Page MenuHomePhabricator
Differential D21851

Fix a policy issue where permissions were not properly checked when disabling global builtin queries
ClosedPublic
Actions

Authored by epriestley on May 31 2022, 5:59 PM.
Tags
None
Referenced Files
F15400632: D21851.id52080.diff
Mon, Mar 17, 1:02 PM
F15399954: D21851.diff
Mon, Mar 17, 8:46 AM
F15391289: D21851.id52081.diff
Sat, Mar 15, 9:13 AM
F15391286: D21851.id52080.diff
Sat, Mar 15, 9:13 AM
F15391284: D21851.id.diff
Sat, Mar 15, 9:13 AM
F15390028: D21851.id.diff
Sat, Mar 15, 5:51 AM
F15388129: D21851.id52080.diff
Sat, Mar 15, 3:21 AM
F15386931: D21851.diff
Sat, Mar 15, 1:32 AM
View All Files
Subscribers
None

Details

Reviewers
None
Commits
rP944b257d5df3: Fix a policy issue where permissions were not properly checked when disabling…
Summary

See https://hackerone.com/reports/1573143. The pathway for disabling global builtin queries is missing a policy check. Add it.

Test Plan
  • Accessed the "/search/delete/id/.../" URI for a global builtin query as a non-administrator.
  • Before patch: could improperly disable queries. -After patch: proper policy exception.

Diff Detail

Repository
rP Phabricator
Branch
query1
Lint
Lint Passed
Unit
Tests Passed
Build Status
Buildable 25759
Build 35587: arc lint + arc unit

Event Timeline

epriestley requested review of this revision.May 31 2022, 5:59 PM
epriestley created this revision.
Harbormaster completed remote builds in B25759: Diff 52080.May 31 2022, 5:59 PM
This revision was not accepted when it landed; it landed in state Needs Review.May 31 2022, 6:00 PM
Closed by commit rP944b257d5df3: Fix a policy issue where permissions were not properly checked when disabling… (authored by epriestley). · Explain Why
This revision was automatically updated to reflect the committed changes.
epriestley added a commit: rP944b257d5df3: Fix a policy issue where permissions were not properly checked when disabling….

Revision Contents
Changeset List

PathSize
src/
applications/
search/
controller/
13 lines

Diff 52080

View Options

src/applications/search/controller/PhabricatorSearchDeleteController.php

Loading...
Phabricator · Built by Phacility