[Rt-commit] r7557 - in rt/branches/3.6-RELEASE: .
jesse at bestpractical.com
jesse at bestpractical.com
Wed Apr 18 20:52:26 EDT 2007
Author: jesse
Date: Wed Apr 18 20:52:25 2007
New Revision: 7557
Modified:
rt/branches/3.6-RELEASE/ (props changed)
rt/branches/3.6-RELEASE/html/REST/1.0/Forms/ticket/history
Log:
r55722 at 241: jesse | 2007-04-18 15:52:43 -0400
* Patch from Philip Kime at Shopzilla to prevent accidental display of transactions from the wrong ticket when you explicitly specify a ticket id and a transaction id.
Modified: rt/branches/3.6-RELEASE/html/REST/1.0/Forms/ticket/history
==============================================================================
--- rt/branches/3.6-RELEASE/html/REST/1.0/Forms/ticket/history (original)
+++ rt/branches/3.6-RELEASE/html/REST/1.0/Forms/ticket/history Wed Apr 18 20:52:25 2007
@@ -94,7 +94,19 @@
if ($tid) {
my @data;
my $t = new RT::Transaction $session{CurrentUser};
- $t->Load($tid);
+
+ # this paragraph limits the transaction ID query to transactions on this ticket.
+ # Otherwise you can query any transaction from any ticket, which makes no sense.
+ my $Transactions = $ticket->Transactions;
+ my $tok=0;
+ while (my $T = $Transactions->Next()) {
+ $tok=1 if ($T->Id == $tid)
+ }
+ if ($tok) {
+ $t->Load($tid);
+ } else {
+ return [ "# Transaction $tid is not related to Ticket $id", [], {}, 1 ];
+ }
push @data, [ id => $t->Id ];
push @data, [ Ticket => $t->Ticket ]
More information about the Rt-commit
mailing list