Fix a CSRF issue with adding new email addresses
4f8d07594e2a
Actions

Authored by epriestley <git@epriestley.com> on Jun 30 2016, 17:22.

Description

Fix a CSRF issue with adding new email addresses

Summary:
The first dialog was being given the wrong user ($user, should be $viewer), leading to a CSRF issue.

(The CSRF token it generated was invalid in all validation contexts, so this wasn't a security problem or a way to capture CSRF tokens for other users.)

Use newDialog() instead.

(This seems completely unrelated to the vaguely-similar-looking issues we saw earlier this week.)

Test Plan:

Added a new email address.
Clicked "Done" on the last step.
Completed workflow instead of getting a CSRF error.

Reviewers: chad, tide

Reviewed By: tide

Differential Revision: https://secure.phabricator.com/D16200

Details

Committed

epriestley <git@epriestley.com>

Jun 30 2016, 17:35

Pushed

aubort

Jan 31 2017, 17:16

Parents

rPH922822bd2dc3: Wrap really long text properly in diffs

Branches

Unknown

Tags

Unknown

Event Timeline

epriestley <git@epriestley.com> committed rPH4f8d07594e2a: Fix a CSRF issue with adding new email addresses (authored by epriestley <git@epriestley.com>).Jun 30 2016, 17:35

Changes (1)

				Path
	M			src/applications/settings/panel/PhabricatorEmailAddressesSettingsPanel.php

rPH4f8d07594e2a

View Options

src/applications/settings/panel/PhabricatorEmailAddressesSettingsPanel.php