Page MenuHomePhabricator

Don't prefill "add email address" from GET
ClosedPublic

Authored by epriestley on Mar 8 2014, 8:35 PM.
Tags
None
Referenced Files
F14410914: D8458.id20063.diff
Tue, Dec 24, 8:22 AM
Unknown Object (File)
Thu, Dec 19, 10:42 PM
Unknown Object (File)
Mon, Dec 9, 9:43 AM
Unknown Object (File)
Sun, Dec 8, 1:07 PM
Unknown Object (File)
Wed, Dec 4, 7:50 AM
Unknown Object (File)
Wed, Nov 27, 5:09 PM
Unknown Object (File)
Mon, Nov 25, 2:38 PM
Unknown Object (File)
Nov 22 2024, 6:26 PM
Subscribers

Details

Reviewers
btrahan
Commits
Restricted Diffusion Commit
rP761b66228371: Don't prefill "add email address" from GET
Summary

Via HackerOne. I don't think this is a security vulnerability, but it is inconsistent. There's no reason to prefill this, and I think the code was just lazy.

Test Plan
  • Hit this page with ?email=xyz in a GET request, no more prefill.
  • Looped the page with bad addresses, appropriate prefill.
  • Added an address.

Diff Detail

Repository
rP Phabricator
Branch
noprefill
Lint
Lint Passed
Unit
No Test Coverage

Event Timeline

btrahan edited edge metadata.
This revision is now accepted and ready to land.Mar 10 2014, 4:58 PM
epriestley updated this revision to Diff 20105.

Closed by commit rP761b66228371 (authored by @epriestley).