mirror of
https://we.phorge.it/source/phorge.git
synced 2024-12-30 17:30:59 +01:00
No description
6e713ad784
Summary: There's an OAuth diagnostics page at /oauth/facebook/diagnose/, which shows some diagnostic information. Currently, it attempts to establish an application token session and shows the token if it is successful. An attacker could use this to do vaguely nefarious things (retreive application statistics, I think?). This interface was originally admin-only but then I threw out the very silly admin mode patch I had at the time and we currently have no admin mode, and thus this interface is public. This token isn't useful in diagnosis anyway, so don't reveal it. Test Plan: Visited oauth diagnostics page, no token revealed Reviewed By: tuomaspelkonen Reviewers: tuomaspelkonen, jungejason CC: tuomaspelkonen Differential Revision: 136 |
||
---|---|---|
bin | ||
conf | ||
externals | ||
resources | ||
scripts | ||
src | ||
webroot | ||
.arcconfig | ||
.divinerconfig | ||
.gitignore | ||
README |
PROJECT STATUS: CAVEAT EMPTOR This is an unstable preview release. I'm open sourcing some of Facebook's internal tools, but they'll be unstable for probably at least a couple months. -epriestley WHAT IS PHABRICATOR? Phabricator is a suite of web applications that facilitate software development tasks, particularly code review. The primary application in the suite is Differential, a code review tool. Phabricator is highly unstable and has many missing features! These applications are being brought over from Facebook's internal toolset, but there's a lot of stuff that hasn't made it over yet. Feel free to follow the project but you probably shouldn't try to install this yet unless you're extremely ambitious or just want to take a look at it. I'm opening it up now mostly to make it easier for me to do test deployments outside of Facebook.