revi-archive/phorge-phorge
1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2025-02-18 09:48:39 +01:00
Code Issues Releases Wiki Activity

Unguard two external POST endpoints from CSRF.

Browse source
This commit is contained in:
epriestley 2011-08-18 07:25:45 -07:00
parent ae7488f710
commit a67ce60d67
2 changed files with 6 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
src/applications/metamta/controller/sendgridreceive/PhabricatorMetaMTASendGridReceiveController.php
View file

@ -25,6 +25,9 @@ class PhabricatorMetaMTASendGridReceiveController
public function processRequest() { public function processRequest() {
// No CSRF for SendGrid.
$unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();
$request = $this->getRequest(); $request = $this->getRequest();
$user = $request->getUser(); $user = $request->getUser();

3
src/applications/repository/controller/github-post-receive/PhabricatorRepositoryGitHubPostReceiveController.php
View file

@ -56,6 +56,9 @@ class PhabricatorRepositoryGitHubPostReceiveController
"won't do anything!"); "won't do anything!");
} }
// GitHub POSTs here and doesn't do CSRF.
$unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();
$notification = new PhabricatorRepositoryGitHubNotification(); $notification = new PhabricatorRepositoryGitHubNotification();
$notification->setRepositoryPHID($repo->getPHID()); $notification->setRepositoryPHID($repo->getPHID());
$notification->setRemoteAddress($_SERVER['REMOTE_ADDR']); $notification->setRemoteAddress($_SERVER['REMOTE_ADDR']);