Fix view policy inheritance on image transforms · recaptime.dev/phorge@005fea5

@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.) hq.recaptime.dev/wiki/Phorge

phorge phabricator

fork atom

Fix view policy inheritance on image transforms

Summary:
Inherit viewPolicy from original image in image transforms and warn about Profile transform making transformed images public. Details:

https://hackerone.com/reports/1984060

https://github.com/mozilla-conduit/phabricator/commit/8358b435a99435a95e0dffbbb92f71dc1961bc7b

Closes T15663

Test Plan:
1. Click {nav View Transforms} on an image file with restrictive view policy.
2. See (Image will be Public) warning on Profile transform.
3. Click on Workcard transform.
4. Go back to {nav View Transforms} page and visit the Workcard transformed file.
5. Check if its view policy matches the original file.

Reviewers: O1 Blessed Committers, speck

Reviewed By: O1 Blessed Committers, speck

Subscribers: speck, tobiaswiese, valerio.bozzolan, Matthew, Cigaryno

Maniphest Tasks: T15663

Differential Revision: https://we.phorge.it/D25462

Signed-off-by: Zero King <l2dy@icloud.com>

authored by

David Lawrence and committed by

l2dy.tngl.sh 2 years ago 005fea5a 90f651d6

+6 -2

2 changed files

expand all

src

applications

files

transform

PhabricatorFileImageTransform.php

PhabricatorFileThumbnailTransform.php

+5 -1

src/applications/files/transform/PhabricatorFileImageTransform.php

··· 137 137 protected function newFileFromData($data) { 138 138 if ($this->file) { 139 139 $name = $this->file->getName(); 140 + $inherit_properties = array( 141 + 'viewPolicy' => $this->file->getViewPolicy(), 142 + ); 140 143 } else { 141 144 $name = 'default.png'; 145 + $inherit_properties = array(); 142 146 } 143 147 144 148 $defaults = array( ··· 146 150 'name' => $this->getTransformKey().'-'.$name, 147 151 ); 148 152 149 - $properties = $this->getFileProperties() + $defaults; 153 + $properties = $this->getFileProperties() + $inherit_properties + $defaults; 150 154 151 155 return PhabricatorFile::newFromFileData($data, $properties); 152 156 }

+1 -1

src/applications/files/transform/PhabricatorFileThumbnailTransform.php

··· 58 58 public function generateTransforms() { 59 59 return array( 60 60 id(new PhabricatorFileThumbnailTransform()) 61 - ->setName(pht("Profile (400px \xC3\x97 400px)")) 61 + ->setName(pht("Profile (400px \xC3\x97 400px) (Image will be Public)")) 62 62 ->setKey(self::TRANSFORM_PROFILE) 63 63 ->setDimensions(400, 400) 64 64 ->setScaleUp(true),