Lock all reply-handler options in the upstream, plus cookie prefix

Summary: Ref T7185. These settings shouldn't be unlocked anywhere. Specifically: - `reply-handler`: These are on the way out. - `reply-handler-domain`: Also hopefully on the way out; locked because a compromised administrator account can redirect replies. - `phabricator.cookie-prefix`: Not dangerous per se, but an admin could have a hard time fixing this if they changed it by accident since their session would become invalid immediately. Test Plan: Browsed Config. Reviewers: btrahan Reviewed By: btrahan Subscribers: epriestley Maniphest Tasks: T7185 Differential Revision: https://secure.phabricator.com/D11764
2024-11-20 05:42:40 +01:00 · 2015-02-13 11:00:09 -08:00 · 2015-02-13 11:00:09 -08:00 · e5b402d13f
commit e5b402d13f
parent ebebeb8f7c
8 changed files with 12 additions and 1 deletions
--- a/src/applications/config/option/PhabricatorCoreConfigOptions.php
+++ b/src/applications/config/option/PhabricatorCoreConfigOptions.php
@ -90,9 +90,10 @@ final class PhabricatorCoreConfigOptions
        ->addExample('America/Boise', pht('US Mountain (MDT)'))
        ->addExample('America/Los_Angeles', pht('US West (PDT)')),
      $this->newOption('phabricator.cookie-prefix', 'string', null)
        ->setLocked(true)
        ->setSummary(
          pht('Set a string Phabricator should use to prefix '.
-              'cookie names'))
+              'cookie names.'))
        ->setDescription(
          pht(
            'Cookies set for x.com are also sent for y.x.com. Assuming '.
--- a/src/applications/config/option/PhabricatorMetaMTAConfigOptions.php
+++ b/src/applications/config/option/PhabricatorMetaMTAConfigOptions.php
@ -244,6 +244,7 @@ EODOC
        'metamta.reply-handler-domain',
        'string',
        null)
        ->setLocked(true)
        ->setDescription(pht(
          'Domain used for reply email addresses. Some applications can '.
          'override this configuration with a different domain.'))
--- a/src/applications/differential/config/PhabricatorDifferentialConfigOptions.php
+++ b/src/applications/differential/config/PhabricatorDifferentialConfigOptions.php
@ -240,12 +240,14 @@ final class PhabricatorDifferentialConfigOptions
        'metamta.differential.reply-handler-domain',
        'string',
        null)
        ->setLocked(true)
        ->setDescription(
          pht('Inbound email domain for Differential replies.')),
      $this->newOption(
        'metamta.differential.reply-handler',
        'class',
        'DifferentialReplyHandler')
        ->setLocked(true)
        ->setBaseClass('PhabricatorMailReplyHandler')
        ->setDescription(pht('Alternate reply handler class.')),
      $this->newOption(
--- a/src/applications/diffusion/config/PhabricatorDiffusionConfigOptions.php
+++ b/src/applications/diffusion/config/PhabricatorDiffusionConfigOptions.php
@ -30,6 +30,7 @@ final class PhabricatorDiffusionConfigOptions
        'metamta.diffusion.reply-handler-domain',
        'string',
        null)
        ->setLocked(true)
        ->setDescription(
          pht(
            'See {{metamta.maniphest.reply-handler}}. This does the same '.
@ -38,6 +39,7 @@ final class PhabricatorDiffusionConfigOptions
        'metamta.diffusion.reply-handler',
        'class',
        'PhabricatorAuditReplyHandler')
        ->setLocked(true)
        ->setBaseClass('PhabricatorMailReplyHandler')
        ->setDescription(pht('Override mail reply handler class.')),
      $this->newOption(
--- a/src/applications/macro/config/PhabricatorMacroConfigOptions.php
+++ b/src/applications/macro/config/PhabricatorMacroConfigOptions.php
@ -22,6 +22,7 @@ final class PhabricatorMacroConfigOptions
  public function getOptions() {
    return array(
      $this->newOption('metamta.macro.reply-handler-domain', 'string', null)
        ->setLocked(true)
        ->setDescription(pht(
          'As {{metamta.maniphest.reply-handler-domain}}, but affects Macro.')),
      $this->newOption('metamta.macro.subject-prefix', 'string', '[Macro]')
--- a/src/applications/maniphest/config/PhabricatorManiphestConfigOptions.php
+++ b/src/applications/maniphest/config/PhabricatorManiphestConfigOptions.php
@ -276,6 +276,7 @@ EOTEXT
        'metamta.maniphest.reply-handler-domain',
        'string',
        null)
        ->setLocked(true)
        ->setSummary(pht('Enable replying to tasks via email.'))
        ->setDescription(
          pht(
@ -296,6 +297,7 @@ EOTEXT
        'metamta.maniphest.reply-handler',
        'class',
        'ManiphestReplyHandler')
        ->setLocked(true)
        ->setBaseClass('PhabricatorMailReplyHandler')
        ->setDescription(pht('Override reply handler class.')),
      $this->newOption(
--- a/src/applications/owners/config/PhabricatorOwnersConfigOptions.php
+++ b/src/applications/owners/config/PhabricatorOwnersConfigOptions.php
@ -25,6 +25,7 @@ final class PhabricatorOwnersConfigOptions
        'metamta.package.reply-handler',
        'class',
        'OwnersPackageReplyHandler')
        ->setLocked(true)
        ->setBaseClass('PhabricatorMailReplyHandler')
        ->setDescription(pht('Reply handler for owners mail.')),
      $this->newOption('metamta.package.subject-prefix', 'string', '[Package]')
--- a/src/applications/pholio/config/PhabricatorPholioConfigOptions.php
+++ b/src/applications/pholio/config/PhabricatorPholioConfigOptions.php
@ -22,6 +22,7 @@ final class PhabricatorPholioConfigOptions
  public function getOptions() {
    return array(
      $this->newOption('metamta.pholio.reply-handler-domain', 'string', null)
        ->setLocked(true)
        ->setDescription(
          pht(
            'Like {{metamta.maniphest.reply-handler-domain}}, but affects '.