mirror of
https://we.phorge.it/source/phorge.git
synced 2024-12-24 14:30:56 +01:00
Lock all reply-handler options in the upstream, plus cookie prefix
Summary: Ref T7185. These settings shouldn't be unlocked anywhere. Specifically: - `reply-handler`: These are on the way out. - `reply-handler-domain`: Also hopefully on the way out; locked because a compromised administrator account can redirect replies. - `phabricator.cookie-prefix`: Not dangerous per se, but an admin could have a hard time fixing this if they changed it by accident since their session would become invalid immediately. Test Plan: Browsed Config. Reviewers: btrahan Reviewed By: btrahan Subscribers: epriestley Maniphest Tasks: T7185 Differential Revision: https://secure.phabricator.com/D11764
This commit is contained in:
parent
ebebeb8f7c
commit
e5b402d13f
8 changed files with 12 additions and 1 deletions
|
@ -90,9 +90,10 @@ final class PhabricatorCoreConfigOptions
|
|||
->addExample('America/Boise', pht('US Mountain (MDT)'))
|
||||
->addExample('America/Los_Angeles', pht('US West (PDT)')),
|
||||
$this->newOption('phabricator.cookie-prefix', 'string', null)
|
||||
->setLocked(true)
|
||||
->setSummary(
|
||||
pht('Set a string Phabricator should use to prefix '.
|
||||
'cookie names'))
|
||||
'cookie names.'))
|
||||
->setDescription(
|
||||
pht(
|
||||
'Cookies set for x.com are also sent for y.x.com. Assuming '.
|
||||
|
|
|
@ -244,6 +244,7 @@ EODOC
|
|||
'metamta.reply-handler-domain',
|
||||
'string',
|
||||
null)
|
||||
->setLocked(true)
|
||||
->setDescription(pht(
|
||||
'Domain used for reply email addresses. Some applications can '.
|
||||
'override this configuration with a different domain.'))
|
||||
|
|
|
@ -240,12 +240,14 @@ final class PhabricatorDifferentialConfigOptions
|
|||
'metamta.differential.reply-handler-domain',
|
||||
'string',
|
||||
null)
|
||||
->setLocked(true)
|
||||
->setDescription(
|
||||
pht('Inbound email domain for Differential replies.')),
|
||||
$this->newOption(
|
||||
'metamta.differential.reply-handler',
|
||||
'class',
|
||||
'DifferentialReplyHandler')
|
||||
->setLocked(true)
|
||||
->setBaseClass('PhabricatorMailReplyHandler')
|
||||
->setDescription(pht('Alternate reply handler class.')),
|
||||
$this->newOption(
|
||||
|
|
|
@ -30,6 +30,7 @@ final class PhabricatorDiffusionConfigOptions
|
|||
'metamta.diffusion.reply-handler-domain',
|
||||
'string',
|
||||
null)
|
||||
->setLocked(true)
|
||||
->setDescription(
|
||||
pht(
|
||||
'See {{metamta.maniphest.reply-handler}}. This does the same '.
|
||||
|
@ -38,6 +39,7 @@ final class PhabricatorDiffusionConfigOptions
|
|||
'metamta.diffusion.reply-handler',
|
||||
'class',
|
||||
'PhabricatorAuditReplyHandler')
|
||||
->setLocked(true)
|
||||
->setBaseClass('PhabricatorMailReplyHandler')
|
||||
->setDescription(pht('Override mail reply handler class.')),
|
||||
$this->newOption(
|
||||
|
|
|
@ -22,6 +22,7 @@ final class PhabricatorMacroConfigOptions
|
|||
public function getOptions() {
|
||||
return array(
|
||||
$this->newOption('metamta.macro.reply-handler-domain', 'string', null)
|
||||
->setLocked(true)
|
||||
->setDescription(pht(
|
||||
'As {{metamta.maniphest.reply-handler-domain}}, but affects Macro.')),
|
||||
$this->newOption('metamta.macro.subject-prefix', 'string', '[Macro]')
|
||||
|
|
|
@ -276,6 +276,7 @@ EOTEXT
|
|||
'metamta.maniphest.reply-handler-domain',
|
||||
'string',
|
||||
null)
|
||||
->setLocked(true)
|
||||
->setSummary(pht('Enable replying to tasks via email.'))
|
||||
->setDescription(
|
||||
pht(
|
||||
|
@ -296,6 +297,7 @@ EOTEXT
|
|||
'metamta.maniphest.reply-handler',
|
||||
'class',
|
||||
'ManiphestReplyHandler')
|
||||
->setLocked(true)
|
||||
->setBaseClass('PhabricatorMailReplyHandler')
|
||||
->setDescription(pht('Override reply handler class.')),
|
||||
$this->newOption(
|
||||
|
|
|
@ -25,6 +25,7 @@ final class PhabricatorOwnersConfigOptions
|
|||
'metamta.package.reply-handler',
|
||||
'class',
|
||||
'OwnersPackageReplyHandler')
|
||||
->setLocked(true)
|
||||
->setBaseClass('PhabricatorMailReplyHandler')
|
||||
->setDescription(pht('Reply handler for owners mail.')),
|
||||
$this->newOption('metamta.package.subject-prefix', 'string', '[Package]')
|
||||
|
|
|
@ -22,6 +22,7 @@ final class PhabricatorPholioConfigOptions
|
|||
public function getOptions() {
|
||||
return array(
|
||||
$this->newOption('metamta.pholio.reply-handler-domain', 'string', null)
|
||||
->setLocked(true)
|
||||
->setDescription(
|
||||
pht(
|
||||
'Like {{metamta.maniphest.reply-handler-domain}}, but affects '.
|
||||
|
|
Loading…
Reference in a new issue