Paths

Table of Contentst

Disable CSRF checks on Git push when updating repository.
ClosedPublic
Actions

Authored by hach-que on Nov 4 2013, 7:32 AM.

Tags

None

Referenced Files

	F14018402: D7490.diff
	Tue, Nov 5, 11:12 AM

	F13999596: D7490.diff
	Thu, Oct 24, 3:51 PM

	Unknown Object (File)
	Oct 3 2024, 5:39 PM

	Unknown Object (File)
	Oct 3 2024, 5:36 PM

	Unknown Object (File)
	Oct 3 2024, 5:35 PM

	Unknown Object (File)
	Oct 3 2024, 5:33 PM

	Unknown Object (File)
	Sep 19 2024, 12:11 PM

	Unknown Object (File)
	Aug 26 2024, 7:07 PM

Subscribers

Details

Reviewers

epriestley

Group Reviewers

Blessed Reviewers

Maniphest Tasks

T4052: Crash when pushing content to Git repository

Commits

Restricted Diffusion Commit
rP3e2efaf00e57: Disable CSRF checks on Git push when updating repository.

Summary

This disables CSRF checking around the $repository->writeStatusMessage so that pushing changes over HTTP to Git repositories doesn't fail miserably.

Test Plan

Applied this fix and I could git push to hosted repositories again.

Diff Detail

Branch

fix-csrf-crash-on-git-push

Lint

Lint Passed

Unit

No Test Coverage

Event Timeline

A slightly better approach is:

$unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();
// ...
unset($unguarded);

This does the right thing if the intervening code throws an exception. I'll tweak that in the pull. Thanks!

I also made a small change to populate:

'REMOTE_USER' => $viewer->getUsername(),

...since Git seemed cranky without it when I was testing the $unguarded flavor.

Closed by commit rP3e2efaf00e57 (authored by @hach-que, committed by @epriestley).

Revision Contents
Changeset List

Path

Size

src/

applications/

diffusion/

controller/

DiffusionController.php

2 lines

Diff 16875

View Options

src/applications/diffusion/controller/DiffusionController.php

Disable CSRF checks on Git push when updating repository.ClosedPublicActions