Jorge, I had the same problem. The attached patch fixed it.
Regards, Tony. On 09/01/13 15:27, Jorge Ruao wrote: > Hi everyone, > > Since we were having problems upgrading to RTIR 2.6.1 in our RT 3.8.4 > installation we've prepared a new virtual machine with RT 3.8.15, > RTFM 2.4.5 and RTIR 2.6.1. > > All configurations were replicated on the new machine and the > database as been dumped from the old RT 3.8.4 installation and > inserted in the new RT 3.8.15. > > Everything seems working, all RTIR queues are being shown, tickets > available and incident reports are being created by mailgate. > Nevertheless we don't see the Charts button anymore in RTIR search > result queues. Instead, right after the "Spreadsheet | RSS | > Shredder" it shows the following text: ------------ chart grouped by > <select id="PrimaryGroupBy" name="PrimaryGroupBy"> <option > value="Status" selected="selected">Status</option> <option > value="Queue" >Queue</option> <option value="Owner.Name" >Owner > Name</option> <option value="Owner.EmailAddress" >Owner > EmailAddress</option> <option value="Owner.RealName" >Owner > RealName</option> <option value="Owner.NickName" >Owner > NickName</option> <option value="Owner.Organization" >Owner > Organization</option> <option value="Owner.Lang" >Owner Lang</option> > <option value="Owner.City" >Owner City</option> <option > value="Owner.Country" >Owner Country</option> <option > value="Owner.Timezone" >Owner Timezone</option> <option > value="Creator.Name" >Creator Name</option> <option > value="Creator.EmailAddress" >Creator EmailAddress</option> <option > value="Creator.RealName" >Creator RealName</option> <option > value="Creator.NickName" >Creator NickName</option> <option > value="Creator.Organization" >Creator Organization</option> <option > value="Creator.Lang" >Creator Lang</option> <option > value="Creator.City" >Creator City</option> <option > value="Creator.Country" >Creator Country</option> <option > value="Creator.Timezone" >Creator Timezone</option> <option > value="LastUpdatedBy.Name" >LastUpdatedBy Name</option> <option > value="LastUpdatedBy.EmailAddress" >LastUpdatedBy > EmailAddress</option> <option value="LastUpdatedBy.RealName" > >LastUpdatedBy RealName</option> <option > value="LastUpdatedBy.NickName" >LastUpdatedBy NickName</option> > <option value="LastUpdatedBy.Organization" >LastUpdatedBy > Organization</option> <option value="LastUpdatedBy.Lang" > >LastUpdatedBy Lang</option> <option value="LastUpdatedBy.City" > >LastUpdatedBy City</option> <option value="LastUpdatedBy.Country" > >LastUpdatedBy Country</option> <option > value="LastUpdatedBy.Timezone" >LastUpdatedBy Timezone</option> > <option value="Requestor.Name" >Requestor Name</option> <option > value="Requestor.EmailAddress" >Requestor EmailAddress</option> > <option value="Requestor.RealName" >Requestor RealName</option> > <option value="Requestor.NickName" >Requestor NickName</option> > <option value="Requestor.Organization" >Requestor > Organization</option> <option value="Requestor.Lang" >Requestor > Lang</option> <option value="Requestor.City" >Requestor City</option> > <option value="Requestor.Country" >Requestor Country</option> <option > value="Requestor.Timezone" >Requestor Timezone</option> <option > value="Cc.Name" >Cc Name</option> <option value="Cc.EmailAddress" >Cc > EmailAddress</option> <option value="Cc.RealName" >Cc > RealName</option> <option value="Cc.NickName" >Cc NickName</option> > <option value="Cc.Organization" >Cc Organization</option> <option > value="Cc.Lang" >Cc Lang</option> <option value="Cc.City" >Cc > City</option> <option value="Cc.Country" >Cc Country</option> <option > value="Cc.Timezone" >Cc Timezone</option> <option > value="AdminCc.Name" >AdminCc Name</option> <option > value="AdminCc.EmailAddress" >AdminCc EmailAddress</option> <option > value="AdminCc.RealName" >AdminCc RealName</option> <option > value="AdminCc.NickName" >AdminCc NickName</option> <option > value="AdminCc.Organization" >AdminCc Organization</option> <option > value="AdminCc.Lang" >AdminCc Lang</option> <option > value="AdminCc.City" >AdminCc City</option> <option > value="AdminCc.Country" >AdminCc Country</option> <option > value="AdminCc.Timezone" >AdminCc Timezone</option> <option > value="Watcher.Name" >Watcher Name</option> <option > value="Watcher.EmailAddress" >Watcher EmailAddress</option> <option > value="Watcher.RealName" >Watcher RealName</option> <option > value="Watcher.NickName" >Watcher NickName</option> <option > value="Watcher.Organization" >Watcher Organization</option> <option > value="Watcher.Lang" >Watcher Lang</option> <option > value="Watcher.City" >Watcher City</option> <option > value="Watcher.Country" >Watcher Country</option> <option > value="Watcher.Timezone" >Watcher Timezone</option> <option > value="DueHourly" >DueHourly</option> <option value="DueDaily" > >DueDaily</option> <option value="DueMonthly" >DueMonthly</option> > <option value="DueAnnually" >DueAnnually</option> <option > value="ResolvedHourly" >ResolvedHourly</option> <option > value="ResolvedDaily" >ResolvedDaily</option> <option > value="ResolvedMonthly" >ResolvedMonthly</option> <option > value="ResolvedAnnually" >ResolvedAnnually</option> <option > value="CreatedHourly" >CreatedHourly</option> <option > value="CreatedDaily" >CreatedDaily</option> <option > value="CreatedMonthly" >CreatedMonthly</option> <option > value="CreatedAnnually" >CreatedAnnually</option> <option > value="LastUpdatedHourly" >LastUpdatedHourly</option> <option > value="LastUpdatedDaily" >LastUpdatedDaily</option> <option > value="LastUpdatedMonthly" >LastUpdatedMonthly</option> <option > value="LastUpdatedAnnually" >LastUpdatedAnnually</option> <option > value="StartedHourly" >StartedHourly</option> <option > value="StartedDaily" >StartedDaily</option> <option > value="StartedMonthly" >StartedMonthly</option> <option > value="StartedAnnually" >StartedAnnually</option> <option > value="StartsHourly" >StartsHourly</option> <option > value="StartsDaily" >StartsDaily</option> <option > value="StartsMonthly" >StartsMonthly</option> <option > value="StartsAnnually" >StartsAnnually</option> </select> style: > <select id="ChartStyle" name="ChartStyle"> <option value="bar" > selected="selected">bar</option> <option value="pie">pie</option> > </select> ------------ > > It seems there is some bugged code. > > Any tips where to look at? > > Thanks in advance. > > Regards, Jorge Ruão > > Computer Security Incident Response Team (CSIRT.FEUP) Prof. Correia > de Araújo Computer Center University of Oporto - Faculty of > Engineering _______________________________________________ Rtir > mailing list [email protected] > http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rtir > -- Tony Arnold, Tel: +44 (0) 161 275 6093 Head of IT Security, Fax: +44 (0) 705 344 3082 University of Manchester, Mob: +44 (0) 773 330 0039 Manchester M13 9PL. Email: [email protected]
>From ba4e3aae903888cf001bb90f4a4094b2a65d52e2 Mon Sep 17 00:00:00 2001 From: Kevin Falcone <[email protected]> Date: Wed, 8 Aug 2012 18:26:29 -0400 Subject: [PATCH] Begin using l_unsafe in a few places that pass HTML to /l As part of the security release for 3.8.13 and 4.0.6 RT began escaping all HTML passed to /l (see RT's a2a50999aa214fa01bb824d2b6fcec197ec2a8e9 for more details). --- html/RTIR/Search/Elements/ShowResults | 4 +- html/RTIR/Search/Reporting.html | 4 +- html/l_unsafe | 52 +++++++++++++++++++++++++++++++++ 3 files changed, 56 insertions(+), 4 deletions(-) create mode 100755 html/l_unsafe diff --git a/html/RTIR/Search/Elements/ShowResults b/html/RTIR/Search/Elements/ShowResults index f7d783a..f5ff7df 100644 --- a/html/RTIR/Search/Elements/ShowResults +++ b/html/RTIR/Search/Elements/ShowResults @@ -58,8 +58,8 @@ if ( $session{'CurrentUser'}->HasRight( Right => 'SuperUser', Object => $RT::Sys % foreach my $key ( keys %hiddens ) { <input type="hidden" class="hidden" name="<% $key %>" value="<% defined $hiddens{$key}? $hiddens{$key}: '' %>" /> % } -<&|/l, $m->scomp('/Search/Elements/SelectGroupBy', Name => 'PrimaryGroupBy') &>grouped by [_1]</&> -<&|/l, $m->scomp('/Search/Elements/SelectChartType', Name => 'ChartStyle') &>style: [_1]</&> +<&|/l_unsafe, $m->scomp('/Search/Elements/SelectGroupBy', Name => 'PrimaryGroupBy') &>grouped by [_1]</&> +<&|/l_unsafe, $m->scomp('/Search/Elements/SelectChartType', Name => 'ChartStyle') &>style: [_1]</&> <input type="submit" class="button" value="<% loc('Go') %>" /> </form> diff --git a/html/RTIR/Search/Reporting.html b/html/RTIR/Search/Reporting.html index 9e55c4e..de90d35 100644 --- a/html/RTIR/Search/Reporting.html +++ b/html/RTIR/Search/Reporting.html @@ -15,8 +15,8 @@ <input type="hidden" class="hidden" name="<% $key %>" value="<% $val %>" /> % } <&|/l&>Show chart</&> -<&|/l, $m->scomp('/Search/Elements/SelectGroupBy', Name => 'PrimaryGroupBy', Query => $FullQuery) &>grouped by [_1]</&> -<&|/l, $m->scomp('/Search/Elements/SelectChartType', Name => 'ChartStyle') &>style: [_1]</&> +<&|/l_unsafe, $m->scomp('/Search/Elements/SelectGroupBy', Name => 'PrimaryGroupBy', Query => $FullQuery) &>grouped by [_1]</&> +<&|/l_unsafe, $m->scomp('/Search/Elements/SelectChartType', Name => 'ChartStyle') &>style: [_1]</&> <input type="submit" class="button" name="ShowChart" value="<% loc('Go')%>" /> </form> diff --git a/html/l_unsafe b/html/l_unsafe new file mode 100755 index 0000000..6396bc6 --- /dev/null +++ b/html/l_unsafe @@ -0,0 +1,52 @@ +%# BEGIN BPS TAGGED BLOCK {{{ +%# +%# COPYRIGHT: +%# +%# This software is Copyright (c) 1996-2012 Best Practical Solutions, LLC +%# <[email protected]> +%# +%# (Except where explicitly superseded by other copyright notices) +%# +%# +%# LICENSE: +%# +%# This work is made available to you under the terms of Version 2 of +%# the GNU General Public License. A copy of that license should have +%# been provided with this software, but in any event can be snarfed +%# from www.gnu.org. +%# +%# This work is distributed in the hope that it will be useful, but +%# WITHOUT ANY WARRANTY; without even the implied warranty of +%# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +%# General Public License for more details. +%# +%# You should have received a copy of the GNU General Public License +%# along with this program; if not, write to the Free Software +%# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +%# 02110-1301 or visit their web page on the internet at +%# http://www.gnu.org/licenses/old-licenses/gpl-2.0.html. +%# +%# +%# CONTRIBUTION SUBMISSION POLICY: +%# +%# (The following paragraph is not intended to limit the rights granted +%# to you to modify and distribute this software under the terms of +%# the GNU General Public License and is only of importance to you if +%# you choose to contribute your changes and enhancements to the +%# community by submitting them to Best Practical Solutions, LLC.) +%# +%# By intentionally submitting any modifications, corrections or +%# derivatives to this work, or any other work intended for use with +%# Request Tracker, to Best Practical Solutions, LLC, you confirm that +%# you are the copyright holder for those contributions and you grant +%# Best Practical Solutions, LLC a nonexclusive, worldwide, irrevocable, +%# royalty-free, perpetual, license to use, copy, create derivative +%# works based on those contributions, and sublicense and distribute +%# those contributions and any derivatives thereof. +%# +%# END BPS TAGGED BLOCK }}} +<%init> + my $hand = ($session{'CurrentUser'} ||= RT::CurrentUser->new)->LanguageHandle; + $m->print($hand->maketext($m->content,@_)); + return(1); +</%init> -- 1.7.6.4
_______________________________________________ Rtir mailing list [email protected] http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rtir
