[rt-users] fix for over-liberal regexp matching $rtname

Larry Stone lcs at MIT.EDU
Thu Jul 3 19:54:36 EDT 2003


RT 3.0.2 has some mistakes in the regexp used to check for $rtname
in the Subject: header of email messages, and the loop-prevention header.
It does not escape regexp metacharacters in the value of $rtname, yet
$rtname often contains "." -- so e.g. when $rtname is "demo.mit.edu" the
subject tag "[demoXmitYedu #1]" is accepted as applying to ticket #1.

This patch escapes the value of $rtname in regexps.  It also makes the
test for the subject-line tag a bit more generous, allowing any whitespace
separating $rtname and the "#" instead of exactly a space, on the
protocol principal "be liberal in what you accept".

I've tested it lightly on my server, Solaris8/Apache 1.3/fastcgi/mysql/perl 5.8/etc.

    -- Larry

*** lib/RT/EmailParser.pm.orig  Mon May 12 20:31:23 2003
--- lib/RT/EmailParser.pm       Thu Jul  3 19:11:38 2003
***************
*** 93,99 ****
      #If this instance of RT sent it our, we don't want to take it in
      my $RTLoop = $head->get("X-RT-Loop-Prevention") || "";
      chomp($RTLoop);    #remove that newline
!     if ( $RTLoop =~ /^$RT::rtname/ ) {
          return (1);
      }
  
--- 93,99 ----
      #If this instance of RT sent it our, we don't want to take it in
      my $RTLoop = $head->get("X-RT-Loop-Prevention") || "";
      chomp($RTLoop);    #remove that newline
!     if ( $RTLoop =~ /^\Q$RT::rtname\E/o ) {
          return (1);
      }
  
***************
*** 256,262 ****
  
      my $Subject = shift;
  
!     if ( $Subject =~ s/\[$RT::rtname \#(\d+)\s*\]//i ) {
          my $id = $1;
          $RT::Logger->debug("Found a ticket ID. It's $id");
          return ($id);
--- 256,262 ----
  
      my $Subject = shift;
  
!     if ( $Subject =~ s/\[\Q$RT::rtname\E\s+\#(\d+)\s*\]//i ) {
          my $id = $1;
          $RT::Logger->debug("Found a ticket ID. It's $id");
          return ($id);




More information about the rt-users mailing list