[Rt-commit] rt branch, 4.2/web-attachs-processing, updated. rt-4.0.8-579-g0598626

Ruslan Zakirov ruz at bestpractical.com
Fri Nov 23 04:06:31 EST 2012


The branch, 4.2/web-attachs-processing has been updated
       via  05986266a707556d8d829c66372e825667582ac8 (commit)
      from  57851e1cfc79e2ae08b67c72492c78c72957ef84 (commit)

Summary of changes:
 lib/RT/Interface/Web.pm | 2 +-
 t/web/csrf.t            | 1 -
 2 files changed, 1 insertion(+), 2 deletions(-)

- Log -----------------------------------------------------------------
commit 05986266a707556d8d829c66372e825667582ac8
Author: Ruslan Zakirov <ruz at bestpractical.com>
Date:   Fri Nov 23 13:05:55 2012 +0400

    port CSRF protection over new attachments code

diff --git a/lib/RT/Interface/Web.pm b/lib/RT/Interface/Web.pm
index ef4683c..c4697a1 100644
--- a/lib/RT/Interface/Web.pm
+++ b/lib/RT/Interface/Web.pm
@@ -1433,7 +1433,7 @@ sub ExpandCSRFToken {
     if ($data->{attach}) {
         my $filename = $data->{attach}{filename};
         my $mime     = $data->{attach}{mime};
-        $HTML::Mason::Commands::session{'Attachments'}{$filename}
+        $HTML::Mason::Commands::session{'Attachments'}{$ARGS->{'Token'}||''}{$filename}
             = $mime;
     }
 
diff --git a/t/web/csrf.t b/t/web/csrf.t
index bdafd55..64bd22a 100644
--- a/t/web/csrf.t
+++ b/t/web/csrf.t
@@ -101,7 +101,6 @@ my $link = $m->find_link(text_regex => qr{resume your request});
 $m->get_ok($broken_url);
 $m->content_like(qr/Queue\s+could not be loaded/);
 $m->title_is('RT Error');
-$m->next_warning_like(qr/Use of uninitialized value/);
 $m->next_warning_like(qr/Queue\s+could not be loaded/);
 $m->no_leftover_warnings_ok;
 

-----------------------------------------------------------------------


More information about the Rt-commit mailing list