Page MenuHomePhorge

Use predictable filenames when downloading raw diffs from a revision
ClosedPublic

Authored by l2dy on Nov 26 2023, 15:35.

Details

Summary

To prevent spammers from abusing this feature on a public server, do not include query parameters in the generated filenames. See https://github.com/mozilla-conduit/phabricator/commit/d8bb7d91b7d219902afed1ae7a8ae5e33862a842.

Ref T15665.

Test Plan

Download raw diff from a revision and check filename in URL.

Diff Detail

Repository
rP Phorge
Branch
fix/raw-diff-name
Lint
Lint Passed
Unit
Tests Passed
Build Status
Buildable 1099
Build 1099: arc lint + arc unit

Event Timeline

l2dy added a task: Restricted Maniphest Task.

What do you think about keeping the current naming scheme but whitelisting a handful of query params to use instead of using them all? The timestamp adds noise and it's probably nice to see the ID of the diff in the filename, e.g. D25478.id1541.diff? Maybe just allow the the id parameter and regex that it's value is just a string of numbers.

In D25478#13957, @speck wrote:

What do you think about keeping the current naming scheme but whitelisting a handful of query params to use instead of using them all? The timestamp adds noise and it's probably nice to see the ID of the diff in the filename, e.g. D25478.id1541.diff? Maybe just allow the the id parameter and regex that it's value is just a string of numbers.

That's a good idea. I think we should keep both id and vs. Any other parameters worth keeping?

I spent only 5 minutes playing around on a diff to see what might make the url change. The diff id is probably the key one I’d be interested in keeping. I don’t know what the other params are for (even vs).

id, vs and /new/ in URL all affect content of the generated file.

  1. vs is for generating a diff between diffs in revision history, instead of against base.
  2. Dxxxxx/new/ is specific to a reviewer, so output is not deterministic.

Keeping id alone could cause confusion, because the output is also affected by vs.

I'm inclined to commit as is if there is a certain degree of urgency for the fix, or otherwise take the time to check all arguments that could affect output.

Whitelisting both vs and id sound good.

As far as I can understand, the generated file name here is 100% for commodity purposes: not used for anything on the filesystem, not used as unique key in something, not used to check whenever the file should be created again or not.

We can also have all files called "ASDLOL" and would be OK for the system.

sgtm

src/applications/differential/controller/DifferentialRevisionViewController.php
1093–1099
This revision is now accepted and ready to land.Jan 12 2024, 09:22

Ah, before landing, please consider an additional line in the comment (like the proposed one)

Maybe better to land this to help the author. The author cannot receive email notifications.

Thanks for the reminder!