revi-archive/phorge-phorge
1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-24 15:52:41 +01:00
Code Issues Releases Wiki Activity
phorge-phorge/src/applications/differential
History
epriestley e5b402d13f Lock all reply-handler options in the upstream, plus cookie prefix 
Summary:
Ref T7185. These settings shouldn't be unlocked anywhere. Specifically:

  - `reply-handler`: These are on the way out.
  - `reply-handler-domain`: Also hopefully on the way out; locked because a compromised administrator account can redirect replies.
  - `phabricator.cookie-prefix`: Not dangerous per se, but an admin could have a hard time fixing this if they changed it by accident since their session would become invalid immediately.

Test Plan: Browsed Config.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T7185

Differential Revision: https://secure.phabricator.com/D11764
2015-02-13 11:00:09 -08:00
..
__tests__ Policy - fix up DifferentialChangesetParser 2015-01-30 11:17:34 -08:00
application Remove getIconName from all applications 2015-01-30 12:11:21 -08:00
capability Simplify the implementation of PhabricatorPolicyCapability subclasses 2014-07-25 08:25:42 +10:00
conduit Differential - add ability to setup "create" addresses for revisions 2015-01-30 10:31:39 -08:00
config Lock all reply-handler options in the upstream, plus cookie prefix 2015-02-13 11:00:09 -08:00
constants Differential - label unit / lint results from the commit diff as not applicable 2014-09-16 12:11:54 -07:00
controller Fix a TODO 2015-02-10 18:37:18 +11:00
customfield Fix visibility for DifferentialManiphestTasksField::readValueFromRevision 2015-01-14 07:04:36 +11:00
doorkeeper Partially modernize Doorkeeper/Asana bridge 2014-10-01 07:09:34 -07:00
edge Don't write inverse edges for DifferentialRevisionHasReviewerEdgeType 2015-01-04 10:07:56 +11:00
editor Don't create mentions for dependent diffs 2015-01-23 07:12:05 +11:00
event Fix pht method calls 2015-02-10 18:57:45 +11:00
exception Remove an unused class 2015-01-03 09:07:32 +11:00
garbagecollector Complete modularization of the GC daemon 2014-01-15 10:02:31 -08:00
landing Explicitly declare method/property visibility 2015-01-12 08:18:13 +11:00
lipsum Remove an unused variable 2015-01-03 10:31:46 +11:00
mail MetaMTA - update documentation and make config a tad easier 2015-02-12 11:05:39 -08:00
management Rename DifferentialHunk subclasses for consistency 2015-01-23 07:17:04 +11:00
parser Rename a constant 2015-02-11 06:54:10 +11:00
phid Rename PHIDType classes 2014-07-24 08:05:46 +10:00
query Policy - filter app engines where the user can't see the application from panel editing 2015-02-04 15:47:48 -08:00
remarkup Rename PhutilRemarkupRule subclasses 2014-08-05 00:55:43 +10:00
render Fix pht method calls 2015-02-10 18:57:45 +11:00
search Rename PHIDType classes 2014-07-24 08:05:46 +10:00
storage Probably fix excessive "(authored by X)" attributions 2015-02-02 14:59:32 -08:00
view Rename a constant 2015-02-11 06:54:10 +11:00
DifferentialGetWorkingCopy.php Applied various linter fixes. 2014-06-09 16:04:12 -07:00