mirror of
https://we.phorge.it/source/phorge.git
synced 2024-12-30 01:10:58 +01:00
Fix an issue with embedding slowvotes
Summary: In some applications, using `{V2}` syntax to embed a vote throws. The chain of causality looks like this: - We try to render a `phabricator_form()`. - This requires a CSRF token. - We look for a CSRF token on the user. - It's an omnipotent user with no token, so everything fails. To resolve this, make sure we always pass the real user in. Test Plan: - Lots of `grep`. - Made a Differential comment with `{V2}`. - Made a Diffusion comment with `{V2}`. - Made a Maniphest comment with `{V2}`. - Replied to a Conpherence thread with `{V2}`. - Created a Conpherence thread with `{V2}`. - Used Conduit to update a Conpherence thread with `{V2}`. Reviewers: btrahan Reviewed By: btrahan Subscribers: epriestley, lkassianik Differential Revision: https://secure.phabricator.com/D8849
This commit is contained in:
parent
19debcee8a
commit
3b5883d8c1
8 changed files with 26 additions and 11 deletions
|
@ -76,6 +76,7 @@ final class PhabricatorAuditCommentEditor extends PhabricatorEditor {
|
|||
|
||||
// Find any "@mentions" in the content blocks.
|
||||
$mention_ccs = PhabricatorMarkupEngine::extractPHIDsFromMentions(
|
||||
$this->getActor(),
|
||||
$content_blocks);
|
||||
if ($mention_ccs) {
|
||||
$metacc = idx(
|
||||
|
|
|
@ -90,7 +90,10 @@ final class ConduitAPI_conpherence_updatethread_Method
|
|||
if ($message) {
|
||||
$xactions = array_merge(
|
||||
$xactions,
|
||||
$editor->generateTransactionsFromText($conpherence, $message));
|
||||
$editor->generateTransactionsFromText(
|
||||
$user,
|
||||
$conpherence,
|
||||
$message));
|
||||
}
|
||||
|
||||
try {
|
||||
|
|
|
@ -55,6 +55,7 @@ final class ConpherenceUpdateController
|
|||
case ConpherenceUpdateActions::MESSAGE:
|
||||
$message = $request->getStr('text');
|
||||
$xactions = $editor->generateTransactionsFromText(
|
||||
$user,
|
||||
$conpherence,
|
||||
$message);
|
||||
$delete_draft = true;
|
||||
|
|
|
@ -34,9 +34,9 @@ final class ConpherenceEditor extends PhabricatorApplicationTransactionEditor {
|
|||
$errors[] = self::ERROR_EMPTY_MESSAGE;
|
||||
}
|
||||
|
||||
$file_phids =
|
||||
PhabricatorMarkupEngine::extractFilePHIDsFromEmbeddedFiles(
|
||||
array($message));
|
||||
$file_phids = PhabricatorMarkupEngine::extractFilePHIDsFromEmbeddedFiles(
|
||||
$creator,
|
||||
array($message));
|
||||
if ($file_phids) {
|
||||
$files = id(new PhabricatorFileQuery())
|
||||
->setViewer($creator)
|
||||
|
@ -78,13 +78,14 @@ final class ConpherenceEditor extends PhabricatorApplicationTransactionEditor {
|
|||
}
|
||||
|
||||
public function generateTransactionsFromText(
|
||||
PhabricatorUser $viewer,
|
||||
ConpherenceThread $conpherence,
|
||||
$text) {
|
||||
|
||||
$files = array();
|
||||
$file_phids =
|
||||
PhabricatorMarkupEngine::extractFilePHIDsFromEmbeddedFiles(
|
||||
array($text));
|
||||
$file_phids = PhabricatorMarkupEngine::extractFilePHIDsFromEmbeddedFiles(
|
||||
$viewer,
|
||||
array($text));
|
||||
// Since these are extracted from text, we might be re-including the
|
||||
// same file -- e.g. a mock under discussion. Filter files we
|
||||
// already have.
|
||||
|
|
|
@ -82,6 +82,7 @@ final class ConpherenceReplyHandler extends PhabricatorMailReplyHandler {
|
|||
$xactions = array_merge(
|
||||
$xactions,
|
||||
$editor->generateTransactionsFromText(
|
||||
$user,
|
||||
$conpherence,
|
||||
$body));
|
||||
|
||||
|
|
|
@ -26,6 +26,7 @@ final class ManiphestTransactionSaveController extends ManiphestController {
|
|||
// list of all the CCs and then construct a transaction for them at the
|
||||
// end if necessary.
|
||||
$added_ccs = PhabricatorMarkupEngine::extractPHIDsFromMentions(
|
||||
$user,
|
||||
array(
|
||||
$request->getStr('comments'),
|
||||
));
|
||||
|
|
|
@ -973,7 +973,9 @@ abstract class PhabricatorApplicationTransactionEditor
|
|||
}
|
||||
|
||||
$texts = array_mergev($blocks);
|
||||
$phids = PhabricatorMarkupEngine::extractPHIDsFromMentions($texts);
|
||||
$phids = PhabricatorMarkupEngine::extractPHIDsFromMentions(
|
||||
$this->getActor(),
|
||||
$texts);
|
||||
|
||||
$this->mentionedPHIDs = $phids;
|
||||
|
||||
|
@ -2173,6 +2175,7 @@ abstract class PhabricatorApplicationTransactionEditor
|
|||
$phids = array();
|
||||
if ($blocks) {
|
||||
$phids[] = PhabricatorMarkupEngine::extractFilePHIDsFromEmbeddedFiles(
|
||||
$this->getActor(),
|
||||
$blocks);
|
||||
}
|
||||
|
||||
|
|
|
@ -494,11 +494,14 @@ final class PhabricatorMarkupEngine {
|
|||
return $engine;
|
||||
}
|
||||
|
||||
public static function extractPHIDsFromMentions(array $content_blocks) {
|
||||
public static function extractPHIDsFromMentions(
|
||||
PhabricatorUser $viewer,
|
||||
array $content_blocks) {
|
||||
|
||||
$mentions = array();
|
||||
|
||||
$engine = self::newDifferentialMarkupEngine();
|
||||
$engine->setConfig('viewer', PhabricatorUser::getOmnipotentUser());
|
||||
$engine->setConfig('viewer', $viewer);
|
||||
|
||||
foreach ($content_blocks as $content_block) {
|
||||
$engine->markupText($content_block);
|
||||
|
@ -512,11 +515,12 @@ final class PhabricatorMarkupEngine {
|
|||
}
|
||||
|
||||
public static function extractFilePHIDsFromEmbeddedFiles(
|
||||
PhabricatorUser $viewer,
|
||||
array $content_blocks) {
|
||||
$files = array();
|
||||
|
||||
$engine = self::newDifferentialMarkupEngine();
|
||||
$engine->setConfig('viewer', PhabricatorUser::getOmnipotentUser());
|
||||
$engine->setConfig('viewer', $viewer);
|
||||
|
||||
foreach ($content_blocks as $content_block) {
|
||||
$engine->markupText($content_block);
|
||||
|
|
Loading…
Reference in a new issue