mirror of
https://we.phorge.it/source/phorge.git
synced 2024-12-30 01:10:58 +01:00
Disable CSRF checks on Git push when updating repository.
Summary: This disables CSRF checking around the `$repository->writeStatusMessage` so that pushing changes over HTTP to Git repositories doesn't fail miserably. Test Plan: Applied this fix and I could `git push` to hosted repositories again. Reviewers: epriestley, #blessed_reviewers Reviewed By: epriestley CC: Korvin, epriestley, aran Maniphest Tasks: T4052 Differential Revision: https://secure.phabricator.com/D7490
This commit is contained in:
parent
0ceb53bfae
commit
3e2efaf00e
1 changed files with 11 additions and 6 deletions
|
@ -180,7 +180,7 @@ abstract class DiffusionController extends PhabricatorController {
|
|||
|
||||
switch ($repository->getVersionControlSystem()) {
|
||||
case PhabricatorRepositoryType::REPOSITORY_TYPE_GIT:
|
||||
$result = $this->serveGitRequest($repository);
|
||||
$result = $this->serveGitRequest($repository, $viewer);
|
||||
break;
|
||||
default:
|
||||
$result = new PhabricatorVCSResponse(
|
||||
|
@ -192,9 +192,11 @@ abstract class DiffusionController extends PhabricatorController {
|
|||
$code = $result->getHTTPResponseCode();
|
||||
|
||||
if ($is_push && ($code == 200)) {
|
||||
$unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();
|
||||
$repository->writeStatusMessage(
|
||||
PhabricatorRepositoryStatusMessage::TYPE_NEEDS_UPDATE,
|
||||
PhabricatorRepositoryStatusMessage::CODE_OKAY);
|
||||
unset($unguarded);
|
||||
}
|
||||
|
||||
return $result;
|
||||
|
@ -454,7 +456,9 @@ abstract class DiffusionController extends PhabricatorController {
|
|||
/**
|
||||
* @phutil-external-symbol class PhabricatorStartup
|
||||
*/
|
||||
private function serveGitRequest(PhabricatorRepository $repository) {
|
||||
private function serveGitRequest(
|
||||
PhabricatorRepository $repository,
|
||||
PhabricatorUser $viewer) {
|
||||
$request = $this->getRequest();
|
||||
|
||||
$request_path = $this->getRequestDirectoryPath();
|
||||
|
@ -492,8 +496,9 @@ abstract class DiffusionController extends PhabricatorController {
|
|||
'GIT_HTTP_EXPORT_ALL' => '1',
|
||||
'PATH_INFO' => $request_path,
|
||||
|
||||
'REMOTE_USER' => $viewer->getUsername(),
|
||||
|
||||
// TODO: Set these correctly.
|
||||
'REMOTE_USER' => '',
|
||||
// GIT_COMMITTER_NAME
|
||||
// GIT_COMMITTER_EMAIL
|
||||
);
|
||||
|
|
Loading…
Reference in a new issue