Page MenuHomePhabricator
Differential D8458

Don't prefill "add email address" from GET
ClosedPublic
Actions

Authored by epriestley on Mar 8 2014, 8:35 PM.
Tags
None
Referenced Files
F14356608: D8458.diff
Thu, Dec 19, 10:42 PM
Unknown Object (File)
Mon, Dec 9, 9:43 AM
Unknown Object (File)
Sun, Dec 8, 1:07 PM
Unknown Object (File)
Wed, Dec 4, 7:50 AM
Unknown Object (File)
Wed, Nov 27, 5:09 PM
Unknown Object (File)
Mon, Nov 25, 2:38 PM
Unknown Object (File)
Fri, Nov 22, 6:26 PM
Unknown Object (File)
Nov 10 2024, 1:06 AM
View All Files
Subscribers
aran

Details

Reviewers
btrahan
Commits
Restricted Diffusion Commit
rP761b66228371: Don't prefill "add email address" from GET
Summary

Via HackerOne. I don't think this is a security vulnerability, but it is inconsistent. There's no reason to prefill this, and I think the code was just lazy.

Test Plan
  • Hit this page with ?email=xyz in a GET request, no more prefill.
  • Looped the page with bad addresses, appropriate prefill.
  • Added an address.

Diff Detail

Repository
rP Phabricator
Branch
noprefill
Lint
Lint Passed
Unit
No Test Coverage

Event Timeline

btrahan accepted this revision.Mar 10 2014, 4:58 PM
btrahan edited edge metadata.
This revision is now accepted and ready to land.Mar 10 2014, 4:58 PM
epriestley closed this revision.Mar 10 2014, 11:21 PM
epriestley updated this revision to Diff 20105.

Closed by commit rP761b66228371 (authored by @epriestley).

Revision Contents
Changeset List

PathSize
src/
applications/
settings/
panel/
5 lines

Diff 20063

View Options

src/applications/settings/panel/PhabricatorSettingsPanelEmailAddresses.php

Loading...
Phabricator · Built by Phacility