[Rt-commit] rt branch, new-style-templates, updated. rt-3.8.8-208-gd32274b
Shawn Moore
sartak at bestpractical.com
Mon Jul 26 15:40:32 EDT 2010
The branch, new-style-templates has been updated
via d32274b59b9c770af4bc10411088c14ca7b1f0c1 (commit)
via 605714c591c017f9fe9f9937300504a12d181333 (commit)
from 55e6f4651488f1dcad9e2cd9cb17d154ecfee4b5 (commit)
Summary of changes:
lib/RT/Template_Overlay.pm | 32 +++++++++++++++++++-------------
t/api/template-simple.t | 6 ++----
2 files changed, 21 insertions(+), 17 deletions(-)
- Log -----------------------------------------------------------------
commit 605714c591c017f9fe9f9937300504a12d181333
Author: Shawn M Moore <sartak at bestpractical.com>
Date: Mon Jul 26 15:40:58 2010 -0400
Forbid method calls in simple templates
diff --git a/lib/RT/Template_Overlay.pm b/lib/RT/Template_Overlay.pm
index 89fe885..dc88f52 100755
--- a/lib/RT/Template_Overlay.pm
+++ b/lib/RT/Template_Overlay.pm
@@ -481,8 +481,6 @@ sub _ParseContentSimple {
$fi_r .= $fi_text;
} elsif ($fi_type eq 'PROG') {
my $fi_res;
- my $interpolated;
-
my $original_fi_text = $fi_text;
# strip surrounding whitespace for simpler regexes
@@ -494,21 +492,11 @@ sub _ParseContentSimple {
if (my ($var) = $fi_text =~ /^\$(\w+)$/) {
if (exists $args{TemplateArgs}{$var}) {
$fi_res = $args{TemplateArgs}{$var};
- $interpolated = 1;
- }
- }
- # otherwise if it looks like a method call...
- # XXX: this should be locked down otherwise you could say
- # $TicketObj->Steal or something similarly ugly
- elsif (my ($obj, $method) = $fi_text =~ /^\$(\w+)->(\w+)$/) {
- if (blessed($args{TemplateArgs}{$obj}) && $args{TemplateArgs}{$obj}->can($method)) {
- $fi_res = $args{TemplateArgs}{$obj}->$method;
- $interpolated = 1;
}
}
# if there was no substitution then just reinsert the codeblock
- if (!$interpolated) {
+ if (!defined $fi_res) {
$fi_res = "{$original_fi_text}";
}
commit d32274b59b9c770af4bc10411088c14ca7b1f0c1
Author: Shawn M Moore <sartak at bestpractical.com>
Date: Mon Jul 26 15:41:20 2010 -0400
Begin whitelisting fields for tickets in simple templates
diff --git a/lib/RT/Template_Overlay.pm b/lib/RT/Template_Overlay.pm
index dc88f52..068f427 100755
--- a/lib/RT/Template_Overlay.pm
+++ b/lib/RT/Template_Overlay.pm
@@ -466,6 +466,8 @@ sub _ParseContentSimple {
@_,
);
+ $self->_MassageSimpleTemplateArgs(%args);
+
my $template = Text::Template->new(
TYPE => 'STRING',
SOURCE => $args{Content},
@@ -512,6 +514,22 @@ sub _ParseContentSimple {
return $fi_r;
}
+sub _MassageSimpleTemplateArgs {
+ my $self = shift;
+ my %args = (
+ TemplateArgs => {},
+ @_,
+ );
+
+ my $template_args = $args{TemplateArgs};
+
+ if (my $ticket = $template_args->{Ticket}) {
+ for my $column (qw/Subject/) {
+ $template_args->{"Ticket".$column} = $ticket->$column;
+ }
+ }
+}
+
sub _DowngradeFromHTML {
my $self = shift;
my $orig_entity = $self->MIMEObj;
diff --git a/t/api/template-simple.t b/t/api/template-simple.t
index ecbd6fc..cf7447f 100644
--- a/t/api/template-simple.t
+++ b/t/api/template-simple.t
@@ -31,8 +31,8 @@ TemplateTest(
);
TemplateTest(
- Content => "\ntest { \$Ticket->Subject }",
- FullOutput => "test template testing",
+ Content => "\ntest { \$TicketSubject }",
+ FullOutput => "test ",
SimpleOutput => "test template testing",
);
@@ -54,14 +54,12 @@ TemplateTest(
SimpleOutput => "test { \$Nonexistent->Nonexistent }",
);
-# Simple templates only let you go one level down for now..
TemplateTest(
Content => "\ntest { \$Ticket->OwnerObj->Name }",
FullOutput => "test Nobody",
SimpleOutput => "test { \$Ticket->OwnerObj->Name }",
);
-# should this be forbidden or not?
is($ticket->Status, 'new', "test setup");
TemplateTest(
Content => "\ntest { \$Ticket->Resolve }",
-----------------------------------------------------------------------
More information about the Rt-commit
mailing list