[Rt-commit] rt branch, 4.0/whitelist-showemailrecord, created. rt-4.0.18-43-g10ce1a3
Kevin Falcone
falcone at bestpractical.com
Wed Nov 13 14:24:04 EST 2013
The branch, 4.0/whitelist-showemailrecord has been created
at 10ce1a328fadb48a545abd5dadb13ca67d7ea72f (commit)
- Log -----------------------------------------------------------------
commit 10ce1a328fadb48a545abd5dadb13ca67d7ea72f
Author: Kevin Falcone <falcone at bestpractical.com>
Date: Wed Nov 13 14:15:02 2013 -0500
ShowEmailRecord is a common link to hand out.
Since it takes arguments, it triggers the CSRF warning, but it's a
readonly page and it's common to tell someone "Here's a copy of the
email that went out" - so let people visit it directly.
diff --git a/lib/RT/Interface/Web.pm b/lib/RT/Interface/Web.pm
index eda7dde..b3a45a0 100644
--- a/lib/RT/Interface/Web.pm
+++ b/lib/RT/Interface/Web.pm
@@ -1281,6 +1281,11 @@ our %is_whitelisted_component = (
'/Search/Results.html' => 1,
'/Search/Simple.html' => 1,
'/m/tickets/search' => 1,
+
+ # This page takes Attachment and Transaction argument to figure
+ # out what to show, but it's read only and will deny information if you
+ # don't have ShowOutgoingEmail.
+ '/Ticket/ShowEmailRecord.html' => 1,
);
# Components which are blacklisted from automatic, argument-based whitelisting.
-----------------------------------------------------------------------
More information about the rt-commit
mailing list