1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-28 09:42:41 +01:00
phorge-phorge/src/applications/phortune
epriestley 7145587df7 Lock down some config options
Summary:
This is just a general review of config options, to reduce the amount of damage a rogue administrator (without host access) can do. In particular:

  - Fix some typos.
  - Lock down some options which would potentially let a rogue administrator do something sketchy.
    - Most of the new locks relate to having them register a new service account, then redirect services to their account. This potentially allows them to read email.
    - Lock down some general disk stuff, which could be troublesome in combination with other vulnerabilities.

Test Plan:
  - Read through config options.
  - Tried to think about how to do evil things with each one.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D8928
2014-05-01 10:23:49 -07:00
..
application Add initial cut of PayPal and pay-once-at-checkout providers to Phortune 2013-05-06 11:44:24 -07:00
constants General cleanup for adding payment methods in Phortune 2013-04-25 09:49:32 -07:00
control Convert AphrontFormControl to safe HTML 2013-02-05 15:52:46 -08:00
controller Provide convenience method addTextCrumb() to PhabricatorCrumbsView 2013-12-18 17:47:34 -08:00
currency Added some additional assertion methods. 2014-03-08 19:16:21 -08:00
editor Phortune v0.1: products 2013-03-28 09:13:07 -07:00
exception Implement Balanced Payments as a PhortunePaymentProvider 2013-04-25 09:48:04 -07:00
option Lock down some config options 2014-05-01 10:23:49 -07:00
provider Added some additional assertion methods. 2014-03-08 19:16:21 -08:00
query Lock policy queries to their applications 2013-10-21 17:20:27 -07:00
storage Fix Phortune so it allows users to create their accounts implicitly 2013-12-12 11:19:03 +11:00
view General cleanup for adding payment methods in Phortune 2013-04-25 09:49:32 -07:00