Homec4science
Diffusion Phabricator 5801176edc13

When creating a new Phame blog post, check that the author has permission to…
5801176edc13
Actions

Authored by epriestley <git@epriestley.com> on Mar 6 2014, 23:06.

Description

When creating a new Phame blog post, check that the author has permission to post to the blog

Summary:
Via HackerOne. We're missing this permissions check, so you can sneak around it with URL editing right now.

I checked the other queries in this application and they seem OK.

Test Plan: Tried to post to a blog I had no permission to join.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Differential Revision: https://secure.phabricator.com/D8423

Details

Committed
epriestley <git@epriestley.com>Mar 6 2014, 23:06
Pushed
aubortJan 31 2017, 17:16
Parents
rPH270929dd6b4e: Include Source Sans on-demand with Celerity
Branches
Unknown
Tags
Unknown

Event Timeline

epriestley <git@epriestley.com> committed rPH5801176edc13: When creating a new Phame blog post, check that the author has permission to… (authored by epriestley <git@epriestley.com>).Mar 6 2014, 23:06

Changes (1)

Path
Msrc/applications/phame/controller/post/PhamePostEditController.php

rPH5801176edc13

View Options

src/applications/phame/controller/post/PhamePostEditController.php

Loading...
c4science · Help