# BEGIN BPS TAGGED BLOCK {{{
-#
+#
# COPYRIGHT:
-#
-# This software is Copyright (c) 1996-2009 Best Practical Solutions, LLC
-# <jesse@bestpractical.com>
-#
+#
+# This software is Copyright (c) 1996-2011 Best Practical Solutions, LLC
+# <sales@bestpractical.com>
+#
# (Except where explicitly superseded by other copyright notices)
-#
-#
+#
+#
# LICENSE:
-#
+#
# This work is made available to you under the terms of Version 2 of
# the GNU General Public License. A copy of that license should have
# been provided with this software, but in any event can be snarfed
# from www.gnu.org.
-#
+#
# This work is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# General Public License for more details.
-#
+#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
# 02110-1301 or visit their web page on the internet at
# http://www.gnu.org/licenses/old-licenses/gpl-2.0.html.
-#
-#
+#
+#
# CONTRIBUTION SUBMISSION POLICY:
-#
+#
# (The following paragraph is not intended to limit the rights granted
# to you to modify and distribute this software under the terms of
# the GNU General Public License and is only of importance to you if
# you choose to contribute your changes and enhancements to the
# community by submitting them to Best Practical Solutions, LLC.)
-#
+#
# By intentionally submitting any modifications, corrections or
# derivatives to this work, or any other work intended for use with
# Request Tracker, to Best Practical Solutions, LLC, you confirm that
# royalty-free, perpetual, license to use, copy, create derivative
# works based on those contributions, and sublicense and distribute
# those contributions and any derivatives thereof.
-#
+#
# END BPS TAGGED BLOCK }}}
package RT::ObjectCustomFieldValue;
);
}
+=head2 CustomFieldObj
+
+Returns the CustomField Object which has the id returned by CustomField
+
+=cut
+
+sub CustomFieldObj {
+ my $self = shift;
+ my $CustomField = RT::CustomField->new( $self->CurrentUser );
+ $CustomField->SetContextObject( $self->Object );
+ $CustomField->Load( $self->__Value('CustomField') );
+ return $CustomField;
+}
+
=head2 Content
my $self = shift;
my $url = shift;
+ return undef unless defined $url && length $url;
+
+ # special case, whole value should be an URL
+ if ( $url =~ /^__CustomField__/ ) {
+ my $value = $self->Content;
+ # protect from javascript: URLs
+ if ( $value =~ /^\s*javascript:/i ) {
+ my $object = $self->Object;
+ $RT::Logger->error(
+ "Dangerouse value with JavaScript in custom field '". $self->CustomFieldObj->Name ."'"
+ ." on ". ref($object) ." #". $object->id
+ );
+ return undef;
+ }
+ $url =~ s/^__CustomField__/$value/;
+ }
+
# default value, uri-escape
for my $key (keys %placeholders) {
$url =~ s{__${key}__}{