When creating a new Phame blog post, check that the author has permission to post to the blog
ClosedPublic
Actions

Authored by epriestley on Mar 6 2014, 2:54 PM.

Tags

None

Referenced Files

	Unknown Object (File)
	Thu, Sep 5, 2:14 PM

	Unknown Object (File)
	Tue, Sep 3, 8:49 PM

	Unknown Object (File)
	Mon, Aug 26, 3:17 AM

	Unknown Object (File)
	Sun, Aug 25, 9:22 PM

	Unknown Object (File)
	Aug 19 2024, 1:23 AM

	Unknown Object (File)
	Aug 17 2024, 5:31 AM

	Unknown Object (File)
	Aug 13 2024, 11:15 PM

	Unknown Object (File)
	Aug 9 2024, 4:04 AM

View All Files

Subscribers

aran

Details

Reviewers

btrahan

Commits

Restricted Diffusion Commit
rP5801176edc13: When creating a new Phame blog post, check that the author has permission to…

Summary

Via HackerOne. We're missing this permissions check, so you can sneak around it.

Test Plan

Tried to post to a blog I had no permission to join.

Diff Detail

Repository

rP Phabricator

Branch

phame

Lint

Lint Passed

Unit

No Test Coverage

Event Timeline

thanks!

This revision is now accepted and ready to land.Mar 6 2014, 9:57 PM

(This one was almost certainly my fault.)

Closed by commit rP5801176edc13 (authored by @epriestley).

• Robinpuri updated this object.Apr 10 2014, 3:43 PM

• Robinpuri edited edge metadata.

epriestley updated this object.Apr 10 2014, 3:51 PM

Revision Contents
Changeset List

Path

Size

src/

applications/

phame/

controller/

post/

PhamePostEditController.php

5 lines

Diff 20001

View Options

src/applications/phame/controller/post/PhamePostEditController.php

When creating a new Phame blog post, check that the author has permission to post to the blogClosedPublicActions