2011-05-03 19:45:45 +02:00
|
|
|
<?php
|
|
|
|
|
2014-07-25 00:20:39 +02:00
|
|
|
final class PhabricatorMacroEditController extends PhabricatorMacroController {
|
2011-05-03 19:45:45 +02:00
|
|
|
|
2015-07-27 18:04:08 +02:00
|
|
|
public function handleRequest(AphrontRequest $request) {
|
|
|
|
$viewer = $request->getViewer();
|
|
|
|
$id = $request->getURIData('id');
|
2011-05-03 19:45:45 +02:00
|
|
|
|
2013-10-16 19:35:52 +02:00
|
|
|
$this->requireApplicationCapability(
|
2014-07-25 00:20:39 +02:00
|
|
|
PhabricatorMacroManageCapability::CAPABILITY);
|
2013-10-16 19:35:52 +02:00
|
|
|
|
2015-07-27 18:04:08 +02:00
|
|
|
if ($id) {
|
2013-03-22 21:07:20 +01:00
|
|
|
$macro = id(new PhabricatorMacroQuery())
|
2015-07-27 18:04:08 +02:00
|
|
|
->setViewer($viewer)
|
|
|
|
->withIDs(array($id))
|
Reduce the cost of loading large numbers of macros
Summary:
Ref T6013. I accidentally made this cost explosviely huge when fixing macros for logged out users in D10411.
Specifically, we'd load all the macros, which would load all the files, which would load all the macros (to do policy checks), which would fill out of cache I think (but maybe only some of the time?). Anyway, bad news.
Instead, only load the files if we need them.
Test Plan: Viewed macro main page, macro detail, used a macro, used a meme, edited a macro, edited audio.
Reviewers: btrahan, csilvers
Reviewed By: csilvers
Subscribers: epriestley, spicyj
Maniphest Tasks: T6013
Differential Revision: https://secure.phabricator.com/D10428
2014-09-06 02:30:26 +02:00
|
|
|
->needFiles(true)
|
2013-03-22 21:07:20 +01:00
|
|
|
->executeOne();
|
2011-05-03 19:45:45 +02:00
|
|
|
if (!$macro) {
|
|
|
|
return new Aphront404Response();
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
$macro = new PhabricatorFileImageMacro();
|
2015-07-27 18:04:08 +02:00
|
|
|
$macro->setAuthorPHID($viewer->getPHID());
|
2011-05-03 19:45:45 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
$errors = array();
|
|
|
|
$e_name = true;
|
2013-05-30 00:05:44 +02:00
|
|
|
$e_file = null;
|
2012-10-05 03:43:49 +02:00
|
|
|
$file = null;
|
2011-05-03 19:45:45 +02:00
|
|
|
|
|
|
|
if ($request->isFormPost()) {
|
Modernize Macro application
Summary: Adds feed, email, notifications, comments, partial editing, subscriptions, enable/disable, flags and crumbs to Macro.
Test Plan:
{F26839}
{F26840}
{F26841}
{F26842}
{F26843}
{F26844}
{F26845}
Reviewers: vrana, btrahan, chad
Reviewed By: vrana
CC: aran
Maniphest Tasks: T2157, T175, T2104
Differential Revision: https://secure.phabricator.com/D4141
2012-12-11 23:01:03 +01:00
|
|
|
$original = clone $macro;
|
|
|
|
|
|
|
|
$new_name = null;
|
|
|
|
if ($request->getBool('name_form') || !$macro->getID()) {
|
|
|
|
$new_name = $request->getStr('name');
|
|
|
|
|
|
|
|
$macro->setName($new_name);
|
|
|
|
|
|
|
|
if (!strlen($macro->getName())) {
|
2013-01-24 04:36:23 +01:00
|
|
|
$errors[] = pht('Macro name is required.');
|
|
|
|
$e_name = pht('Required');
|
2014-03-13 20:42:41 +01:00
|
|
|
} else if (!preg_match('/^[a-z0-9:_-]{3,}\z/', $macro->getName())) {
|
2013-01-29 23:22:36 +01:00
|
|
|
$errors[] = pht(
|
|
|
|
'Macro must be at least three characters long and contain only '.
|
|
|
|
'lowercase letters, digits, hyphens, colons and underscores.');
|
2013-01-24 04:36:23 +01:00
|
|
|
$e_name = pht('Invalid');
|
Modernize Macro application
Summary: Adds feed, email, notifications, comments, partial editing, subscriptions, enable/disable, flags and crumbs to Macro.
Test Plan:
{F26839}
{F26840}
{F26841}
{F26842}
{F26843}
{F26844}
{F26845}
Reviewers: vrana, btrahan, chad
Reviewed By: vrana
CC: aran
Maniphest Tasks: T2157, T175, T2104
Differential Revision: https://secure.phabricator.com/D4141
2012-12-11 23:01:03 +01:00
|
|
|
} else {
|
|
|
|
$e_name = null;
|
|
|
|
}
|
2011-05-03 19:45:45 +02:00
|
|
|
}
|
|
|
|
|
Improve granluarity and defaults of `security.allow-outbound-http`
Summary:
Ref T6755. This is a partial fix, but:
- Allow netblocks to be blacklisted instead of making the feature all-or-nothing.
- Default to disallow requests to all reserved private/local/special IP blocks. This should generally be a "safe" setting.
- Explain the risks better.
- Improve the errors rasied by Macro when failing.
- Removed `security.allow-outbound-http`, as it is superseded by this setting and is somewhat misleading.
- We still make outbound HTTP requests to OAuth.
- We still make outbound HTTP requests for repositories.
From a technical perspective:
- Separate URIs that are safe to link to or redirect to (basically, not "javascript://") from URIs that are safe to fetch (nothing in a private block).
- Add the default blacklist.
- Be more careful with response data in Macro fetching, and don't let the user see it if it isn't ultimately valid.
Additionally:
- I want to do this check before pulling repositories, but that's enough of a mess that it should go in a separate diff.
- The future implementation of T4190 needs to perform the fetch check.
Test Plan:
- Fetched a valid macro.
- Fetched a non-image, verified it didn't result in a viewable file.
- Fetched a private-ip-space image, got an error.
- Fetched a 404, got a useful-enough error without additional revealing response content (which is usually HTML anyway and not useful).
- Fetched a bad protocol, got an error.
- Linked to a local resource, a phriction page, a valid remote site, all worked.
- Linked to private IP space, which worked fine (we want to let you link and redierect to other private services, just not fetch them).
- Added and executed unit tests.
Reviewers: btrahan
Reviewed By: btrahan
Subscribers: epriestley
Maniphest Tasks: T6755
Differential Revision: https://secure.phabricator.com/D12136
2015-03-23 18:44:03 +01:00
|
|
|
$uri = $request->getStr('url');
|
|
|
|
|
|
|
|
$engine = new PhabricatorDestructionEngine();
|
|
|
|
|
Modernize Macro application
Summary: Adds feed, email, notifications, comments, partial editing, subscriptions, enable/disable, flags and crumbs to Macro.
Test Plan:
{F26839}
{F26840}
{F26841}
{F26842}
{F26843}
{F26844}
{F26845}
Reviewers: vrana, btrahan, chad
Reviewed By: vrana
CC: aran
Maniphest Tasks: T2157, T175, T2104
Differential Revision: https://secure.phabricator.com/D4141
2012-12-11 23:01:03 +01:00
|
|
|
$file = null;
|
|
|
|
if ($request->getFileExists('file')) {
|
2011-05-03 19:45:45 +02:00
|
|
|
$file = PhabricatorFile::newFromPHPUpload(
|
Modernize Macro application
Summary: Adds feed, email, notifications, comments, partial editing, subscriptions, enable/disable, flags and crumbs to Macro.
Test Plan:
{F26839}
{F26840}
{F26841}
{F26842}
{F26843}
{F26844}
{F26845}
Reviewers: vrana, btrahan, chad
Reviewed By: vrana
CC: aran
Maniphest Tasks: T2157, T175, T2104
Differential Revision: https://secure.phabricator.com/D4141
2012-12-11 23:01:03 +01:00
|
|
|
$_FILES['file'],
|
2011-05-03 19:45:45 +02:00
|
|
|
array(
|
|
|
|
'name' => $request->getStr('name'),
|
2015-07-27 18:04:08 +02:00
|
|
|
'authorPHID' => $viewer->getPHID(),
|
2013-09-05 19:22:07 +02:00
|
|
|
'isExplicitUpload' => true,
|
2014-08-08 03:56:19 +02:00
|
|
|
'canCDN' => true,
|
2011-05-03 19:45:45 +02:00
|
|
|
));
|
Improve granluarity and defaults of `security.allow-outbound-http`
Summary:
Ref T6755. This is a partial fix, but:
- Allow netblocks to be blacklisted instead of making the feature all-or-nothing.
- Default to disallow requests to all reserved private/local/special IP blocks. This should generally be a "safe" setting.
- Explain the risks better.
- Improve the errors rasied by Macro when failing.
- Removed `security.allow-outbound-http`, as it is superseded by this setting and is somewhat misleading.
- We still make outbound HTTP requests to OAuth.
- We still make outbound HTTP requests for repositories.
From a technical perspective:
- Separate URIs that are safe to link to or redirect to (basically, not "javascript://") from URIs that are safe to fetch (nothing in a private block).
- Add the default blacklist.
- Be more careful with response data in Macro fetching, and don't let the user see it if it isn't ultimately valid.
Additionally:
- I want to do this check before pulling repositories, but that's enough of a mess that it should go in a separate diff.
- The future implementation of T4190 needs to perform the fetch check.
Test Plan:
- Fetched a valid macro.
- Fetched a non-image, verified it didn't result in a viewable file.
- Fetched a private-ip-space image, got an error.
- Fetched a 404, got a useful-enough error without additional revealing response content (which is usually HTML anyway and not useful).
- Fetched a bad protocol, got an error.
- Linked to a local resource, a phriction page, a valid remote site, all worked.
- Linked to private IP space, which worked fine (we want to let you link and redierect to other private services, just not fetch them).
- Added and executed unit tests.
Reviewers: btrahan
Reviewed By: btrahan
Subscribers: epriestley
Maniphest Tasks: T6755
Differential Revision: https://secure.phabricator.com/D12136
2015-03-23 18:44:03 +01:00
|
|
|
} else if ($uri) {
|
2013-02-21 21:43:39 +01:00
|
|
|
try {
|
2015-03-26 19:11:52 +01:00
|
|
|
// Rate limit outbound fetches to make this mechanism less useful for
|
|
|
|
// scanning networks and ports.
|
|
|
|
PhabricatorSystemActionEngine::willTakeAction(
|
2015-07-27 18:04:08 +02:00
|
|
|
array($viewer->getPHID()),
|
2015-03-26 19:11:52 +01:00
|
|
|
new PhabricatorFilesOutboundRequestAction(),
|
|
|
|
1);
|
|
|
|
|
2013-02-21 21:43:39 +01:00
|
|
|
$file = PhabricatorFile::newFromFileDownload(
|
Improve granluarity and defaults of `security.allow-outbound-http`
Summary:
Ref T6755. This is a partial fix, but:
- Allow netblocks to be blacklisted instead of making the feature all-or-nothing.
- Default to disallow requests to all reserved private/local/special IP blocks. This should generally be a "safe" setting.
- Explain the risks better.
- Improve the errors rasied by Macro when failing.
- Removed `security.allow-outbound-http`, as it is superseded by this setting and is somewhat misleading.
- We still make outbound HTTP requests to OAuth.
- We still make outbound HTTP requests for repositories.
From a technical perspective:
- Separate URIs that are safe to link to or redirect to (basically, not "javascript://") from URIs that are safe to fetch (nothing in a private block).
- Add the default blacklist.
- Be more careful with response data in Macro fetching, and don't let the user see it if it isn't ultimately valid.
Additionally:
- I want to do this check before pulling repositories, but that's enough of a mess that it should go in a separate diff.
- The future implementation of T4190 needs to perform the fetch check.
Test Plan:
- Fetched a valid macro.
- Fetched a non-image, verified it didn't result in a viewable file.
- Fetched a private-ip-space image, got an error.
- Fetched a 404, got a useful-enough error without additional revealing response content (which is usually HTML anyway and not useful).
- Fetched a bad protocol, got an error.
- Linked to a local resource, a phriction page, a valid remote site, all worked.
- Linked to private IP space, which worked fine (we want to let you link and redierect to other private services, just not fetch them).
- Added and executed unit tests.
Reviewers: btrahan
Reviewed By: btrahan
Subscribers: epriestley
Maniphest Tasks: T6755
Differential Revision: https://secure.phabricator.com/D12136
2015-03-23 18:44:03 +01:00
|
|
|
$uri,
|
2013-02-21 21:43:39 +01:00
|
|
|
array(
|
|
|
|
'name' => $request->getStr('name'),
|
Improve granluarity and defaults of `security.allow-outbound-http`
Summary:
Ref T6755. This is a partial fix, but:
- Allow netblocks to be blacklisted instead of making the feature all-or-nothing.
- Default to disallow requests to all reserved private/local/special IP blocks. This should generally be a "safe" setting.
- Explain the risks better.
- Improve the errors rasied by Macro when failing.
- Removed `security.allow-outbound-http`, as it is superseded by this setting and is somewhat misleading.
- We still make outbound HTTP requests to OAuth.
- We still make outbound HTTP requests for repositories.
From a technical perspective:
- Separate URIs that are safe to link to or redirect to (basically, not "javascript://") from URIs that are safe to fetch (nothing in a private block).
- Add the default blacklist.
- Be more careful with response data in Macro fetching, and don't let the user see it if it isn't ultimately valid.
Additionally:
- I want to do this check before pulling repositories, but that's enough of a mess that it should go in a separate diff.
- The future implementation of T4190 needs to perform the fetch check.
Test Plan:
- Fetched a valid macro.
- Fetched a non-image, verified it didn't result in a viewable file.
- Fetched a private-ip-space image, got an error.
- Fetched a 404, got a useful-enough error without additional revealing response content (which is usually HTML anyway and not useful).
- Fetched a bad protocol, got an error.
- Linked to a local resource, a phriction page, a valid remote site, all worked.
- Linked to private IP space, which worked fine (we want to let you link and redierect to other private services, just not fetch them).
- Added and executed unit tests.
Reviewers: btrahan
Reviewed By: btrahan
Subscribers: epriestley
Maniphest Tasks: T6755
Differential Revision: https://secure.phabricator.com/D12136
2015-03-23 18:44:03 +01:00
|
|
|
'viewPolicy' => PhabricatorPolicies::POLICY_NOONE,
|
2013-09-05 19:22:07 +02:00
|
|
|
'isExplicitUpload' => true,
|
2014-08-08 03:56:19 +02:00
|
|
|
'canCDN' => true,
|
2013-02-21 21:43:39 +01:00
|
|
|
));
|
Improve granluarity and defaults of `security.allow-outbound-http`
Summary:
Ref T6755. This is a partial fix, but:
- Allow netblocks to be blacklisted instead of making the feature all-or-nothing.
- Default to disallow requests to all reserved private/local/special IP blocks. This should generally be a "safe" setting.
- Explain the risks better.
- Improve the errors rasied by Macro when failing.
- Removed `security.allow-outbound-http`, as it is superseded by this setting and is somewhat misleading.
- We still make outbound HTTP requests to OAuth.
- We still make outbound HTTP requests for repositories.
From a technical perspective:
- Separate URIs that are safe to link to or redirect to (basically, not "javascript://") from URIs that are safe to fetch (nothing in a private block).
- Add the default blacklist.
- Be more careful with response data in Macro fetching, and don't let the user see it if it isn't ultimately valid.
Additionally:
- I want to do this check before pulling repositories, but that's enough of a mess that it should go in a separate diff.
- The future implementation of T4190 needs to perform the fetch check.
Test Plan:
- Fetched a valid macro.
- Fetched a non-image, verified it didn't result in a viewable file.
- Fetched a private-ip-space image, got an error.
- Fetched a 404, got a useful-enough error without additional revealing response content (which is usually HTML anyway and not useful).
- Fetched a bad protocol, got an error.
- Linked to a local resource, a phriction page, a valid remote site, all worked.
- Linked to private IP space, which worked fine (we want to let you link and redierect to other private services, just not fetch them).
- Added and executed unit tests.
Reviewers: btrahan
Reviewed By: btrahan
Subscribers: epriestley
Maniphest Tasks: T6755
Differential Revision: https://secure.phabricator.com/D12136
2015-03-23 18:44:03 +01:00
|
|
|
|
|
|
|
if (!$file->isViewableInBrowser()) {
|
|
|
|
$mime_type = $file->getMimeType();
|
|
|
|
$engine->destroyObject($file);
|
|
|
|
$file = null;
|
|
|
|
throw new Exception(
|
|
|
|
pht(
|
|
|
|
'The URI "%s" does not correspond to a valid image file, got '.
|
|
|
|
'a file with MIME type "%s". You must specify the URI of a '.
|
|
|
|
'valid image file.',
|
|
|
|
$uri,
|
|
|
|
$mime_type));
|
|
|
|
} else {
|
|
|
|
$file
|
2015-07-27 18:04:08 +02:00
|
|
|
->setAuthorPHID($viewer->getPHID())
|
Improve granluarity and defaults of `security.allow-outbound-http`
Summary:
Ref T6755. This is a partial fix, but:
- Allow netblocks to be blacklisted instead of making the feature all-or-nothing.
- Default to disallow requests to all reserved private/local/special IP blocks. This should generally be a "safe" setting.
- Explain the risks better.
- Improve the errors rasied by Macro when failing.
- Removed `security.allow-outbound-http`, as it is superseded by this setting and is somewhat misleading.
- We still make outbound HTTP requests to OAuth.
- We still make outbound HTTP requests for repositories.
From a technical perspective:
- Separate URIs that are safe to link to or redirect to (basically, not "javascript://") from URIs that are safe to fetch (nothing in a private block).
- Add the default blacklist.
- Be more careful with response data in Macro fetching, and don't let the user see it if it isn't ultimately valid.
Additionally:
- I want to do this check before pulling repositories, but that's enough of a mess that it should go in a separate diff.
- The future implementation of T4190 needs to perform the fetch check.
Test Plan:
- Fetched a valid macro.
- Fetched a non-image, verified it didn't result in a viewable file.
- Fetched a private-ip-space image, got an error.
- Fetched a 404, got a useful-enough error without additional revealing response content (which is usually HTML anyway and not useful).
- Fetched a bad protocol, got an error.
- Linked to a local resource, a phriction page, a valid remote site, all worked.
- Linked to private IP space, which worked fine (we want to let you link and redierect to other private services, just not fetch them).
- Added and executed unit tests.
Reviewers: btrahan
Reviewed By: btrahan
Subscribers: epriestley
Maniphest Tasks: T6755
Differential Revision: https://secure.phabricator.com/D12136
2015-03-23 18:44:03 +01:00
|
|
|
->save();
|
|
|
|
}
|
|
|
|
} catch (HTTPFutureHTTPResponseStatus $status) {
|
|
|
|
$errors[] = pht(
|
|
|
|
'The URI "%s" could not be loaded, got %s error.',
|
|
|
|
$uri,
|
|
|
|
$status->getStatusCode());
|
2013-02-21 21:43:39 +01:00
|
|
|
} catch (Exception $ex) {
|
Improve granluarity and defaults of `security.allow-outbound-http`
Summary:
Ref T6755. This is a partial fix, but:
- Allow netblocks to be blacklisted instead of making the feature all-or-nothing.
- Default to disallow requests to all reserved private/local/special IP blocks. This should generally be a "safe" setting.
- Explain the risks better.
- Improve the errors rasied by Macro when failing.
- Removed `security.allow-outbound-http`, as it is superseded by this setting and is somewhat misleading.
- We still make outbound HTTP requests to OAuth.
- We still make outbound HTTP requests for repositories.
From a technical perspective:
- Separate URIs that are safe to link to or redirect to (basically, not "javascript://") from URIs that are safe to fetch (nothing in a private block).
- Add the default blacklist.
- Be more careful with response data in Macro fetching, and don't let the user see it if it isn't ultimately valid.
Additionally:
- I want to do this check before pulling repositories, but that's enough of a mess that it should go in a separate diff.
- The future implementation of T4190 needs to perform the fetch check.
Test Plan:
- Fetched a valid macro.
- Fetched a non-image, verified it didn't result in a viewable file.
- Fetched a private-ip-space image, got an error.
- Fetched a 404, got a useful-enough error without additional revealing response content (which is usually HTML anyway and not useful).
- Fetched a bad protocol, got an error.
- Linked to a local resource, a phriction page, a valid remote site, all worked.
- Linked to private IP space, which worked fine (we want to let you link and redierect to other private services, just not fetch them).
- Added and executed unit tests.
Reviewers: btrahan
Reviewed By: btrahan
Subscribers: epriestley
Maniphest Tasks: T6755
Differential Revision: https://secure.phabricator.com/D12136
2015-03-23 18:44:03 +01:00
|
|
|
$errors[] = $ex->getMessage();
|
2013-02-21 21:43:39 +01:00
|
|
|
}
|
Modernize Macro application
Summary: Adds feed, email, notifications, comments, partial editing, subscriptions, enable/disable, flags and crumbs to Macro.
Test Plan:
{F26839}
{F26840}
{F26841}
{F26842}
{F26843}
{F26844}
{F26845}
Reviewers: vrana, btrahan, chad
Reviewed By: vrana
CC: aran
Maniphest Tasks: T2157, T175, T2104
Differential Revision: https://secure.phabricator.com/D4141
2012-12-11 23:01:03 +01:00
|
|
|
} else if ($request->getStr('phid')) {
|
2013-09-30 18:38:13 +02:00
|
|
|
$file = id(new PhabricatorFileQuery())
|
2015-07-27 18:04:08 +02:00
|
|
|
->setViewer($viewer)
|
2013-09-30 18:38:13 +02:00
|
|
|
->withPHIDs(array($request->getStr('phid')))
|
|
|
|
->executeOne();
|
Modernize Macro application
Summary: Adds feed, email, notifications, comments, partial editing, subscriptions, enable/disable, flags and crumbs to Macro.
Test Plan:
{F26839}
{F26840}
{F26841}
{F26842}
{F26843}
{F26844}
{F26845}
Reviewers: vrana, btrahan, chad
Reviewed By: vrana
CC: aran
Maniphest Tasks: T2157, T175, T2104
Differential Revision: https://secure.phabricator.com/D4141
2012-12-11 23:01:03 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
if ($file) {
|
|
|
|
if (!$file->isViewableInBrowser()) {
|
|
|
|
$errors[] = pht('You must upload an image.');
|
|
|
|
$e_file = pht('Invalid');
|
|
|
|
} else {
|
|
|
|
$macro->setFilePHID($file->getPHID());
|
2013-03-22 21:07:20 +01:00
|
|
|
$macro->attachFile($file);
|
Modernize Macro application
Summary: Adds feed, email, notifications, comments, partial editing, subscriptions, enable/disable, flags and crumbs to Macro.
Test Plan:
{F26839}
{F26840}
{F26841}
{F26842}
{F26843}
{F26844}
{F26845}
Reviewers: vrana, btrahan, chad
Reviewed By: vrana
CC: aran
Maniphest Tasks: T2157, T175, T2104
Differential Revision: https://secure.phabricator.com/D4141
2012-12-11 23:01:03 +01:00
|
|
|
$e_file = null;
|
|
|
|
}
|
|
|
|
}
|
2011-05-03 19:45:45 +02:00
|
|
|
|
Modernize Macro application
Summary: Adds feed, email, notifications, comments, partial editing, subscriptions, enable/disable, flags and crumbs to Macro.
Test Plan:
{F26839}
{F26840}
{F26841}
{F26842}
{F26843}
{F26844}
{F26845}
Reviewers: vrana, btrahan, chad
Reviewed By: vrana
CC: aran
Maniphest Tasks: T2157, T175, T2104
Differential Revision: https://secure.phabricator.com/D4141
2012-12-11 23:01:03 +01:00
|
|
|
if (!$macro->getID() && !$file) {
|
2013-01-24 04:36:23 +01:00
|
|
|
$errors[] = pht('You must upload an image to create a macro.');
|
2013-05-30 00:05:44 +02:00
|
|
|
$e_file = pht('Required');
|
Modernize Macro application
Summary: Adds feed, email, notifications, comments, partial editing, subscriptions, enable/disable, flags and crumbs to Macro.
Test Plan:
{F26839}
{F26840}
{F26841}
{F26842}
{F26843}
{F26844}
{F26845}
Reviewers: vrana, btrahan, chad
Reviewed By: vrana
CC: aran
Maniphest Tasks: T2157, T175, T2104
Differential Revision: https://secure.phabricator.com/D4141
2012-12-11 23:01:03 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
if (!$errors) {
|
2011-05-03 19:45:45 +02:00
|
|
|
try {
|
Modernize Macro application
Summary: Adds feed, email, notifications, comments, partial editing, subscriptions, enable/disable, flags and crumbs to Macro.
Test Plan:
{F26839}
{F26840}
{F26841}
{F26842}
{F26843}
{F26844}
{F26845}
Reviewers: vrana, btrahan, chad
Reviewed By: vrana
CC: aran
Maniphest Tasks: T2157, T175, T2104
Differential Revision: https://secure.phabricator.com/D4141
2012-12-11 23:01:03 +01:00
|
|
|
$xactions = array();
|
|
|
|
|
|
|
|
if ($new_name !== null) {
|
|
|
|
$xactions[] = id(new PhabricatorMacroTransaction())
|
2017-05-02 00:19:00 +02:00
|
|
|
->setTransactionType(
|
|
|
|
PhabricatorMacroNameTransaction::TRANSACTIONTYPE)
|
Modernize Macro application
Summary: Adds feed, email, notifications, comments, partial editing, subscriptions, enable/disable, flags and crumbs to Macro.
Test Plan:
{F26839}
{F26840}
{F26841}
{F26842}
{F26843}
{F26844}
{F26845}
Reviewers: vrana, btrahan, chad
Reviewed By: vrana
CC: aran
Maniphest Tasks: T2157, T175, T2104
Differential Revision: https://secure.phabricator.com/D4141
2012-12-11 23:01:03 +01:00
|
|
|
->setNewValue($new_name);
|
|
|
|
}
|
|
|
|
|
|
|
|
if ($file) {
|
|
|
|
$xactions[] = id(new PhabricatorMacroTransaction())
|
2017-05-02 00:19:00 +02:00
|
|
|
->setTransactionType(
|
|
|
|
PhabricatorMacroFileTransaction::TRANSACTIONTYPE)
|
Modernize Macro application
Summary: Adds feed, email, notifications, comments, partial editing, subscriptions, enable/disable, flags and crumbs to Macro.
Test Plan:
{F26839}
{F26840}
{F26841}
{F26842}
{F26843}
{F26844}
{F26845}
Reviewers: vrana, btrahan, chad
Reviewed By: vrana
CC: aran
Maniphest Tasks: T2157, T175, T2104
Differential Revision: https://secure.phabricator.com/D4141
2012-12-11 23:01:03 +01:00
|
|
|
->setNewValue($file->getPHID());
|
|
|
|
}
|
|
|
|
|
|
|
|
$editor = id(new PhabricatorMacroEditor())
|
2015-07-27 18:04:08 +02:00
|
|
|
->setActor($viewer)
|
Add ApplicationTransaction handling for transactions with no effect
Summary:
When a user submits an action with no effect (like an empty comment, an "abandon" on an already-accepted revision, or a "close, resolved" on a closed task) we want to alert them that their action isn't effective. These warnings fall into two general buckets:
- User is submitting two or more actions, and some aren't effective but some are. Prompt them to apply the effective actions only.
- A special case of this is where the only effective action is a comment. We provide tailored text ("Post Comment") in this case.
- User is submitting one action, which isn't effective. Tell them they're out of luck.
- A special case of this is an empty comment. We provide tailored text in this case.
By default, the transaction editor throws when transactions have no effect. The caller can then deal with this, or use `PhabricatorApplicationTransactionNoEffectResponse` to provide a standard dialog that gives the user information as above. For cases where we expect transactions to have no effect (notably, "edit" forms) we just continue on no-effect unconditionally.
Also fix an issue where new, combined or filtered transactions would not be represented properly in the Ajax response (i.e., return final transactions from `applyTransactions()`), and translate some strings.
Test Plan:
- Submitted empty and nonempy comments in Macro and Pholio.
- Submitted comments with new and existing "@mentions".
- Submitted edits in both applications.
Reviewers: btrahan, vrana
Reviewed By: btrahan
CC: aran
Maniphest Tasks: T912, T2104
Differential Revision: https://secure.phabricator.com/D4160
2012-12-12 02:27:40 +01:00
|
|
|
->setContinueOnNoEffect(true)
|
2013-05-24 19:48:34 +02:00
|
|
|
->setContentSourceFromRequest($request);
|
Add ApplicationTransaction handling for transactions with no effect
Summary:
When a user submits an action with no effect (like an empty comment, an "abandon" on an already-accepted revision, or a "close, resolved" on a closed task) we want to alert them that their action isn't effective. These warnings fall into two general buckets:
- User is submitting two or more actions, and some aren't effective but some are. Prompt them to apply the effective actions only.
- A special case of this is where the only effective action is a comment. We provide tailored text ("Post Comment") in this case.
- User is submitting one action, which isn't effective. Tell them they're out of luck.
- A special case of this is an empty comment. We provide tailored text in this case.
By default, the transaction editor throws when transactions have no effect. The caller can then deal with this, or use `PhabricatorApplicationTransactionNoEffectResponse` to provide a standard dialog that gives the user information as above. For cases where we expect transactions to have no effect (notably, "edit" forms) we just continue on no-effect unconditionally.
Also fix an issue where new, combined or filtered transactions would not be represented properly in the Ajax response (i.e., return final transactions from `applyTransactions()`), and translate some strings.
Test Plan:
- Submitted empty and nonempy comments in Macro and Pholio.
- Submitted comments with new and existing "@mentions".
- Submitted edits in both applications.
Reviewers: btrahan, vrana
Reviewed By: btrahan
CC: aran
Maniphest Tasks: T912, T2104
Differential Revision: https://secure.phabricator.com/D4160
2012-12-12 02:27:40 +01:00
|
|
|
|
|
|
|
$xactions = $editor->applyTransactions($original, $xactions);
|
Modernize Macro application
Summary: Adds feed, email, notifications, comments, partial editing, subscriptions, enable/disable, flags and crumbs to Macro.
Test Plan:
{F26839}
{F26840}
{F26841}
{F26842}
{F26843}
{F26844}
{F26845}
Reviewers: vrana, btrahan, chad
Reviewed By: vrana
CC: aran
Maniphest Tasks: T2157, T175, T2104
Differential Revision: https://secure.phabricator.com/D4141
2012-12-11 23:01:03 +01:00
|
|
|
|
|
|
|
$view_uri = $this->getApplicationURI('/view/'.$original->getID().'/');
|
|
|
|
return id(new AphrontRedirectResponse())->setURI($view_uri);
|
2014-08-05 23:51:21 +02:00
|
|
|
} catch (AphrontDuplicateKeyQueryException $ex) {
|
Modernize Macro application
Summary: Adds feed, email, notifications, comments, partial editing, subscriptions, enable/disable, flags and crumbs to Macro.
Test Plan:
{F26839}
{F26840}
{F26841}
{F26842}
{F26843}
{F26844}
{F26845}
Reviewers: vrana, btrahan, chad
Reviewed By: vrana
CC: aran
Maniphest Tasks: T2157, T175, T2104
Differential Revision: https://secure.phabricator.com/D4141
2012-12-11 23:01:03 +01:00
|
|
|
throw $ex;
|
2013-01-24 04:36:23 +01:00
|
|
|
$errors[] = pht('Macro name is not unique!');
|
|
|
|
$e_name = pht('Duplicate');
|
2011-05-03 19:45:45 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
Modernize Macro application
Summary: Adds feed, email, notifications, comments, partial editing, subscriptions, enable/disable, flags and crumbs to Macro.
Test Plan:
{F26839}
{F26840}
{F26841}
{F26842}
{F26843}
{F26844}
{F26845}
Reviewers: vrana, btrahan, chad
Reviewed By: vrana
CC: aran
Maniphest Tasks: T2157, T175, T2104
Differential Revision: https://secure.phabricator.com/D4141
2012-12-11 23:01:03 +01:00
|
|
|
$current_file = null;
|
|
|
|
if ($macro->getFilePHID()) {
|
2013-03-22 21:07:20 +01:00
|
|
|
$current_file = $macro->getFile();
|
Modernize Macro application
Summary: Adds feed, email, notifications, comments, partial editing, subscriptions, enable/disable, flags and crumbs to Macro.
Test Plan:
{F26839}
{F26840}
{F26841}
{F26842}
{F26843}
{F26844}
{F26845}
Reviewers: vrana, btrahan, chad
Reviewed By: vrana
CC: aran
Maniphest Tasks: T2157, T175, T2104
Differential Revision: https://secure.phabricator.com/D4141
2012-12-11 23:01:03 +01:00
|
|
|
}
|
|
|
|
|
2011-05-03 19:45:45 +02:00
|
|
|
$form = new AphrontFormView();
|
Modernize Macro application
Summary: Adds feed, email, notifications, comments, partial editing, subscriptions, enable/disable, flags and crumbs to Macro.
Test Plan:
{F26839}
{F26840}
{F26841}
{F26842}
{F26843}
{F26844}
{F26845}
Reviewers: vrana, btrahan, chad
Reviewed By: vrana
CC: aran
Maniphest Tasks: T2157, T175, T2104
Differential Revision: https://secure.phabricator.com/D4141
2012-12-11 23:01:03 +01:00
|
|
|
$form->addHiddenInput('name_form', 1);
|
2011-05-03 19:45:45 +02:00
|
|
|
$form->setUser($request->getUser());
|
|
|
|
|
|
|
|
$form
|
|
|
|
->setEncType('multipart/form-data')
|
|
|
|
->appendChild(
|
|
|
|
id(new AphrontFormTextControl())
|
2013-01-24 04:36:23 +01:00
|
|
|
->setLabel(pht('Name'))
|
2011-05-03 19:45:45 +02:00
|
|
|
->setName('name')
|
|
|
|
->setValue($macro->getName())
|
2013-01-24 04:36:23 +01:00
|
|
|
->setCaption(
|
|
|
|
pht('This word or phrase will be replaced with the image.'))
|
Modernize Macro application
Summary: Adds feed, email, notifications, comments, partial editing, subscriptions, enable/disable, flags and crumbs to Macro.
Test Plan:
{F26839}
{F26840}
{F26841}
{F26842}
{F26843}
{F26844}
{F26845}
Reviewers: vrana, btrahan, chad
Reviewed By: vrana
CC: aran
Maniphest Tasks: T2157, T175, T2104
Differential Revision: https://secure.phabricator.com/D4141
2012-12-11 23:01:03 +01:00
|
|
|
->setError($e_name));
|
|
|
|
|
|
|
|
if (!$macro->getID()) {
|
|
|
|
if ($current_file) {
|
|
|
|
$current_file_view = id(new PhabricatorFileLinkView())
|
2017-02-04 02:02:50 +01:00
|
|
|
->setViewer($viewer)
|
Modernize Macro application
Summary: Adds feed, email, notifications, comments, partial editing, subscriptions, enable/disable, flags and crumbs to Macro.
Test Plan:
{F26839}
{F26840}
{F26841}
{F26842}
{F26843}
{F26844}
{F26845}
Reviewers: vrana, btrahan, chad
Reviewed By: vrana
CC: aran
Maniphest Tasks: T2157, T175, T2104
Differential Revision: https://secure.phabricator.com/D4141
2012-12-11 23:01:03 +01:00
|
|
|
->setFilePHID($current_file->getPHID())
|
|
|
|
->setFileName($current_file->getName())
|
|
|
|
->setFileViewable(true)
|
|
|
|
->setFileViewURI($current_file->getBestURI())
|
|
|
|
->render();
|
|
|
|
$form->addHiddenInput('phid', $current_file->getPHID());
|
|
|
|
$form->appendChild(
|
|
|
|
id(new AphrontFormMarkupControl())
|
2013-01-24 04:36:23 +01:00
|
|
|
->setLabel(pht('Selected File'))
|
Modernize Macro application
Summary: Adds feed, email, notifications, comments, partial editing, subscriptions, enable/disable, flags and crumbs to Macro.
Test Plan:
{F26839}
{F26840}
{F26841}
{F26842}
{F26843}
{F26844}
{F26845}
Reviewers: vrana, btrahan, chad
Reviewed By: vrana
CC: aran
Maniphest Tasks: T2157, T175, T2104
Differential Revision: https://secure.phabricator.com/D4141
2012-12-11 23:01:03 +01:00
|
|
|
->setValue($current_file_view));
|
|
|
|
|
|
|
|
$other_label = pht('Change File');
|
|
|
|
} else {
|
|
|
|
$other_label = pht('File');
|
|
|
|
}
|
|
|
|
|
Improve granluarity and defaults of `security.allow-outbound-http`
Summary:
Ref T6755. This is a partial fix, but:
- Allow netblocks to be blacklisted instead of making the feature all-or-nothing.
- Default to disallow requests to all reserved private/local/special IP blocks. This should generally be a "safe" setting.
- Explain the risks better.
- Improve the errors rasied by Macro when failing.
- Removed `security.allow-outbound-http`, as it is superseded by this setting and is somewhat misleading.
- We still make outbound HTTP requests to OAuth.
- We still make outbound HTTP requests for repositories.
From a technical perspective:
- Separate URIs that are safe to link to or redirect to (basically, not "javascript://") from URIs that are safe to fetch (nothing in a private block).
- Add the default blacklist.
- Be more careful with response data in Macro fetching, and don't let the user see it if it isn't ultimately valid.
Additionally:
- I want to do this check before pulling repositories, but that's enough of a mess that it should go in a separate diff.
- The future implementation of T4190 needs to perform the fetch check.
Test Plan:
- Fetched a valid macro.
- Fetched a non-image, verified it didn't result in a viewable file.
- Fetched a private-ip-space image, got an error.
- Fetched a 404, got a useful-enough error without additional revealing response content (which is usually HTML anyway and not useful).
- Fetched a bad protocol, got an error.
- Linked to a local resource, a phriction page, a valid remote site, all worked.
- Linked to private IP space, which worked fine (we want to let you link and redierect to other private services, just not fetch them).
- Added and executed unit tests.
Reviewers: btrahan
Reviewed By: btrahan
Subscribers: epriestley
Maniphest Tasks: T6755
Differential Revision: https://secure.phabricator.com/D12136
2015-03-23 18:44:03 +01:00
|
|
|
$form->appendChild(
|
|
|
|
id(new AphrontFormTextControl())
|
|
|
|
->setLabel(pht('URL'))
|
|
|
|
->setName('url')
|
|
|
|
->setValue($request->getStr('url'))
|
|
|
|
->setError($request->getFileExists('file') ? false : $e_file));
|
2013-02-21 21:43:39 +01:00
|
|
|
|
Modernize Macro application
Summary: Adds feed, email, notifications, comments, partial editing, subscriptions, enable/disable, flags and crumbs to Macro.
Test Plan:
{F26839}
{F26840}
{F26841}
{F26842}
{F26843}
{F26844}
{F26845}
Reviewers: vrana, btrahan, chad
Reviewed By: vrana
CC: aran
Maniphest Tasks: T2157, T175, T2104
Differential Revision: https://secure.phabricator.com/D4141
2012-12-11 23:01:03 +01:00
|
|
|
$form->appendChild(
|
2011-05-03 19:45:45 +02:00
|
|
|
id(new AphrontFormFileControl())
|
Modernize Macro application
Summary: Adds feed, email, notifications, comments, partial editing, subscriptions, enable/disable, flags and crumbs to Macro.
Test Plan:
{F26839}
{F26840}
{F26841}
{F26842}
{F26843}
{F26844}
{F26845}
Reviewers: vrana, btrahan, chad
Reviewed By: vrana
CC: aran
Maniphest Tasks: T2157, T175, T2104
Differential Revision: https://secure.phabricator.com/D4141
2012-12-11 23:01:03 +01:00
|
|
|
->setLabel($other_label)
|
2011-05-03 19:45:45 +02:00
|
|
|
->setName('file')
|
2013-04-06 20:47:47 +02:00
|
|
|
->setError($request->getStr('url') ? false : $e_file));
|
Modernize Macro application
Summary: Adds feed, email, notifications, comments, partial editing, subscriptions, enable/disable, flags and crumbs to Macro.
Test Plan:
{F26839}
{F26840}
{F26841}
{F26842}
{F26843}
{F26844}
{F26845}
Reviewers: vrana, btrahan, chad
Reviewed By: vrana
CC: aran
Maniphest Tasks: T2157, T175, T2104
Differential Revision: https://secure.phabricator.com/D4141
2012-12-11 23:01:03 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
$view_uri = $this->getApplicationURI('/view/'.$macro->getID().'/');
|
|
|
|
|
|
|
|
if ($macro->getID()) {
|
|
|
|
$cancel_uri = $view_uri;
|
|
|
|
} else {
|
|
|
|
$cancel_uri = $this->getApplicationURI();
|
|
|
|
}
|
|
|
|
|
|
|
|
$form
|
2011-05-03 19:45:45 +02:00
|
|
|
->appendChild(
|
|
|
|
id(new AphrontFormSubmitControl())
|
Modernize Macro application
Summary: Adds feed, email, notifications, comments, partial editing, subscriptions, enable/disable, flags and crumbs to Macro.
Test Plan:
{F26839}
{F26840}
{F26841}
{F26842}
{F26843}
{F26844}
{F26845}
Reviewers: vrana, btrahan, chad
Reviewed By: vrana
CC: aran
Maniphest Tasks: T2157, T175, T2104
Differential Revision: https://secure.phabricator.com/D4141
2012-12-11 23:01:03 +01:00
|
|
|
->setValue(pht('Save Image Macro'))
|
|
|
|
->addCancelButton($cancel_uri));
|
|
|
|
|
|
|
|
$crumbs = $this->buildApplicationCrumbs();
|
2011-05-03 19:45:45 +02:00
|
|
|
|
|
|
|
if ($macro->getID()) {
|
2016-04-01 23:08:51 +02:00
|
|
|
$title = pht('Edit Macro: %s', $macro->getName());
|
2013-05-18 01:01:19 +02:00
|
|
|
$crumb = pht('Edit Macro');
|
2016-04-01 23:08:51 +02:00
|
|
|
$header_icon = 'fa-pencil';
|
Modernize Macro application
Summary: Adds feed, email, notifications, comments, partial editing, subscriptions, enable/disable, flags and crumbs to Macro.
Test Plan:
{F26839}
{F26840}
{F26841}
{F26842}
{F26843}
{F26844}
{F26845}
Reviewers: vrana, btrahan, chad
Reviewed By: vrana
CC: aran
Maniphest Tasks: T2157, T175, T2104
Differential Revision: https://secure.phabricator.com/D4141
2012-12-11 23:01:03 +01:00
|
|
|
|
2016-04-01 23:08:51 +02:00
|
|
|
$crumbs->addTextCrumb(pht('Macro: %s', $macro->getName()), $view_uri);
|
2011-05-03 19:45:45 +02:00
|
|
|
} else {
|
Modernize Macro application
Summary: Adds feed, email, notifications, comments, partial editing, subscriptions, enable/disable, flags and crumbs to Macro.
Test Plan:
{F26839}
{F26840}
{F26841}
{F26842}
{F26843}
{F26844}
{F26845}
Reviewers: vrana, btrahan, chad
Reviewed By: vrana
CC: aran
Maniphest Tasks: T2157, T175, T2104
Differential Revision: https://secure.phabricator.com/D4141
2012-12-11 23:01:03 +01:00
|
|
|
$title = pht('Create Image Macro');
|
2013-05-18 01:01:19 +02:00
|
|
|
$crumb = pht('Create Macro');
|
2016-04-01 23:08:51 +02:00
|
|
|
$header_icon = 'fa-plus-square';
|
2011-05-03 19:45:45 +02:00
|
|
|
}
|
2011-12-15 07:37:23 +01:00
|
|
|
|
2013-12-20 23:06:21 +01:00
|
|
|
$crumbs->addTextCrumb($crumb, $request->getRequestURI());
|
2016-04-01 23:08:51 +02:00
|
|
|
$crumbs->setBorder(true);
|
Modernize Macro application
Summary: Adds feed, email, notifications, comments, partial editing, subscriptions, enable/disable, flags and crumbs to Macro.
Test Plan:
{F26839}
{F26840}
{F26841}
{F26842}
{F26843}
{F26844}
{F26845}
Reviewers: vrana, btrahan, chad
Reviewed By: vrana
CC: aran
Maniphest Tasks: T2157, T175, T2104
Differential Revision: https://secure.phabricator.com/D4141
2012-12-11 23:01:03 +01:00
|
|
|
|
|
|
|
$upload = null;
|
|
|
|
if ($macro->getID()) {
|
|
|
|
$upload_form = id(new AphrontFormView())
|
|
|
|
->setEncType('multipart/form-data')
|
2013-02-21 21:43:39 +01:00
|
|
|
->setUser($request->getUser());
|
|
|
|
|
Improve granluarity and defaults of `security.allow-outbound-http`
Summary:
Ref T6755. This is a partial fix, but:
- Allow netblocks to be blacklisted instead of making the feature all-or-nothing.
- Default to disallow requests to all reserved private/local/special IP blocks. This should generally be a "safe" setting.
- Explain the risks better.
- Improve the errors rasied by Macro when failing.
- Removed `security.allow-outbound-http`, as it is superseded by this setting and is somewhat misleading.
- We still make outbound HTTP requests to OAuth.
- We still make outbound HTTP requests for repositories.
From a technical perspective:
- Separate URIs that are safe to link to or redirect to (basically, not "javascript://") from URIs that are safe to fetch (nothing in a private block).
- Add the default blacklist.
- Be more careful with response data in Macro fetching, and don't let the user see it if it isn't ultimately valid.
Additionally:
- I want to do this check before pulling repositories, but that's enough of a mess that it should go in a separate diff.
- The future implementation of T4190 needs to perform the fetch check.
Test Plan:
- Fetched a valid macro.
- Fetched a non-image, verified it didn't result in a viewable file.
- Fetched a private-ip-space image, got an error.
- Fetched a 404, got a useful-enough error without additional revealing response content (which is usually HTML anyway and not useful).
- Fetched a bad protocol, got an error.
- Linked to a local resource, a phriction page, a valid remote site, all worked.
- Linked to private IP space, which worked fine (we want to let you link and redierect to other private services, just not fetch them).
- Added and executed unit tests.
Reviewers: btrahan
Reviewed By: btrahan
Subscribers: epriestley
Maniphest Tasks: T6755
Differential Revision: https://secure.phabricator.com/D12136
2015-03-23 18:44:03 +01:00
|
|
|
$upload_form->appendChild(
|
|
|
|
id(new AphrontFormTextControl())
|
|
|
|
->setLabel(pht('URL'))
|
|
|
|
->setName('url')
|
|
|
|
->setValue($request->getStr('url')));
|
2013-02-21 21:43:39 +01:00
|
|
|
|
|
|
|
$upload_form
|
Modernize Macro application
Summary: Adds feed, email, notifications, comments, partial editing, subscriptions, enable/disable, flags and crumbs to Macro.
Test Plan:
{F26839}
{F26840}
{F26841}
{F26842}
{F26843}
{F26844}
{F26845}
Reviewers: vrana, btrahan, chad
Reviewed By: vrana
CC: aran
Maniphest Tasks: T2157, T175, T2104
Differential Revision: https://secure.phabricator.com/D4141
2012-12-11 23:01:03 +01:00
|
|
|
->appendChild(
|
|
|
|
id(new AphrontFormFileControl())
|
2013-01-24 04:36:23 +01:00
|
|
|
->setLabel(pht('File'))
|
Modernize Macro application
Summary: Adds feed, email, notifications, comments, partial editing, subscriptions, enable/disable, flags and crumbs to Macro.
Test Plan:
{F26839}
{F26840}
{F26841}
{F26842}
{F26843}
{F26844}
{F26845}
Reviewers: vrana, btrahan, chad
Reviewed By: vrana
CC: aran
Maniphest Tasks: T2157, T175, T2104
Differential Revision: https://secure.phabricator.com/D4141
2012-12-11 23:01:03 +01:00
|
|
|
->setName('file'))
|
|
|
|
->appendChild(
|
|
|
|
id(new AphrontFormSubmitControl())
|
2013-01-24 04:36:23 +01:00
|
|
|
->setValue(pht('Upload File')));
|
Modernize Macro application
Summary: Adds feed, email, notifications, comments, partial editing, subscriptions, enable/disable, flags and crumbs to Macro.
Test Plan:
{F26839}
{F26840}
{F26841}
{F26842}
{F26843}
{F26844}
{F26845}
Reviewers: vrana, btrahan, chad
Reviewed By: vrana
CC: aran
Maniphest Tasks: T2157, T175, T2104
Differential Revision: https://secure.phabricator.com/D4141
2012-12-11 23:01:03 +01:00
|
|
|
|
2013-09-25 20:23:29 +02:00
|
|
|
$upload = id(new PHUIObjectBoxView())
|
Provide more structure to PHUIObjectBoxView
Summary:
Three changes here.
- Add `setActionList()`, and use that to set the action list.
- Add `setPropertyList()`, and use that to set the property list.
These will let us add some apropriate CSS so we can fix the border issue, and get rid of a bunch of goofy `.x + .y` selectors.
- Replace `addContent()` with `appendChild()`.
This is just a consistency thing; `AphrontView` already provides `appendChild()`, and `addContent()` did the same thing.
Test Plan:
- Viewed "All Config".
- Viewed a countdown.
- Viewed a revision (add comment, change list, table of contents, comment, local commits, open revisions affecting these files, update history).
- Viewed Diffusion (browse, change, history, repository, lint).
- Viewed Drydock (resource, lease).
- Viewed Files.
- Viewed Herald.
- Viewed Legalpad.
- Viewed macro (edit, edit audio, view).
- Viewed Maniphest.
- Viewed Applications.
- Viewed Paste.
- Viewed People.
- Viewed Phulux.
- Viewed Pholio.
- Viewed Phame (blog, post).
- Viewed Phortune (account, product).
- Viewed Ponder (questions, answers, comments).
- Viewed Releeph.
- Viewed Projects.
- Viewed Slowvote.
NOTE: Images in Files aren't on a black background anymore -- I assume that's on purpose?
NOTE: Some jankiness in Phortune, I'll clean that up when I get back to it. Not related to this diff.
Reviewers: chad
Reviewed By: chad
CC: aran
Differential Revision: https://secure.phabricator.com/D7174
2013-09-30 18:36:04 +02:00
|
|
|
->setHeaderText(pht('Upload New File'))
|
2016-04-01 23:08:51 +02:00
|
|
|
->setBackground(PHUIObjectBoxView::BLUE_PROPERTY)
|
Provide more structure to PHUIObjectBoxView
Summary:
Three changes here.
- Add `setActionList()`, and use that to set the action list.
- Add `setPropertyList()`, and use that to set the property list.
These will let us add some apropriate CSS so we can fix the border issue, and get rid of a bunch of goofy `.x + .y` selectors.
- Replace `addContent()` with `appendChild()`.
This is just a consistency thing; `AphrontView` already provides `appendChild()`, and `addContent()` did the same thing.
Test Plan:
- Viewed "All Config".
- Viewed a countdown.
- Viewed a revision (add comment, change list, table of contents, comment, local commits, open revisions affecting these files, update history).
- Viewed Diffusion (browse, change, history, repository, lint).
- Viewed Drydock (resource, lease).
- Viewed Files.
- Viewed Herald.
- Viewed Legalpad.
- Viewed macro (edit, edit audio, view).
- Viewed Maniphest.
- Viewed Applications.
- Viewed Paste.
- Viewed People.
- Viewed Phulux.
- Viewed Pholio.
- Viewed Phame (blog, post).
- Viewed Phortune (account, product).
- Viewed Ponder (questions, answers, comments).
- Viewed Releeph.
- Viewed Projects.
- Viewed Slowvote.
NOTE: Images in Files aren't on a black background anymore -- I assume that's on purpose?
NOTE: Some jankiness in Phortune, I'll clean that up when I get back to it. Not related to this diff.
Reviewers: chad
Reviewed By: chad
CC: aran
Differential Revision: https://secure.phabricator.com/D7174
2013-09-30 18:36:04 +02:00
|
|
|
->setForm($upload_form);
|
Modernize Macro application
Summary: Adds feed, email, notifications, comments, partial editing, subscriptions, enable/disable, flags and crumbs to Macro.
Test Plan:
{F26839}
{F26840}
{F26841}
{F26842}
{F26843}
{F26844}
{F26845}
Reviewers: vrana, btrahan, chad
Reviewed By: vrana
CC: aran
Maniphest Tasks: T2157, T175, T2104
Differential Revision: https://secure.phabricator.com/D4141
2012-12-11 23:01:03 +01:00
|
|
|
}
|
2011-05-03 19:45:45 +02:00
|
|
|
|
2013-09-25 20:23:29 +02:00
|
|
|
$form_box = id(new PHUIObjectBoxView())
|
2016-04-01 23:08:51 +02:00
|
|
|
->setHeaderText(pht('Macro'))
|
2014-01-10 18:17:37 +01:00
|
|
|
->setFormErrors($errors)
|
2016-04-01 23:08:51 +02:00
|
|
|
->setBackground(PHUIObjectBoxView::BLUE_PROPERTY)
|
2013-08-26 20:53:11 +02:00
|
|
|
->setForm($form);
|
|
|
|
|
2016-04-01 23:08:51 +02:00
|
|
|
$header = id(new PHUIHeaderView())
|
|
|
|
->setHeader($title)
|
|
|
|
->setHeaderIcon($header_icon);
|
|
|
|
|
|
|
|
$view = id(new PHUITwoColumnView())
|
|
|
|
->setHeader($header)
|
|
|
|
->setFooter(array(
|
2013-08-26 20:53:11 +02:00
|
|
|
$form_box,
|
Modernize Macro application
Summary: Adds feed, email, notifications, comments, partial editing, subscriptions, enable/disable, flags and crumbs to Macro.
Test Plan:
{F26839}
{F26840}
{F26841}
{F26842}
{F26843}
{F26844}
{F26845}
Reviewers: vrana, btrahan, chad
Reviewed By: vrana
CC: aran
Maniphest Tasks: T2157, T175, T2104
Differential Revision: https://secure.phabricator.com/D4141
2012-12-11 23:01:03 +01:00
|
|
|
$upload,
|
2011-05-03 19:45:45 +02:00
|
|
|
));
|
2016-04-01 23:08:51 +02:00
|
|
|
|
|
|
|
return $this->newPage()
|
|
|
|
->setTitle($title)
|
|
|
|
->setCrumbs($crumbs)
|
|
|
|
->appendChild($view);
|
|
|
|
|
2011-05-03 19:45:45 +02:00
|
|
|
}
|
2014-07-25 00:20:39 +02:00
|
|
|
|
2011-05-03 19:45:45 +02:00
|
|
|
}
|