1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-24 14:30:56 +01:00

Lock all reply-handler options in the upstream, plus cookie prefix

Summary:
Ref T7185. These settings shouldn't be unlocked anywhere. Specifically:

  - `reply-handler`: These are on the way out.
  - `reply-handler-domain`: Also hopefully on the way out; locked because a compromised administrator account can redirect replies.
  - `phabricator.cookie-prefix`: Not dangerous per se, but an admin could have a hard time fixing this if they changed it by accident since their session would become invalid immediately.

Test Plan: Browsed Config.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T7185

Differential Revision: https://secure.phabricator.com/D11764
This commit is contained in:
epriestley 2015-02-13 11:00:09 -08:00
parent ebebeb8f7c
commit e5b402d13f
8 changed files with 12 additions and 1 deletions

View file

@ -90,9 +90,10 @@ final class PhabricatorCoreConfigOptions
->addExample('America/Boise', pht('US Mountain (MDT)'))
->addExample('America/Los_Angeles', pht('US West (PDT)')),
$this->newOption('phabricator.cookie-prefix', 'string', null)
->setLocked(true)
->setSummary(
pht('Set a string Phabricator should use to prefix '.
'cookie names'))
'cookie names.'))
->setDescription(
pht(
'Cookies set for x.com are also sent for y.x.com. Assuming '.

View file

@ -244,6 +244,7 @@ EODOC
'metamta.reply-handler-domain',
'string',
null)
->setLocked(true)
->setDescription(pht(
'Domain used for reply email addresses. Some applications can '.
'override this configuration with a different domain.'))

View file

@ -240,12 +240,14 @@ final class PhabricatorDifferentialConfigOptions
'metamta.differential.reply-handler-domain',
'string',
null)
->setLocked(true)
->setDescription(
pht('Inbound email domain for Differential replies.')),
$this->newOption(
'metamta.differential.reply-handler',
'class',
'DifferentialReplyHandler')
->setLocked(true)
->setBaseClass('PhabricatorMailReplyHandler')
->setDescription(pht('Alternate reply handler class.')),
$this->newOption(

View file

@ -30,6 +30,7 @@ final class PhabricatorDiffusionConfigOptions
'metamta.diffusion.reply-handler-domain',
'string',
null)
->setLocked(true)
->setDescription(
pht(
'See {{metamta.maniphest.reply-handler}}. This does the same '.
@ -38,6 +39,7 @@ final class PhabricatorDiffusionConfigOptions
'metamta.diffusion.reply-handler',
'class',
'PhabricatorAuditReplyHandler')
->setLocked(true)
->setBaseClass('PhabricatorMailReplyHandler')
->setDescription(pht('Override mail reply handler class.')),
$this->newOption(

View file

@ -22,6 +22,7 @@ final class PhabricatorMacroConfigOptions
public function getOptions() {
return array(
$this->newOption('metamta.macro.reply-handler-domain', 'string', null)
->setLocked(true)
->setDescription(pht(
'As {{metamta.maniphest.reply-handler-domain}}, but affects Macro.')),
$this->newOption('metamta.macro.subject-prefix', 'string', '[Macro]')

View file

@ -276,6 +276,7 @@ EOTEXT
'metamta.maniphest.reply-handler-domain',
'string',
null)
->setLocked(true)
->setSummary(pht('Enable replying to tasks via email.'))
->setDescription(
pht(
@ -296,6 +297,7 @@ EOTEXT
'metamta.maniphest.reply-handler',
'class',
'ManiphestReplyHandler')
->setLocked(true)
->setBaseClass('PhabricatorMailReplyHandler')
->setDescription(pht('Override reply handler class.')),
$this->newOption(

View file

@ -25,6 +25,7 @@ final class PhabricatorOwnersConfigOptions
'metamta.package.reply-handler',
'class',
'OwnersPackageReplyHandler')
->setLocked(true)
->setBaseClass('PhabricatorMailReplyHandler')
->setDescription(pht('Reply handler for owners mail.')),
$this->newOption('metamta.package.subject-prefix', 'string', '[Package]')

View file

@ -22,6 +22,7 @@ final class PhabricatorPholioConfigOptions
public function getOptions() {
return array(
$this->newOption('metamta.pholio.reply-handler-domain', 'string', null)
->setLocked(true)
->setDescription(
pht(
'Like {{metamta.maniphest.reply-handler-domain}}, but affects '.