1. 03 Sep, 2014 1 commit
    • Alex Vandiver's avatar
      Standardize on the stricter Encode::encode("UTF-8", ...) everywhere · 1d18663b
      Alex Vandiver authored
      This is not only for code consistency, but also for consistency of
      output.  Encode::encode_utf8(...) is equivalent to
      Encode::encode("utf8",...) which is the non-"strict" form of UTF-8.
      Strict UTF-8 encoding differs in that (from `perldoc Encode`):
      
          ...its range is much narrower (0 ..  0x10_FFFF to cover only 21 bits
          instead of 32 or 64 bits) and some sequences are not allowed, like
          those used in surrogate pairs, the 31 non-character code points
          0xFDD0 .. 0xFDEF, the last two code points in any plane (0xXX_FFFE
          and 0xXX_FFFF), all non-shortest encodings, etc.
      
      RT deals with interchange with databases, email, and other systems.  In
      dealing with encodings, it should ensure that it does not produce byte
      sequences that are invalid according to official Unicode standards.
      1d18663b
  2. 07 Jul, 2014 1 commit
  3. 22 Apr, 2014 1 commit
    • Alex Vandiver's avatar
      Remove an extraneous "use Time::ParseDate" · 059489b6
      Alex Vandiver authored
      This came in during 7d367769, which moved it from within the
      HTML::Mason::Commands package to the RT::Interface::Web package.  This
      had previously made "parsedate" available to Mason elements, but as of
      7d367769 it no longer was -- nor is it used in RT::Interface::Web
      directly.  Remove it.
      059489b6
  4. 31 Mar, 2014 1 commit
    • Alex Vandiver's avatar
      Allow downloading dotfiles · a51e3df7
      Alex Vandiver authored
      Our directory-traversal code overzealously rejected requests for
      /Ticket/Attachment/100/200/.bashrc and the like, making the "download"
      links for uploaded dotfiles appear to return a blank page.
      
      Allow /.something, but reject /./, /../, ../, /., /.., and the like.
      
      Fixes issues #29700.
      a51e3df7
  5. 26 Mar, 2014 1 commit
    • Wallace Reis's avatar
      I#28640: Set headers for static content · 915eb4b7
      Wallace Reis authored
      This is a regression fix since at some point the static content served
      from /static/ path had the 'Expires' and 'Cache-Control' headers removed
      (probably when started serving it with Static middleware). Additionally,
      add support for static content served from custom StaticRoots.
      915eb4b7
  6. 25 Mar, 2014 1 commit
  7. 19 Mar, 2014 1 commit
  8. 06 Jan, 2014 2 commits
  9. 03 Sep, 2013 5 commits
  10. 24 Apr, 2013 1 commit
  11. 23 Apr, 2013 1 commit
  12. 15 Mar, 2013 2 commits
    • Alex Vandiver's avatar
      Ensure that the error message is logged with newlines · e4f33625
      Alex Vandiver authored
      die() is verridden somewhere in the stack to s/\n/\\n/g; this makes the
      error message much less readable.
      
      Use a direct call to $RT::Logger to ensure that newlines are preserved,
      which also allows us to set the log level explicitly.  Not exiting via
      die() requires that we handle providing the HTTP response by hand, which
      also provides the opportunity to explicitly call out the
      misconfiguration.
      e4f33625
    • Jim Brandt's avatar
      Die when detecting SetHandler perl-script · 033dd965
      Jim Brandt authored
      033dd965
  13. 19 Feb, 2013 2 commits
  14. 07 Jan, 2013 1 commit
  15. 26 Dec, 2012 4 commits
  16. 06 Dec, 2012 1 commit
  17. 07 Nov, 2012 1 commit
    • Thomas Sibley's avatar
      Include the Mason stack trace when logging Mason exceptions · feda3a8f
      Thomas Sibley authored
      The one-line error message provided by ->full_message is fairly useless
      without a stack trace since RT->Logger reports only the location it was
      called from.  Unlike RT's $LogStackTraces option, Mason provides a
      nicely filtered and formatted stack which includes component names.
      feda3a8f
  18. 04 May, 2012 1 commit
    • Alex Vandiver's avatar
      Add a global argument which contains the decoded $m->request_args · 17bc0c17
      Alex Vandiver authored
      Multiple locations in the code use $m->request_args to obtain
      information about the query parameters that were specified in the URL;
      however, the values recovered from this call are not utf8-decoded, which
      can lead to corrupted data.  Additionally, existing code may depend on
      $m->request_args being encoded, which prevents merely altering the data
      prior to its entry into Mason.
      
      Provide a global variable, $DECODED_ARGS, which provides the correct,
      decoded, query parameters.
      17bc0c17
  19. 20 Apr, 2012 1 commit
  20. 10 Apr, 2012 2 commits
  21. 09 Jan, 2012 1 commit
  22. 06 Jan, 2012 1 commit
    • Alex Vandiver's avatar
      Prevent actual error messages from propagating to the user · 52c4d4c0
      Alex Vandiver authored
      With DevelMode off, Mason formats runtime errors using the 'brief'
      format, which includes the full path on disk to where the error ocurred.
      This is a potential information leak.  Instead, provide a generic error
      message to the user, but log the actual error in the logs.
      52c4d4c0
  23. 05 Jan, 2012 1 commit
    • Alex Vandiver's avatar
      Prevent actual error messages from propagating to the user · fa17a99b
      Alex Vandiver authored
      With DevelMode off, Mason formats runtime errors using the 'brief'
      format, which includes the full path on disk to where the error ocurred.
      This is a potential information leak.  Instead, provide a generic error
      message to the user, but log the actual error in the logs.
      fa17a99b
  24. 03 Jan, 2012 1 commit
  25. 15 Nov, 2011 1 commit
  26. 20 Oct, 2011 1 commit
  27. 20 May, 2011 1 commit
  28. 06 May, 2011 1 commit
  29. 29 Mar, 2011 1 commit