mirror of
https://we.phorge.it/source/phorge.git
synced 2024-11-24 15:52:41 +01:00
f59ebf4c09
Summary: Via HackerOne. The use of `$key` here should be `$extended_key`. Exploiting this requires a very unusual group of objects to be subjected to extended policy checks. I believe there is no way to actually get anything bad through the policy filter today, but this could have been an issue in the future. Test Plan: - Added a unit test which snuck something through the policy filter. - Fixed use of `$extended_key`. - Test now passes. Reviewers: chad Reviewed By: chad Differential Revision: https://secure.phabricator.com/D14993 |
||
|---|---|---|
| .. | ||
| PhabricatorPolicyAwareTestQuery.php | ||
| PhabricatorPolicyDataTestCase.php | ||
| PhabricatorPolicyTestCase.php | ||
| PhabricatorPolicyTestObject.php | ||