[Bps-public-commit] RT-BugTracker-Public branch, master, updated. 53291c95e65c0ef443802bf95dac0d3e55a0f2a7
Thomas Sibley
trs at bestpractical.com
Wed Aug 11 16:49:04 EDT 2010
The branch, master has been updated
via 53291c95e65c0ef443802bf95dac0d3e55a0f2a7 (commit)
from 70395a9f59ab4d1d85a0497694fdd38faa11699d (commit)
Summary of changes:
.../Ticket/Elements/ShowMessageHeaders/Default | 10 +
html/Public/Bug/Elements/ShowHistory | 171 ----------------
html/Public/Bug/Elements/ShowTransaction | 199 ------------------
.../Public/Bug/Elements/ShowTransactionAttachments | 212 --------------------
4 files changed, 10 insertions(+), 582 deletions(-)
create mode 100644 html/Callbacks/BugTracker-Public/Ticket/Elements/ShowMessageHeaders/Default
delete mode 100755 html/Public/Bug/Elements/ShowHistory
delete mode 100755 html/Public/Bug/Elements/ShowTransaction
delete mode 100644 html/Public/Bug/Elements/ShowTransactionAttachments
- Log -----------------------------------------------------------------
commit 53291c95e65c0ef443802bf95dac0d3e55a0f2a7
Author: Thomas Sibley <trs at bestpractical.com>
Date: Wed Aug 11 16:50:25 2010 -0400
Protect email addresses with a cleaner callback in ShowMessageHeaders
Now we don't have to maintain up to date versions of ShowHistory,
ShowTransaction, or ShowTransactionAttachments.
diff --git a/html/Callbacks/BugTracker-Public/Ticket/Elements/ShowMessageHeaders/Default b/html/Callbacks/BugTracker-Public/Ticket/Elements/ShowMessageHeaders/Default
new file mode 100644
index 0000000..96f5e9a
--- /dev/null
+++ b/html/Callbacks/BugTracker-Public/Ticket/Elements/ShowMessageHeaders/Default
@@ -0,0 +1,10 @@
+<%args>
+$headers
+</%args>
+<%init>
+# Protect email addresses
+for my $h (@$headers) {
+ next unless $h->{'Tag'} =~ /^(?:From|To|Cc|Bcc|Reply-To)$/i;
+ $h->{'Value'} =~ s/@/ [...] /g;
+}
+</%init>
diff --git a/html/Public/Bug/Elements/ShowHistory b/html/Public/Bug/Elements/ShowHistory
deleted file mode 100755
index 06ad3d0..0000000
--- a/html/Public/Bug/Elements/ShowHistory
+++ /dev/null
@@ -1,171 +0,0 @@
-%# BEGIN BPS TAGGED BLOCK {{{
-%#
-%# COPYRIGHT:
-%#
-%# This software is Copyright (c) 1996-2010 Best Practical Solutions, LLC
-%# <jesse at bestpractical.com>
-%#
-%# (Except where explicitly superseded by other copyright notices)
-%#
-%#
-%# LICENSE:
-%#
-%# This work is made available to you under the terms of Version 2 of
-%# the GNU General Public License. A copy of that license should have
-%# been provided with this software, but in any event can be snarfed
-%# from www.gnu.org.
-%#
-%# This work is distributed in the hope that it will be useful, but
-%# WITHOUT ANY WARRANTY; without even the implied warranty of
-%# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-%# General Public License for more details.
-%#
-%# You should have received a copy of the GNU General Public License
-%# along with this program; if not, write to the Free Software
-%# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
-%# 02110-1301 or visit their web page on the internet at
-%# http://www.gnu.org/licenses/old-licenses/gpl-2.0.html.
-%#
-%#
-%# CONTRIBUTION SUBMISSION POLICY:
-%#
-%# (The following paragraph is not intended to limit the rights granted
-%# to you to modify and distribute this software under the terms of
-%# the GNU General Public License and is only of importance to you if
-%# you choose to contribute your changes and enhancements to the
-%# community by submitting them to Best Practical Solutions, LLC.)
-%#
-%# By intentionally submitting any modifications, corrections or
-%# derivatives to this work, or any other work intended for use with
-%# Request Tracker, to Best Practical Solutions, LLC, you confirm that
-%# you are the copyright holder for those contributions and you grant
-%# Best Practical Solutions, LLC a nonexclusive, worldwide, irrevocable,
-%# royalty-free, perpetual, license to use, copy, create derivative
-%# works based on those contributions, and sublicense and distribute
-%# those contributions and any derivatives thereof.
-%#
-%# END BPS TAGGED BLOCK }}}
-<%doc>
-# This is (ab)used in Admin/(Users|Groups)/History.html and should probably
-# be generalized at some point.
-</%doc>
-<%perl>
-if ($ShowDisplayModes or $ShowTitle) {
- my $title = $ShowTitle
- ? loc('History')
- : ' ';
-
- my $titleright;
-
- if ($ShowDisplayModes) {
- $titleright = '';
-
- if ($ShowHeaders) {
- $titleright .= qq{<a href="$URIFile?id=} .
- $Ticket->id.qq{">} .
- loc("Brief headers") .
- qq{</a> — };
- $titleright .= q[<span class="selected">] . loc("Full headers") . "</span>";
- }
- else {
- $titleright .= q[<span class="selected">] . loc("Brief headers") . "</span> — ";
- $titleright .= qq{<a href="$URIFile?ShowHeaders=1;id=} .
- $Ticket->id.qq{">} .
- loc("Full headers") .
- qq{</a>};
- }
- }
-</%perl>
-<div class="history">
-<& /Widgets/TitleBoxStart, title => $title, titleright_raw => $titleright &>
-% }
-
-<div id="ticket-history">
-<%perl>
-my @attachments = @{$Attachments->ItemsArrayRef()};
-my @attachment_content = @{$AttachmentContent->ItemsArrayRef()};
-
-while ( my $Transaction = $Transactions->Next ) {
- my $skip = 0;
- $m->callback(
- %ARGS,
- Transaction => $Transaction,
- skip => \$skip,
- CallbackName => 'SkipTransaction',
- );
- next if $skip;
-
- $i++;
-
- my @trans_attachments = grep { $_->TransactionId == $Transaction->Id } @attachments;
-
- my $trans_content = {};
- grep { ($_->TransactionId == $Transaction->Id ) && ($trans_content->{$_->Id} = $_) } @attachment_content;
-
-
- my $IsLastTransaction = 0;
- if ( $OldestFirst ) {
- $IsLastTransaction = $Transactions->IsLast;
- } else {
- $IsLastTransaction = 1 if ( $i == 1 );
- }
-
- #Args is first because we're clobbering the "Attachments" parameter
- $m->comp( 'ShowTransaction',
- %ARGS,
-
- Ticket => $Ticket,
- Transaction => $Transaction,
- ShowHeaders => $ShowHeaders,
- RowNum => $i,
- Attachments => \@trans_attachments,
- AttachmentContent => $trans_content,
- LastTransaction => $IsLastTransaction
- );
-
-# manually flush the content buffer after each txn, so the user sees
-# some update
-$m->flush_buffer();
-}
-
-</%perl>
-</div>
-% if ($ShowDisplayModes or $ShowTitle) {
-<& /Widgets/TitleBoxEnd &>
-</div>
-% }
-<%INIT>
-my $Transactions = new RT::Transactions($session{'CurrentUser'});
-if ($Tickets) {
- while (my $t = $Tickets->Next) {
- $Transactions->LimitToTicket($t->id);
- }
-} else {
- $Transactions = $Ticket->Transactions;
-}
-
-
-my $OldestFirst = RT->Config->Get( 'OldestTransactionsFirst', $session{'CurrentUser'} );
-my $SortOrder = $OldestFirst? 'ASC': 'DESC';
-$Transactions->OrderByCols( { FIELD => 'Created',
- ORDER => $SortOrder },
- { FIELD => 'id',
- ORDER => $SortOrder },
- );
-
-my $i;
-$Attachments ||= $m->comp('/Ticket/Elements/FindAttachments', Ticket => $Ticket, Tickets => $Tickets || undef);
-$AttachmentContent ||= $m->comp('/Ticket/Elements/LoadTextAttachments', Ticket => $Ticket);
-
-</%INIT>
-<%ARGS>
-$URIFile => RT->Config->Get('WebPath')."/Ticket/Display.html"
-$Ticket => undef
-$Tickets => undef
-$Attachments => undef
-$AttachmentContent => undef
-$ShowHeaders => undef
-$ShowTitle => 1
-$ShowDisplayModes => 1
-$WarnUnsigned => undef
-</%ARGS>
diff --git a/html/Public/Bug/Elements/ShowTransaction b/html/Public/Bug/Elements/ShowTransaction
deleted file mode 100755
index 3a270e9..0000000
--- a/html/Public/Bug/Elements/ShowTransaction
+++ /dev/null
@@ -1,199 +0,0 @@
-%# BEGIN BPS TAGGED BLOCK {{{
-%#
-%# COPYRIGHT:
-%#
-%# This software is Copyright (c) 1996-2007 Best Practical Solutions, LLC
-%# <jesse at bestpractical.com>
-%#
-%# (Except where explicitly superseded by other copyright notices)
-%#
-%#
-%# LICENSE:
-%#
-%# This work is made available to you under the terms of Version 2 of
-%# the GNU General Public License. A copy of that license should have
-%# been provided with this software, but in any event can be snarfed
-%# from www.gnu.org.
-%#
-%# This work is distributed in the hope that it will be useful, but
-%# WITHOUT ANY WARRANTY; without even the implied warranty of
-%# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-%# General Public License for more details.
-%#
-%# You should have received a copy of the GNU General Public License
-%# along with this program; if not, write to the Free Software
-%# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
-%# 02110-1301 or visit their web page on the internet at
-%# http://www.gnu.org/copyleft/gpl.html.
-%#
-%#
-%# CONTRIBUTION SUBMISSION POLICY:
-%#
-%# (The following paragraph is not intended to limit the rights granted
-%# to you to modify and distribute this software under the terms of
-%# the GNU General Public License and is only of importance to you if
-%# you choose to contribute your changes and enhancements to the
-%# community by submitting them to Best Practical Solutions, LLC.)
-%#
-%# By intentionally submitting any modifications, corrections or
-%# derivatives to this work, or any other work intended for use with
-%# Request Tracker, to Best Practical Solutions, LLC, you confirm that
-%# you are the copyright holder for those contributions and you grant
-%# Best Practical Solutions, LLC a nonexclusive, worldwide, irrevocable,
-%# royalty-free, perpetual, license to use, copy, create derivative
-%# works based on those contributions, and sublicense and distribute
-%# those contributions and any derivatives thereof.
-%#
-%# END BPS TAGGED BLOCK }}}
-<div class="ticket-transaction<% $type_class && " $type_class" %><% $RowNum % 2 ? ' odd' : ' even' %>">
-<table width="100%" cellspacing="0" cellpadding="2" border="0">
- <tr>
- <td rowspan="2" valign="top" class="type">
- <a name="txn-<%$Transaction->Id%>" href="<% $DisplayPath %>#txn-<%$Transaction->Id%>">#</a>
- <% $LastTransaction ? '<a name="lasttrans"> </a>' : ' ' |n %>
- </td>
- <td class="date"><% $transdate|n %></td>
-% my $desc = $Transaction->BriefDescription;
-% $m->comp('/Elements/Callback', _CallbackName => 'ModifyDisplay', text => \$desc, Transaction => $Transaction, %ARGS);
- <td class="description">
- <%$Creator%> - <%$TicketString%> <%$desc%>
- </td>
- <td class="time-taken"><%$TimeTaken%></td>
- <td class="actions"><%$titlebar_commands|n%></td>
- </tr>
-
- <tr>
- <td colspan="4" class="content">
-% if ($Transaction->CustomFieldValues->Count) {
- <& /Elements/ShowCustomFields, Object => $Transaction &>
-% }
-% $m->comp('ShowTransactionAttachments', %ARGS, Parent => 0) unless ($Collapsed ||!$ShowBody);
- </td>
- </tr>
-</table>
-</div>
-
-<%ARGS>
-$Ticket => undef
-$Transaction => undef
-$ShowHeaders => 0
-$Collapsed => undef
-$ShowTitleBarCommands => 1
-$RowNum => 1
-$DisplayPath => $RT::WebPath."/Ticket/Display.html?id=".$Ticket->id
-$AttachPath => $RT::WebPath."/Ticket/Attachment"
-$UpdatePath => $RT::WebPath."/Ticket/Update.html"
-$EmailRecordPath => $RT::WebPath."/Ticket/ShowEmailRecord.html"
-$Attachments => undef
-$AttachmentContent => undef
-$ShowBody => 1
-$LastTransaction => 0
-</%ARGS>
-
-<%INIT>
-
-my $Creator = $Transaction->CreatorObj->Name;
-$Creator =~ s/@/[...]/g;
-
-my ( $TimeTaken, $TicketString, $type_class );
-
-my $transdate = $Transaction->CreatedAsString();
-$transdate =~ s/\s/ /g;
-
-if ( $Transaction->Type =~ /^(Create|Correspond|Comment$)/ ) {
- if ( $Transaction->IsInbound ) {
- $type_class = 'message';
- }
- else {
- $type_class = 'message';
- }
-}
-elsif ( ( $Transaction->Field =~ /^Owner$/ )
- or ( $Transaction->Type =~ /^(AddWatcher|DelWatcher)$/ ) ) {
- $type_class = 'people';
-
-}
-elsif ( $Transaction->Type =~ /^(AddLink|DeleteLink)$/ ) {
- $type_class = 'links';
-}
-elsif ( $Transaction->Type =~ /^(Status|Set|Told)$/ ) {
- if ( $Transaction->Field =~ /^(Told|Starts|Started|Due)$/ ) {
- $type_class = 'dates';
- }
- else {
- $type_class = 'basics';
- }
-}
-else {
- $type_class = 'other';
-}
-
-if ( $Ticket->Id != $Transaction->Ticket ) {
- $TicketString = "Ticket " . $Transaction->Ticket . ": ";
-}
-$TicketString ||= '';
-
-if ( $Transaction->TimeTaken != 0 ) {
- $TimeTaken = $Transaction->TimeTaken . " min";
-} else {
- $TimeTaken = '';
-}
-
-unless ($Attachments) {
- my $attachments = $Transaction->Attachments;
- $attachments->Columns( qw( Id Filename ContentType Headers Subject Parent ContentEncoding ContentType TransactionId) );
- $Attachments = $attachments->ItemsArrayRef();
-}
-my $titlebar_commands = ' ';
-
-my @DisplayHeaders=qw ( _all);
-
-if ( $Transaction->Type =~ /EmailRecord$/ ) {
- @DisplayHeaders = qw(To Cc Bcc);
-
- $titlebar_commands .=
- "[<a target=\"_blank\" href=\"$EmailRecordPath?id="
- . $Transaction->Ticket
- . "&Transaction="
- . $Transaction->Id
- . "&Attachment="
- . ( $Transaction->Attachments->First
- && $Transaction->Attachments->First->Id )
-
- . '">' . loc('Show') . "</a>] ";
- $ShowBody = 0;
-}
-
-
-# If the transaction has anything attached to it at all
-else {
-
- unless ( $ShowHeaders ) {
- @DisplayHeaders = qw(To From RT-Send-Cc Cc Bcc Date Subject);
- }
-
- if ( $Attachments->[0] && $ShowTitleBarCommands ) {
- if ( $Transaction->TicketObj->CurrentUserHasRight('ReplyToTicket')
- or $Transaction->TicketObj->CurrentUserHasRight('ModifyTicket')) {
- $titlebar_commands .=
- "[<a href=\"".$UpdatePath."?id="
- . $Transaction->Ticket
- . "&QuoteTransaction="
- . $Transaction->Id
- . "&Action=Respond\">"
- . loc('Reply')
- . "</a>] ";
- }
- if ( $Transaction->TicketObj->CurrentUserHasRight('CommentOnTicket')
- or $Transaction->TicketObj->CurrentUserHasRight('ModifyTicket')) {
- $titlebar_commands .=
- "[<a href=\"".$UpdatePath."?id="
- . $Transaction->Ticket
- . "&QuoteTransaction="
- . $Transaction->Id
- . "&Action=Comment\">"
- . loc('Comment') . "</a>]";
- }
- }
-}
-</%INIT>
diff --git a/html/Public/Bug/Elements/ShowTransactionAttachments b/html/Public/Bug/Elements/ShowTransactionAttachments
deleted file mode 100644
index 55f5513..0000000
--- a/html/Public/Bug/Elements/ShowTransactionAttachments
+++ /dev/null
@@ -1,212 +0,0 @@
-%# BEGIN BPS TAGGED BLOCK {{{
-%#
-%# COPYRIGHT:
-%#
-%# This software is Copyright (c) 1996-2007 Best Practical Solutions, LLC
-%# <jesse at bestpractical.com>
-%#
-%# (Except where explicitly superseded by other copyright notices)
-%#
-%#
-%# LICENSE:
-%#
-%# This work is made available to you under the terms of Version 2 of
-%# the GNU General Public License. A copy of that license should have
-%# been provided with this software, but in any event can be snarfed
-%# from www.gnu.org.
-%#
-%# This work is distributed in the hope that it will be useful, but
-%# WITHOUT ANY WARRANTY; without even the implied warranty of
-%# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-%# General Public License for more details.
-%#
-%# You should have received a copy of the GNU General Public License
-%# along with this program; if not, write to the Free Software
-%# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
-%# 02110-1301 or visit their web page on the internet at
-%# http://www.gnu.org/copyleft/gpl.html.
-%#
-%#
-%# CONTRIBUTION SUBMISSION POLICY:
-%#
-%# (The following paragraph is not intended to limit the rights granted
-%# to you to modify and distribute this software under the terms of
-%# the GNU General Public License and is only of importance to you if
-%# you choose to contribute your changes and enhancements to the
-%# community by submitting them to Best Practical Solutions, LLC.)
-%#
-%# By intentionally submitting any modifications, corrections or
-%# derivatives to this work, or any other work intended for use with
-%# Request Tracker, to Best Practical Solutions, LLC, you confirm that
-%# you are the copyright holder for those contributions and you grant
-%# Best Practical Solutions, LLC a nonexclusive, worldwide, irrevocable,
-%# royalty-free, perpetual, license to use, copy, create derivative
-%# works based on those contributions, and sublicense and distribute
-%# those contributions and any derivatives thereof.
-%#
-%# END BPS TAGGED BLOCK }}}
-<%perl>
-# Find all the attachments which have parent $Parent
-# For each of these attachments
-foreach my $message ( grep { $_->Parent == $Parent } @$Attachments ) {
-
- # {{{ show the headers
- my $headers = $message->Headers;
- chomp $headers;
-
- $headers =~ s/(\w+)(\@)(\w+)/$1\[...\]$3/gism;
-
- # localize the common headers (like 'Subject:'), too.
- $headers =~ s/^([^:]+)(?=:)/loc($1)/em;
- $m->comp(
- '/Ticket/Elements/ShowMessageHeaders',
- Headers => $headers,
- Transaction => $Transaction,
- DisplayHeaders => \@DisplayHeaders
- );
-
- # }}}
- # {{{ if there's any size at all, show the download link
- my $size = $message->ContentLength;
- if ($size) {
-
-</%perl>
-<div class="downloadattachment">
-<%perl>
-
- # show a download link
- if ( $size > 1024 ) {
- $size = loc( "[_1]k", int( $size / 102.4 ) / 10 );
- }
- else {
- $size = loc( "[_1]b", $size );
- }
-
-</%PERL>
-<form method="post" action="<%$AttachPath%>/<%$Transaction->Id%>/<%$message->Id%>/<%$message->Filename | u%>"><input type="submit" value="<&|/l&>Download</&> <%$message->Filename || loc('(untitled)') %>"></form>
-<span class="downloadcontenttype">
-[<%$message->ContentType%> <% $size %>]
-</span>
-</div>
-% }
-% # }}}
-<div class="messagebody">
-<%perl>
-# {{{ if it has a content-disposition: attachment, don't show inline
-unless ( ($message->GetHeader('Content-Disposition')||"") =~ /attachment/i ) {
-
- my $content;
-
- # If it's text
- if ( $message->ContentType =~ m{^(text|message)}i
- && !($RT::SuppressInlineTextFiles && $message->Filename)
- && $message->ContentLength <= $RT::MaxInlineBody )
- {
-
- if (
-
- # it's a toplevel object
- !$ParentObj
-
- # or its parent isn't a multipart alternative
- || ( $ParentObj->ContentType !~ m{^multipart/alternative$}i )
-
- # or it's of our prefered alterative type
- || (
- (
- $RT::PreferRichText
- && ( $message->ContentType =~ m{^text/(?:html|enriched)$} )
- )
- || ( !$RT::PreferRichText
- && ( $message->ContentType !~ m{^text/(?:html|enriched)$} )
- )
- )
- )
- {
-
- if ( $AttachmentContent->{ $message->id } ) {
- $content = $AttachmentContent->{ $message->id }->Content;
- }
- else {
- $content = $message->Content;
- }
-
-
- $content =~ s/(\w+)(\@)(\w+)/$1\[...\]$3/gism;
-
- # if it's a text/html clean the body and show it
- if ( $message->ContentType =~ m{^text/(?:html|enriched)$}i ) {
- $content =
- $m->comp( '/Elements/ScrubHTML', Content => $content );
- $m->out($content);
- }
-
- # if it's a text/plain show the body
- elsif ( $message->ContentType =~ m{^(text|message|text)}i ) {
-
-
- $m->comp(
- '/Ticket/Elements/ShowMessageStanza',
- Depth => 0,
- Message => $content,
- Transaction => $Transaction
- );
- }
- }
-
- }
-
- # if it's an image, show it as an image
- elsif ( $RT::ShowTransactionImages and $message->ContentType =~ /^image\//i ) {
- $m->out('<img src="'
- . $AttachPath . '/'
- . $Transaction->Id . '/'
- . $message->Id
- . '/" />' );
- }
- elsif ( $message->ContentLength > 0 ) {
- $m->out(
- loc( 'Message body not shown because it is too large or is not plain text.' )
- );
- }
-}
-
-# }}}
-
-$m->comp(
- 'ShowTransactionAttachments', %ARGS,
- Parent => $message->id,
- ParentObj => $message
-);
-
-}
-</%PERL>
-</div>
-<%ARGS>
-$Ticket => undef
-$Transaction => undef
-$ShowHeaders => 0
-$Collapsed => undef
-$ShowTitleBarCommands => 1
-$RowNum => 1
-$AttachPath => $RT::WebPath."/Ticket/Attachment"
-$UpdatePath => $RT::WebPath."/Ticket/Update.html"
-$EmailRecordPath => $RT::WebPath."/Ticket/ShowEmailRecord.html"
-$Attachments => undef
-$AttachmentContent => undef
-$ShowBody => 1
-$Parent => 0
-$ParentObj => 0
-</%ARGS>
-<%INIT>
-my @DisplayHeaders=qw( _all);
-
-if ( $Transaction->Type =~ /EmailRecord$/ ) {
- @DisplayHeaders = qw(To Cc Bcc);
-}
-
-# If the transaction has anything attached to it at all
-elsif (!$ShowHeaders) {
- @DisplayHeaders = qw(To From RT-Send-Cc Cc Bcc Date Subject);
-}
-</%INIT>
-----------------------------------------------------------------------
More information about the Bps-public-commit
mailing list