I can do that since I was just fiddling around in there.

Yeah -- I lean toward thinking that we probably should make bin/auth lock also lock the guidance messages too.

Yeah -- I lean toward thinking that we probably should make bin/auth lock also lock the guidance messages too. This class of attack feels like a bit of a stretch since no one reads instructions anyway, but letting an attacker replace the login screen with This page has moved temporarily, click [[ here ]] to go to the new login page. and then 9,000 newlines to push all the actual login controls off the page is at least sort of plausible-attack-flavored.

Are we worried about attackers changing the guidance to something like "To prove that your Phabricator account is in use, please email the following link to bob.hackerman@gmail.com and don't read the rest of this email"?

It may be useful to provide helper methods to support normalizing these actor types (e.g., email addresses should be case-insensitive).

• Correct "messags".

Yeah, this is still in a transitional state, it's just been stalled for a bit (not blocked by anything, just other stuff has been getting attention). The two major issues I'm aware of right now are:

Not sure where to report this, but since a recent upgrade at Wikimedia, the new version of the Burnup Graph (now Reports: Burndown), has a tendency to go below zero. I'm aware the old version had inaccuracies so perhaps it was happening before as well but hidden (e.g. artificially replaced with zero or something like that).

Another general note is that we also require users go through this flow if they're setting a password for the first time on an account which does not already have a password. For example, this workflow will set up the "set your own password" flow:

That wasn't as nearly as bad as I thought.

..database names are a pain to change..

(Also, "Pastebin" is the name of a product/company and our database name really shouldn't be pastebin, it just is since it was a contributed patch a million years ago and database names are a pain to change. This is basically like having a database named phabricator_yelp or whatever, though.)

I'm a little uneasy about indexing the actual content, since I worry this will lead to a tragic event like "we learn that many installs routinely send 1GB logfiles consisting mostly of /dev/urandom output into Paste".

Rough intentions here:

Trying to preserve markup format in the output is likely a road to mental ruin (Hyperlinking, referencing, bolding, formatting in who knows what export formats). PhabricatorStringExportField should be sufficient.

Potentially don't allow the "Send a login link to your email address" action at all if the corresponding Phab account is already only linked to external accounts for authentication and the installation does not use passwords? But I might lack technical understanding here.

We also need --enable-zip to get the zip extension, to get the ZipArchive class, so "Export to Excel" works. See upcoming change on T13342.

This seems very likely to always work properly when we expect it to.

This is super old and doesn't have any apparent reproduction instructions.