[Rt-commit] rt branch, 4.0/no-ticket-interface-for-approvals, updated. rt-4.0.4-122-ga8e5209
Thomas Sibley
trs at bestpractical.com
Thu Jan 12 17:39:16 EST 2012
The branch, 4.0/no-ticket-interface-for-approvals has been updated
via a8e52099424f97e3ae318ab8b6f98ddf70c5883c (commit)
from 74643adeb101b5382db89d23b0962ece9cbf9bcf (commit)
Summary of changes:
lib/RT/Interface/Web.pm | 2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
- Log -----------------------------------------------------------------
commit a8e52099424f97e3ae318ab8b6f98ddf70c5883c
Author: Thomas Sibley <trs at bestpractical.com>
Date: Thu Jan 12 17:19:57 2012 -0500
Only redirect to the approvals view on GET requests
POST (and other) requests are likely to contain data that we don't want
to convert query parameters in a GET request.
All requests except GET are allowed through unmolested. Hopefully after
the appropriate actions are taken, the page does a redirect using
MaybeRedirectForResults, which will generate a GET request that is
followed and subsequently caught by MaybeRedirectToApproval.
This behaviour is similar to the custom approval redirection logic in
Ticket/Display.html: it always does its redirect after any processing.
Ruslan++ for pointing out the flaw of redirecting POST requests.
diff --git a/lib/RT/Interface/Web.pm b/lib/RT/Interface/Web.pm
index c06fffe..5cff6b0 100644
--- a/lib/RT/Interface/Web.pm
+++ b/lib/RT/Interface/Web.pm
@@ -1258,6 +1258,8 @@ sub MaybeRedirectToApproval {
@_
);
+ return unless $ENV{REQUEST_METHOD} eq 'GET';
+
my $id = $args{ARGSRef}->{id};
if ( $id
-----------------------------------------------------------------------
More information about the Rt-commit
mailing list