Page MenuHomePhabricator

When creating a new Phame blog post, check that the author has permission to post to the blog
ClosedPublic

Authored by epriestley on Mar 6 2014, 2:54 PM.
Tags
None
Referenced Files
F14411619: D8423.diff
Tue, Dec 24, 11:47 AM
Unknown Object (File)
Fri, Dec 20, 4:37 PM
Unknown Object (File)
Sat, Dec 14, 11:08 PM
Unknown Object (File)
Thu, Dec 12, 9:21 PM
Unknown Object (File)
Wed, Dec 11, 1:06 PM
Unknown Object (File)
Sat, Dec 7, 7:01 AM
Unknown Object (File)
Sat, Dec 7, 7:01 AM
Unknown Object (File)
Sat, Dec 7, 6:18 AM
Subscribers

Details

Summary

Via HackerOne. We're missing this permissions check, so you can sneak around it.

Test Plan

Tried to post to a blog I had no permission to join.

Diff Detail

Lint
Lint Skipped
Unit
Tests Skipped

Event Timeline

btrahan edited edge metadata.

thanks!

This revision is now accepted and ready to land.Mar 6 2014, 9:57 PM

(This one was almost certainly my fault.)