1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-30 09:20:58 +01:00
No description
Find a file
epriestley 2037979142 Prevent Phame blogs from using invalid skins
Summary: Via HackerOne. An attacker with access to both Phame and the filesystem could potentially load a skin that lives outside of the configured skin directories, because we had insufficient checks on the actual skin at load time.

Test Plan: Attempted to build a blog with an invalid skin; got an exception instead of a mis-load of a sketchy skin.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D10992
2014-12-15 10:41:49 -08:00
bin Add bin/worker flood, for flooding the task queue with work 2014-11-24 11:10:15 -08:00
conf Configuration - re-jigger how we handle bad configuration files 2014-10-06 13:20:56 -07:00
externals Update Stripe PHP API 2014-07-13 09:19:07 -07:00
resources Allow repositories to be bound to an AlmanacService 2014-12-12 12:07:11 -08:00
scripts Minor linter fixes 2014-12-09 18:37:32 +11:00
src Prevent Phame blogs from using invalid skins 2014-12-15 10:41:49 -08:00
support Minor formatting changes 2014-10-08 08:39:49 +11:00
webroot Transactions - change show all key from "~" to "@" 2014-12-12 11:23:56 -08:00
.arcconfig Update .arclint in Phabricator for phutil-library lint 2014-05-12 06:01:30 -07:00
.arclint Update the quickstart.sql 2014-11-07 12:29:24 -08:00
.editorconfig Specify config for text editors 2012-11-03 22:34:44 -07:00
.gitignore Implement storage of a host ID and a public key for authorizing Conduit between servers 2014-10-03 22:52:41 +10:00
LICENSE Delete license headers from files 2012-11-05 11:16:51 -08:00
NOTICE Update Phabricator NOTICE file to reflect modern legal circumstances 2014-06-25 13:42:13 -07:00
README Reformat README as Remarkup 2014-07-16 22:10:36 +10:00

Phabricator is an open source collection of web applications which help
software companies build better software.

Phabricator includes applications for:

  - reviewing and auditing source code;
  - hosting and browsing repositories;
  - assembling a party to venture forth;
  - tracking bugs;
  - hiding stuff from coworkers; and
  - also some other things.

You can learn more about the project (and find links to documentation and
resources) [[http://phabricator.org/ | here]].

Phabricator is developed and maintained by [[http://phacility.com/ |
Phacility]]. The first version of Phabricator was originally built at Facebook.

= LICENSE =
Phabricator is released under the Apache 2.0 license except as otherwise noted.