1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-19 03:50:54 +01:00
No description
Find a file
epriestley cedb0c045a Lock down accepted next URI values for redirect after login
Summary:
I locked this down a little bit recently, but make
double-extra-super-sure that we aren't sending the user anywhere suspicious or
open-redirecty. This also locks down protocol-relative URIs (//evil.com/path)
although I don't think any browsers do bad stuff with them in this context, and
header injection URIs (although I don't think any of the modern PHP runtimes are
vulnerable).

Test Plan:
  - Ran tests.
  - Hit redirect page with valid and invalid next URIs; was punted to / for
invalid ones and to the right place for valid ones.

Reviewers: btrahan, jungejason

Reviewed By: btrahan

CC: arice, aran, epriestley, btrahan

Differential Revision: https://secure.phabricator.com/D1369
2012-01-13 11:58:45 -08:00
bin Improve CLI script for account creation and document account/reg setup process 2011-05-12 18:44:53 -07:00
conf Prevent login brute forcing with captchas 2012-01-12 15:22:05 -08:00
externals Include added reviewers and ccs in preview 2012-01-04 17:08:13 -08:00
resources Add an example notification handler to the IRC bot 2012-01-06 15:09:55 -08:00
scripts Adding an "ssh" client for conduit 2012-01-13 11:54:13 -08:00
src Lock down accepted next URI values for redirect after login 2012-01-13 11:58:45 -08:00
support/aphlict Aphlict, simple notification server 2011-05-17 10:32:41 -07:00
webroot Add instructions about how to support localhost 2012-01-11 18:09:14 -08:00
.arcconfig Add a custom lint name hook to Phabricator 2011-08-31 13:49:30 -07:00
.divinerconfig Some documentation updates. 2011-09-14 08:02:31 -07:00
.gitignore Key Value Store for ManiphestTask 2011-07-25 19:11:55 -07:00
.gitmodules Just change the location. 2011-05-28 15:14:54 -07:00
README Add a roadmap document and update the README. 2011-06-29 09:38:03 -07:00

Phabricator is a open source collection of web applications which make it easier
to write, review, and share source code. Phabricator was developed at Facebook.

This is an early release. It's pretty high-quality and usable, but under
active development so things may change quickly.

You can learn more about the project and find links to documentation and
resources at: http://phabricator.org/

LICENSE

Phabricator is released under the Apache 2.0 license except as otherwise noted.
http://www.apache.org/licenses/LICENSE-2.0