archive/phabricator
1
0
Fork 0
Code Issues 1 Pull Requests Packages Projects Releases Wiki Activity
12,834 Commits 6 Branches 0 Tags
fc950140b4c1cec0538573f4fc832d514347566c
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
epriestley fc950140b4 Blanket reject request which may have been poisoned by a "Proxy" header to mitigate the httpoxy vulnerability 
Summary:
See accompanying discussion in T11359.

As far as I can tell we aren't vulnerable, but subprocesses could be (now, or in the future). Reject any request which may have a `Proxy:` header.

This will also do a false-positive reject if `HTTP_PROXY` is defined in the environment, but this is likely a misconfiguration (cURL does not read it). I'll provide guidance on this.

Test Plan:
  - Made requests using `curl -H Proxy:...`, got rejected.
  - Made normal requests, got normal pages.

Reviewers: chad, avivey

Reviewed By: avivey

Differential Revision: https://secure.phabricator.com/D16318
2016-07-21 20:18:06 -07:00
bin
Provide bin/nuance import and ngram indexes for sources
2016-03-08 10:30:24 -08:00
conf
Support "ssl.chain" in Aphlict configuration
2016-04-14 10:41:21 -07:00
externals
Improve Amazon SES code error handling behavior
2016-04-05 17:28:45 -07:00
resources
Make Calendar day view a little more consistent
2016-07-15 14:24:29 -07:00
scripts
Provide basic support for Subversion revprops
2016-06-24 13:43:32 -07:00
src
bin/storage shell: force TCP
2016-07-21 23:42:27 +00:00
support
Blanket reject request which may have been poisoned by a "Proxy" header to mitigate the httpoxy vulnerability
2016-07-21 20:18:06 -07:00
webroot
Make Calendar day view a little more consistent
2016-07-15 14:24:29 -07:00
.arcconfig
Use the configuration driven unit test engine
2015-08-11 07:57:11 +10:00
.arclint
Begin adding test coverage to GitHub Events API parsers
2016-03-09 09:30:07 -08:00
.arcunit
Use the configuration driven unit test engine
2015-08-11 07:57:11 +10:00
.editorconfig
Fix text lint issues
2015-02-12 07:00:13 +11:00
.gitignore
Make i18n string extraction faster and more flexible
2016-07-04 10:23:30 -07:00
LICENSE
Fix text lint issues
2015-02-12 07:00:13 +11:00
NOTICE
Update Phabricator NOTICE file to reflect modern legal circumstances
2014-06-25 13:42:13 -07:00
README.md
Remove push to IRC from "readme.md" too
2015-10-24 18:39:16 -07:00

README.md

Phabricator is a collection of web applications which help software companies build better software.

Phabricator includes applications for:

  • reviewing and auditing source code;
  • hosting and browsing repositories;
  • tracking bugs;
  • managing projects;
  • conversing with team members;
  • assembling a party to venture forth;
  • writing stuff down and reading it later;
  • hiding stuff from coworkers; and
  • also some other things.

You can learn more about the project (and find links to documentation and resources) at Phabricator.org

Phabricator is developed and maintained by Phacility.

SUPPORT RESOURCES

For resources on filing bugs, requesting features, reporting security issues, and getting other kinds of support, see Support Resources.

NO PULL REQUESTS!

We do not accept pull requests through GitHub. If you would like to contribute code, please read our Contributor's Guide.

LICENSE

Phabricator is released under the Apache 2.0 license except as otherwise noted.

Description
Phabricator
Readme 105 MiB
Languages
PHP 93.4%
JavaScript 4.1%
CSS 2.4%