1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-23 05:50:55 +01:00
No description
Find a file
epriestley 944b257d5d Fix a policy issue where permissions were not properly checked when disabling global builtin queries
Summary: See <https://hackerone.com/reports/1573143>. The pathway for disabling global builtin queries is missing a policy check. Add it.

Test Plan:
  - Accessed the "/search/delete/id/.../" URI for a global builtin query as a non-administrator.
  - Before patch: could improperly disable queries.
   -After patch: proper policy exception.

Differential Revision: https://secure.phabricator.com/D21851
2022-05-31 11:00:53 -07:00
bin Remove the "ssh-auth-key" script 2019-10-28 17:52:37 -07:00
conf Remove an old digest in Celerity code and some obsolete configuration options 2019-01-04 13:43:38 -08:00
externals Remove the "Phragment" application 2022-04-25 16:46:27 -07:00
resources Update Slowvote poll status to use sensible string constants 2022-05-27 10:15:01 -07:00
scripts Remove product literal strings in "pht()", part 11 2022-04-25 16:46:24 -07:00
src Fix a policy issue where permissions were not properly checked when disabling global builtin queries 2022-05-31 11:00:53 -07:00
support Suppress PHP 8 deprecation warning in startup 2021-07-20 21:07:33 -04:00
webroot Provide a simple "Attach File" explicit workflow for files referenced but not attached 2022-05-24 09:49:59 -07:00
.arcconfig Set "history.immutable" to "false" explicitly in .arcconfig 2016-08-03 08:12:49 -07:00
.arclint Fix a PHP 8.1 strlen() issue with "mysql.pass" configuration 2021-12-16 15:24:21 -08:00
.arcunit Use the configuration driven unit test engine 2015-08-11 07:57:11 +10:00
.editorconfig Fix text lint issues 2015-02-12 07:00:13 +11:00
.gitignore Make i18n string extraction faster and more flexible 2016-07-04 10:23:30 -07:00
LICENSE Fix text lint issues 2015-02-12 07:00:13 +11:00
NOTICE Remove some "Phacility" and "epriestley" references 2021-07-08 10:46:17 -07:00
README.md Document Phabricator as no longer actively maintained 2021-05-29 13:58:22 -07:00

Effective June 1, 2021: Phabricator is no longer actively maintained.

Phabricator is a collection of web applications for software development.

LICENSE

Phabricator is released under the Apache 2.0 license except as otherwise noted.