[Rt-commit] rt branch, 4.2/csrf-whitelist, updated. rt-4.2.11-39-g08a838e

[Dustin Graves]

The branch, 4.2/csrf-whitelist has been updated
       via  08a838ec750686805515207dcfb01760ad441719 (commit)
      from  d2c0f0d81b2c3ab2a47c0c66b0c8642b1bf2c5ca (commit)

Summary of changes:
 lib/RT/Interface/Web.pm | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

- Log -----------------------------------------------------------------
commit 08a838ec750686805515207dcfb01760ad441719
Author: Dustin Graves <dustin at bestpractical.com>
Date:   Tue Aug 4 09:17:57 2015 -0400

    Fixed unsafe array reference lookup with undefined reference

diff --git a/lib/RT/Interface/Web.pm b/lib/RT/Interface/Web.pm
index c5cb43f..8edadd1 100644
--- a/lib/RT/Interface/Web.pm
+++ b/lib/RT/Interface/Web.pm
@@ -1377,7 +1377,7 @@ our %is_whitelisted_component = (
 );
 
 # Whitelist arguments that do not indicate an effectful request.
-our @whitelisted_args = (
+our @global_whitelisted_args = (
     # For example, "id" is acceptable because that is how RT retrieves a
     # record.
     'id',
@@ -1395,7 +1395,7 @@ our @whitelisted_args = (
     'NotMobile',
 );
 
-our %whitelisted_component_parameters = (
+our %whitelisted_component_args = (
     '/Search/Build.html' => ['SavedSearchLoad'],
 );
 
@@ -1453,9 +1453,11 @@ sub AreCompCSRFParametersWhitelisted {
     my %leftover_args = %{ $ARGS };
 
     # Join global whitelist and component-specific whitelist
-    my @comp_whitelisted_args = (@whitelisted_args, @{$whitelisted_component_parameters{$sub}});
+    my @whitelisted_args = @global_whitelisted_args;
+    my $whitelisted_component_args_ref = $whitelisted_component_args{$sub};
+    @whitelisted_args = (@whitelisted_args, @{$whitelisted_component_args_ref}) if $whitelisted_component_args_ref;
 
-    for my $arg (@comp_whitelisted_args) {
+    for my $arg (@whitelisted_args) {
         delete $leftover_args{$arg};
     }
 

-----------------------------------------------------------------------