X-Git-Url: http://git.freeside.biz/gitweb/?a=blobdiff_plain;f=rt%2Fshare%2Fhtml%2FNoAuth%2Frss%2Fdhandler;h=46b542537b174b3f6e5ae3e42b7e26b8e9877909;hb=HEAD;hp=1446e6cc4c5eb48a406845943c56ba2114e3645f;hpb=73a6a80a9ca5edbd43d139b7cb25bfee4abfd35e;p=freeside.git

diff --git a/rt/share/html/NoAuth/rss/dhandler b/rt/share/html/NoAuth/rss/dhandler
index 1446e6cc4..46b542537 100644
--- a/rt/share/html/NoAuth/rss/dhandler
+++ b/rt/share/html/NoAuth/rss/dhandler
@@ -2,7 +2,7 @@
 %#
 %# COPYRIGHT:
 %#
-%# This software is Copyright (c) 1996-2015 Best Practical Solutions, LLC
+%# This software is Copyright (c) 1996-2019 Best Practical Solutions, LLC
 %#                                          <sales@bestpractical.com>
 %#
 %# (Except where explicitly superseded by other copyright notices)
@@ -45,4 +45,37 @@
 %# those contributions and any derivatives thereof.
 %#
 %# END BPS TAGGED BLOCK }}}
-<& /Search/Elements/ResultsRSSView, %ARGS &>
+<%init>
+my $path = $m->dhandler_arg;
+
+my $notfound = sub {
+    my $mesg = shift;
+    $r->headers_out->{'Status'} = '404 Not Found';
+    $RT::Logger->info("Error encountered in rss generation: $mesg");
+    $m->clear_and_abort;
+};
+
+$notfound->("Invalid path: $path") unless $path =~ m!^([^/]+)/([^/]+)/?!;
+
+my ( $name, $auth ) = ( $1, $2 );
+
+# Unescape parts
+$name =~ s/\%([0-9a-z]{2})/chr(hex($1))/gei;
+
+# convert to perl strings
+$name = Encode::decode( "UTF-8", $name);
+
+my $user = RT::User->new(RT->SystemUser);
+$user->Load($name);
+$notfound->("Invalid user: $user") unless $user->id;
+
+$notfound->("Invalid authstring")
+  unless $user->ValidateAuthString( $auth,
+          $ARGS{Query} . $ARGS{Order} . $ARGS{OrderBy} );
+
+my $cu = RT::CurrentUser->new;
+$cu->Load($user);
+local $session{'CurrentUser'} = $cu;
+
+$m->comp("/Search/Elements/ResultsRSSView", %ARGS);
+</%init>