1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-30 01:10:58 +01:00

Fix an issue with embedding slowvotes

Summary:
In some applications, using `{V2}` syntax to embed a vote throws. The chain of causality looks like this:

  - We try to render a `phabricator_form()`.
  - This requires a CSRF token.
  - We look for a CSRF token on the user.
  - It's an omnipotent user with no token, so everything fails.

To resolve this, make sure we always pass the real user in.

Test Plan:
  - Lots of `grep`.
  - Made a Differential comment with `{V2}`.
  - Made a Diffusion comment with `{V2}`.
  - Made a Maniphest comment with `{V2}`.
  - Replied to a Conpherence thread with `{V2}`.
  - Created a Conpherence thread with `{V2}`.
  - Used Conduit to update a Conpherence thread with `{V2}`.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley, lkassianik

Differential Revision: https://secure.phabricator.com/D8849
This commit is contained in:
epriestley 2014-04-23 16:30:38 -07:00
parent 19debcee8a
commit 3b5883d8c1
8 changed files with 26 additions and 11 deletions

View file

@ -76,6 +76,7 @@ final class PhabricatorAuditCommentEditor extends PhabricatorEditor {
// Find any "@mentions" in the content blocks.
$mention_ccs = PhabricatorMarkupEngine::extractPHIDsFromMentions(
$this->getActor(),
$content_blocks);
if ($mention_ccs) {
$metacc = idx(

View file

@ -90,7 +90,10 @@ final class ConduitAPI_conpherence_updatethread_Method
if ($message) {
$xactions = array_merge(
$xactions,
$editor->generateTransactionsFromText($conpherence, $message));
$editor->generateTransactionsFromText(
$user,
$conpherence,
$message));
}
try {

View file

@ -55,6 +55,7 @@ final class ConpherenceUpdateController
case ConpherenceUpdateActions::MESSAGE:
$message = $request->getStr('text');
$xactions = $editor->generateTransactionsFromText(
$user,
$conpherence,
$message);
$delete_draft = true;

View file

@ -34,9 +34,9 @@ final class ConpherenceEditor extends PhabricatorApplicationTransactionEditor {
$errors[] = self::ERROR_EMPTY_MESSAGE;
}
$file_phids =
PhabricatorMarkupEngine::extractFilePHIDsFromEmbeddedFiles(
array($message));
$file_phids = PhabricatorMarkupEngine::extractFilePHIDsFromEmbeddedFiles(
$creator,
array($message));
if ($file_phids) {
$files = id(new PhabricatorFileQuery())
->setViewer($creator)
@ -78,13 +78,14 @@ final class ConpherenceEditor extends PhabricatorApplicationTransactionEditor {
}
public function generateTransactionsFromText(
PhabricatorUser $viewer,
ConpherenceThread $conpherence,
$text) {
$files = array();
$file_phids =
PhabricatorMarkupEngine::extractFilePHIDsFromEmbeddedFiles(
array($text));
$file_phids = PhabricatorMarkupEngine::extractFilePHIDsFromEmbeddedFiles(
$viewer,
array($text));
// Since these are extracted from text, we might be re-including the
// same file -- e.g. a mock under discussion. Filter files we
// already have.

View file

@ -82,6 +82,7 @@ final class ConpherenceReplyHandler extends PhabricatorMailReplyHandler {
$xactions = array_merge(
$xactions,
$editor->generateTransactionsFromText(
$user,
$conpherence,
$body));

View file

@ -26,6 +26,7 @@ final class ManiphestTransactionSaveController extends ManiphestController {
// list of all the CCs and then construct a transaction for them at the
// end if necessary.
$added_ccs = PhabricatorMarkupEngine::extractPHIDsFromMentions(
$user,
array(
$request->getStr('comments'),
));

View file

@ -973,7 +973,9 @@ abstract class PhabricatorApplicationTransactionEditor
}
$texts = array_mergev($blocks);
$phids = PhabricatorMarkupEngine::extractPHIDsFromMentions($texts);
$phids = PhabricatorMarkupEngine::extractPHIDsFromMentions(
$this->getActor(),
$texts);
$this->mentionedPHIDs = $phids;
@ -2173,6 +2175,7 @@ abstract class PhabricatorApplicationTransactionEditor
$phids = array();
if ($blocks) {
$phids[] = PhabricatorMarkupEngine::extractFilePHIDsFromEmbeddedFiles(
$this->getActor(),
$blocks);
}

View file

@ -494,11 +494,14 @@ final class PhabricatorMarkupEngine {
return $engine;
}
public static function extractPHIDsFromMentions(array $content_blocks) {
public static function extractPHIDsFromMentions(
PhabricatorUser $viewer,
array $content_blocks) {
$mentions = array();
$engine = self::newDifferentialMarkupEngine();
$engine->setConfig('viewer', PhabricatorUser::getOmnipotentUser());
$engine->setConfig('viewer', $viewer);
foreach ($content_blocks as $content_block) {
$engine->markupText($content_block);
@ -512,11 +515,12 @@ final class PhabricatorMarkupEngine {
}
public static function extractFilePHIDsFromEmbeddedFiles(
PhabricatorUser $viewer,
array $content_blocks) {
$files = array();
$engine = self::newDifferentialMarkupEngine();
$engine->setConfig('viewer', PhabricatorUser::getOmnipotentUser());
$engine->setConfig('viewer', $viewer);
foreach ($content_blocks as $content_block) {
$engine->markupText($content_block);