projects
/
freeside.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
d04a3f3
)
fix 403 errors pulling up RTx-Statistics charts, RT#13546
author
ivan
<ivan>
Fri, 15 Jul 2011 20:28:17 +0000
(20:28 +0000)
committer
ivan
<ivan>
Fri, 15 Jul 2011 20:28:17 +0000
(20:28 +0000)
rt/FREESIDE_MODIFIED
patch
|
blob
|
history
rt/lib/RT/Interface/Web.pm
patch
|
blob
|
history
diff --git
a/rt/FREESIDE_MODIFIED
b/rt/FREESIDE_MODIFIED
index
eff94b0
..
bb850d9
100644
(file)
--- a/
rt/FREESIDE_MODIFIED
+++ b/
rt/FREESIDE_MODIFIED
@@
-16,6
+16,7
@@
lib/RT/CustomField_Vendor.pm #mandatory fields
lib/RT/Interface/Web.pm #customfield date patch
#fix transaction custom fields
#fix Web.pm Overlay/Vendor/Local inclusion
lib/RT/Interface/Web.pm #customfield date patch
#fix transaction custom fields
#fix Web.pm Overlay/Vendor/Local inclusion
+ #fix MaybeRejectPrivateComponentRequest for RTx::Statistics
lib/RT/Action.pm #create ticket on custom field change
lib/RT/Condition.pm #create ticket on custom field change
lib/RT/Scrip_Overlay.pm #create ticket on custom field change
lib/RT/Action.pm #create ticket on custom field change
lib/RT/Condition.pm #create ticket on custom field change
lib/RT/Scrip_Overlay.pm #create ticket on custom field change
diff --git
a/rt/lib/RT/Interface/Web.pm
b/rt/lib/RT/Interface/Web.pm
index
822a9b5
..
e193459
100644
(file)
--- a/
rt/lib/RT/Interface/Web.pm
+++ b/
rt/lib/RT/Interface/Web.pm
@@
-438,7
+438,11
@@
sub MaybeRejectPrivateComponentRequest {
autohandler | # requesting this directly is suspicious
l ) # loc component
( $ | / ) # trailing slash or end of path
autohandler | # requesting this directly is suspicious
l ) # loc component
( $ | / ) # trailing slash or end of path
- }xi) {
+ }xi
+ && $path !~ m{ /RTx/Statistics/\w+/Elements/Chart }xi
+ )
+ {
+ warn "rejecting private component $path\n";
$m->abort(403);
}
$m->abort(403);
}
@@
-2300,7
+2304,6
@@
sub _parse_saved_search {
return ( _load_container_object( $obj_type, $obj_id ), $search_id );
}
return ( _load_container_object( $obj_type, $obj_id ), $search_id );
}
-package RT::Interface::Web;
RT::Base->_ImportOverlays();
1;
RT::Base->_ImportOverlays();
1;