revi-archive/phorge-phorge
1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-28 09:42:41 +01:00
Code Issues Releases Wiki Activity
phorge-phorge/src/applications/conduit
History
epriestley 29948eaa5b Use phutil_hashes_are_identical() when comparing hashes in Phabricator 
Summary: See D14025. In all cases where we compare hashes, use strict, constant-time comparisons.

Test Plan: Logged in, logged out, added TOTP, ran Conduit, terminated sessions, submitted forms, changed password. Tweaked CSRF token, got rejected.

Reviewers: chad

Reviewed By: chad

Subscribers: chenxiruanhai

Differential Revision: https://secure.phabricator.com/D14026
2015-09-01 15:52:44 -07:00
..
application Allow applications to have multiple "help" menu items 2015-04-01 11:51:48 -07:00
call Extend from Phobject 2015-06-15 18:02:27 +10:00
check Re-enable the deprecated calls setup check 2015-04-07 18:08:49 +10:00
controller Use phutil_hashes_are_identical() when comparing hashes in Phabricator 2015-09-01 15:52:44 -07:00
garbagecollector Add Conduit Tokens to make authentication in Conduit somewhat more sane 2014-12-15 11:14:23 -08:00
method Use phutil_hashes_are_identical() when comparing hashes in Phabricator 2015-09-01 15:52:44 -07:00
protocol Extend from Phobject 2015-06-15 18:02:27 +10:00
query Use PhutilClassMapQuery instead of PhutilSymbolLoader 2015-08-14 07:49:01 +10:00
settings Merge branch 'master' into redesign-2015 2015-06-10 07:44:58 -07:00
ssh phtize all the things 2015-05-22 21:16:39 +10:00
storage Use __CLASS__ instead of hard-coding class names 2015-05-14 07:21:13 +10:00