revi-archive/phorge-phorge
1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2025-03-31 22:48:16 +02:00
Code Issues Releases Wiki Activity

Fix view policy inheritance on image transforms

Browse source 
Summary:
Inherit viewPolicy from original image in image transforms and warn about Profile transform making transformed images public. Details:

https://hackerone.com/reports/1984060

8358b435a9

Closes T15663

Test Plan:
1. Click {nav View Transforms} on an image file with restrictive view policy.
2. See (Image will be Public) warning on Profile transform.
3. Click on Workcard transform.
4. Go back to {nav View Transforms} page and visit the Workcard transformed file.
5. Check if its view policy matches the original file.

Reviewers: O1 Blessed Committers, speck

Reviewed By: O1 Blessed Committers, speck

Subscribers: speck, tobiaswiese, valerio.bozzolan, Matthew, Cigaryno

Maniphest Tasks: T15663

Differential Revision: https://we.phorge.it/D25462

Signed-off-by: Zero King <l2dy@icloud.com>
This commit is contained in:
David Lawrence 2023-05-25 15:42:26 -04:00 committed by Zero King
parent 90f651d669
commit 005fea5a14
2 changed files with 6 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
src/applications/files/transform/PhabricatorFileImageTransform.php
View file

@ -137,8 +137,12 @@ abstract class PhabricatorFileImageTransform extends PhabricatorFileTransform {
protected function newFileFromData($data) { protected function newFileFromData($data) {
if ($this->file) { if ($this->file) {
$name = $this->file->getName(); $name = $this->file->getName();
$inherit_properties = array(
'viewPolicy' => $this->file->getViewPolicy(),
);
} else { } else {
$name = 'default.png'; $name = 'default.png';
$inherit_properties = array();
} }
$defaults = array( $defaults = array(
@ -146,7 +150,7 @@ abstract class PhabricatorFileImageTransform extends PhabricatorFileTransform {
'name' => $this->getTransformKey().'-'.$name, 'name' => $this->getTransformKey().'-'.$name,
); );
$properties = $this->getFileProperties() + $defaults; $properties = $this->getFileProperties() + $inherit_properties + $defaults;
return PhabricatorFile::newFromFileData($data, $properties); return PhabricatorFile::newFromFileData($data, $properties);
} }

2
src/applications/files/transform/PhabricatorFileThumbnailTransform.php
View file

@ -58,7 +58,7 @@ final class PhabricatorFileThumbnailTransform
public function generateTransforms() { public function generateTransforms() {
return array( return array(
id(new PhabricatorFileThumbnailTransform()) id(new PhabricatorFileThumbnailTransform())
->setName(pht("Profile (400px \xC3\x97 400px)")) ->setName(pht("Profile (400px \xC3\x97 400px) (Image will be Public)"))
->setKey(self::TRANSFORM_PROFILE) ->setKey(self::TRANSFORM_PROFILE)
->setDimensions(400, 400) ->setDimensions(400, 400)
->setScaleUp(true), ->setScaleUp(true),