[Rt-commit] rt branch, master, updated. rt-4.0.6-331-g48531b2
Alex Vandiver
alexmv at bestpractical.com
Tue May 22 15:18:00 EDT 2012
The branch, master has been updated
via 48531b208ba9ad02743d96164676880dd48e3b05 (commit)
via 2931b56e73c55412fbd5c90f3b6a527e1a3b9c93 (commit)
via 153a17f9e898a744eeec45c983cdccf0055b22ea (commit)
via 4389336ffd09f7cc94525567fc0400ad3ac2d570 (commit)
via 8c6406d12958a0c6db67676e00522ccfd9f7824b (commit)
via 488f351cb105ef21f6952b14fb8ec1a1aa630967 (commit)
via 42503976eced9fa0d71fe56e792758f876d6e491 (commit)
via 14b8b16c3036ae9a46725cefece768e929a15a4e (commit)
via 650e03250271a39121eba428a41b1592d8342a79 (commit)
via ddb3ab99a6eb359394a6d9c9b5ec4d471c061601 (commit)
via a5346d0ba4122e989d771a093de79e8b3bdd3024 (commit)
via 299b6604bd36c99bbffa0710a239f3ec4f60e03a (commit)
via 65d63b0a9b36b81044d7b164606a415f65876c9d (commit)
via 1286ac125218937c2fe1ea50e874aaa384090774 (commit)
via cd32279d153f4d61a677562f7c96b208157d7a7d (commit)
via 809ea27ee626d2cd00c0635a73a5e4a55f01e423 (commit)
via fec1b72e821c2c9d28996eaec0ca21a7be9cf4e7 (commit)
via 997d5b0fc029ff0b209ec7e47f253958be334d8b (commit)
via 001014997bd8a5c21cbb36eb50505bea14456f1b (commit)
via ff3a3e187d64deac5930877fee8527d32f59406a (commit)
via 096e31e8f7cffcaea01b3aed91355181fee8b0bd (commit)
via b770e5f8abc6418ca8cb8e592287af535bd72249 (commit)
via 730eea81fec59cffbc3b9631b2b225c99a6cb704 (commit)
via 58c006e6719a4a93e5422074dafdbd90f0bb2a48 (commit)
via 843659b101f4aecc0fcae17dac7dd2206356ec73 (commit)
via 48ff24953c5af2efd77fe0f80490cd98aa31eb0f (commit)
via 7eaa035980cabbcb21fdbc92d9b8b4691cd735a8 (commit)
via 33840d670d3c801863a86446d1291880708a74ea (commit)
via 17bc0c17ab2523c7c73284ac8806954ad9ee573f (commit)
via 906e9a34c52d890e5d69533d9fd35c9547f0cb43 (commit)
via f9390c4962591a77046c13070019aa960e071c6d (commit)
via 7bc96758e8c01b067de13aa5d3a06509ebcab802 (commit)
via eada947f53da77f93e91aa27dd0fd30c144a3c5e (commit)
via dd11af8915ce12942ffd7c08607a847d1967be47 (commit)
via 912e2385a38cce818244bbe4197897b190217d1b (commit)
via 07890edf334ce7a238fb65af0ab4689566bff027 (commit)
via 8680717f01a26e656b74fd9ca1c9bfd1720e5519 (commit)
via d9ab0d48e09a24ecad965e021eab31366ae6b860 (commit)
via 6d390c32367a820a413defce2677cf8a3b3a1ad1 (commit)
via 542b80d1fff77dd14e65fbb494eba5118cbb26a6 (commit)
via 6b4e33882d0eac0c8ea5b416b4edd692bdd69e71 (commit)
via 6dc6a0bb9f043b5698349a0d5c946fe58029a36c (commit)
via 5c96ad518540645f3daa76111ebb07109c75c0ab (commit)
via fa9c4b4b218ea231c048312a3ca0be76b3231a1e (commit)
via 080eb2a7c4b4c790a315da18411d5f2d2d3818ba (commit)
via c0ecb6c30269367d1a6678a73c628444335021a7 (commit)
via 9f82b31e9c747993374f86c1306ccc5ced3bc33d (commit)
via 303f610407512568d944019cc87f743b3ff7ada9 (commit)
via 1289ed353da44ff332daae2c243617f35928bf21 (commit)
via f4475ca137a4ab575956c4ba0828397e4291ac26 (commit)
via 20c87c68c99d1a9690fb71950f0e857c234bb903 (commit)
via 11e4eb965ecd1fc4032d0f41225cec7c79dd81e6 (commit)
via 0c03eb27f0919146f88fa1efdeadf59a9260fc39 (commit)
via 52159bcadff35afb38fbf0ed749f32f213cf537d (commit)
via ad3ab788779fb1f8047bfe190d1d7c439d615c01 (commit)
via 21da57aba3248b21240954274bcf5d9a47c92b49 (commit)
via 4786981af61f69a5734f7ac38b394aaab82771a4 (commit)
via 5daf828da793b49df4aa06cce03df9ee9fbcffca (commit)
via e681fa720ebe8a6d6949dae6f72ccce1f06f9397 (commit)
via 96cde5748cd553256ba6def8a8353d5a6baf054b (commit)
via 4c486f95227079fcb367f1a3882feeae33edf7a1 (commit)
via 4289167206a8f0f2b8022899051eb71e98ccc962 (commit)
via 078257dc4b9da5f5575c257fd1a5f0cee044a200 (commit)
via 5ad63908f7e589534d41d93bf68fd64c3817f156 (commit)
via 3f5531887c5934995688434cfdff752c27573c23 (commit)
via 1d3432b2a14434c775a2bf637e7ec2bde4448bd5 (commit)
via eb44f1060ac3e78a5063aa6982c033d7bbf783aa (commit)
via 02325246190c18f11b1f4056d7c6e7c3fa1f6a9b (commit)
via 9b6e230856538dc8f3801a21f2261fe93a4f493b (commit)
via bf574b144f70e287d5750dc70735f93a4bfb69e5 (commit)
via b6a06ebea3dac5915979055f0a0508a846829033 (commit)
via f4513aee9e19bef089b5aa0586b033e291b8c509 (commit)
via 7040ff301c762d7b30335f3808b06b4ebfe3523b (commit)
via c01f5852cc56e056198a9bb6110842d7553856a8 (commit)
via 0597e05c4e1ea5d954c4cd9ec60c909464571380 (commit)
via 013ee73c2444201435755e924f195fdcfdbb8249 (commit)
via 9bf2265ce80bdb979e5c2b0c90263792fd302d42 (commit)
via b3d3b2f30b574a961b9a9fcccae66c34da4a5eb5 (commit)
via 3a705a092526cd2106bb88fce134e06f855e52ca (commit)
via e915622b841a522d5595e53e2d38ff404e8e17e8 (commit)
via 5aa4f5ceab5ef0bf5263e8b3a7bcd9b0e86c27c7 (commit)
via f8770f8538f28113989d067fdf62b08b0b121727 (commit)
via be375067d28f2fa10f112da4a51f8b87b787f07c (commit)
via 0d977a01e9524922c58ac31e345c2696e91efc26 (commit)
via aa6923451b824192828867b388e49dd46971c13d (commit)
via baa7f1e1bf952194fd39ea95884184a756039c23 (commit)
via e5399ceb1ae24cea0e18800a004ac1ac8d3539f8 (commit)
via 290b46b20d2d2fb84fea2a707e51cc049617469a (commit)
via 85142adb3b62e4d90454d28933b04ebade7b206f (commit)
via 10a3bb4c825247aeb1ffab10bb1bb0f4e40ead6c (commit)
via 4ff6192e94b193def986b970f7c219b80cd8aa9b (commit)
via dbb8542375f98daa79cf12151589d6ad0158fddf (commit)
via 09ec4163b57c60cdb42c610a77ce431fab7d787f (commit)
via b88578beb8179583acb6ee310ba0e757bef44614 (commit)
via 22bbf1944adcef38a497236ac5d691280d2b91cd (commit)
via a9bd59f450af6a3540d114f4fc9c9b148e9d5548 (commit)
via 06ea1ab348159999e5563ac72a4deecc4e203c37 (commit)
via bac33a25630ef70be3efe3635789b08f48228093 (commit)
via eb74e9568157a1027aa9c4d71fb9b38a4e3323e8 (commit)
via 0ca6a53efd94155c1fb7a2b09859156f7a05edf3 (commit)
via 855906aa2850c6277688536d7df532e25529efe6 (commit)
via c44e395e91292392fbd8d36821220b6f71b40474 (commit)
via 5242c76b43961555de802c7de26a605df34c02d0 (commit)
via 22fa8d088839c8d66c7d6311e4031aa62d7008f0 (commit)
via c68172b9a7b8e045215e70f1490145164cd00ab6 (commit)
via 1d7cc2220480f5d7e9f37994f01c1958aac960fb (commit)
via a23c3260aea61415135b35eb9efba3b52ee7187a (commit)
via 9aa0957f42d354df6d1848c7736647ef88c9e29e (commit)
via feec1c6e775de48a0c95c359ea8cc70bbf1d5538 (commit)
via 41a266405b9809d1e9dc0fc5335cf7683460b813 (commit)
via 93cb7cb1d09352627a7060e50821aca1ea5924aa (commit)
via 2b5e6c9ff6cb1aeef306d3f83887099a8036ac37 (commit)
via 475780b6817d5a1c3de54bd524e3fc7426077460 (commit)
via 8fdfef724fa75dda553679a6a30fe7d7cc60bd8b (commit)
via e47c6fbbb19790089134dee5af9c1e89bf88809b (commit)
via e8c2f511c6fcc49f1e405e054cb9cedac027fe17 (commit)
via 56f24489b5f7a43015c528dd305f775e49911e79 (commit)
via 05a6e45a448b0f2712a2356829ef78a1e7385d60 (commit)
via cd180c1f57602555614ef0d57e128f1cad544e87 (commit)
via 87ac5328d5a13f8e99e2ca7783e28d97c15912cc (commit)
via 82c9189f529dc65c1874a15e5379f5f9d11593f7 (commit)
via 591e06aae165dbc079d5c252a7533c2b7309026f (commit)
via e0ac46a7ef1cb3c61fa015ce3f2f8bcb870798b3 (commit)
via 29d4827b4b5f0060bc2e76f564a9a26d8523e226 (commit)
via b9a5e5f9b8c14ea97286484d02827bfd89169042 (commit)
via 69178f9fc6ce3aecfc827987d81ba6fc92a5e96e (commit)
via 6a9a41d6dc2908c34c80333bb507457aec058e7d (commit)
via 1ef24b15d3fc42131bf29f888279de55a9fd01a0 (commit)
via 08754c08ae211c24cdba5b8390883f65578efc95 (commit)
via 3929c48b545f5d0245a31b7c61ee90bed45549be (commit)
via bb24a9f477d792ed77ecb8bf1bc29ae958734297 (commit)
via 86dc0486708f5b778b20c3a30c138beb0cf5e489 (commit)
via 9feb75b8ee903273c6f708e6d52ab10ae3774b64 (commit)
via 02adabdd6ca2c5df6ee3e13e742b38934cc89447 (commit)
via ee8717368f42f083cfd900170201f7a3d73e2f35 (commit)
via 8fbe5b518a3898229de7f7717231d175d4d33e6f (commit)
via 312199f66c840c444c6414815dcc186c6653278e (commit)
via fbef48d9f2271c87391c459477da1cb77d8a15b2 (commit)
via a625c19ef0f65ed3a690d298e24dc5c999fb6487 (commit)
via 04a9551f9a6a4a8042dc30911133ad652a79c69b (commit)
via 65ff771972e8973145fc4132dc459a0a3b53ad69 (commit)
via f258e65879c8c254c907d7d68c706d5fcea17486 (commit)
via 3ee90284f10067c9d1a29b7a1d09338e308a76be (commit)
via 6928fac63094935a68438f0d6608cbc351c37cb4 (commit)
via c83b3488e33eba887ae20a6f192f2c5dc4311d01 (commit)
via 64c6ecd431388d7c81c5f94ee4f0c526325ba9c0 (commit)
via 19369ba8f67eec572a992f4bdb22d756872ccc37 (commit)
via ad5d6ed2d2b80fe2426c36d40b70dd6cf2264a6b (commit)
via cdcc2b65b2b361b362bc0fa86e9dc6f60fd65784 (commit)
via 87aa1d4fd8f07aaeb54cb54f23f40c935e23e897 (commit)
via 74ab1eaab2ca78c7d8b3a451167c88bcb4ec1335 (commit)
via e2233e032012c4286d4afecfd0f4d84da497f97b (commit)
via 0b5f3d82e2ee5721208685fe6d2ede4e0ebdaf29 (commit)
via 80b14f90de3eed0a64f9318850c515fb855d2261 (commit)
via a325ac0d049ef4a0e58c8744ae6c61fa193c800f (commit)
via ad312089ab65778fafe6b625f2b796a5b79da843 (commit)
via 3570e453da31c9cc29ef32aff4c10df5987eeb27 (commit)
via f923dbce924c5f3bfc1fc27560fcffe924f07b1c (commit)
via 7c9cd7c92f7672bcf6b100aa2913d6d0e0e33753 (commit)
via 4881ae828fa604dc2b7df6531c93654b104f8909 (commit)
via 4c5657837b3b5972e0a85da0607ff20bfb72892b (commit)
via 189b322aa22fa68d45a52504fa6f32ab0e1a2b57 (commit)
via 951add5ab10a12b0d40cd3a7edf812b524db6ff9 (commit)
via d17991d80002d65b2d9e98366a550d49ad5232c7 (commit)
via 4209699a3f6301c3e95e70216cb80c848f8133e0 (commit)
via 3718c5ea1b1e988980a03a8bbdf93a214add5152 (commit)
via 6221350f2ca27615ed5ef6b87b1d3ff76f16463f (commit)
via cfd4d893e92e4fe23615d4cd4724803c0a0804cf (commit)
via 08b7989feee46bbd95d253714fb90e112d37aa3a (commit)
via 58ac3d2ebe46394d10ebdf413f287aea73f2a646 (commit)
via 01cecdeeca3375402ee29e92683100f6b24e139d (commit)
via 5170d9057c4060a8a9be422f947ad450d5db100e (commit)
via 59d2fb3ad38acf6614515aef0e7e2e5ba7c5634d (commit)
via f8eafa6e6bf951ffade5abf62682204b7acd2e77 (commit)
via 619d19d8f5ff9200220742db5d0352b77c9755ea (commit)
via 5a927993be1a33d1837bc7ab21836fb29206d278 (commit)
via 057463bc9914d8d6472a2a08009caefb2f8cdc53 (commit)
via 1d838609a9dfa35dc9e05b088a79cf7a5f8e8a3d (commit)
via 2ad1bcc658c38c7be44de7aff54b7199975ab5b6 (commit)
via b784bcb5779ca6315717a5bbb9c554f0a28ecb6b (commit)
via 00593b893332714d7288ab683e270003471e35a8 (commit)
via cccfb9c04fa271ff05128749ce99713e50b2da23 (commit)
via d0a37b0ee1bc38f7eda0ae0f155c52fef5996f73 (commit)
via 90650ebd9e5316b3a8f6b6b8992a1b810f8db09b (commit)
via 1f71f5df36140e2239ae82bebfc7237eab34dc0f (commit)
via bb917e0b5a3a5797cc0929211db808e6d9303f9a (commit)
via f96ce669d98ce016f2340fd2286fd14dd6edc80b (commit)
via 8283903fdb1984c9d04722a8e0f9539e00ebf53f (commit)
via d9c47864b8068e8f524118a8a698f23eb0523c8d (commit)
via 40be851ec9b9ecdb48cc9bf250a2832de8ddf1d0 (commit)
via 9243676f7ffbfe9d6b2c614ca604a515893a8e54 (commit)
via d2d451591a7622e96cf3052e591029cdaa890419 (commit)
via 26a2816316b4883529f9d22175b8be2cd58271ff (commit)
via e8268e46e5de3529370c4bf23256ee3331595485 (commit)
via adc0df31fa1427d596294ab61f6b81e8f7d9033f (commit)
via 6ef92feaade1d8009bea08f0cb9f1ce8134714e5 (commit)
via 7d661a575463722a4d8ec7972c504b1f1829bb68 (commit)
via cb662a572320ea7df39adb87c8e6e4243bdfa95c (commit)
via c6669b25b173bcff6205f01231a9110e29b2179f (commit)
via 3a7a6d9818aa0c5cee0f0718c45d9bdbb9ff729c (commit)
via 7b181889291137eeb74fa8e140bf1db895f820be (commit)
via c0b8291e9b9f6581dc57bb55c19938d61ec77bec (commit)
via 37658c2a78f0c765409a5f6a811b925151631abd (commit)
via 162cd0600533c6ebfd7cfe84c36f74ece6016f47 (commit)
via 1792a7e43a5f01485f6e7ac337b1f425f50025f7 (commit)
via efd243054470431d4e6297630b712e01a02bbef0 (commit)
via a2a50999aa214fa01bb824d2b6fcec197ec2a8e9 (commit)
via 928e123047291ffdad341cf4ea680e4f1ee32793 (commit)
via 3f93f541fe4c1cfe6d8a610c1f25ea49c6f56c60 (commit)
via fca4f41887b8ec610177066aa1aa7a42155c36f3 (commit)
via ea67cdf9d1f2feee22b7c4a6313608343a662545 (commit)
via 2ed4791d30712ddca2db01ae94178f01d7e482cf (commit)
via 368de0891e5e646d9aa237ef880616d9c88099c5 (commit)
via 48915211ca52f5a329f51f03f1b7d0d49c95cfcb (commit)
via 4efe6ff6c9795a6406720cf0fb943ef3923b6557 (commit)
via bb35edd1aaa63499ff5e03f2b1747c9daa334f9f (commit)
via 8c77e7ee8dbdad4b9b8205d6afc76e8618987519 (commit)
via 0b5adf4051078b0012aa2ac301e26438aca2b0ea (commit)
via c3d22263a3dd4e8b1af0a55fa3f61f9ea2060c36 (commit)
via 168948f30a3941f66c5227184e82594fb34c65e8 (commit)
via bd8cefc1e0b8d7a3e3ddadac71132ef92bd9a161 (commit)
via 43f25021470fba8b81775eb8defb2060dc559ac7 (commit)
via 705bf2af674ac8d88edbd57a26a83bc7dcd32ab5 (commit)
via 1724fc9f3e2f088979913ecd4520c8ba13fb82ed (commit)
via 7222847f3cbade698d44d6947fdd52af9580e8a6 (commit)
via 5a8398e1cb86552b650d57dd2f3dc4bc2d5ccdb6 (commit)
via a3b9b97e8a1050b4aca7fa1e75e5249f54fd2eb4 (commit)
via 8eed4c026a0fe441e17a2d11dbbdbbf45a4fe9ed (commit)
via 89c6750d4c87cfd65c5eaaec25928bb91ccfcb43 (commit)
via 0ebc9d4b071fd1f4d08b977b6421b124d82f4e55 (commit)
via a3ce59dd06478b0989100fe8640559715a172cbb (commit)
via 92eda152e13098810bba60479c5b394c39e88c2d (commit)
via 8270885ce3f7d686bc572b7a8f3413835453bf2e (commit)
via c7274db8e651c595f0cfc29d0818f92d9711d56a (commit)
via 2d50c9ee79af79763360190b4a62180628cc6f0f (commit)
via b4363c143f5e53d10f0d15b51c34544473a95094 (commit)
via 5c785e244ebc4d0b128e9c3aa41855021be88565 (commit)
via 09bbeae82e86bcb149fb8d37f400bfd16797de5f (commit)
via 3a7f36396400279a3658686f94491e3663d3dbce (commit)
via 959ad3d4e999585d5a42f87241c7e49703d05f5c (commit)
via 74fccfa331cfc6c40885347c9543d536916fdedc (commit)
via ad7444222aab13481f89e9969a0f54589c561359 (commit)
via e7087766f7139a5368710be0d686d45d5e704650 (commit)
via 4faebb190e299f7b6698cf5a16fffc49d3c8ea8a (commit)
via 20c0286cc83034da5507bf063aeeb465d4f256e0 (commit)
via fdc1e018b32bb05dec8f6e1b9ae141e55a652468 (commit)
via 97f177e5fbc18b6561336c1d26018c9671d260b0 (commit)
via 1a7fa43df96202be810ff0d1fa05fca6ac53f648 (commit)
via b7eb9cbcc34931857fc2403eeab30d0663a17e72 (commit)
via d1655ade198840f1cd33690ecf1ff2172181afd0 (commit)
via b7393fb869e3ee843389e932e07a59266c4ce2a6 (commit)
via 5506d7cd5646ef95bb94ce9a1585aa69e14539e1 (commit)
via 29f7442f16352369779a43ad39a02149470032cd (commit)
via de58d4d2cf5e8742cd8ee3784f50923a19b338ae (commit)
via 8ebe790ea3271c7fedbc9fb6357aaa1f80b169ef (commit)
via 52c4d4c0fe723869a94c3a3292c17238ed83c14f (commit)
via 0d10462c93c0369a7c973f83b82893ec2b78af30 (commit)
via 55cb6f4032cd9a98ee650ab88515b2b8c5b09634 (commit)
via fa17a99b427c1c0a627bd144d692633b078bb1cb (commit)
via 488cdbd10f68e4d8b5c52934268de3c65d7e0a57 (commit)
via eaa7ba63829b129d2ddae95983ff81883d149bb9 (commit)
via 329e14ec5f581c7e9a490ca3a1b4b1f204cdd419 (commit)
via 02ff6818763e3c5c1ccc7d1fe3854a25cda74a50 (commit)
via 71007612cf3ab9409ab250f0e53b21be86c75780 (commit)
via 864c8193f45fb2733f3e6a148ec1aae7d95d155f (commit)
via 31d1728a9034e1cbcd394449a292a248cad0126e (commit)
via a3c69912e79951f1ef1b2df527f86d0f7ee4ca8b (commit)
via 0aaecd1166d8ed3aef066fa833eaa974190bec42 (commit)
via 5f265b6e7a59e60c6317985b9aacafc0bbd54f66 (commit)
via fa582274cdd3619063e383fbb712783605b7ed59 (commit)
via 63afe450821ab59b35ae2e28eb72df443a7d7a30 (commit)
via 06b0d1273c3b87a979fc10cbdd0d5ad8edfadd00 (commit)
via 87d42d49a8f5696144fe275fff80815985a1f82e (commit)
via 3d7eb03e26f579bff3e9f0eb29be72df2c081e21 (commit)
via 44a4386d75edb98b1f5c591107eee21c41f4f3d0 (commit)
via 1dca0dd8d3b711f2df33976d7f0ef8eed9e2418d (commit)
via 3b65a0a4401c1fc691908f4687cff791816bd0aa (commit)
via c13183e470c1fa40420c36b3839a1318a7a3806b (commit)
via 5acf18bf53605676b61a031ea4b4320146f00c42 (commit)
via 4b065939ff0737b37930c1fdee225658a47e92fc (commit)
via 303affec335d0e44bcb374ebd5cb6af862d013f7 (commit)
via ef35fe55305d97233f74dd75720f15d385a3432f (commit)
via c86408bba0f166786e0c48bb5e7be5126cf1039a (commit)
via dbd78716780b22733e92e8048691e560a31b8494 (commit)
via 4f0c2bd4c1a75d166937984dc2fa42bebdcf46aa (commit)
via c8466ec04ffaad0658f65cb104cde2c2a11bb499 (commit)
via c29107c60454340eaac64f00acacce8b76bc1970 (commit)
via 147c38f3740ef4be7c37a74982aaa1505145e59e (commit)
via 3ddacb63683ed572ff2f1d369974bd4b3fb8d6c6 (commit)
via 0abb5479c11e85c5cbc9e4046a6b678bcce723ab (commit)
via 18ef6a5a2d7f993d1902d65bf72ed0a04e984c2b (commit)
via 1fb42a2cbdb2b461ebc99e7c4f04734d760320a0 (commit)
via cda75b2b959fa89a4b23ef5e4e834bb93342ffe6 (commit)
via 18b1c0c1f30101f99cd6739b52261c6c2f7ce404 (commit)
via 779e7139fe27d7a22ae08dbd9419ff85d3992acc (commit)
via 821a1998125e527cad281907e0f719d3318261bd (commit)
via 7958c77aef51e1d06d1ec615772d400a602e3dec (commit)
via c36e510f788d72245d0464026fe22b1489b5c1f4 (commit)
via 3141f16f93e48a0f939319d8eaf8c1411562960a (commit)
via 006cfcd255cf190a9fd71a9a9a959fe7ae50881c (commit)
via c5f4ee6a1a64209629749602b54dfd2b6588d53e (commit)
via 61dcf35da28b1be98fd8329d570af5c8308d80c0 (commit)
via 0c3bd92fe2b61a67a41842a94214f65a9d2a02ca (commit)
via 18eef7274225ee97a7ea8170f95fff19b51aa3f8 (commit)
via e27e9174b64099c40f9546a85de51c6e9de18bcb (commit)
via 52b40c3287f54e1201c25276db74594928b4cacc (commit)
via 6c14b6bcf11a62d55db79653d2bba1d4cb47fbad (commit)
via f4badd92f323f42a58d87ccb50b93d6d9c283a37 (commit)
from 870f3c1539e8d87c3b9bb8511b193c2c9509f56b (commit)
Summary of changes:
.gitignore | 1 +
Makefile.in | 2 +-
bin/rt-mailgate.in | 1 -
bin/rt.in | 7 +-
devel/third-party/PIE_uncompressed.htc | 3064 --------------------
docs/hacking.pod | 10 +-
docs/security.pod | 15 +
docs/web_deployment.pod | 13 +
etc/RT_Config.pm.in | 58 +
etc/upgrade/4.0.6/content | 17 +
etc/upgrade/vulnerable-passwords.in | 3 +
lib/RT.pm | 23 +-
lib/RT/ACL.pm | 3 +
lib/RT/Action/CreateTickets.pm | 13 +-
lib/RT/Action/SendEmail.pm | 9 +-
lib/RT/Article.pm | 11 +
lib/RT/Attachments.pm | 11 +-
lib/RT/Class.pm | 1 +
lib/RT/Config.pm | 1 +
lib/RT/CustomField.pm | 80 +-
lib/RT/Dashboard/Mailer.pm | 3 +
lib/RT/Date.pm | 30 +-
lib/RT/Graph/Tickets.pm | 10 +-
lib/RT/Group.pm | 10 +
lib/RT/Groups.pm | 8 +
lib/RT/Handle.pm | 6 +-
lib/RT/I18N.pm | 51 +-
lib/RT/Interface/Email.pm | 27 +-
lib/RT/Interface/Web.pm | 364 ++-
lib/RT/Interface/Web/Handler.pm | 12 +-
lib/RT/Interface/Web/QueryBuilder/Tree.pm | 2 +-
lib/RT/Lifecycle.pm | 22 +
lib/RT/ObjectCustomField.pm | 12 +
lib/RT/ObjectCustomFieldValue.pm | 8 +-
lib/RT/Queue.pm | 12 +
lib/RT/Reminders.pm | 7 +-
lib/RT/Report/Tickets/Entry.pm | 4 +
lib/RT/Scrip.pm | 24 +-
lib/RT/SearchBuilder.pm | 19 +-
lib/RT/Shredder.pm | 2 +
lib/RT/Shredder/Plugin.pm | 1 +
lib/RT/Shredder/Queue.pm | 1 +
lib/RT/Template.pm | 24 +
lib/RT/Test.pm | 11 +-
lib/RT/Test/Web.pm | 1 +
lib/RT/Ticket.pm | 18 +-
lib/RT/Tickets.pm | 30 +-
lib/RT/Transaction.pm | 18 +-
lib/RT/URI.pm | 2 +-
lib/RT/User.pm | 76 +-
lib/RT/Users.pm | 8 +
sbin/rt-server.in | 1 +
sbin/rt-shredder.in | 2 +-
sbin/rt-test-dependencies.in | 3 +-
share/html/Admin/Articles/Elements/Topics | 2 +-
share/html/Admin/CustomFields/Modify.html | 4 +-
share/html/Admin/Elements/EditCustomFields | 3 +
share/html/Admin/Elements/EditRights | 6 +-
share/html/Admin/Elements/Portal | 2 +-
share/html/Admin/Elements/SelectNewGroupMembers | 8 +-
share/html/Admin/Groups/index.html | 2 +-
share/html/Admin/Tools/Queries.html | 4 +-
share/html/Admin/Tools/Shredder/Dumps/dhandler | 5 +-
.../Admin/Tools/Shredder/Elements/Error/NoStorage | 2 +-
share/html/Admin/Users/index.html | 2 +-
share/html/Approvals/Elements/PendingMyApproval | 4 +-
share/html/Articles/Article/Edit.html | 1 +
share/html/Articles/Article/Elements/EditTopics | 55 +-
share/html/Articles/Article/ExtractIntoClass.html | 2 +-
share/html/Articles/Elements/ShowTopicLink | 27 +
share/html/Articles/Topics.html | 249 +-
.../Classes/GroupRights.html => Elements/CSRF} | 39 +-
share/html/Elements/CollectionAsTable/Header | 4 +-
share/html/Elements/CollectionListPaging | 12 +-
share/html/Elements/ColumnMap | 10 +-
share/html/Elements/CreateTicket | 2 +-
share/html/Elements/EditCustomField | 2 +-
share/html/Elements/EditCustomFieldAutocomplete | 13 +-
share/html/Elements/EditCustomFieldSelect | 6 +-
share/html/Elements/Error | 2 +-
share/html/Elements/Footer | 4 +-
share/html/Elements/Header | 2 +-
share/html/Elements/HeaderJavascript | 4 +-
share/html/Elements/MessageBox | 15 +-
share/html/Elements/RT__CustomField/ColumnMap | 8 +-
share/html/Elements/RT__Dashboard/ColumnMap | 2 +-
share/html/Elements/SelectOwnerAutocomplete | 4 +-
share/html/Elements/ShowCustomFields | 10 +-
share/html/Elements/ShowSearch | 6 +-
share/html/Elements/ShowUser | 2 +-
share/html/Elements/Submit | 14 +-
share/html/Elements/Tabs | 46 +-
share/html/Helpers/Autocomplete/CustomFieldValues | 44 +-
share/html/Helpers/Toggle/ShowRequestor | 4 +-
share/html/Install/DatabaseType.html | 2 +-
share/html/Install/Finish.html | 2 +-
share/html/NoAuth/Logout.html | 2 +-
share/html/NoAuth/css/aileron/InHeader | 3 -
share/html/NoAuth/css/aileron/msie-pie.css | 58 -
share/html/NoAuth/css/images/PIE.htc | 77 -
share/html/NoAuth/css/web2/InHeader | 3 -
share/html/NoAuth/css/web2/msie-pie.css | 60 -
share/html/NoAuth/js/titlebox-state.js | 2 +-
share/html/NoAuth/js/userautocomplete.js | 2 +-
share/html/NoAuth/js/util.js | 4 +-
share/html/REST/1.0/Forms/ticket/default | 24 +-
share/html/REST/1.0/Forms/transaction/default | 3 -
share/html/REST/1.0/ticket/link | 5 +-
share/html/Search/Build.html | 2 +-
share/html/Search/Chart.html | 2 +-
share/html/Search/Results.html | 12 +-
share/html/Search/Simple.html | 10 +-
share/html/SelfService/Elements/MyRequests | 22 +-
share/html/SelfService/index.html | 2 +
share/html/Ticket/Create.html | 2 +-
share/html/Ticket/Elements/Bookmark | 2 +-
share/html/Ticket/Elements/ClickToShowHistory | 2 +-
share/html/Ticket/Elements/FoldStanzaJS | 2 +-
share/html/Ticket/Elements/Reminders | 15 +-
share/html/Ticket/Elements/ShowHistory | 9 +-
share/html/Ticket/Elements/ShowRequestor | 4 +-
share/html/Ticket/Elements/UpdateCc | 6 +-
.../Ticket/Graphs/Elements/EditGraphProperties | 2 +-
share/html/Ticket/Graphs/Elements/ShowGraph | 1 +
share/html/Ticket/Graphs/dhandler | 1 +
share/html/Widgets/ComboBox | 4 +-
share/html/Widgets/TitleBoxStart | 2 +-
share/html/index.html | 2 +-
share/html/l | 2 +-
share/html/{l => l_unsafe} | 0
share/html/m/_elements/footer | 2 +-
share/html/m/ticket/create | 15 +-
share/html/m/ticket/show | 12 +-
share/html/m/tickets/search | 2 +-
t/api/date.t | 10 +-
t/api/report_tickets.t | 15 +
t/api/tickets.t | 15 +-
.../rfc2231-attachment-filename-continuations | 36 +
t/mail/dashboard-chart-with-utf8.t | 92 +
t/mail/mime_decoding.t | 28 +-
t/mail/rfc2231-attachment.t | 28 +
t/mail/specials-in-encodedwords.t | 40 +
t/web/attachments.t | 11 +-
t/web/case-sensitivity.t | 2 +-
t/web/command_line_link_to_articles.t | 48 +
t/web/csrf-rest.t | 77 +
t/web/csrf.t | 183 ++
t/web/installer.t | 3 +
t/web/owner_disabled_group_19221.t | 190 ++
t/web/redirect-after-login.t | 6 +-
t/web/rest_cfs_with_same_name.t | 88 +
t/web/scrub.t | 4 +-
152 files changed, 2210 insertions(+), 3855 deletions(-)
delete mode 100644 devel/third-party/PIE_uncompressed.htc
create mode 100644 etc/upgrade/4.0.6/content
create mode 100644 share/html/Articles/Elements/ShowTopicLink
copy share/html/{Admin/Articles/Classes/GroupRights.html => Elements/CSRF} (66%)
delete mode 100644 share/html/NoAuth/css/aileron/msie-pie.css
delete mode 100644 share/html/NoAuth/css/images/PIE.htc
delete mode 100644 share/html/NoAuth/css/web2/msie-pie.css
copy share/html/{l => l_unsafe} (100%)
create mode 100644 t/api/report_tickets.t
create mode 100644 t/data/emails/rfc2231-attachment-filename-continuations
create mode 100644 t/mail/dashboard-chart-with-utf8.t
create mode 100644 t/mail/rfc2231-attachment.t
create mode 100644 t/mail/specials-in-encodedwords.t
create mode 100644 t/web/command_line_link_to_articles.t
create mode 100644 t/web/csrf-rest.t
create mode 100644 t/web/csrf.t
create mode 100644 t/web/owner_disabled_group_19221.t
create mode 100644 t/web/rest_cfs_with_same_name.t
- Log -----------------------------------------------------------------
commit 48531b208ba9ad02743d96164676880dd48e3b05
Merge: 870f3c1 2931b56
Author: Alex Vandiver <alexmv at bestpractical.com>
Date: Tue May 22 15:16:47 2012 -0400
Merge branch '4.0-trunk'
diff --cc lib/RT/CustomField.pm
index f6324a6,2002d4e..9dd5407
--- a/lib/RT/CustomField.pm
+++ b/lib/RT/CustomField.pm
@@@ -1693,9 -1767,10 +1767,10 @@@ sub SetBasedOn
unless defined $value and length $value;
my $cf = RT::CustomField->new( $self->CurrentUser );
+ $cf->SetContextObject( $self->ContextObject );
$cf->Load( ref $value ? $value->id : $value );
- return (0, "Permission denied")
+ return (0, "Permission Denied")
unless $cf->id && $cf->CurrentUserHasRight('SeeCustomField');
# XXX: Remove this restriction once we support lists and cascaded selects
diff --cc lib/RT/Interface/Web.pm
index 85fd0d1,c8b258f..89142b2
--- a/lib/RT/Interface/Web.pm
+++ b/lib/RT/Interface/Web.pm
@@@ -2119,71 -2379,32 +2372,72 @@@ sub ProcessTicketReminders
if ( $args->{'update-reminders'} ) {
while ( my $reminder = $reminder_collection->Next ) {
+ my $resolve_status = $reminder->QueueObj->Lifecycle->ReminderStatusOnResolve;
- if ( $reminder->Status ne $resolve_status && $args->{ 'Complete-Reminder-' . $reminder->id } ) {
- $Ticket->Reminders->Resolve($reminder);
+ my ( $status, $msg, $old_subject, @subresults );
- if ( $reminder->Status ne 'resolved'
++ if ( $reminder->Status ne $resolve_status
+ && $args->{ 'Complete-Reminder-' . $reminder->id } )
+ {
+ ( $status, $msg ) = $Ticket->Reminders->Resolve($reminder);
+ push @subresults, $msg;
}
- elsif ( $reminder->Status eq 'resolved'
- elsif ( $reminder->Status eq $resolve_status && !$args->{ 'Complete-Reminder-' . $reminder->id } ) {
- $Ticket->Reminders->Open($reminder);
++ elsif ( $reminder->Status eq $resolve_status
+ && !$args->{ 'Complete-Reminder-' . $reminder->id } )
+ {
+ ( $status, $msg ) = $Ticket->Reminders->Open($reminder);
+ push @subresults, $msg;
}
- if ( exists( $args->{ 'Reminder-Subject-' . $reminder->id } ) && ( $reminder->Subject ne $args->{ 'Reminder-Subject-' . $reminder->id } )) {
- $reminder->SetSubject( $args->{ 'Reminder-Subject-' . $reminder->id } ) ;
+ if (
+ exists( $args->{ 'Reminder-Subject-' . $reminder->id } )
+ && ( $reminder->Subject ne
+ $args->{ 'Reminder-Subject-' . $reminder->id } )
+ )
+ {
+ $old_subject = $reminder->Subject;
+ ( $status, $msg ) =
+ $reminder->SetSubject(
+ $args->{ 'Reminder-Subject-' . $reminder->id } );
+ push @subresults, $msg;
}
- if ( exists( $args->{ 'Reminder-Owner-' . $reminder->id } ) && ( $reminder->Owner != $args->{ 'Reminder-Owner-' . $reminder->id } )) {
- $reminder->SetOwner( $args->{ 'Reminder-Owner-' . $reminder->id } , "Force" ) ;
+ if (
+ exists( $args->{ 'Reminder-Owner-' . $reminder->id } )
+ && ( $reminder->Owner !=
+ $args->{ 'Reminder-Owner-' . $reminder->id } )
+ )
+ {
+ ( $status, $msg ) =
+ $reminder->SetOwner(
+ $args->{ 'Reminder-Owner-' . $reminder->id }, "Force" );
+ push @subresults, $msg;
}
- if ( exists( $args->{ 'Reminder-Due-' . $reminder->id } ) && $args->{ 'Reminder-Due-' . $reminder->id } ne '' ) {
+ if ( exists( $args->{ 'Reminder-Due-' . $reminder->id } )
+ && $args->{ 'Reminder-Due-' . $reminder->id } ne '' )
+ {
my $DateObj = RT::Date->new( $session{'CurrentUser'} );
+ my $due = $args->{ 'Reminder-Due-' . $reminder->id };
+
$DateObj->Set(
Format => 'unknown',
- Value => $args->{ 'Reminder-Due-' . $reminder->id }
+ Value => $due,
);
- if ( defined $DateObj->Unix && $DateObj->Unix != $reminder->DueObj->Unix ) {
- $reminder->SetDue( $DateObj->ISO );
+ if ( defined $DateObj->Unix
+ && $DateObj->Unix != $reminder->DueObj->Unix )
+ {
+ ( $status, $msg ) = $reminder->SetDue( $DateObj->ISO );
+ }
+ else {
+ $msg = loc( "invalid due date: [_1]", $due );
}
+
+ push @subresults, $msg;
}
+
+ push @results, map {
+ loc( "Reminder '[_1]': ", $old_subject || $reminder->Subject )
+ . $_
+ } @subresults;
}
}
diff --cc share/html/Elements/ShowSearch
index 26e2fc8,4b96bbf..7358912
--- a/share/html/Elements/ShowSearch
+++ b/share/html/Elements/ShowSearch
@@@ -64,13 -64,12 +64,13 @@@ my $query_link_url = RT->Config->Get('W
if ($SavedSearch) {
my ( $container_object, $search_id ) = _parse_saved_search($SavedSearch);
unless ( $container_object ) {
- $m->out(loc("Either you have no rights to view saved search [_1] or identifier is incorrect", $SavedSearch));
+ $m->out(loc("Either you have no rights to view saved search [_1] or identifier is incorrect", $m->interp->apply_escapes($SavedSearch, 'h')));
return;
}
- $search = $container_object->Attributes->WithId($search_id);
+ $search = RT::Attribute->new( $session{'CurrentUser'} );
+ $search->Load($search_id);
unless ( $search->Id && ref( $SearchArg = $search->Content ) eq 'HASH' ) {
- $m->out(loc("Saved search [_1] not found", $SavedSearch)) unless $IgnoreMissing;
- $m->out(loc("Saved Search [_1] not found", $m->interp->apply_escapes($SavedSearch, 'h'))) unless $IgnoreMissing;
++ $m->out(loc("Saved search [_1] not found", $m->interp->apply_escapes($SavedSearch, 'h'))) unless $IgnoreMissing;
return;
}
$SearchArg->{'SavedSearchId'} ||= $SavedSearch;
diff --cc share/html/Ticket/Elements/Bookmark
index 5f4cfc5,30c9a43..21c8104
--- a/share/html/Ticket/Elements/Bookmark
+++ b/share/html/Ticket/Elements/Bookmark
@@@ -63,8 -83,8 +63,8 @@@ $Toggle =>
</%ARGS>
<span class="toggle-bookmark-<% $id %>">
% my $url = RT->Config->Get('WebPath') ."/Helpers/Toggle/TicketBookmark?id=". $id;
- <a align="right" href="<% $url %>" onclick="jQuery('.toggle-bookmark-<% $id |n%>').load('<% $url |n %>'); return false;" >
+ <a align="right" href="<% $url %>" onclick="jQuery('.toggle-bookmark-'+<% $id |n,j%>).load(<% $url |n,j %>); return false;" >
-% if ( $bookmarked ) {
+% if ( $is_bookmarked ) {
<img src="<% RT->Config->Get('WebPath') %>/NoAuth/images/star.gif" alt="<% loc('Remove Bookmark') %>" style="border-style: none" />
% } else {
<img src="<% RT->Config->Get('WebPath') %>/NoAuth/images/empty_star.gif" alt="<% loc('Add Bookmark') %>" style="border-style: none" />
diff --cc share/html/Ticket/Elements/Reminders
index 95afe6c,36d0d8e..c12159e
--- a/share/html/Ticket/Elements/Reminders
+++ b/share/html/Ticket/Elements/Reminders
@@@ -84,20 -83,18 +85,20 @@@ my $reminder_collection = $count_remind
% }
</tr>
% my $i = 0;
-% my $visible = 0;
+
% while ( my $reminder = $reminder_collection->Next ) {
% $i++;
- % if ( $reminder->Status eq 'resolved' && !$ShowCompleted ) {
+ % if ( $reminder->Status eq $resolve_status && !$ShowCompleted ) {
<tr class="hidden"><td><input type="hidden" class="hidden" name="Complete-Reminder-<% $reminder->id %>" value="1" /></td></tr>
% $i++;
-% } elsif ($Edit) {
+% }
+% else {
+% $editable = 1 if !$editable && $reminder->CurrentUserHasRight( 'ModifyTicket' );
+% if ($Edit) {
<& SELF:EditEntry, Reminder => $reminder, Ticket => $Ticket, Index => $i &>
-% $visible++;
-% } else {
+% } else {
<& SELF:ShowEntry, Reminder => $reminder, Ticket => $Ticket, Index => $i &>
-% $visible++;
+% }
% }
% }
</table>
@@@ -150,25 -140,9 +151,25 @@@ $Ticke
$Index
</%args>
<tr class="<% $Index%2 ? 'oddline' : 'evenline' %>">
-<td class="entry"><input type="checkbox" value="1" name="Complete-Reminder-<% $Reminder->id %>" <% $Reminder->Status eq $Reminder->QueueObj->Lifecycle->ReminderStatusOnResolve ? 'checked="checked"' : '' |n %> /></td>
+<td class="entry">
+% unless ( $Reminder->CurrentUserHasRight('ModifyTicket') ) {
+<input name="Complete-Reminder-<% $Reminder->id %>" type="hidden"
- value=<% $Reminder->Status eq 'resolved' ? 1 : 0 %> />
++value=<% $Reminder->Status eq $Reminder->QueueObj->Lifecycle->ReminderStatusOnResolve ? 1 : 0 %> />
+% }
+
- <input type="checkbox" value="1" name="Complete-Reminder-<% $Reminder->id %>" <% $Reminder->Status eq 'resolved' ? 'checked="checked"' : '' |n %>
++<input type="checkbox" value="1" name="Complete-Reminder-<% $Reminder->id %>" <% $Reminder->Status eq $Reminder->QueueObj->Lifecycle->ReminderStatusOnResolve ? 'checked="checked"' : '' |n %>
+% unless ( $Reminder->CurrentUserHasRight('ModifyTicket') ) {
+disabled="disabled"
+% }
+/></td>
<td class="label"><&|/l&>Subject</&>:</td>
-<td class="entry" colspan="3"><input type="text" size="50" name="Reminder-Subject-<% $Reminder->id %>" value="<% $Reminder->Subject %>" /></td>
+<td class="entry" colspan="3">
+<input type="text" size="50" name="Reminder-Subject-<% $Reminder->id %>" value="<% $Reminder->Subject %>"
+% unless ( $Reminder->CurrentUserHasRight('ModifyTicket') ) {
+readonly="readonly"
+% }
+/>
+</td>
</tr>
<tr class="<% $Index%2 ? 'oddline' : 'evenline' %>">
<td class="entry"> </td>
@@@ -192,17 -161,7 +193,17 @@@ $Inde
% my $dueobj = $Reminder->DueObj;
% my $overdue = $dueobj->Unix > 0 && $dueobj->Diff < 0 ? 1 : 0;
<tr class="<% $Index%2 ? 'oddline' : 'evenline' %>">
-<td class="collection-as-table"><input type="checkbox" value="1" name="Complete-Reminder-<% $Reminder->id %>" <% $Reminder->Status eq $Reminder->QueueObj->Lifecycle->ReminderStatusOnResolve ? 'checked="checked"' : '' |n %> /></td>
+
+<td class="collection-as-table">
+% unless ( $Reminder->CurrentUserHasRight('ModifyTicket') ) {
+<input name="Complete-Reminder-<% $Reminder->id %>" type="hidden"
- value=<% $Reminder->Status eq 'resolved' ? 1 : 0 %> />
++value=<% $Reminder->Status eq $Reminder->QueueObj->Lifecycle->ReminderStatusOnResolve ? 1 : 0 %> />
+% }
- <input type="checkbox" value="1" name="Complete-Reminder-<% $Reminder->id %>" <% $Reminder->Status eq 'resolved' ? 'checked="checked"' : '' |n %>
++<input type="checkbox" value="1" name="Complete-Reminder-<% $Reminder->id %>" <% $Reminder->Status eq $Reminder->QueueObj->Lifecycle->ReminderStatusOnResolve ? 'checked="checked"' : '' |n %>
+% unless ( $Reminder->CurrentUserHasRight('ModifyTicket') ) {
+disabled="disabled"
+% }
+/></td>
<td class="collection-as-table"><% $Reminder->Subject %></td>
<td class="collection-as-table"><% $overdue ? '<span class="overdue">' : '' |n %><% $dueobj->AgeAsString || loc('Not set') %><% $overdue ? '</span>' : '' |n %></td>
<td class="collection-as-table"><& /Elements/ShowUser, User => $Reminder->OwnerObj &></td>
diff --cc t/mail/mime_decoding.t
index 656ab2a,7515e2c..845ff23
--- a/t/mail/mime_decoding.t
+++ b/t/mail/mime_decoding.t
@@@ -1,6 -1,7 +1,6 @@@
-#!/usr/bin/perl
use strict;
use warnings;
- use RT::Test nodb => 1, tests => 8;
+ use RT::Test nodb => 1, tests => 9;
use_ok('RT::I18N');
diff --cc t/web/attachments.t
index 8c6fdc6,0f2c60f..160ee6e
--- a/t/web/attachments.t
+++ b/t/web/attachments.t
@@@ -1,6 -1,7 +1,6 @@@
-#!/usr/bin/perl -w
use strict;
- use RT::Test tests => 25;
+ use RT::Test tests => 28;
use constant LogoFile => $RT::MasonComponentRoot .'/NoAuth/images/bpslogo.png';
use constant FaviconFile => $RT::MasonComponentRoot .'/NoAuth/images/favicon.png';
diff --cc t/web/csrf.t
index 0000000,d99b4ce..714e792
mode 000000,100644..100644
--- a/t/web/csrf.t
+++ b/t/web/csrf.t
@@@ -1,0 -1,181 +1,183 @@@
+ #!/usr/bin/perl
+ use strict;
+ use warnings;
+
+ use RT::Test tests => undef;
+
+ my $ticket = RT::Ticket->new(RT::CurrentUser->new('root'));
+ my ($ok, $msg) = $ticket->Create(Queue => 1, Owner => 'nobody', Subject => 'bad music');
+ ok($ok);
+ my $other = RT::Test->load_or_create_queue(Name => "Other queue", Disabled => 0);
+ my $other_queue_id = $other->id;
+
+ my ($baseurl, $m) = RT::Test->started_ok;
+
+ my $test_page = "/Ticket/Create.html?Queue=1";
+ my $test_path = "/Ticket/Create.html";
+
+ ok $m->login, 'logged in';
+
+ # valid referer
+ $m->add_header(Referer => $baseurl);
+ $m->get_ok($test_page);
+ $m->content_lacks("Possible cross-site request forgery");
+ $m->title_is('Create a new ticket');
+
+ # off-site referer BUT provides auth
+ $m->add_header(Referer => 'http://example.net');
+ $m->get_ok("$test_page&user=root&pass=password");
+ $m->content_lacks("Possible cross-site request forgery");
+ $m->title_is('Create a new ticket');
+
+ # explicitly no referer BUT provides auth
+ $m->add_header(Referer => undef);
+ $m->get_ok("$test_page&user=root&pass=password");
+ $m->content_lacks("Possible cross-site request forgery");
+ $m->title_is('Create a new ticket');
+
+ # now send a referer from an attacker
+ $m->add_header(Referer => 'http://example.net');
+ $m->get_ok($test_page);
+ $m->content_contains("Possible cross-site request forgery");
+ $m->content_contains("If you really intended to visit <tt>/Ticket/Create.html</tt>");
+ $m->content_contains("the Referrer header supplied by your browser (example.net:80) is not allowed");
+ $m->title_is('Possible cross-site request forgery');
+
+ # reinstate mech's usual header policy
+ $m->delete_header('Referer');
+
+ # clicking the resume request button gets us to the test page
+ $m->follow_link(text_regex => qr{resume your request});
+ $m->content_lacks("Possible cross-site request forgery");
+ like($m->response->request->uri, qr{^http://[^/]+\Q$test_path\E\?CSRF_Token=\w+$});
+ $m->title_is('Create a new ticket');
+
+ # try a whitelisted argument from an attacker
+ $m->add_header(Referer => 'http://example.net');
+ $m->get_ok("/Ticket/Display.html?id=1");
+ $m->content_lacks("Possible cross-site request forgery");
+ $m->title_is('#1: bad music');
+
+ # now a non-whitelisted argument
+ $m->get_ok("/Ticket/Display.html?id=1&Action=Take");
+ $m->content_contains("Possible cross-site request forgery");
+ $m->content_contains("If you really intended to visit <tt>/Ticket/Display.html</tt>");
+ $m->content_contains("the Referrer header supplied by your browser (example.net:80) is not allowed");
+ $m->title_is('Possible cross-site request forgery');
+
+ $m->delete_header('Referer');
+ $m->follow_link(text_regex => qr{resume your request});
+ $m->content_lacks("Possible cross-site request forgery");
+ like($m->response->request->uri, qr{^http://[^/]+\Q/Ticket/Display.html});
+ $m->title_is('#1: bad music');
+ $m->content_contains('Owner changed from Nobody to root');
+
+ # force mech to never set referer
+ $m->add_header(Referer => undef);
+ $m->get_ok($test_page);
+ $m->content_contains("Possible cross-site request forgery");
+ $m->content_contains("If you really intended to visit <tt>/Ticket/Create.html</tt>");
+ $m->content_contains("your browser did not supply a Referrer header");
+ $m->title_is('Possible cross-site request forgery');
+
+ $m->follow_link(text_regex => qr{resume your request});
+ $m->content_lacks("Possible cross-site request forgery");
+ is($m->response->redirects, 0, "no redirection");
+ like($m->response->request->uri, qr{^http://[^/]+\Q$test_path\E\?CSRF_Token=\w+$});
+ $m->title_is('Create a new ticket');
+
+ # try sending the wrong csrf token, then the right one
+ $m->add_header(Referer => undef);
+ $m->get_ok($test_page);
+ $m->content_contains("Possible cross-site request forgery");
+ $m->content_contains("If you really intended to visit <tt>/Ticket/Create.html</tt>");
+ $m->content_contains("your browser did not supply a Referrer header");
+ $m->title_is('Possible cross-site request forgery');
+
+ # Sending a wrong CSRF is just a normal request. We'll make a request
+ # with just an invalid token, which means no Queue=, which means
+ # Create.html errors out.
+ my $link = $m->find_link(text_regex => qr{resume your request});
+ (my $broken_url = $link->url) =~ s/(CSRF_Token)=\w+/$1=crud/;
+ $m->get_ok($broken_url);
-$m->content_contains("Queue could not be loaded");
++$m->content_like(qr/Queue\s+could not be loaded/);
+ $m->title_is('RT Error');
-$m->warning_like(qr/Queue could not be loaded/);
++$m->next_warning_like(qr/Use of uninitialized value/);
++$m->next_warning_like(qr/Queue\s+could not be loaded/);
++$m->no_leftover_warnings_ok;
+
+ # The token doesn't work for other pages, or other arguments to the same page.
+ $m->add_header(Referer => undef);
+ $m->get_ok($test_page);
+ $m->content_contains("Possible cross-site request forgery");
+ my ($token) = $m->content =~ m{CSRF_Token=(\w+)};
+
+ $m->add_header(Referer => undef);
+ $m->get_ok("/Admin/Queues/Modify.html?id=new&Name=test&CSRF_Token=$token");
+ $m->content_contains("Possible cross-site request forgery");
+ $m->content_contains("If you really intended to visit <tt>/Admin/Queues/Modify.html</tt>");
+ $m->content_contains("your browser did not supply a Referrer header");
+ $m->title_is('Possible cross-site request forgery');
+
+ $m->follow_link(text_regex => qr{resume your request});
+ $m->content_lacks("Possible cross-site request forgery");
+ $m->title_is('Configuration for queue test');
+
+ # Try the same page, but different query parameters, which are blatted by the token
+ $m->get_ok("/Ticket/Create.html?Queue=$other_queue_id&CSRF_Token=$token");
+ $m->content_lacks("Possible cross-site request forgery");
+ $m->title_is('Create a new ticket');
+ $m->text_unlike(qr/Queue:\s*Other queue/);
+ $m->text_like(qr/Queue:\s*General/);
+
+ # Ensure that file uploads work across the interstitial
+ $m->delete_header('Referer');
+ $m->get_ok($test_page);
+ $m->content_contains("Create a new ticket", 'ticket create page');
+ $m->form_name('TicketCreate');
+ $m->field('Subject', 'Attachments test');
+
+ my $logofile = "$RT::MasonComponentRoot/NoAuth/images/bpslogo.png";
+ open LOGO, "<", $logofile or die "Can't open logo file: $!";
+ binmode LOGO;
+ my $logo_contents = do {local $/; <LOGO>};
+ close LOGO;
+ $m->field('Attach', $logofile);
+
+ # Lose the referer before the POST
+ $m->add_header(Referer => undef);
+ $m->submit;
+ $m->content_contains("Possible cross-site request forgery");
+ $m->content_contains("If you really intended to visit <tt>/Ticket/Create.html</tt>");
+ $m->follow_link(text_regex => qr{resume your request});
+ $m->content_contains('Download bpslogo.png', 'page has file name');
+ $m->follow_link_ok({text => "Download bpslogo.png"});
+ is($m->content, $logo_contents, "Binary content matches");
+
+
+ # now try self-service with CSRF
+ my $user = RT::User->new(RT->SystemUser);
+ $user->Create(Name => "SelfService", Password => "chops", Privileged => 0);
+
+ $m = RT::Test::Web->new;
+ $m->get_ok("$baseurl/index.html?user=SelfService&pass=chops");
+ $m->title_is("Open tickets", "got self-service interface");
+ $m->content_contains("My open tickets", "got self-service interface");
+
+ # post without referer
+ $m->add_header(Referer => undef);
+ $m->get_ok("/SelfService/Create.html?Queue=1");
+ $m->content_contains("Possible cross-site request forgery");
+ $m->content_contains("If you really intended to visit <tt>/SelfService/Create.html</tt>");
+ $m->content_contains("your browser did not supply a Referrer header");
+ $m->title_is('Possible cross-site request forgery');
+
+ $m->follow_link(text_regex => qr{resume your request});
+ $m->content_lacks("Possible cross-site request forgery");
+ is($m->response->redirects, 0, "no redirection");
+ like($m->response->request->uri, qr{^http://[^/]+\Q/SelfService/Create.html\E\?CSRF_Token=\w+$});
+ $m->title_is('Create a ticket');
+ $m->content_contains('Describe the issue below:');
+
+ undef $m;
+ done_testing;
-----------------------------------------------------------------------
More information about the Rt-commit
mailing list