From 3e2efaf00e5769d489ed727799137ae7fcd53c9d Mon Sep 17 00:00:00 2001
From: James Rhodes <jrhodes@redpointsoftware.com.au>
Date: Mon, 4 Nov 2013 07:33:29 -0800
Subject: [PATCH] Disable CSRF checks on Git push when updating repository.

Summary: This disables CSRF checking around the `$repository->writeStatusMessage` so that pushing changes over HTTP to Git repositories doesn't fail miserably.

Test Plan: Applied this fix and I could `git push` to hosted repositories again.

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley

CC: Korvin, epriestley, aran

Maniphest Tasks: T4052

Differential Revision: https://secure.phabricator.com/D7490
---
 .../controller/DiffusionController.php          | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/src/applications/diffusion/controller/DiffusionController.php b/src/applications/diffusion/controller/DiffusionController.php
index 262fea776a..0d03487769 100644
--- a/src/applications/diffusion/controller/DiffusionController.php
+++ b/src/applications/diffusion/controller/DiffusionController.php
@@ -180,7 +180,7 @@ abstract class DiffusionController extends PhabricatorController {
 
     switch ($repository->getVersionControlSystem()) {
       case PhabricatorRepositoryType::REPOSITORY_TYPE_GIT:
-        $result = $this->serveGitRequest($repository);
+        $result = $this->serveGitRequest($repository, $viewer);
         break;
       default:
         $result = new PhabricatorVCSResponse(
@@ -192,9 +192,11 @@ abstract class DiffusionController extends PhabricatorController {
     $code = $result->getHTTPResponseCode();
 
     if ($is_push && ($code == 200)) {
-      $repository->writeStatusMessage(
-        PhabricatorRepositoryStatusMessage::TYPE_NEEDS_UPDATE,
-        PhabricatorRepositoryStatusMessage::CODE_OKAY);
+      $unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();
+        $repository->writeStatusMessage(
+          PhabricatorRepositoryStatusMessage::TYPE_NEEDS_UPDATE,
+          PhabricatorRepositoryStatusMessage::CODE_OKAY);
+      unset($unguarded);
     }
 
     return $result;
@@ -454,7 +456,9 @@ abstract class DiffusionController extends PhabricatorController {
   /**
    * @phutil-external-symbol class PhabricatorStartup
    */
-  private function serveGitRequest(PhabricatorRepository $repository) {
+  private function serveGitRequest(
+    PhabricatorRepository $repository,
+    PhabricatorUser $viewer) {
     $request = $this->getRequest();
 
     $request_path = $this->getRequestDirectoryPath();
@@ -492,8 +496,9 @@ abstract class DiffusionController extends PhabricatorController {
       'GIT_HTTP_EXPORT_ALL' => '1',
       'PATH_INFO' => $request_path,
 
+      'REMOTE_USER' => $viewer->getUsername(),
+
       // TODO: Set these correctly.
-      'REMOTE_USER' => '',
       // GIT_COMMITTER_NAME
       // GIT_COMMITTER_EMAIL
     );