1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-11 08:06:13 +01:00
Commit graph

7 commits

Author SHA1 Message Date
Joshua Spence
0a62f13464 Change double quotes to single quotes.
Summary: Ran `arc lint --apply-patches --everything` over rP, mainly to change double quotes to single quotes where appropriate. These changes also validate that the `ArcanistXHPASTLinter::LINT_DOUBLE_QUOTE` rule is working as expected.

Test Plan: Eyeballed it.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: epriestley, Korvin, hach-que

Differential Revision: https://secure.phabricator.com/D9431
2014-06-09 11:36:50 -07:00
James Rhodes
3b1a1ae7e3 [SECURITY] Prevented PhabricatorSetupIssueView from exposing sensitive config options.
Summary:
Currently PhabricatorSetupIssueView will show the current values of
configuration options regardless of whether or not they are defined
as hidden options.  This means that if the MySQL server stops, Phabricator
will present the MySQL connection credentials to anyone who can access
the Phabricator page.

Test Plan:
Stop the MySQL server for a Phabricator instance.  It should display 'hidden'
instead of the MySQL password.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D5596
2013-04-06 00:39:53 -07:00
epriestley
ef7f16180c Restore merge of phutil_tag. 2013-02-13 14:51:18 -08:00
epriestley
73cce6e131 Revert "Promote phutil-tag again"
This reverts commit 8fbabdc06d, reversing
changes made to 2dab1c1e42.
2013-02-13 14:08:57 -08:00
vrana
4eb84149c2 Convert everything to safe HTML
Summary: Sgrepped for `"=~/</"` and manually changed every HTML.

Test Plan: This doesn't work yet but it is hopefully one of the last diffs before Phabricator will be undoubtedly HTML safe.

Reviewers: epriestley

CC: aran, Korvin

Maniphest Tasks: T2432

Differential Revision: https://secure.phabricator.com/D4927
2013-02-13 12:35:40 -08:00
indiefan
bdecadfd11 Returning simple text error message instead of HTML for requests where HTML won't be rendered for the user. Fixes T2401.
Summary: If the check is too much, let me know. I noticed you send over __ajax__=true, so I figured it was safest to evaluate existance and value.

Test Plan: Included unit test. Would have included a test where __ajax__ and __conduit__ are not set, but without mocking this gives an uncatchable Fatal Error. If you want me to include it, just direct me on the mocking strategy.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T2401

Differential Revision: https://secure.phabricator.com/D4719
2013-01-30 08:43:35 -08:00
epriestley
24845bec42 Port extension checks to new-style setup
Summary:
  - Allow new-style setup to raise fatal setup errors.
  - Port extension checks to new-style setup as fatal errors.
  - When fatal errors are raised, abort setup and show them in a chrome-free response.

Test Plan: {F29981}

Reviewers: btrahan, chad

Reviewed By: chad

CC: aran

Maniphest Tasks: T2228

Differential Revision: https://secure.phabricator.com/D4587
2013-01-22 15:16:26 -08:00