Page MenuHomePhabricator
Files F14020420

D9772.id23465.diff
No OneTemporary
Actions

D9772.id23465.diff
View Options

diff --git a/src/aphront/AphrontRequest.php b/src/aphront/AphrontRequest.php
--- a/src/aphront/AphrontRequest.php
+++ b/src/aphront/AphrontRequest.php
@@ -274,6 +274,18 @@
return $this->validateCSRF();
}
+ final public function isFormOrHisecPost() {
+ $post = $this->getExists(self::TYPE_FORM) &&
+ $this->isHTTPPost();
+
+ if (!$post) {
+ return false;
+ }
+
+ return $this->validateCSRF();
+ }
+
+
final public function setCookiePrefix($prefix) {
$this->cookiePrefix = $prefix;
return $this;
diff --git a/src/applications/legalpad/controller/LegalpadDocumentSignController.php b/src/applications/legalpad/controller/LegalpadDocumentSignController.php
--- a/src/applications/legalpad/controller/LegalpadDocumentSignController.php
+++ b/src/applications/legalpad/controller/LegalpadDocumentSignController.php
@@ -115,7 +115,15 @@
$e_agree = null;
$errors = array();
- if ($request->isFormPost() && !$has_signed) {
+ if ($request->isFormOrHisecPost() && !$has_signed) {
+
+ // Require two-factor auth to sign legal documents.
+ $engine = new PhabricatorAuthSessionEngine();
+ $engine->requireHighSecuritySession(
+ $viewer,
+ $request,
+ '/'.$document->getMonogram());
+
$name = $request->getStr('name');
$agree = $request->getExists('agree');

File Metadata

Mime Type
text/plain
Expires
Thu, Nov 7, 12:32 AM (6 d, 3 h ago)
Storage Engine
blob
Storage Format
Encrypted (AES-256-CBC)
Storage Handle
6734887
Default Alt Text
D9772.id23465.diff (1 KB)

Event Timeline

Phabricator · Built by Phacility