[Rt-commit] rtir branch 5.0.3-releng updated. rtir-5.0.3beta1-5-g8c31afb8

BPS Git Server git at git.bestpractical.com
Wed Jul 13 08:46:49 UTC 2022 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "rtir".

The branch, 5.0.3-releng has been updated
       via  8c31afb8e36798408b5bdeaef4b668ee77061d5d (commit)
       via  442a807a9cc24dfcd89343f597d6910467f04ad5 (commit)
       via  f843d4720868dc64d2efa16141177e15d955f597 (commit)
       via  9c427d8dfe7db2f378128793e2893879a0133404 (commit)
       via  fd5d1f6f717e52732c4186c0e9a6fd0ed9df8112 (commit)
      from  593ec91f308f6aa8cc282026fa235b1fccfb4853 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 8c31afb8e36798408b5bdeaef4b668ee77061d5d
Merge: 593ec91f 442a807a
Author: sunnavy <sunnavy at bestpractical.com>
Date:   Wed Jul 13 16:38:43 2022 +0800

    Merge branch 'security/5.0.3-releng' into 5.0.3-releng


commit 442a807a9cc24dfcd89343f597d6910467f04ad5
Merge: f843d472 9c427d8d
Author: sunnavy <sunnavy at bestpractical.com>
Date:   Fri Jun 17 23:13:03 2022 +0800

    Merge branch 'security/5.0/cve-2022-25803' into security/5.0.3-releng


commit f843d4720868dc64d2efa16141177e15d955f597
Merge: adfe5933 fd5d1f6f
Author: sunnavy <sunnavy at bestpractical.com>
Date:   Fri Jun 17 23:10:02 2022 +0800

    Merge branch 'security/4.0/cve-2022-25800-cve-2022-25801' into security/5.0.3-releng


commit 9c427d8dfe7db2f378128793e2893879a0133404
Author: sunnavy <sunnavy at bestpractical.com>
Date:   Sat Mar 19 04:30:38 2022 +0800

    Add RTIR's ResultPages to whitelist
    
    This addresses CVE-2022-25803.
    
    As RT validates ResultPage using a whitelist, we need to add RTIR's
    ResultPages to the whitelist accordingly to mark them valid.

diff --git a/lib/RT/IR.pm b/lib/RT/IR.pm
index d9ec9f93..4b588433 100644
--- a/lib/RT/IR.pm
+++ b/lib/RT/IR.pm
@@ -131,6 +131,14 @@ sub EveryoneInvestigationRights {
     return (qw(ReplyToTicket));
 }
 
+require RT::Interface::Web;
+
+# Add RTIR specific ResultPages to whitelist
+for my $result_page ( 'Link/FromIncident/', 'Link/ToIncident/', 'Merge/', 'Incident/Reply/' ) {
+    push @RT::Interface::Web::WHITELISTED_RESULT_PAGES, qr{^/RTIR/(?:c/[^/]+/)?$result_page$};
+}
+
+
 use Parse::BooleanLogic;
 my $ticket_sql_parser = Parse::BooleanLogic->new;
 

-----------------------------------------------------------------------

Summary of changes:
 lib/RT/IR.pm | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)


hooks/post-receive
-- 
rtir

More information about the rt-commit mailing list