Fix view policy inheritance on image transforms

Summary: Inherit viewPolicy from original image in image transforms and warn about Profile transform making transformed images public. Details: https://hackerone.com/reports/1984060 8358b435a9 Closes T15663 Test Plan: 1. Click {nav View Transforms} on an image file with restrictive view policy. 2. See (Image will be Public) warning on Profile transform. 3. Click on Workcard transform. 4. Go back to {nav View Transforms} page and visit the Workcard transformed file. 5. Check if its view policy matches the original file. Reviewers: O1 Blessed Committers, speck Reviewed By: O1 Blessed Committers, speck Subscribers: speck, tobiaswiese, valerio.bozzolan, Matthew, Cigaryno Maniphest Tasks: T15663 Differential Revision: https://we.phorge.it/D25462 Signed-off-by: Zero King <l2dy@icloud.com>
2024-11-21 22:32:41 +01:00 · 2023-05-25 15:42:26 -04:00 · 2023-05-25 15:42:26 -04:00 · 005fea5a14
commit 005fea5a14
parent 90f651d669
2 changed files with 6 additions and 2 deletions
--- a/src/applications/files/transform/PhabricatorFileImageTransform.php
+++ b/src/applications/files/transform/PhabricatorFileImageTransform.php
@ -137,8 +137,12 @@ abstract class PhabricatorFileImageTransform extends PhabricatorFileTransform {
  protected function newFileFromData($data) {
    if ($this->file) {
      $name = $this->file->getName();
+      $inherit_properties = array(
+        'viewPolicy' => $this->file->getViewPolicy(),
+      );
    } else {
      $name = 'default.png';
+      $inherit_properties = array();
    }

    $defaults = array(
@ -146,7 +150,7 @@ abstract class PhabricatorFileImageTransform extends PhabricatorFileTransform {
      'name' => $this->getTransformKey().'-'.$name,
    );

-    $properties = $this->getFileProperties() + $defaults;
+    $properties = $this->getFileProperties() + $inherit_properties + $defaults;

    return PhabricatorFile::newFromFileData($data, $properties);
  }
--- a/src/applications/files/transform/PhabricatorFileThumbnailTransform.php
+++ b/src/applications/files/transform/PhabricatorFileThumbnailTransform.php
@ -58,7 +58,7 @@ final class PhabricatorFileThumbnailTransform
  public function generateTransforms() {
    return array(
      id(new PhabricatorFileThumbnailTransform())
-        ->setName(pht("Profile (400px \xC3\x97 400px)"))
+        ->setName(pht("Profile (400px \xC3\x97 400px) (Image will be Public)"))
        ->setKey(self::TRANSFORM_PROFILE)
        ->setDimensions(400, 400)
        ->setScaleUp(true),