Page MenuHomePhabricator
Differential D8458

Don't prefill "add email address" from GET
ClosedPublic
Actions

Authored by epriestley on Mar 8 2014, 8:35 PM.
Tags
None
Referenced Files
Unknown Object (File)
Wed, Sep 11, 8:29 PM
Unknown Object (File)
Fri, Aug 30, 4:29 PM
Unknown Object (File)
Mon, Aug 26, 8:09 AM
Unknown Object (File)
Sat, Aug 24, 6:09 PM
Unknown Object (File)
Aug 18 2024, 7:16 PM
Unknown Object (File)
Aug 13 2024, 10:34 AM
Unknown Object (File)
Jul 27 2024, 8:27 PM
Unknown Object (File)
Jul 12 2024, 4:24 AM
View All Files
Subscribers
aran

Details

Reviewers
btrahan
Commits
Restricted Diffusion Commit
rP761b66228371: Don't prefill "add email address" from GET
Summary

Via HackerOne. I don't think this is a security vulnerability, but it is inconsistent. There's no reason to prefill this, and I think the code was just lazy.

Test Plan
  • Hit this page with ?email=xyz in a GET request, no more prefill.
  • Looped the page with bad addresses, appropriate prefill.
  • Added an address.

Diff Detail

Repository
rP Phabricator
Branch
noprefill
Lint
Lint Passed
Unit
No Test Coverage

Event Timeline

btrahan accepted this revision.Mar 10 2014, 4:58 PM
btrahan edited edge metadata.
This revision is now accepted and ready to land.Mar 10 2014, 4:58 PM
epriestley closed this revision.Mar 10 2014, 11:21 PM
epriestley updated this revision to Diff 20105.

Closed by commit rP761b66228371 (authored by @epriestley).

Revision Contents
Changeset List

PathSize
src/
applications/
settings/
panel/
5 lines

Diff 20063

View Options

src/applications/settings/panel/PhabricatorSettingsPanelEmailAddresses.php

Loading...
Phabricator · Built by Phacility