Changeset View
Changeset View
Standalone View
Standalone View
src/applications/files/controller/PhabricatorFileDataController.php
| Show First 20 Lines • Show All 113 Lines • ▼ Show 20 Lines | private function loadFile() { | ||||
| // the URI. Knowledge of this secret is sufficient to retrieve the file. | // the URI. Knowledge of this secret is sufficient to retrieve the file. | ||||
| // For some requests, we also have a valid viewer. However, for many | // For some requests, we also have a valid viewer. However, for many | ||||
| // requests (like alternate domain requests or Git LFS requests) we will | // requests (like alternate domain requests or Git LFS requests) we will | ||||
| // not. Even if we do have a valid viewer, use the omnipotent viewer to | // not. Even if we do have a valid viewer, use the omnipotent viewer to | ||||
| // make this logic simpler and more consistent. | // make this logic simpler and more consistent. | ||||
| // Beyond making the policy check itself more consistent, this also makes | // Beyond making the policy check itself more consistent, this also makes | ||||
| // sure we're consitent about returning HTTP 404 on bad requests instead | // sure we're consistent about returning HTTP 404 on bad requests instead | ||||
| // of serving HTTP 200 with a login page, which can mislead some clients. | // of serving HTTP 200 with a login page, which can mislead some clients. | ||||
| $viewer = PhabricatorUser::getOmnipotentUser(); | $viewer = PhabricatorUser::getOmnipotentUser(); | ||||
| $file = id(new PhabricatorFileQuery()) | $file = id(new PhabricatorFileQuery()) | ||||
| ->setViewer($viewer) | ->setViewer($viewer) | ||||
| ->withPHIDs(array($this->phid)) | ->withPHIDs(array($this->phid)) | ||||
| ->withIsDeleted(false) | ->withIsDeleted(false) | ||||
| ▲ Show 20 Lines • Show All 61 Lines • Show Last 20 Lines | |||||