revi-archive/phorge-phorge
1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2025-04-06 17:38:29 +02:00
Code Issues Releases Wiki Activity

Policy - lock down file loading in mail reply handler path

Browse source 
Summary: Ref T7094. This one is really straight-forward since $this->actor is always populated and the right thing to do here.

Test Plan: used the ole thinking noodle since testing email w/ attachments is really hard

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T7094

Differential Revision: https://secure.phabricator.com/D11589
This commit is contained in:
Bob Trahan 2015-02-02 14:02:36 -08:00
parent f58dce6819
commit 388d1ff7bd
1 changed files with 4 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
src/applications/metamta/replyhandler/PhabricatorMailReplyHandler.php
View file

@ -325,9 +325,10 @@ abstract class PhabricatorMailReplyHandler {
return $body; return $body;
} }
// TODO: (T603) What's the policy here? $files = id(new PhabricatorFileQuery())
$files = id(new PhabricatorFile()) ->setViewer($this->getActor())
->loadAllWhere('phid in (%Ls)', $attachments); ->withPHIDs($attachments)
->execute();
// if we have some text then double return before adding our file list // if we have some text then double return before adding our file list
if ($body) { if ($body) {