I would have hoped it would have been a part of an ARS service pack since it's a potential security risk overall, but I'm on 8.1 Patch 2 on the system where this happened so it makes sense that it was addressed as a part of an ITSM service pack.
Thanks, Shawn Pierson Remedy Developer | Energy Transfer From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Mitcham, Ross Sent: Thursday, January 16, 2014 1:22 PM To: arslist@ARSLIST.ORG Subject: Re: ITSM 7.6.4 Defect with Double Quotes ** This was addressed in a service pack I believe (to encode and decode " and ; from certain data ) Regards, From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Pierson, Shawn Sent: Thursday, January 16, 2014 1:54 PM To: arslist@ARSLIST.ORG<mailto:arslist@ARSLIST.ORG> Subject: ITSM 7.6.4 Defect with Double Quotes ** Good afternoon, I thought I'd run this past you all. With BMC moving toward using a lot more run process types of workflow, I've noticed several things failing and I wanted to see if anyone has identified a good fix other than us customers doing a full code review of ITSM and building error handling code into their stuff. For example, my user has an Incident with a summary of something like: This is a "test" where I am testing. When the user goes to create a related Change Request from that Incident, it errors out when trying to save the Change Request. It appears to start from the beginning in the active link INT:CHGHPD:INC:CreateAssociation_Change_003 where it sets a field to do a PERFORM-ACTION-SEND-EVENT action, then sends the contents of that field (including quotation marks which are not escaped out) to actually run. The result is that my user gets a Change Request screen open, but it doesn't set all of the fields that would be set if there weren't double quotes, and he is unable to save the CRQ because it is missing the Incident Number and generates an error trying to create the Change Association record. I'm going to test this same thing in 8.1 to see if anything has been done about it there, but it seems like a potential security risk in addition to just causing users trouble. I wonder if I can execute batch files from there? Thanks, Shawn Pierson Remedy Developer | Energy Transfer Private and confidential as detailed here<http://www.energytransfer.com/mail_disclaimer.aspx>. If you cannot access hyperlink, please e-mail sender. _ARSlist: "Where the Answers Are" and have been for 20 years_ _ARSlist: "Where the Answers Are" and have been for 20 years_ Private and confidential as detailed here: http://www.energytransfer.com/mail_disclaimer.aspx . If you cannot access the link, please e-mail sender. _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years"
