Fix an issue with embedding slowvotes
Summary:
In some applications, using `{V2}` syntax to embed a vote throws. The chain of causality looks like this:
- We try to render a `phabricator_form()`.
- This requires a CSRF token.
- We look for a CSRF token on the user.
- It's an omnipotent user with no token, so everything fails.
To resolve this, make sure we always pass the real user in.
Test Plan:
- Lots of `grep`.
- Made a Differential comment with `{V2}`.
- Made a Diffusion comment with `{V2}`.
- Made a Maniphest comment with `{V2}`.
- Replied to a Conpherence thread with `{V2}`.
- Created a Conpherence thread with `{V2}`.
- Used Conduit to update a Conpherence thread with `{V2}`.
Reviewers: btrahan
Reviewed By: btrahan
Subscribers: epriestley, lkassianik
Differential Revision: https://secure.phabricator.com/D8849
This commit is contained in:
epriestley
@@ -26,6 +26,7 @@ final class ManiphestTransactionSaveController extends ManiphestController {
|
||||
// list of all the CCs and then construct a transaction for them at the
|
||||
// end if necessary.
|
||||
$added_ccs = PhabricatorMarkupEngine::extractPHIDsFromMentions(
|
||||
$user,
|
||||
array(
|
||||
$request->getStr('comments'),
|
||||
));
|
||||
|
||||
Reference in New Issue
Block a user