[Rt-commit] rt branch, 4.0.23-releng, updated. rt-4.0.23rc1-10-ga0ae824
Alex Vandiver
alexmv at bestpractical.com
Thu Feb 26 11:54:10 EST 2015
The branch, 4.0.23-releng has been updated
via a0ae824a4cd0b8c86cafe9e0f41c79d8b46d0bec (commit)
via 357eb0f3530ca7054f31f143dc2157866f490dbb (commit)
via 56c0a009fb8b703ea71fbc59e0ad751248c531b3 (commit)
via dee376e8debdf58771d4f2bd12a3fcbfe95eb88c (commit)
via bbd3bddcbe50b1640c9e15fd5765c49f100028aa (commit)
via ba3fa035ebf14777dcc33449fba0c2e8a21cd49f (commit)
via 0454a0a9352d6b7dba0fbea7071bd0d871209a82 (commit)
via 3b5e4e96b076915e6275dfbe174c0c981c57bbad (commit)
via f56ca8b54d9f36f73b65f495d1f602a12b7071c0 (commit)
via 0e55210e0dc5e09e9863fc725145c34e5291cacd (commit)
from 6edbbf00f83fb18511b3eb22b8ede6eb2d8252f4 (commit)
Summary of changes:
lib/RT/ACL.pm | 33 +++++++++-------------------
lib/RT/Articles.pm | 28 ++++++------------------
lib/RT/Attachments.pm | 15 ++++---------
lib/RT/Classes.pm | 27 ++++++-----------------
lib/RT/CustomFields.pm | 20 +++++++----------
lib/RT/Dashboard.pm | 8 ++-----
lib/RT/Groups.pm | 29 ++++++++++++++-----------
lib/RT/I18N.pm | 8 +++++--
lib/RT/Report/Tickets.pm | 10 ---------
lib/RT/SavedSearch.pm | 3 +--
lib/RT/Scrips.pm | 34 ++++++++---------------------
lib/RT/Template.pm | 12 +++++++----
lib/RT/Templates.pm | 36 ++++++++-----------------------
lib/RT/Tickets.pm | 11 ----------
lib/RT/Transactions.pm | 23 ++++----------------
share/html/Search/Elements/ResultsRSSView | 20 ++++++++++-------
16 files changed, 103 insertions(+), 214 deletions(-)
- Log -----------------------------------------------------------------
commit 0e55210e0dc5e09e9863fc725145c34e5291cacd
Author: Alex Vandiver <alexmv at bestpractical.com>
Date: Fri Apr 26 19:06:28 2013 -0400
Remove uses of ::Unique; our SELECT DISTINCT is sufficient
Rather than import a mixin (twice, in Tickets' case (?!)) which
unique-ifies the results, rely on our SELECT DISCINCT machinery. The
original code was added when DistinctQuery was unimplemented for some
database handles.
Cherry-picked from bcd79f3afc85d8976a65b94c5de9c158b6d1962f on
4.2-trunk. It is necessary because the ::Unique mixin provides an
(unnecessary) AddRecord method, which the following commits would
conflict with.
diff --git a/lib/RT/CustomFields.pm b/lib/RT/CustomFields.pm
index 9bfe092..fb8cae1 100644
--- a/lib/RT/CustomFields.pm
+++ b/lib/RT/CustomFields.pm
@@ -68,8 +68,6 @@ package RT::CustomFields;
use strict;
use warnings;
-use DBIx::SearchBuilder::Unique;
-
use RT::CustomField;
use base 'RT::SearchBuilder';
diff --git a/lib/RT/Report/Tickets.pm b/lib/RT/Report/Tickets.pm
index 1e32314..f977673 100644
--- a/lib/RT/Report/Tickets.pm
+++ b/lib/RT/Report/Tickets.pm
@@ -275,16 +275,6 @@ sub _FieldToFunction {
return %args;
}
-
-# Override the AddRecord from DBI::SearchBuilder::Unique. id isn't id here
-# wedon't want to disambiguate all the items with a count of 1.
-sub AddRecord {
- my $self = shift;
- my $record = shift;
- push @{$self->{'items'}}, $record;
- $self->{'rows'}++;
-}
-
1;
diff --git a/lib/RT/Tickets.pm b/lib/RT/Tickets.pm
index 0c92350..cd17cb5 100644
--- a/lib/RT/Tickets.pm
+++ b/lib/RT/Tickets.pm
@@ -89,7 +89,6 @@ use base 'RT::SearchBuilder';
sub Table { 'Tickets'}
use RT::CustomFields;
-use DBIx::SearchBuilder::Unique;
# Configuration Tables:
@@ -1981,16 +1980,6 @@ sub OrderByCols {
QUOTEVALUE => 1,
ENTRYAGGREGATOR => 'AND',
) if $CFs;
- unless ($cf_obj) {
- # For those cases where we are doing a join against the
- # CF name, and don't have a CFid, use Unique to make sure
- # we don't show duplicate tickets. NOTE: I'm pretty sure
- # this will stay mixed in for the life of the
- # class/package, and not just for the life of the object.
- # Potential performance issue.
- require DBIx::SearchBuilder::Unique;
- DBIx::SearchBuilder::Unique->import;
- }
my $CFvs = $self->Join(
TYPE => 'LEFT',
ALIAS1 => $ObjectCFs,
commit f56ca8b54d9f36f73b65f495d1f602a12b7071c0
Author: Alex Vandiver <alexmv at bestpractical.com>
Date: Thu Jan 29 16:10:12 2015 -0500
Push all ACL'ing into AddRecord, so ItemsArrayRef respects it
Existing ACL machinery was implemented either on AddRecord (which
applies when data is first pulled from the database), or on Next (which
applies during iteration). Applying ACLs in Next, however, means that
they are skipped if ->ItemsArrayRef is called.
Move all existing ACL checks to AddRecord, formalizing logic into
->CurrentUserCanSee when relevant.
This change causes test failures for the Dashboards and SavedSearches;
the existing behavior relies on showing you all groups you are a member
of, even if you do not have SeeGroup on those groups. This behavior
should not change during a stable series; the following commit will add
an ACL exception for their use case.
diff --git a/lib/RT/ACL.pm b/lib/RT/ACL.pm
index e16d6c2..83423ad 100644
--- a/lib/RT/ACL.pm
+++ b/lib/RT/ACL.pm
@@ -222,34 +222,21 @@ sub LimitToPrincipal {
-sub Next {
+sub AddRecord {
my $self = shift;
+ my ($record) = @_;
- my $ACE = $self->SUPER::Next();
# Short-circuit having to load up the ->Object
- return $ACE
- if $self->CurrentUser->PrincipalObj->Id == RT->SystemUser->Id;
- if ( ( defined($ACE) ) and ( ref($ACE) ) ) {
-
- if ( $self->CurrentUser->HasRight( Right => 'ShowACL',
- Object => $ACE->Object )
- or $self->CurrentUser->HasRight( Right => 'ModifyACL',
- Object => $ACE->Object )
- ) {
- return ($ACE);
- }
-
- #If the user doesn't have the right to show this ACE
- else {
- return ( $self->Next() );
- }
- }
+ return $self->SUPER::AddRecord( $record )
+ if $record->CurrentUser->PrincipalObj->Id == RT->SystemUser->Id;
- #if there never was any ACE
- else {
- return (undef);
- }
+ my $obj = $record->Object;
+ return unless $self->CurrentUser->HasRight( Right => 'ShowACL',
+ Object => $obj )
+ or $self->CurrentUser->HasRight( Right => 'ModifyACL',
+ Object => $obj );
+ return $self->SUPER::AddRecord( $record );
}
diff --git a/lib/RT/Articles.pm b/lib/RT/Articles.pm
index 8ecb92a..6800232 100644
--- a/lib/RT/Articles.pm
+++ b/lib/RT/Articles.pm
@@ -64,33 +64,19 @@ sub _Init {
return $self->SUPER::_Init( @_ );
}
-=head2 Next
+=head2 AddRecord
-Returns the next article that this user can see.
+Overrides the collection to ensure that only Articles the user can see
+are returned.
=cut
-sub Next {
+sub AddRecord {
my $self = shift;
+ my ($record) = @_;
- my $Object = $self->SUPER::Next();
- if ( ( defined($Object) ) and ( ref($Object) ) ) {
-
- if ( $Object->CurrentUserHasRight('ShowArticle') ) {
- return ($Object);
- }
-
- #If the user doesn't have the right to show this Object
- else {
- return ( $self->Next() );
- }
- }
-
- #if there never was any queue
- else {
- return (undef);
- }
-
+ return unless $record->CurrentUserHasRight('ShowArticle');
+ return $self->SUPER::AddRecord( $record );
}
=head2 Limit { FIELD => undef, OPERATOR => '=', VALUE => 'undef'}
diff --git a/lib/RT/Attachments.pm b/lib/RT/Attachments.pm
index 2d4d76e..b771243 100644
--- a/lib/RT/Attachments.pm
+++ b/lib/RT/Attachments.pm
@@ -220,19 +220,12 @@ sub LimitByTicket {
return;
}
-# {{{ sub Next
-sub Next {
+sub AddRecord {
my $self = shift;
+ my ($record) = @_;
- my $Attachment = $self->SUPER::Next;
- return $Attachment unless $Attachment;
-
- if ( $Attachment->TransactionObj->CurrentUserCanSee ) {
- return $Attachment;
- } else {
- # If the user doesn't have the right to show this ticket
- return $self->Next;
- }
+ return unless $record->TransactionObj->CurrentUserCanSee;
+ return $self->SUPER::AddRecord( $record );
}
diff --git a/lib/RT/Classes.pm b/lib/RT/Classes.pm
index 9e55278..0175b2f 100644
--- a/lib/RT/Classes.pm
+++ b/lib/RT/Classes.pm
@@ -64,32 +64,19 @@ sub Table {'Classes'}
return ($self->SUPER::_Init(@_));
}
-=head2 Next
+=head2 AddRecord
-Returns the next Object that this user can see.
+Overrides the collection to ensure that only Classes the user can
+see are returned.
=cut
-sub Next {
+sub AddRecord {
my $self = shift;
+ my ($record) = @_;
-
- my $Object = $self->SUPER::Next();
- if ((defined($Object)) and (ref($Object))) {
- if ( $Object->CurrentUserHasRight('SeeClass') ) {
- return($Object);
- }
-
- #If the user doesn't have the right to show this Object
- else {
- return($self->Next());
- }
- }
- #if there never was any Object
- else {
- return(undef);
- }
-
+ return unless $record->CurrentUserHasRight('SeeClass');
+ return $self->SUPER::AddRecord( $record );
}
sub ColumnMapClassName {
diff --git a/lib/RT/CustomFields.pm b/lib/RT/CustomFields.pm
index fb8cae1..c7f8470 100644
--- a/lib/RT/CustomFields.pm
+++ b/lib/RT/CustomFields.pm
@@ -369,22 +369,20 @@ sub _OCFAlias {
}
-=head2 Next
+=head2 AddRecord
-Returns the next custom field that this user can see.
+Overrides the collection to ensure that only custom fields the user can
+see are returned; also propagates down the L</ContextObject>.
=cut
-sub Next {
+sub AddRecord {
my $self = shift;
+ my ($record) = @_;
- my $CF = $self->SUPER::Next();
- return $CF unless $CF;
-
- $CF->SetContextObject( $self->ContextObject );
-
- return $self->Next unless $CF->CurrentUserHasRight('SeeCustomField');
- return $CF;
+ $record->SetContextObject( $self->ContextObject );
+ return unless $record->CurrentUserHasRight('SeeCustomField');
+ return $self->SUPER::AddRecord( $record );
}
=head2 NewItem
diff --git a/lib/RT/Groups.pm b/lib/RT/Groups.pm
index e470cfe..7c572e6 100644
--- a/lib/RT/Groups.pm
+++ b/lib/RT/Groups.pm
@@ -426,22 +426,14 @@ sub LimitToDeleted {
-sub Next {
+sub AddRecord {
my $self = shift;
+ my ($record) = @_;
# Don't show groups which the user isn't allowed to see.
+ return unless $record->CurrentUserHasRight('SeeGroup');
- my $Group = $self->SUPER::Next();
- if ((defined($Group)) and (ref($Group))) {
- unless ($Group->CurrentUserHasRight('SeeGroup')) {
- return $self->Next();
- }
-
- return $Group;
- }
- else {
- return undef;
- }
+ return $self->SUPER::AddRecord( $record );
}
diff --git a/lib/RT/Scrips.pm b/lib/RT/Scrips.pm
index 075fe56..4649885 100644
--- a/lib/RT/Scrips.pm
+++ b/lib/RT/Scrips.pm
@@ -114,35 +114,19 @@ sub LimitToGlobal {
}
-# {{{ sub Next
+=head2 AddRecord
-=head2 Next
-
-Returns the next scrip that this user can see.
+Overrides the collection to ensure that only scrips the user can see are
+returned.
=cut
-
-sub Next {
+
+sub AddRecord {
my $self = shift;
-
-
- my $Scrip = $self->SUPER::Next();
- if ((defined($Scrip)) and (ref($Scrip))) {
-
- if ($Scrip->CurrentUserHasRight('ShowScrips')) {
- return($Scrip);
- }
-
- #If the user doesn't have the right to show this scrip
- else {
- return($self->Next());
- }
- }
- #if there never was any scrip
- else {
- return(undef);
- }
-
+ my ($record) = @_;
+
+ return unless $record->CurrentUserHasRight('ShowScrips');
+ return $self->SUPER::AddRecord( $record );
}
=head2 Apply
diff --git a/lib/RT/Template.pm b/lib/RT/Template.pm
index bfa57b2..ecf0946 100644
--- a/lib/RT/Template.pm
+++ b/lib/RT/Template.pm
@@ -740,10 +740,14 @@ sub CompileCheck {
sub CurrentUserCanRead {
my $self =shift;
- return 1 if $self->CurrentUserHasQueueRight('ShowTemplate');
-
- return $self->CurrentUser->HasRight( Right =>'ShowGlobalTemplates', Object => $RT::System )
- if !$self->QueueObj->Id;
+ if ($self->__Value('Queue')) {
+ my $queue = RT::Queue->new( RT->SystemUser );
+ $queue->Load( $self->__Value('Queue'));
+ return 1 if $self->CurrentUser->HasRight( Right => 'ShowTemplate', Object => $queue );
+ } else {
+ return 1 if $self->CurrentUser->HasRight( Right => 'ShowGlobalTemplates', Object => $RT::System );
+ return 1 if $self->CurrentUser->HasRight( Right => 'ShowTemplate', Object => $RT::System );
+ }
return;
}
diff --git a/lib/RT/Templates.pm b/lib/RT/Templates.pm
index e752bce..06d2191 100644
--- a/lib/RT/Templates.pm
+++ b/lib/RT/Templates.pm
@@ -125,37 +125,19 @@ sub LimitToQueue {
}
-=head2 Next
+=head2 AddRecord
-Returns the next template that this user can see.
+Overrides the collection to ensure that only templates the user can see
+are returned.
=cut
-
-sub Next {
+
+sub AddRecord {
my $self = shift;
-
-
- my $templ = $self->SUPER::Next();
- if ((defined($templ)) and (ref($templ))) {
-
- # If it's part of a queue, and the user can read templates in
- # that queue, or the user can globally read templates, show it
- if ($templ->Queue && $templ->CurrentUserHasQueueRight('ShowTemplate') or
- $templ->CurrentUser->HasRight(Object => $RT::System, Right => 'ShowTemplate') or
- $templ->CurrentUser->HasRight(Object => $RT::System, Right => 'ShowGlobalTemplates')) {
- return($templ);
- }
-
- #If the user doesn't have the right to show this template
- else {
- return($self->Next());
- }
- }
- #if there never was any template
- else {
- return(undef);
- }
-
+ my ($record) = @_;
+
+ return unless $record->CurrentUserCanRead;
+ return $self->SUPER::AddRecord( $record );
}
=head2 NewItem
diff --git a/lib/RT/Transactions.pm b/lib/RT/Transactions.pm
index 32e2cb6..9c359c0 100644
--- a/lib/RT/Transactions.pm
+++ b/lib/RT/Transactions.pm
@@ -132,27 +132,12 @@ sub LimitToTicket {
}
-sub Next {
+sub AddRecord {
my $self = shift;
-
- my $Transaction = $self->SUPER::Next();
- if ((defined($Transaction)) and (ref($Transaction))) {
- # If the user can see the transaction's type, then they can
- # see the transaction and we should hand it back.
- if ($Transaction->Type) {
- return($Transaction);
- }
-
- #If the user doesn't have the right to show this ticket
- else {
- return($self->Next());
- }
- }
+ my ($record) = @_;
- #if there never was any ticket
- else {
- return(undef);
- }
+ return unless $record->CurrentUserCanSee;
+ return $self->SUPER::AddRecord($record);
}
commit 3b5e4e96b076915e6275dfbe174c0c981c57bbad
Author: Alex Vandiver <alexmv at bestpractical.com>
Date: Thu Jan 29 16:16:25 2015 -0500
Allow an exception for ACLs on groups, for the current user's groups
As referenced in the previous commit, Dashboards and Saved Searches
currently walk around the existing ShowGroup ACL, by dint of having used
->ItemsArrayRef. As the previous commit closes that hole, an explicit
exception is instead made for group searches which contain the current
user; this allows the current behavior to be preserved.
diff --git a/lib/RT/Dashboard.pm b/lib/RT/Dashboard.pm
index b74bbb5..d84f56b 100644
--- a/lib/RT/Dashboard.pm
+++ b/lib/RT/Dashboard.pm
@@ -270,8 +270,7 @@ sub _PrivacyObjects {
my $groups = RT::Groups->new($CurrentUser);
$groups->LimitToUserDefinedGroups;
- $groups->WithMember( PrincipalId => $CurrentUser->Id,
- Recursively => 1 );
+ $groups->WithCurrentUser;
push @objects, @{ $groups->ItemsArrayRef };
push @objects, RT::System->new($CurrentUser);
@@ -401,10 +400,7 @@ sub ObjectsForLoading {
Right => 'SeeGroupDashboard',
IncludeSuperusers => $args{IncludeSuperuserGroups},
);
- $groups->WithMember(
- Recursively => 1,
- PrincipalId => $CurrentUser->UserObj->PrincipalId
- );
+ $groups->WithCurrentUser;
my $attrs = $groups->Join(
ALIAS1 => 'main',
FIELD1 => 'id',
diff --git a/lib/RT/Groups.pm b/lib/RT/Groups.pm
index 7c572e6..52aa510 100644
--- a/lib/RT/Groups.pm
+++ b/lib/RT/Groups.pm
@@ -240,6 +240,15 @@ sub WithMember {
return $members;
}
+sub WithCurrentUser {
+ my $self = shift;
+ $self->{with_current_user} = 1;
+ return $self->WithMember(
+ PrincipalId => $self->CurrentUser->PrincipalId,
+ Recursively => 1,
+ );
+}
+
sub WithoutMember {
my $self = shift;
my %args = (
@@ -430,8 +439,10 @@ sub AddRecord {
my $self = shift;
my ($record) = @_;
- # Don't show groups which the user isn't allowed to see.
- return unless $record->CurrentUserHasRight('SeeGroup');
+ # If we've explicitly limited to groups the user is a member of (for
+ # dashboard or savedsearch privacy objects), skip the ACL.
+ return unless $self->{with_current_user}
+ or $record->CurrentUserHasRight('SeeGroup');
return $self->SUPER::AddRecord( $record );
}
diff --git a/lib/RT/SavedSearch.pm b/lib/RT/SavedSearch.pm
index 4fe6323..4dd869b 100644
--- a/lib/RT/SavedSearch.pm
+++ b/lib/RT/SavedSearch.pm
@@ -162,8 +162,7 @@ sub _PrivacyObjects {
my $groups = RT::Groups->new($CurrentUser);
$groups->LimitToUserDefinedGroups;
- $groups->WithMember( PrincipalId => $CurrentUser->Id,
- Recursively => 1 );
+ $groups->WithCurrentUser;
if ($has_attr) {
my $attrs = $groups->Join(
ALIAS1 => 'main',
commit 0454a0a9352d6b7dba0fbea7071bd0d871209a82
Author: Alex Vandiver <alexmv at bestpractical.com>
Date: Fri Jan 30 15:03:16 2015 -0500
Prevent text content from being interpreted as HTML by RSS clients
The ->Content method is used to obtain the data to use in the RSS
<description> tag. However, most RSS feed readers display the contents
of the <description> tag using a HTML rendering engine; this allows
textual content to be mistakenly rendered as HTML. This specifically
includes links, which RSS readers may not hide the "Referer" header of,
exposing the RSS feed URL and thus allowing for information disclosure.
This vulnerability has been assigned CVE-2015-1165.
Escape the textual content so that it is not interpreted as HTML by RSS
readers. This is suprior to requesting ->Content( Type => "text/html" )
because it is guaranteed to not contain links, and thus not suffer from
the above Referer disclosure.
diff --git a/share/html/Search/Elements/ResultsRSSView b/share/html/Search/Elements/ResultsRSSView
index 3a2a208..b3e955a 100644
--- a/share/html/Search/Elements/ResultsRSSView
+++ b/share/html/Search/Elements/ResultsRSSView
@@ -119,10 +119,17 @@ $r->content_type('application/rss+xml');
while ( my $Ticket = $Tickets->Next()) {
my $creator_str = $m->scomp('/Elements/ShowUser', User => $Ticket->CreatorObj);
$creator_str =~ s/[\r\n]//g;
+
+ # Get the plain-text content; it is interpreted as HTML by RSS
+ # readers, so it must be escaped (and is escaped _again_ when
+ # inserted into the XML).
+ my $content = $Ticket->Transactions->First->Content;
+ $content = $m->interp->apply_escapes( $content, 'h');
+
$rss->add_item(
title => $Ticket->Subject || loc('No Subject'),
link => RT->Config->Get('WebURL')."Ticket/Display.html?id=".$Ticket->id,
- description => $Ticket->Transactions->First->Content,
+ description => $content,
dc => { creator => $creator_str,
date => $Ticket->CreatedObj->RFC2822,
},
commit ba3fa035ebf14777dcc33449fba0c2e8a21cd49f
Author: Alex Vandiver <alexmv at bestpractical.com>
Date: Mon Feb 2 12:24:56 2015 -0500
Never place the temporary current user in the session
Setting $session{'CurrentUser'} to a different user opens a window
wherein if the request can be aborted, the client will be left with a
session for the other user. This allows escalation from knowing an RSS
feed link (which is generally just information disclosure) into full
login privileges, which may allow for arbitrary execution of code. This
vulnerability has been assigned CVE-2015-1464.
diff --git a/share/html/Search/Elements/ResultsRSSView b/share/html/Search/Elements/ResultsRSSView
index 3a2a208..9450f89 100644
--- a/share/html/Search/Elements/ResultsRSSView
+++ b/share/html/Search/Elements/ResultsRSSView
@@ -46,7 +46,7 @@
%#
%# END BPS TAGGED BLOCK }}}
<%INIT>
-my $old_current_user;
+my $current_user = $session{CurrentUser};
if ( $m->request_comp->path =~ RT->Config->Get('WebNoAuthRegex') ) {
my $path = $m->dhandler_arg;
@@ -76,13 +76,11 @@ if ( $m->request_comp->path =~ RT->Config->Get('WebNoAuthRegex') ) {
unless $user->ValidateAuthString( $auth,
$ARGS{Query} . $ARGS{Order} . $ARGS{OrderBy} );
- $old_current_user = $session{'CurrentUser'};
- my $cu = RT::CurrentUser->new;
- $cu->Load($user);
- $session{'CurrentUser'} = $cu;
+ $current_user = RT::CurrentUser->new;
+ $current_user->Load($user);
}
-my $Tickets = RT::Tickets->new($session{'CurrentUser'});
+my $Tickets = RT::Tickets->new($current_user);
$Tickets->FromSQL($ARGS{'Query'});
if ($OrderBy =~ /\|/) {
# Multiple Sorts
@@ -131,7 +129,6 @@ $r->content_type('application/rss+xml');
}
$m->out($rss->as_string);
-$session{'CurrentUser'} = $old_current_user if $old_current_user;
$m->abort();
</%INIT>
<%ARGS>
commit bbd3bddcbe50b1640c9e15fd5765c49f100028aa
Author: Alex Vandiver <alexmv at bestpractical.com>
Date: Mon Dec 1 16:58:43 2014 -0500
Hide utf8 warnings during attempted decoding
RT trusts the "charset" found in the Content-Type header, and decodes
the bytes in the header and body using that encoding. This operation,
under Encode::FB_DEFAULT, may generate warnings -- lots of warnings.
This can lead to denial of service in some situations. This
vulnerability has been assigned CVE-2014-9472.
Unfortunately, "no warnings 'utf8'" does not work to quiet them until
Encode 2.64, and even then, it only works with encode() and decode(),
not from_to(). Bump the dependency to 2.64, and switch to
encode(decode()) instead of from_to().
diff --git a/lib/RT/I18N.pm b/lib/RT/I18N.pm
index 55bb141..de93512 100644
--- a/lib/RT/I18N.pm
+++ b/lib/RT/I18N.pm
@@ -245,7 +245,10 @@ sub SetMIMEEntityToEncoding {
. $head->mime_type . " - "
. ( Encode::decode("UTF-8",$head->get('subject')) || 'Subjectless message' ) );
- Encode::from_to( $string, $charset => $enc );
+ {
+ no warnings 'utf8';
+ $string = Encode::encode( $enc, Encode::decode( $charset, $string) );
+ }
my $new_body = MIME::Body::InCore->new($string);
@@ -549,7 +552,8 @@ sub SetMIMEHeadToEncoding {
$head->delete($tag);
foreach my $value (@values) {
if ( $charset ne $enc || $enc =~ /^utf-?8(?:-strict)?$/i ) {
- Encode::from_to( $value, $charset => $enc );
+ no warnings 'utf8';
+ $value = Encode::encode( $enc, Encode::decode( $charset, $value) );
}
$value = DecodeMIMEWordsToEncoding( $value, $enc, $tag )
unless $preserve_words;
commit dee376e8debdf58771d4f2bd12a3fcbfe95eb88c
Merge: 6edbbf0 bbd3bdd
Author: Alex Vandiver <alexmv at bestpractical.com>
Date: Fri Feb 6 15:01:37 2015 -0500
Merge branch 'security/4.0/decode-warnings' into security/4.0.23-releng
commit 56c0a009fb8b703ea71fbc59e0ad751248c531b3
Merge: dee376e 0454a0a
Author: Alex Vandiver <alexmv at bestpractical.com>
Date: Fri Feb 6 15:01:55 2015 -0500
Merge branch 'security/4.0/rss-content' into security/4.0.23-releng
commit 357eb0f3530ca7054f31f143dc2157866f490dbb
Merge: 56c0a00 ba3fa03
Author: Alex Vandiver <alexmv at bestpractical.com>
Date: Fri Feb 6 15:02:05 2015 -0500
Merge branch 'security/4.0/rss-currentuser' into security/4.0.23-releng
commit a0ae824a4cd0b8c86cafe9e0f41c79d8b46d0bec
Merge: 357eb0f 3b5e4e9
Author: Alex Vandiver <alexmv at bestpractical.com>
Date: Fri Feb 6 15:02:31 2015 -0500
Merge branch 'security/4.0/acl-addrecord' into security/4.0.23-releng
-----------------------------------------------------------------------
More information about the rt-commit
mailing list