1. 03 Sep, 2014 2 commits
    • Alex Vandiver's avatar
      Standardize on the stricter Encode::encode("UTF-8", ...) everywhere · 1d18663b
      Alex Vandiver authored
      This is not only for code consistency, but also for consistency of
      output.  Encode::encode_utf8(...) is equivalent to
      Encode::encode("utf8",...) which is the non-"strict" form of UTF-8.
      Strict UTF-8 encoding differs in that (from `perldoc Encode`):
          ...its range is much narrower (0 ..  0x10_FFFF to cover only 21 bits
          instead of 32 or 64 bits) and some sequences are not allowed, like
          those used in surrogate pairs, the 31 non-character code points
          0xFDD0 .. 0xFDEF, the last two code points in any plane (0xXX_FFFE
          and 0xXX_FFFF), all non-shortest encodings, etc.
      RT deals with interchange with databases, email, and other systems.  In
      dealing with encodings, it should ensure that it does not produce byte
      sequences that are invalid according to official Unicode standards.
    • Alex Vandiver's avatar
      Ensure all MIME::Entity bodies are UTF-8 encoded bytes · 6d9bd63c
      Alex Vandiver authored
      Placing wide characters into MIME::Entity objects can lead to
      double-encoding.  Always treat them as byte stores, encoding as UTF-8
      and noting their character set.
      In the case of Approvals/index.html, there was no need for an explicit
      MIME::Entity object; ->Correspond creates one as needed from a "Content"
  2. 21 Jul, 2014 1 commit
    • Alex Vandiver's avatar
      Strip non-word characters from CF names for variable names · 546fc6c2
      Alex Vandiver authored
      The existing Simple templates did not address the issue of CF names with
      spaces in them.  This strips non-word characters to establish the
      variable name -- a trasformation which might cause duplication of CF
      names, but this does not notably worsen the situation, as they did not
      already posess any uniqueness guarantees.
      Note that this may still lead to unicode variable names, as \w is UTF-8
      aware, allowing for the variable "$TicketCFStraße".
      Fixes I#18446.
  3. 06 Jan, 2014 2 commits
  4. 02 Jan, 2014 1 commit
    • Alex Vandiver's avatar
      Don't die if HTML → text conversion throws an error · 254e8da9
      Alex Vandiver authored
      HTML::FormatText::WithLinks::AndTables may contain errors which make it
      incapable of rendering the HTML to text.  In the context of templates,
      this led to the outgoing mail being dropped on the floor if the
      conversion failed.  It also showed as errors in the REST interface and
      RSS feed, in attempting to downsample an HTML-only message to plain text
      to display therein.
      Expliticly wrap the conversion with an eval to trap fatal errors in the
      HTML::FormatText::WithLinks::AndTables module; in such cases, the method
      returns undef.  In the context of template generation, the presence of
      such a return value is to omit the text/plain part entirely, as email
      clients may be able to generate it even if we are unable to.
      It is expected that the new tests may begin to fail if
      HTML::FormatText::WithLinks::AndTables resolves its bug surrounding
      nested tables.  Unfortunately, marking them TODO is difficult because
      they intermix passing and failing tests in mail_ok.
  5. 22 Oct, 2013 2 commits
  6. 08 Oct, 2013 1 commit
    • Alex Vandiver's avatar
      Catch and warn about template compilation errors · e4a1a4cb
      Alex Vandiver authored
      RT warns when saving a template which fails to compile (for example, due
      to improperly closed braces).  However, if this warning is ignored (or
      the template was imported by hand from initialdata), the only hint as to
      this came at the debug level:
          [debug]: Skipping Scrip #7 because it didn't Prepare
      Make the template compilation error explicit, and show which template
      contains the error.
  7. 22 Jul, 2013 1 commit
  8. 08 May, 2013 1 commit
  9. 01 May, 2013 1 commit
  10. 14 Jan, 2013 1 commit
    • Alex Vandiver's avatar
      Remove hard tab characters wherever possible · 785dc2e3
      Alex Vandiver authored
      For historical reasons, many parts of the RT code intermix hard tabs and
      siace-based indentation.  This commit does not attempt to standardize
      indentation, merely the horrid intermixing of hard tabs and spaces.
      A few hard tabs remain in t/mail/mime_encoding.t and t/mail/outlook.t,
      as the tabs are within strings representing test data; they also remain
      in third-party source.
      Best viewed with the -w option to `git diff`.
  11. 07 Jan, 2013 2 commits
  12. 03 Dec, 2012 1 commit
  13. 01 Dec, 2012 1 commit
  14. 21 Nov, 2012 6 commits
  15. 03 Oct, 2012 1 commit
    • Thomas Sibley's avatar
      Headers in the parsed MIME entities of Templates are modifiable · ecbdf95e
      Thomas Sibley authored
      This allows reformatting of inserted headers by canonicalizing tag case
      and, crucially, folding (or refolding) lines.
      When the header object is not explicitly marked modifiable — such as
      when generated via parsing a raw MIME message — Mail::Header assumes
      that header values you set should be inserted as-is.  This means
      newlines are not stripped or validated as you're expected to construct
      proper continuations yourself.
      RT incorrectly assumed newlines in header values would be stripped,
      leaving open the possibility of header injection via various
      user-controlled inputs.  This commit resolves CVE-2012-4730.
      Fixes failing tests by removing the assumptions that:
          1) Case of header names is preserved
          2) Header values are always on a single line
  16. 10 Sep, 2012 1 commit
  17. 18 Jul, 2012 1 commit
    • Ruslan Zakirov's avatar
      fix passing arrays, hashes and code into templates · 027bc25b
      Ruslan Zakirov authored
      It was always intention to make XXX => [...] arguments
      to $template->Parse method to be available in template's
      code as @XXX, but it was broken.
      This is a fix, not a backwards incompatible change, as we
      have GnuPG errors notification templates that rely on
      such behavior.
  18. 30 Mar, 2012 1 commit
    • Thomas Sibley's avatar
      Check ACLs on the receiving end when modifying a Template's Queue · 08b7989f
      Thomas Sibley authored
      Users with ModifyTemplate in Queue A must also have ModifyTemplate in the
      receiving queue when moving a template from one queue to another.  When
      making a template global, the actor must have ModifyTemplate globally.
      This stricter ACL checking prevents queue admins from moving arbitrary
      templates into other queues in which they have no permissions.
      Partially resolves CVE-2011-2084.  Ticket #50901.
  19. 01 Feb, 2012 1 commit
    • Alex Vandiver's avatar
      Instead of overwriting a database with initialdata, insert into an empty db · aa3da3de
      Alex Vandiver authored
      Attempting to determine which transactions and attached records should
      be updated, as opposed made fresh, is a complicated business.  Instead
      of fighting with possible inconsistency with the serialized dump and
      "standard" initdb row ids, it is much simpler and safer to demand that
      we insert into a completely empty database.
      Rename --overwrite to --clone to reflect this change.  This also removes
      a number of kludgite codepaths which attempted to merge if --overwrite
      was passed.
  20. 31 Jan, 2012 1 commit
  21. 03 Jan, 2012 1 commit
  22. 06 Dec, 2011 1 commit
  23. 21 Nov, 2011 1 commit
  24. 07 Nov, 2011 3 commits
  25. 03 Mar, 2011 1 commit
  26. 15 Feb, 2011 3 commits
  27. 29 Dec, 2010 1 commit