[rt-users] fix for over-liberal regexp matching $rtname
Larry Stone
lcs at MIT.EDU
Thu Jul 3 19:54:36 EDT 2003
RT 3.0.2 has some mistakes in the regexp used to check for $rtname
in the Subject: header of email messages, and the loop-prevention header.
It does not escape regexp metacharacters in the value of $rtname, yet
$rtname often contains "." -- so e.g. when $rtname is "demo.mit.edu" the
subject tag "[demoXmitYedu #1]" is accepted as applying to ticket #1.
This patch escapes the value of $rtname in regexps. It also makes the
test for the subject-line tag a bit more generous, allowing any whitespace
separating $rtname and the "#" instead of exactly a space, on the
protocol principal "be liberal in what you accept".
I've tested it lightly on my server, Solaris8/Apache 1.3/fastcgi/mysql/perl 5.8/etc.
-- Larry
*** lib/RT/EmailParser.pm.orig Mon May 12 20:31:23 2003
--- lib/RT/EmailParser.pm Thu Jul 3 19:11:38 2003
***************
*** 93,99 ****
#If this instance of RT sent it our, we don't want to take it in
my $RTLoop = $head->get("X-RT-Loop-Prevention") || "";
chomp($RTLoop); #remove that newline
! if ( $RTLoop =~ /^$RT::rtname/ ) {
return (1);
}
--- 93,99 ----
#If this instance of RT sent it our, we don't want to take it in
my $RTLoop = $head->get("X-RT-Loop-Prevention") || "";
chomp($RTLoop); #remove that newline
! if ( $RTLoop =~ /^\Q$RT::rtname\E/o ) {
return (1);
}
***************
*** 256,262 ****
my $Subject = shift;
! if ( $Subject =~ s/\[$RT::rtname \#(\d+)\s*\]//i ) {
my $id = $1;
$RT::Logger->debug("Found a ticket ID. It's $id");
return ($id);
--- 256,262 ----
my $Subject = shift;
! if ( $Subject =~ s/\[\Q$RT::rtname\E\s+\#(\d+)\s*\]//i ) {
my $id = $1;
$RT::Logger->debug("Found a ticket ID. It's $id");
return ($id);
More information about the rt-users
mailing list