[Rt-commit] rt branch, 4.0/whitelist-search-chart, created. rt-4.0.18-118-g96faae4
Kevin Falcone
falcone at bestpractical.com
Tue Dec 10 17:19:42 EST 2013
The branch, 4.0/whitelist-search-chart has been created
at 96faae4f99b556502b422e7b5eb5a35231cf5841 (commit)
- Log -----------------------------------------------------------------
commit 96faae4f99b556502b422e7b5eb5a35231cf5841
Author: Kevin Falcone <falcone at bestpractical.com>
Date: Tue Dec 10 17:17:02 2013 -0500
Chart results of searches are also commonly linked to.
They're just as much of a DOS target as Results.html, but utility wins
out.
diff --git a/lib/RT/Interface/Web.pm b/lib/RT/Interface/Web.pm
index b3a45a0..8c7e910 100644
--- a/lib/RT/Interface/Web.pm
+++ b/lib/RT/Interface/Web.pm
@@ -1277,10 +1277,11 @@ our %is_whitelisted_component = (
# While these can be used for denial-of-service against RT
# (construct a very inefficient query and trick lots of users into
# running them against RT) it's incredibly useful to be able to link
- # to a search result or bookmark a result page.
+ # to a search result (or chart) or bookmark a result page.
'/Search/Results.html' => 1,
'/Search/Simple.html' => 1,
- '/m/tickets/search' => 1,
+ '/m/tickets/search' => 1,
+ '/Search/Chart.html' => 1,
# This page takes Attachment and Transaction argument to figure
# out what to show, but it's read only and will deny information if you
-----------------------------------------------------------------------
More information about the rt-commit
mailing list