mirror of
https://we.phorge.it/source/phorge.git
synced 2024-12-28 08:20:57 +01:00
Correct a mask config value
Summary: The correct name of this key is 'github.application-secret', not 'github.secret'. Make DarkConsole check that all the masked keys exist to prevent this from happening again. This isn't super important since this is just intended to protected against casual security lapses (taking a screenshot with DarkCnosole's "Config" tab open, for instance) but it's easy to check for so it seems worthwhile to get right. Test Plan: Loaded page without the actual config file change, got an exception. Fixed the config, reloaded the page, good news goats (really trying to get this to catch on since goats are adorable). Reviewed By: aran Reviewers: tuomaspelkonen, jungejason, aran CC: aran Differential Revision: 189
This commit is contained in:
parent
94df249775
commit
baab61a01e
3 changed files with 15 additions and 1 deletions
|
@ -97,7 +97,7 @@ return array(
|
||||||
'recaptcha.private-key',
|
'recaptcha.private-key',
|
||||||
'phabricator.csrf-key',
|
'phabricator.csrf-key',
|
||||||
'facebook.application-secret',
|
'facebook.application-secret',
|
||||||
'github.secret',
|
'github.application-secret',
|
||||||
),
|
),
|
||||||
|
|
||||||
// -- MySQL --------------------------------------------------------------- //
|
// -- MySQL --------------------------------------------------------------- //
|
||||||
|
|
|
@ -69,6 +69,16 @@ class DarkConsoleConfigPlugin extends DarkConsolePlugin {
|
||||||
$mask = PhabricatorEnv::getEnvConfig('darkconsole.config-mask');
|
$mask = PhabricatorEnv::getEnvConfig('darkconsole.config-mask');
|
||||||
$mask = array_fill_keys($mask, true);
|
$mask = array_fill_keys($mask, true);
|
||||||
|
|
||||||
|
foreach ($mask as $masked_key => $ignored) {
|
||||||
|
if (!PhabricatorEnv::envConfigExists($masked_key)) {
|
||||||
|
throw new Exception(
|
||||||
|
"Configuration 'darkconsole.config-mask' masks unknown ".
|
||||||
|
"configuration key '".$masked_key."'. If this key has been ".
|
||||||
|
"renamed, you might be accidentally exposing information which you ".
|
||||||
|
"don't intend to.");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
$rows = array();
|
$rows = array();
|
||||||
foreach ($config_data as $key => $value) {
|
foreach ($config_data as $key => $value) {
|
||||||
if (empty($mask[$key])) {
|
if (empty($mask[$key])) {
|
||||||
|
|
4
src/infrastructure/env/PhabricatorEnv.php
vendored
4
src/infrastructure/env/PhabricatorEnv.php
vendored
|
@ -27,6 +27,10 @@ final class PhabricatorEnv {
|
||||||
return idx(self::$env, $key, $default);
|
return idx(self::$env, $key, $default);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public static function envConfigExists($key) {
|
||||||
|
return array_key_exists($key, self::$env);
|
||||||
|
}
|
||||||
|
|
||||||
public static function getURI($path) {
|
public static function getURI($path) {
|
||||||
return rtrim(self::getEnvConfig('phabricator.base-uri'), '/').$path;
|
return rtrim(self::getEnvConfig('phabricator.base-uri'), '/').$path;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue