Fix a CSRF issue with adding new email addresses
4f8d07594e2a
Actions

Description

Fix a CSRF issue with adding new email addresses

Summary:
The first dialog was being given the wrong user ($user, should be $viewer), leading to a CSRF issue.

(The CSRF token it generated was invalid in all validation contexts, so this wasn't a security problem or a way to capture CSRF tokens for other users.)

Use newDialog() instead.

(This seems completely unrelated to the vaguely-similar-looking issues we saw earlier this week.)

Test Plan:

Added a new email address.
Clicked "Done" on the last step.
Completed workflow instead of getting a CSRF error.

Reviewers: chad, tide

Reviewed By: tide

Differential Revision: https://secure.phabricator.com/D16200

Details

Provenance

epriestley	Authored on Jun 30 2016, 3:22 PM
epriestley	Pushed on Jun 30 2016, 3:35 PM

Reviewer

tide

Differential Revision

D16200: Fix a CSRF issue with adding new email addresses

Parents

rP922822bd2dc3: Wrap really long text properly in diffs

Branches

Unknown

Tags

Unknown

Build Status

Buildable 12842
Build 16364: Run Core Tests

Event Timeline

epriestley committed rP4f8d07594e2a: Fix a CSRF issue with adding new email addresses (authored by epriestley).Jun 30 2016, 3:35 PM

Harbormaster completed building B12842: rP4f8d07594e2a: Fix a CSRF issue with adding new email addresses.Jun 30 2016, 3:36 PM

Changes (1)

Path

Size

src/

applications/

settings/

panel/

PhabricatorEmailAddressesSettingsPanel.php

rP4f8d07594e2a

View Options

src/applications/settings/panel/PhabricatorEmailAddressesSettingsPanel.php