revi-archive/phorge-phorge
1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-19 12:00:55 +01:00
Code Issues Releases Wiki Activity

Don't prefill "add email address" from GET

Browse source 
Summary: Via HackerOne. I don't think this is a security vulnerability, but it is inconsistent. There's no reason to prefill this, and I think the code was just lazy.

Test Plan:
  - Hit this page with `?email=xyz` in a GET request, no more prefill.
  - Looped the page with bad addresses, appropriate prefill.
  - Added an address.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Differential Revision: https://secure.phabricator.com/D8458
This commit is contained in:
epriestley 2014-03-10 16:21:47 -07:00
parent 042ab0ad9d
commit 761b662283
1 changed files with 3 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
src/applications/settings/panel/PhabricatorSettingsPanelEmailAddresses.php
View file

@ -161,9 +161,10 @@ final class PhabricatorSettingsPanelEmailAddresses
$user = $request->getUser();
$e_email = true;
$email = trim($request->getStr('email'));
$email = null;
$errors = array();
if ($request->isDialogFormPost()) {
$email = trim($request->getStr('email'));
if ($new == 'verify') {
// The user clicked "Done" from the "an email has been sent" dialog.
@ -222,7 +223,7 @@ final class PhabricatorSettingsPanelEmailAddresses
id(new AphrontFormTextControl())
->setLabel(pht('Email'))
->setName('email')
->setValue($request->getStr('email'))
->setValue($email)
->setCaption(PhabricatorUserEmail::describeAllowedAddresses())
->setError($e_email));