Page MenuHomePhabricator

Don't force main menu search form to use POST
AbandonedPublic

Authored by talshiri on Dec 10 2014, 3:13 AM.
Tags
None
Referenced Files
Unknown Object (File)
Thu, Dec 19, 4:50 AM
Unknown Object (File)
Fri, Dec 13, 11:48 AM
Unknown Object (File)
Mon, Dec 9, 7:00 AM
Unknown Object (File)
Tue, Nov 26, 8:58 PM
Unknown Object (File)
Fri, Nov 22, 6:10 PM
Unknown Object (File)
Nov 18 2024, 3:36 PM
Unknown Object (File)
Nov 14 2024, 8:45 PM
Unknown Object (File)
Nov 10 2024, 2:26 AM
Subscribers

Details

Reviewers
epriestley
Group Reviewers
Blessed Reviewers
Summary

This allows browsers (Chorme, Firefox) to add Phabricator as a search engine.

The CSRF token that was previously generated (as it was a POST) was not checked anyway, and I don't think this is exploitable.

Test Plan

Right clicked on Chrome, as "Add As Search Engine". Tried out the search and it worked.

Diff Detail

Repository
rP Phabricator
Branch
dont_force_search_to_post
Lint
Lint Passed
Unit
Tests Passed
Build Status
Buildable 3207
Build 3213: [Placeholder Plan] Wait for 30 Seconds

Event Timeline

talshiri retitled this revision from to Don't force main menu search form to use POST.
talshiri updated this object.
talshiri edited the test plan for this revision. (Show Details)
talshiri added a reviewer: epriestley.
epriestley edited edge metadata.

We haven't seen other interest in this so I'm not interested in bringing it upstream.

This revision now requires changes to proceed.Nov 23 2015, 4:01 PM