Commit d32274b5 authored by Shawn M Moore's avatar Shawn M Moore
Browse files

Begin whitelisting fields for tickets in simple templates

parent 605714c5
......@@ -466,6 +466,8 @@ sub _ParseContentSimple {
@_,
);
$self->_MassageSimpleTemplateArgs(%args);
my $template = Text::Template->new(
TYPE => 'STRING',
SOURCE => $args{Content},
......@@ -512,6 +514,22 @@ sub _ParseContentSimple {
return $fi_r;
}
sub _MassageSimpleTemplateArgs {
my $self = shift;
my %args = (
TemplateArgs => {},
@_,
);
my $template_args = $args{TemplateArgs};
if (my $ticket = $template_args->{Ticket}) {
for my $column (qw/Subject/) {
$template_args->{"Ticket".$column} = $ticket->$column;
}
}
}
sub _DowngradeFromHTML {
my $self = shift;
my $orig_entity = $self->MIMEObj;
......
......@@ -31,8 +31,8 @@ TemplateTest(
);
TemplateTest(
Content => "\ntest { \$Ticket->Subject }",
FullOutput => "test template testing",
Content => "\ntest { \$TicketSubject }",
FullOutput => "test ",
SimpleOutput => "test template testing",
);
......@@ -54,14 +54,12 @@ TemplateTest(
SimpleOutput => "test { \$Nonexistent->Nonexistent }",
);
# Simple templates only let you go one level down for now..
TemplateTest(
Content => "\ntest { \$Ticket->OwnerObj->Name }",
FullOutput => "test Nobody",
SimpleOutput => "test { \$Ticket->OwnerObj->Name }",
);
# should this be forbidden or not?
is($ticket->Status, 'new', "test setup");
TemplateTest(
Content => "\ntest { \$Ticket->Resolve }",
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment