X-Git-Url: http://git.freeside.biz/gitweb/?p=freeside.git;a=blobdiff_plain;f=rt%2Fshare%2Fhtml%2FElements%2FMyRT;h=56aa8bdd01c6ae4fd76c0b6ab5560be021eb9294;hp=e8b0846602c8d14ba82b75d378e40734c4e9e2a8;hb=187086c479a09629b7d180eec513fb7657f4e291;hpb=73a6a80a9ca5edbd43d139b7cb25bfee4abfd35e

diff --git a/rt/share/html/Elements/MyRT b/rt/share/html/Elements/MyRT
index e8b084660..56aa8bdd0 100644
--- a/rt/share/html/Elements/MyRT
+++ b/rt/share/html/Elements/MyRT
@@ -2,7 +2,7 @@
 %#
 %# COPYRIGHT:
 %#
-%# This software is Copyright (c) 1996-2015 Best Practical Solutions, LLC
+%# This software is Copyright (c) 1996-2018 Best Practical Solutions, LLC
 %#                                          <sales@bestpractical.com>
 %#
 %# (Except where explicitly superseded by other copyright notices)
@@ -53,9 +53,9 @@
 % $show_cb->($_) foreach @$body;
 </td>
 
-% if ( $summary ) {
+% if ( $sidebar ) {
 <td class="boxcontainer">
-% $show_cb->($_) foreach @$summary;
+% $show_cb->($_) foreach @$sidebar;
 </td>
 % }
 
@@ -63,24 +63,24 @@
 % $m->callback( ARGSRef => \%ARGS, CallbackName => 'AfterTable' );
 <%INIT>
 
-# XXX: we don't use this, but should.
 my %allowed_components = map {$_ => 1} @{RT->Config->Get('HomepageComponents')};
 
 my $user = $session{'CurrentUser'}->UserObj;
-$Portlets ||= $user->Preferences('HomepageSettings');
 unless ( $Portlets ) {
     my ($defaults) = RT::System->new($session{'CurrentUser'})->Attributes->Named('HomepageSettings');
-    $Portlets = $defaults ? $defaults->Content : {};
+    $Portlets = $user->Preferences(
+        HomepageSettings => $defaults ? $defaults->Content : {}
+    );
 }
 
 $m->callback( CallbackName => 'MassagePortlets', Portlets => $Portlets );
 
-my ($body, $summary) = @{$Portlets}{qw(body summary)};
+my ($body, $sidebar) = @{$Portlets}{qw(body sidebar)};
 unless( $body && @$body ) {
-    $body = $summary || [];
-    $summary = undef;
+    $body = $sidebar || [];
+    $sidebar = undef;
 }
-$summary = undef unless $summary && @$summary;
+$sidebar = undef unless $sidebar && @$sidebar;
 
 my $Rows = $user->Preferences( 'SummaryRows', ( RT->Config->Get('DefaultSummaryRows') || 10 ) );
 
@@ -89,12 +89,16 @@ my $show_cb = sub {
     my $type  = $entry->{type};
     my $name = $entry->{'name'};
     if ( $type eq 'component' ) {
-        # XXX: security check etc.
-        $m->comp( $name, %{ $entry->{arguments} || {} } );
+        if (!$allowed_components{$name}) {
+            $m->out( $m->interp->apply_escapes( loc("Invalid portlet [_1]", $name), "h" ) );
+        }
+        else {
+            $m->comp( $name, %{ $entry->{arguments} || {} } );
+        }
     } elsif ( $type eq 'system' ) {
         $m->comp( '/Elements/ShowSearch', Name => $name, Override => { Rows => $Rows } );
     } elsif ( $type eq 'saved' ) {
-        $m->comp( '/Elements/ShowSearch', SavedSearch => $name, Override => { Rows => $Rows }, IgnoreMissing => 1 );
+        $m->comp( '/Elements/ShowSearch', SavedSearch => $name, Override => { Rows => $Rows } );
     } else {
         $RT::Logger->error("unknown portlet type '$type'");
     }