mirror of
https://we.phorge.it/source/phorge.git
synced 2024-12-30 01:10:58 +01:00
No description
9dd0eca335
Summary: Ref T6817. Ref T5726. These both bypass policy checks, and would allow an attacker who gains control of an administrative account to enable public feed, then view feed stories they could not normally see; or enable feed.http-hooks, then read the posted text. In the longer term I'd like to remove `feed.public` completely (possibly providing API alternatives, if necessary). Test Plan: Looked at options in web UI and saw them locked. Reviewers: btrahan, chad Reviewed By: chad Subscribers: epriestley Maniphest Tasks: T6817, T5726 Differential Revision: https://secure.phabricator.com/D11046 |
||
|---|---|---|
| bin | ||
| conf | ||
| externals | ||
| resources | ||
| scripts | ||
| src | ||
| support | ||
| webroot | ||
| .arcconfig | ||
| .arclint | ||
| .editorconfig | ||
| .gitignore | ||
| LICENSE | ||
| NOTICE | ||
| README | ||
Phabricator is an open source collection of web applications which help software companies build better software. Phabricator includes applications for: - reviewing and auditing source code; - hosting and browsing repositories; - assembling a party to venture forth; - tracking bugs; - hiding stuff from coworkers; and - also some other things. You can learn more about the project (and find links to documentation and resources) [[http://phabricator.org/ | here]]. Phabricator is developed and maintained by [[http://phacility.com/ | Phacility]]. The first version of Phabricator was originally built at Facebook. = LICENSE = Phabricator is released under the Apache 2.0 license except as otherwise noted.