Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[media] unathenticated viewing private data fix #3657

Merged
merged 12 commits into from
May 28, 2018
Merged

[media] unathenticated viewing private data fix #3657

merged 12 commits into from
May 28, 2018

Conversation

maltheism
Copy link
Member

This pull request fixes private data from being viewed. It adds permission check for user accessing the getData in FileUpload.php.

See also: Bug #13847

Alizée added 8 commits May 8, 2018 16:31
@maltheism maltheism added Category: Bug PR or issue that aims to report or fix a bug [branch] bugfix labels May 10, 2018
@johnsaigle
Copy link
Contributor

Hey @intralizee it looks like you have some unrelated commits on this branch. This will have to be resolved.

johnsaigle
johnsaigle previously requested changes May 10, 2018
View reviewed changes
modules/media/ajax/FileUpload.php
*
* @return void
*/
function viewData()
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you move this function declaration to the bottom of the files with the other ones? It feels strange to have the functions in different places

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fixed

driusan
driusan previously requested changes May 10, 2018
View reviewed changes
Copy link
Collaborator

@driusan driusan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please remove all the unrelated whitespace changes so that this can be reviewed..

@maltheism maltheism changed the title Media unathenticated viewing private data fix [media] unathenticated viewing private data fix May 10, 2018
@maltheism maltheism dismissed stale reviews from johnsaigle and driusan May 10, 2018 15:29

fixed

johnsaigle
johnsaigle approved these changes May 10, 2018
View reviewed changes
Copy link
Contributor

@johnsaigle johnsaigle left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Note that the line

+ $user =& User::singleton();

will need to be updated in the major branch to conform with the changes in #3655.

@kongtiaowang kongtiaowang added the Passed manual tests PR has been successfully tested by at least one peer label May 14, 2018
@driusan driusan merged commit 9030b95 into aces:bugfix May 28, 2018
@ridz1208 ridz1208 added this to the 19.1.1 milestone May 28, 2018
@maltheism maltheism deleted the media_unathenticated_viewing_private_data_fix branch May 24, 2020 02:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@driusan driusan driusan approved these changes

@johnsaigle johnsaigle johnsaigle approved these changes

@PapillonMcGill PapillonMcGill PapillonMcGill approved these changes

Assignees

@driusan driusan

@johnsaigle johnsaigle

Labels
Category: Bug PR or issue that aims to report or fix a bug Passed manual tests PR has been successfully tested by at least one peer
Projects
None yet
Milestone
19.1.1
Development

Successfully merging this pull request may close these issues.
6 participants
@maltheism @johnsaigle @driusan @PapillonMcGill @kongtiaowang @ridz1208