fix 403 errors pulling up RTx-Statistics charts, RT#13546

diff --git a/rt/FREESIDE_MODIFIED b/rt/FREESIDE_MODIFIED
index eff94b0..bb850d9 100644 (file)
--- a/rt/FREESIDE_MODIFIED
+++ b/rt/FREESIDE_MODIFIED
@@ -16,6 +16,7 @@ lib/RT/CustomField_Vendor.pm #mandatory fields
 lib/RT/Interface/Web.pm #customfield date patch
                         #fix transaction custom fields
                         #fix Web.pm Overlay/Vendor/Local inclusion
+                        #fix MaybeRejectPrivateComponentRequest for RTx::Statistics
 lib/RT/Action.pm #create ticket on custom field change
 lib/RT/Condition.pm #create ticket on custom field change
 lib/RT/Scrip_Overlay.pm #create ticket on custom field change

diff --git a/rt/lib/RT/Interface/Web.pm b/rt/lib/RT/Interface/Web.pm
index 822a9b5..e193459 100644 (file)
--- a/rt/lib/RT/Interface/Web.pm
+++ b/rt/lib/RT/Interface/Web.pm
@@ -438,7 +438,11 @@ sub MaybeRejectPrivateComponentRequest {
               autohandler | # requesting this directly is suspicious
               l           ) # loc component
             ( $ | / ) # trailing slash or end of path
-        }xi) {
+        }xi
+        && $path !~ m{ /RTx/Statistics/\w+/Elements/Chart }xi
+      )
+    {
+            warn "rejecting private component $path\n";
             $m->abort(403);
     }
 
@@ -2300,7 +2304,6 @@ sub _parse_saved_search {
     return ( _load_container_object( $obj_type, $obj_id ), $search_id );
 }
 
-package RT::Interface::Web;
 RT::Base->_ImportOverlays();
 
 1;