@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.)
hq.recaptime.dev/wiki/Phorge
phorge
phabricator
Use HTTPS, not HTTP, in install scripts
Summary:
Via HackerOne. A researcher correctly reports that our install scripts use `HTTP`, not `HTTPS`, to fetch resources and execute them as `root`, which is a potentially significant vulnerability.
Instead, use `HTTPS`.
Test Plan: Verified that these URIs function correctly over `HTTPS`.
Reviewers: chad
Reviewed By: chad
Differential Revision: https://secure.phabricator.com/D16958
+2
-2
+2
-2
scripts/install/install_rhel-derivs.sh
+2
-2
scripts/install/install_rhel-derivs.sh
···
67
67
if [ $? -ne 0 ]; then
68
68
echo "It doesn't look like you have the EPEL repo enabled. We are to add it"
69
69
echo "for you, so that we can install git."
70
-
$SUDO rpm -Uvh http://download.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm
70
+
$SUDO rpm -Uvh https://download.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm
71
71
fi
72
72
YUMCOMMAND="$SUDO yum install httpd git php53 php53-cli php53-mysql php53-process php53-devel php53-gd gcc wget make pcre-devel mysql-server"
73
73
else
···
92
92
# Now that we've ensured all the devel packages required for pecl/apc are there, let's
93
93
# set up PEAR, and install apc.
94
94
echo "Attempting to install PEAR"
95
-
wget http://pear.php.net/go-pear.phar
95
+
wget https://pear.php.net/go-pear.phar
96
96
$SUDO php go-pear.phar && $SUDO pecl install apc
97
97
fi
98
98