[Rt-commit] rt branch, 4.4/improve-create-custom-field-message, created. rt-4.4.2-93-gb1cfaabdb
Maureen Mirville
maureen at bestpractical.com
Wed Jun 6 17:24:22 EDT 2018
The branch, 4.4/improve-create-custom-field-message has been created
at b1cfaabdb27e9e46da45339bc7ec897d10ae573c (commit)
- Log -----------------------------------------------------------------
commit 1626a8aac512858d7e29d5cf759ab191342a6b3d
Author: Maureen E. Mirville <maureen at bestpractical.com>
Date: Mon Mar 5 09:41:22 2018 -0500
Update incorrect links in docs pod files
diff --git a/docs/dashboards_reporting.pod b/docs/dashboards_reporting.pod
index 14870caf1..f598870f7 100644
--- a/docs/dashboards_reporting.pod
+++ b/docs/dashboards_reporting.pod
@@ -1,7 +1,7 @@
=pod
For background on how to build searches in RT, please refer to the
-L<Query Builder Documentation|docs/query_builder.pod>.
+F<docs/query_builder.pod>.
=head1 Introduction
@@ -22,7 +22,7 @@ in the queue appropriately called "RT".
First we need to build these searches, which draw upon the definitions and
explanations listed in the
-L<Definitions of Ticket Metadata Documentation|docs/ticket_metadata.pod>.
+F<docs/ticket_metadata.pod>.
Thankfully, we already know that we're focusing on only one queue: RT. I can
find the dates for each of the minor releases on the RT page at our website:
L<https://bestpractical.com/rt/>. If you go to the bottom left and click on
diff --git a/docs/query_builder.pod b/docs/query_builder.pod
index c84b40e60..36ef4baf7 100644
--- a/docs/query_builder.pod
+++ b/docs/query_builder.pod
@@ -6,7 +6,7 @@ specify in order to perform a search. Strategies for narrowing your searches
to find exactly what you're looking for (and no more) are discussed below.
The Query Builder is the heart of reporting in RT, which is covered in the
-L<Dashboard and Reports|docs/dashboards_reporting.pod> document.
+L<Dashboards Reporting|dashboards_reporting> document.
To follow along with the examples, go to
L<issues.bestpractical.com|http://issues.bestpractical.com> and try the
diff --git a/docs/subscriptions_feeds.pod b/docs/subscriptions_feeds.pod
index 61023a74e..c1da75ecb 100644
--- a/docs/subscriptions_feeds.pod
+++ b/docs/subscriptions_feeds.pod
@@ -1,7 +1,7 @@
=pod
For directions on how to build a dashboard from saved searches, please see
-L<Dashboards and Reporting|docs/dashboards_reporting.pod> documentation.
+L<Dashboards Reporting|dashboards_reporting> documentation.
=head1 Subscriptions
commit ec8f77c9b285cd487ac4bb3e33dc43723153108c
Author: Aaron Kondziela <aaron at bestpractical.com>
Date: Tue Jan 24 18:20:28 2017 -0500
Fix timing sidechannel vulnerability in password checking
"eq" operators for comparing against passwords are replaced by a new
RT::Util::constant_time_eq to resolve a timing sidechannel vulnerability.
This addresses CVE-2017-5361.
Fixes: T#161960
diff --git a/lib/RT/User.pm b/lib/RT/User.pm
index 7b89d2166..8cf787caf 100644
--- a/lib/RT/User.pm
+++ b/lib/RT/User.pm
@@ -1122,7 +1122,7 @@ sub IsPassword {
my $salt = substr($hash, 0, 4, "");
return 0 unless RT::Util::constant_time_eq(
substr(Digest::SHA::sha256($salt . Digest::MD5::md5(Encode::encode( "UTF-8", $value))), 0, 26),
- $hash, 1
+ $hash
);
} elsif (length $stored == 32) {
# Hex nonsalted-md5
diff --git a/lib/RT/Util.pm b/lib/RT/Util.pm
index f3cce3797..06bf8c359 100644
--- a/lib/RT/Util.pm
+++ b/lib/RT/Util.pm
@@ -56,6 +56,8 @@ our @EXPORT = qw/safe_run_child mime_recommended_filename EntityLooksLikeEmailMe
use Encode qw/encode/;
+use Encode qw/encode/;
+
sub safe_run_child (&) {
my $our_pid = $$;
@@ -166,9 +168,6 @@ The two string arguments B<MUST> be of equal length. If the lengths differ,
this function will call C<die()>, as proceeding with execution would create
a timing vulnerability. Length is defined by characters, not bytes.
-Strings that should be treated as binary octets rather than Unicode text
-should pass a true value for the binary flag.
-
This code has been tested to do what it claims. Do not change it without
thorough statistical timing analysis to validate the changes.
@@ -180,7 +179,7 @@ B<https://en.wikipedia.org/wiki/Timing_attack>
=cut
sub constant_time_eq {
- my ($a, $b, $binary) = @_;
+ my ($a, $b) = @_;
my $result = 0;
@@ -194,18 +193,9 @@ sub constant_time_eq {
my $a_char = substr($a, $i, 1);
my $b_char = substr($b, $i, 1);
- my (@a_octets, @b_octets);
-
- if ($binary) {
- @a_octets = ord($a_char);
- @b_octets = ord($b_char);
- }
- else {
- # encode() is set to die on malformed
- @a_octets = unpack("C*", encode('UTF-8', $a_char, Encode::FB_CROAK));
- @b_octets = unpack("C*", encode('UTF-8', $b_char, Encode::FB_CROAK));
- }
-
+ # encode() is set to die on malformed
+ my @a_octets = unpack("C*", encode('UTF-8', $a_char, Encode::FB_CROAK));
+ my @b_octets = unpack("C*", encode('UTF-8', $b_char, Encode::FB_CROAK));
die $generic_error if (scalar @a_octets) != (scalar @b_octets);
for (my $j = 0; $j < scalar @a_octets; $j++) {
@@ -215,30 +205,6 @@ sub constant_time_eq {
return 0 + not $result;
}
-=head2 EntityLooksLikeEmailMessage( MIME::Entity )
-
-Check MIME type headers for entities that look like email.
-
-=cut
-
-sub EntityLooksLikeEmailMessage {
- my $entity = shift;
-
- return unless $entity;
-
- # Use mime_type instead of effective_type to get the same headers
- # MIME::Parser used.
- my $mime_type = $entity->mime_type();
-
- # This is the same list of MIME types MIME::Parser uses. The partial and
- # external-body types are unlikely to produce usable attachments, but they
- # are still recognized as email for the purposes of this function.
-
- my @email_types = ('message/rfc822', 'message/partial', 'message/external-body');
-
- return 1 if grep { $mime_type eq $_ } @email_types;
- return 0;
-}
RT::Base->_ImportOverlays();
commit 712591b63a9b8591ee87b6b5de4b133e217647f0
Author: Jim Brandt <jbrandt at bestpractical.com>
Date: Tue Jun 27 08:37:17 2017 -0400
Add tests to show incorrect unset cf setting
diff --git a/t/web/ticket_display_unset_fields.t b/t/web/ticket_display_unset_fields.t
index b047edc84..89044e2e5 100644
--- a/t/web/ticket_display_unset_fields.t
+++ b/t/web/ticket_display_unset_fields.t
@@ -117,4 +117,5 @@ diag "Test unset custom fields";
isnt $dom->find(qq{tr.customfield.unset-field})->size, 1, "no unset custom fields";
}
+undef $m;
done_testing;
commit a639291966e260f3f8c53de8416168f6391b2973
Author: Felix Brilej <mond.beton at googlemail.com>
Date: Mon Jun 12 14:52:23 2017 +0200
Improve user interaction for too-large attachments
The Dropzone Function expects MiB, not bytes, therefore the previous
"10000" would result in an upload limit of 10GB. Setting the limit to
what's in $MaxAttachmentSize actually gives the user a feedback that
their attachment size is too big.
diff --git a/share/html/Ticket/Elements/AddAttachments b/share/html/Ticket/Elements/AddAttachments
index 1f968aabf..992eaa08b 100644
--- a/share/html/Ticket/Elements/AddAttachments
+++ b/share/html/Ticket/Elements/AddAttachments
@@ -72,7 +72,6 @@ jQuery( function() {
paramName: "Attach",
dictDefaultMessage: <% loc("Drop files here or click to attach") |n,j %>,
maxFilesize: MaxAttachmentSizeMiB,
- parallelUploads: 1,
previewTemplate: '' +
'<div class="dz-preview dz-file-preview">' +
' <div class="dz-remove-mark pointer-events" data-dz-remove>' +
commit fd06ae88b741befb12852e033f17a86534ba63c0
Author: Jim Brandt <jbrandt at bestpractical.com>
Date: Fri Jul 28 13:39:21 2017 -0400
Add an option to treat attached email messages as normal file attachments
Fixes: I#32833
diff --git a/lib/RT/Util.pm b/lib/RT/Util.pm
index 06bf8c359..2be9afd05 100644
--- a/lib/RT/Util.pm
+++ b/lib/RT/Util.pm
@@ -56,8 +56,6 @@ our @EXPORT = qw/safe_run_child mime_recommended_filename EntityLooksLikeEmailMe
use Encode qw/encode/;
-use Encode qw/encode/;
-
sub safe_run_child (&) {
my $our_pid = $$;
@@ -205,6 +203,30 @@ sub constant_time_eq {
return 0 + not $result;
}
+=head2 EntityLooksLikeEmailMessage( MIME::Entity )
+
+Check MIME type headers for entities that look like email.
+
+=cut
+
+sub EntityLooksLikeEmailMessage {
+ my $entity = shift;
+
+ return unless $entity;
+
+ # Use mime_type instead of effective_type to get the same headers
+ # MIME::Parser used.
+ my $mime_type = $entity->mime_type();
+
+ # This is the same list of MIME types MIME::Parser uses. The partial and
+ # external-body types are unlikely to produce usable attachments, but they
+ # are still recognized as email for the purposes of this function.
+
+ my @email_types = ('message/rfc822', 'message/partial', 'message/external-body');
+
+ return 1 if grep { $mime_type eq $_ } @email_types;
+ return 0;
+}
RT::Base->_ImportOverlays();
commit b8a708b732e1316e54931e41f496feed24baa798
Author: Maureen E. Mirville <maureen at bestpractical.com>
Date: Wed Aug 30 10:09:27 2017 -0400
Improve message for adding/deleting a new custom field value
When user is creating a custom field and adding values as options,
or deleting existing values, previous message after adding a value,
"Object created", and after deleting a value, "Object deleted", was
unclear. Message updated to make it clear user added or deleted a
specific custom field value.
Fixes: I#32695
diff --git a/share/html/Admin/CustomFields/Modify.html b/share/html/Admin/CustomFields/Modify.html
index 80cb05d08..2b9a28cfd 100644
--- a/share/html/Admin/CustomFields/Modify.html
+++ b/share/html/Admin/CustomFields/Modify.html
@@ -341,6 +341,8 @@ if ( $ARGS{'Update'} && $id ne 'new' ) {
foreach my $key ( keys %ARGS ) {
next unless $key =~ /^Delete-$paramtag-(\d+)$/;
my ($val, $msg) = $CustomFieldObj->DeleteValue( $1 );
+ my $cf_delete = $ARGS{ $paramtag . "-$1-Name" };
+ $msg = loc("Custom field value [_1] deleted", $cf_delete) if $val;
push (@results, $msg);
}
@@ -369,6 +371,8 @@ if ( $ARGS{'Update'} && $id ne 'new' ) {
$ARGS{$paramtag."-new-$_"} =~ s/\s+$//;
$_ => $ARGS{ $paramtag ."-new-$_" } } grep { defined $ARGS{ $paramtag ."-new-$_" } } qw/ Name Description SortOrder Category/
);
+ my $cf_add = $ARGS{ $paramtag.'-new-Name' };
+ $msg = loc("Custom field value [_1] added", $cf_add) if $id;
push (@results, $msg);
$added_cfv = 1 if $id;
commit b1cfaabdb27e9e46da45339bc7ec897d10ae573c
Author: Maureen E. Mirville <maureen at bestpractical.com>
Date: Thu Mar 15 13:56:27 2018 -0400
Update tests for adding/deleting a new custom field value
diff --git a/t/web/cf_select_one.t b/t/web/cf_select_one.t
index 7fa13a22b..60d0e2a23 100644
--- a/t/web/cf_select_one.t
+++ b/t/web/cf_select_one.t
@@ -28,7 +28,7 @@ diag "Create a CF";
diag "add 'qwe', 'ASD', '0' and ' foo ' as values to the CF";
{
- foreach my $value(qw(qwe ASD 0), 'foo ') {
+ foreach my $value(qw(qwe ASD 0), 'foo') {
$m->submit_form(
form_name => "ModifyCustomField",
fields => {
@@ -36,7 +36,7 @@ diag "add 'qwe', 'ASD', '0' and ' foo ' as values to the CF";
},
button => 'Update',
);
- $m->content_contains('Object created', 'added a value to the CF' ); # or diag $m->content;
+ $m->content_contains("Custom field value $value added", 'added a value to the CF' ); # or diag $m->content;
my $v = $value;
$v =~ s/^\s+$//;
$v =~ s/\s+$//;
-----------------------------------------------------------------------
More information about the rt-commit
mailing list