Page MenuHomePhabricator
Differential D15784 Diff 38025 src/applications/files/controller/PhabricatorFileDataController.php

Changeset View

Standalone View

View Options

src/applications/files/controller/PhabricatorFileDataController.php

Show All 16 Lines public function handleRequest(AphrontRequest $request) {
$alt = PhabricatorEnv::getEnvConfig('security.alternate-file-domain'); $alt = PhabricatorEnv::getEnvConfig('security.alternate-file-domain');
$base_uri = PhabricatorEnv::getEnvConfig('phabricator.base-uri'); $base_uri = PhabricatorEnv::getEnvConfig('phabricator.base-uri');
$alt_uri = new PhutilURI($alt); $alt_uri = new PhutilURI($alt);
$alt_domain = $alt_uri->getDomain(); $alt_domain = $alt_uri->getDomain();
$req_domain = $request->getHost(); $req_domain = $request->getHost();
$main_domain = id(new PhutilURI($base_uri))->getDomain(); $main_domain = id(new PhutilURI($base_uri))->getDomain();
if (!strlen($alt) || $main_domain == $alt_domain) { if (!strlen($alt) || $main_domain == $alt_domain) {
// No alternate domain. // No alternate domain.
$should_redirect = false; $should_redirect = false;
$use_viewer = $viewer;
$is_alternate_domain = false; $is_alternate_domain = false;
} else if ($req_domain != $alt_domain) { } else if ($req_domain != $alt_domain) {
// Alternate domain, but this request is on the main domain. // Alternate domain, but this request is on the main domain.
$should_redirect = true; $should_redirect = true;
$use_viewer = $viewer;
$is_alternate_domain = false; $is_alternate_domain = false;
} else { } else {
// Alternate domain, and on the alternate domain. // Alternate domain, and on the alternate domain.
$should_redirect = false; $should_redirect = false;
$use_viewer = PhabricatorUser::getOmnipotentUser();
$is_alternate_domain = true; $is_alternate_domain = true;
} }
$response = $this->loadFile($use_viewer); $response = $this->loadFile();
if ($response) { if ($response) {
return $response; return $response;
} }
$file = $this->getFile(); $file = $this->getFile();
if ($should_redirect) { if ($should_redirect) {
return id(new AphrontRedirectResponse()) return id(new AphrontRedirectResponse())
▲ Show 20 LinesShow All 55 Lines▼ Show 20 Lines public function handleRequest(AphrontRequest $request) {
$iterator = $file->getFileDataIterator($begin, $end); $iterator = $file->getFileDataIterator($begin, $end);
$response->setContentLength($file->getByteSize()); $response->setContentLength($file->getByteSize());
$response->setContentIterator($iterator); $response->setContentIterator($iterator);
return $response; return $response;
} }
private function loadFile(PhabricatorUser $viewer) { private function loadFile() {
// Access to files is provided by knowledge of a per-file secret key in
// the URI. Knowledge of this secret is sufficient to retrieve the file.
// For some requests, we also have a valid viewer. However, for many
// requests (like alternate domain requests or Git LFS requests) we will
// not. Even if we do have a valid viewer, use the omnipotent viewer to
// make this logic simpler and more consistent.
// Beyond making the policy check itself more consistent, this also makes
// sure we're consitent about returning HTTP 404 on bad requests instead
// of serving HTTP 200 with a login page, which can mislead some clients.
$viewer = PhabricatorUser::getOmnipotentUser();
$file = id(new PhabricatorFileQuery()) $file = id(new PhabricatorFileQuery())
->setViewer($viewer) ->setViewer($viewer)
->withPHIDs(array($this->phid)) ->withPHIDs(array($this->phid))
->executeOne(); ->executeOne();
if (!$file) { if (!$file) {
return new Aphront404Response(); return new Aphront404Response();
} }
▲ Show 20 LinesShow All 56 LinesShow Last 20 Lines
Phabricator · Built by Phacility