Unguard two external POST endpoints from CSRF.

2024-11-10 08:52:39 +01:00 · 2011-08-18 07:25:45 -07:00 · 2011-08-18 07:25:45 -07:00 · a67ce60d67
commit a67ce60d67
parent ae7488f710
2 changed files with 6 additions and 0 deletions
--- a/src/applications/metamta/controller/sendgridreceive/PhabricatorMetaMTASendGridReceiveController.php
+++ b/src/applications/metamta/controller/sendgridreceive/PhabricatorMetaMTASendGridReceiveController.php
@ -25,6 +25,9 @@ class PhabricatorMetaMTASendGridReceiveController

  public function processRequest() {

+    // No CSRF for SendGrid.
+    $unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();
+
    $request = $this->getRequest();
    $user = $request->getUser();

--- a/src/applications/repository/controller/github-post-receive/PhabricatorRepositoryGitHubPostReceiveController.php
+++ b/src/applications/repository/controller/github-post-receive/PhabricatorRepositoryGitHubPostReceiveController.php
@ -56,6 +56,9 @@ class PhabricatorRepositoryGitHubPostReceiveController
          "won't do anything!");
    }

+    // GitHub POSTs here and doesn't do CSRF.
+    $unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();
+
    $notification = new PhabricatorRepositoryGitHubNotification();
    $notification->setRepositoryPHID($repo->getPHID());
    $notification->setRemoteAddress($_SERVER['REMOTE_ADDR']);