revi-archive/phorge-phorge
1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-14 19:02:41 +01:00
Code Issues Releases Wiki Activity
phorge-phorge/src/applications/files/storage/PhabricatorFile.php

423 lines
12 KiB
PHP
Raw Normal View History

Phabricator file upload application.
2011-01-23 03:33:00 +01:00
<?php
/*
Put file name in view URI, so downloading it with option-return creates a usefully-named file Summary: If you Command-L + Option-Return to download stuff off, e.g., Paste, you get "PHID-FILE-ad98abg9bsd9ashbs.txt" in your download folder. Put the file name in the URI instead, so you get a reasonably named file. Test Plan: Downloaded some files, got reasonable results. Reviewers: btrahan, jungejason Reviewed By: btrahan CC: aran Differential Revision: https://secure.phabricator.com/D1427
2012-01-17 01:20:18 +01:00
* Copyright 2012 Facebook, Inc.
Phabricator file upload application.
2011-01-23 03:33:00 +01:00
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
Add "final" to more classes Summary: No big surprises here, delted the unused "DarkConsole" class. Test Plan: Ran 'testEverythingImplemented' to verify I wasn't finalizing anything we extend. Reviewers: btrahan Reviewed By: btrahan CC: aran, epriestley Maniphest Tasks: T795 Differential Revision: https://secure.phabricator.com/D1876
2012-03-13 19:18:11 +01:00
final class PhabricatorFile extends PhabricatorFileDAO {
Phabricator file upload application.
2011-01-23 03:33:00 +01:00
const STORAGE_FORMAT_RAW = 'raw';
protected $phid;
protected $name;
protected $mimeType;
protected $byteSize;
Drag-drop file upload. Summary: - have files be uploaded by drag+drop instead of browse. - Files are named by their uploaded filename, the user isn't given a chance to enter a file name. Is this bad? - Store author PHID now with files - Allow an ?author=<username> to limit the /files/ list by author. - If one file is uploaded, the user is taken to its info page. - If several are uploaded, they are taken to a list of their files. Test Plan: - Quickly tested everything and it still worked, I'd recommend some people try this out before it gets committed though. It's a rather huge revision. Reviewers: epriestley, Ttech CC: Differential Revision: 612
2011-07-08 06:17:00 +02:00
protected $authorPHID;
Use a proper entropy source to generate file keys Summary: See T549. Under configurations where files are served from an alternate domain which does not have cookie credentials, we use random keys to prevent browsing, similar to how Facebook relies on pseudorandom information in image URIs (we could some day go farther than this and generate file sessions on the alternate domain or something, I guess). Currently, we generate these random keys in a roundabout manner. Instead, use a real entropy source and store the key on the object. This reduces the number of sha1() calls in the codebase as per T547. Test Plan: Ran upgrade scripts, verified database was populated correctly. Configured alternate file domain, uploaded file, verified secret generated and worked properly. Changed secret, was given 404. Reviewers: jungejason, benmathews, nh, tuomaspelkonen, aran Reviewed By: aran CC: aran, epriestley Differential Revision: 1036
2011-10-23 22:50:10 +02:00
protected $secretKey;
Straighten out Diffusion file integration Summary: This is in preparation for getting the "View Options" dropdown working on audits. - Use Files to serve raw data so we get all the security benefits of the alternate file domain. Although the difficulty of exploiting this is high (you need commit access to the repo) there's no reason to leave it dangling. - Add a "contentHash" to Files so we can lookup files by content rather than adding some weird linker table. We can do other things with this later, potentially. - Don't use 'data' URIs since they're crazy and we can just link to the file URI. - When showing a binary file or an image, don't give options like "show highlighted text with blame" or "edit in external editor" since they don't make any sense. - Use the existing infrastructure to figure out if things are images or binaries instead of an ad-hoc thing in this class. Test Plan: Looked at text, image and binary files in Diffusion. Verified we reuse existing files if we've already generated them. Reviewers: btrahan, vrana Reviewed By: btrahan CC: aran, epriestley Maniphest Tasks: T904 Differential Revision: https://secure.phabricator.com/D1899
2012-03-20 03:52:24 +01:00
protected $contentHash;
Phabricator file upload application.
2011-01-23 03:33:00 +01:00
protected $storageEngine;
protected $storageFormat;
protected $storageHandle;
public function getConfiguration() {
return array(
self::CONFIG_AUX_PHID => true,
) + parent::getConfiguration();
}
public function generatePHID() {
Change hard-coded PHID types to constants. Summary: add a constants module src/applications/phid/constants/PhabricatorPHIDConstants. Test Plan: Execute applications which were using the hard-coded string. Differential Revision: 44 Reviewed By: epriestley Reviewers: epriestley CC: epriestley
2011-03-03 03:58:21 +01:00
return PhabricatorPHID::generateNewPHID(
PhabricatorPHIDConstants::PHID_TYPE_FILE);
Phabricator file upload application.
2011-01-23 03:33:00 +01:00
}
Add possibility to upload a diff file instead of using copy-paste. Test Plan: Go to /differential/diff/create and upload a diff file - result should be the same as pasting the diff into the textarea. Reviewers: epriestley Reviewed By: epriestley CC: aran, epriestley Differential Revision: 1019
2011-10-19 04:46:52 +02:00
public static function readUploadedFileData($spec) {
Phabricator file upload application.
2011-01-23 03:33:00 +01:00
if (!$spec) {
throw new Exception("No file was uploaded!");
}
$err = idx($spec, 'error');
if ($err) {
Improve error messages when hitting PHP file upload issues Summary: See T429. When you hit certain errors, you get less-than-helpful messages like "upload error 3". Instead, produce human-readable errors. Test Plan: Simulated errors, verified user receives decent error messages. Reviewed By: aran Reviewers: jungejason, tuomaspelkonen, aran, startupguy CC: aran Differential Revision: 816
2011-08-16 21:37:50 +02:00
throw new PhabricatorFileUploadException($err);
Phabricator file upload application.
2011-01-23 03:33:00 +01:00
}
$tmp_name = idx($spec, 'tmp_name');
$is_valid = @is_uploaded_file($tmp_name);
if (!$is_valid) {
throw new Exception("File is not an uploaded file.");
}
$file_data = Filesystem::readFile($tmp_name);
$file_size = idx($spec, 'size');
if (strlen($file_data) != $file_size) {
throw new Exception("File size disagrees with uploaded size.");
}
Enforce upload size limits and transport exceptions with appropriate response encoding Summary: - When a user uploads an oversized file, throw an exception. - When an uncaught exception occurs during a Conduit request, return a Conduit response. - When an uncaught exception occurs during a non-workflow Ajax request, return an Ajax response. Test Plan: - Uploaded overlarge files. - Hit an exception page with ?__ajax__=1 and ?__conduit__=1 Reviewers: btrahan, vrana, jungejason Reviewed By: btrahan CC: aran Maniphest Tasks: T875, T788 Differential Revision: https://secure.phabricator.com/D2385
2012-05-07 15:17:00 +02:00
self::validateFileSize(strlen($file_data));
Add possibility to upload a diff file instead of using copy-paste. Test Plan: Go to /differential/diff/create and upload a diff file - result should be the same as pasting the diff into the textarea. Reviewers: epriestley Reviewed By: epriestley CC: aran, epriestley Differential Revision: 1019
2011-10-19 04:46:52 +02:00
return $file_data;
}
public static function newFromPHPUpload($spec, array $params = array()) {
$file_data = self::readUploadedFileData($spec);
Phabricator file upload application.
2011-01-23 03:33:00 +01:00
$file_name = nonempty(
idx($params, 'name'),
idx($spec, 'name'));
$params = array(
'name' => $file_name,
) + $params;
return self::newFromFileData($file_data, $params);
}
Enforce upload size limits and transport exceptions with appropriate response encoding Summary: - When a user uploads an oversized file, throw an exception. - When an uncaught exception occurs during a Conduit request, return a Conduit response. - When an uncaught exception occurs during a non-workflow Ajax request, return an Ajax response. Test Plan: - Uploaded overlarge files. - Hit an exception page with ?__ajax__=1 and ?__conduit__=1 Reviewers: btrahan, vrana, jungejason Reviewed By: btrahan CC: aran Maniphest Tasks: T875, T788 Differential Revision: https://secure.phabricator.com/D2385
2012-05-07 15:17:00 +02:00
public static function newFromXHRUpload($data, array $params = array()) {
self::validateFileSize(strlen($data));
return self::newFromFileData($data, $params);
}
private static function validateFileSize($size) {
$limit = PhabricatorEnv::getEnvConfig('storage.upload-size-limit');
if (!$limit) {
return;
}
Phabricator file upload application.
2011-01-23 03:33:00 +01:00
Enforce upload size limits and transport exceptions with appropriate response encoding Summary: - When a user uploads an oversized file, throw an exception. - When an uncaught exception occurs during a Conduit request, return a Conduit response. - When an uncaught exception occurs during a non-workflow Ajax request, return an Ajax response. Test Plan: - Uploaded overlarge files. - Hit an exception page with ?__ajax__=1 and ?__conduit__=1 Reviewers: btrahan, vrana, jungejason Reviewed By: btrahan CC: aran Maniphest Tasks: T875, T788 Differential Revision: https://secure.phabricator.com/D2385
2012-05-07 15:17:00 +02:00
$limit = phabricator_parse_bytes($limit);
if ($size > $limit) {
throw new PhabricatorFileUploadException(-1000);
}
}
Simplify build file from data-or-hash code Summary: We have a bit more copy-paste than we need, consolidate a bit. (Also switch Mercurial to download git diffs, which it handles well; we use them in "arc patch".) Test Plan: - Downloaded a raw diff from Differential. - Downloaded a raw change from Diffusion. - Downloaded a raw file from Diffusion. Reviewers: btrahan Reviewed By: btrahan CC: aran Differential Revision: https://secure.phabricator.com/D2942
2012-07-09 19:38:25 +02:00
/**
* Given a block of data, try to load an existing file with the same content
* if one exists. If it does not, build a new file.
*
* This method is generally used when we have some piece of semi-trusted data
* like a diff or a file from a repository that we want to show to the user.
* We can't just dump it out because it may be dangerous for any number of
* reasons; instead, we need to serve it through the File abstraction so it
* ends up on the CDN domain if one is configured and so on. However, if we
* simply wrote a new file every time we'd potentially end up with a lot
* of redundant data in file storage.
*
* To solve these problems, we use file storage as a cache and reuse the
* same file again if we've previously written it.
*
* NOTE: This method unguards writes.
*
* @param string Raw file data.
* @param dict Dictionary of file information.
*/
public static function buildFromFileDataOrHash(
$data,
array $params = array()) {
$file = id(new PhabricatorFile())->loadOneWhere(
'contentHash = %s LIMIT 1',
PhabricatorHash::digest($data));
if (!$file) {
$unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();
$file = PhabricatorFile::newFromFileData($data, $params);
unset($unguarded);
}
return $file;
}
Enforce upload size limits and transport exceptions with appropriate response encoding Summary: - When a user uploads an oversized file, throw an exception. - When an uncaught exception occurs during a Conduit request, return a Conduit response. - When an uncaught exception occurs during a non-workflow Ajax request, return an Ajax response. Test Plan: - Uploaded overlarge files. - Hit an exception page with ?__ajax__=1 and ?__conduit__=1 Reviewers: btrahan, vrana, jungejason Reviewed By: btrahan CC: aran Maniphest Tasks: T875, T788 Differential Revision: https://secure.phabricator.com/D2385
2012-05-07 15:17:00 +02:00
public static function newFromFileData($data, array $params = array()) {
Use PhabricatorEnv::newObjectFromConfig() wherever possible Test Plan: /mail/send/ scripts/aphront/aphrontpath.php / Reviewers: epriestley Reviewed By: epriestley CC: aran, epriestley Differential Revision: https://secure.phabricator.com/D1983
2012-03-21 22:48:58 +01:00
$selector = PhabricatorEnv::newObjectFromConfig('storage.engine-selector');
Allow Phabricator storage engines to be extended and configured Summary: See T344. Currently, there's a hard-coded 12MB filesize limit and some awkward interactions with MySQL's max_allowed_packet. Make this system generally more robust: - Move the upload limit to configuration. - Add setup steps which reconcile max_allowed_packet vs MySQL file storage limits. - Add a layer of indirection between uploading files and storage engines. - Allow the definition of new storage engines. - Define a local disk storage engine. - Add a "storage engine selector" class which manages choosing which storage engines to put files in. - Document storage engines. - Document file storage classes. Test Plan: Setup mode: - Disabled MySQL storage engine, misconfigured it, configured it correctly. - Disabled file storage engine, set it to something invalid, set it to something valid. - Verified max_allowed_packet is read correctly. Application mode: - Configured local file storage. - Uploaded large and small files. - Verified larger files were written to local storage. - Verified smaller files were written to MySQL blob storage. Documentation: - Read documentation. Reviewed By: jungejason Reviewers: jungejason, tuomaspelkonen, aran CC: aran, epriestley, jungejason Differential Revision: 695
2011-07-20 07:48:38 +02:00
$engines = $selector->selectStorageEngines($data, $params);
if (!$engines) {
throw new Exception("No valid storage engines are available!");
}
$data_handle = null;
$engine_identifier = null;
Improve exception behavior for storage engine failures Summary: See T1021. Raise configuration or implementation exceptions immediately. When all engines fail, raise an aggregate exception with details. Test Plan: Forced all engines to fail, received an aggregate exception. Forced an engine to fail with a config exception, recevied it immediately. Reviewers: btrahan, vrana, jungejason Reviewed By: btrahan CC: aran Maniphest Tasks: T1021 Differential Revision: https://secure.phabricator.com/D2157
2012-04-09 00:07:34 +02:00
$exceptions = array();
Allow Phabricator storage engines to be extended and configured Summary: See T344. Currently, there's a hard-coded 12MB filesize limit and some awkward interactions with MySQL's max_allowed_packet. Make this system generally more robust: - Move the upload limit to configuration. - Add setup steps which reconcile max_allowed_packet vs MySQL file storage limits. - Add a layer of indirection between uploading files and storage engines. - Allow the definition of new storage engines. - Define a local disk storage engine. - Add a "storage engine selector" class which manages choosing which storage engines to put files in. - Document storage engines. - Document file storage classes. Test Plan: Setup mode: - Disabled MySQL storage engine, misconfigured it, configured it correctly. - Disabled file storage engine, set it to something invalid, set it to something valid. - Verified max_allowed_packet is read correctly. Application mode: - Configured local file storage. - Uploaded large and small files. - Verified larger files were written to local storage. - Verified smaller files were written to MySQL blob storage. Documentation: - Read documentation. Reviewed By: jungejason Reviewers: jungejason, tuomaspelkonen, aran CC: aran, epriestley, jungejason Differential Revision: 695
2011-07-20 07:48:38 +02:00
foreach ($engines as $engine) {
Improve exception behavior for storage engine failures Summary: See T1021. Raise configuration or implementation exceptions immediately. When all engines fail, raise an aggregate exception with details. Test Plan: Forced all engines to fail, received an aggregate exception. Forced an engine to fail with a config exception, recevied it immediately. Reviewers: btrahan, vrana, jungejason Reviewed By: btrahan CC: aran Maniphest Tasks: T1021 Differential Revision: https://secure.phabricator.com/D2157
2012-04-09 00:07:34 +02:00
$engine_class = get_class($engine);
Allow Phabricator storage engines to be extended and configured Summary: See T344. Currently, there's a hard-coded 12MB filesize limit and some awkward interactions with MySQL's max_allowed_packet. Make this system generally more robust: - Move the upload limit to configuration. - Add setup steps which reconcile max_allowed_packet vs MySQL file storage limits. - Add a layer of indirection between uploading files and storage engines. - Allow the definition of new storage engines. - Define a local disk storage engine. - Add a "storage engine selector" class which manages choosing which storage engines to put files in. - Document storage engines. - Document file storage classes. Test Plan: Setup mode: - Disabled MySQL storage engine, misconfigured it, configured it correctly. - Disabled file storage engine, set it to something invalid, set it to something valid. - Verified max_allowed_packet is read correctly. Application mode: - Configured local file storage. - Uploaded large and small files. - Verified larger files were written to local storage. - Verified smaller files were written to MySQL blob storage. Documentation: - Read documentation. Reviewed By: jungejason Reviewers: jungejason, tuomaspelkonen, aran CC: aran, epriestley, jungejason Differential Revision: 695
2011-07-20 07:48:38 +02:00
try {
// Perform the actual write.
$data_handle = $engine->writeFile($data, $params);
if (!$data_handle || strlen($data_handle) > 255) {
// This indicates an improperly implemented storage engine.
Improve exception behavior for storage engine failures Summary: See T1021. Raise configuration or implementation exceptions immediately. When all engines fail, raise an aggregate exception with details. Test Plan: Forced all engines to fail, received an aggregate exception. Forced an engine to fail with a config exception, recevied it immediately. Reviewers: btrahan, vrana, jungejason Reviewed By: btrahan CC: aran Maniphest Tasks: T1021 Differential Revision: https://secure.phabricator.com/D2157
2012-04-09 00:07:34 +02:00
throw new PhabricatorFileStorageConfigurationException(
"Storage engine '{$engine_class}' executed writeFile() but did ".
"not return a valid handle ('{$data_handle}') to the data: it ".
"must be nonempty and no longer than 255 characters.");
Allow Phabricator storage engines to be extended and configured Summary: See T344. Currently, there's a hard-coded 12MB filesize limit and some awkward interactions with MySQL's max_allowed_packet. Make this system generally more robust: - Move the upload limit to configuration. - Add setup steps which reconcile max_allowed_packet vs MySQL file storage limits. - Add a layer of indirection between uploading files and storage engines. - Allow the definition of new storage engines. - Define a local disk storage engine. - Add a "storage engine selector" class which manages choosing which storage engines to put files in. - Document storage engines. - Document file storage classes. Test Plan: Setup mode: - Disabled MySQL storage engine, misconfigured it, configured it correctly. - Disabled file storage engine, set it to something invalid, set it to something valid. - Verified max_allowed_packet is read correctly. Application mode: - Configured local file storage. - Uploaded large and small files. - Verified larger files were written to local storage. - Verified smaller files were written to MySQL blob storage. Documentation: - Read documentation. Reviewed By: jungejason Reviewers: jungejason, tuomaspelkonen, aran CC: aran, epriestley, jungejason Differential Revision: 695
2011-07-20 07:48:38 +02:00
}
$engine_identifier = $engine->getEngineIdentifier();
if (!$engine_identifier || strlen($engine_identifier) > 32) {
Improve exception behavior for storage engine failures Summary: See T1021. Raise configuration or implementation exceptions immediately. When all engines fail, raise an aggregate exception with details. Test Plan: Forced all engines to fail, received an aggregate exception. Forced an engine to fail with a config exception, recevied it immediately. Reviewers: btrahan, vrana, jungejason Reviewed By: btrahan CC: aran Maniphest Tasks: T1021 Differential Revision: https://secure.phabricator.com/D2157
2012-04-09 00:07:34 +02:00
throw new PhabricatorFileStorageConfigurationException(
"Storage engine '{$engine_class}' returned an improper engine ".
Allow Phabricator storage engines to be extended and configured Summary: See T344. Currently, there's a hard-coded 12MB filesize limit and some awkward interactions with MySQL's max_allowed_packet. Make this system generally more robust: - Move the upload limit to configuration. - Add setup steps which reconcile max_allowed_packet vs MySQL file storage limits. - Add a layer of indirection between uploading files and storage engines. - Allow the definition of new storage engines. - Define a local disk storage engine. - Add a "storage engine selector" class which manages choosing which storage engines to put files in. - Document storage engines. - Document file storage classes. Test Plan: Setup mode: - Disabled MySQL storage engine, misconfigured it, configured it correctly. - Disabled file storage engine, set it to something invalid, set it to something valid. - Verified max_allowed_packet is read correctly. Application mode: - Configured local file storage. - Uploaded large and small files. - Verified larger files were written to local storage. - Verified smaller files were written to MySQL blob storage. Documentation: - Read documentation. Reviewed By: jungejason Reviewers: jungejason, tuomaspelkonen, aran CC: aran, epriestley, jungejason Differential Revision: 695
2011-07-20 07:48:38 +02:00
"identifier '{$engine_identifier}': it must be nonempty ".
"and no longer than 32 characters.");
}
// We stored the file somewhere so stop trying to write it to other
// places.
break;
} catch (Exception $ex) {
Improve exception behavior for storage engine failures Summary: See T1021. Raise configuration or implementation exceptions immediately. When all engines fail, raise an aggregate exception with details. Test Plan: Forced all engines to fail, received an aggregate exception. Forced an engine to fail with a config exception, recevied it immediately. Reviewers: btrahan, vrana, jungejason Reviewed By: btrahan CC: aran Maniphest Tasks: T1021 Differential Revision: https://secure.phabricator.com/D2157
2012-04-09 00:07:34 +02:00
if ($ex instanceof PhabricatorFileStorageConfigurationException) {
// If an engine is outright misconfigured (or misimplemented), raise
// that immediately since it probably needs attention.
throw $ex;
}
Allow Phabricator storage engines to be extended and configured Summary: See T344. Currently, there's a hard-coded 12MB filesize limit and some awkward interactions with MySQL's max_allowed_packet. Make this system generally more robust: - Move the upload limit to configuration. - Add setup steps which reconcile max_allowed_packet vs MySQL file storage limits. - Add a layer of indirection between uploading files and storage engines. - Allow the definition of new storage engines. - Define a local disk storage engine. - Add a "storage engine selector" class which manages choosing which storage engines to put files in. - Document storage engines. - Document file storage classes. Test Plan: Setup mode: - Disabled MySQL storage engine, misconfigured it, configured it correctly. - Disabled file storage engine, set it to something invalid, set it to something valid. - Verified max_allowed_packet is read correctly. Application mode: - Configured local file storage. - Uploaded large and small files. - Verified larger files were written to local storage. - Verified smaller files were written to MySQL blob storage. Documentation: - Read documentation. Reviewed By: jungejason Reviewers: jungejason, tuomaspelkonen, aran CC: aran, epriestley, jungejason Differential Revision: 695
2011-07-20 07:48:38 +02:00
// If an engine doesn't work, keep trying all the other valid engines
// in case something else works.
phlog($ex);
Improve exception behavior for storage engine failures Summary: See T1021. Raise configuration or implementation exceptions immediately. When all engines fail, raise an aggregate exception with details. Test Plan: Forced all engines to fail, received an aggregate exception. Forced an engine to fail with a config exception, recevied it immediately. Reviewers: btrahan, vrana, jungejason Reviewed By: btrahan CC: aran Maniphest Tasks: T1021 Differential Revision: https://secure.phabricator.com/D2157
2012-04-09 00:07:34 +02:00
$exceptions[] = $ex;
Allow Phabricator storage engines to be extended and configured Summary: See T344. Currently, there's a hard-coded 12MB filesize limit and some awkward interactions with MySQL's max_allowed_packet. Make this system generally more robust: - Move the upload limit to configuration. - Add setup steps which reconcile max_allowed_packet vs MySQL file storage limits. - Add a layer of indirection between uploading files and storage engines. - Allow the definition of new storage engines. - Define a local disk storage engine. - Add a "storage engine selector" class which manages choosing which storage engines to put files in. - Document storage engines. - Document file storage classes. Test Plan: Setup mode: - Disabled MySQL storage engine, misconfigured it, configured it correctly. - Disabled file storage engine, set it to something invalid, set it to something valid. - Verified max_allowed_packet is read correctly. Application mode: - Configured local file storage. - Uploaded large and small files. - Verified larger files were written to local storage. - Verified smaller files were written to MySQL blob storage. Documentation: - Read documentation. Reviewed By: jungejason Reviewers: jungejason, tuomaspelkonen, aran CC: aran, epriestley, jungejason Differential Revision: 695
2011-07-20 07:48:38 +02:00
}
}
if (!$data_handle) {
Improve exception behavior for storage engine failures Summary: See T1021. Raise configuration or implementation exceptions immediately. When all engines fail, raise an aggregate exception with details. Test Plan: Forced all engines to fail, received an aggregate exception. Forced an engine to fail with a config exception, recevied it immediately. Reviewers: btrahan, vrana, jungejason Reviewed By: btrahan CC: aran Maniphest Tasks: T1021 Differential Revision: https://secure.phabricator.com/D2157
2012-04-09 00:07:34 +02:00
throw new PhutilAggregateException(
"All storage engines failed to write file:",
$exceptions);
Phabricator file upload application.
2011-01-23 03:33:00 +01:00
}
$file_name = idx($params, 'name');
$file_name = self::normalizeFileName($file_name);
Drag-drop file upload. Summary: - have files be uploaded by drag+drop instead of browse. - Files are named by their uploaded filename, the user isn't given a chance to enter a file name. Is this bad? - Store author PHID now with files - Allow an ?author=<username> to limit the /files/ list by author. - If one file is uploaded, the user is taken to its info page. - If several are uploaded, they are taken to a list of their files. Test Plan: - Quickly tested everything and it still worked, I'd recommend some people try this out before it gets committed though. It's a rather huge revision. Reviewers: epriestley, Ttech CC: Differential Revision: 612
2011-07-08 06:17:00 +02:00
// If for whatever reason, authorPHID isn't passed as a param
// (always the case with newFromFileDownload()), store a ''
$authorPHID = idx($params, 'authorPHID');
Phabricator file upload application.
2011-01-23 03:33:00 +01:00
$file = new PhabricatorFile();
$file->setName($file_name);
$file->setByteSize(strlen($data));
Drag-drop file upload. Summary: - have files be uploaded by drag+drop instead of browse. - Files are named by their uploaded filename, the user isn't given a chance to enter a file name. Is this bad? - Store author PHID now with files - Allow an ?author=<username> to limit the /files/ list by author. - If one file is uploaded, the user is taken to its info page. - If several are uploaded, they are taken to a list of their files. Test Plan: - Quickly tested everything and it still worked, I'd recommend some people try this out before it gets committed though. It's a rather huge revision. Reviewers: epriestley, Ttech CC: Differential Revision: 612
2011-07-08 06:17:00 +02:00
$file->setAuthorPHID($authorPHID);
Straighten out Diffusion file integration Summary: This is in preparation for getting the "View Options" dropdown working on audits. - Use Files to serve raw data so we get all the security benefits of the alternate file domain. Although the difficulty of exploiting this is high (you need commit access to the repo) there's no reason to leave it dangling. - Add a "contentHash" to Files so we can lookup files by content rather than adding some weird linker table. We can do other things with this later, potentially. - Don't use 'data' URIs since they're crazy and we can just link to the file URI. - When showing a binary file or an image, don't give options like "show highlighted text with blame" or "edit in external editor" since they don't make any sense. - Use the existing infrastructure to figure out if things are images or binaries instead of an ad-hoc thing in this class. Test Plan: Looked at text, image and binary files in Diffusion. Verified we reuse existing files if we've already generated them. Reviewers: btrahan, vrana Reviewed By: btrahan CC: aran, epriestley Maniphest Tasks: T904 Differential Revision: https://secure.phabricator.com/D1899
2012-03-20 03:52:24 +01:00
$file->setContentHash(PhabricatorHash::digest($data));
Phabricator file upload application.
2011-01-23 03:33:00 +01:00
Allow Phabricator storage engines to be extended and configured Summary: See T344. Currently, there's a hard-coded 12MB filesize limit and some awkward interactions with MySQL's max_allowed_packet. Make this system generally more robust: - Move the upload limit to configuration. - Add setup steps which reconcile max_allowed_packet vs MySQL file storage limits. - Add a layer of indirection between uploading files and storage engines. - Allow the definition of new storage engines. - Define a local disk storage engine. - Add a "storage engine selector" class which manages choosing which storage engines to put files in. - Document storage engines. - Document file storage classes. Test Plan: Setup mode: - Disabled MySQL storage engine, misconfigured it, configured it correctly. - Disabled file storage engine, set it to something invalid, set it to something valid. - Verified max_allowed_packet is read correctly. Application mode: - Configured local file storage. - Uploaded large and small files. - Verified larger files were written to local storage. - Verified smaller files were written to MySQL blob storage. Documentation: - Read documentation. Reviewed By: jungejason Reviewers: jungejason, tuomaspelkonen, aran CC: aran, epriestley, jungejason Differential Revision: 695
2011-07-20 07:48:38 +02:00
$file->setStorageEngine($engine_identifier);
$file->setStorageHandle($data_handle);
Phabricator file upload application.
2011-01-23 03:33:00 +01:00
Allow Phabricator storage engines to be extended and configured Summary: See T344. Currently, there's a hard-coded 12MB filesize limit and some awkward interactions with MySQL's max_allowed_packet. Make this system generally more robust: - Move the upload limit to configuration. - Add setup steps which reconcile max_allowed_packet vs MySQL file storage limits. - Add a layer of indirection between uploading files and storage engines. - Allow the definition of new storage engines. - Define a local disk storage engine. - Add a "storage engine selector" class which manages choosing which storage engines to put files in. - Document storage engines. - Document file storage classes. Test Plan: Setup mode: - Disabled MySQL storage engine, misconfigured it, configured it correctly. - Disabled file storage engine, set it to something invalid, set it to something valid. - Verified max_allowed_packet is read correctly. Application mode: - Configured local file storage. - Uploaded large and small files. - Verified larger files were written to local storage. - Verified smaller files were written to MySQL blob storage. Documentation: - Read documentation. Reviewed By: jungejason Reviewers: jungejason, tuomaspelkonen, aran CC: aran, epriestley, jungejason Differential Revision: 695
2011-07-20 07:48:38 +02:00
// TODO: This is probably YAGNI, but allows for us to do encryption or
// compression later if we want.
Phabricator file upload application.
2011-01-23 03:33:00 +01:00
$file->setStorageFormat(self::STORAGE_FORMAT_RAW);
Very rough cut of DarkConsole + XHProf
2011-02-02 22:48:52 +01:00
if (isset($params['mime-type'])) {
$file->setMimeType($params['mime-type']);
} else {
Use Filesystem::getMimeType() instead of `file` Summary: The `file` binary doesn't exist everywhere, use the more flexible wrapper introduce in D1609. Test Plan: Uploaded a file via drag-and-drop, it got MIME'd correctly. Reviewers: btrahan, davidreuss, Koolvin Reviewed By: btrahan CC: aran, epriestley Maniphest Tasks: T869 Differential Revision: https://secure.phabricator.com/D1615
2012-02-15 02:00:05 +01:00
$tmp = new TempFile();
Filesystem::writeFile($tmp, $data);
$file->setMimeType(Filesystem::getMimeType($tmp));
Phabricator file upload application.
2011-01-23 03:33:00 +01:00
}
$file->save();
return $file;
}
Image macros for Phabricator! Summary: Added long waited image macro support for differential and others. Test Plan: Tried a couple of different macros and made sure they appear nicely in the comment preview. Made sure that the normal comments are shown correctly. Reviewed By: epriestley Reviewers: epriestley CC: jungejason, tuomaspelkonen, epriestley Differential Revision: 129
2011-04-14 00:15:48 +02:00
public static function newFromFileDownload($uri, $name) {
$uri = new PhutilURI($uri);
Restore image proxying to Remarkup Summary: Previously, Remarkup allowed you to paste in an image URI and get an inline image. However, it did this by hotlinking the image which isn't so hot in an open source product. Restore this feature, but use image proxying instead. The existing image macro code does most of the work. There is a mild security risk depending on the network setup so I've left this default-disabled and made a note about it. It should be safe to enable for Facebook. Test Plan: Pasted in image and non-image links, got reasonable behavior. Verified proxying appears to work. Verified that file:// shenanigans produce 400. Reviewed By: tuomaspelkonen Reviewers: aran, jungejason, tuomaspelkonen Commenters: cpiro CC: aran, cpiro, tuomaspelkonen Differential Revision: 214
2011-05-02 23:20:24 +02:00
$protocol = $uri->getProtocol();
switch ($protocol) {
case 'http':
case 'https':
break;
default:
// Make sure we are not accessing any file:// URIs or similar.
return null;
}
Get rid of file_get_contents($uri) Summary: It requires `allow_url_fopen` which we don't check in setup and our installation is about to disable it. Test Plan: Login with OAuth. /oauth/facebook/diagnose/ Reviewers: epriestley Reviewed By: epriestley CC: aran, Korvin Differential Revision: https://secure.phabricator.com/D2787
2012-06-19 00:11:47 +02:00
$timeout = 5;
$file_data = HTTPSFuture::loadContent($uri, $timeout);
Image macros for Phabricator! Summary: Added long waited image macro support for differential and others. Test Plan: Tried a couple of different macros and made sure they appear nicely in the comment preview. Made sure that the normal comments are shown correctly. Reviewed By: epriestley Reviewers: epriestley CC: jungejason, tuomaspelkonen, epriestley Differential Revision: 129
2011-04-14 00:15:48 +02:00
if ($file_data === false) {
return null;
}
return self::newFromFileData($file_data, array('name' => $name));
}
Phabricator file upload application.
2011-01-23 03:33:00 +01:00
public static function normalizeFileName($file_name) {
return preg_replace('/[^a-zA-Z0-9.~_-]/', '_', $file_name);
}
public function delete() {
Allow Phabricator storage engines to be extended and configured Summary: See T344. Currently, there's a hard-coded 12MB filesize limit and some awkward interactions with MySQL's max_allowed_packet. Make this system generally more robust: - Move the upload limit to configuration. - Add setup steps which reconcile max_allowed_packet vs MySQL file storage limits. - Add a layer of indirection between uploading files and storage engines. - Allow the definition of new storage engines. - Define a local disk storage engine. - Add a "storage engine selector" class which manages choosing which storage engines to put files in. - Document storage engines. - Document file storage classes. Test Plan: Setup mode: - Disabled MySQL storage engine, misconfigured it, configured it correctly. - Disabled file storage engine, set it to something invalid, set it to something valid. - Verified max_allowed_packet is read correctly. Application mode: - Configured local file storage. - Uploaded large and small files. - Verified larger files were written to local storage. - Verified smaller files were written to MySQL blob storage. Documentation: - Read documentation. Reviewed By: jungejason Reviewers: jungejason, tuomaspelkonen, aran CC: aran, epriestley, jungejason Differential Revision: 695
2011-07-20 07:48:38 +02:00
$engine = $this->instantiateStorageEngine();
$ret = parent::delete();
$engine->deleteFile($this->getStorageHandle());
Phabricator file upload application.
2011-01-23 03:33:00 +01:00
return $ret;
}
public function loadFileData() {
Allow Phabricator storage engines to be extended and configured Summary: See T344. Currently, there's a hard-coded 12MB filesize limit and some awkward interactions with MySQL's max_allowed_packet. Make this system generally more robust: - Move the upload limit to configuration. - Add setup steps which reconcile max_allowed_packet vs MySQL file storage limits. - Add a layer of indirection between uploading files and storage engines. - Allow the definition of new storage engines. - Define a local disk storage engine. - Add a "storage engine selector" class which manages choosing which storage engines to put files in. - Document storage engines. - Document file storage classes. Test Plan: Setup mode: - Disabled MySQL storage engine, misconfigured it, configured it correctly. - Disabled file storage engine, set it to something invalid, set it to something valid. - Verified max_allowed_packet is read correctly. Application mode: - Configured local file storage. - Uploaded large and small files. - Verified larger files were written to local storage. - Verified smaller files were written to MySQL blob storage. Documentation: - Read documentation. Reviewed By: jungejason Reviewers: jungejason, tuomaspelkonen, aran CC: aran, epriestley, jungejason Differential Revision: 695
2011-07-20 07:48:38 +02:00
$engine = $this->instantiateStorageEngine();
$data = $engine->readFile($this->getStorageHandle());
Phabricator file upload application.
2011-01-23 03:33:00 +01:00
switch ($this->getStorageFormat()) {
case self::STORAGE_FORMAT_RAW:
$data = $data;
break;
default:
throw new Exception("Unknown storage format.");
}
return $data;
}
PhabricatorObjectHandles
2011-01-26 18:02:09 +01:00
public function getViewURI() {
Use a proper entropy source to generate file keys Summary: See T549. Under configurations where files are served from an alternate domain which does not have cookie credentials, we use random keys to prevent browsing, similar to how Facebook relies on pseudorandom information in image URIs (we could some day go farther than this and generate file sessions on the alternate domain or something, I guess). Currently, we generate these random keys in a roundabout manner. Instead, use a real entropy source and store the key on the object. This reduces the number of sha1() calls in the codebase as per T547. Test Plan: Ran upgrade scripts, verified database was populated correctly. Configured alternate file domain, uploaded file, verified secret generated and worked properly. Changed secret, was given 404. Reviewers: jungejason, benmathews, nh, tuomaspelkonen, aran Reviewed By: aran CC: aran, epriestley Differential Revision: 1036
2011-10-23 22:50:10 +02:00
if (!$this->getPHID()) {
throw new Exception(
"You must save a file before you can generate a view URI.");
}
Put file name in view URI, so downloading it with option-return creates a usefully-named file Summary: If you Command-L + Option-Return to download stuff off, e.g., Paste, you get "PHID-FILE-ad98abg9bsd9ashbs.txt" in your download folder. Put the file name in the URI instead, so you get a reasonably named file. Test Plan: Downloaded some files, got reasonable results. Reviewers: btrahan, jungejason Reviewed By: btrahan CC: aran Differential Revision: https://secure.phabricator.com/D1427
2012-01-17 01:20:18 +01:00
$name = phutil_escape_uri($this->getName());
Move ALL files to serve from the alternate file domain, not just files without "Content-Disposition: attachment" Summary: We currently serve some files off the primary domain (with "Content-Disposition: attachment" + a CSRF check) and some files off the alternate domain (without either). This is not sufficient, because some UAs (like the iPad) ignore "Content-Disposition: attachment". So there's an attack that goes like this: - Alice uploads xss.html - Alice says to Bob "hey download this file on your iPad" - Bob clicks "Download" on Phabricator on his iPad, gets XSS'd. NOTE: This removes the CSRF check for downloading files. The check is nice to have but only raises the barrier to entry slightly. Between iPad / sniffing / flash bytecode attacks, single-domain installs are simply insecure. We could restore the check at some point in conjunction with a derived authentication cookie (i.e., a mini-session-token which is only useful for downloading files), but that's a lot of complexity to drop all at once. (Because files are now authenticated only by knowing the PHID and secret key, this also fixes the "no profile pictures in public feed while logged out" issue.) Test Plan: Viewed, info'd, and downloaded files Reviewers: btrahan, arice, alok Reviewed By: arice CC: aran, epriestley Maniphest Tasks: T843 Differential Revision: https://secure.phabricator.com/D1608
2012-02-14 23:52:27 +01:00
$path = '/file/data/'.$this->getSecretKey().'/'.$this->getPHID().'/'.$name;
return PhabricatorEnv::getCDNURI($path);
PhabricatorObjectHandles
2011-01-26 18:02:09 +01:00
}
Lint slop and some cleanup. Summary: Test Plan: Reviewers: CC:
2011-02-22 18:22:57 +01:00
Add a 'file.info' Conduit method Summary: Need this for 'arc upload' and 'arc download'. Given a file PHID or ID, provides information about it. Test Plan: - Implemented 'arc upload' and 'arc download' based on 'file.info'. - Used Conduit API console to test method. Reviewed By: codeblock Reviewers: codeblock, jungejason, tuomaspelkonen, aran CC: aran, codeblock, epriestley Differential Revision: 741
2011-07-29 19:00:16 +02:00
public function getInfoURI() {
return '/file/info/'.$this->getPHID().'/';
}
public function getBestURI() {
if ($this->isViewableInBrowser()) {
return $this->getViewURI();
} else {
return $this->getInfoURI();
}
}
Improve drag-and-drop uploader Summary: Make it discoverable, show uploading progress, show file thumbnails, allow you to remove files, make it a generic form component. Test Plan: Uploaded ducks Reviewed By: tomo Reviewers: aran, tomo, jungejason, tuomaspelkonen CC: anjali, aran, epriestley, tomo Differential Revision: 334
2011-05-23 01:11:41 +02:00
public function getThumb60x45URI() {
return '/file/xform/thumb-60x45/'.$this->getPHID().'/';
}
Improve file preview in Maniphest Summary: Show large thumbnails of attached files in Maniphest. Test Plan: Looked at large thumbnails in Maniphest. Reviewed By: jungejason Reviewers: tomo, aran, jungejason, tuomaspelkonen CC: anjali, aran, epriestley, jungejason Differential Revision: 335
2011-05-23 02:06:42 +02:00
public function getThumb160x120URI() {
return '/file/xform/thumb-160x120/'.$this->getPHID().'/';
}
Security: tighten up the File tool against clowning around. Summary: Test Plan: Reviewers: CC:
2011-02-22 18:19:14 +01:00
public function isViewableInBrowser() {
return ($this->getViewableMimeType() !== null);
}
Lint slop and some cleanup. Summary: Test Plan: Reviewers: CC:
2011-02-22 18:22:57 +01:00
Straighten out Diffusion file integration Summary: This is in preparation for getting the "View Options" dropdown working on audits. - Use Files to serve raw data so we get all the security benefits of the alternate file domain. Although the difficulty of exploiting this is high (you need commit access to the repo) there's no reason to leave it dangling. - Add a "contentHash" to Files so we can lookup files by content rather than adding some weird linker table. We can do other things with this later, potentially. - Don't use 'data' URIs since they're crazy and we can just link to the file URI. - When showing a binary file or an image, don't give options like "show highlighted text with blame" or "edit in external editor" since they don't make any sense. - Use the existing infrastructure to figure out if things are images or binaries instead of an ad-hoc thing in this class. Test Plan: Looked at text, image and binary files in Diffusion. Verified we reuse existing files if we've already generated them. Reviewers: btrahan, vrana Reviewed By: btrahan CC: aran, epriestley Maniphest Tasks: T904 Differential Revision: https://secure.phabricator.com/D1899
2012-03-20 03:52:24 +01:00
public function isViewableImage() {
if (!$this->isViewableInBrowser()) {
return false;
}
$mime_map = PhabricatorEnv::getEnvConfig('files.image-mime-types');
$mime_type = $this->getMimeType();
return idx($mime_map, $mime_type);
}
Basic image thumbnailing Summary: This is still very rough but provides basic support for generating image thumbnails. I need to separate stuff out a bit but I'm going to integrate into Maniphest before I hit the profile stuff so this seems like a reasonable starting point. Test Plan: Generated some image thumbnails in various sizes. Reviewed By: aran Reviewers: jungejason, tuomaspelkonen, aran CC: aran Differential Revision: 333
2011-05-22 23:40:51 +02:00
public function isTransformableImage() {
Support thumbnailing non-image files and straighten out setup for 'gd' Summary: Make 'gd' an explicit optional dependency, test for it in setup, and make the software behave correctly if it is not available. When generating file thumnails, provide reasonable defaults and behavior for non-image files. Test Plan: Uploaded text files, pdf files, etc., and got real thumbnails instead of a broken image. Simulated setup and gd failures and walked through setup process and image fallback for thumbnails. Reviewed By: aran Reviewers: toulouse, jungejason, tuomaspelkonen, aran CC: aran, epriestley Differential Revision: 446
2011-06-13 17:43:42 +02:00
// NOTE: The way the 'gd' extension works in PHP is that you can install it
// with support for only some file types, so it might be able to handle
// PNG but not JPEG. Try to generate thumbnails for whatever we can. Setup
// warns you if you don't have complete support.
$matches = null;
$ok = preg_match(
'@^image/(gif|png|jpe?g)@',
$this->getViewableMimeType(),
$matches);
if (!$ok) {
return false;
}
switch ($matches[1]) {
case 'jpg';
case 'jpeg':
return function_exists('imagejpeg');
break;
case 'png':
return function_exists('imagepng');
break;
case 'gif':
return function_exists('imagegif');
break;
default:
throw new Exception('Unknown type matched as image MIME type.');
}
Basic image thumbnailing Summary: This is still very rough but provides basic support for generating image thumbnails. I need to separate stuff out a bit but I'm going to integrate into Maniphest before I hit the profile stuff so this seems like a reasonable starting point. Test Plan: Generated some image thumbnails in various sizes. Reviewed By: aran Reviewers: jungejason, tuomaspelkonen, aran CC: aran Differential Revision: 333
2011-05-22 23:40:51 +02:00
}
Improve UI hints and error messages for supported file types Summary: We give you a pretty bad error right now if your server doesn't have, say, png support, saying "only png is supportd loololloo". Instead, show you which formats are supported in the error messsage, and tell you upfront. Test Plan: Tried to upload supported and unsupported images, got appropriate errors and supported format text. Reviewers: btrahan Reviewed By: btrahan CC: aran, epriestley Maniphest Tasks: T981 Differential Revision: https://secure.phabricator.com/D1894
2012-03-14 20:41:33 +01:00
public static function getTransformableImageFormats() {
$supported = array();
if (function_exists('imagejpeg')) {
$supported[] = 'jpg';
}
if (function_exists('imagepng')) {
$supported[] = 'png';
}
if (function_exists('imagegif')) {
$supported[] = 'gif';
}
return $supported;
}
Allow Phabricator storage engines to be extended and configured Summary: See T344. Currently, there's a hard-coded 12MB filesize limit and some awkward interactions with MySQL's max_allowed_packet. Make this system generally more robust: - Move the upload limit to configuration. - Add setup steps which reconcile max_allowed_packet vs MySQL file storage limits. - Add a layer of indirection between uploading files and storage engines. - Allow the definition of new storage engines. - Define a local disk storage engine. - Add a "storage engine selector" class which manages choosing which storage engines to put files in. - Document storage engines. - Document file storage classes. Test Plan: Setup mode: - Disabled MySQL storage engine, misconfigured it, configured it correctly. - Disabled file storage engine, set it to something invalid, set it to something valid. - Verified max_allowed_packet is read correctly. Application mode: - Configured local file storage. - Uploaded large and small files. - Verified larger files were written to local storage. - Verified smaller files were written to MySQL blob storage. Documentation: - Read documentation. Reviewed By: jungejason Reviewers: jungejason, tuomaspelkonen, aran CC: aran, epriestley, jungejason Differential Revision: 695
2011-07-20 07:48:38 +02:00
protected function instantiateStorageEngine() {
$engines = id(new PhutilSymbolLoader())
->setType('class')
->setAncestorClass('PhabricatorFileStorageEngine')
->selectAndLoadSymbols();
foreach ($engines as $engine_class) {
$engine = newv($engine_class['name'], array());
if ($engine->getEngineIdentifier() == $this->getStorageEngine()) {
return $engine;
}
}
throw new Exception("File's storage engine could be located!");
}
Security: tighten up the File tool against clowning around. Summary: Test Plan: Reviewers: CC:
2011-02-22 18:19:14 +01:00
public function getViewableMimeType() {
$mime_map = PhabricatorEnv::getEnvConfig('files.viewable-mime-types');
$mime_type = $this->getMimeType();
$mime_parts = explode(';', $mime_type);
Further OAuth modularization.
2011-02-28 19:15:42 +01:00
$mime_type = trim(reset($mime_parts));
Lint slop and some cleanup. Summary: Test Plan: Reviewers: CC:
2011-02-22 18:22:57 +01:00
Security: tighten up the File tool against clowning around. Summary: Test Plan: Reviewers: CC:
2011-02-22 18:19:14 +01:00
return idx($mime_map, $mime_type);
}
PhabricatorObjectHandles
2011-01-26 18:02:09 +01:00
Provide a setting which forces all file views to be served from an alternate domain Summary: See D758, D759. - Provide a strongly recommended setting which permits configuration of an alternate domain. - Lock cookies down better: set them on the exact domain, and use SSL-only if the configuration is HTTPS. - Prevent Phabriator from setting cookies on other domains. This assumes D759 will land, it is not effective without that change. Test Plan: - Attempted to login from a different domain and was rejected. - Logged out, logged back in normally. - Put install in setup mode and verified it revealed a warning. - Configured an alterate domain. - Tried to view an image with an old URI, got a 400. - Went to /files/ and verified links rendered to the alternate domain. - Viewed an alternate domain file. - Tried to view an alternate domain file without the secret key, got a 404. Reviewers: andrewjcg, erling, aran, tuomaspelkonen, jungejason, codeblock CC: aran Differential Revision: 760
2011-08-02 07:24:00 +02:00
public function validateSecretKey($key) {
Use a proper entropy source to generate file keys Summary: See T549. Under configurations where files are served from an alternate domain which does not have cookie credentials, we use random keys to prevent browsing, similar to how Facebook relies on pseudorandom information in image URIs (we could some day go farther than this and generate file sessions on the alternate domain or something, I guess). Currently, we generate these random keys in a roundabout manner. Instead, use a real entropy source and store the key on the object. This reduces the number of sha1() calls in the codebase as per T547. Test Plan: Ran upgrade scripts, verified database was populated correctly. Configured alternate file domain, uploaded file, verified secret generated and worked properly. Changed secret, was given 404. Reviewers: jungejason, benmathews, nh, tuomaspelkonen, aran Reviewed By: aran CC: aran, epriestley Differential Revision: 1036
2011-10-23 22:50:10 +02:00
return ($key == $this->getSecretKey());
Provide a setting which forces all file views to be served from an alternate domain Summary: See D758, D759. - Provide a strongly recommended setting which permits configuration of an alternate domain. - Lock cookies down better: set them on the exact domain, and use SSL-only if the configuration is HTTPS. - Prevent Phabriator from setting cookies on other domains. This assumes D759 will land, it is not effective without that change. Test Plan: - Attempted to login from a different domain and was rejected. - Logged out, logged back in normally. - Put install in setup mode and verified it revealed a warning. - Configured an alterate domain. - Tried to view an image with an old URI, got a 400. - Went to /files/ and verified links rendered to the alternate domain. - Viewed an alternate domain file. - Tried to view an alternate domain file without the secret key, got a 404. Reviewers: andrewjcg, erling, aran, tuomaspelkonen, jungejason, codeblock CC: aran Differential Revision: 760
2011-08-02 07:24:00 +02:00
}
Use a proper entropy source to generate file keys Summary: See T549. Under configurations where files are served from an alternate domain which does not have cookie credentials, we use random keys to prevent browsing, similar to how Facebook relies on pseudorandom information in image URIs (we could some day go farther than this and generate file sessions on the alternate domain or something, I guess). Currently, we generate these random keys in a roundabout manner. Instead, use a real entropy source and store the key on the object. This reduces the number of sha1() calls in the codebase as per T547. Test Plan: Ran upgrade scripts, verified database was populated correctly. Configured alternate file domain, uploaded file, verified secret generated and worked properly. Changed secret, was given 404. Reviewers: jungejason, benmathews, nh, tuomaspelkonen, aran Reviewed By: aran CC: aran, epriestley Differential Revision: 1036
2011-10-23 22:50:10 +02:00
public function save() {
if (!$this->getSecretKey()) {
$this->setSecretKey($this->generateSecretKey());
}
return parent::save();
Provide a setting which forces all file views to be served from an alternate domain Summary: See D758, D759. - Provide a strongly recommended setting which permits configuration of an alternate domain. - Lock cookies down better: set them on the exact domain, and use SSL-only if the configuration is HTTPS. - Prevent Phabriator from setting cookies on other domains. This assumes D759 will land, it is not effective without that change. Test Plan: - Attempted to login from a different domain and was rejected. - Logged out, logged back in normally. - Put install in setup mode and verified it revealed a warning. - Configured an alterate domain. - Tried to view an image with an old URI, got a 400. - Went to /files/ and verified links rendered to the alternate domain. - Viewed an alternate domain file. - Tried to view an alternate domain file without the secret key, got a 404. Reviewers: andrewjcg, erling, aran, tuomaspelkonen, jungejason, codeblock CC: aran Differential Revision: 760
2011-08-02 07:24:00 +02:00
}
Use a proper entropy source to generate file keys Summary: See T549. Under configurations where files are served from an alternate domain which does not have cookie credentials, we use random keys to prevent browsing, similar to how Facebook relies on pseudorandom information in image URIs (we could some day go farther than this and generate file sessions on the alternate domain or something, I guess). Currently, we generate these random keys in a roundabout manner. Instead, use a real entropy source and store the key on the object. This reduces the number of sha1() calls in the codebase as per T547. Test Plan: Ran upgrade scripts, verified database was populated correctly. Configured alternate file domain, uploaded file, verified secret generated and worked properly. Changed secret, was given 404. Reviewers: jungejason, benmathews, nh, tuomaspelkonen, aran Reviewed By: aran CC: aran, epriestley Differential Revision: 1036
2011-10-23 22:50:10 +02:00
public function generateSecretKey() {
return Filesystem::readRandomCharacters(20);
}
Phabricator file upload application.
2011-01-23 03:33:00 +01:00
}
Copy permalink