[Rt-commit] rtir branch, 2.9/use-l_unsafe, created. 3.0.0rc1-7-gc1db04e

Ruslan Zakirov ruz at bestpractical.com
Tue Aug 28 17:57:23 EDT 2012 

The branch, 2.9/use-l_unsafe has been created
        at  c1db04e44d3def4454bb95385b97241494ee5d30 (commit)

- Log -----------------------------------------------------------------
commit c1db04e44d3def4454bb95385b97241494ee5d30
Author: Kevin Falcone <falcone at bestpractical.com>
Date:   Mon Aug 13 18:06:23 2012 -0400

    Begin using l_unsafe in a few places that pass HTML to /l
    
    As part of the security release for 3.8.13 and 4.0.6 RT began escaping
    all HTML passed to /l (see RT's a2a50999aa214fa01bb824d2b6fcec197ec2a8e9
    for more details).
    
    This is a forward-port of ba4e3aae903888cf001bb90f4a4094b2a65d52e2 to
    the 2.9-trunk layout with a few differences. While in 2.6 we ship
    own l_unsafe, but RTIR 2.9 will depend on RT 4.0.6

diff --git a/Makefile.PL b/Makefile.PL
index 79c2bbb..f217db1 100644
--- a/Makefile.PL
+++ b/Makefile.PL
@@ -5,12 +5,7 @@ license('GPL Version 2');
 author('Best Practical Solutions <sales at bestpractical.com>');
 version_from('lib/RT/IR.pm');
 
-{ # check RT version
-    my @v = split /\./, "$RT::VERSION";
-    unless ($v[0]>=4) {
-        die "RTIR 2.9.x and newer needs RT 4.0 at least, you have $RT::VERSION";
-    }
-}
+requires_rt('4.0.6');
 
 # XXX: This should be reported by M::I::RTx
 my ($lib_path) = $INC{'RT.pm'} =~ /^(.*)[\\\/]/;
diff --git a/html/RTIR/Search/Reporting.html b/html/RTIR/Search/Reporting.html
index c4518ad..5f3e796 100644
--- a/html/RTIR/Search/Reporting.html
+++ b/html/RTIR/Search/Reporting.html
@@ -9,8 +9,8 @@
 <input type="hidden" class="hidden" name="<% $key %>" value="<% $val %>" />
 % }
 <&|/l&>Show chart</&>
-<&|/l, $m->scomp('/Search/Elements/SelectGroupBy', Name => 'PrimaryGroupBy', Query => $FullQuery) &>grouped by [_1]</&>
-<&|/l, $m->scomp('/Search/Elements/SelectChartType', Name => 'ChartStyle') &>style: [_1]</&>
+<&|/l_unsafe, $m->scomp('/Search/Elements/SelectGroupBy', Name => 'PrimaryGroupBy', Query => $FullQuery) &>grouped by [_1]</&>
+<&|/l_unsafe, $m->scomp('/Search/Elements/SelectChartType', Name => 'ChartStyle') &>style: [_1]</&>
 <input type="submit" class="button" name="ShowChart" value="<% loc('Go')%>" />
 </form>
 

-----------------------------------------------------------------------

More information about the Rt-commit mailing list