[Rt-commit] rt branch 5.0/stop-ticket-create-modify-on-invalid-recipients created. rt-5.0.2-113-g87f106cbec
BPS Git Server
git at git.bestpractical.com
Thu Mar 24 18:59:15 UTC 2022
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "rt".
The branch, 5.0/stop-ticket-create-modify-on-invalid-recipients has been created
at 87f106cbec051083900ec4bbdca7678a28d6c904 (commit)
- Log -----------------------------------------------------------------
commit 87f106cbec051083900ec4bbdca7678a28d6c904
Author: Brian Conry <bconry at bestpractical.com>
Date: Thu Mar 24 12:58:44 2022 -0500
Block ticket create/update on invalid recipients
The prior behavior was to proceed with the ticket create or update,
excluding the recipients that did not look like email addresses and
could not be resolved to a principal, and without letting the user know
that some intended recipients had been omitted.
The new behavior is to block the action and give the user a message
explaining that no user could be found for what they entered.
diff --git a/share/html/Ticket/Create.html b/share/html/Ticket/Create.html
index 5ae39fd4e5..6f63897184 100644
--- a/share/html/Ticket/Create.html
+++ b/share/html/Ticket/Create.html
@@ -506,6 +506,8 @@ if ($ARGS{IncludeArticleId}) {
# check email addresses for RT's
{
+ my $recipient_check = RT::Ticket->new($session{'CurrentUser'});
+
foreach my $field ( qw(Requestors Cc AdminCc) ) {
my $value = $ARGS{ $field };
next unless defined $value && length $value;
@@ -524,7 +526,14 @@ if ($ARGS{IncludeArticleId}) {
}
}
else {
- push @emails, $entry->{value};
+ my($rref, $mref) = $recipient_check->ParseInputPrincipals($entry->{value});
+ if (!$rref->[0] or !$rref->[0]->id) {
+ push @results, loc("Couldn't add watcher '[_2]' as [_1]: [_3]", $field, $entry->{value}, $mref->[0]);
+ $checks_failure ||= 1;
+ }
+ else {
+ push @emails, $entry->{value};
+ }
}
}
$ARGS{ $field } = join ', ', grep defined, @emails;
diff --git a/share/html/Ticket/Update.html b/share/html/Ticket/Update.html
index c1b7f38cf0..a5339b55ef 100644
--- a/share/html/Ticket/Update.html
+++ b/share/html/Ticket/Update.html
@@ -423,6 +423,8 @@ if ( $ARGS{'SubmitTicket'} ) {
# check email addresses for RT's
{
+ my $recipient_check = RT::Ticket->new($session{'CurrentUser'});
+
foreach my $field ( qw(UpdateCc UpdateBcc) ) {
my $value = $ARGS{ $field };
next unless defined $value && length $value;
@@ -441,7 +443,14 @@ if ( $ARGS{'SubmitTicket'} ) {
}
}
else {
- push @emails, $entry->{value};
+ my($rref, $mref) = $recipient_check->ParseInputPrincipals($entry->{value});
+ if (!$rref->[0] or !$rref->[0]->id) {
+ push @results, loc("Couldn't add watcher '[_2]' as [_1]: [_3]", $field, $entry->{value}, $mref->[0]);
+ $checks_failure ||= 1;
+ }
+ else {
+ push @emails, $entry->{value};
+ }
}
}
$ARGS{ $field } = join ', ', grep defined, @emails;
-----------------------------------------------------------------------
hooks/post-receive
--
rt
More information about the rt-commit
mailing list