diff options
author | sunnavy <sunnavy@bestpractical.com> | 2022-07-13 10:41:46 +0300 |
---|---|---|
committer | sunnavy <sunnavy@bestpractical.com> | 2022-07-13 11:05:28 +0300 |
commit | 46d2659a3523ffc34880999c7b60d8ba164b9068 (patch) | |
tree | 49f270db602d35961d7ce3332dc66ca3c2ac1457 /lib | |
parent | 45c29dce558917cdd9960121f31f899698f75b69 (diff) |
Allow empty search ResultPage parameter in URL5.0/allow-empty-search-result-page
RT could generate URLs with empty ResultPage(e.g. when building menus),
which doesn't hurt as it falls back to "/Search/Result.html".
In ba3a82144d we added validation of ResultPage, to avoid redirecting to
arbitrary pages for security reasons. As empty ResultPage falls back
safely, allowing it is totally fine.
This is mainly to get rid of the following warning:
ResultPage is not whitelisted, ignoring
Diffstat (limited to 'lib')
-rw-r--r-- | lib/RT/Interface/Web.pm | 18 |
1 files changed, 8 insertions, 10 deletions
diff --git a/lib/RT/Interface/Web.pm b/lib/RT/Interface/Web.pm index 79c3c7c60a..e31d629104 100644 --- a/lib/RT/Interface/Web.pm +++ b/lib/RT/Interface/Web.pm @@ -310,18 +310,16 @@ sub HandleRequest { local $HTML::Mason::Commands::DECODED_ARGS = $ARGS; PreprocessTimeUpdates($ARGS); - if ( exists $ARGS->{ResultPage} ) { + if ( defined $ARGS->{ResultPage} && length $ARGS->{ResultPage} ) { my $passed; - if ( defined $ARGS->{ResultPage} && length $ARGS->{ResultPage} ) { - for my $item ( @RT::Interface::Web::WHITELISTED_RESULT_PAGES ) { - if ( ref $item eq 'Regexp' ) { - $passed = 1 if $ARGS->{ResultPage} =~ $item; - } - else { - $passed = 1 if $ARGS->{ResultPage} eq $item; - } - last if $passed; + for my $item (@RT::Interface::Web::WHITELISTED_RESULT_PAGES) { + if ( ref $item eq 'Regexp' ) { + $passed = 1 if $ARGS->{ResultPage} =~ $item; + } + else { + $passed = 1 if $ARGS->{ResultPage} eq $item; } + last if $passed; } if ( !$passed ) { |