[Rt-commit] rt branch, 4.0/sanity-check-url-config, updated. rt-3.9.7-1136-g80f9991

Shawn Moore sartak at bestpractical.com
Fri Jan 7 13:04:57 EST 2011 

The branch, 4.0/sanity-check-url-config has been updated
       via  80f99916da474d46741c8a56be4a10cda11c2e5c (commit)
      from  7479cd2f3e421114b0dcaa15c57800a2cc10f818 (commit)

Summary of changes:
 lib/RT/Config.pm   |   10 +++++-----
 t/api/web-config.t |   14 +++++++++++---
 2 files changed, 16 insertions(+), 8 deletions(-)

- Log -----------------------------------------------------------------
commit 80f99916da474d46741c8a56be4a10cda11c2e5c
Author: Shawn M Moore <sartak at bestpractical.com>
Date:   Fri Jan 7 13:04:51 2011 -0500

    Lock down scheme to http or https

diff --git a/lib/RT/Config.pm b/lib/RT/Config.pm
index dfdf59a..cc6be20 100644
--- a/lib/RT/Config.pm
+++ b/lib/RT/Config.pm
@@ -608,15 +608,15 @@ our %META = (
                 return;
             }
 
-            if ($value !~ m{^\w+://}) {
-                $RT::Logger->error("The WebBaseURL config option must contain a scheme");
+            if ($value !~ m{^https?://}i) {
+                $RT::Logger->error("The WebBaseURL config option must contain a scheme (http or https)");
             }
 
             if ($value =~ m{/$}) {
                 $RT::Logger->error("The WebBaseURL config option requires no trailing slash");
             }
 
-            if ($value =~ m{^\w+://.+?(/[^/].*)}) {
+            if ($value =~ m{^https?://.+?(/[^/].*)}i) {
                 $RT::Logger->error("The WebBaseURL config option must not contain a path ($1)");
             }
         },
@@ -631,8 +631,8 @@ our %META = (
                 return;
             }
 
-            if ($value !~ m{^\w+://}) {
-                $RT::Logger->error("The WebURL config option must contain a scheme");
+            if ($value !~ m{^https?://}i) {
+                $RT::Logger->error("The WebURL config option must contain a scheme (http or https)");
             }
 
             if ($value !~ m{/$}) {
diff --git a/t/api/web-config.t b/t/api/web-config.t
index 8037ad5..48981cf 100644
--- a/t/api/web-config.t
+++ b/t/api/web-config.t
@@ -1,7 +1,7 @@
 use strict;
 use warnings;
 use RT;
-use RT::Test nodb => 1, tests => 83;
+use RT::Test nodb => 1, tests => 87;
 
 sub warnings_from {
     my $option = shift;
@@ -106,7 +106,7 @@ is(warnings_from(WebPort => 443), 0);
 
 # WebBaseURL
 is(warnings_from(WebBaseURL => 'http://rt.example.com'), 0);
-is(warnings_from(WebBaseURL => 'xtp://rt.example.com'), 0, 'nonstandard schema is okay?');
+is(warnings_from(WebBaseURL => 'HTTP://rt.example.com'), 0, 'uppercase scheme is okay');
 is(warnings_from(WebBaseURL => 'http://rt.example.com:8888'), 0, 'nonstandard port is okay');
 is(warnings_from(WebBaseURL => 'https://rt.example.com:8888'), 0, 'nonstandard port with https is okay');
 
@@ -118,6 +118,10 @@ like($w[0], qr{You must set the WebBaseURL config option});
 is(@w, 1);
 like($w[0], qr{The WebBaseURL config option must contain a scheme});
 
+ at w = warnings_from(WebBaseURL => 'xtp://rt.example.com');
+is(@w, 1);
+like($w[0], qr{The WebBaseURL config option must contain a scheme \(http or https\)});
+
 @w = warnings_from(WebBaseURL => 'http://rt.example.com/');
 is(@w, 1);
 like($w[0], qr{The WebBaseURL config option requires no trailing slash});
@@ -145,9 +149,9 @@ is(warnings_from(WebBaseURL => 'http://rt.example.com'), 0);
 
 # WebURL
 is(warnings_from(WebURL => 'http://rt.example.com/'), 0);
+is(warnings_from(WebURL => 'HTTP://rt.example.com/'), 0, 'uppercase scheme is okay');
 is(warnings_from(WebURL => 'http://example.com/rt/'), 0);
 is(warnings_from(WebURL => 'http://example.com/rt/ir/'), 0);
-is(warnings_from(WebURL => 'xtp://rt.example.com/'), 0, 'nonstandard schema is okay?');
 is(warnings_from(WebURL => 'http://rt.example.com:8888/'), 0, 'nonstandard port is okay');
 is(warnings_from(WebURL => 'https://rt.example.com:8888/'), 0, 'nonstandard port with https is okay');
 
@@ -164,6 +168,10 @@ like($w[1], qr{The WebURL config option requires a trailing slash});
 is(@w, 1);
 like($w[0], qr{The WebURL config option requires a trailing slash});
 
+ at w = warnings_from(WebURL => 'xtp://example.com/rt/');
+is(@w, 1);
+like($w[0], qr{The WebURL config option must contain a scheme \(http or https\)});
+
 @w = warnings_from(WebURL => 'http://rt.example.com/rt');
 is(@w, 1);
 like($w[0], qr{The WebURL config option requires a trailing slash});

-----------------------------------------------------------------------

More information about the Rt-commit mailing list