[Rt-commit] rt branch, 4.2/csrf-whitelist, updated. rt-4.2.11-40-gb7c2c7c
Dustin Graves
dustin at bestpractical.com
Mon Aug 3 17:15:13 EDT 2015
The branch, 4.2/csrf-whitelist has been updated
via b7c2c7c5bf43cce02f7fa950d1c58557cc65913e (commit)
from 2f6d9a303f3046c96d662fb916e6667c999df146 (commit)
Summary of changes:
lib/RT/Interface/Web.pm | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
- Log -----------------------------------------------------------------
commit b7c2c7c5bf43cce02f7fa950d1c58557cc65913e
Author: Dustin Graves <dustin at bestpractical.com>
Date: Mon Aug 3 17:15:09 2015 -0400
fix argument whitelist array being written with hash syntax
diff --git a/lib/RT/Interface/Web.pm b/lib/RT/Interface/Web.pm
index 8e93e43..c206503 100644
--- a/lib/RT/Interface/Web.pm
+++ b/lib/RT/Interface/Web.pm
@@ -1380,19 +1380,19 @@ our %is_whitelisted_component = (
our @whitelisted_args = (
# For example, "id" is acceptable because that is how RT retrieves a
# record.
- 'id' => 1,
+ 'id',
# If they have a results= from MaybeRedirectForResults, that's also fine.
- 'results' => 1,
+ 'results',
# The homepage refresh, which uses the Refresh header, doesn't send
# a referer in most browsers; whitelist the one parameter it reloads
# with, HomeRefreshInterval, which is safe
- 'HomeRefreshInterval' => 1,
+ 'HomeRefreshInterval',
# The NotMobile flag is fine for any page; it's only used to toggle a flag
# in the session related to which interface you get.
- 'NotMobile' => 1,
+ 'NotMobile',
);
our %whitelisted_component_parameters = (
-----------------------------------------------------------------------
More information about the rt-commit
mailing list