From bbc1074cedfc0d4189aebf17c5175ff791cd104b Mon Sep 17 00:00:00 2001
From: epriestley <git@epriestley.com>
Date: Tue, 28 Jul 2015 08:04:13 -0700
Subject: [PATCH] Allow upload of arbitrary text files

Summary:
Fixes T8984. Because of how drag-and-drop upload works, the text file with content `code` is interpreted as a forbidden variable. Disable this check for the drop upload controller.

(The risk here is a general one where the controller redirects and bundles paramters; this controller does not do that, so it's safe to make this change.)

Test Plan: Uploaded a text file containing only the string "code" (no quotes) by using drag-and-drop.

Reviewers: chad

Reviewed By: chad

Subscribers: epriestley

Maniphest Tasks: T8984

Differential Revision: https://secure.phabricator.com/D13744
---
 .../controller/PhabricatorFileDropUploadController.php      | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/applications/files/controller/PhabricatorFileDropUploadController.php b/src/applications/files/controller/PhabricatorFileDropUploadController.php
index fbc4daa93c..222fc799c7 100644
--- a/src/applications/files/controller/PhabricatorFileDropUploadController.php
+++ b/src/applications/files/controller/PhabricatorFileDropUploadController.php
@@ -3,6 +3,12 @@
 final class PhabricatorFileDropUploadController
   extends PhabricatorFileController {
 
+  public function shouldAllowRestrictedParameter($parameter_name) {
+    // Prevent false positives from file content when it is submitted via
+    // drag-and-drop upload.
+    return true;
+  }
+
   /**
    * @phutil-external-symbol class PhabricatorStartup
    */