Fix CSRF issue with image proxying

Summary: This got caught in the CSRF filter but is a safe write.

Test Plan: Pasted the URI for a picture of a goat into a diff, saw a goat.

Reviewers: aran, jungejason

Reviewed By: aran

CC: aran

Differential Revision: 910

src/applications/files/controller/proxy/PhabricatorFileProxyController.php

@@ -34,6 +34,10 @@ class PhabricatorFileProxyController extends PhabricatorFileController {
       $uri);
 
     if (!$proxy) {
+      // This write is fine to skip CSRF checks for, we're just building a
+      // cache of some remote image.
+      $unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();
+
       $file = PhabricatorFile::newFromFileDownload(
         $uri,
         nonempty(basename($uri), 'proxied-file'));
@@ -43,6 +47,8 @@ class PhabricatorFileProxyController extends PhabricatorFileController {
         $proxy->setFilePHID($file->getPHID());
         $proxy->save();
       }
+
+      unset($unguarded);
     }
 
     if ($proxy) {

src/applications/files/controller/proxy/__init__.php

@@ -8,6 +8,7 @@
 
 phutil_require_module('phabricator', 'aphront/response/400');
 phutil_require_module('phabricator', 'aphront/response/redirect');
+phutil_require_module('phabricator', 'aphront/writeguard');
 phutil_require_module('phabricator', 'applications/files/controller/base');
 phutil_require_module('phabricator', 'applications/files/storage/file');
 phutil_require_module('phabricator', 'applications/files/storage/proxyimage');