Homec4science

When viewing raw file content in Differential, cache it into the File tool…

Authored by epriestley <git@epriestley.com> on Feb 15 2012, 02:00.

Description

When viewing raw file content in Differential, cache it into the File tool before displaying it

Summary:
@alok reported a vulnerability where Flash will run carefully-crafted plain text
files.

When the user requests a raw file, cache it into Files if it isn't already
there. Then redirect them to Files. This solves the problem by executing the
SWF/TXT with CDN-domain permissions, not content-domain permissions, provided
the install is correctly configured. (Followup diff coming to make this more
universally true.)

NOTE: We'll still show raw data in Diffusion. The barrier to XSS here is much higher (you need commit access) but I'll do something similar there. We aren't vulnerable in Paste, since we already use Files.

Test Plan: Clicked "View Old File", "View New File" in an alt-domain
configuration, got redirected to a cookie-free domain before being delivered the
response.

Reviewers: btrahan, alok

Reviewed By: btrahan

CC: aran, epriestley

Differential Revision: https://secure.phabricator.com/D1607

Details

Committed
epriestley <git@epriestley.com>Feb 15 2012, 02:00
Pushed
aubortJan 31 2017, 17:16
Parents
rPHcd651001b6c6: Add a contextual "scope" dropdown for searches
Branches
Unknown
Tags
Unknown

Event Timeline

epriestley <git@epriestley.com> committed rPHda1d57b60a5f: When viewing raw file content in Differential, cache it into the File tool… (authored by epriestley <git@epriestley.com>).Feb 15 2012, 02:00