1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-25 00:02:41 +01:00
phorge-phorge/src/applications/differential/controller
epriestley 873b39be82 Remove PhabricatorFile::buildFromFileDataOrHash()
Summary:
Ref T12464. This is a very old method which can return an existing file instead of creating a new one, if there's some existing file with the same content.

In the best case this is a bad idea. This being somewhat reasonable predates policies, temporary files, etc. Modern methods like `newFromFileData()` do this right: they share underlying data in storage, but not the actual `File` records.

Specifically, this is the case where we get into trouble:

  - I upload a private file with content "X".
  - You somehow generate a file with the same content by, say, viewing a raw diff in Differential.
  - If the diff had the same content, you get my file, but you don't have permission to see it or whatever so everything breaks and is terrible.

Just get rid of this.

Test Plan:
  - Generated an SSH key.
  - Viewed a raw diff in Differential.
  - (Did not test Phragment.)

Reviewers: chad

Reviewed By: chad

Subscribers: hach-que

Maniphest Tasks: T12464

Differential Revision: https://secure.phabricator.com/D17617
2017-04-04 16:18:00 -07:00
..
DifferentialChangesetViewController.php Make the Files "TTL" API more structured 2017-04-04 16:16:28 -07:00
DifferentialController.php Allow users to "Force accept" package reviews if they own a more general package 2017-03-28 11:51:40 -07:00
DifferentialDiffCreateController.php Update Differential edit pages to new UI 2016-03-30 12:45:59 -07:00
DifferentialDiffViewController.php Replace Differential Edit controller with EditEngine-driven EditPro controller 2016-12-14 07:27:39 -08:00
DifferentialInlineCommentEditController.php Make yellow "draft" bubbles more generic 2017-01-13 09:02:19 -08:00
DifferentialRevisionCloseDetailsController.php Fix some issues with the "Explain Why" dialog 2016-05-30 09:52:35 -07:00
DifferentialRevisionEditController.php Rename Differenital "EditPro" controller back to "Edit" 2016-12-16 13:17:12 -08:00
DifferentialRevisionLandController.php Removed willProcessRequest from DifferentialRevisionLandController 2016-09-19 13:47:37 -04:00
DifferentialRevisionListController.php Update Differential for handleRequest 2015-10-11 08:18:42 -07:00
DifferentialRevisionOperationController.php Improve UX and messaging for certain errors when landing revisions 2015-12-27 08:01:20 -08:00
DifferentialRevisionViewController.php Remove PhabricatorFile::buildFromFileDataOrHash() 2017-04-04 16:18:00 -07:00