RT 4.2.13 Documentation
RT::Interface::Web
- NAME
- SquishedCSS $style
- SquishedJS
- JSFiles
- ClearSquished
- EscapeHTML SCALARREF
- EscapeURI SCALARREF
- EncodeJSON SCALAR
- WebCanonicalizeInfo();
- WebRemoteUserAutocreateInfo($user);
- LoginError ERROR
- SetNextPage ARGSRef [PATH]
- FetchNextPage HASHKEY
- RemoveNextPage HASHKEY
- TangentForLogin ARGSRef [HASH]
- TangentForLoginURL [HASH]
- TangentForLoginWithError ERROR
- IntuitNextPage
- MaybeShowInstallModePage
- MaybeShowNoAuthPage \%ARGS
- MaybeRejectPrivateComponentRequest
- ShowRequestedPage \%ARGS
- LoadSessionFromCookie
- GetWebURLFromRequest
- Redirect URL
- GetStaticHeaders
- CacheControlExpiresHeaders
- StaticFileHeaders
- ComponentPathIsSafe PATH
- PathIsSafe
- SendStaticFile
- RewriteInlineImages PARAMHASH
- GetCustomFieldInputName(CustomField => $cf_object, Object => $object, Grouping => $grouping_name)
- GetCustomFieldInputNamePrefix(CustomField => $cf_object, Object => $object, Grouping => $grouping_name)
- loc ARRAY
- loc_fuzzy STRING
- MaybeRedirectToApproval Path => 'path', Whitelist => REGEX, ARGSRef => HASHREF
- CreateTicket ARGS
- LoadTicket id
- ProcessUpdateMessage
- MakeMIMEEntity PARAMHASH
- ParseDateToISO
- ProcessACLs
- _ParseACLNewPrincipal
- UpdateRecordObj ( ARGSRef => \%ARGS, Object => RT::Record, AttributesRef => \@attribs)
- ProcessTicketBasics ( TicketObj => $Ticket, ARGSRef => \%ARGS );
- ProcessTicketWatchers ( TicketObj => $Ticket, ARGSRef => \%ARGS );
- ProcessTicketDates ( TicketObj => $Ticket, ARGSRef => \%ARGS );
- ProcessTicketLinks ( TicketObj => $Ticket, ARGSRef => \%ARGS );
- ProcessLinksForCreate
- ProcessTransactionSquelching
- _UploadedFile ( $arg );
- GetPrincipalsMap OBJECT, CATEGORIES
- _load_container_object ( $type, $id );
- _parse_saved_search ( $arg );
- ScrubHTML content
- _NewScrubber
- JSON
NAME
RT::Interface::Web
SquishedCSS $style
SquishedJS
JSFiles
ClearSquished
Removes the cached CSS and JS entries, forcing them to be regenerated on next use.
EscapeHTML SCALARREF
does a css-busting but minimalist escaping of whatever html you're passing in.
EscapeURI SCALARREF
Escapes URI component according to RFC2396
EncodeJSON SCALAR
Encodes the SCALAR to JSON and returns a JSON Unicode (not UTF-8) string. SCALAR may be a simple value or a reference.
WebCanonicalizeInfo();
Different web servers set different environmental varibles. This function must return something suitable for REMOTE_USER. By default, just downcase $ENV{'REMOTE_USER'}
WebRemoteUserAutocreateInfo($user);
Returns a hash of user attributes, used when WebRemoteUserAutocreate is set.
LoginError ERROR
Pushes a login error into the Actions session store and returns the hash key.
SetNextPage ARGSRef [PATH]
Intuits and stashes the next page in the sesssion hash. If PATH is specified, uses that instead of the value of IntuitNextPage(). Returns the hash value.
FetchNextPage HASHKEY
Returns the stashed next page hashref for the given hash.
RemoveNextPage HASHKEY
Removes the stashed next page for the given hash and returns it.
TangentForLogin ARGSRef [HASH]
Redirects to /NoAuth/Login.html
, setting the value of IntuitNextPage as the next page. Takes a hashref of request %ARGS as the first parameter. Optionally takes all other parameters as a hash which is dumped into query params.
TangentForLoginURL [HASH]
Returns a URL suitable for tangenting for login. Optionally takes a hash which is dumped into query params.
TangentForLoginWithError ERROR
Localizes the passed error message, stashes it with LoginError and then calls TangentForLogin with the appropriate results key.
IntuitNextPage
Attempt to figure out the path to which we should return the user after a tangent. The current request URL is used, or failing that, the WebURL
configuration variable.
MaybeShowInstallModePage
This function, called exclusively by RT's autohandler, dispatches a request to RT's Installation workflow, only if Install Mode is enabled in the configuration file.
If it serves a page, it stops mason processing. Otherwise, mason just keeps running through the autohandler
MaybeShowNoAuthPage \%ARGS
This function, called exclusively by RT's autohandler, dispatches a request to the page a user requested (but only if it matches the "noauth" regex.
If it serves a page, it stops mason processing. Otherwise, mason just keeps running through the autohandler
MaybeRejectPrivateComponentRequest
This function will reject calls to private components, like those under /Elements
. If the requested path is a private component then we will abort with a 403
error.
ShowRequestedPage \%ARGS
This function, called exclusively by RT's autohandler, dispatches a request to the page a user requested (making sure that unpriviled users can only see self-service pages.
LoadSessionFromCookie
Load or setup a session cookie for the current user.
GetWebURLFromRequest
People may use different web urls instead of $WebURL
in config. Return the web url current user is using.
Redirect URL
This routine ells the current user's browser to redirect to URL. Additionally, it unties the user's currently active session, helping to avoid A bug in Apache::Session 1.81 and earlier which clobbers sessions if we try to use a cached DBI statement handle twice at the same time.
GetStaticHeaders
return an arrayref of Headers (currently, Cache-Control and Expires).
CacheControlExpiresHeaders
set both Cache-Control and Expires http headers
StaticFileHeaders
Send the browser a few headers to try to get it to (somewhat agressively) cache RT's static Javascript and CSS files.
This routine could really use _accurate_ heuristics. (XXX TODO)
ComponentPathIsSafe PATH
Takes PATH
and returns a boolean indicating that the user-specified partial component path is safe.
Currently "safe" means that the path does not start with a dot (.
), does not contain a slash-dot /.
, and does not contain any nulls.
PathIsSafe
Takes a Path => path
and returns a boolean indicating that the path is safely within RT's control or not. The path must be relative.
This function does not consult the filesystem at all; it is merely a logical sanity checking of the path. This explicitly does not handle symlinks; if you have symlinks in RT's webroot pointing outside of it, then we assume you know what you are doing.
SendStaticFile
Takes a File => path and a Type => Content-type
If Type isn't provided and File is an image, it will figure out a sane Content-type, otherwise it will send application/octet-stream
Will set caching headers using StaticFileHeaders
_NormalizeHost
Takes a URI and creates a URI object that's been normalized to handle common problems such as localhost vs 127.0.0.1
RewriteInlineImages PARAMHASH
Turns <img src="cid:...">
elements in HTML into working images pointing back to RT's stored copy.
Takes the following parameters:
- Content
-
Scalar ref of the HTML content to rewrite. Modified in place to support the most common use-case.
- Attachment
-
The RT::Attachment object from which the Content originates.
- Related (optional)
-
Array ref of related RT::Attachment objects to use for
Content-ID
matching.Defaults to the result of the
Siblings
method on the passed Attachment. - AttachmentPath (optional)
-
The base path to use when rewriting
src
attributes.Defaults to
$WebPath/Ticket/Attachment
In scalar context, returns the number of elements rewritten.
In list content, returns the attachments IDs referred to by the rewritten <img> elements, in the order found. There may be duplicates.
GetCustomFieldInputName(CustomField => $cf_object, Object => $object, Grouping => $grouping_name)
Returns the standard custom field input name; this is complementary to "_ParseObjectCustomFieldArgs". Takes the following arguments:
- CustomField => RT::CustomField object
-
Required.
- Object => object
-
The object that the custom field is applied to; optional. If omitted, defaults to a new object of the appropriate class for the custom field.
- Grouping => CF grouping
-
The grouping that the custom field is being rendered in. Groupings allow a custom field to appear in more than one location per form.
GetCustomFieldInputNamePrefix(CustomField => $cf_object, Object => $object, Grouping => $grouping_name)
Returns the standard custom field input name prefix(without "Value" or alike suffix)
loc ARRAY
loc is a nice clean global routine which calls $session{'CurrentUser'}->loc() with whatever it's called with. If there is no $session{'CurrentUser'}, it creates a temporary user, so we have something to get a localisation handle through
loc_fuzzy STRING
loc_fuzzy is for handling localizations of messages that may already contain interpolated variables, typically returned from libraries outside RT's control. It takes the message string and extracts the variable array automatically by matching against the candidate entries inside the lexicon file.
MaybeRedirectToApproval Path => 'path', Whitelist => REGEX, ARGSRef => HASHREF
If the ticket specified by $ARGSRef->{id}
is an approval ticket, redirect to the approvals display page, preserving any arguments.
Path
s matching Whitelist
are let through.
This is a no-op if the ForceApprovalsView
option isn't enabled.
CreateTicket ARGS
Create a new ticket, using Mason's %ARGS. returns @results.
LoadTicket id
Takes a ticket id as its only variable. if it's handed an array, it takes the first value.
Returns an RT::Ticket object as the current user.
ProcessUpdateMessage
Takes paramhash with fields ARGSRef, TicketObj and SkipSignatureOnly.
Don't write message if it only contains current user's signature and SkipSignatureOnly argument is true. Function anyway adds attachments and updates time worked field even if skips message. The default value is true.
MakeMIMEEntity PARAMHASH
Takes a paramhash Subject, Body and AttachmentFieldName.
Also takes Form, Cc and Type as optional paramhash keys.
Returns a MIME::Entity.
ParseDateToISO
Takes a date in an arbitrary format. Returns an ISO date and time in GMT
ProcessACLs
ProcessACLs expects values from a series of checkboxes that describe the full set of rights a principal should have on an object.
It expects form inputs with names like SetRights-PrincipalId-ObjType-ObjId instead of with the prefixes Grant/RevokeRight. Each input should be an array listing the rights the principal should have, and ProcessACLs will modify the current rights to match. Additionally, the previously unused CheckACL input listing PrincipalId-ObjType-ObjId is now used to catch cases when all the rights are removed from a principal and as such no SetRights input is submitted.
_ParseACLNewPrincipal
Takes a hashref of %ARGS
and a principal type (user
or group
). Looks for the presence of rights being added on a principal of the specified type, and returns undef if no new principal is being granted rights. Otherwise loads up an RT::User or RT::Group object and returns it. Note that the object may not be successfully loaded, and you should check -
id> yourself.
UpdateRecordObj ( ARGSRef => \%ARGS, Object => RT::Record, AttributesRef => \@attribs)
@attribs is a list of ticket fields to check and update if they differ from the Object's current values. ARGSRef is a ref to HTML::Mason's %ARGS.
Returns an array of success/failure messages
ProcessTicketBasics ( TicketObj => $Ticket, ARGSRef => \%ARGS );
Returns an array of results messages.
ProcessTicketWatchers ( TicketObj => $Ticket, ARGSRef => \%ARGS );
Returns an array of results messages.
ProcessTicketDates ( TicketObj => $Ticket, ARGSRef => \%ARGS );
Returns an array of results messages.
ProcessTicketLinks ( TicketObj => $Ticket, ARGSRef => \%ARGS );
Returns an array of results messages.
ProcessLinksForCreate
Takes a hash with a single key, ARGSRef
, the value of which is a hashref to %ARGS
.
Converts and returns submitted args in the form of new-LINKTYPE
and LINKTYPE-new
into their appropriate directional link types. For example, new-DependsOn
becomes DependsOn
and DependsOn-new
becomes DependedOnBy
. The incoming arg values are split on whitespace and normalized into arrayrefs before being returned.
Primarily used by object creation pages for transforming incoming form inputs from /Elements/EditLinks into arguments appropriate for individual record Create methods.
Returns a hashref in scalar context and a hash in list context.
ProcessTransactionSquelching
Takes a hashref of the submitted form arguments, %ARGS
.
Returns a hash of squelched addresses.
_UploadedFile ( $arg );
Takes a CGI parameter name; if a file is uploaded under that name, return a hash reference suitable for AddCustomFieldValue's use: ( Value =
$filename, LargeContent => $content, ContentType => $type )>.
Returns undef
if no files were uploaded in the $arg
field.
GetPrincipalsMap OBJECT, CATEGORIES
Returns an array suitable for passing to /Admin/Elements/EditRights with the principal collections mapped from the categories given.
_load_container_object ( $type, $id );
Instantiate container object for saving searches.
_parse_saved_search ( $arg );
Given a serialization string for saved search, and returns the container object and the search id.
ScrubHTML content
Removes unsafe and undesired HTML from the passed content
_NewScrubber
Returns a new HTML::Scrubber object.
If you need to be more lax about what HTML tags and attributes are allowed, create /opt/rt4/local/lib/RT/Interface/Web_Local.pm
with something like the following:
package HTML::Mason::Commands;
# Let tables through
push @SCRUBBER_ALLOWED_TAGS, qw(TABLE THEAD TBODY TFOOT TR TD TH);
1;
JSON
Redispatches to "EncodeJSON" in RT::Interface::Web
← Back to index