rt 4.0.23

[freeside.git] / rt / share / html / Search / Elements / ResultsRSSView

diff --git a/rt/share/html/Search/Elements/ResultsRSSView b/rt/share/html/Search/Elements/ResultsRSSView
index f3b416a..0bce7ec 100644 (file)
--- a/rt/share/html/Search/Elements/ResultsRSSView
+++ b/rt/share/html/Search/Elements/ResultsRSSView
@@ -2,7 +2,7 @@
 %#
 %# COPYRIGHT:
 %#
-%# This software is Copyright (c) 1996-2011 Best Practical Solutions, LLC
+%# This software is Copyright (c) 1996-2015 Best Practical Solutions, LLC
 %#                                          <sales@bestpractical.com>
 %#
 %# (Except where explicitly superseded by other copyright notices)
@@ -46,9 +46,7 @@
 %#
 %# END BPS TAGGED BLOCK }}}
 <%INIT>
-use Encode ();
-
-my $old_current_user;
+my $current_user = $session{CurrentUser};
 
 if ( $m->request_comp->path =~ RT->Config->Get('WebNoAuthRegex') ) {
     my $path = $m->dhandler_arg;
@@ -67,10 +65,10 @@ if ( $m->request_comp->path =~ RT->Config->Get('WebNoAuthRegex') ) {
     # Unescape parts
     $name =~ s/\%([0-9a-z]{2})/chr(hex($1))/gei;
 
-    # convert to perl strings
-    $name = Encode::decode_utf8($name);
+    # Decode from bytes to characters
+    $name = Encode::decode( "UTF-8", $name );
 
-    my $user = RT::User->new($RT::SystemUser);
+    my $user = RT::User->new(RT->SystemUser);
     $user->Load($name);
     $notfound->("Invalid user: $user") unless $user->id;
 
@@ -78,13 +76,11 @@ if ( $m->request_comp->path =~ RT->Config->Get('WebNoAuthRegex') ) {
       unless $user->ValidateAuthString( $auth,
               $ARGS{Query} . $ARGS{Order} . $ARGS{OrderBy} );
 
-    $old_current_user = $session{'CurrentUser'};
-    my $cu               = RT::CurrentUser->new;
-    $cu->Load($user);
-    $session{'CurrentUser'} = $cu;
+    $current_user = RT::CurrentUser->new;
+    $current_user->Load($user);
 }
 
-my $Tickets = RT::Tickets->new($session{'CurrentUser'});
+my $Tickets = RT::Tickets->new($current_user);
 $Tickets->FromSQL($ARGS{'Query'});
 if ($OrderBy =~ /\|/) {
     # Multiple Sorts
@@ -102,7 +98,7 @@ $r->content_type('application/rss+xml');
 
         # create an RSS 1.0 file (http://purl.org/rss/1.0/)
         use XML::RSS;
-        my $rss = new XML::RSS (version => '1.0');
+        my $rss = XML::RSS->new(version => '1.0');
         $rss->channel(
           title        => RT->Config->Get('rtname').": Search " . $ARGS{'Query'},
           link         => RT->Config->Get('WebURL'),
@@ -121,10 +117,17 @@ $r->content_type('application/rss+xml');
     while ( my $Ticket = $Tickets->Next()) {
         my $creator_str = $m->scomp('/Elements/ShowUser', User => $Ticket->CreatorObj);
         $creator_str =~ s/[\r\n]//g;
+
+        # Get the plain-text content; it is interpreted as HTML by RSS
+        # readers, so it must be escaped (and is escaped _again_ when
+        # inserted into the XML).
+        my $content = $Ticket->Transactions->First->Content;
+        $content = $m->interp->apply_escapes( $content, 'h');
+
         $rss->add_item(
           title       =>  $Ticket->Subject || loc('No Subject'),
           link        => RT->Config->Get('WebURL')."Ticket/Display.html?id=".$Ticket->id,
-          description => $Ticket->Transactions->First->Content,
+          description => $content,
           dc          => { creator => $creator_str,
                            date => $Ticket->CreatedObj->RFC2822,
                          },
@@ -133,7 +136,6 @@ $r->content_type('application/rss+xml');
     }
 
 $m->out($rss->as_string);
-$session{'CurrentUser'} = $old_current_user if $old_current_user;
 $m->abort();
 </%INIT>
 <%ARGS>