Page MenuHomePhabricator
Files F15409661

D12842.id30888.diff
No OneTemporary
Actions

D12842.id30888.diff
View Options

diff --git a/src/aphront/configuration/AphrontApplicationConfiguration.php b/src/aphront/configuration/AphrontApplicationConfiguration.php
--- a/src/aphront/configuration/AphrontApplicationConfiguration.php
+++ b/src/aphront/configuration/AphrontApplicationConfiguration.php
@@ -62,6 +62,11 @@
$multimeter->setEventContext('<http-init>');
$multimeter->setEventViewer('<none>');
+ // Build a no-op write guard for the setup phase. We'll replace this with a
+ // real write guard later on, but we need to survive setup and build a
+ // request object first.
+ $write_guard = new AphrontWriteGuard('id');
+
PhabricatorEnv::initializeWebEnvironment();
$multimeter->setSampleRate(
@@ -108,6 +113,11 @@
$application->willBuildRequest();
$request = $application->buildRequest();
+ // Now that we have a request, convert the write guard into one which
+ // actually checks CSRF tokens.
+ $write_guard->dispose();
+ $write_guard = new AphrontWriteGuard(array($request, 'validateCSRF'));
+
// Build the server URI implied by the request headers. If an administrator
// has not configured "phabricator.base-uri" yet, we'll use this to generate
// links.
@@ -121,8 +131,6 @@
'U' => (string)$request->getRequestURI()->getPath(),
));
- $write_guard = new AphrontWriteGuard(array($request, 'validateCSRF'));
-
$processing_exception = null;
try {
$response = $application->processRequest(

File Metadata

Mime Type
text/plain
Expires
Thu, Mar 20, 4:50 AM (6 d, 5 h ago)
Storage Engine
blob
Storage Format
Encrypted (AES-256-CBC)
Storage Handle
7386731
Default Alt Text
D12842.id30888.diff (1 KB)

Event Timeline

Phabricator · Built by Phacility