[Rt-commit] rt branch, 4.0/request-args-to-decoded-args, created. rt-4.0.6-167-ga5d2329
Thomas Sibley
trs at bestpractical.com
Tue Jun 12 16:59:47 EDT 2012
The branch, 4.0/request-args-to-decoded-args has been created
at a5d232925129af9ed670371e2019326ee25bf0a9 (commit)
- Log -----------------------------------------------------------------
commit a5d232925129af9ed670371e2019326ee25bf0a9
Author: Thomas Sibley <trs at bestpractical.com>
Date: Tue Jun 12 16:53:09 2012 -0400
Use $DECODED_ARGS instead of $m->request_args
This standardizes upon decoded, possibly CSRF-expanded, request
arguments. Checking $m->request_args after a CSRF token is expanded
doesn't yield the expanded args, just the CSRF_Token.
diff --git a/share/html/Elements/ColumnMap b/share/html/Elements/ColumnMap
index 87fd61b..7295e3f 100644
--- a/share/html/Elements/ColumnMap
+++ b/share/html/Elements/ColumnMap
@@ -116,7 +116,7 @@ my $COLUMN_MAP = {
CheckBox => {
title => sub {
my $name = $_[1] || 'SelectedTickets';
- my $checked = $m->request_args->{ $name .'All' }? 'checked="checked"': '';
+ my $checked = $DECODED_ARGS->{ $name .'All' }? 'checked="checked"': '';
return \qq{<input type="checkbox" name="}, $name, \qq{All" value="1" $checked
onclick="setCheckbox(this.form, },
@@ -128,9 +128,9 @@ my $COLUMN_MAP = {
my $name = $_[2] || 'SelectedTickets';
return \qq{<input type="checkbox" name="}, $name, \qq{" value="$id" checked="checked" />}
- if $m->request_args->{ $name . 'All'};
+ if $DECODED_ARGS->{ $name . 'All'};
- my $arg = $m->request_args->{ $name };
+ my $arg = $DECODED_ARGS->{ $name };
my $checked = '';
if ( $arg && ref $arg ) {
$checked = 'checked="checked"' if grep $_ == $id, @$arg;
@@ -147,7 +147,7 @@ my $COLUMN_MAP = {
my $id = $_[0]->id;
my $name = $_[2] || 'SelectedTicket';
- my $arg = $m->request_args->{ $name };
+ my $arg = $DECODED_ARGS->{ $name };
my $checked = '';
$checked = 'checked="checked"' if $arg && $arg == $id;
return \qq{<input type="radio" name="}, $name, \qq{" value="$id" $checked />};
diff --git a/share/html/Elements/EditCustomField b/share/html/Elements/EditCustomField
index b74c484..8b87fd4 100644
--- a/share/html/Elements/EditCustomField
+++ b/share/html/Elements/EditCustomField
@@ -71,7 +71,7 @@ if ( $Object && $Object->id ) {
# Always fill $Default with submited values if it's empty
if ( ( !defined $Default || !length $Default ) && $DefaultsFromTopArguments ) {
- my %TOP = $m->request_args;
+ my %TOP = %$DECODED_ARGS;
$Default = $TOP{ $NamePrefix .$CustomField->Id . '-Values' }
|| $TOP{ $NamePrefix .$CustomField->Id . '-Value' };
}
diff --git a/share/html/Elements/HeaderJavascript b/share/html/Elements/HeaderJavascript
index 28788db..d5741f4 100644
--- a/share/html/Elements/HeaderJavascript
+++ b/share/html/Elements/HeaderJavascript
@@ -67,7 +67,7 @@ $onload => undef
% }
% if ( $RichText and RT->Config->Get('MessageBoxRichText', $session{'CurrentUser'})) {
- jQuery().ready(function () { ReplaceAllTextareas(<%$m->request_args->{'CKeditorEncoded'} || 0 |n,j%>) });
+ jQuery().ready(function () { ReplaceAllTextareas(<%$DECODED_ARGS->{'CKeditorEncoded'} || 0 |n,j%>) });
% }
--></script>
<%ARGS>
diff --git a/share/html/Elements/ListActions b/share/html/Elements/ListActions
index 999d3fe..8929ff7 100755
--- a/share/html/Elements/ListActions
+++ b/share/html/Elements/ListActions
@@ -65,7 +65,7 @@ if ( ref( $session{'Actions'}{''} ) eq 'ARRAY' ) {
unshift @actions, @{ delete $session{'Actions'}{''} };
}
-my $actions_pointer = $m->request_args->{'results'};
+my $actions_pointer = $DECODED_ARGS->{'results'};
if ($actions_pointer && ref( $session{'Actions'}->{$actions_pointer} ) eq 'ARRAY' ) {
unshift @actions, @{ delete $session{'Actions'}->{$actions_pointer} };
diff --git a/share/html/Elements/RT__CustomField/ColumnMap b/share/html/Elements/RT__CustomField/ColumnMap
index ecb219d..b043984 100644
--- a/share/html/Elements/RT__CustomField/ColumnMap
+++ b/share/html/Elements/RT__CustomField/ColumnMap
@@ -118,7 +118,7 @@ my $COLUMN_MAP = {
RemoveCheckBox => {
title => sub {
my $name = 'RemoveCustomField';
- my $checked = $m->request_args->{ $name .'All' }? 'checked="checked"': '';
+ my $checked = $DECODED_ARGS->{ $name .'All' }? 'checked="checked"': '';
return \qq{<input type="checkbox" name="}, $name, \qq{All" value="1" $checked
onclick="setCheckbox(this.form, },
@@ -130,7 +130,7 @@ my $COLUMN_MAP = {
return '' if $_[0]->IsApplied;
my $name = 'RemoveCustomField';
- my $arg = $m->request_args->{ $name };
+ my $arg = $DECODED_ARGS->{ $name };
my $checked = '';
if ( $arg && ref $arg ) {
diff --git a/share/html/Search/Chart.html b/share/html/Search/Chart.html
index 070ce7c..571c3d3 100644
--- a/share/html/Search/Chart.html
+++ b/share/html/Search/Chart.html
@@ -98,14 +98,14 @@ my %query;
for(@session_fields) {
$query{$_} = $current->{$_} unless defined $query{$_};
- $query{$_} = $m->request_args->{$_} unless defined $query{$_};
+ $query{$_} = $DECODED_ARGS->{$_} unless defined $query{$_};
}
- if ($m->request_args->{'SavedSearchLoadSubmit'}) {
- $query{'SavedChartSearchId'} = $m->request_args->{'SavedSearchLoad'};
+ if ($DECODED_ARGS->{'SavedSearchLoadSubmit'}) {
+ $query{'SavedChartSearchId'} = $DECODED_ARGS->{'SavedSearchLoad'};
}
- if ($m->request_args->{'SavedSearchSave'}) {
+ if ($DECODED_ARGS->{'SavedSearchSave'}) {
$query{'SavedChartSearchId'} = $saved_search->{'SearchId'};
}
diff --git a/share/html/Search/Results.html b/share/html/Search/Results.html
index 171b38d..4fee865 100755
--- a/share/html/Search/Results.html
+++ b/share/html/Search/Results.html
@@ -151,6 +151,7 @@ if ($ARGS{'TicketsRefreshInterval'}) {
my $refresh = $session{'tickets_refresh_interval'}
|| RT->Config->Get('SearchResultsRefreshInterval', $session{'CurrentUser'} );
+# Check $m->request_args, not $DECODED_ARGS, to avoid creating a new CSRF token on each refresh
if (RT->Config->Get('RestrictReferrer') and $refresh and not $m->request_args->{CSRF_Token}) {
my $token = RT::Interface::Web::StoreRequestToken( $session{'CurrentSearchHash'} );
$m->notes->{RefreshURL} = RT->Config->Get('WebURL')
diff --git a/share/html/m/_elements/wrapper b/share/html/m/_elements/wrapper
index 75fe984..b2e727a 100644
--- a/share/html/m/_elements/wrapper
+++ b/share/html/m/_elements/wrapper
@@ -50,7 +50,7 @@ $title => ''
$show_home_button => 1
</%args>
<%init>
-if ($m->request_args->{'NotMobile'}) {
+if ($DECODED_ARGS->{'NotMobile'}) {
$session{'NotMobile'} = 1;
RT::Interface::Web::Redirect(RT->Config->Get('WebURL'));
$m->abort();
-----------------------------------------------------------------------
More information about the Rt-commit
mailing list