X-Git-Url: http://git.freeside.biz/gitweb/?a=blobdiff_plain;f=FS%2FFS%2FTicketSystem.pm;h=a683d12ae574d75c0d77dc4fbe8fbf5c037cd20b;hb=bce697fa3f64f1cc7f568fde28a912605cac7eb9;hp=c1c69fa3f0f562e0ac87ade2fffe0699e177a590;hpb=23c8996f73976d52a4380d616ed9276d9640f444;p=freeside.git

diff --git a/FS/FS/TicketSystem.pm b/FS/FS/TicketSystem.pm
index c1c69fa3f..a683d12ae 100644
--- a/FS/FS/TicketSystem.pm
+++ b/FS/FS/TicketSystem.pm
@@ -61,7 +61,11 @@ sub _upgrade_schema {
             %{ $columns{$tablename}->{$colname} }
           };
         $col->table_obj($table);
-        push @sql, $col->sql_add_column($dbh);
+        my ($alter, $postalter) = $col->sql_add_column($dbh);
+        foreach (@$alter) {
+          push @sql, "ALTER TABLE $tablename $_;";
+        }
+        push @sql, @$postalter;
       }
     } #foreach $colname
   } #foreach $tablename
@@ -331,16 +335,70 @@ sub _upgrade_data {
     }
   }
 
-  #Pg-specific 
-  my $cve_2013_3373_sql = q(
-    UPDATE Tickets SET Subject = REPLACE(Subject,E'\n','')
-  );
-  #need this for mysql
-  #UPDATE Tickets SET Subject = REPLACE(Subject,'\n','');
+  my $cve_2013_3373_sql = '';
+  if ( driver_name =~ /^Pg/i ) {
+    $cve_2013_3373_sql = q(
+      UPDATE Tickets SET Subject = REPLACE(Subject,E'\n','')
+    );
+  } elsif ( driver_name =~ /^mysql/i ) {
+    $cve_2013_3373_sql = q(
+      UPDATE Tickets SET Subject = REPLACE(Subject,'\n','');
+    );
+  } else {
+    warn "WARNING: Don't know how to update RT Ticket Subjects for your database driver for CVE-2013-3373";
+  }
+  if ( $cve_2013_3373_sql ) {
+    my $cve_2013_3373_sth = $dbh->prepare($cve_2013_3373_sql)
+      or die $dbh->errstr;
+    $cve_2013_3373_sth->execute
+      or die $cve_2013_3373_sth->errstr;
+  }
+
+  # Remove dangling customer links, if any
+  my %target_pkey = ('cust_main' => 'custnum', 'cust_svc' => 'svcnum');
+  for my $table (keys %target_pkey) {
+    my $pkey = $target_pkey{$table};
+    my $rows = $dbh->do(
+      "DELETE FROM Links WHERE id IN(
+        SELECT id FROM (
+          SELECT Links.id FROM Links LEFT JOIN $table ON (Links.Target = 
+          'freeside://freeside/$table/' || $table.$pkey)
+          WHERE Links.Target like 'freeside://freeside/$table/%'
+          AND $table.$pkey IS NULL
+        ) AS x
+      )"
+    ) or die $dbh->errstr;
+    warn "Removed $rows dangling ticket-$table links\n" if $rows > 0;
+  }
+
+  # Fix ticket transactions on the Time* fields where the NewValue (or
+  # OldValue, though this is not known to happen) is an empty string
+  foreach (qw(newvalue oldvalue)) {
+    my $rows = $dbh->do(
+      "UPDATE Transactions SET $_ = '0' WHERE ObjectType='RT::Ticket' AND ".
+      "Field IN ('TimeWorked', 'TimeEstimated', 'TimeLeft') AND $_ = ''"
+    ) or die $dbh->errstr;
+    warn "Fixed $rows transactions with empty time values\n" if $rows > 0;
+  }
 
-  my $cve_2013_3373_sth = $dbh->prepare( $cve_2013_3373_sql)
-    or die $dbh->errstr;
-  $cve_2013_3373_sth->execute or die $cve_2013_3373_sth->errstr;
+  # One-time fix: We've created a "BulkUpdateTickets" access right; grant
+  # it to all auth'd users initially.
+  eval "use FS::upgrade_journal;";
+  my $upgrade = 'RT_add_BulkUpdateTickets_ACL';
+  if (!FS::upgrade_journal->is_done($upgrade)) {
+    my $groups = RT::Groups->new(RT->SystemUser);
+    $groups->LimitToEnabled;
+    $groups->LimitToSystemInternalGroups;
+    $groups->Limit(FIELD => 'Type', VALUE => 'Privileged', OPERATOR => '=');
+    my $group = $groups->First
+      or die "No RT internal group found for Privileged users";
+    my ($val, $msg) = $group->PrincipalObj->GrantRight(
+      Right => 'BulkUpdateTickets', Object => RT->System
+    );
+    die "Couldn't grant BulkUpdateTickets right to all users: $msg\n"
+      if !$val;
+    FS::upgrade_journal->set_done($upgrade);
+  }
 
   return;
 }