mirror of
https://we.phorge.it/source/phorge.git
synced 2024-11-23 23:32:40 +01:00
66c648cc56
Summary: See T2102 and inline for discussion. This seems like the least-bad approach until we have something better. The utility of next_uri seems much greater than the minor exposure of routable URIs. Note that attackers can //not// detect if routable URIs are //valid// (e.g., "/D999" will always hit the login page whether it exists or not), just that they're routable. So you can only really tell if apps are installed or not. Test Plan: Hit `/alsdknlkasnbla` while logged out, got 404 instead of login. Reviewers: vrana, codeblock, btrahan Reviewed By: codeblock CC: aran Maniphest Tasks: T2102 Differential Revision: https://secure.phabricator.com/D4012 |
||
|---|---|---|
| .. | ||
| aphront | ||
| applications | ||
| docs | ||
| infrastructure | ||
| rsrc | ||
| view | ||
| __celerity_resource_map__.php | ||
| __phutil_library_init__.php | ||
| __phutil_library_map__.php | ||