mirror of
https://we.phorge.it/source/phorge.git
synced 2024-12-24 14:30:56 +01:00
Fix an issue where Phame could post to the wrong blog
When you `getInt()` an array, PHP decides the array has value `1`. This would cause us to post to blog #1 incorrectly. I didn't catch this locally because I happened to be posting to blog #1. Stop us from interpreting array values as `1`, and fix blog interpretation. This approach is a little messy (projects has the same issue) but I'll see if I can clean it up in some future change. Auditors: chad
This commit is contained in:
parent
edcc3232aa
commit
2328e739b7
2 changed files with 24 additions and 9 deletions
|
@ -123,6 +123,11 @@ final class AphrontRequest extends Phobject {
|
||||||
*/
|
*/
|
||||||
public function getInt($name, $default = null) {
|
public function getInt($name, $default = null) {
|
||||||
if (isset($this->requestData[$name])) {
|
if (isset($this->requestData[$name])) {
|
||||||
|
// Converting from array to int is "undefined". Don't rely on whatever
|
||||||
|
// PHP decides to do.
|
||||||
|
if (is_array($this->requestData[$name])) {
|
||||||
|
return $default;
|
||||||
|
}
|
||||||
return (int)$this->requestData[$name];
|
return (int)$this->requestData[$name];
|
||||||
} else {
|
} else {
|
||||||
return $default;
|
return $default;
|
||||||
|
|
|
@ -32,18 +32,27 @@ final class PhamePostEditController extends PhamePostController {
|
||||||
}
|
}
|
||||||
$blog_id = $post->getBlog()->getID();
|
$blog_id = $post->getBlog()->getID();
|
||||||
} else {
|
} else {
|
||||||
$blog_id = $request->getInt('blog');
|
$blog_id = head($request->getArr('blog'));
|
||||||
|
if (!$blog_id) {
|
||||||
|
$blog_id = $request->getStr('blog');
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
$blog = id(new PhameBlogQuery())
|
$query = id(new PhameBlogQuery())
|
||||||
->setViewer($viewer)
|
->setViewer($viewer)
|
||||||
->withIDs(array($blog_id))
|
|
||||||
->requireCapabilities(
|
->requireCapabilities(
|
||||||
array(
|
array(
|
||||||
PhabricatorPolicyCapability::CAN_VIEW,
|
PhabricatorPolicyCapability::CAN_VIEW,
|
||||||
PhabricatorPolicyCapability::CAN_EDIT,
|
PhabricatorPolicyCapability::CAN_EDIT,
|
||||||
))
|
));
|
||||||
->executeOne();
|
|
||||||
|
if (ctype_digit($blog_id)) {
|
||||||
|
$query->withIDs(array($blog_id));
|
||||||
|
} else {
|
||||||
|
$query->withPHIDs(array($blog_id));
|
||||||
|
}
|
||||||
|
|
||||||
|
$blog = $query->executeOne();
|
||||||
if (!$blog) {
|
if (!$blog) {
|
||||||
return new Aphront404Response();
|
return new Aphront404Response();
|
||||||
}
|
}
|
||||||
|
@ -60,10 +69,11 @@ final class PhamePostEditController extends PhamePostController {
|
||||||
$crumbs = parent::buildApplicationCrumbs();
|
$crumbs = parent::buildApplicationCrumbs();
|
||||||
|
|
||||||
$blog = $this->getBlog();
|
$blog = $this->getBlog();
|
||||||
|
if ($blog) {
|
||||||
$crumbs->addTextCrumb(
|
$crumbs->addTextCrumb(
|
||||||
$blog->getName(),
|
$blog->getName(),
|
||||||
$blog->getViewURI());
|
$blog->getViewURI());
|
||||||
|
}
|
||||||
|
|
||||||
return $crumbs;
|
return $crumbs;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue