1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-04 20:52:43 +01:00
Commit graph

131 commits

Author SHA1 Message Date
Andre Klapper
b253675917 mimemailparser: Fix implicitly nullable parameter declarations for PHP 8.4
Summary: Backport upstream's 39633e054b for PHP 8.4 compatibility.

Test Plan: Run static code analysis.

Reviewers: O1 Blessed Committers, valerio.bozzolan

Reviewed By: O1 Blessed Committers, valerio.bozzolan

Subscribers: tobiaswiese, valerio.bozzolan, Matthew, Cigaryno

Differential Revision: https://we.phorge.it/D25840
2024-11-26 15:02:10 +01:00
Andre Klapper
a76444a8e2 Update mimemailparser from May 2011 version to 8.0.4
Summary:
Bump to version 8.0.4 from 2024-09-11 per https://github.com/php-mime-mail-parser/php-mime-mail-parser/releases before this ancient code copy falls apart.
`scripts/mail/mail_handler.php` (used for incoming (!) mail) is the only consumer.

Closes T15940

Test Plan: Feed `mail_handler.php` with various test emails (formats: plain text, HTML, multipart; encodings: UTF-8, ASCII, ISO-8859-something) by manually replacing `php://stdin` with corresponding text files and adding some `phlog`s for output checking as I don't have mail server glue handy. Get only expected errors for broken emails.

Reviewers: O1 Blessed Committers, 20after4

Reviewed By: O1 Blessed Committers, 20after4

Subscribers: 20after4, tobiaswiese, valerio.bozzolan, Matthew, Cigaryno

Maniphest Tasks: T15940

Differential Revision: https://we.phorge.it/D25829
2024-11-01 08:59:05 +01:00
Andre Klapper
2aecae4ede Update phpqrcode from version 1.1.4 to 1.9.9
Summary:
Update the internal copy of `phpqrcode` from version 1.1.4 (2010100721) to version 1.9.9 (20130526).
Single reason is that it adds a lot of documentation which may come handy one day.
This more recent code is taken from https://sourceforge.net/p/phpqrcode/code/19/ which equals https://github.com/Darkflib/php-qrcode/blob/master/lib/merged/phpqrcode.php, with our two custom one-line patches still on top.

Closes T15878

Test Plan:
* Manually diff between old downstream and slightly newer upstream version in a visual diff tool to review the changes.
* Go to http://phorge.localhost/settings/panel/multifactor/ and select "Add Auth Factor", select TOTP, click "Continue", still see a QR code properly rendered which works.

Reviewers: O1 Blessed Committers, valerio.bozzolan

Reviewed By: O1 Blessed Committers, valerio.bozzolan

Subscribers: tobiaswiese, valerio.bozzolan, Matthew, Cigaryno

Maniphest Tasks: T15878

Differential Revision: https://we.phorge.it/D25725
2024-07-20 12:11:02 +02:00
Andre Klapper
3fbb0309b5 Update external timezone information to IANA TZDB 2024a
Summary:
Update the list of timezones by pulling from CLDR upstream (revision `9d96f34` from 2024-02-08) located here:

https://github.com/unicode-org/cldr/blob/main/common/supplemental/windowsZones.xml

Permalink:

9d96f340ab/common/supplemental/windowsZones.xml

Closes T15876

Test Plan:
* As an admin, go to http://phorge.localhost/config/edit/phabricator.timezone/ and change the default value.
* As a user, go to http://phorge.localhost/settings/panel/datetime/ and change the value in the `Timezone` dropdown.
* Run the `diff` command against

Reviewers: O1 Blessed Committers, valerio.bozzolan

Reviewed By: O1 Blessed Committers, valerio.bozzolan

Subscribers: revi, tobiaswiese, valerio.bozzolan, Matthew, Cigaryno

Maniphest Tasks: T15876

Differential Revision: https://we.phorge.it/D25722
2024-07-10 13:33:42 +02:00
Merula Turdus
214988fafd T15774: Celerity: javascript minification issue with template literals (backticked strings)
Test Plan:
This archive contains a small demo: {F2142567}
When installed, an application named D25571 appears under "More Applications".
When you start it, you will see 2 messageboxes: one should be a single lined text, the other a multilined text.

Steps:
1) unpack archive in some directory
2) add ext-D25571/src/ path to load-libraries in local.json
3) bin/arc liberate
4) bin/cache purge --all
5) bin/celerity map
6) restart httpd
7) start D25571 application from More Applications

Also:

    arc unit ./src/applications/celerity/__tests__/CelerityResourceTransformerTestCase.php

Reviewers: O1 Blessed Committers, valerio.bozzolan

Reviewed By: O1 Blessed Committers, valerio.bozzolan

Subscribers: avivey, aklapper, tobiaswiese, valerio.bozzolan, Matthew, Cigaryno

Maniphest Tasks: T15774

Differential Revision: https://we.phorge.it/D25571
2024-06-11 17:09:47 +02:00
Andre Klapper
d9e543ba97 PHPMailer: Set defaults for required parameters followed by optional parameters in Authorise() method signature
Summary:
Required parameters $password and $username follow the optional parameter $tval.
This is deprecated since PHP 8.0 per https://www.php.net/manual/en/migration80.deprecated.php
Define defaults for those required parameters to fix the issue - https://github.com/PHPMailer/PHPMailer/blob/master/src/POP3.php#L199 seems to also have survived so far without complaints by PHP 8 users (and PHPStan also does not complain anymore after this change).

Closes T15834

Test Plan: Carefully read the code.

Reviewers: O1 Blessed Committers, valerio.bozzolan

Reviewed By: O1 Blessed Committers, valerio.bozzolan

Subscribers: tobiaswiese, valerio.bozzolan, Matthew, Cigaryno

Maniphest Tasks: T15834

Differential Revision: https://we.phorge.it/D25660
2024-05-30 15:40:35 +02:00
Andre Klapper
40b1e6b17a PHPMailer: Remove unused variable
Summary: `$tmp` is declared but never used.

Test Plan: Read/grep the code.

Reviewers: O1 Blessed Committers, valerio.bozzolan

Reviewed By: O1 Blessed Committers, valerio.bozzolan

Subscribers: tobiaswiese, valerio.bozzolan, Matthew, Cigaryno

Differential Revision: https://we.phorge.it/D25665
2024-05-28 08:35:47 +02:00
Andre Klapper
67c0efdffb PHPMailer: Remove duplicate array keys
Summary:
`'doc'` is listed twice in the `$mimes` array. Remove one key.

The second key was also removed in 6f919df65e.

Test Plan: Read/grep the code.

Reviewers: O1 Blessed Committers, avivey

Reviewed By: O1 Blessed Committers, avivey

Subscribers: tobiaswiese, valerio.bozzolan, Matthew, Cigaryno

Differential Revision: https://we.phorge.it/D25666
2024-05-21 11:07:39 +02:00
Andre Klapper
a579a974eb PHPMailer: Remove use of each() function removed in PHP 8.0
Summary:
`each()` has been deprecated since PHP 7.2 and got removed in PHP 8.0 per https://www.php.net/manual/en/function.each.php

Replace it with a `foreach` construction.

Closes T15833

Test Plan: Carefully read the code; locally testing that construction per D25659#18155; compare to similar rP9623e667458821f696eb92e9dac5a2c9720af7af

Reviewers: O1 Blessed Committers, valerio.bozzolan

Reviewed By: O1 Blessed Committers, valerio.bozzolan

Subscribers: tobiaswiese, valerio.bozzolan, Matthew, Cigaryno

Maniphest Tasks: T15833

Differential Revision: https://we.phorge.it/D25659
2024-05-19 13:10:12 +02:00
Andre Klapper
601ac45032 PHPMailer: Remove check for non-existing get_magic_quotes()
Summary: No idea if PHP ever offered such a method. In any case, this very check was removed in 6f919df65e (diff-2d294eae28fb0d70fc32da8369c4fe33d301c99ca3eeb4bd41da18ad99344d68) in 2012.

Test Plan: Not sure - how to test a removed check for a method which does not exist anyway? :)

Reviewers: O1 Blessed Committers, avivey

Reviewed By: O1 Blessed Committers, avivey

Subscribers: tobiaswiese, valerio.bozzolan, Matthew, Cigaryno

Differential Revision: https://we.phorge.it/D25663
2024-05-19 10:20:00 +02:00
Andre Klapper
23a3f59be2 Fix typo creating QRbitstream()
Summary:
Make the one `new QRbitrtream()` look like the other nine `new QRbitstream()`.

Interestingly, this bug was reported upstream since 2018, and still not fixed:

https://github.com/t0k4rt/phpqrcode/issues/47

Test Plan:
Read the code aloud and realize that this word sound weird.

Verify that the class `QRbitrtream` does not exist, and `QRbitstream` exists.

Reviewers: O1 Blessed Committers, valerio.bozzolan

Reviewed By: O1 Blessed Committers, valerio.bozzolan

Subscribers: tobiaswiese, valerio.bozzolan, Matthew, Cigaryno

Differential Revision: https://we.phorge.it/D25651
2024-05-18 21:45:09 +02:00
Andre Klapper
a6499aee0e PHPMailer: Remove a check for PHP 5.0
Summary:
Phorge requires PHP 5.5, thus remove a version check for PHP 5.0.
Compare the same code in https://github.com/PHPMailer/PHPMailer/blob/master/src/POP3.php#L282-L283

Test Plan: Carefully read the code.

Reviewers: O1 Blessed Committers, speck

Reviewed By: O1 Blessed Committers, speck

Subscribers: tobiaswiese, valerio.bozzolan, Matthew, Cigaryno

Differential Revision: https://we.phorge.it/D25661
2024-05-18 02:00:28 +02:00
Andre Klapper
644f179dd2 Make incoming mail handling more robust / correct
Summary:
* Properly handle when no mail headers at all can be parsed
* Properly handle when mail headers can be parsed but no subject line can be found

```
EXCEPTION: (RuntimeException) Undefined index: subject
```

Closes T15769

Test Plan: See T15769

Reviewers: O1 Blessed Committers, valerio.bozzolan

Reviewed By: O1 Blessed Committers, valerio.bozzolan

Subscribers: 20after4, tobiaswiese, valerio.bozzolan, Matthew, Cigaryno

Maniphest Tasks: T15769

Differential Revision: https://we.phorge.it/D25565
2024-04-04 22:19:54 +02:00
Andre Klapper
a69db10c5e Fix "Creation of dynamic property is deprecated" PHP 8.2 error in MimeMailParser
Summary:
Add `#[AllowDynamicProperties]` attribute to avoid the deprecation notice.

See https://php.watch/versions/8.2/dynamic-properties-deprecated

```
# ERROR 8192: Creation of dynamic property MimeMailParser::$parts is deprecated at [/var/www/html/phorge/phorge/externals/mimemailparser/MimeMailParser.class.php:137]
#  #0 MimeMailParser::parse() called at [<phorge>/externals/mimemailparser/MimeMailParser.class.php:126]
```

Closes T15765

Test Plan: See T15765

Reviewers: O1 Blessed Committers, avivey

Reviewed By: O1 Blessed Committers, avivey

Subscribers: avivey, tobiaswiese, valerio.bozzolan, Matthew, Cigaryno

Maniphest Tasks: T15765

Differential Revision: https://we.phorge.it/D25563
2024-03-31 15:25:03 +02:00
Benjamin Kausch
89a5d3132c Implements copy button in clone repo modal
Summary:
This diff adds a copy button to every repo uri in the clone repo modal. I have made the button to select the text to a merely structural span before the input - it just shows the type of the repository uri. When you click inside the input, the entire uri will be selected. Also I have uncluttered the HTML structure. A table is not needed here, nothing a flex block can't handle.

| Before    | After     |
|-----------|-----------|
| {F1360344} | {F1368592} |

While at it, I have extended the used javascript copy behavior. First of all: `document.execCommand('copy')` [[ https://developer.mozilla.org/en-US/docs/Web/API/Document/execCommand | could stop working every moment in every browser ]]. The [[ https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/Interact_with_the_clipboard | new clipboard API ]] is the way to go, so I have implemented it as the preferred method. The old method is kept as a fallback. And I have added a very nice feature: If defined, the behavior will now issue success or error notifications. See the changed UIExamples for that.

To support the shrinking of JS code with async functions I have patched the JsShrink source.

Test Plan: Go to a repository, hit the clone button and use the new copy button. You will see a shiny notification as a reward.

Reviewers: O1 Blessed Committers, avivey, valerio.bozzolan

Reviewed By: O1 Blessed Committers, avivey, valerio.bozzolan

Subscribers: avivey, tobiaswiese, valerio.bozzolan, Matthew, Cigaryno

Differential Revision: https://we.phorge.it/D25536
2024-02-15 19:38:39 +01:00
Andre Klapper
6a30dc039e Update external timezone information
Summary:
Update the list of timezones from 2016 by pulling from CLDR upstream (revision `57c1f4c` from 2024-01-11) located at https://github.com/unicode-org/cldr/blob/main/common/supplemental/windowsZones.xml

Closes T15727

Test Plan:
* As an admin, go to http://phorge.localhost/config/edit/phabricator.timezone/ and change the default value.
* As a user, go to http://phorge.localhost/settings/panel/datetime/ and change the value in the `Timezone` dropdown.

Reviewers: O1 Blessed Committers, avivey

Reviewed By: O1 Blessed Committers, avivey

Subscribers: tobiaswiese, valerio.bozzolan, Matthew, Cigaryno

Maniphest Tasks: T15727

Differential Revision: https://we.phorge.it/D25529
2024-01-27 13:29:02 +01:00
Valerio Bozzolan
71e4eee275 Update Figlet implementation to be PHP8 compatible
Summary:
As of PHP ~v8 the zip_open and associated functions have been deprecated and
removed. The replacement is the ZipArchive API. This updates the figlet
implementation to use this API which has been present in PHP since 5.2.

Additionally in PHP 8 the use of squiggly brackets for indexing into arrays
is also deprecated. This updates to remove two uses of squiggly brackets and
replace with square brackets.

These two deprecations would result in being unable to load differential
revisions in which someone had commented using figlet remarkup.

Imported from:

https://secure.phabricator.com/rPd5c63c86e7e4e87d5f72b35b1bdb1e888aea49bc

https://secure.phabricator.com/rPbc6f4786a2e36441d17b765fde8e8e047840bc58

Closes T15289

Test Plan:
Applied these changes to an install and loaded a revision that had comments
where someone utilized figlet remarkup. The revision loaded properly and the
figlet comment rendered properly.

Reviewers: O1 Blessed Committers, valerio.bozzolan

Reviewed By: O1 Blessed Committers, valerio.bozzolan

Subscribers: speck, tobiaswiese, Matthew, Cigaryno

Maniphest Tasks: T15064, T15289

Differential Revision: https://we.phorge.it/D25142
2023-06-05 09:16:57 -04:00
Valerio Bozzolan
827f63a065 Cleanup unused cowsay files (related to legacy Perl binary version)
Summary:
Premising that Remarkup supports a fully-featured cowsay generator (!)... since 2015 this awesome
thing no longer requires a binary cowsay command, since everything was rewritten in the core:

c705c8011e

So, some files from the legacy cowsay version in Perl can be safely removed.

We still thank the original author Tony Monroe for the original version in Perl (dated 2000),
and Evan Priestley for the re-implementation in PHP.

Probably nobody knows about this feature. This may change in the future. See T15401.

Closes T15418

Test Plan:
Try some awesome cows to verify that everything still works. For instance:

```
cowsay {{{
 hello
}}}
```

```
cowsay (think=yes,eyes=XX,tongue=^^) {{{
 hello
}}}
```

```
cowsay (cow=stegosaurus) {{{
 hello
}}}
```

If nothing explodes, yuppie! Cowsay still works.

Credits to the original version in Perl remained in place.

Reviewers: O1 Blessed Committers, avivey

Reviewed By: O1 Blessed Committers, avivey

Subscribers: avivey, speck, tobiaswiese, Matthew, Cigaryno

Maniphest Tasks: T15418

Differential Revision: https://we.phorge.it/D25242
2023-05-29 09:13:44 +02:00
Andre Klapper
f97c9d68d0 Fix PHP 8.1 Fatal error in Figlet: Use square brackets instead of curly braces
Summary:
Replace curly with square brackets when accessing an array value. See
https://www.php.net/manual/en/migration74.deprecated.php#migration74.deprecated.core.array-string-access-curly-brace
https://wiki.php.net/rfc/deprecate_curly_braces_array_access#wasn_t_the_curly_brace_syntax_deprecated_once_before

Closes T15406

Test Plan:
Fixed these two lines; afterwards Figlet rendered in task comment preview. Example figlet:

```
figlet {{{ stuff }}}
```

Reviewers: O1 Blessed Committers, valerio.bozzolan

Reviewed By: O1 Blessed Committers, valerio.bozzolan

Subscribers: speck, tobiaswiese, valerio.bozzolan, Matthew, Cigaryno

Maniphest Tasks: T15406

Differential Revision: https://we.phorge.it/D25233
2023-05-20 17:43:16 +02:00
MacFan4000
9623e66745 replace usage of each() with foreach() for smtp
Summary:
this replaces uses with warning suppression of each() (depreccated in
PHP7, removed in PHP8) with foreach

Test Plan: can verify that these chages do work (tested on my own install)

Reviewers: O1 Blessed Committers, #blessed_committers, dsadad, avivey, valerio.bozzolan

Reviewed By: O1 Blessed Committers, #blessed_committers, dsadad, avivey, valerio.bozzolan

Subscribers: avivey, Cigaryno, speck, tobiaswiese, valerio.bozzolan, Matthew

Differential Revision: https://we.phorge.it/D25059
2023-03-03 19:27:57 +01:00
epriestley
c415622923 Remove the "Phragment" application
Summary:
Ref T5479. Ref T13658. This was a contributed application from the early days of Phabricator which never had customers or users in the wild. The contributor moved on from the project many years ago.

Any capabilities in this general role would look different today. It also has one or two product name literal strings, so this is as good a time as any to remove it.

This change does not remove storage; I'll issue upgrade guidance and do that separately after some time.

Test Plan: Grepped for "phragment", got no relevant hits.

Subscribers: hach-que, PHID-OPKG-gm6ozazyms6q6i22gyam

Maniphest Tasks: T13658, T5479

Differential Revision: https://secure.phabricator.com/D21793
2022-04-25 16:46:27 -07:00
epriestley
3dfa89dd5d Update SES API to use AWSv4 signatures
Summary:
Ref T13570. Fixes T13235. In most cases, we use modern (v4) signatures for almost all AWS API calls, and have for several years.

However, sending email via SES currently uses an older piece of external code which uses the older (v3) signature method.

AWS is retiring v3 signatures on October 1 2020, so this pathway will stop working.

Update the pathway to use `PhutilAWSFuture`, which provides v4 signatures.

T13235 discusses poor error messages from SES. Switching to Futures fixes this for free, as they have more useful error handling.

Test Plan:
  - Configured an SES mailer, including the new `region` parameter.
  - Used `bin/mail send-test` to send mail via SES.
  - Sent invalid mail (from an unverified address); got a more useful error message.
  - Grepped for removed external, no hits.

Maniphest Tasks: T13570, T13235

Differential Revision: https://secure.phabricator.com/D21461
2020-09-15 13:03:49 -07:00
epriestley
9d5b8bd14a Remove PHPMailer code which generates bogus "Message-ID" email headers
Summary:
See <https://discourse.phabricator-community.org/t/how-to-override-localhost-localdomain-in-email-message-id/3876/>.

Currently, Phabricator generates a "Message-ID" only in a subset of cases (roughly: when the message is first-in-thread and we expect the thread may have more than one message).

In cases where it does not generate a message ID, it expects the SMTP server to generate one for it. Servers will generally do this, and some ONLY do this (that is, they ignore IDs from Phabricator and replace them). Thus, several pieces of configuration control whether Phabricator attempts to generate a "Message-ID" at all.

The PHPMailer code has fallback behavior which generates a "<random>@localhost.localdomain" message ID. This is never desirable and ignores Phabricator-level configuration that Message IDs should not be generated.

For now, remove this code: it is never the desired behavior and sometimes explicitly contradicts the intent of configuration.

Possibly, a better change may be to make Phabricator always generate a message ID in cases where it isn't forbidden from doing so by configuration. However, that's a more complicated change and it's not clear if/when it would produce better behavior, so start here for now.

Test Plan: Confirmed by affected user (see linked thread).

Differential Revision: https://secure.phabricator.com/D21272
2020-05-19 11:38:58 -07:00
epriestley
35a18146a2 Merge a small amount of remaining "libphutil/" code with Phabricator, break libphutil dependency
Summary: Ref T13395. Moves a small amount of remaining "libphutil/" code into "phabricator/" and stops us from loading "libphutil/".

Test Plan: Browsed around; there are likely remaining issues.

Maniphest Tasks: T13395

Differential Revision: https://secure.phabricator.com/D20981
2020-02-12 15:17:36 -08:00
epriestley
db6b4ca480 Update deprecated array access syntax in Porter stemmer
Summary: Fixes T13472. This library uses `$a{0}`, but this is deprecated in favor of `$a[0]`.

Test Plan:
Ran `bin/search index Txxx --force` on a task with "filing" in the title (this term reaches the "m" rule of the stemmer).

(I'm not on new enough PHP for this to actually raise an error, but I'll follow up with the reporting user.)

Maniphest Tasks: T13472

Differential Revision: https://secure.phabricator.com/D20941
2020-01-14 12:11:39 -08:00
epriestley
767528c0ed Move search query parser/compiler classes to Phabricator
Summary: Ref T13472. Ref T13395. These classes are only used by Phabricator and not likely to find much use in Arcanist.

Test Plan: Grepped libphutil and Arcanist for removed symbols.

Maniphest Tasks: T13472, T13395

Differential Revision: https://secure.phabricator.com/D20939
2020-01-14 11:49:49 -08:00
epriestley
1d58f14469 Remove WePay support from Phortune, and Restful/Httpful dependencies
Summary: Ref PHI1166. I'm documenting our dependencies, and we have approximately 5,000 lines of external code to support WePay as a Phortune provider. We don't use it, I'm almost certain it doesn't work, and we have no plans to use it in the near future. If we did pursue it, I'd probably just wrap the API in a 100-line `WePayFuture` anyway since 5K lines of dependencies to make a couple method calls is ridiculous.

Test Plan: Grepped for `wepay`, `httpful`, `restful`.

Reviewers: amckinley

Reviewed By: amckinley

Subscribers: aurelijus

Differential Revision: https://secure.phabricator.com/D20521
2019-05-14 09:14:53 -07:00
epriestley
c3cafffed7 Update the "SES" and "sendmail" mailers for the new API; remove "encoding"
Summary: Ref T13222. Ref T920. This is the last of the upstream adapter updates.

Test Plan:
  - Sent mail with SES.
  - Sent mail with "sendmail". I don't have sendmail actually configured to an upstream MTA so I'm not 100% sure this worked, but the `sendmail` binary didn't complain and almost all of the code is shared with SES, so I'm reasonably confident this actually works.

Reviewers: amckinley

Reviewed By: amckinley

Maniphest Tasks: T13222, T920

Differential Revision: https://secure.phabricator.com/D19965
2019-01-16 13:18:55 -08:00
epriestley
e856e791f3 Remove Twilio-PHP API external
Summary:
Ref T920. D19937 provides about 100 lines of code which can do essentially everything here; throw out the trillion lines of full external API stuff.

(I am generally not sure why everyone writes API libraries like this instead of like D19937.)

Test Plan: Send SMS messages with D19937, so I don't think we need any of this code anymore. This code is techncially reachable through some pathways like `bin/sms`, but won't be for long.

Reviewers: amckinley

Reviewed By: amckinley

Subscribers: aurelijus

Maniphest Tasks: T920

Differential Revision: https://secure.phabricator.com/D19938
2019-01-03 04:04:00 -08:00
Chad Little
83a89166ee Add profile images to Repositories
Summary: Builds out some images to use to identify repositories. Fixes T12825.

Test Plan:
Try setting custom, built in, and null images.

{F4998175}

{F4998192}

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Maniphest Tasks: T12825

Differential Revision: https://secure.phabricator.com/D18116
2017-06-12 07:51:39 -07:00
epriestley
19af10df37 Apply the wordwrap() hack for "To" to PHPMailerLite
Summary:
Fixes T12372. Long-term fix is T12404, this is a bandaid in the interim.

See T12372 for additional discussion.

Test Plan: Confirmed functional by a user in T12372.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T12372

Differential Revision: https://secure.phabricator.com/D17501
2017-03-16 10:56:25 -07:00
Austin Seipp
ab923e0a75 Implement new reCAPTCHA interface
Summary:
Fixes T12195. For the past few years, Recaptcha (now part of Google) has supported
a new, "no captcha" one-click user interface. This new UI is stable, doesn't
require any typing or reading words, and can even work without JavaScript (if
the administrator enables it on the Recaptcha side).

Furthermore, the new Recaptcha has a completely trivial API that can be dealt
with in a few lines of code. Thus, the external `recaptcha` php library is now
gone.

This API is a complete replacement for the old one, and does not require any
upgrade path for users or Phabricator administrators - public and secret keys
for the "new" Recaptcha UI are the exact same as the "classic" Recaptcha. Any
old Recaptcha keys for a domain will continue to work.

Note that Google is currently testing Yet Another new Captcha API, called
"Invisible reCAPTCHA", that will not require user interaction at all. In fact,
the user will not even be aware there //is even a captcha form//, as far as I
understand. However, this new API is 1) in beta, 2) requires new Recaptcha keys
(so it cannot be a drop-in replacement), and 3) requires more drastic API
changes, as form submission buttons must instead invoke JavaScript code, rather
than a token being passed along with the form submission. This would require far
more extensive changes to the controllers. Maybe when it's several years old, it
can be considered.

Signed-off-by: Austin Seipp <aseipp@pobox.com>

Test Plan:
Created a brand-new Phabricator installation, saw the new Captcha UI
on administrator sign up. Logged out, made 5 invalid login attempts, and saw the
new Captcha UI. Reworked the conditional to invert the condition, etc to test
and make sure the API responded properly.

Reviewers: epriestley, #blessed_reviewers, chad

Reviewed By: epriestley, #blessed_reviewers

Subscribers: avivey, Korvin

Maniphest Tasks: T12195

Differential Revision: https://secure.phabricator.com/D17304
2017-02-03 20:06:29 +00:00
Brendan Zerr
af218564e5 Backport fix from php-mime-mail-parser to fix attachment parsing
Summary:
- Allow proper parsing of attachments with missing Content-Disposition
  header

Test Plan:
- Create application email for Maniphest.
- Send example broken email from Outlook 2007 to that address {F1842816}

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D16584
2016-09-21 15:04:20 -07:00
epriestley
ee814923a2 Improve Amazon SES code error handling behavior
Summary:
Fixes T10728. Fixes T10476. SES uses third-party code with unique, creative ideas about error handling.

  - Make the error handling behavior more correct, so it doesn't try to use undefined variables.
  - Simplify the error handling behavior (throw exceptions sooner, remove redundant code).
  - Explicitly test for `-smtp` misconfigurations. These can arise if you read the wrong column out of the table in the AWS docs, as in T10728.
  - Explicitly test for SimpleXML, to catch T10476 before it does damage.

Test Plan:
  - Configured SES to use a bogus SMTP endpoint.
  - Faked past the SMTP check, hit sane error on the connection.
  - Undid faking, hit immediate hard stop on the STMP check.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10476, T10728

Differential Revision: https://secure.phabricator.com/D15632
2016-04-05 17:28:45 -07:00
epriestley
c29bbbab19 Remove bogus '$this->resource' from SES error handling pathway
Summary: Ref T10728. This property does not exist and is never referenced. The `'resource'` key is also never referenced, so I believe this can be safely removed.

Test Plan: Will make @amckinley do my job for me.

Reviewers: chad

Reviewed By: chad

Subscribers: amckinley

Maniphest Tasks: T10728

Differential Revision: https://secure.phabricator.com/D15624
2016-04-05 13:19:07 -07:00
epriestley
cb08757032 Swap S3 to first-party client
Summary:
Ref T5155. Swaps Phabricator over to the new first-party S3 client using the v4 authentication API so it works in all regions.

The API requires an explicit region, so the new `amazon-s3.region` is now required. I'll write guidance about this.

Test Plan:
  - Uploaded files to S3.
  - Migrated ~1GB of files to S3.
  - Loaded a bunch of files off S3.
  - Browsed around the S3 bucket.
  - Deleted a file, verified the data on S3 was destroyed.
  - Hit new setup warning.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T5155

Differential Revision: https://secure.phabricator.com/D14982
2016-01-10 07:55:27 -08:00
epriestley
8a906b0e18 Remove skins from Phame
Summary:
Ref T9897. Purge a bunch of stuff:

  - Remove skins.
  - Remove all custom sites for skin resources.
  - Remove "framed", "notlive", "preview", separate "live" controllers (see below).
  - Merge "publish" and "unpublish" controllers into one.

New behavior:

  - Blogs and posts have three views:
    - "View": Internal view URI, which is a normal detail page.
    - "Internal Live": Internal view URI which is a little prettier.
    - "External Live": External view URI for an external domain.

Right now, the differences are pretty minor (basically, different crumbs/chrome). This mostly gives us room to put some milder flavor of skins back later (photography or more "presentation" elements, for example).

This removes 9 million lines of code so I probably missed a couple of things, but I think it's like 95% of the way there.

Test Plan:
Here are some examples of what the "view", "internal" and "external" views look like for blogs (posts are similar):

"View": Unchanged

{F1021634}

"Internal": No chrome or footer. Still write actions (edit, post commments). Has crumbs to get back into Phame.

{F1021635}

"External": No chrome or footer. No write actions. No Phabricator crumbs. No policy/status information.

{F1021638}

I figure we'll probably tweak these a bit to figure out what makes sense (like: maybe no actions on "internal, live"? and "external, live" probably needs a way to set a root "Company >" crumb?) but that they're reasonable-ish as a first cut?

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T9897

Differential Revision: https://secure.phabricator.com/D14740
2015-12-11 08:14:12 -08:00
epriestley
80f1d01602 Fix Oblivious skin summary remarkup and partially fix title
Summary: Ref T9546. I only got the title to always show the blog title (better than nothing) -- showing the post title properly isn't trivial and is more work than I want to do right now.

Test Plan:
  - Description now has remarkup.
  - Title now shows blog title (better than nothing).

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T9546

Differential Revision: https://secure.phabricator.com/D14423
2015-11-06 20:24:11 +00:00
Chad Little
3a90cb56b4 Clean up Oblivious skin
Summary: Adds Remarkup rules and CSS, cleans up some spacing a color. Ref T9546

Test Plan: Review a blog post list, and a blog

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Maniphest Tasks: T9546

Differential Revision: https://secure.phabricator.com/D14421
2015-11-06 11:40:54 -08:00
epriestley
6bd8ee861c Use PEAR Text_Figlet to render figlet fonts
Summary:
Ref T7785. Makes Figlet available without installing the `figlet` package.

The PEAR Text_Figlet code is really sketchy and includes this API, which is quite marvelous:

```
    function loadFont($filename, $loadgerman = true)
```

At some point, this should probably be rewritten into a modern style, but it's not trivial since the figlet file format and rendering engine are somewhat complicated. I made some adjustments:

  - Broke the dependency on the PEAR core.
  - Prevented it from doing any wrong HTML escaping.
  - Looked through it for any glaring security or correctness problems.

This code isn't very pretty or modern, but as far as I can tell it's safe and does render Figlet fonts in a reasonable way.

Test Plan: {F803268}

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T9408, T7785

Differential Revision: https://secure.phabricator.com/D14102
2015-09-13 12:31:07 -07:00
epriestley
935ced1edd Include "Figlet" and PEAR "Text_Figlet" in externals
Summary:
Ref T7785. This prepares for (but does not yet use) a pure PHP implementation of Figlet parsing and rendering.

Figlet is somewhat complex, but a parser already exists in PEAR. I'll make sure it's suitable and hook it up in the next diff.

Test Plan: N/A, code not reachable

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T9408, T7785

Differential Revision: https://secure.phabricator.com/D14101
2015-09-13 12:30:48 -07:00
epriestley
c705c8011e Use PHP implementation of Cowsay for cowsay rule
Summary:
Ref T7785. Convert the Cowsay Remarkup rule to use a PHP implementation so we don't have to execute an external `cowsay` binary.

I removed some of the default ".cow" files that come with Cowsay because they:

  - include Perl code which we can not interpret; or
  - are primarily in-jokes or standalone visual puns or artwork rather than usable actors on the grand stage of cowsay; or
  - offended my delicate sensibilities.

Users can add new cows to `resources/cows/custom/` if they want to make new cows available.

I have included a majestic original artwork depicting the "Companion Cube" character from //Portal//.

Test Plan: {F802535}

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T9408, T7785

Differential Revision: https://secure.phabricator.com/D14100
2015-09-13 12:27:30 -07:00
Brian Smith
9692c1f2c2 Quickly fix phpqrcode syntax
Summary: phpqrcode has some old looking php syntax. Fix it quickly since it's one line.

Test Plan:
Before this patch, went to add a TOTP token, saw the error about the undefined variable.
After this patch, successfully added a TOTP token, and used it.

Reviewers: avivey, epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: Korvin

Maniphest Tasks: T9300

Differential Revision: https://secure.phabricator.com/D14019
2015-08-31 14:05:51 -07:00
epriestley
80b23b21f3 Work around mailparse bug (?) with messages that have no terminal newline
Summary: Under some unusual circumstances, mailparse appears to incorrectly discard the last line of some mail messages.

Test Plan:
  - Constructed a raw mail with no terminal newline.
  - Piped it into `mail_receiver.php`.
  - Saw the last line vanish into the aether.
  - Applied patch; repeated; last line survived.

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: chad, epriestley

Differential Revision: https://secure.phabricator.com/D12494
2015-04-21 09:49:40 -07:00
epriestley
7d69d8ae6a Remove support for Balanced payments
Summary: See <https://www.balancedpayments.com/stripe>. Just get rid of support since Phortune is a prototype anyway.

Test Plan: `grep`, poked around Phortune.

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: aurelijus, epriestley

Differential Revision: https://secure.phabricator.com/D12074
2015-03-13 15:47:37 -07:00
epriestley
9e0f70e17d Rewrite Aphlict to use Websockets
Summary:
Fixes T6559. No more flash, use Websockets. This is less aggressive than the earlier version, and retains more server logic.

  - Support "wss".
  - Make the client work.
  - Remove "notification.user" entirely.
  - Seems ok?

Test Plan:
In Safari, Firefox and Chrome, saw the browsers connect. Made a bunch of comments/updates and saw notifications.

Notable holes in the test plan:

  - Haven't tested "wss" yet. I'll do this on secure.
  - Notifications are //too fast// now, locally. I get them after I hit submit but before the page reloads.
  - There are probably some other rough edges, this is a fairly big patch.

Reviewers: joshuaspence, btrahan

Reviewed By: joshuaspence, btrahan

Subscribers: fabe, btrahan, epriestley

Maniphest Tasks: T6713, T6559

Differential Revision: https://secure.phabricator.com/D11143
2015-01-08 10:03:00 -08:00
epriestley
643c1c4a52 Update Stripe PHP API
Summary: Ref T2787. This brings us up to date.

Test Plan: `git clone`

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: epriestley

Maniphest Tasks: T2787

Differential Revision: https://secure.phabricator.com/D9916
2014-07-13 09:19:07 -07:00
Joshua Spence
e495ce496b Fix various spelling mistakes
Summary: Minor change, self-explanatory.

Test Plan: Eye-ball it

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D9911
2014-07-13 00:45:33 +10:00
Joshua Spence
8756d82cf6 Remove @group annotations
Summary: I'm pretty sure that `@group` annotations are useless now... see D9855. Also fixed various other minor issues.

Test Plan: Eye-ball it.

Reviewers: #blessed_reviewers, epriestley, chad

Reviewed By: #blessed_reviewers, epriestley

Subscribers: epriestley, Korvin, hach-que

Differential Revision: https://secure.phabricator.com/D9859
2014-07-10 08:12:48 +10:00
Joshua Spence
dd796a44b6 Update JsShrink external library.
Summary: It seems that there was a [[17cbfacae6 | recent-ish commit]] to the `JsShrink` external library. I'm not sure what this commit actually achieves, but we may as well bring it upstream.

Test Plan: Eyeball it.

Reviewers: vrana, epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D9414
2014-06-07 11:26:20 -07:00