Skip to content

Commit 2338cd1

Browse files
committed
security fix: clone the ticket to set CurrentUser
1 parent 4fe4646 commit 2338cd1

File tree

1 file changed

+4
-1
lines changed

1 file changed

+4
-1
lines changed

Diff for: lib/RT/Scrips_Overlay.pm

+4-1
Original file line numberDiff line numberDiff line change
@@ -283,7 +283,10 @@ sub _SetupSourceObjects {
283283
TransactionObj => undef,
284284
@_ );
285285

286-
if ( ( $self->{'TicketObj'} = $args{'TicketObj'} ) ) {
286+
287+
if ( $args{'TicketObj'} ) {
288+
# clone the ticket here as we need to change CurrentUser
289+
$self->{'TicketObj'} = bless { %{$args{'TicketObj'} } }, 'RT::Ticket';
287290
$self->{'TicketObj'}->CurrentUser( $self->CurrentUser );
288291
}
289292
else {

0 commit comments

Comments
 (0)