Page MenuHomePhabricator

Remove PhabricatorFile::buildFromFileDataOrHash()
ClosedPublic

Authored by epriestley on Apr 4 2017, 9:32 PM.
Tags
None
Referenced Files
F14082463: D17617.diff
Sat, Nov 23, 12:00 AM
Unknown Object (File)
Thu, Nov 21, 3:56 PM
Unknown Object (File)
Sun, Nov 17, 1:02 AM
Unknown Object (File)
Sun, Nov 3, 8:45 AM
Unknown Object (File)
Sun, Nov 3, 8:45 AM
Unknown Object (File)
Sun, Nov 3, 8:45 AM
Unknown Object (File)
Sat, Nov 2, 1:58 AM
Unknown Object (File)
Fri, Nov 1, 7:44 PM
Subscribers

Details

Summary

Ref T12464. This is a very old method which can return an existing file instead of creating a new one, if there's some existing file with the same content.

In the best case this is a bad idea. This being somewhat reasonable predates policies, temporary files, etc. Modern methods like newFromFileData() do this right: they share underlying data in storage, but not the actual File records.

Specifically, this is the case where we get into trouble:

  • I upload a private file with content "X".
  • You somehow generate a file with the same content by, say, viewing a raw diff in Differential.
  • If the diff had the same content, you get my file, but you don't have permission to see it or whatever so everything breaks and is terrible.

Just get rid of this.

Test Plan
  • Generated an SSH key.
  • Viewed a raw diff in Differential.
  • (Did not test Phragment.)

Diff Detail

Repository
rP Phabricator
Lint
Lint Not Applicable
Unit
Tests Not Applicable