| commit | 31a7758d04ff4fee9c4451f5864e2e66c6256624 | |
| author | Kyle J. McKay <mackyle@gmail.com> | |
| Mon, 15 Feb 2021 10:05:04 +0000 (15 03:05 -0700) | ||
| committer | Kyle J. McKay <mackyle@gmail.com> | |
| Mon, 15 Feb 2021 10:05:04 +0000 (15 03:05 -0700) | ||
| tree | e639e64652a68ae1b73ec8060267827f01ad489f | treesnapshot (tar.gz zip) |
| parent | 265c836b36d4d7b3eccee90f18ce40d773fd47ae | commitdiff |
editproj.cgi: implement protected edit fields
Some fields on the editproj page may contain sensitive information.
Up until now, all project fields have always been displayed when
the edit project link is selected -- even those fields that are not
otherwise visible anywhere else.
The notification email addresses and JSON POST urls may be considered
sensitive information that should not just be blindly available to
anyone who clicks the "edit" link on a project page.
Solve this problem by making fields that contain sensitive information,
specifically the ones in the $Girocco::Config::protect_fields hash,
not visible or editable until the project's admin password has been
entered.
At the same time, enforce an editing time limit, specifically the
$Girocco::Config::project_edit_timeout value, when editing so that
very stale pages cannot just be submitted even if they contain the
correct password.
Currently the list of users allowed to push is *NOT* considered a
sensitive field. That may need to be revisited at some point.
Signed-off-by: Kyle J. McKay <mackyle@gmail.com>
Some fields on the editproj page may contain sensitive information.
Up until now, all project fields have always been displayed when
the edit project link is selected -- even those fields that are not
otherwise visible anywhere else.
The notification email addresses and JSON POST urls may be considered
sensitive information that should not just be blindly available to
anyone who clicks the "edit" link on a project page.
Solve this problem by making fields that contain sensitive information,
specifically the ones in the $Girocco::Config::protect_fields hash,
not visible or editable until the project's admin password has been
entered.
At the same time, enforce an editing time limit, specifically the
$Girocco::Config::project_edit_timeout value, when editing so that
very stale pages cannot just be submitted even if they contain the
correct password.
Currently the list of users allowed to push is *NOT* considered a
sensitive field. That may need to be revisited at some point.
Signed-off-by: Kyle J. McKay <mackyle@gmail.com>
| cgi/editproj.cgi | diffblobblamehistory |