[Rt-commit] rt branch, 4.2/pass-octets-to-encodelob, updated. rt-4.2.1-55-g329458a

[Alex Vandiver]

The branch, 4.2/pass-octets-to-encodelob has been updated
       via  329458a9b8c828b11c2fccaf11149da3ae57609f (commit)
      from  74683a70ff54c142dfdd64bdbf305346b73cda81 (commit)

Summary of changes:
 lib/RT/ObjectCustomFieldValue.pm | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

- Log -----------------------------------------------------------------
commit 329458a9b8c828b11c2fccaf11149da3ae57609f
Author: Alex Vandiver <alexmv at bestpractical.com>
Date:   Tue Dec 17 14:23:09 2013 -0500

    Ensure that all calls to _EncodeLOB pass bytes, not characters
    
    There are several places that call _EncodeLOB; most are careful to pass
    bytes, not characters:
    
      1. RT::Attachment->Create takes a MIME::Entity; while the transfer
         encoding will have been decoded, ->bodyhandle->as_string does not
         decode bytes into characters.
    
      2. ObjectCustomFieldValues from file uploads; these are always left as
         bytes.
    
      3. ObjectCustomFieldValues from Content which is too long; Content is
         passed as characters.
    
    The one codepath which currently might pass characters, and not bytes,
    is the third possibility.  While the Mason parameter munging in
    RT::Interface::Web ensures that invalid byte sequences (including for
    invalid codepoints, like \x{FDD0}) are replaced using PERLQQ, there are
    no such guards for character strings passed to ->AddCustomFieldValue
    directly via the API.
    
    Ensure that the LargeContent passed to _EncodeLOB, upgraded from
    Content, contains bytes and not characters.

diff --git a/lib/RT/ObjectCustomFieldValue.pm b/lib/RT/ObjectCustomFieldValue.pm
index b2a6c51..f351c89 100644
--- a/lib/RT/ObjectCustomFieldValue.pm
+++ b/lib/RT/ObjectCustomFieldValue.pm
@@ -118,7 +118,10 @@ sub Create {
             $RT::Logger->error("Content is longer than 255 bytes and LargeContent specified");
         }
         else {
-            $args{'LargeContent'} = $args{'Content'};
+            # _EncodeLOB, and thus LargeContent, takes bytes; Content is
+            # in characters.  Encode it; this may replace illegal
+            # codepoints (e.g. \x{FDD0}) with \x{FFFD}.
+            $args{'LargeContent'} = Encode::encode("UTF-8",$args{'Content'});
             $args{'Content'} = undef;
             $args{'ContentType'} ||= 'text/plain';
         }

-----------------------------------------------------------------------