Improve mailing list edit form
65a56c6ce092
Actions

Authored by epriestley <git@epriestley.com> on Jan 11 2012, 22:36.

Description

Improve mailing list edit form

Summary:

Add some captions to make it more clear what these fields mean.
Require "name", since tokenizers use it exclusively.
Limit URI to allowed protocols, since admins can currently XSS users by

entering a "javascript:" URI and then tricking the user into clicking the
mailing list name. This exploit is dumb, but technically privilege escallation.

Test Plan:

Created a new mailing list.
Edited a mailing list.
Tested URI: valid, invalid, omitted.
Tested name: valid, omitted.

Reviewers: btrahan, jungejason, davidreuss

Reviewed By: btrahan

CC: aran, btrahan

Differential Revision: https://secure.phabricator.com/D1365

Details

Committed

epriestley <git@epriestley.com>

Jan 12 2012, 00:48

Pushed

aubort

Jan 31 2017, 17:16

Parents

rPHb8ab23d8c594: Merge pull request #87 from kdeggelman/master

Branches

Unknown

Tags

Unknown

Event Timeline

epriestley <git@epriestley.com> committed rPH65a56c6ce092: Improve mailing list edit form (authored by epriestley <git@epriestley.com>).Jan 12 2012, 00:48

Changes (2)

				Path
	M			src/applications/metamta/controller/mailinglistedit/PhabricatorMetaMTAMailingListEditController.php
	M			src/applications/metamta/controller/mailinglistedit/__init__.php

rPH65a56c6ce092

View Options

src/applications/metamta/controller/mailinglistedit/PhabricatorMetaMTAMailingListEditController.php