+=head2 mime_recommended_filename( MIME::Head|MIME::Entity )
+
+# mimic our own recommended_filename
+# since MIME-tools 5.501, head->recommended_filename requires the head are
+# mime encoded, we don't meet this yet.
+
+=cut
+
+sub mime_recommended_filename {
+ my $head = shift;
+ $head = $head->head if $head->isa('MIME::Entity');
+
+ for my $attr_name (qw( content-disposition.filename content-type.name )) {
+ my $value = Encode::decode("UTF-8",$head->mime_attr($attr_name));
+ if ( defined $value && $value =~ /\S/ ) {
+ return $value;
+ }
+ }
+ return;
+}
+
+sub assert_bytes {
+ my $string = shift;
+ return unless utf8::is_utf8($string);
+ return unless $string =~ /([^\x00-\x7F])/;
+
+ my $msg;
+ if (ord($1) > 255) {
+ $msg = "Expecting a byte string, but was passed characters";
+ } else {
+ $msg = "Expecting a byte string, but was possibly passed charcters;"
+ ." if the string is actually bytes, please use utf8::downgrade";
+ }
+ $RT::Logger->warn($msg, Carp::longmess());
+
+}
+
+
+=head2 C<constant_time_eq($a, $b)>
+
+Compares two strings for equality in constant-time. Replacement for the C<eq>
+operator designed to avoid timing side-channel vulnerabilities. Returns zero
+or one.
+
+This is intended for use in cryptographic subsystems for comparing well-formed
+data such as hashes - not for direct use with user input or as a general
+replacement for the C<eq> operator.
+
+The two string arguments B<MUST> be of equal length. If the lengths differ,
+this function will call C<die()>, as proceeding with execution would create
+a timing vulnerability. Length is defined by characters, not bytes.
+
+Strings that should be treated as binary octets rather than Unicode text
+should pass a true value for the binary flag.
+
+This code has been tested to do what it claims. Do not change it without
+thorough statistical timing analysis to validate the changes.
+
+Added to resolve CVE-2017-5361