/CVE-2011-2083-clickable-xss.t
+++ b/rt/t/security/CVE-2011-2083-clickable-xss.t
@@ -25,7 +25,7 @@ for my $link ( map { ($_, ucfirst $_) } @links ) {
             Type    => 'RefersTo',
             Target  => $link,
         );
-    } [qr/Could not determine a URI scheme/, qr/Couldn't resolve/];
+    } [qr/Could not determine a URI scheme/];
     ok !$ok, $msg;
 
     ok $m->login, "logged in";
@@ -40,7 +40,6 @@ for my $link ( map { ($_, ucfirst $_) } @links ) {
     }, 'submitted links page');
     $m->content_contains("Couldn&#39;t resolve ");
     $m->next_warning_like(qr/Could not determine a URI scheme/, 'expected warning');
-    $m->next_warning_like(qr/Couldn't resolve/, 'expected warning');
 
     my $element = $m->find_link( url => $link );
     ok !$element, "no <a> link";
diff --git a/rt/t/security/CVE-2011-2084-cf-values.t b/rt/t/security/CVE-2011-2084-cf-values.t
index 1178b15af..21c8547f6 100644
--- a/rt/t/security/CVE-2011-2084-cf-values.t
+++ b/rt/t/security/CVE-2011-2084-cf-values.t
@@ -41,7 +41,7 @@ sub ac {
         $args{ContextType} = ref($obj) unless defined $args{ContextType};
     }
 
-    $args{"Object---CustomField-$args{CF}-Values"} = "";
+    $args{"Object-RT::Ticket--CustomField-$args{CF}-Values"} = "";
     delete $args{CF};
 
     delete $args{$_} for grep {not defined $args{$_}} keys %args;
diff --git a/rt/t/security/CVE-2011-2084-modifyscrips-templates.t b/rt/t/security/CVE-2011-2084-modifyscrips-templates.t
index f68706e52..0e59c528e 100644
--- a/rt/t/security/CVE-2011-2084-modifyscrips-templates.t
+++ b/rt/t/security/CVE-2011-2084-modifyscrips-templates.t
@@ -59,32 +59,39 @@ diag "ModifyScrips";
     $scrip = RT::Scrip->new( $cu );
     $scrip->Load( $scrip_id );
     ok $scrip->id, "loaded scrip as test user";
-    is $scrip->Queue, $qa->Id, 'queue is A';
+    ok $scrip->IsAdded( $qa->Id ), 'queue is A';
 
     ok +($scrip->SetName('Testing ModifyScrips'));
 
-    set_fails( Queue => $scrip => $qb );
-    set_fails( Queue => $scrip => 0 );
-    set_fails( Queue => $scrip => undef );
-    set_fails( Queue => $scrip => '' );
+    for my $value ($qb->id, 0, undef, '') {
+        my ($ok, $why) = $scrip->AddToObject( $value );
+        my $disp = (defined($value) ? "'$value'" : "undef");
+        ok( !$ok, "Correctly not added to $disp: $why" );
+    }
 
     RT::Test->add_rights( Principal => $user, Right => 'ModifyScrips', Object => $qb );
 
-    set_ok( Queue => $scrip => $qb );
-    set_fails( Queue => $scrip => 0 );
-    set_fails( Queue => $scrip => undef );
-    set_fails( Queue => $scrip => '' );
+    for my $value ($qb->id, 0, undef, '') {
+        my ($ok, $why) = $scrip->AddToObject( $value );
+        my $disp = (defined($value) ? "'$value'" : "undef");
+        if ($value) {
+            ok( $ok, "Correctly added to $disp: $why" );
+        } else {
+            ok( !$ok, "Correctly not added to $disp: $why" );
+        }
+    }
 
     RT::Test->add_rights( Principal => $user, Right => 'ModifyScrips' );
 
-    set_ok( Queue => $scrip => 0 );
+    my ($ok, $why) = $scrip->AddToObject( 0 );
+    ok( $ok, "Correctly added globally: $why" );
 
-    set_fails( Template => $scrip => 2 );
+    set_fails( Template => $scrip => "Autoreply" );
 
     RT::Test->add_rights( Principal => $user, Right => 'ShowTemplate' );
 
-    set_ok( Template => $scrip => 2 );
-    is $scrip->TemplateObj->Name, 'Autoreply', 'template name is right';
+    set_ok( Template => $scrip => "Autoreply" );
+    is $scrip->Template, 'Autoreply', 'template name is right';
 }
 
 diag "ModifyTemplate";
@@ -115,12 +122,12 @@ diag "ModifyTemplate";
 
     RT::Test->add_rights( Principal => $user, Right => 'ModifyTemplate', Object => $qb );
 
-    set_ok( Queue => $template => $qb );
+    set_fails( Queue => $template => $qb );
     set_fails( Queue => $template => 0 );
 
     RT::Test->add_rights( Principal => $user, Right => 'ModifyTemplate' );
 
-    set_ok( Queue => $template => 0 );
+    set_fails( Queue => $template => 0 );
 }
 
 done_testing;
diff --git a/rt/t/security/CVE-2011-5092-graph-links.t b/rt/t/security/CVE-2011-5092-graph-links.t
index 5e98dd3b5..c6397f5a2 100644
--- a/rt/t/security/CVE-2011-5092-graph-links.t
+++ b/rt/t/security/CVE-2011-5092-graph-links.t
@@ -13,12 +13,12 @@ for my $arg (qw(LeadingLink ShowLinks)) {
     );
     ok $ticket->id, 'created ticket';
 
-    ok !$ticket->ToldObj->Unix, 'no Told';
+    ok !$ticket->ToldObj->IsSet, 'no Told';
     $m->get_ok("$base/Ticket/Graphs/index.html?$arg=SetTold;id=" . $ticket->id);
 
     $ticket->Load($ticket->id); # cache busting
 
-    ok !$ticket->ToldObj->Unix, 'still no Told';
+    ok !$ticket->ToldObj->IsSet, 'still no Told';
     $m->content_lacks('GotoFirstItem', 'no GotoFirstItem error');
     $m->content_like(qr|<img[^>]+?src=['"]/Ticket/Graphs/@{[$ticket->id]}|, 'found image element');
 }