archive/phabricator
1
0
Fork 0
Code Issues 1 Pull Requests Packages Projects Releases Wiki Activity
Files
e5b402d13f76fcc66922357919e9421cf1e76cc2
phabricator/src/applications
History
epriestley e5b402d13f Lock all reply-handler options in the upstream, plus cookie prefix 
Summary:
Ref T7185. These settings shouldn't be unlocked anywhere. Specifically:

  - `reply-handler`: These are on the way out.
  - `reply-handler-domain`: Also hopefully on the way out; locked because a compromised administrator account can redirect replies.
  - `phabricator.cookie-prefix`: Not dangerous per se, but an admin could have a hard time fixing this if they changed it by accident since their session would become invalid immediately.

Test Plan: Browsed Config.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T7185

Differential Revision: https://secure.phabricator.com/D11764
2015-02-13 11:00:09 -08:00
..
almanac
Fix pht method calls
2015-02-10 18:57:45 +11:00
aphlict/management
Fix visibility of PhutilArgumentWorkflow::didConstruct methods
2015-01-16 07:42:07 +11:00
arcanist/conduit
Fix a method call in arcanist.projectinfo
2015-02-02 14:38:40 -08:00
audit
MetaMTA - update documentation and make config a tad easier
2015-02-12 11:05:39 -08:00
auth
Legalpad - allow for legalpad documents to be required to be signed for using Phabricator
2015-02-12 15:22:56 -08:00
base
Legalpad - allow for legalpad documents to be required to be signed for using Phabricator
2015-02-12 15:22:56 -08:00
cache
Fix visiblity of LiskDAO::getConfiguration()
2015-01-14 06:54:13 +11:00
calendar
Policy - filter app engines where the user can't see the application from panel editing
2015-02-04 15:47:48 -08:00
celerity
Legalpad - allow for legalpad documents to be required to be signed for using Phabricator
2015-02-12 15:22:56 -08:00
chatlog
Remove getIconName from all applications
2015-01-30 12:11:21 -08:00
conduit
Fix pht method calls
2015-02-10 18:57:45 +11:00
config
Lock all reply-handler options in the upstream, plus cookie prefix
2015-02-13 11:00:09 -08:00
conpherence
Add getGroup to ConfigOptions
2015-02-09 13:10:56 -08:00
console
Move DarkConsole to an application
2014-10-13 11:17:09 -07:00
countdown
Policy - filter app engines where the user can't see the application from panel editing
2015-02-04 15:47:48 -08:00
daemon
Make the "daemons and web have different config" warning more specific
2015-02-05 14:07:35 -08:00
dashboard
Allow Home and Dashboards to be uninstalled
2015-02-11 15:24:54 -08:00
differential
Lock all reply-handler options in the upstream, plus cookie prefix
2015-02-13 11:00:09 -08:00
diffusion
Lock all reply-handler options in the upstream, plus cookie prefix
2015-02-13 11:00:09 -08:00
diviner
Allow diviner books to be permanently destroyed
2015-02-12 06:56:22 +11:00
doorkeeper
Add getGroup to ConfigOptions
2015-02-09 13:10:56 -08:00
draft/storage
Fix visiblity of LiskDAO::getConfiguration()
2015-01-14 06:54:13 +11:00
drydock
Policy - filter app engines where the user can't see the application from panel editing
2015-02-04 15:47:48 -08:00
fact
PHUIErrorView
2015-02-01 20:14:56 -08:00
feed
Add getGroup to ConfigOptions
2015-02-09 13:10:56 -08:00
files
Pass instance through file transform URIs
2015-02-09 15:31:47 -08:00
flag
Policy - filter app engines where the user can't see the application from panel editing
2015-02-04 15:47:48 -08:00
fund
MetaMTA - update documentation and make config a tad easier
2015-02-12 11:05:39 -08:00
harbormaster
Add getGroup to ConfigOptions
2015-02-09 13:10:56 -08:00
help
Update Phabricator header to use FontAwesome
2014-12-04 13:01:23 -08:00
herald
Policy - filter app engines where the user can't see the application from panel editing
2015-02-04 15:47:48 -08:00
home
Allow Home and Dashboards to be uninstalled
2015-02-11 15:24:54 -08:00
legalpad
Legalpad - allow for legalpad documents to be required to be signed for using Phabricator
2015-02-12 15:22:56 -08:00
lipsum
Apply some autofix linter rules
2014-09-10 06:55:05 +10:00
macro
Lock all reply-handler options in the upstream, plus cookie prefix
2015-02-13 11:00:09 -08:00
mailinglists
Policy - filter app engines where the user can't see the application from panel editing
2015-02-04 15:47:48 -08:00
maniphest
Lock all reply-handler options in the upstream, plus cookie prefix
2015-02-13 11:00:09 -08:00
meta
MetaMTA - update documentation and make config a tad easier
2015-02-12 11:05:39 -08:00
metamta
MetaMTA - update documentation and make config a tad easier
2015-02-12 11:05:39 -08:00
notification
Policy - filter app engines where the user can't see the application from panel editing
2015-02-04 15:47:48 -08:00
nuance
Remove getIconName from all applications
2015-01-30 12:11:21 -08:00
oauthserver
OAuth - add concept of "trusted" clients that get auto redirects
2015-02-09 14:23:49 -08:00
owners
Lock all reply-handler options in the upstream, plus cookie prefix
2015-02-13 11:00:09 -08:00
passphrase
Policy - filter app engines where the user can't see the application from panel editing
2015-02-04 15:47:48 -08:00
paste
Add getGroup to ConfigOptions
2015-02-09 13:10:56 -08:00
people
Legalpad - allow for legalpad documents to be required to be signed for using Phabricator
2015-02-12 15:22:56 -08:00
phame
Add getGroup to ConfigOptions
2015-02-09 13:10:56 -08:00
phid
MetaMTA - add (basic) application emails and deploy to Maniphest
2015-01-19 16:07:26 -08:00
phlux
Remove getIconName from all applications
2015-01-30 12:11:21 -08:00
pholio
Lock all reply-handler options in the upstream, plus cookie prefix
2015-02-13 11:00:09 -08:00
phortune
MetaMTA - update documentation and make config a tad easier
2015-02-12 11:05:39 -08:00
phpast
Use PhutilXHPASTBinary methods
2015-02-03 06:59:16 +11:00
phragment
PHUIErrorView
2015-02-01 20:14:56 -08:00
phrequent
Add getGroup to ConfigOptions
2015-02-09 13:10:56 -08:00
phriction
MetaMTA - update documentation and make config a tad easier
2015-02-12 11:05:39 -08:00
policy
Reject objects with invalid policies instead of fataling
2015-02-10 06:16:42 -08:00
ponder
Policy - filter app engines where the user can't see the application from panel editing
2015-02-04 15:47:48 -08:00
project
Projects - smooth out scenarios around renaming a project and slugs
2015-02-09 15:48:17 -08:00
releeph
Add getGroup to ConfigOptions
2015-02-09 13:10:56 -08:00
remarkup/conduit
Rename Conduit classes
2014-07-25 10:54:15 +10:00
repository
Remove direct calls to LowLevelCommitQuery
2015-02-10 15:58:51 -08:00
search
Dashboards - introduce ability to optionally allow SearchEngines to be used as dashboard panels
2015-02-11 13:43:59 -08:00
settings
Update Phabricator to work with more modular translations
2015-02-11 13:02:35 -08:00
slowvote
Policy - filter app engines where the user can't see the application from panel editing
2015-02-04 15:47:48 -08:00
subscriptions
Modernize remaining edge types
2015-01-03 10:58:20 +11:00
support/application
Implement the getName method in PhabricatorApplication subclasses
2014-07-23 23:52:50 +10:00
system
Fix visibility of PhutilArgumentWorkflow::didConstruct methods
2015-01-16 07:42:07 +11:00
tokens
Remove getIconName from all applications
2015-01-30 12:11:21 -08:00
transactions
Policy - add an explanation for automatic capabilities for transactions and transaction comments
2015-02-02 14:41:50 -08:00
typeahead
Projects - tokenize [ProjectX] so "projectX" is a match
2015-01-09 14:09:13 -08:00
uiexample
Add bigtext option to PHUIActionPanelView
2015-02-09 07:27:54 -08:00
xhprof
Remove getIconName from all applications
2015-01-30 12:11:21 -08:00