@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.)
hq.recaptime.dev/wiki/Phorge
phorge
phabricator
Fix an issue where "git" may be unable to read a temporary file in Diffusion
Summary:
Ref T13673. After the changes in that task, we may execute "git config -l ..." as a user other than the user we used to write this temporary file.
Use "--file -" to pass the data instead, avoiding use of temporary files. This makes us agnostic to filesystem permissions.
Test Plan: Viewed a Git repository with submodules in Diffusion with "ssh.user" configured as a user relatively isolated from the webserver user.
Maniphest Tasks: T13673
Differential Revision: https://secure.phabricator.com/D21759
+13
-5
+13
-5
src/applications/diffusion/conduit/DiffusionBrowseQueryConduitAPIMethod.php
+13
-5
src/applications/diffusion/conduit/DiffusionBrowseQueryConduitAPIMethod.php
···
229
229
$commit);
230
230
231
231
if (!$err) {
232
-
$tmp = new TempFile();
233
-
Filesystem::writeFile($tmp, $contents);
234
-
list($module_info) = $repository->execxLocalCommand(
235
-
'config -l -f %s',
236
-
$tmp);
232
+
233
+
// NOTE: After T13673, the user executing "git" may not be the same
234
+
// as the user this process is running as (usually the webserver user),
235
+
// so we can't reliably use a temporary file: the daemon user may not
236
+
// be able to use it.
237
+
238
+
// Use "--file -" to read from stdin instead. If this fails in some
239
+
// older versions of Git, we could exempt this particular command from
240
+
// sudoing to the daemon user.
241
+
242
+
$future = $repository->getLocalCommandFuture('config -l --file - --');
243
+
$future->write($contents);
244
+
list($module_info) = $future->resolvex();
237
245
238
246
$dict = array();
239
247
$lines = explode("\n", trim($module_info));