Skip Menu |
 

This queue is for tickets about the RT-Extension-CommandByMail CPAN distribution.

Report information
The Basics
Id: 27333
Status: open
Priority: 0/
Queue: RT-Extension-CommandByMail

People
Owner: Nobody in particular
Requestors: ROSCH [...] cpan.org
Cc: jason [...] long.name
AdminCc:

Bug Information
Severity: Normal
Broken in: (no value)
Fixed in: (no value)

Attachments


Subject: don't try to process commands from unpriviliged users?
MIME-Version: 1.0
X-Mailer: MIME-tools 5.418 (Entity 5.418)
Content-Type: text/plain; charset="utf8"
Content-Disposition: inline
Content-Transfer-Encoding: binary
X-RT-Original-Encoding: utf-8
Content-Length: 586
Download (untitled) / with headers
text/plain 586b
Sometimes somebody emails the ticket system and the start of their message happens to look like a command to be processed, eg: Guys: My computer is on fire! RT::Interface::Email::Filter::TakeAction sees this, tries to process it, fails, and sends an error back to the user, who becomes confused. I don't know what the best fix for this is, but my current thought is that it shouldn't try to process commands from unpriviliged users. If you have any other opinions I'd love to hear them. Otherwise I'll likely try to come up with a patch for this, if I do I'll let you know.
MIME-Version: 1.0
X-Mailer: MIME-tools 5.418 (Entity 5.418)
Message-Id: <rt-3.6.HEAD-27580-1181588414-1139.27333-0-0 [...] rt.cpan.org>
Content-Type: multipart/mixed; boundary="----------=_1181588414-27580-1"
From: ROSCH [...] cpan.org
X-RT-Original-Encoding: utf-8
Content-Length: 0
Content-Disposition: inline
Content-Type: text/plain; charset="utf8"
Content-Transfer-Encoding: binary
X-RT-Original-Encoding: utf-8
Content-Length: 28
Here's what I came up with.
MIME-Version: 1.0
X-Mailer: MIME-tools 5.418 (Entity 5.418)
Content-Type: multipart/mixed; boundary="----------=_1181588414-27580-0"
Content-Length: 0
Content-Type: text/plain; charset="utf8"
Content-Disposition: inline
Content-Transfer-Encoding: binary
X-RT-Original-Encoding: utf-8
X-RT-Original-Encoding: utf-8
Content-Length: 0
Content-Type: application/octet-stream; name="RT-Extension-CommandByMail-0.05-only-priv-users.diff"
Content-Disposition: inline; filename="RT-Extension-CommandByMail-0.05-only-priv-users.diff"
Content-Transfer-Encoding: base64
Content-Length: 996
diff -ur RT-Extension-CommandByMail-0.05/lib/RT/Interface/Email/Filter/TakeAction.pm RT-Extension-CommandByMail/lib/RT/Interface/Email/Filter/TakeAction.pm --- RT-Extension-CommandByMail-0.05/lib/RT/Interface/Email/Filter/TakeAction.pm 2006-09-03 20:07:39.000000000 -0400 +++ RT-Extension-CommandByMail/lib/RT/Interface/Email/Filter/TakeAction.pm 2007-06-08 17:27:09.000000000 -0400 @@ -157,6 +157,14 @@ return ( $args{'CurrentUser'}, $args{'AuthLevel'} ); } + # Non-privileged users can't use this extension. The main benefit + # here is they won't accidentally try to ("Guys: My computer is on + # fire!") and get errors. + unless ( $args{'CurrentUser'}->Privileged ) { + $RT::Logger->debug("Filter::TakeAction ignoring non-privileged user"); + return ( $args{'CurrentUser'}, $args{'AuthLevel'} ); + } + # If the user isn't asking for a comment or a correspond, # bail out unless ( $args{'Action'} =~ /^(?:comment|correspond)$/i ) {
MIME-Version: 1.0
In-Reply-To: <rt-3.6.HEAD-27580-1181588414-1139.27333-0-0 [...] rt.cpan.org>
X-Mailer: MIME-tools 5.427 (Entity 5.427)
References: <rt-3.6.HEAD-27580-1181588414-1139.27333-0-0 [...] rt.cpan.org>
Content-Type: multipart/mixed; boundary="----------=_1276539922-10890-154"
Message-ID: <rt-3.8.HEAD-10890-1276539922-373.27333-0-0 [...] rt.cpan.org>
From: stefan [...] cae.wisc.edu
X-RT-Original-Encoding: utf-8
Content-Length: 0
Content-Disposition: inline
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: binary
X-RT-Original-Encoding: utf-8
Content-Length: 243
Download (untitled) / with headers
text/plain 243b
Here's another version that adds in a toggle. The variable $CommandByMailOnlyPrivileged can be set to 1 in RT_SiteConfig.pm Otherwise there are no changes. -stefan On Mon Jun 11 15:00:14 2007, ROSCH wrote: Show quoted text
> Here's what I came up with.
Subject: CommandsToPrivileged.diff
MIME-Version: 1.0
Content-Type: text/x-diff; name="CommandsToPrivileged.diff"
X-Mailer: MIME-tools 5.427 (Entity 5.427)
Content-Disposition: inline; filename="CommandsToPrivileged.diff"
Content-Transfer-Encoding: binary
Content-Length: 831
--- TakeAction.pm.orig 2010-06-14 13:20:54.000010000 -0500 +++ TakeAction.pm 2010-06-14 13:21:12.000401000 -0500 @@ -158,6 +158,17 @@ return ( $args{'CurrentUser'}, $args{'AuthLevel'} ); } + # If we have $RT::CommandByMailOnlyPrivileged set, then + # Non-privileged users can't use this extension. The main benefit + # here is they won't accidentally try to ("Guys: My computer is on + # fire!") and get errors. + if ($RT::CommandByMailOnlyPrivileged) { + unless ( $args{'CurrentUser'}->Privileged ) { + $RT::Logger->debug("Filter::TakeAction ignoring non-privileged user"); + return ( $args{'CurrentUser'}, $args{'AuthLevel'} ); + } + } + # If the user isn't asking for a comment or a correspond, # bail out unless ( $args{'Action'} =~ /^(?:comment|correspond)$/i ) {


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.