2011-02-02 01:42:36 +01:00
|
|
|
<?php
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Copyright 2011 Facebook, Inc.
|
|
|
|
*
|
|
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
* you may not use this file except in compliance with the License.
|
|
|
|
* You may obtain a copy of the License at
|
|
|
|
*
|
|
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
*
|
|
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
* See the License for the specific language governing permissions and
|
|
|
|
* limitations under the License.
|
|
|
|
*/
|
|
|
|
|
|
|
|
final class DifferentialInlineCommentView extends AphrontView {
|
|
|
|
|
|
|
|
private $inlineComment;
|
|
|
|
private $onRight;
|
|
|
|
private $buildScaffolding;
|
|
|
|
private $handles;
|
|
|
|
private $markupEngine;
|
2011-02-02 19:10:25 +01:00
|
|
|
private $editable;
|
2011-06-09 20:09:54 +02:00
|
|
|
private $preview;
|
2011-02-02 01:42:36 +01:00
|
|
|
|
|
|
|
public function setInlineComment(DifferentialInlineComment $comment) {
|
|
|
|
$this->inlineComment = $comment;
|
|
|
|
return $this;
|
|
|
|
}
|
|
|
|
|
|
|
|
public function setOnRight($on_right) {
|
|
|
|
$this->onRight = $on_right;
|
|
|
|
return $this;
|
|
|
|
}
|
|
|
|
|
|
|
|
public function setBuildScaffolding($scaffold) {
|
|
|
|
$this->buildScaffolding = $scaffold;
|
|
|
|
return $this;
|
|
|
|
}
|
2011-02-02 22:48:52 +01:00
|
|
|
|
2011-02-02 01:42:36 +01:00
|
|
|
public function setHandles(array $handles) {
|
|
|
|
$this->handles = $handles;
|
|
|
|
return $this;
|
|
|
|
}
|
2011-02-02 22:48:52 +01:00
|
|
|
|
2011-02-02 01:42:36 +01:00
|
|
|
public function setMarkupEngine(PhutilMarkupEngine $engine) {
|
|
|
|
$this->markupEngine = $engine;
|
|
|
|
return $this;
|
|
|
|
}
|
|
|
|
|
2011-02-02 19:10:25 +01:00
|
|
|
public function setEditable($editable) {
|
|
|
|
$this->editable = $editable;
|
|
|
|
return $this;
|
|
|
|
}
|
|
|
|
|
2011-06-09 20:09:54 +02:00
|
|
|
public function setPreview($preview) {
|
|
|
|
$this->preview = $preview;
|
|
|
|
}
|
|
|
|
|
2011-02-02 01:42:36 +01:00
|
|
|
public function render() {
|
2011-02-02 22:48:52 +01:00
|
|
|
|
2011-02-02 01:42:36 +01:00
|
|
|
$inline = $this->inlineComment;
|
2011-02-02 22:48:52 +01:00
|
|
|
|
2011-02-02 01:42:36 +01:00
|
|
|
$start = $inline->getLineNumber();
|
|
|
|
$length = $inline->getLineLength();
|
|
|
|
if ($length) {
|
|
|
|
$end = $start + $length;
|
|
|
|
$line = 'Lines '.number_format($start).'-'.number_format($end);
|
|
|
|
} else {
|
|
|
|
$line = 'Line '.number_format($start);
|
|
|
|
}
|
2011-02-02 22:48:52 +01:00
|
|
|
|
2011-02-02 01:42:36 +01:00
|
|
|
$metadata = array(
|
2011-02-02 19:10:25 +01:00
|
|
|
'id' => $inline->getID(),
|
2011-02-02 01:42:36 +01:00
|
|
|
'number' => $inline->getLineNumber(),
|
|
|
|
'length' => $inline->getLineLength(),
|
2011-02-02 19:10:25 +01:00
|
|
|
'on_right' => $this->onRight,
|
Add "Undo" for editing Differential inline comments
Summary:
When a user hits 'cancel' on a 'new', 'edit', or 'reply' operation, add a little
"Changes discarded. __Undo__" insert so they can get their change back. No undo
for delete since there's an explicit prompt. Once this lands we can make
'escape' work again to close dialogs.
This change started feeling really good when I was merging all the duplicate
code and making things more consistent, but by the time I started writing client
rendering it felt gross. I'm not really thrilled with it but I guess it's a step
forward? The feature seems pretty OK in practice. Let me know how much barfing
this causes and I can try to remedy the most acute concerns.
This also fixes a bug where replies always (?) appear on the 'new' side of the
diff (I think?).
Test Plan:
Applied 'new', 'edit', 'delete' and 'reply' operations, pressed 'cancel' and
'okay' in each case, with and without changing text where relevant. All
behaviors seem to conform with expectations, except that canceling out of 'edit'
without changing the text gives you an option to undo when it shouldn't really.
There's no super easy way to get at the original text right now.
Reviewed By: aran
Reviewers: aran, jungejason, tuomaspelkonen
CC: simpkins, aran, epriestley
Differential Revision: 406
2011-06-08 01:11:10 +02:00
|
|
|
'original' => $inline->getContent(),
|
2011-02-02 01:42:36 +01:00
|
|
|
);
|
2011-02-02 22:48:52 +01:00
|
|
|
|
2011-02-02 01:42:36 +01:00
|
|
|
$sigil = 'differential-inline-comment';
|
2011-02-02 22:48:52 +01:00
|
|
|
|
2011-02-02 01:42:36 +01:00
|
|
|
$content = $inline->getContent();
|
|
|
|
$handles = $this->handles;
|
2011-02-02 22:48:52 +01:00
|
|
|
|
2011-02-02 19:10:25 +01:00
|
|
|
$links = array();
|
2011-04-15 03:08:10 +02:00
|
|
|
|
2011-06-14 21:42:27 +02:00
|
|
|
$is_draft = false;
|
|
|
|
if (!$inline->getCommentID()) {
|
2011-06-23 01:29:07 +02:00
|
|
|
$links[] = 'Not Submitted Yet';
|
2011-06-14 21:42:27 +02:00
|
|
|
$is_draft = true;
|
|
|
|
}
|
|
|
|
|
2011-06-09 20:09:54 +02:00
|
|
|
if (!$this->preview) {
|
|
|
|
$links[] = javelin_render_tag(
|
|
|
|
'a',
|
|
|
|
array(
|
|
|
|
'href' => '#',
|
|
|
|
'mustcapture' => true,
|
|
|
|
'sigil' => 'differential-inline-prev',
|
|
|
|
),
|
|
|
|
'Previous');
|
2011-05-11 21:25:29 +02:00
|
|
|
|
2011-06-09 20:09:54 +02:00
|
|
|
$links[] = javelin_render_tag(
|
|
|
|
'a',
|
|
|
|
array(
|
|
|
|
'href' => '#',
|
|
|
|
'mustcapture' => true,
|
|
|
|
'sigil' => 'differential-inline-next',
|
|
|
|
),
|
|
|
|
'Next');
|
2011-05-11 21:25:29 +02:00
|
|
|
|
2011-06-09 20:09:54 +02:00
|
|
|
$links[] = javelin_render_tag(
|
|
|
|
'a',
|
|
|
|
array(
|
|
|
|
'href' => '#',
|
|
|
|
'mustcapture' => true,
|
|
|
|
'sigil' => 'differential-inline-reply',
|
|
|
|
),
|
|
|
|
'Reply');
|
|
|
|
}
|
2011-04-15 03:08:10 +02:00
|
|
|
|
2011-06-09 20:09:54 +02:00
|
|
|
if ($this->editable && !$this->preview) {
|
2011-02-02 19:10:25 +01:00
|
|
|
$links[] = javelin_render_tag(
|
|
|
|
'a',
|
|
|
|
array(
|
|
|
|
'href' => '#',
|
|
|
|
'mustcapture' => true,
|
|
|
|
'sigil' => 'differential-inline-edit',
|
|
|
|
),
|
|
|
|
'Edit');
|
|
|
|
$links[] = javelin_render_tag(
|
|
|
|
'a',
|
|
|
|
array(
|
|
|
|
'href' => '#',
|
|
|
|
'mustcapture' => true,
|
|
|
|
'sigil' => 'differential-inline-delete',
|
|
|
|
),
|
|
|
|
'Delete');
|
|
|
|
}
|
|
|
|
|
2011-02-02 01:42:36 +01:00
|
|
|
if ($links) {
|
2011-02-02 22:48:52 +01:00
|
|
|
$links =
|
2011-02-02 01:42:36 +01:00
|
|
|
'<span class="differential-inline-comment-links">'.
|
2011-02-02 19:10:25 +01:00
|
|
|
implode(' · ', $links).
|
2011-02-02 01:42:36 +01:00
|
|
|
'</span>';
|
2011-02-02 19:10:25 +01:00
|
|
|
} else {
|
|
|
|
$links = null;
|
2011-02-02 01:42:36 +01:00
|
|
|
}
|
2011-02-02 22:48:52 +01:00
|
|
|
|
2011-02-03 04:38:43 +01:00
|
|
|
$cache = $inline->getCache();
|
|
|
|
if (strlen($cache)) {
|
|
|
|
$content = $cache;
|
|
|
|
} else {
|
|
|
|
$content = $this->markupEngine->markupText($content);
|
|
|
|
if ($inline->getID()) {
|
|
|
|
$inline->setCache($content);
|
Create AphrontWriteGuard, a backup mechanism for CSRF validation
Summary:
Provide a catchall mechanism to find unprotected writes.
- Depends on D758.
- Similar to WriteOnHTTPGet stuff from Facebook's stack.
- Since we have a small number of storage mechanisms and highly structured
read/write pathways, we can explicitly answer the question "is this page
performing a write?".
- Never allow writes without CSRF checks.
- This will probably break some things. That's fine: they're CSRF
vulnerabilities or weird edge cases that we can fix. But don't push to Facebook
for a few days unless you're prepared to deal with this.
- **>>> MEGADERP: All Conduit write APIs are currently vulnerable to CSRF!
<<<**
Test Plan:
- Ran some scripts that perform writes (scripts/search indexers), no issues.
- Performed normal CSRF submits.
- Added writes to an un-CSRF'd page, got an exception.
- Executed conduit methods.
- Did login/logout (this works because the logged-out user validates the
logged-out csrf "token").
- Did OAuth login.
- Did OAuth registration.
Reviewers: pedram, andrewjcg, erling, jungejason, tuomaspelkonen, aran,
codeblock
Commenters: pedram
CC: aran, epriestley, pedram
Differential Revision: 777
2011-08-03 20:49:27 +02:00
|
|
|
|
|
|
|
$unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();
|
2011-02-03 04:38:43 +01:00
|
|
|
$inline->save();
|
Create AphrontWriteGuard, a backup mechanism for CSRF validation
Summary:
Provide a catchall mechanism to find unprotected writes.
- Depends on D758.
- Similar to WriteOnHTTPGet stuff from Facebook's stack.
- Since we have a small number of storage mechanisms and highly structured
read/write pathways, we can explicitly answer the question "is this page
performing a write?".
- Never allow writes without CSRF checks.
- This will probably break some things. That's fine: they're CSRF
vulnerabilities or weird edge cases that we can fix. But don't push to Facebook
for a few days unless you're prepared to deal with this.
- **>>> MEGADERP: All Conduit write APIs are currently vulnerable to CSRF!
<<<**
Test Plan:
- Ran some scripts that perform writes (scripts/search indexers), no issues.
- Performed normal CSRF submits.
- Added writes to an un-CSRF'd page, got an exception.
- Executed conduit methods.
- Did login/logout (this works because the logged-out user validates the
logged-out csrf "token").
- Did OAuth login.
- Did OAuth registration.
Reviewers: pedram, andrewjcg, erling, jungejason, tuomaspelkonen, aran,
codeblock
Commenters: pedram
CC: aran, epriestley, pedram
Differential Revision: 777
2011-08-03 20:49:27 +02:00
|
|
|
unset($unguarded);
|
2011-02-03 04:38:43 +01:00
|
|
|
}
|
|
|
|
}
|
2011-02-02 22:48:52 +01:00
|
|
|
|
2011-02-14 01:00:21 +01:00
|
|
|
$anchor = phutil_render_tag(
|
|
|
|
'a',
|
|
|
|
array(
|
|
|
|
'name' => 'inline-'.$inline->getID(),
|
|
|
|
),
|
|
|
|
'');
|
|
|
|
|
2011-06-14 21:42:27 +02:00
|
|
|
$classes = array(
|
|
|
|
'differential-inline-comment',
|
|
|
|
);
|
|
|
|
if ($is_draft) {
|
|
|
|
$classes[] = 'differential-inline-comment-unsaved-draft';
|
|
|
|
}
|
|
|
|
$classes = implode(' ', $classes);
|
|
|
|
|
2011-02-02 01:42:36 +01:00
|
|
|
$markup = javelin_render_tag(
|
|
|
|
'div',
|
|
|
|
array(
|
2011-06-14 21:42:27 +02:00
|
|
|
'class' => $classes,
|
2011-02-02 01:42:36 +01:00
|
|
|
'sigil' => $sigil,
|
|
|
|
'meta' => $metadata,
|
|
|
|
),
|
|
|
|
'<div class="differential-inline-comment-head">'.
|
2011-02-14 01:00:21 +01:00
|
|
|
$anchor.
|
2011-02-02 01:42:36 +01:00
|
|
|
$links.
|
|
|
|
'<span class="differential-inline-comment-line">'.$line.'</span>'.
|
2011-02-02 19:10:25 +01:00
|
|
|
phutil_escape_html($handles[$inline->getAuthorPHID()]->getName()).
|
2011-02-02 01:42:36 +01:00
|
|
|
'</div>'.
|
2011-03-30 06:38:05 +02:00
|
|
|
'<div class="phabricator-remarkup">'.
|
|
|
|
$content.
|
|
|
|
'</div>');
|
2011-02-02 22:48:52 +01:00
|
|
|
|
2011-02-02 01:42:36 +01:00
|
|
|
return $this->scaffoldMarkup($markup);
|
|
|
|
}
|
|
|
|
|
|
|
|
private function scaffoldMarkup($markup) {
|
|
|
|
if (!$this->buildScaffolding) {
|
|
|
|
return $markup;
|
|
|
|
}
|
2011-02-02 22:48:52 +01:00
|
|
|
|
2011-04-15 03:08:10 +02:00
|
|
|
$left_markup = !$this->onRight ? $markup : '';
|
|
|
|
$right_markup = $this->onRight ? $markup : '';
|
|
|
|
|
|
|
|
return
|
|
|
|
'<table>'.
|
|
|
|
'<tr class="inline">'.
|
|
|
|
'<th></th>'.
|
|
|
|
'<td>'.$left_markup.'</td>'.
|
|
|
|
'<th></th>'.
|
|
|
|
'<td>'.$right_markup.'</td>'.
|
|
|
|
'</tr>'.
|
|
|
|
'</table>';
|
2011-02-02 01:42:36 +01:00
|
|
|
}
|
2011-02-02 22:48:52 +01:00
|
|
|
|
2011-02-02 01:42:36 +01:00
|
|
|
}
|