1. 03 Sep, 2014 1 commit
    • Alex Vandiver's avatar
      Standardize on the stricter Encode::encode("UTF-8", ...) everywhere · 1d18663b
      Alex Vandiver authored
      This is not only for code consistency, but also for consistency of
      output.  Encode::encode_utf8(...) is equivalent to
      Encode::encode("utf8",...) which is the non-"strict" form of UTF-8.
      Strict UTF-8 encoding differs in that (from `perldoc Encode`):
      
          ...its range is much narrower (0 ..  0x10_FFFF to cover only 21 bits
          instead of 32 or 64 bits) and some sequences are not allowed, like
          those used in surrogate pairs, the 31 non-character code points
          0xFDD0 .. 0xFDEF, the last two code points in any plane (0xXX_FFFE
          and 0xXX_FFFF), all non-shortest encodings, etc.
      
      RT deals with interchange with databases, email, and other systems.  In
      dealing with encodings, it should ensure that it does not produce byte
      sequences that are invalid according to official Unicode standards.
      1d18663b
  2. 06 Jan, 2014 2 commits
  3. 07 Jan, 2013 1 commit
  4. 02 Apr, 2012 1 commit
    • Thomas Sibley's avatar
      Explicitly override any Graph parameter passed into RT::Graph::Tickets · 04a9551f
      Thomas Sibley authored
      Specifying a defined Graph argument to RT::Graph::Tickets->TicketLinks
      is only used internally when it is called recursively.  Since Graph is
      expected to be an existing GraphViz object if defined, it never makes
      sense to start with anything but an undefined Graph parameter.
      
      This prevents a user-supplied Graph parameter from having ->add_node
      called on it.  Since the Graph parameter could contain a Perl package
      name, it previously provided a means to call to ->add_node on arbitrary
      Perl packages already loaded into memory.  While of unlikely utility,
      there's no reason to allow such behaviour.
      
      Fixes part of CVE-2011-4458.
      04a9551f
  5. 30 Mar, 2012 1 commit
    • Thomas Sibley's avatar
      Explicitly override any Graph parameter passed into RT::Graph::Tickets · bb917e0b
      Thomas Sibley authored
      Specifying a defined Graph argument to RT::Graph::Tickets->TicketLinks
      is only used internally when it is called recursively.  Since Graph is
      expected to be an existing GraphViz object if defined, it never makes
      sense to start with anything but an undefined Graph parameter.
      
      This prevents a user-supplied Graph parameter from having ->add_node
      called on it.  Since the Graph parameter could contain a Perl package
      name, it previously provided a means to call to ->add_node on arbitrary
      Perl packages already loaded into memory.  While of unlikely utility,
      there's no reason to allow such behaviour.
      
      Fixes part of CVE-2011-4458.
      bb917e0b
  6. 03 Jan, 2012 1 commit
  7. 15 Feb, 2011 3 commits
  8. 19 Sep, 2010 1 commit
  9. 29 Jul, 2010 2 commits
  10. 06 Jan, 2009 2 commits
  11. 23 Jun, 2008 1 commit
  12. 20 Jun, 2008 1 commit
  13. 09 Jun, 2008 1 commit
  14. 04 Jun, 2008 1 commit
  15. 02 Jun, 2008 1 commit
  16. 14 May, 2008 1 commit
  17. 22 Apr, 2008 2 commits
  18. 11 Apr, 2008 1 commit
  19. 12 Mar, 2008 1 commit