Fix incorrect key handling in extended policy filtering
f59ebf4c0959
Actions

Description

Fix incorrect key handling in extended policy filtering

Summary:
Via HackerOne. The use of $key here should be $extended_key.

Exploiting this requires a very unusual group of objects to be subjected to extended policy checks. I believe there is no way to actually get anything bad through the policy filter today, but this could have been an issue in the future.

Test Plan:

Added a unit test which snuck something through the policy filter.
Fixed use of $extended_key.
Test now passes.

Reviewers: chad

Reviewed By: chad

Differential Revision: https://secure.phabricator.com/D14993

Details

Provenance

epriestley	Authored on
epriestley	Pushed on Jan 11 2016, 3:04 PM

Reviewer

chad

Differential Revision

D14993: Fix incorrect key handling in extended policy filtering

Parents

rP0b3d10c3da91: Enforce sensible, unique clone/checkout names for repositories

Branches

Unknown

Tags

Unknown

Build Status

Buildable 10053
Build 12169: Run Core Tests

Changes (2)

Path

Size

src/

applications/

policy/

__tests__/

PhabricatorPolicyTestCase.php

filter/

PhabricatorPolicyFilter.php

rPf59ebf4c0959

View Options

src/applications/policy/tests/PhabricatorPolicyTestCase.php

View Options

src/applications/policy/filter/PhabricatorPolicyFilter.php

Fix incorrect key handling in extended policy filteringf59ebf4c0959Actions