1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-24 06:20:56 +01:00

Fix an issue where Phame could post to the wrong blog

When you `getInt()` an array, PHP decides the array has value `1`. This would
cause us to post to blog #1 incorrectly. I didn't catch this locally because
I happened to be posting to blog #1.

Stop us from interpreting array values as `1`, and fix blog interpretation.

This approach is a little messy (projects has the same issue) but I'll see
if I can clean it up in some future change.

Auditors: chad
This commit is contained in:
epriestley 2016-01-02 05:16:10 -08:00
parent edcc3232aa
commit 2328e739b7
2 changed files with 24 additions and 9 deletions

View file

@ -123,6 +123,11 @@ final class AphrontRequest extends Phobject {
*/
public function getInt($name, $default = null) {
if (isset($this->requestData[$name])) {
// Converting from array to int is "undefined". Don't rely on whatever
// PHP decides to do.
if (is_array($this->requestData[$name])) {
return $default;
}
return (int)$this->requestData[$name];
} else {
return $default;

View file

@ -32,18 +32,27 @@ final class PhamePostEditController extends PhamePostController {
}
$blog_id = $post->getBlog()->getID();
} else {
$blog_id = $request->getInt('blog');
$blog_id = head($request->getArr('blog'));
if (!$blog_id) {
$blog_id = $request->getStr('blog');
}
}
$blog = id(new PhameBlogQuery())
$query = id(new PhameBlogQuery())
->setViewer($viewer)
->withIDs(array($blog_id))
->requireCapabilities(
array(
PhabricatorPolicyCapability::CAN_VIEW,
PhabricatorPolicyCapability::CAN_EDIT,
))
->executeOne();
));
if (ctype_digit($blog_id)) {
$query->withIDs(array($blog_id));
} else {
$query->withPHIDs(array($blog_id));
}
$blog = $query->executeOne();
if (!$blog) {
return new Aphront404Response();
}
@ -60,10 +69,11 @@ final class PhamePostEditController extends PhamePostController {
$crumbs = parent::buildApplicationCrumbs();
$blog = $this->getBlog();
if ($blog) {
$crumbs->addTextCrumb(
$blog->getName(),
$blog->getViewURI());
}
return $crumbs;
}