[Rt-commit] rt branch, 4.2/csrf-whitelist, updated. rt-4.2.11-40-gb7c2c7c

Dustin Graves dustin at bestpractical.com
Mon Aug 3 17:15:13 EDT 2015


The branch, 4.2/csrf-whitelist has been updated
       via  b7c2c7c5bf43cce02f7fa950d1c58557cc65913e (commit)
      from  2f6d9a303f3046c96d662fb916e6667c999df146 (commit)

Summary of changes:
 lib/RT/Interface/Web.pm | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

- Log -----------------------------------------------------------------
commit b7c2c7c5bf43cce02f7fa950d1c58557cc65913e
Author: Dustin Graves <dustin at bestpractical.com>
Date:   Mon Aug 3 17:15:09 2015 -0400

    fix argument whitelist array being written with hash syntax

diff --git a/lib/RT/Interface/Web.pm b/lib/RT/Interface/Web.pm
index 8e93e43..c206503 100644
--- a/lib/RT/Interface/Web.pm
+++ b/lib/RT/Interface/Web.pm
@@ -1380,19 +1380,19 @@ our %is_whitelisted_component = (
 our @whitelisted_args = (
     # For example, "id" is acceptable because that is how RT retrieves a
     # record.
-    'id' => 1,
+    'id',
 
     # If they have a results= from MaybeRedirectForResults, that's also fine.
-    'results' => 1,
+    'results',
 
     # The homepage refresh, which uses the Refresh header, doesn't send
     # a referer in most browsers; whitelist the one parameter it reloads
     # with, HomeRefreshInterval, which is safe
-    'HomeRefreshInterval' => 1,
+    'HomeRefreshInterval',
 
     # The NotMobile flag is fine for any page; it's only used to toggle a flag
     # in the session related to which interface you get.
-    'NotMobile' => 1,
+    'NotMobile',
 );
 
 our %whitelisted_component_parameters = (

-----------------------------------------------------------------------


More information about the rt-commit mailing list