[Rt-commit] rt branch 5.0/allow-empty-search-result-page created. rt-5.0.3beta1-18-g46d2659a35

BPS Git Server git at git.bestpractical.com
Wed Jul 13 08:09:54 UTC 2022 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "rt".

The branch, 5.0/allow-empty-search-result-page has been created
        at  46d2659a3523ffc34880999c7b60d8ba164b9068 (commit)

- Log -----------------------------------------------------------------
commit 46d2659a3523ffc34880999c7b60d8ba164b9068
Author: sunnavy <sunnavy at bestpractical.com>
Date:   Wed Jul 13 15:41:46 2022 +0800

    Allow empty search ResultPage parameter in URL
    
    RT could generate URLs with empty ResultPage(e.g. when building menus),
    which doesn't hurt as it falls back to "/Search/Result.html".
    
    In ba3a82144d we added validation of ResultPage, to avoid redirecting to
    arbitrary pages for security reasons. As empty ResultPage falls back
    safely, allowing it is totally fine.
    
    This is mainly to get rid of the following warning:
    
        ResultPage  is not whitelisted, ignoring

diff --git a/lib/RT/Interface/Web.pm b/lib/RT/Interface/Web.pm
index 79c3c7c60a..e31d629104 100644
--- a/lib/RT/Interface/Web.pm
+++ b/lib/RT/Interface/Web.pm
@@ -310,18 +310,16 @@ sub HandleRequest {
     local $HTML::Mason::Commands::DECODED_ARGS = $ARGS;
     PreprocessTimeUpdates($ARGS);
 
-    if ( exists $ARGS->{ResultPage} ) {
+    if ( defined $ARGS->{ResultPage} && length $ARGS->{ResultPage}  ) {
         my $passed;
-        if ( defined $ARGS->{ResultPage} && length $ARGS->{ResultPage}  ) {
-            for my $item ( @RT::Interface::Web::WHITELISTED_RESULT_PAGES ) {
-                if ( ref $item eq 'Regexp' ) {
-                    $passed = 1 if $ARGS->{ResultPage} =~ $item;
-                }
-                else {
-                    $passed = 1 if $ARGS->{ResultPage} eq $item;
-                }
-                last if $passed;
+        for my $item (@RT::Interface::Web::WHITELISTED_RESULT_PAGES) {
+            if ( ref $item eq 'Regexp' ) {
+                $passed = 1 if $ARGS->{ResultPage} =~ $item;
+            }
+            else {
+                $passed = 1 if $ARGS->{ResultPage} eq $item;
             }
+            last if $passed;
         }
 
         if ( !$passed ) {

-----------------------------------------------------------------------


hooks/post-receive
-- 
rt

More information about the rt-commit mailing list