[Rt-commit] rt branch, 4.4/improve-create-custom-field-message, created. rt-4.4.2-246-gbff1bf569
Maureen Mirville
maureen at bestpractical.com
Wed Jun 20 14:14:03 EDT 2018
The branch, 4.4/improve-create-custom-field-message has been created
at bff1bf569265947dfa1c3bc2ba0492d152bdf81f (commit)
- Log -----------------------------------------------------------------
commit 06e501d6e08c34f0e5177d5ff7e6e7356e26b9b3
Author: Maureen E. Mirville <maureen at bestpractical.com>
Date: Mon Mar 5 09:41:22 2018 -0500
Update incorrect links in docs pod files
diff --git a/docs/dashboards_reporting.pod b/docs/dashboards_reporting.pod
index 14870caf1..f598870f7 100644
--- a/docs/dashboards_reporting.pod
+++ b/docs/dashboards_reporting.pod
@@ -1,7 +1,7 @@
=pod
For background on how to build searches in RT, please refer to the
-L<Query Builder Documentation|docs/query_builder.pod>.
+F<docs/query_builder.pod>.
=head1 Introduction
@@ -22,7 +22,7 @@ in the queue appropriately called "RT".
First we need to build these searches, which draw upon the definitions and
explanations listed in the
-L<Definitions of Ticket Metadata Documentation|docs/ticket_metadata.pod>.
+F<docs/ticket_metadata.pod>.
Thankfully, we already know that we're focusing on only one queue: RT. I can
find the dates for each of the minor releases on the RT page at our website:
L<https://bestpractical.com/rt/>. If you go to the bottom left and click on
diff --git a/docs/query_builder.pod b/docs/query_builder.pod
index da08d93be..c04df1420 100644
--- a/docs/query_builder.pod
+++ b/docs/query_builder.pod
@@ -6,7 +6,7 @@ specify in order to perform a search. Strategies for narrowing your searches
to find exactly what you're looking for (and no more) are discussed below.
The Query Builder is the heart of reporting in RT, which is covered in the
-L<Dashboard and Reports|docs/dashboards_reporting.pod> document.
+L<Dashboards Reporting|dashboards_reporting> document.
To follow along with the examples, go to
L<issues.bestpractical.com|http://issues.bestpractical.com> and try the
diff --git a/docs/subscriptions_feeds.pod b/docs/subscriptions_feeds.pod
index 61023a74e..c1da75ecb 100644
--- a/docs/subscriptions_feeds.pod
+++ b/docs/subscriptions_feeds.pod
@@ -1,7 +1,7 @@
=pod
For directions on how to build a dashboard from saved searches, please see
-L<Dashboards and Reporting|docs/dashboards_reporting.pod> documentation.
+L<Dashboards Reporting|dashboards_reporting> documentation.
=head1 Subscriptions
commit 957692622169dfc831efcd9c717d5ef4ad6823d1
Author: Aaron Kondziela <aaron at bestpractical.com>
Date: Tue Jan 24 18:20:28 2017 -0500
Fix timing sidechannel vulnerability in password checking
"eq" operators for comparing against passwords are replaced by a new
RT::Util::constant_time_eq to resolve a timing sidechannel vulnerability.
This addresses CVE-2017-5361.
Fixes: T#161960
diff --git a/lib/RT/User.pm b/lib/RT/User.pm
index ca47377cf..91d5d234c 100644
--- a/lib/RT/User.pm
+++ b/lib/RT/User.pm
@@ -1122,7 +1122,7 @@ sub IsPassword {
my $salt = substr($hash, 0, 4, "");
return 0 unless RT::Util::constant_time_eq(
substr(Digest::SHA::sha256($salt . Digest::MD5::md5(Encode::encode( "UTF-8", $value))), 0, 26),
- $hash, 1
+ $hash
);
} elsif (length $stored == 32) {
# Hex nonsalted-md5
diff --git a/lib/RT/Util.pm b/lib/RT/Util.pm
index 334c8c73e..8c29d537c 100644
--- a/lib/RT/Util.pm
+++ b/lib/RT/Util.pm
@@ -56,6 +56,8 @@ our @EXPORT = qw/safe_run_child mime_recommended_filename EntityLooksLikeEmailMe
use Encode qw/encode/;
+use Encode qw/encode/;
+
sub safe_run_child (&) {
my $our_pid = $$;
@@ -166,9 +168,6 @@ The two string arguments B<MUST> be of equal length. If the lengths differ,
this function will call C<die()>, as proceeding with execution would create
a timing vulnerability. Length is defined by characters, not bytes.
-Strings that should be treated as binary octets rather than Unicode text
-should pass a true value for the binary flag.
-
This code has been tested to do what it claims. Do not change it without
thorough statistical timing analysis to validate the changes.
@@ -180,7 +179,7 @@ B<https://en.wikipedia.org/wiki/Timing_attack>
=cut
sub constant_time_eq {
- my ($a, $b, $binary) = @_;
+ my ($a, $b) = @_;
my $result = 0;
@@ -194,18 +193,9 @@ sub constant_time_eq {
my $a_char = substr($a, $i, 1);
my $b_char = substr($b, $i, 1);
- my (@a_octets, @b_octets);
-
- if ($binary) {
- @a_octets = ord($a_char);
- @b_octets = ord($b_char);
- }
- else {
- # encode() is set to die on malformed
- @a_octets = unpack("C*", encode('UTF-8', $a_char, Encode::FB_CROAK));
- @b_octets = unpack("C*", encode('UTF-8', $b_char, Encode::FB_CROAK));
- }
-
+ # encode() is set to die on malformed
+ my @a_octets = unpack("C*", encode('UTF-8', $a_char, Encode::FB_CROAK));
+ my @b_octets = unpack("C*", encode('UTF-8', $b_char, Encode::FB_CROAK));
die $generic_error if (scalar @a_octets) != (scalar @b_octets);
for (my $j = 0; $j < scalar @a_octets; $j++) {
@@ -215,30 +205,6 @@ sub constant_time_eq {
return 0 + not $result;
}
-=head2 EntityLooksLikeEmailMessage( MIME::Entity )
-
-Check MIME type headers for entities that look like email.
-
-=cut
-
-sub EntityLooksLikeEmailMessage {
- my $entity = shift;
-
- return unless $entity;
-
- # Use mime_type instead of effective_type to get the same headers
- # MIME::Parser used.
- my $mime_type = $entity->mime_type();
-
- # This is the same list of MIME types MIME::Parser uses. The partial and
- # external-body types are unlikely to produce usable attachments, but they
- # are still recognized as email for the purposes of this function.
-
- my @email_types = ('message/rfc822', 'message/partial', 'message/external-body');
-
- return 1 if grep { $mime_type eq $_ } @email_types;
- return 0;
-}
RT::Base->_ImportOverlays();
commit 35d1497cf60b95f3c60fbd0e35fa11ecff60ec05
Author: Jim Brandt <jbrandt at bestpractical.com>
Date: Tue Jun 27 08:37:17 2017 -0400
Add tests to show incorrect unset cf setting
diff --git a/t/web/ticket_display_unset_fields.t b/t/web/ticket_display_unset_fields.t
index b047edc84..89044e2e5 100644
--- a/t/web/ticket_display_unset_fields.t
+++ b/t/web/ticket_display_unset_fields.t
@@ -117,4 +117,5 @@ diag "Test unset custom fields";
isnt $dom->find(qq{tr.customfield.unset-field})->size, 1, "no unset custom fields";
}
+undef $m;
done_testing;
commit 2b90a3b48e5cb6e04f6ee6bdc632aca432be1626
Author: Jim Brandt <jbrandt at bestpractical.com>
Date: Fri Jul 28 13:39:21 2017 -0400
Add an option to treat attached email messages as normal file attachments
Fixes: I#32833
diff --git a/lib/RT/Util.pm b/lib/RT/Util.pm
index 8c29d537c..86283ac5d 100644
--- a/lib/RT/Util.pm
+++ b/lib/RT/Util.pm
@@ -56,8 +56,6 @@ our @EXPORT = qw/safe_run_child mime_recommended_filename EntityLooksLikeEmailMe
use Encode qw/encode/;
-use Encode qw/encode/;
-
sub safe_run_child (&) {
my $our_pid = $$;
@@ -205,6 +203,30 @@ sub constant_time_eq {
return 0 + not $result;
}
+=head2 EntityLooksLikeEmailMessage( MIME::Entity )
+
+Check MIME type headers for entities that look like email.
+
+=cut
+
+sub EntityLooksLikeEmailMessage {
+ my $entity = shift;
+
+ return unless $entity;
+
+ # Use mime_type instead of effective_type to get the same headers
+ # MIME::Parser used.
+ my $mime_type = $entity->mime_type();
+
+ # This is the same list of MIME types MIME::Parser uses. The partial and
+ # external-body types are unlikely to produce usable attachments, but they
+ # are still recognized as email for the purposes of this function.
+
+ my @email_types = ('message/rfc822', 'message/partial', 'message/external-body');
+
+ return 1 if grep { $mime_type eq $_ } @email_types;
+ return 0;
+}
RT::Base->_ImportOverlays();
commit a4c5305cf200fff49a0a55cfdda12da887c10572
Author: Maureen E. Mirville <maureen at bestpractical.com>
Date: Wed Aug 30 10:09:27 2017 -0400
Improve message for adding/deleting a new custom field value
When user is creating a custom field and adding values as options,
or deleting existing values, previous message after adding a value,
"Object created", and after deleting a value, "Object deleted", was
unclear. Message updated to make it clear user added or deleted a
specific custom field value.
Fixes: I#32695
diff --git a/share/html/Admin/CustomFields/Modify.html b/share/html/Admin/CustomFields/Modify.html
index fc3d93987..34f9fb0f3 100644
--- a/share/html/Admin/CustomFields/Modify.html
+++ b/share/html/Admin/CustomFields/Modify.html
@@ -341,6 +341,8 @@ if ( $ARGS{'Update'} && $id ne 'new' ) {
foreach my $key ( keys %ARGS ) {
next unless $key =~ /^Delete-$paramtag-(\d+)$/;
my ($val, $msg) = $CustomFieldObj->DeleteValue( $1 );
+ my $cf_delete = $ARGS{ $paramtag . "-$1-Name" };
+ $msg = loc("Custom field value [_1] deleted", $cf_delete) if $val;
push (@results, $msg);
}
@@ -369,6 +371,8 @@ if ( $ARGS{'Update'} && $id ne 'new' ) {
$ARGS{$paramtag."-new-$_"} =~ s/\s+$//;
$_ => $ARGS{ $paramtag ."-new-$_" } } grep { defined $ARGS{ $paramtag ."-new-$_" } } qw/ Name Description SortOrder Category/
);
+ my $cf_add = $ARGS{ $paramtag.'-new-Name' };
+ $msg = loc("Custom field value [_1] added", $cf_add) if $id;
push (@results, $msg);
$added_cfv = 1 if $id;
commit bff1bf569265947dfa1c3bc2ba0492d152bdf81f
Author: Maureen E. Mirville <maureen at bestpractical.com>
Date: Thu Mar 15 13:56:27 2018 -0400
Update tests for adding/deleting a new custom field value
diff --git a/t/web/cf_select_one.t b/t/web/cf_select_one.t
index 7fa13a22b..60d0e2a23 100644
--- a/t/web/cf_select_one.t
+++ b/t/web/cf_select_one.t
@@ -28,7 +28,7 @@ diag "Create a CF";
diag "add 'qwe', 'ASD', '0' and ' foo ' as values to the CF";
{
- foreach my $value(qw(qwe ASD 0), 'foo ') {
+ foreach my $value(qw(qwe ASD 0), 'foo') {
$m->submit_form(
form_name => "ModifyCustomField",
fields => {
@@ -36,7 +36,7 @@ diag "add 'qwe', 'ASD', '0' and ' foo ' as values to the CF";
},
button => 'Update',
);
- $m->content_contains('Object created', 'added a value to the CF' ); # or diag $m->content;
+ $m->content_contains("Custom field value $value added", 'added a value to the CF' ); # or diag $m->content;
my $v = $value;
$v =~ s/^\s+$//;
$v =~ s/\s+$//;
-----------------------------------------------------------------------
More information about the rt-commit
mailing list