X-Git-Url: http://git.freeside.biz/gitweb/?a=blobdiff_plain;f=rt%2Flib%2FRT%2FInterface%2FWeb%2FHandler.pm;h=7cf18d1ab66f96715e38daa31fee1bfe7e2ae2ec;hb=ed1f84b4e8f626245995ecda5afcf83092c153b2;hp=a740167c66081705da51308499260ff4f20a35ba;hpb=85e677b86fc37c54e6de2b06340351a28f5a5916;p=freeside.git

diff --git a/rt/lib/RT/Interface/Web/Handler.pm b/rt/lib/RT/Interface/Web/Handler.pm
index a740167c6..7cf18d1ab 100644
--- a/rt/lib/RT/Interface/Web/Handler.pm
+++ b/rt/lib/RT/Interface/Web/Handler.pm
@@ -2,7 +2,7 @@
 #
 # COPYRIGHT:
 #
-# This software is Copyright (c) 1996-2012 Best Practical Solutions, LLC
+# This software is Copyright (c) 1996-2014 Best Practical Solutions, LLC
 #                                          <sales@bestpractical.com>
 #
 # (Except where explicitly superseded by other copyright notices)
@@ -205,10 +205,44 @@ sub CleanupRequest {
 
 sub HTML::Mason::Exception::as_rt_error {
     my ($self) = @_;
-    $RT::Logger->error( $self->full_message );
+    $RT::Logger->error( $self->as_text );
     return "An internal RT error has occurred.  Your administrator can find more details in RT's log files.";
 }
 
+=head1 CheckModPerlHandler
+
+Make sure we're not running with SetHandler perl-script.
+
+=cut
+
+sub CheckModPerlHandler{
+    my $self = shift;
+    my $env = shift;
+
+    # Plack::Handler::Apache2 masks MOD_PERL, so use MOD_PERL_API_VERSION
+    return unless( $env->{'MOD_PERL_API_VERSION'}
+                   and $env->{'MOD_PERL_API_VERSION'} == 2);
+
+    my $handler = $env->{'psgi.input'}->handler;
+
+    return unless defined $handler && $handler eq 'perl-script';
+
+    $RT::Logger->critical(<<MODPERL);
+RT has problems when SetHandler is set to perl-script.
+Change SetHandler in your in httpd.conf to:
+
+    SetHandler modperl
+
+For a complete example mod_perl configuration, see:
+
+https://bestpractical.com/rt/docs/@{[$RT::VERSION =~ /^(\d\.\d)/]}/web_deployment.html#mod_perl-2.xx
+MODPERL
+
+    my $res = Plack::Response->new(500);
+    $res->content_type("text/plain");
+    $res->body("Server misconfiguration; see error log for details");
+    return $res;
+}
 
 # PSGI App
 
@@ -217,7 +251,6 @@ use CGI::Emulate::PSGI;
 use Plack::Request;
 use Plack::Response;
 use Plack::Util;
-use Encode qw(encode_utf8);
 
 sub PSGIApp {
     my $self = shift;
@@ -231,6 +264,12 @@ sub PSGIApp {
 
     return sub {
         my $env = shift;
+
+        {
+            my $res = $self->CheckModPerlHandler($env);
+            return $self->_psgi_response_cb( $res->finalize ) if $res;
+        }
+
         RT::ConnectToDatabase() unless RT->InstallMode;
 
         my $req = Plack::Request->new($env);
@@ -238,7 +277,7 @@ sub PSGIApp {
         # CGI.pm normalizes .. out of paths so when you requested
         # /NoAuth/../Ticket/Display.html we saw Ticket/Display.html
         # PSGI doesn't normalize .. so we have to deal ourselves.
-        if ( $req->path_info =~ m{/\.} ) {
+        if ( $req->path_info =~ m{(^|/)\.\.?(/|$)} ) {
             $RT::Logger->crit("Invalid request for ".$req->path_info." aborting");
             my $res = Plack::Response->new(400);
             return $self->_psgi_response_cb($res->finalize,sub { $self->CleanupRequest });
@@ -288,7 +327,10 @@ sub _psgi_response_cb {
                          $cleanup->();
                          return '';
                      }
-                     return utf8::is_utf8($_[0]) ? encode_utf8($_[0]) : $_[0];
+                     # XXX: Ideally, responses should flag if they need
+                     # to be encoded, rather than relying on the UTF-8
+                     # flag
+                     return Encode::encode("UTF-8",$_[0]) if utf8::is_utf8($_[0]);
                      return $_[0];
                  };
              });