Issue: Big custom field values

Hello Community,

We are trying to change a custom field values to default value if ticket status changes to either resolved/rejected/autorejected through scrip way. We are able to do that if length of a custom field value is small. Problem arises when the custom field value is big (more than 2 lines). Some one please assist us to resolve this issue.

Working custom field value:
This alert indicates an attempt to exploit a code injection in specially crafted environment variables in Bash, specifically targeting Apache mod_cgi scripts through the HTTP_USER_AGENT variable.

Problematic custom field values (example):

  1. This alert is triggered when a command shell connection is made to a Unix server. Normally, there should not be any unencrypted command shell connections active to Unix servers. This alert indicates that someone has gained unauthorized privileges or access. Backdoor attacks are unauthorized entry attempts into your system. Often these attacks go unnoticed, and may allow an attacker to execute commands as a privileged user.

  2. This alert indicates that someone attempted to submit a crafted URL to inject a SQL command, which can then be run by the SQL server. “SQL injection” occurs when an attacker is able to insert a SQL statement into a SQL query generated by a trusted Web server. These injected SQL queries can be used to execute commands and possibly compromise the database.

custom field: Alert Definition (Type: Enter one value)


Custom condition:
my $txn = $self->TransactionObj;

if(($txn->NewValue eq “resolved”) || ($txn->NewValue eq “rejected”) || ($txn->NewValue eq “autorejected”))
return 1;

return 0;

Custom action preparation code:

my $queue = ‘IDS Alerts’;
my $cf_name = ‘Alert Definition’;
my $tx = RT::Tickets->new($RT::SystemUser);
my $cf = RT::CustomField->new($RT::SystemUser);
my $q = RT::Queue->new($RT::SystemUser);
$cf->LoadByNameAndQueue(Queue => $q->Id, Name => $cf_name);

unless( $cf->id )
die “Could not load custom field”;

my $cf_value = $self->TicketObj->FirstCustomFieldValue($cf_name);
my ($ret, $msg) = $self->TicketObj->DeleteCustomFieldValue(Field => $cf->Id, Value => $cf_value);
$self->TicketObj->AddCustomFieldValue(Field => $cf->Id, Value => ‘Deleted’);

Custom action commit code:
return 1;

We also tried changing the type of the custom field value to below. But, nothing is working :frowning:

  • Fill in one wikitext area
  • Fill in one text area

Code Courtesy:
RT Wiki

Perhaps you don’t need to delete CF value. Just use only the AddCustomFieldValue() to set the CF to default value (yes, the name of the procedure is slightly misleading). So you need to use only the last line in your code and avoid the previous two.

Thanks, Petr! Your inputs solved the issue. great day :slight_smile:

Now, I am wondering when DeleteCustomFieldValue will come handy…