-
Alex Vandiver authored
There are several places that call _EncodeLOB; most are careful to pass bytes, not characters: 1. RT::Attachment->Create takes a MIME::Entity; while the transfer encoding will have been decoded, ->bodyhandle->as_string does not decode bytes into characters. 2. ObjectCustomFieldValues from file uploads; these are always left as bytes. 3. ObjectCustomFieldValues from Content which is too long; Content is passed as characters. The one codepath which currently might pass characters, and not bytes, is the third possibility. While the Mason parameter munging in RT::Interface::Web ensures that invalid byte sequences (including for invalid codepoints, like \x{FDD0}) are replaced using PERLQQ, there are no such guards for character strings passed to ->AddCustomFieldValue directly via the API. Ensure that the LargeContent passed to _EncodeLOB, upgraded from Content, contains bytes and not characters.
329458a9