[Rt-commit] r19905 - in rt/3.8/trunk: .
ruz at bestpractical.com
ruz at bestpractical.com
Thu Jun 4 17:35:47 EDT 2009
Author: ruz
Date: Thu Jun 4 17:35:45 2009
New Revision: 19905
Modified:
rt/3.8/trunk/UPGRADING
rt/3.8/trunk/etc/RT_Config.pm.in
Log:
* revert back WebNoAuthRegex cuz too free regexp can be used to attack dhandlers,
but leave doc change
Modified: rt/3.8/trunk/UPGRADING
==============================================================================
--- rt/3.8/trunk/UPGRADING (original)
+++ rt/3.8/trunk/UPGRADING Thu Jun 4 17:35:45 2009
@@ -19,11 +19,6 @@
*******
-UPGRADING FROM 3.8.3 and earlier - Changes:
-
-Default value of WebNoAuthRegex option in the config now matches any path
-that has '/NoAuth/' substring, so extensions can avoid overriding it.
-
UPGRADING FROM 3.8.2 and earlier - Changes:
New scrip condition 'On Reject'.
Modified: rt/3.8/trunk/etc/RT_Config.pm.in
==============================================================================
--- rt/3.8/trunk/etc/RT_Config.pm.in (original)
+++ rt/3.8/trunk/etc/RT_Config.pm.in Thu Jun 4 17:35:45 2009
@@ -856,7 +856,7 @@
=cut
-Set($WebNoAuthRegex, qr{ /NoAuth/ }x );
+Set($WebNoAuthRegex, qr{^ (?:/+NoAuth/ | /+REST/\d+\.\d+/NoAuth/) }x );
=item C<$SelfServiceRegex>
More information about the Rt-commit
mailing list