Lock all reply-handler options in the upstream, plus cookie prefix
e5b402d13f76
Actions

Authored by epriestley <git@epriestley.com> on Feb 13 2015, 20:00.

Description

Lock all reply-handler options in the upstream, plus cookie prefix

Summary:
Ref T7185. These settings shouldn't be unlocked anywhere. Specifically:

reply-handler: These are on the way out.
reply-handler-domain: Also hopefully on the way out; locked because a compromised administrator account can redirect replies.
phabricator.cookie-prefix: Not dangerous per se, but an admin could have a hard time fixing this if they changed it by accident since their session would become invalid immediately.

Test Plan: Browsed Config.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T7185

Committed

epriestley <git@epriestley.com>

Feb 13 2015, 20:00

Pushed

aubort

Jan 31 2017, 17:16

Parents

rPHebebeb8f7cb7: Upgrade "masked" config to "hidden"

Branches

Unknown

Tags

Unknown

				Path
	M			src/applications/config/option/PhabricatorCoreConfigOptions.php
	M			src/applications/config/option/PhabricatorMetaMTAConfigOptions.php
	M			src/applications/differential/config/PhabricatorDifferentialConfigOptions.php
	M			src/applications/diffusion/config/PhabricatorDiffusionConfigOptions.php
	M			src/applications/macro/config/PhabricatorMacroConfigOptions.php
	M			src/applications/maniphest/config/PhabricatorManiphestConfigOptions.php
	M			src/applications/owners/config/PhabricatorOwnersConfigOptions.php
	M			src/applications/pholio/config/PhabricatorPholioConfigOptions.php