When creating a new Phame blog post, check that the author has permission to post to the blog
ClosedPublic
Actions

Authored by epriestley on Mar 6 2014, 2:54 PM.

Tags

None

Referenced Files

	F15424148: D8423.id20001.diff
	Sat, Mar 22, 8:33 PM

	F15398271: D8423.id20014.diff
	Sun, Mar 16, 11:55 PM

	Unknown Object (File)
	Jan 31 2025, 6:51 PM

	Unknown Object (File)
	Jan 23 2025, 3:29 PM

	Unknown Object (File)
	Jan 17 2025, 9:10 PM

	Unknown Object (File)
	Jan 17 2025, 2:32 AM

	Unknown Object (File)
	Jan 13 2025, 9:31 PM

	Unknown Object (File)
	Jan 5 2025, 12:22 PM

View All Files

Subscribers

aran

Details

Reviewers

btrahan

Commits

Restricted Diffusion Commit
rP5801176edc13: When creating a new Phame blog post, check that the author has permission to…

Summary

Via HackerOne. We're missing this permissions check, so you can sneak around it.

Test Plan

Tried to post to a blog I had no permission to join.

Diff Detail

Lint

Lint Skipped

Unit

Tests Skipped

Event Timeline

thanks!

This revision is now accepted and ready to land.Mar 6 2014, 9:57 PM

(This one was almost certainly my fault.)

Closed by commit rP5801176edc13 (authored by @epriestley).

• Robinpuri updated this object.Apr 10 2014, 3:43 PM

• Robinpuri edited edge metadata.

epriestley updated this object.Apr 10 2014, 3:51 PM

Revision Contents
Changeset List

Path

Size

src/

applications/

phame/

controller/

post/

PhamePostEditController.php

5 lines

Diff 20014

View Options

src/applications/phame/controller/post/PhamePostEditController.php

When creating a new Phame blog post, check that the author has permission to post to the blogClosedPublicActions