Trying to upload via drag-n-drop a text file containing the string "code" brings up the following error:

Upload Failure
test.txt

Exception: Request includes restricted parameter "code", but this controller ("PhabricatorFileDropUploadController") does not whitelist it. Refusing to serve this request because it might be part of a redirection attack.

Uploading via traditional upload form works.

There seems to be an explicit restriction on the string "code" in HTTP requests: https://secure.phabricator.com/diffusion/P/browse/master/src/applications/base/controller/PhabricatorController.php;504579850f0e9b3f9123908706719cbf8ff4c5d4$131

Since drag-n-drop POSTs the file's contents, the restriction is triggered.

Reproduce:

• create text file with string "code" in it
• try to upload it