Fix an open redirect issue in Phame with "View Live"
2f6613846489
Actions

Authored by epriestley <git@epriestley.com> on Feb 20 2013, 01:04.

Description

Fix an open redirect issue in Phame with "View Live"

Summary: Currently, you can set a blog URI to "evil.com" and then the live controller will issue a redirect. Instead, require a CSRF check. If it fails, pop a "this blog has moved" dialog.

Test Plan:

Clicked "View Live" for in-app and on-domain blogs and posts.
Hit URI directly.

{F33302}

Reviewers: vrana

Reviewed By: vrana

CC: cbg, aran

Differential Revision: https://secure.phabricator.com/D5021

Details

Committed

epriestley <git@epriestley.com>

Feb 20 2013, 01:04

Pushed

aubort

Jan 31 2017, 17:16

Parents

rPH17cabea1bcba: I am not good at computer

Branches

Unknown

Tags

Unknown

Event Timeline

epriestley <git@epriestley.com> committed rPH2f6613846489: Fix an open redirect issue in Phame with "View Live" (authored by epriestley <git@epriestley.com>).Feb 20 2013, 01:04

Changes (3)

				Path
	M			src/applications/phame/controller/blog/PhameBlogLiveController.php
	M			src/applications/phame/controller/blog/PhameBlogViewController.php
	M			src/applications/phame/controller/post/PhamePostViewController.php

rPH2f6613846489

View Options

src/applications/phame/controller/blog/PhameBlogLiveController.php

View Options

src/applications/phame/controller/blog/PhameBlogViewController.php

View Options

src/applications/phame/controller/post/PhamePostViewController.php

Fix an open redirect issue in Phame with "View Live"2f6613846489Actions

Description

Details

Event Timeline

Changes (3)

rPH2f6613846489

src/applications/phame/controller/blog/PhameBlogLiveController.php

src/applications/phame/controller/blog/PhameBlogViewController.php

src/applications/phame/controller/post/PhamePostViewController.php

Fix an open redirect issue in Phame with "View Live"
2f6613846489
Actions