[Rt-commit] rt branch, 4.2/web-attachs-processing, updated. rt-4.0.8-579-g0598626
Ruslan Zakirov
ruz at bestpractical.com
Fri Nov 23 04:06:31 EST 2012
The branch, 4.2/web-attachs-processing has been updated
via 05986266a707556d8d829c66372e825667582ac8 (commit)
from 57851e1cfc79e2ae08b67c72492c78c72957ef84 (commit)
Summary of changes:
lib/RT/Interface/Web.pm | 2 +-
t/web/csrf.t | 1 -
2 files changed, 1 insertion(+), 2 deletions(-)
- Log -----------------------------------------------------------------
commit 05986266a707556d8d829c66372e825667582ac8
Author: Ruslan Zakirov <ruz at bestpractical.com>
Date: Fri Nov 23 13:05:55 2012 +0400
port CSRF protection over new attachments code
diff --git a/lib/RT/Interface/Web.pm b/lib/RT/Interface/Web.pm
index ef4683c..c4697a1 100644
--- a/lib/RT/Interface/Web.pm
+++ b/lib/RT/Interface/Web.pm
@@ -1433,7 +1433,7 @@ sub ExpandCSRFToken {
if ($data->{attach}) {
my $filename = $data->{attach}{filename};
my $mime = $data->{attach}{mime};
- $HTML::Mason::Commands::session{'Attachments'}{$filename}
+ $HTML::Mason::Commands::session{'Attachments'}{$ARGS->{'Token'}||''}{$filename}
= $mime;
}
diff --git a/t/web/csrf.t b/t/web/csrf.t
index bdafd55..64bd22a 100644
--- a/t/web/csrf.t
+++ b/t/web/csrf.t
@@ -101,7 +101,6 @@ my $link = $m->find_link(text_regex => qr{resume your request});
$m->get_ok($broken_url);
$m->content_like(qr/Queue\s+could not be loaded/);
$m->title_is('RT Error');
-$m->next_warning_like(qr/Use of uninitialized value/);
$m->next_warning_like(qr/Queue\s+could not be loaded/);
$m->no_leftover_warnings_ok;
-----------------------------------------------------------------------
More information about the Rt-commit
mailing list