[Bps-public-commit] r9217 - in RT-Extension-iCal: . html/Callbacks/iCal/Search/Results.html
alexmv at bestpractical.com
alexmv at bestpractical.com
Wed Oct 3 19:12:05 EDT 2007
Author: alexmv
Date: Wed Oct 3 19:12:04 2007
New Revision: 9217
Modified:
RT-Extension-iCal/ (props changed)
RT-Extension-iCal/html/Callbacks/iCal/Search/Results.html/SearchActions
RT-Extension-iCal/html/NoAuth/ical/dhandler
Log:
r23369 at zoq-fot-pik: chmrr | 2007-10-03 19:10:41 -0400
* Hash based on the query
Modified: RT-Extension-iCal/html/Callbacks/iCal/Search/Results.html/SearchActions
==============================================================================
--- RT-Extension-iCal/html/Callbacks/iCal/Search/Results.html/SearchActions (original)
+++ RT-Extension-iCal/html/Callbacks/iCal/Search/Results.html/SearchActions Wed Oct 3 19:12:04 2007
@@ -3,6 +3,6 @@
use RT::Extension::iCal;
my $user = $session{'CurrentUser'}->UserObj->Name;
-my $secret = RT::Extension::iCal->auth_token();
my $query = $m->top_args->{Query};
+my $secret = substr(Digest::MD5::md5_hex(RT::Extension::iCal->auth_token().$query),0,16);
</%init>
\ No newline at end of file
Modified: RT-Extension-iCal/html/NoAuth/ical/dhandler
==============================================================================
--- RT-Extension-iCal/html/NoAuth/ical/dhandler (original)
+++ RT-Extension-iCal/html/NoAuth/ical/dhandler Wed Oct 3 19:12:04 2007
@@ -18,12 +18,12 @@
$user->Load($name);
$notfound->() unless $user->id;
-my $secret = RT::Extension::iCal->auth_token($user);
-$notfound->() unless $auth eq $secret;
-
# Unescape the URI
$search =~ s/\%([0-9a-z]{2})/chr(hex($1))/gei;
+my $secret = RT::Extension::iCal->auth_token($user);
+$notfound->() unless $auth eq substr(Digest::MD5::md5_hex($secret.$search),0,16);
+
my $cu = RT::CurrentUser->new;
$cu->Load($user);
my $tickets = RT::Tickets->new( $cu );
More information about the Bps-public-commit
mailing list