Page MenuHomePhabricator
Differential D7490

Disable CSRF checks on Git push when updating repository.
ClosedPublic
Actions

Authored by hach-que on Nov 4 2013, 7:32 AM.
Tags
None
Referenced Files
F19044414: D7490.id16879.diff
Thu, Nov 27, 2:53 AM
F18854771: D7490.id.diff
Nov 1 2025, 12:38 AM
F18850719: D7490.id16875.diff
Oct 30 2025, 6:55 PM
F18835663: D7490.id.diff
Oct 26 2025, 5:45 PM
F18824807: D7490.id.diff
Oct 23 2025, 6:01 PM
F18821237: D7490.diff
Oct 22 2025, 8:51 PM
F18734520: D7490.diff
Sep 30 2025, 10:55 PM
F18624441: D7490.id16879.diff
Sep 15 2025, 8:02 PM
View All Files
Subscribers
aran
epriestley
Korvin

Details

Reviewers
epriestley
Group Reviewers
Blessed Reviewers
Maniphest Tasks
T4052: Crash when pushing content to Git repository
Commits
Restricted Diffusion Commit
rP3e2efaf00e57: Disable CSRF checks on Git push when updating repository.
Summary

This disables CSRF checking around the $repository->writeStatusMessage so that pushing changes over HTTP to Git repositories doesn't fail miserably.

Test Plan

Applied this fix and I could git push to hosted repositories again.

Diff Detail

Lint
Lint Skipped
Unit
Tests Skipped

Event Timeline

epriestley accepted this revision.Nov 4 2013, 3:33 PM

A slightly better approach is:

$unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();
// ...
unset($unguarded);

This does the right thing if the intervening code throws an exception. I'll tweak that in the pull. Thanks!

epriestley added a comment.Nov 4 2013, 3:44 PM

I also made a small change to populate:

'REMOTE_USER' => $viewer->getUsername(),

...since Git seemed cranky without it when I was testing the $unguarded flavor.

epriestley closed this revision.Nov 4 2013, 3:44 PM

Closed by commit rP3e2efaf00e57 (authored by @hach-que, committed by @epriestley).

Revision Contents
Changeset List

PathSize
src/
applications/
diffusion/
controller/
17 lines

Diff 16879

View Options

src/applications/diffusion/controller/DiffusionController.php

Loading...
Phabricator · Built by Phacility