Add the ability to create a macro from a url

Test Plan: Enter in a url and create a macro. :)

Reviewers: epriestley

Reviewed By: epriestley

CC: epriestley, aran, dctrwatson, Korvin

Differential Revision: https://secure.phabricator.com/D5039

conf/default.conf.php

@@ -58,6 +58,9 @@ return array(
   // configuration file to directly set $_SERVER['HTTPS'] to the correct value.
   'security.require-https' => false,
 
+  // Is Phabricator permitted to make outbound HTTP requests?
+  'security.allow-outbound-http' => true,
+
 
 // -- Internationalization -------------------------------------------------- //
 

src/applications/config/option/PhabricatorSecurityConfigOptions.php

@@ -154,6 +154,18 @@ final class PhabricatorSecurityConfigOptions
             "inline. This has mild security implications (you'll leak ".
             "referrers to YouTube) and is pretty silly (but sort of ".
             "awesome).")),
+        $this->newOption('security.allow-outbound-http', 'bool', true)
+        ->setBoolOptions(
+          array(
+            pht("Allow"),
+            pht("Disallow"),
+          ))
+        ->setSummary(
+          pht("Allow outbound HTTP requests"))
+        ->setDescription(
+          pht(
+            "If you enable this, you are allowing Phabricator to potentially ".
+            "make requests to external servers.")),
     );
   }
 

src/applications/files/storage/PhabricatorFile.php

@@ -333,7 +333,12 @@ final class PhabricatorFile extends PhabricatorFileDAO
   }
 
 
-  public static function newFromFileDownload($uri, array $params) {
+  public static function newFromFileDownload($uri, array $params = array()) {
+    // Make sure we're allowed to make a request first
+    if (!PhabricatorEnv::getEnvConfig('security.allow-outbound-http')) {
+      throw new Exception("Outbound HTTP requests are disabled!");
+    }
+
     $uri = new PhutilURI($uri);
 
     $protocol = $uri->getProtocol();
@@ -352,6 +357,10 @@ final class PhabricatorFile extends PhabricatorFileDAO
         ->setTimeout($timeout)
         ->resolvex();
 
+    $params = $params + array(
+      'name' => basename($uri),
+    );
+
     return self::newFromFileData($file_data, $params);
   }
 

src/applications/macro/controller/PhabricatorMacroEditController.php

@@ -24,6 +24,7 @@ final class PhabricatorMacroEditController
     $e_name = true;
     $e_file = true;
     $file = null;
+    $can_fetch = PhabricatorEnv::getEnvConfig('security.allow-outbound-http');
 
     $request = $this->getRequest();
     $user = $request->getUser();
@@ -57,6 +58,17 @@ final class PhabricatorMacroEditController
             'name' => $request->getStr('name'),
             'authorPHID' => $user->getPHID(),
           ));
+      } else if ($request->getStr('url')) {
+        try {
+          $file = PhabricatorFile::newFromFileDownload(
+            $request->getStr('url'),
+            array(
+              'name' => $request->getStr('name'),
+              'authorPHID' => $user->getPHID(),
+            ));
+        } catch (Exception $ex) {
+          $errors[] = pht('Could not fetch URL: %s', $ex->getMessage());
+        }
       } else if ($request->getStr('phid')) {
         $file = id(new PhabricatorFile())->loadOneWhere(
           'phid = %s',
@@ -167,6 +179,15 @@ final class PhabricatorMacroEditController
         $other_label = pht('File');
       }
 
+      if ($can_fetch) {
+        $form->appendChild(
+          id(new AphrontFormTextControl())
+            ->setLabel(pht('URL'))
+            ->setName('url')
+            ->setValue($request->getStr('url'))
+            ->setError($e_file));
+      }
+
       $form->appendChild(
         id(new AphrontFormFileControl())
           ->setLabel($other_label)
@@ -221,7 +242,18 @@ final class PhabricatorMacroEditController
       $upload_form = id(new AphrontFormView())
         ->setFlexible(true)
         ->setEncType('multipart/form-data')
-        ->setUser($request->getUser())
+        ->setUser($request->getUser());
+
+      if ($can_fetch) {
+        $upload_form
+          ->appendChild(
+            id(new AphrontFormTextControl())
+              ->setLabel(pht('URL'))
+              ->setName('url')
+              ->setValue($request->getStr('url')));
+      }
+
+      $upload_form
         ->appendChild(
           id(new AphrontFormFileControl())
             ->setLabel(pht('File'))

src/applications/settings/panel/PhabricatorSettingsPanelProfile.php

@@ -205,14 +205,19 @@ final class PhabricatorSettingsPanelProfile
           ->setLabel('Change Image')
           ->setName('image')
           ->setError($e_image)
-          ->setCaption('Supported formats: '.implode(', ', $supported_formats)))
+          ->setCaption(
-      ->appendChild(
+            'Supported formats: '.implode(', ', $supported_formats)));
+
+    if (PhabricatorEnv::getEnvConfig('security.allow-outbound-http')) {
+      $form->appendChild(
         id(new AphrontFormTextControl())
           ->setLabel('Import Gravatar')
           ->setName('gravatar')
           ->setError($e_image)
-          ->setCaption('Enter gravatar email address'))
+          ->setCaption('Enter gravatar email address'));
-      ->appendChild(
+    }
+
+    $form->appendChild(
       id(new AphrontFormSubmitControl())
         ->setValue('Save')
         ->addCancelButton('/p/'.$user->getUsername().'/'));