X-Git-Url: http://git.freeside.biz/gitweb/?a=blobdiff_plain;f=FS%2FFS%2FTicketSystem.pm;h=a683d12ae574d75c0d77dc4fbe8fbf5c037cd20b;hb=8bf1e6cd5d0036c7c84076f2599ffecec3ef84db;hp=fa54e0bbd8ecb6af6d2e87b27bf07f92938d346b;hpb=c64ff892b9067f7aa719e78b20379d3274907946;p=freeside.git diff --git a/FS/FS/TicketSystem.pm b/FS/FS/TicketSystem.pm index fa54e0bbd..a683d12ae 100644 --- a/FS/FS/TicketSystem.pm +++ b/FS/FS/TicketSystem.pm @@ -61,7 +61,11 @@ sub _upgrade_schema { %{ $columns{$tablename}->{$colname} } }; $col->table_obj($table); - push @sql, $col->sql_add_column($dbh); + my ($alter, $postalter) = $col->sql_add_column($dbh); + foreach (@$alter) { + push @sql, "ALTER TABLE $tablename $_;"; + } + push @sql, @$postalter; } } #foreach $colname } #foreach $tablename @@ -331,32 +335,71 @@ sub _upgrade_data { } } - #Pg-specific - my $cve_2013_3373_sql = q( - UPDATE Tickets SET Subject = REPLACE(Subject,E'\n','') - ); - #need this for mysql - #UPDATE Tickets SET Subject = REPLACE(Subject,'\n',''); - - my $cve_2013_3373_sth = $dbh->prepare( $cve_2013_3373_sql) - or die $dbh->errstr; - $cve_2013_3373_sth->execute or die $cve_2013_3373_sth->errstr; + my $cve_2013_3373_sql = ''; + if ( driver_name =~ /^Pg/i ) { + $cve_2013_3373_sql = q( + UPDATE Tickets SET Subject = REPLACE(Subject,E'\n','') + ); + } elsif ( driver_name =~ /^mysql/i ) { + $cve_2013_3373_sql = q( + UPDATE Tickets SET Subject = REPLACE(Subject,'\n',''); + ); + } else { + warn "WARNING: Don't know how to update RT Ticket Subjects for your database driver for CVE-2013-3373"; + } + if ( $cve_2013_3373_sql ) { + my $cve_2013_3373_sth = $dbh->prepare($cve_2013_3373_sql) + or die $dbh->errstr; + $cve_2013_3373_sth->execute + or die $cve_2013_3373_sth->errstr; + } # Remove dangling customer links, if any my %target_pkey = ('cust_main' => 'custnum', 'cust_svc' => 'svcnum'); for my $table (keys %target_pkey) { my $pkey = $target_pkey{$table}; my $rows = $dbh->do( - "DELETE FROM links WHERE id IN(". - "SELECT links.id FROM links LEFT JOIN $table ON (links.target = ". - "'freeside://freeside/$table/' || $table.$pkey) ". - "WHERE links.target like 'freeside://freeside/$table/%' ". - "AND $table.$pkey IS NULL". - ")" + "DELETE FROM Links WHERE id IN( + SELECT id FROM ( + SELECT Links.id FROM Links LEFT JOIN $table ON (Links.Target = + 'freeside://freeside/$table/' || $table.$pkey) + WHERE Links.Target like 'freeside://freeside/$table/%' + AND $table.$pkey IS NULL + ) AS x + )" ) or die $dbh->errstr; warn "Removed $rows dangling ticket-$table links\n" if $rows > 0; } + # Fix ticket transactions on the Time* fields where the NewValue (or + # OldValue, though this is not known to happen) is an empty string + foreach (qw(newvalue oldvalue)) { + my $rows = $dbh->do( + "UPDATE Transactions SET $_ = '0' WHERE ObjectType='RT::Ticket' AND ". + "Field IN ('TimeWorked', 'TimeEstimated', 'TimeLeft') AND $_ = ''" + ) or die $dbh->errstr; + warn "Fixed $rows transactions with empty time values\n" if $rows > 0; + } + + # One-time fix: We've created a "BulkUpdateTickets" access right; grant + # it to all auth'd users initially. + eval "use FS::upgrade_journal;"; + my $upgrade = 'RT_add_BulkUpdateTickets_ACL'; + if (!FS::upgrade_journal->is_done($upgrade)) { + my $groups = RT::Groups->new(RT->SystemUser); + $groups->LimitToEnabled; + $groups->LimitToSystemInternalGroups; + $groups->Limit(FIELD => 'Type', VALUE => 'Privileged', OPERATOR => '='); + my $group = $groups->First + or die "No RT internal group found for Privileged users"; + my ($val, $msg) = $group->PrincipalObj->GrantRight( + Right => 'BulkUpdateTickets', Object => RT->System + ); + die "Couldn't grant BulkUpdateTickets right to all users: $msg\n" + if !$val; + FS::upgrade_journal->set_done($upgrade); + } + return; }