Paths

Table of Contentst

Don't prefill "add email address" from GET
ClosedPublic
Actions

Authored by epriestley on Mar 8 2014, 8:35 PM.

Tags

None

Referenced Files

	F15522881: D8458.id20063.diff
	Sun, Apr 20, 10:03 PM

	F15456675: D8458.diff
	Sun, Mar 30, 11:17 AM

	F15440260: D8458.id.diff
	Mar 26 2025, 11:44 AM

	F15426936: D8458.id20063.diff
	Mar 23 2025, 11:44 AM

	F15410798: D8458.diff
	Mar 19 2025, 8:26 AM

	F15405563: D8458.id20105.diff
	Mar 18 2025, 11:38 AM

	F15381967: D8458.id20063.diff
	Mar 14 2025, 10:08 AM

	Unknown Object (File)
	Feb 21 2025, 12:24 PM

View All Files

Subscribers

aran

Details

Reviewers

btrahan

Commits

Restricted Diffusion Commit
rP761b66228371: Don't prefill "add email address" from GET

Summary

Via HackerOne. I don't think this is a security vulnerability, but it is inconsistent. There's no reason to prefill this, and I think the code was just lazy.

Test Plan

Hit this page with ?email=xyz in a GET request, no more prefill.
Looped the page with bad addresses, appropriate prefill.
Added an address.

Diff Detail

Repository

rP Phabricator

Branch

noprefill

Lint

Lint Passed

Unit

No Test Coverage

Event Timeline

btrahan accepted this revision.Mar 10 2014, 4:58 PM

btrahan edited edge metadata.

This revision is now accepted and ready to land.Mar 10 2014, 4:58 PM

Closed by commit rP761b66228371 (authored by @epriestley).

Revision Contents
Changeset List

Path

Size

src/

applications/

settings/

panel/

PhabricatorSettingsPanelEmailAddresses.php

5 lines

Diff 20063

View Options

src/applications/settings/panel/PhabricatorSettingsPanelEmailAddresses.php

Don't prefill "add email address" from GETClosedPublicActions