epriestley 9dd0eca335 Lock feed.public and feed.http-hooks config options ... Summary: Ref T6817. Ref T5726. These both bypass policy checks, and would allow an attacker who gains control of an administrative account to enable public feed, then view feed stories they could not normally see; or enable feed.http-hooks, then read the posted text. In the longer term I'd like to remove `feed.public` completely (possibly providing API alternatives, if necessary). Test Plan: Looked at options in web UI and saw them locked. Reviewers: btrahan, chad Reviewed By: chad Subscribers: epriestley Maniphest Tasks: T6817, T5726 Differential Revision: https://secure.phabricator.com/D11046		2014-12-29 08:04:47 -08:00
..
application	Implement the getName method in PhabricatorApplication subclasses	2014-07-23 23:52:50 +10:00
builder	Move ActionHeaders to PHUI, add ObjectBox Support, new Colors	2014-06-24 09:39:32 -07:00
conduit	Minor formatting changes	2014-10-08 08:39:49 +11:00
config	Lock feed.public and feed.http-hooks config options	2014-12-29 08:04:47 -08:00
constants	Partially modernize Doorkeeper/Asana bridge	2014-10-01 07:09:34 -07:00
controller	Decouple some aspects of request routing and construction	2014-10-17 05:01:40 -07:00
management	Apply some autofix linter rules	2014-09-10 06:55:05 +10:00
query	Rename PhabricatorApplication subclasses	2014-07-23 10:03:09 +10:00
storage	Automatically build all Lisk schemata	2014-10-02 09:51:20 -07:00
story	Move audit to application transactions	2014-10-15 13:20:12 -07:00
worker	Feed - permenantly fail publish workers if the uri they are posting to is not in configu	2014-08-26 15:05:54 -07:00
PhabricatorFeedStoryPublisher.php	Audit - another partial fix to commit re-parsing bug	2014-10-20 17:39:19 -07:00