Allow upload of arbitrary text files

Summary: Fixes T8984. Because of how drag-and-drop upload works, the text file with content `code` is interpreted as a forbidden variable. Disable this check for the drop upload controller. (The risk here is a general one where the controller redirects and bundles paramters; this controller does not do that, so it's safe to make this change.) Test Plan: Uploaded a text file containing only the string "code" (no quotes) by using drag-and-drop. Reviewers: chad Reviewed By: chad Subscribers: epriestley Maniphest Tasks: T8984 Differential Revision: https://secure.phabricator.com/D13744
2024-12-20 04:20:55 +01:00 · 2015-07-28 08:04:13 -07:00 · 2015-07-28 08:04:13 -07:00 · bbc1074ced
commit bbc1074ced
parent eb152d3053
1 changed files with 6 additions and 0 deletions
--- a/src/applications/files/controller/PhabricatorFileDropUploadController.php
+++ b/src/applications/files/controller/PhabricatorFileDropUploadController.php
@ -3,6 +3,12 @@
 final class PhabricatorFileDropUploadController
  extends PhabricatorFileController {

+  public function shouldAllowRestrictedParameter($parameter_name) {
+    // Prevent false positives from file content when it is submitted via
+    // drag-and-drop upload.
+    return true;
+  }
+
  /**
   * @phutil-external-symbol class PhabricatorStartup
   */