mirror of
https://we.phorge.it/source/phorge.git
synced 2024-09-20 09:18:48 +02:00
0669abc5f0
Summary: See T549. Under configurations where files are served from an alternate domain which does not have cookie credentials, we use random keys to prevent browsing, similar to how Facebook relies on pseudorandom information in image URIs (we could some day go farther than this and generate file sessions on the alternate domain or something, I guess). Currently, we generate these random keys in a roundabout manner. Instead, use a real entropy source and store the key on the object. This reduces the number of sha1() calls in the codebase as per T547. Test Plan: Ran upgrade scripts, verified database was populated correctly. Configured alternate file domain, uploaded file, verified secret generated and worked properly. Changed secret, was given 404. Reviewers: jungejason, benmathews, nh, tuomaspelkonen, aran Reviewed By: aran CC: aran, epriestley Differential Revision: 1036
31 lines
997 B
PHP
31 lines
997 B
PHP
<?php
|
|
|
|
/*
|
|
* Copyright 2011 Facebook, Inc.
|
|
*
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
* you may not use this file except in compliance with the License.
|
|
* You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
* See the License for the specific language governing permissions and
|
|
* limitations under the License.
|
|
*/
|
|
|
|
echo "Generating file keys...\n";
|
|
$files = id(new PhabricatorFile())->loadAllWhere('secretKey IS NULL');
|
|
echo count($files).' files to generate keys for';
|
|
foreach ($files as $file) {
|
|
queryfx(
|
|
$file->establishConnection('r'),
|
|
'UPDATE %T SET secretKey = %s WHERE id = %d',
|
|
$file->getTableName(),
|
|
$file->generateSecretKey(),
|
|
$file->getID());
|
|
echo '.';
|
|
}
|
|
echo "\nDone.\n";
|