From: ivan <ivan>
Date: Fri, 15 Jul 2011 20:28:17 +0000 (+0000)
Subject: fix 403 errors pulling up RTx-Statistics charts, RT#13546
X-Git-Tag: freeside_2_1_3~68
X-Git-Url: http://git.freeside.biz/gitweb/?p=freeside.git;a=commitdiff_plain;h=f07090d1447b1ac9b9796b4a19a37b76f57fa035

fix 403 errors pulling up RTx-Statistics charts, RT#13546
---

diff --git a/rt/FREESIDE_MODIFIED b/rt/FREESIDE_MODIFIED
index eff94b005..bb850d9b1 100644
--- a/rt/FREESIDE_MODIFIED
+++ b/rt/FREESIDE_MODIFIED
@@ -16,6 +16,7 @@ lib/RT/CustomField_Vendor.pm #mandatory fields
 lib/RT/Interface/Web.pm #customfield date patch
                         #fix transaction custom fields
                         #fix Web.pm Overlay/Vendor/Local inclusion
+                        #fix MaybeRejectPrivateComponentRequest for RTx::Statistics
 lib/RT/Action.pm #create ticket on custom field change
 lib/RT/Condition.pm #create ticket on custom field change
 lib/RT/Scrip_Overlay.pm #create ticket on custom field change
diff --git a/rt/lib/RT/Interface/Web.pm b/rt/lib/RT/Interface/Web.pm
index 822a9b5fa..e19345929 100644
--- a/rt/lib/RT/Interface/Web.pm
+++ b/rt/lib/RT/Interface/Web.pm
@@ -438,7 +438,11 @@ sub MaybeRejectPrivateComponentRequest {
               autohandler | # requesting this directly is suspicious
               l           ) # loc component
             ( $ | / ) # trailing slash or end of path
-        }xi) {
+        }xi
+        && $path !~ m{ /RTx/Statistics/\w+/Elements/Chart }xi
+      )
+    {
+            warn "rejecting private component $path\n";
             $m->abort(403);
     }
 
@@ -2300,7 +2304,6 @@ sub _parse_saved_search {
     return ( _load_container_object( $obj_type, $obj_id ), $search_id );
 }
 
-package RT::Interface::Web;
 RT::Base->_ImportOverlays();
 
 1;