1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-22 21:40:55 +01:00
No description
Find a file
epriestley 66c648cc56 Fix a redirect-on-login issue by allowing logged-out users to view 404 pages
Summary:
See T2102 and inline for discussion. This seems like the least-bad approach until we have something better.

The utility of next_uri seems much greater than the minor exposure of routable URIs.

Note that attackers can //not// detect if routable URIs are //valid// (e.g., "/D999" will always hit the login page whether it exists or not), just that they're routable. So you can only really tell if apps are installed or not.

Test Plan: Hit `/alsdknlkasnbla` while logged out, got 404 instead of login.

Reviewers: vrana, codeblock, btrahan

Reviewed By: codeblock

CC: aran

Maniphest Tasks: T2102

Differential Revision: https://secure.phabricator.com/D4012
2012-11-21 14:43:35 -08:00
bin Modernize the drydock script 2012-11-01 15:30:14 -07:00
conf Add support for S3 endpoint regions. 2012-11-16 04:08:14 -08:00
externals Modify Celerity to emit required resources on Ajax responses 2012-11-21 08:37:01 -08:00
resources Fix several migration issues with the Task/Counter patch 2012-11-16 10:19:22 -08:00
scripts Update static resource packages 2012-11-20 18:01:25 -08:00
src Fix a redirect-on-login issue by allowing logged-out users to view 404 pages 2012-11-21 14:43:35 -08:00
support Delete license headers from files 2012-11-05 11:16:51 -08:00
webroot Fix font size in textarea 2012-11-21 12:33:00 -08:00
.arcconfig Delete license headers from files 2012-11-05 11:16:51 -08:00
.divinerconfig Centralize rendering of application mail bodies 2012-07-16 19:01:43 -07:00
.editorconfig Specify config for text editors 2012-11-03 22:34:44 -07:00
.gitignore Remove support for custom logos 2012-07-30 11:09:28 -07:00
.gitmodules Just change the location. 2011-05-28 15:14:54 -07:00
LICENSE Delete license headers from files 2012-11-05 11:16:51 -08:00
NOTICE Delete license headers from files 2012-11-05 11:16:51 -08:00
README Delete license headers from files 2012-11-05 11:16:51 -08:00

Phabricator is a open source collection of web applications which make it easier
to write, review, and share source code. Phabricator was developed at Facebook.

This is an early release. It's pretty high-quality and usable, but under
active development so things may change quickly.

You can learn more about the project and find links to documentation and
resources at: http://phabricator.org/

LICENSE

Phabricator is released under the Apache 2.0 license except as otherwise noted.