When viewing raw file content in Differential, cache it into the File tool
da1d57b60a5f
Actions

Description

When viewing raw file content in Differential, cache it into the File tool
before displaying it

Summary:
@alok reported a vulnerability where Flash will run carefully-crafted plain text
files.

When the user requests a raw file, cache it into Files if it isn't already
there. Then redirect them to Files. This solves the problem by executing the
SWF/TXT with CDN-domain permissions, not content-domain permissions, provided
the install is correctly configured. (Followup diff coming to make this more
universally true.)

NOTE: We'll still show raw data in Diffusion. The barrier to XSS here is much higher (you need commit access) but I'll do something similar there. We aren't vulnerable in Paste, since we already use Files.

Test Plan: Clicked "View Old File", "View New File" in an alt-domain
configuration, got redirected to a cookie-free domain before being delivered the
response.

Reviewers: btrahan, alok

Reviewed By: btrahan

CC: aran, epriestley

Differential Revision: https://secure.phabricator.com/D1607

Details

Provenance

epriestley	Authored on Feb 14 2012, 8:00 PM
sirocyl	Pushed on Oct 16 2024, 5:49 AM

Parents

R1:cd651001b6c6: Add a contextual "scope" dropdown for searches

Branches

Unknown

Tags

Unknown

Event Timeline

Changes (2)

Path

Size

src/

applications/

differential/

controller/

changesetview/

DifferentialChangesetViewController.php

__init__.php

R1:da1d57b60a5f

View Options

src/applications/differential/controller/changesetview/DifferentialChangesetViewController.php