phorge-phorge/src/applications/search/storage/PhabricatorSearchQuery.php

<?php

/**
 * @group search
 */
final class PhabricatorSearchQuery extends PhabricatorSearchDAO {

  protected $query;
  protected $parameters = array();
  protected $queryKey;

  public function getConfiguration() {
    return array(
      self::CONFIG_SERIALIZATION => array(
        'parameters' => self::SERIALIZATION_JSON,
      ),
    ) + parent::getConfiguration();
  }

  public function setParameter($parameter, $value) {
    $this->parameters[$parameter] = $value;
    return $this;
  }

  public function getParameter($parameter, $default = null) {
    return idx($this->parameters, $parameter, $default);
  }

  public function save() {
    if (!$this->getQueryKey()) {
      $this->setQueryKey(Filesystem::readRandomCharacters(12));
    }
    return parent::save();
  }

}
Rought cut of search. Summary: Botched this pretty badly in git so we'll see how much I broke. :/ Test Plan: Reviewers: CC: 2011-02-15 00:34:20 +01:00			`<?php`

Some documentation updates. 2011-09-14 17:02:31 +02:00			`/**`
			`* @group search`
			`*/`
Use a unique random key to identify queries, not a sequential ID Summary: We save search information and then redirect to a "/search/<query_id>/" URI in order to make search URIs short and bookmarkable, and save query data for analysis/improvement of search results. Currently, there's a vague object enumeration security issue with using sequential IDs to identify searches, where non-admins can see searches other users have performed. This isn't really too concerning but we lose nothing by using random keys from a large ID space instead. - Drop 'authorPHID', which was unused anyway, so searches can not be personally identified, even by admins. - Identify searches by random hash keys, not sequential IDs. - Map old queries' keys to their IDs so we don't break any existing bookmarked URIs. Test Plan: Ran several searches, got redirected to URIs with random hashes from a large ID space rather than sequential integers. Reviewers: arice, btrahan Reviewed By: arice CC: aran, epriestley Differential Revision: https://secure.phabricator.com/D1587 2012-02-07 23:58:46 +01:00			`final class PhabricatorSearchQuery extends PhabricatorSearchDAO {`
Rought cut of search. Summary: Botched this pretty badly in git so we'll see how much I broke. :/ Test Plan: Reviewers: CC: 2011-02-15 00:34:20 +01:00
			`protected $query;`
			`protected $parameters = array();`
Use a unique random key to identify queries, not a sequential ID Summary: We save search information and then redirect to a "/search/<query_id>/" URI in order to make search URIs short and bookmarkable, and save query data for analysis/improvement of search results. Currently, there's a vague object enumeration security issue with using sequential IDs to identify searches, where non-admins can see searches other users have performed. This isn't really too concerning but we lose nothing by using random keys from a large ID space instead. - Drop 'authorPHID', which was unused anyway, so searches can not be personally identified, even by admins. - Identify searches by random hash keys, not sequential IDs. - Map old queries' keys to their IDs so we don't break any existing bookmarked URIs. Test Plan: Ran several searches, got redirected to URIs with random hashes from a large ID space rather than sequential integers. Reviewers: arice, btrahan Reviewed By: arice CC: aran, epriestley Differential Revision: https://secure.phabricator.com/D1587 2012-02-07 23:58:46 +01:00			`protected $queryKey;`
Rought cut of search. Summary: Botched this pretty badly in git so we'll see how much I broke. :/ Test Plan: Reviewers: CC: 2011-02-15 00:34:20 +01:00
			`public function getConfiguration() {`
			`return array(`
			`self::CONFIG_SERIALIZATION => array(`
			`'parameters' => self::SERIALIZATION_JSON,`
			`),`
			`) + parent::getConfiguration();`
			`}`

			`public function setParameter($parameter, $value) {`
			`$this->parameters[$parameter] = $value;`
			`return $this;`
			`}`

			`public function getParameter($parameter, $default = null) {`
			`return idx($this->parameters, $parameter, $default);`
			`}`

Use a unique random key to identify queries, not a sequential ID Summary: We save search information and then redirect to a "/search/<query_id>/" URI in order to make search URIs short and bookmarkable, and save query data for analysis/improvement of search results. Currently, there's a vague object enumeration security issue with using sequential IDs to identify searches, where non-admins can see searches other users have performed. This isn't really too concerning but we lose nothing by using random keys from a large ID space instead. - Drop 'authorPHID', which was unused anyway, so searches can not be personally identified, even by admins. - Identify searches by random hash keys, not sequential IDs. - Map old queries' keys to their IDs so we don't break any existing bookmarked URIs. Test Plan: Ran several searches, got redirected to URIs with random hashes from a large ID space rather than sequential integers. Reviewers: arice, btrahan Reviewed By: arice CC: aran, epriestley Differential Revision: https://secure.phabricator.com/D1587 2012-02-07 23:58:46 +01:00			`public function save() {`
			`if (!$this->getQueryKey()) {`
			`$this->setQueryKey(Filesystem::readRandomCharacters(12));`
			`}`
			`return parent::save();`
			`}`

Rought cut of search. Summary: Botched this pretty badly in git so we'll see how much I broke. :/ Test Plan: Reviewers: CC: 2011-02-15 00:34:20 +01:00			`}`