[Rt-commit] rt branch, 4.4/improve-create-custom-field-message, created. rt-4.4.2-244-g8c25286be
Maureen Mirville
maureen at bestpractical.com
Thu Jun 7 11:09:29 EDT 2018
The branch, 4.4/improve-create-custom-field-message has been created
at 8c25286be5a90b0a65a0bfba28d7b981d0b0e831 (commit)
- Log -----------------------------------------------------------------
commit ddab0d34d6ba66f7b054e3fc789915e10e780326
Author: Maureen E. Mirville <maureen at bestpractical.com>
Date: Mon Mar 5 09:41:22 2018 -0500
Update incorrect links in docs pod files
diff --git a/docs/dashboards_reporting.pod b/docs/dashboards_reporting.pod
index 14870caf1..f598870f7 100644
--- a/docs/dashboards_reporting.pod
+++ b/docs/dashboards_reporting.pod
@@ -1,7 +1,7 @@
=pod
For background on how to build searches in RT, please refer to the
-L<Query Builder Documentation|docs/query_builder.pod>.
+F<docs/query_builder.pod>.
=head1 Introduction
@@ -22,7 +22,7 @@ in the queue appropriately called "RT".
First we need to build these searches, which draw upon the definitions and
explanations listed in the
-L<Definitions of Ticket Metadata Documentation|docs/ticket_metadata.pod>.
+F<docs/ticket_metadata.pod>.
Thankfully, we already know that we're focusing on only one queue: RT. I can
find the dates for each of the minor releases on the RT page at our website:
L<https://bestpractical.com/rt/>. If you go to the bottom left and click on
diff --git a/docs/query_builder.pod b/docs/query_builder.pod
index da08d93be..c04df1420 100644
--- a/docs/query_builder.pod
+++ b/docs/query_builder.pod
@@ -6,7 +6,7 @@ specify in order to perform a search. Strategies for narrowing your searches
to find exactly what you're looking for (and no more) are discussed below.
The Query Builder is the heart of reporting in RT, which is covered in the
-L<Dashboard and Reports|docs/dashboards_reporting.pod> document.
+L<Dashboards Reporting|dashboards_reporting> document.
To follow along with the examples, go to
L<issues.bestpractical.com|http://issues.bestpractical.com> and try the
diff --git a/docs/subscriptions_feeds.pod b/docs/subscriptions_feeds.pod
index 61023a74e..c1da75ecb 100644
--- a/docs/subscriptions_feeds.pod
+++ b/docs/subscriptions_feeds.pod
@@ -1,7 +1,7 @@
=pod
For directions on how to build a dashboard from saved searches, please see
-L<Dashboards and Reporting|docs/dashboards_reporting.pod> documentation.
+L<Dashboards Reporting|dashboards_reporting> documentation.
=head1 Subscriptions
commit 0f42f95cfa3f72d38b830bee05ef6d26b0915a55
Author: Aaron Kondziela <aaron at bestpractical.com>
Date: Tue Jan 24 18:20:28 2017 -0500
Fix timing sidechannel vulnerability in password checking
"eq" operators for comparing against passwords are replaced by a new
RT::Util::constant_time_eq to resolve a timing sidechannel vulnerability.
This addresses CVE-2017-5361.
Fixes: T#161960
diff --git a/lib/RT/User.pm b/lib/RT/User.pm
index ca47377cf..91d5d234c 100644
--- a/lib/RT/User.pm
+++ b/lib/RT/User.pm
@@ -1122,7 +1122,7 @@ sub IsPassword {
my $salt = substr($hash, 0, 4, "");
return 0 unless RT::Util::constant_time_eq(
substr(Digest::SHA::sha256($salt . Digest::MD5::md5(Encode::encode( "UTF-8", $value))), 0, 26),
- $hash, 1
+ $hash
);
} elsif (length $stored == 32) {
# Hex nonsalted-md5
diff --git a/lib/RT/Util.pm b/lib/RT/Util.pm
index 334c8c73e..8c29d537c 100644
--- a/lib/RT/Util.pm
+++ b/lib/RT/Util.pm
@@ -56,6 +56,8 @@ our @EXPORT = qw/safe_run_child mime_recommended_filename EntityLooksLikeEmailMe
use Encode qw/encode/;
+use Encode qw/encode/;
+
sub safe_run_child (&) {
my $our_pid = $$;
@@ -166,9 +168,6 @@ The two string arguments B<MUST> be of equal length. If the lengths differ,
this function will call C<die()>, as proceeding with execution would create
a timing vulnerability. Length is defined by characters, not bytes.
-Strings that should be treated as binary octets rather than Unicode text
-should pass a true value for the binary flag.
-
This code has been tested to do what it claims. Do not change it without
thorough statistical timing analysis to validate the changes.
@@ -180,7 +179,7 @@ B<https://en.wikipedia.org/wiki/Timing_attack>
=cut
sub constant_time_eq {
- my ($a, $b, $binary) = @_;
+ my ($a, $b) = @_;
my $result = 0;
@@ -194,18 +193,9 @@ sub constant_time_eq {
my $a_char = substr($a, $i, 1);
my $b_char = substr($b, $i, 1);
- my (@a_octets, @b_octets);
-
- if ($binary) {
- @a_octets = ord($a_char);
- @b_octets = ord($b_char);
- }
- else {
- # encode() is set to die on malformed
- @a_octets = unpack("C*", encode('UTF-8', $a_char, Encode::FB_CROAK));
- @b_octets = unpack("C*", encode('UTF-8', $b_char, Encode::FB_CROAK));
- }
-
+ # encode() is set to die on malformed
+ my @a_octets = unpack("C*", encode('UTF-8', $a_char, Encode::FB_CROAK));
+ my @b_octets = unpack("C*", encode('UTF-8', $b_char, Encode::FB_CROAK));
die $generic_error if (scalar @a_octets) != (scalar @b_octets);
for (my $j = 0; $j < scalar @a_octets; $j++) {
@@ -215,30 +205,6 @@ sub constant_time_eq {
return 0 + not $result;
}
-=head2 EntityLooksLikeEmailMessage( MIME::Entity )
-
-Check MIME type headers for entities that look like email.
-
-=cut
-
-sub EntityLooksLikeEmailMessage {
- my $entity = shift;
-
- return unless $entity;
-
- # Use mime_type instead of effective_type to get the same headers
- # MIME::Parser used.
- my $mime_type = $entity->mime_type();
-
- # This is the same list of MIME types MIME::Parser uses. The partial and
- # external-body types are unlikely to produce usable attachments, but they
- # are still recognized as email for the purposes of this function.
-
- my @email_types = ('message/rfc822', 'message/partial', 'message/external-body');
-
- return 1 if grep { $mime_type eq $_ } @email_types;
- return 0;
-}
RT::Base->_ImportOverlays();
commit cdff44832c7419a8dfab95807a0ce473b2ed3826
Author: Jim Brandt <jbrandt at bestpractical.com>
Date: Tue Jun 27 08:37:17 2017 -0400
Add tests to show incorrect unset cf setting
diff --git a/t/web/ticket_display_unset_fields.t b/t/web/ticket_display_unset_fields.t
index b047edc84..89044e2e5 100644
--- a/t/web/ticket_display_unset_fields.t
+++ b/t/web/ticket_display_unset_fields.t
@@ -117,4 +117,5 @@ diag "Test unset custom fields";
isnt $dom->find(qq{tr.customfield.unset-field})->size, 1, "no unset custom fields";
}
+undef $m;
done_testing;
commit e428df218bed94d1da99774124091205189f3260
Author: Jim Brandt <jbrandt at bestpractical.com>
Date: Fri Jul 28 13:39:21 2017 -0400
Add an option to treat attached email messages as normal file attachments
Fixes: I#32833
diff --git a/lib/RT/Util.pm b/lib/RT/Util.pm
index 8c29d537c..86283ac5d 100644
--- a/lib/RT/Util.pm
+++ b/lib/RT/Util.pm
@@ -56,8 +56,6 @@ our @EXPORT = qw/safe_run_child mime_recommended_filename EntityLooksLikeEmailMe
use Encode qw/encode/;
-use Encode qw/encode/;
-
sub safe_run_child (&) {
my $our_pid = $$;
@@ -205,6 +203,30 @@ sub constant_time_eq {
return 0 + not $result;
}
+=head2 EntityLooksLikeEmailMessage( MIME::Entity )
+
+Check MIME type headers for entities that look like email.
+
+=cut
+
+sub EntityLooksLikeEmailMessage {
+ my $entity = shift;
+
+ return unless $entity;
+
+ # Use mime_type instead of effective_type to get the same headers
+ # MIME::Parser used.
+ my $mime_type = $entity->mime_type();
+
+ # This is the same list of MIME types MIME::Parser uses. The partial and
+ # external-body types are unlikely to produce usable attachments, but they
+ # are still recognized as email for the purposes of this function.
+
+ my @email_types = ('message/rfc822', 'message/partial', 'message/external-body');
+
+ return 1 if grep { $mime_type eq $_ } @email_types;
+ return 0;
+}
RT::Base->_ImportOverlays();
commit 3ff98d076d9661c47a22ed229af8ee404c0944f5
Author: Maureen E. Mirville <maureen at bestpractical.com>
Date: Wed Aug 30 10:09:27 2017 -0400
Improve message for adding/deleting a new custom field value
When user is creating a custom field and adding values as options,
or deleting existing values, previous message after adding a value,
"Object created", and after deleting a value, "Object deleted", was
unclear. Message updated to make it clear user added or deleted a
specific custom field value.
Fixes: I#32695
diff --git a/share/html/Admin/CustomFields/Modify.html b/share/html/Admin/CustomFields/Modify.html
index fc3d93987..34f9fb0f3 100644
--- a/share/html/Admin/CustomFields/Modify.html
+++ b/share/html/Admin/CustomFields/Modify.html
@@ -341,6 +341,8 @@ if ( $ARGS{'Update'} && $id ne 'new' ) {
foreach my $key ( keys %ARGS ) {
next unless $key =~ /^Delete-$paramtag-(\d+)$/;
my ($val, $msg) = $CustomFieldObj->DeleteValue( $1 );
+ my $cf_delete = $ARGS{ $paramtag . "-$1-Name" };
+ $msg = loc("Custom field value [_1] deleted", $cf_delete) if $val;
push (@results, $msg);
}
@@ -369,6 +371,8 @@ if ( $ARGS{'Update'} && $id ne 'new' ) {
$ARGS{$paramtag."-new-$_"} =~ s/\s+$//;
$_ => $ARGS{ $paramtag ."-new-$_" } } grep { defined $ARGS{ $paramtag ."-new-$_" } } qw/ Name Description SortOrder Category/
);
+ my $cf_add = $ARGS{ $paramtag.'-new-Name' };
+ $msg = loc("Custom field value [_1] added", $cf_add) if $id;
push (@results, $msg);
$added_cfv = 1 if $id;
commit 8c25286be5a90b0a65a0bfba28d7b981d0b0e831
Author: Maureen E. Mirville <maureen at bestpractical.com>
Date: Thu Mar 15 13:56:27 2018 -0400
Update tests for adding/deleting a new custom field value
diff --git a/t/web/cf_select_one.t b/t/web/cf_select_one.t
index 7fa13a22b..60d0e2a23 100644
--- a/t/web/cf_select_one.t
+++ b/t/web/cf_select_one.t
@@ -28,7 +28,7 @@ diag "Create a CF";
diag "add 'qwe', 'ASD', '0' and ' foo ' as values to the CF";
{
- foreach my $value(qw(qwe ASD 0), 'foo ') {
+ foreach my $value(qw(qwe ASD 0), 'foo') {
$m->submit_form(
form_name => "ModifyCustomField",
fields => {
@@ -36,7 +36,7 @@ diag "add 'qwe', 'ASD', '0' and ' foo ' as values to the CF";
},
button => 'Update',
);
- $m->content_contains('Object created', 'added a value to the CF' ); # or diag $m->content;
+ $m->content_contains("Custom field value $value added", 'added a value to the CF' ); # or diag $m->content;
my $v = $value;
$v =~ s/^\s+$//;
$v =~ s/\s+$//;
-----------------------------------------------------------------------
More information about the rt-commit
mailing list