mirror of
https://we.phorge.it/source/phorge.git
synced 2024-11-25 08:12:40 +01:00
3b5883d8c1
Summary: In some applications, using `{V2}` syntax to embed a vote throws. The chain of causality looks like this: - We try to render a `phabricator_form()`. - This requires a CSRF token. - We look for a CSRF token on the user. - It's an omnipotent user with no token, so everything fails. To resolve this, make sure we always pass the real user in. Test Plan: - Lots of `grep`. - Made a Differential comment with `{V2}`. - Made a Diffusion comment with `{V2}`. - Made a Maniphest comment with `{V2}`. - Replied to a Conpherence thread with `{V2}`. - Created a Conpherence thread with `{V2}`. - Used Conduit to update a Conpherence thread with `{V2}`. Reviewers: btrahan Reviewed By: btrahan Subscribers: epriestley, lkassianik Differential Revision: https://secure.phabricator.com/D8849 |
||
---|---|---|
.. | ||
ConpherenceCreateThreadMailReceiver.php | ||
ConpherenceReplyHandler.php | ||
ConpherenceThreadMailReceiver.php |