1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-26 15:30:58 +01:00
phorge-phorge/src/view/form
epriestley 3aa17c7443 Prevent CSRF uploads via /file/dropupload/
Summary:
We don't currently validate CSRF tokens on this workflow. This allows an
attacker to upload arbitrary files on the user's behalf. Although I believe the
tight list of servable mime-types means that's more or less the end of the
attack, this is still a vulnerability.

In the long term, the right solution is probably to pass CSRF tokens on all Ajax
requests in an HTTP header (or just a GET param) or something like that.
However, this endpoint is unique and this is the quickest and most direct way to
close the hole.

Test Plan:
  - Drop-uploaded files to Files, Maniphest, Phriction and Differential.
  - Modified CSRF vaidator to use __csrf__.'x' and verified uploads and form
submissions don't work.

Reviewers: andrewjcg, aran, jungejason, tuomaspelkonen, erling
Commenters: andrewjcg, pedram
CC: aran, epriestley, andrewjcg, pedram
Differential Revision: 758
2011-08-16 13:19:10 -07:00
..
base Prevent CSRF uploads via /file/dropupload/ 2011-08-16 13:19:10 -07:00
control Rough implementation of drag-and-drop file uploads 2011-08-01 15:27:13 -07:00
error Added a big warning if reviewer is about to accept a diff with lint or unit 2011-06-13 11:49:31 -07:00
layout Allow projects to be quickly added from the Maniphest task creation interface 2011-06-13 10:17:08 -07:00