[Rt-commit] [rtir] 01/01: Add RTIR search result page to CSRF whitelist

[Jim Brandt]

This is an automated email from the git hooks/post-receive script.

jbrandt pushed a commit to branch 3.0/whitelist-rtir-search-results
in repository rtir.

commit 477d9712debd60d00c815f0ff6fe434cded80a5c
Author: Jim Brandt <jbrandt at bestpractical.com>
Date:   Mon Aug 19 14:22:13 2013 -0400

    Add RTIR search result page to CSRF whitelist
---
 etc/RTIR_Config.pm | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/etc/RTIR_Config.pm b/etc/RTIR_Config.pm
index 634a76b..e3f454d 100644
--- a/etc/RTIR_Config.pm
+++ b/etc/RTIR_Config.pm
@@ -680,4 +680,17 @@ Read F<docs/AdministrationTutorial.pod>.
 
 =cut
 
+# Add the RTIR search result page to the whitelist to allow
+# bookmarks to work without CSRF warnings, similar to the RT
+# search result page. As noted in the similar RT configuration,
+# whitelisted search links can be used for denial-of-service against RT
+# (construct a very inefficient query and trick lots of users into
+# running them against RT). This is offset by the general usefulness of
+# bookmarking search links.
+
+{
+    require RT::Interface::Web;
+    $RT::Interface::Web::is_whitelisted_component{'/RTIR/Search/Results.html'} = 1;
+}
+
 1;

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.