1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-30 17:30:59 +01:00
No description
Find a file
epriestley 6e713ad784 Don't reveal oauth application token information
Summary:
There's an OAuth diagnostics page at /oauth/facebook/diagnose/, which
shows some diagnostic information. Currently, it attempts to establish an
application token session and shows the token if it is successful. An attacker
could use this to do vaguely nefarious things (retreive application statistics,
I think?).

This interface was originally admin-only but then I threw out the very silly
admin mode patch I had at the time and we currently have no admin mode, and
thus this interface is public. This token isn't useful in diagnosis anyway,
so don't reveal it.

Test Plan:
Visited oauth diagnostics page, no token revealed

Reviewed By: tuomaspelkonen
Reviewers: tuomaspelkonen, jungejason
CC: tuomaspelkonen
Differential Revision: 136
2011-04-14 13:32:49 -07:00
bin Improve parser scalability, fix a bug or two, provide 'phd', the Phabricator 2011-03-13 14:27:03 -07:00
conf Add config flags for Differential action link stuff. 2011-04-13 12:12:02 -07:00
externals Get rid of +x on a bunch of nonexecutable files because I failed to set 2011-04-02 16:47:20 -07:00
resources Prevent a race in Phabricator workers 2011-04-14 12:09:56 -07:00
scripts Avoid Timeline race condition 2011-04-14 10:12:10 -07:00
src Don't reveal oauth application token information 2011-04-14 13:32:49 -07:00
webroot Implemented "Plan Changes" action for differential. 2011-04-13 16:58:22 -07:00
.arcconfig Point Phabricator at the meta-install. 2011-02-07 21:57:42 -08:00
.divinerconfig Basic doc for adding/updating Celerity CSS/JS. 2011-03-04 14:15:59 -08:00
.gitignore PhabricatorEnv 2011-01-31 11:55:26 -08:00
README Update the README to be more full of caution. 2011-02-07 12:20:08 -08:00

PROJECT STATUS: CAVEAT EMPTOR

This is an unstable preview release. I'm open sourcing some of Facebook's
internal tools, but they'll be unstable for probably at least a couple months.
-epriestley


WHAT IS PHABRICATOR?

Phabricator is a suite of web applications that facilitate software development
tasks, particularly code review. The primary application in the suite is
Differential, a code review tool.

Phabricator is highly unstable and has many missing features! These applications
are being brought over from Facebook's internal toolset, but there's a lot of
stuff that hasn't made it over yet. Feel free to follow the project but you
probably shouldn't try to install this yet unless you're extremely ambitious
or just want to take a look at it. I'm opening it up now mostly to make it
easier for me to do test deployments outside of Facebook.