X-Git-Url: http://git.freeside.biz/gitweb/?a=blobdiff_plain;f=rt%2Flib%2FRT%2FObjectCustomFieldValue.pm;h=2434d6cc56c02dc73d25dceae28c2bc29f26e3a6;hb=05c0b947ddba67a8ac2537c010a583277623ff3e;hp=0fd9d735c3a99b96b6165dba7b702aaa1ad80270;hpb=43a06151e47d2c59b833cbd8c26d97865ee850b6;p=freeside.git diff --git a/rt/lib/RT/ObjectCustomFieldValue.pm b/rt/lib/RT/ObjectCustomFieldValue.pm index 0fd9d735c..2434d6cc5 100644 --- a/rt/lib/RT/ObjectCustomFieldValue.pm +++ b/rt/lib/RT/ObjectCustomFieldValue.pm @@ -2,7 +2,7 @@ # # COPYRIGHT: # -# This software is Copyright (c) 1996-2012 Best Practical Solutions, LLC +# This software is Copyright (c) 1996-2015 Best Practical Solutions, LLC # # # (Except where explicitly superseded by other copyright notices) @@ -50,6 +50,7 @@ package RT::ObjectCustomFieldValue; use strict; use warnings; +use base 'RT::Record'; use RT::Interface::Web; use Regexp::Common qw(RE_net_IPv4); @@ -60,10 +61,7 @@ require Net::CIDR; # Allow the empty IPv6 address $IPv6_re = qr/(?:$IPv6_re|::)/; - - use RT::CustomField; -use base 'RT::Record'; sub Table {'ObjectCustomFieldValues'} @@ -84,44 +82,23 @@ sub Create { @_, ); + my $cf = RT::CustomField->new( $self->CurrentUser ); + $cf->Load( $args{CustomField} ); - my $cf_as_sys = RT::CustomField->new(RT->SystemUser); - $cf_as_sys->Load($args{'CustomField'}); - - if($cf_as_sys->Type eq 'IPAddress') { - if ( $args{'Content'} ) { - $args{'Content'} = $self->ParseIP( $args{'Content'} ); - } - - unless ( defined $args{'Content'} ) { - return - wantarray - ? ( 0, $self->loc("Content is an invalid IP address") ) - : 0; - } - } - - if($cf_as_sys->Type eq 'IPAddressRange') { - if ($args{'Content'}) { - ($args{'Content'}, $args{'LargeContent'}) = $self->ParseIPRange( $args{'Content'} ); - } - $args{'ContentType'} = 'text/plain'; + my ($val, $msg) = $cf->_CanonicalizeValue(\%args); + return ($val, $msg) unless $val; - unless ( defined $args{'Content'} ) { - return - wantarray - ? ( 0, $self->loc("Content is an invalid IP address range") ) - : 0; - } - } - - if ( defined $args{'Content'} && length( Encode::encode_utf8($args{'Content'}) ) > 255 ) { + my $encoded = Encode::encode("UTF-8", $args{'Content'}); + if ( defined $args{'Content'} && length( $encoded ) > 255 ) { if ( defined $args{'LargeContent'} && length $args{'LargeContent'} ) { $RT::Logger->error("Content is longer than 255 bytes and LargeContent specified"); } else { - $args{'LargeContent'} = $args{'Content'}; - $args{'Content'} = ''; + # _EncodeLOB, and thus LargeContent, takes bytes; Content is + # in characters. Encode it; this may replace illegal + # codepoints (e.g. \x{FDD0}) with \x{FFFD}. + $args{'LargeContent'} = Encode::encode("UTF-8",$args{'Content'}); + $args{'Content'} = undef; $args{'ContentType'} ||= 'text/plain'; } } @@ -164,16 +141,9 @@ sub LoadByCols { if ( $args{CustomField} ) { $cf = RT::CustomField->new( $self->CurrentUser ); $cf->Load( $args{CustomField} ); - if ( $cf->Type && $cf->Type eq 'IPAddressRange' ) { - - my ( $sIP, $eIP ) = $cf->ParseIPRange( $args{'Content'} ); - if ( $sIP && $eIP ) { - $self->SUPER::LoadByCols( %args, - Content => $sIP, - LargeContent => $eIP - ); - } - } + + my ($ok, $msg) = $cf->_CanonicalizeValue(\%args); + return ($ok, $msg) unless $ok; } return $self->SUPER::LoadByCols(%args); } @@ -251,6 +221,8 @@ my $re_ip_serialized = qr/$re_ip_sunit(?:\.$re_ip_sunit){3}/; sub Content { my $self = shift; + return undef unless $self->CustomFieldObj->CurrentUserHasRight('SeeCustomField'); + my $content = $self->_Value('Content'); if ( $self->CustomFieldObj->Type eq 'IPAddress' || $self->CustomFieldObj->Type eq 'IPAddressRange' ) @@ -364,11 +336,11 @@ sub _FillInTemplateURL { # special case, whole value should be an URL if ( $url =~ /^__CustomField__/ ) { my $value = $self->Content; - # protect from javascript: URLs - if ( $value =~ /^\s*javascript:/i ) { + # protect from potentially malicious URLs + if ( $value =~ /^\s*(?:javascript|data):/i ) { my $object = $self->Object; $RT::Logger->error( - "Dangerouse value with JavaScript in custom field '". $self->CustomFieldObj->Name ."'" + "Potentially dangerous URL type in custom field '". $self->CustomFieldObj->Name ."'" ." on ". ref($object) ." #". $object->id ); return undef; @@ -720,37 +692,47 @@ sub _CoreAccessible { { id => - {read => 1, sql_type => 4, length => 11, is_blob => 0, is_numeric => 1, type => 'int(11)', default => ''}, + {read => 1, sql_type => 4, length => 11, is_blob => 0, is_numeric => 1, type => 'int(11)', default => ''}, CustomField => - {read => 1, write => 1, sql_type => 4, length => 11, is_blob => 0, is_numeric => 1, type => 'int(11)', default => ''}, + {read => 1, write => 1, sql_type => 4, length => 11, is_blob => 0, is_numeric => 1, type => 'int(11)', default => ''}, ObjectType => - {read => 1, write => 1, sql_type => 12, length => 255, is_blob => 0, is_numeric => 0, type => 'varchar(255)', default => ''}, + {read => 1, write => 1, sql_type => 12, length => 255, is_blob => 0, is_numeric => 0, type => 'varchar(255)', default => ''}, ObjectId => - {read => 1, write => 1, sql_type => 4, length => 11, is_blob => 0, is_numeric => 1, type => 'int(11)', default => ''}, + {read => 1, write => 1, sql_type => 4, length => 11, is_blob => 0, is_numeric => 1, type => 'int(11)', default => ''}, SortOrder => - {read => 1, write => 1, sql_type => 4, length => 11, is_blob => 0, is_numeric => 1, type => 'int(11)', default => '0'}, + {read => 1, write => 1, sql_type => 4, length => 11, is_blob => 0, is_numeric => 1, type => 'int(11)', default => '0'}, Content => - {read => 1, write => 1, sql_type => 12, length => 255, is_blob => 0, is_numeric => 0, type => 'varchar(255)', default => ''}, + {read => 1, write => 1, sql_type => 12, length => 255, is_blob => 0, is_numeric => 0, type => 'varchar(255)', default => ''}, LargeContent => - {read => 1, write => 1, sql_type => -4, length => 0, is_blob => 1, is_numeric => 0, type => 'longblob', default => ''}, + {read => 1, write => 1, sql_type => -4, length => 0, is_blob => 1, is_numeric => 0, type => 'longblob', default => ''}, ContentType => - {read => 1, write => 1, sql_type => 12, length => 80, is_blob => 0, is_numeric => 0, type => 'varchar(80)', default => ''}, + {read => 1, write => 1, sql_type => 12, length => 80, is_blob => 0, is_numeric => 0, type => 'varchar(80)', default => ''}, ContentEncoding => - {read => 1, write => 1, sql_type => 12, length => 80, is_blob => 0, is_numeric => 0, type => 'varchar(80)', default => ''}, + {read => 1, write => 1, sql_type => 12, length => 80, is_blob => 0, is_numeric => 0, type => 'varchar(80)', default => ''}, Creator => - {read => 1, auto => 1, sql_type => 4, length => 11, is_blob => 0, is_numeric => 1, type => 'int(11)', default => '0'}, + {read => 1, auto => 1, sql_type => 4, length => 11, is_blob => 0, is_numeric => 1, type => 'int(11)', default => '0'}, Created => - {read => 1, auto => 1, sql_type => 11, length => 0, is_blob => 0, is_numeric => 0, type => 'datetime', default => ''}, + {read => 1, auto => 1, sql_type => 11, length => 0, is_blob => 0, is_numeric => 0, type => 'datetime', default => ''}, LastUpdatedBy => - {read => 1, auto => 1, sql_type => 4, length => 11, is_blob => 0, is_numeric => 1, type => 'int(11)', default => '0'}, + {read => 1, auto => 1, sql_type => 4, length => 11, is_blob => 0, is_numeric => 1, type => 'int(11)', default => '0'}, LastUpdated => - {read => 1, auto => 1, sql_type => 11, length => 0, is_blob => 0, is_numeric => 0, type => 'datetime', default => ''}, + {read => 1, auto => 1, sql_type => 11, length => 0, is_blob => 0, is_numeric => 0, type => 'datetime', default => ''}, Disabled => - {read => 1, write => 1, sql_type => 5, length => 6, is_blob => 0, is_numeric => 1, type => 'smallint(6)', default => '0'}, + {read => 1, write => 1, sql_type => 5, length => 6, is_blob => 0, is_numeric => 1, type => 'smallint(6)', default => '0'}, } }; +sub FindDependencies { + my $self = shift; + my ($walker, $deps) = @_; + + $self->SUPER::FindDependencies($walker, $deps); + + $deps->Add( out => $self->CustomFieldObj ); + $deps->Add( out => $self->Object ); +} + RT::Base->_ImportOverlays(); 1;