Fix an open redirect issue in Phame with "View Live"
2f6613846489
Actions

Description

Fix an open redirect issue in Phame with "View Live"

Summary: Currently, you can set a blog URI to "evil.com" and then the live controller will issue a redirect. Instead, require a CSRF check. If it fails, pop a "this blog has moved" dialog.

Test Plan:

Clicked "View Live" for in-app and on-domain blogs and posts.
Hit URI directly.

{F33302}

Reviewers: vrana

Reviewed By: vrana

CC: cbg, aran

Differential Revision: https://secure.phabricator.com/D5021

Details

Provenance

epriestley	Authored on Feb 19 2013, 4:04 PM
themackabu	Pushed on Mar 25 2025, 8:07 PM

Parents

rP17cabea1bcba: I am not good at computer

Branches

Unknown

Tags

Unknown

Event Timeline

Changes (3)

Path

Size

src/

applications/

phame/

controller/

blog/

PhameBlogLiveController.php

PhameBlogViewController.php

post/

PhamePostViewController.php

rP2f6613846489

View Options

src/applications/phame/controller/blog/PhameBlogLiveController.php

View Options

src/applications/phame/controller/blog/PhameBlogViewController.php

View Options

src/applications/phame/controller/post/PhamePostViewController.php

Fix an open redirect issue in Phame with "View Live"2f6613846489Actions

Description

Details

Event Timeline

Changes (3)

rP2f6613846489

src/applications/phame/controller/blog/PhameBlogLiveController.php

src/applications/phame/controller/blog/PhameBlogViewController.php

src/applications/phame/controller/post/PhamePostViewController.php

Fix an open redirect issue in Phame with "View Live"
2f6613846489
Actions