1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-04 20:52:43 +01:00
Commit graph

60 commits

Author SHA1 Message Date
epriestley
4bfbd209b2 Fix XSS hole in YouTube remarkup rule
Summary:
The source wasn't properly escaped.

Test Plan:
Made a comment like "http://youtube.com/?v="></iframe><h1>!!!</h1>"

Reviewed By: mroch
Reviewers: tomo, mroch, tuomaspelkonen, aran, jungejason
CC: aran, mroch
Differential Revision: 516
2011-06-24 10:45:53 -07:00
epriestley
d96d515cc2 Add comment linking to Maniphest and Differential
Summary:
Allows you to link to comments with "D123#3" or "T123#3", then adds a pile of JS
to try to make it not terrible. :/

The thing I'm trying to avoid here is when someone says "look at this!
http://blog.com/#comment-239291" and you click and your browser jumps somewhere
random and you have no idea which comment they meant. Since I really hate this,
I've tried to avoid it by making sure the comment is always highlighted.

Test Plan:
Put T1#1 and D1#1 in remarkup and verified they linked properly.

Clicked anchors on individual comments.

Faked all comments hidden in Differential and verified they expanded on anchor
or anchor change.

Reviewed By: aran
Reviewers: aran, tomo, mroch, jungejason, tuomaspelkonen
CC: aran, epriestley
Differential Revision: 383
2011-05-31 11:11:19 -07:00
epriestley
8ae765f6d7 Enable SendGrid Parse API as an inbound email handler
Summary:
Sendmail is seriously difficult to configure; SendGrid is extremely easy. It's
also pretty expensive ($80/mo) but there are a bunch of startups that already
have plans so it's effectively free for them.

Test Plan:
Configured SendGrid and sent reply email through it.

Reviewed By: aran
Reviewers: tuomaspelkonen, jungejason, aran
CC: aran, epriestley
Differential Revision: 376
2011-05-30 12:28:33 -07:00
tuomaspelkonen
19e10b2b5d Embedded youtube videos.
Summary:
Markup support for embedding Youtube videos.

Test Plan:
https://www.youtube.com/watch?v=Vw4KVoEVcr0 was embedded

Reviewed By: epriestley
Reviewers: epriestley
CC: aran, epriestley
Differential Revision: 353
2011-05-27 13:50:58 -07:00
epriestley
03ebbccbc9 Restore image proxying to Remarkup
Summary:
Previously, Remarkup allowed you to paste in an image URI and get an inline
image. However, it did this by hotlinking the image which isn't so hot in an
open source product.

Restore this feature, but use image proxying instead. The existing image macro
code does most of the work.

There is a mild security risk depending on the network setup so I've left this
default-disabled and made a note about it. It should be safe to enable for
Facebook.

Test Plan:
Pasted in image and non-image links, got reasonable behavior. Verified proxying
appears to work. Verified that file:// shenanigans produce 400.

Reviewed By: tuomaspelkonen
Reviewers: aran, jungejason, tuomaspelkonen
Commenters: cpiro
CC: aran, cpiro, tuomaspelkonen
Differential Revision: 214
2011-05-03 18:49:06 -07:00
epriestley
79d037fe66 Use a stricter regexp in Diffusion remarkup
Summary:
Just minor bookkeeping, but the current regexp is too liberal and
will match things which can't possibly be revision hashes.

Test Plan:
Typed things which should and shouldn't be revision links, they
got handled properly.

Reviewed By: aran
Reviewers: jungejason, tuomaspelkonen, aran
CC: aran
Differential Revision: 185
2011-04-29 20:26:30 -07:00
tuomaspelkonen
976d1e65df Fixed image macro with '-' in the name.
Summary:
Fixed the image macro regex not to use '-' as the separator.
Also minor improvement to randomon.

Test Plan:
Tried different image marcors.

Reviewed By: jungejason
Reviewers: jungejason
CC: epriestley, jungejason
Differential Revision: 153
2011-04-20 16:51:26 -07:00
tuomaspelkonen
f7fe75f756 Image macros for Phabricator!
Summary:
Added long waited image macro support for differential and others.

Test Plan:
Tried a couple of different macros and made sure they appear nicely
in the comment preview. Made sure that the normal comments are shown
correctly.

Reviewed By: epriestley
Reviewers: epriestley
CC: jungejason, tuomaspelkonen, epriestley
Differential Revision: 129
2011-04-13 20:08:13 -07:00
epriestley
a2a6509dc8 Restore linking of Diffusion commits. 2011-04-11 03:02:19 -07:00
epriestley
8784b5bd3b Link "DNNNN" and "TNNNN" in Phabricator remarkup.
Summary: Autolink Differential and Maniphest objects.

Test Plan: Typed "D12345" and "T12345" into the Differential comment preview,
got links. Typed "http://www.elsewhere.com/D12345" and got a single link to
that URI, not a mess where the D12345 part linked incorrectly.

Reviewers: aran

CC:

Differential Revision: 35
2011-02-11 18:07:45 -08:00