[Rt-commit] [rtir] 01/01: Add RTIR search result page to CSRF whitelist

[Jim Brandt]

This is an automated email from the git hooks/post-receive script.

jbrandt pushed a commit to branch 3.0/whitelist-rtir-search-results
in repository rtir.

commit 53612b7e0bc528da3214cdd0d8db75270b83afb8
Author: Jim Brandt <jbrandt at bestpractical.com>
Date:   Mon Aug 19 14:22:13 2013 -0400

    Add RTIR search result page to CSRF whitelist
---
 lib/RT/IR.pm | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/lib/RT/IR.pm b/lib/RT/IR.pm
index 902f3ac..42c6869 100644
--- a/lib/RT/IR.pm
+++ b/lib/RT/IR.pm
@@ -79,6 +79,16 @@ my $ticket_sql_parser = Parse::BooleanLogic->new;
 
 RT->AddJavaScript('jquery.uncheckable-radio-0.1.js');
 
+# Add the RTIR search result page to the whitelist to allow
+# bookmarks to work without CSRF warnings, similar to the RT
+# search result page. As noted in the similar RT configuration,
+# whitelisted search links can be used for denial-of-service against RT
+# (construct a very inefficient query and trick lots of users into
+# running them against RT). This is offset by the general usefulness of
+# bookmarking search links.
+
+$RT::Interface::Web::is_whitelisted_component{'/RTIR/Search/Results.html'} = 1;
+
 =head1 FUNCTIONS
 
 =head2 OurQueue

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.