[Rt-commit] rt branch, 4.6/add-whitelist-args-display, created. rt-4.4.3-200-g78d0d1c84

Craig Kaiser craig at bestpractical.com
Fri Mar 1 14:23:03 EST 2019


The branch, 4.6/add-whitelist-args-display has been created
        at  78d0d1c841dddcfb609fd60cdaf74c11ddfb3fb3 (commit)

- Log -----------------------------------------------------------------
commit 78d0d1c841dddcfb609fd60cdaf74c11ddfb3fb3
Author: Craig Kaiser <craig at bestpractical.com>
Date:   Fri Mar 1 14:05:37 2019 -0500

    Add whitelist for ForceShowHistory and ShowHeaders

diff --git a/lib/RT/Interface/Web.pm b/lib/RT/Interface/Web.pm
index e4b65ba2b..03426e92e 100644
--- a/lib/RT/Interface/Web.pm
+++ b/lib/RT/Interface/Web.pm
@@ -1395,6 +1395,7 @@ our %IS_WHITELISTED_COMPONENT = (
     # out what to show, but it's read only and will deny information if you
     # don't have ShowOutgoingEmail.
     '/Ticket/ShowEmailRecord.html' => 1,
+    '/Helpers/TicketHistory'       => 1
 );
 
 # Whitelist arguments that do not indicate an effectful request.
@@ -1428,6 +1429,8 @@ our %WHITELISTED_COMPONENT_ARGS = (
     '/Articles/Article/ExtractIntoClass.html' => ['Ticket'],
     # Only affects display
     '/Ticket/Display.html' => ['HideUnsetFields'],
+
+    '/Ticket/Display.html' => ['ForceShowHistory', 'ShowHeaders'],
 );
 
 # Components which are blacklisted from automatic, argument-based whitelisting.

-----------------------------------------------------------------------


More information about the rt-commit mailing list