Page MenuHomePhabricator

When creating a new Phame blog post, check that the author has permission to post to the blog
ClosedPublic

Authored by epriestley on Mar 6 2014, 2:54 PM.
Tags
None
Referenced Files
F14057866: D8423.diff
Sun, Nov 17, 7:29 AM
F14036968: D8423.id20014.diff
Sun, Nov 10, 1:09 PM
F14036934: D8423.id20001.diff
Sun, Nov 10, 1:00 PM
F14036752: D8423.diff
Sun, Nov 10, 11:53 AM
F14033285: D8423.diff
Sat, Nov 9, 5:21 PM
F14011604: D8423.diff
Fri, Nov 1, 3:31 AM
F13997225: D8423.diff
Thu, Oct 24, 3:04 AM
F13991394: D8423.id20014.diff
Tue, Oct 22, 10:34 AM
Subscribers

Details

Summary

Via HackerOne. We're missing this permissions check, so you can sneak around it.

Test Plan

Tried to post to a blog I had no permission to join.

Diff Detail

Lint
Lint Skipped
Unit
Tests Skipped

Event Timeline

btrahan edited edge metadata.

thanks!

This revision is now accepted and ready to land.Mar 6 2014, 9:57 PM

(This one was almost certainly my fault.)