[Rt-announce] RT 3.6.8 Released

Kevin Falcone falcone at bestpractical.com
Wed Jun 10 17:51:31 EDT 2009 

We are happy to announce that RT 3.6.8 is now available. You can
download it from:

http://download.bestpractical.com/pub/rt/release/rt-3.6.8.tar.gz
http://download.bestpractical.com/pub/rt/release/rt-3.6.8.tar.gz.sig

SHA1 sums

c7b4fac30b5b91a1c7f64bc05ecf63f40aaec50d  rt-3.6.8.tar.gz
cb80cca50254127362a8ff8d9af71ff66881f300  rt-3.6.8.tar.gz.sig

This is a bugfix and security release of RT.

The most important fix is that RT now requires the SuperUser
right to edit global RT at a Glance.  In all versions since
3.6.2, the "ShowConfigTab" right unintentionally enabled this.
If you have not granted this right to any non-administrative user,
then this issue should not affect you.

A patch that resolves this issue without requiring an upgrade
to 3.6.8 is attached to this announcement.

A more complete list of fixes can be found below.

-kevin

FIXES AND CLEANUPS
==================

* Updated italian translation from Nicola Murino
* validate CFs in SelfService
* Fix: On comment/correspond, attached files are not recorded if comment/response
  content is empty.
* add HasAttribute and HasNoAttribute to the tisql
* Allow only SuperUser to edit RT at a Glance
* copyright updates
-------------- next part --------------
--- share/html/Admin/Global/MyRT.html
+++ share/html/Admin/Global/MyRT.html
@@ -83,6 +83,8 @@
 
 my ($default_portlets) = $sys->Attributes->Named('HomepageSettings');
 
+my $has_right = $session{'CurrentUser'}->HasRight( Object=> $RT::System, Right => 'SuperUser');
+
 my @panes = $m->comp(
     '/Admin/Elements/ConfigureMyRT',
     panes  => ['body', 'summary'],
@@ -91,8 +93,13 @@
     current_portlets => $default_portlets->Content,
     OnSave => sub {
         my ( $conf, $pane ) = @_;
-	$default_portlets->SetContent( $conf );
-        push @actions, loc( 'Global portlet [_1] saved.', $pane );
+        if (!$has_right) {
+            push @actions, loc( 'Permission denied' );
+        }
+        else {
+            $default_portlets->SetContent( $conf );
+            push @actions, loc( 'Global portlet [_1] saved.', $pane );
+        }
     }
 );
 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 194 bytes
Desc: not available
Url : http://lists.bestpractical.com/pipermail/rt-announce/attachments/20090610/47f014c6/attachment.pgp

More information about the RT-Announce mailing list