1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-14 19:02:41 +01:00
Commit graph

189 commits

Author SHA1 Message Date
epriestley
09c8af4de0 Upgrade phabricator to libphutil v2
Summary: Mechanical changes from D2588. No "Class.php" moves yet.

Test Plan: See D2588.

Reviewers: vrana, btrahan, jungejason

Reviewed By: vrana

CC: aran

Maniphest Tasks: T1103

Differential Revision: https://secure.phabricator.com/D2591
2012-05-30 14:26:29 -07:00
vrana
37b1ac5a24 Load changesets with inline comments in large diffs
Summary: Also fix the notice text.

Test Plan:
Display diff with inline comments and lint errors.
Click on inline comment and lint link.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Koolvin

Differential Revision: https://secure.phabricator.com/D2594
2012-05-29 12:22:51 -07:00
vrana
af6238ca4a Inform about changes made between last revision and commit
Summary:
This adds a link to [Closed] e-mail if it detects some changes.
It compares added and removed lines with 3 lines context.
The subtle form of informing is permissive to false negatives and positives.
I have an e-mail filter for [Closed] e-mails so I wouldn't personally notice this change - we should probably promote this feature a little bit.

Test Plan:
Reparse a diff with a change after last update.
Reparse a diff without a change after last update.

Reviewers: jungejason, epriestley

Reviewed By: jungejason

CC: aran, Koolvin, btrahan

Maniphest Tasks: T201

Differential Revision: https://secure.phabricator.com/D2540
2012-05-25 21:39:58 -07:00
vrana
1377d349e1 Use first diff author for summary and test plan in commandeered revisions
Summary:
I thought about it a little bit and this makes the most sense for me:

# Original author usually writes at least something and commander only updates it.
# There's a creation date of revision (= first diff) by these comments. I don't want to change this date because I use this information. Author should correspond to this date.
# It solves all our repros.

Test Plan: Display commandeered revision.

Reviewers: nh, epriestley

Reviewed By: epriestley

CC: aran, epriestley

Differential Revision: https://secure.phabricator.com/D2577
2012-05-25 11:44:48 -07:00
vrana
0da0632242 Display author of last manual diff in summary and test plan comments
Summary:
D2550 is not compatible with D2540.
Example: D2559.

Test Plan: Display commandeered revision.

Reviewers: nh

Reviewed By: nh

CC: aran, epriestley

Differential Revision: https://secure.phabricator.com/D2567
2012-05-24 15:38:45 -07:00
Nick Harper
0ddfd0b4fb Show less misleading summary, test plan authors
Summary:
Instead of assuming the test plan and summary are written by the author
of the differential revision, let's assume they are written by the author
of the latest differential diff.

Test Plan: viewed a drev that had been commandeered but not updated to check authors

Reviewers: epriestley, jungejason, vrana

Reviewed By: epriestley

CC: aran, Koolvin

Maniphest Tasks: T1235

Differential Revision: https://secure.phabricator.com/D2550
2012-05-23 14:57:54 -07:00
vrana
ccd37afab8 Attach commit diff to its revision
Summary:
This attaches commit diff to its associated revision as any other diff.
The consequence is that the revision page now shows the actual commit instead of the last diff. It may be disturbing but it is desired.
Another consequence is that lint and unit results are displayed as skipped after the revision was committed. I want to fix it somehow.

My next plan is to automatically diff against the last normal diff and include the link to this diff in commit e-mail if non-empty.

Test Plan:
  reparse.php

Diff against last normal diff.

Reviewers: epriestley, jungejason

Reviewed By: jungejason

CC: aran, Koolvin, jungejason

Maniphest Tasks: T201

Differential Revision: https://secure.phabricator.com/D2530
2012-05-22 16:08:16 -07:00
Bob Trahan
6865f024c8 Make differentialRevisionListView always have the no data string be "No revisions found."
Summary: the existing, more custom text doesn't make sense when viewing someone else's revisions AND in someplaces its the less interesting "no data found".

Test Plan: clicked around the various http://phabricator.dev/differential/filter/* pages with various users.

Reviewers: epriestley, ry

Reviewed By: epriestley

CC: aran, Koolvin

Maniphest Tasks: T1222

Differential Revision: https://secure.phabricator.com/D2475
2012-05-15 14:44:03 -07:00
epriestley
b98847d2b1 Show "show more..." link in "Local Commits" view in Differential
Summary: Javascript! Depends on D2437 to do anything useful.

Test Plan: Clicked "show more", saw more.

Reviewers: csilvers, btrahan

Reviewed By: csilvers

CC: aran

Maniphest Tasks: T1189

Differential Revision: https://secure.phabricator.com/D2438
2012-05-09 15:56:37 -07:00
vrana
826e5405b6 Open files in very large diffs inline
Summary: This allows writing inline comments and reduces different behavior between normal and very large diffs.

Test Plan:
Verify that normal diff works.
Verify that very large diff works.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Koolvin

Differential Revision: https://secure.phabricator.com/D2361
2012-05-02 17:51:35 -07:00
Nick Harper
6039ca6fb5 Create option for differential custom fields to display warning on accept
Summary:
This adds support to differential fields to display warnings before a revision
gets accepted. Since lint and unit are differential fields, the code for their
warnings was moved into their respective field specification classes, so there
is only one code path for warnings (lint, unit, or custom).

Test Plan:
Select 'Accept' on a revision with lint/unit warnings and see messages appear
like they used to. Change it back to 'Comment' and they go away. Repeat with
a revision without lint/unit warnings and see no warnings appear. Checked
darkconsole to see no errors due to this.

Reviewers: jungejason, epriestley, vrana

Reviewed By: epriestley

CC: aran, Koolvin

Differential Revision: https://secure.phabricator.com/D2363
2012-05-02 14:30:21 -07:00
vrana
a0417d97c8 Add assert_instances_of()
Auditors: epriestley
2012-04-25 16:23:06 -07:00
vrana
0732f2f9dd Hide selection to provide a visual cue about clipboard JS magic in Differential
Summary: Inspired by D2242.

Test Plan:
Select text in left pane.
Select text in right pane.
Select all.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Koolvin

Differential Revision: https://secure.phabricator.com/D2249
2012-04-24 18:53:48 -07:00
epriestley
20a5c9b261 Use "closed", not "committed", in Differential
Summary: "Committed" is SVN-specific language, and confusing in Git and Mercurial. Use neutral language instead.

Test Plan: Inspection.

Reviewers: btrahan, Makinde, vrana, jungejason

Reviewed By: vrana

CC: aran

Maniphest Tasks: T909

Differential Revision: https://secure.phabricator.com/D2087
2012-04-23 17:40:57 -07:00
vrana
1f2cf78c1b Display committed date in Revision Status field
Summary:
This is slightly more complicated for this reason:

- We don't set `dateCommitted` for normal commits, only for markcommitted.
-- We need to add this date to old revisions now.

Test Plan:
Reparse a revision - commit date was set.
Conduit `markcommitted` - commit date was set.
Run SQL script.
Display closed revision.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Koolvin

Differential Revision: https://secure.phabricator.com/D2282
2012-04-19 15:05:09 -07:00
vrana
7e571994bc Don't display inline comment's Reply in standalone view
Summary: NOTE: This is starting to be too hacky.

Test Plan:
View revision with inline diffs, verify that Reply is there.
View standalone - no Reply.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Koolvin

Differential Revision: https://secure.phabricator.com/D2263
2012-04-18 10:44:24 -07:00
epriestley
68d90ef698 Allow revisions to be commandeered
Summary:
  - Adds "Commandeer Revision", to allow you to plunder revisions from those lost to sea (e.g., interns who have left or co-workers who are dealing with a family emergency).
  - Removes admin-abandon to simplify things, since you can just Commandeer + Abandon now.
  - There are other workarounds available but this is the natural/expected workflow (and the one everyone always asks for) and there's no real reason not to allow it.

Test Plan: Swashbuckled.

Reviewers: cpiro, btrahan, vrana, jungejason

Reviewed By: cpiro

CC: aran, zeeg

Differential Revision: https://secure.phabricator.com/D2257
2012-04-17 14:59:31 -07:00
vrana
4af3bb9f4b Allow View Standalone in Diff preview
Test Plan: Click View Standalone.

Reviewers: epriestley, jungejason

Reviewed By: jungejason

CC: aran

Differential Revision: https://secure.phabricator.com/D2225
2012-04-12 22:35:13 -07:00
vrana
50e3114896 Link to TOC in very large diff link
Test Plan: Visit the link.

Reviewers: epriestley, jungejason

Reviewed By: jungejason

CC: aran

Differential Revision: https://secure.phabricator.com/D2224
2012-04-12 22:04:13 -07:00
vrana
01bd844926 Display cursor hand on line number in revision but not in standalone view
Summary: Partially broken by D2166.

Test Plan:
Hover line number in revision.
Hover line number in standalone view.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran

Differential Revision: https://secure.phabricator.com/D2196
2012-04-10 15:05:54 -07:00
epriestley
5f615c1e6e Fix a warning when viewing a revision not attached to a repository
Summary: We'll get a typehint warning on the repository if there's no repository. Check outside the method instead.

Test Plan: Loaded page, no warning.

Reviewers: btrahan, vrana, jungejason

Reviewed By: vrana

CC: aran

Differential Revision: https://secure.phabricator.com/D2194
2012-04-10 13:34:31 -07:00
vrana
347bc357fd Display Browse in Diffusion and Open in Editor links in commit detail
Test Plan:
/rX1
Browse in Diffusion
Open in Editor

Reviewers: epriestley

Reviewed By: epriestley

CC: aran

Differential Revision: https://secure.phabricator.com/D2180
2012-04-10 09:54:38 -07:00
epriestley
3fdd8c497c Possible fix for T1076, pushing to verify.
I think the issue is that we don't set the left-side changesetID correctly. This seems to work correctly locally, but I'm not sure I got a good repro. Pushing to verify the production test cases provided in T1076.

Auditors: vrana, btrahan
2012-04-07 10:01:28 -07:00
vrana
bc61f36beb Replace elseif by else if
Summary:
Mostly written by me.
Omit external libraries.

Test Plan: http://phabricator.com/docs/phabricator/article/PHP_Coding_Standards.html

Reviewers: epriestley

Reviewed By: epriestley

CC: aran

Differential Revision: https://secure.phabricator.com/D2104
2012-04-04 15:24:47 -07:00
vrana
582fc847f2 Use assert_instances_of() in Differential
Summary: NOTE: This is not produced by a script so there might be errors. Please review carefully.

Test Plan: Browse around Differential.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran

Differential Revision: https://secure.phabricator.com/D2103
2012-04-04 15:11:30 -07:00
epriestley
5945546440 Unify Differential/Maniphest/Diffusion styles and allow commits to be flagged explicitly
Summary:
  - Differential, Maniphest and Diffusion use slightly different styles for the object detail panels.
  - Instead, use the same styles and CSS.
  - Add object actions to Diffusion, including "Flag".

Test Plan: Looked at revisions, tasks and commit. Flagged and unflagged commits.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran, epriestley

Maniphest Tasks: T1041

Differential Revision: https://secure.phabricator.com/D2062
2012-03-30 14:12:10 -07:00
epriestley
b38047006b Show other open revisions affecting the same files in Differential
Summary:
I think this feature is probably good, but Differential is also really starting to get a lot of stuff which is not the diff in it. Not sure how best to deal with that.

The mixed table styles are also pretty ugly.

So I guess this is more feedback / proof-of-concept, I think I want to try to improve it somehow before I land it.

Test Plan: Looked at some diffs, some had an awkward, ugly list of diffs affecting the same files.

Reviewers: bill, aran, btrahan

Reviewed By: aran

CC: aran, epriestley

Maniphest Tasks: T829

Differential Revision: https://secure.phabricator.com/D2027
2012-03-30 10:13:08 -07:00
epriestley
ec8b445727 If there are no flagged revisions, don't show anything on "Active Revisions"
Test Plan: Looked at /differential/ with and without flags.

Reviewers: nh, btrahan

Reviewed By: nh

CC: aran, epriestley

Maniphest Tasks: T1055

Differential Revision: https://secure.phabricator.com/D2044
2012-03-28 20:03:16 -07:00
epriestley
7ad68e63e4 Add "Flags" to allow users to collect the things they love
Summary:
Flags are a personal collection of things you want to take a look at later. You can use several different colors and add notes.

Not really sure if this is actually a good idea or not but it was easy to build.

Planned features:

  - Allow Herald rules to add flags.
  - In the "edit flag" dialog, have a "[x] Subscribe Me" checkbox that CCs you.
  - Support Diffusion.
  - Support Phriction.
  - Always show flags on an object if you have them (in every view)?
  - Edit dialog feels a little heavy?
  - More filtering in /flag/ tool.
  - Add a top-level links somewhere?

Test Plan: Added, edited and removed flags from things. Viewed flags in flag view.

Reviewers: aran, btrahan

Reviewed By: btrahan

CC: aran, epriestley, Koolvin

Maniphest Tasks: T1041

Differential Revision: https://secure.phabricator.com/D2024
2012-03-27 16:22:40 -07:00
epriestley
89c66cbbd4 Add an "Explicit-CCs" header to Differential
Summary: This header allows recipients to distinguish between CCs generated by Herald and CCs generated by humans.

Test Plan: Created a Herald rule to add a bunch of CC's to every revision. Created a revision. Added some CCs manually. Verified that only manual CCs appeared in the "Explicit" header.

Reviewers: btrahan, vrana

Reviewed By: btrahan

CC: aran, epriestley

Maniphest Tasks: T808

Differential Revision: https://secure.phabricator.com/D2018
2012-03-26 09:55:38 -07:00
epriestley
b440c95e9b Make "subscribed" filter in Differential accept any mailable
Summary:
In the Differential revision list views:

  - Allow you to filter by mailables (notably, mailing lists).
  - Allow you to filter by user (including disabled users).

Test Plan: Filtered by a mailing list.

Reviewers: btrahan, nh

CC: aran, epriestley

Maniphest Tasks: T1031

Differential Revision: https://secure.phabricator.com/D1994
2012-03-23 08:45:48 -07:00
nileema
238b403509 Allow the users to view their unsubmitted inline comments in one view
Summary:
1. Created a filter for user comments that are not submitted yet
2. surface this information to the user by providing a "Draft revisions" link on the differential home page.

Test Plan: tested on one of the diffs

Reviewers: nh, epriestley

Reviewed By: epriestley

CC: aran, epriestley, jungejason

Differential Revision: https://secure.phabricator.com/D1927
2012-03-20 16:16:13 -07:00
epriestley
1227c8d5da Add "View Options" dropdown to Differential / Audit
Summary:
Depends on D1921. Depends on D1899.

Add the "View Options" dropdown menu to Diffusion, with options like "show standalone", "show raw file", "show all", etc.

Test Plan: Viewed commits in Differential and Diffusion.

Reviewers: davidreuss, nh, btrahan

Reviewed By: btrahan

CC: aran, epriestley

Maniphest Tasks: T904

Differential Revision: https://secure.phabricator.com/D1932
2012-03-19 19:57:41 -07:00
vrana
a70466a7fd Don't display "Loading..." for coverage which will never load
Summary: In very large diffs.

Test Plan:
Display very large diff.
Display normal diff.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, epriestley

Differential Revision: https://secure.phabricator.com/D1918
2012-03-15 10:59:00 -07:00
epriestley
900190b2fe Add inline comments to Diffusion/Audit
Summary:
  - Add inline comments to Audits, like Differential.
  - Creates new storage for the comments in the Audits database.
  - Creates a new PhabricatorAuditInlineComment class, similar to DifferentialInlineComment.
  - Defines an Interface which Differential and Audit comments conform to.
  - Makes consumers of DifferentialInlineComments consume objects which implement that interface instead.
  - Adds save

NOTE: Some features are still missing! Wanted to cut this off before it got crazy:

  - Inline comments aren't shown in the main comment list.
  - Inline comments aren't shown in the emails.
  - Inline comments aren't previewed.

I'll followup with those but this was getting pretty big.

@vrana, does the SQL change look correct?

Test Plan:
  - Created, edited, deleted, replied to, reloaded and saved inline comments in Diffusion, on the left and right side of diffs.
  - Created, edited, deleted, replied to, reloaded and saved inline comments in Differentila, on the left and right side of primary and diff-versus-diff diffs.

Reviewers: btrahan, vrana

Reviewed By: btrahan

CC: aran, epriestley

Maniphest Tasks: T904

Differential Revision: https://secure.phabricator.com/D1898
2012-03-14 12:56:01 -07:00
epriestley
f158b32a54 Minor, formalize changeset response class. 2012-03-12 21:39:05 -07:00
epriestley
85bdcbdd43 Show coverage percentages in table of contents
Summary:
Rough cut -- this needs style / color / tooltips, etc. Show raw coverage and "modified coverage" (coverage on lines you touched) in the table of contents.

https://secure.phabricator.com/file/data/id3apce5p5gevkee6tg2/PHID-FILE-kxcxlbsej454t4xiht2o/Screen_Shot_2012-03-12_at_3.30.30_PM.png

Test Plan: See screenshot above.

Reviewers: tuomaspelkonen, btrahan, zeeg

Reviewed By: tuomaspelkonen

CC: aran, epriestley

Maniphest Tasks: T965

Differential Revision: https://secure.phabricator.com/D1864
2012-03-12 17:06:55 -07:00
epriestley
b2890eeb0e Add "final" to all Phabricator "Controller" classes
Summary:
These are all unambiguously unextensible. Issues I hit:

  - Maniphest Change/Diff controllers, just consolidated them.
  - Some search controllers incorrectly extend from "Search" but should extend from "SearchBase". This has no runtime effects.
  - D1836 introduced a closure, which we don't handle correctly (somewhat on purpose; we target PHP 5.2). See T962.

Test Plan: Ran "testEverythingImplemented" unit test to identify classes extending from `final` classes. Resolved issues.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran, epriestley

Maniphest Tasks: T795

Differential Revision: https://secure.phabricator.com/D1843
2012-03-09 15:46:25 -08:00
epriestley
62f18914db Add "mark committed" action to the web UI
Summary: When a revision is accepted, allow users to manually mark it committed if there's a daemon/tracking problem. This shouldn't happen in most installs but we have less-robust support for Mercurial and some installs may not be fully configured.

Test Plan: Marked a revision committed.

Reviewers: btrahan, Makinde

Reviewed By: Makinde

CC: aran, epriestley

Maniphest Tasks: T948

Differential Revision: https://secure.phabricator.com/D1808
2012-03-07 09:47:31 -08:00
vrana
21d5953093 Add filter for abandoned revisions
Test Plan: /differential/filter/reviews/?status=abandoned

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, epriestley

Maniphest Tasks: T767

Differential Revision: https://secure.phabricator.com/D1799
2012-03-06 16:54:03 -08:00
vrana
ad58491c6c Support /differential/filter/<filter>/<username>/
Summary: NOTE: I didn't add BC for ?phid=.

Test Plan:
/differential/
/differential/filter/active/
/differential/filter/active/epriestley/
/differential/filter/active/x/ - 404
/differential/filter/revisions/?status=open - search for epriestley
/differential/filter/revisions/epriestley/?status=open
/p/jakubv/

Reviewers: epriestley, nh

Reviewed By: epriestley

CC: aran, epriestley

Maniphest Tasks: T900

Differential Revision: https://secure.phabricator.com/D1797
2012-03-06 15:21:59 -08:00
vrana
aa00e2b2e4 Respect Status and Order in Filter Revisions
Summary:
Filter Revisions button currently resets Status and Order fields.
I've rewritten it to GET form because it doesn't perform any action.
It fixed the problem along the way.

Test Plan:
/differential/filter/revisions/
Status: Open.
Filter Revisions.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, epriestley

Differential Revision: https://secure.phabricator.com/D1771
2012-03-05 13:32:59 -08:00
vrana
34efbc8eb4 Unify terminology in Differential overview
Summary:
Deja vu: D1472

Blame Rev: rP92f3ff

Test Plan: /differential/filter/revisions/

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, epriestley

Differential Revision: https://secure.phabricator.com/D1770
2012-03-04 03:17:22 -08:00
vrana
03a108e121 Don't throw exception in diff versus file removed from revision
Test Plan: Display a revision where a file was removed compared to previous
diffs, like https://secure.phabricator.com/D1724?vs=3008&id=3009.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, epriestley

Differential Revision: https://secure.phabricator.com/D1754
2012-03-01 18:01:47 -08:00
vrana
c0c5b9bb64 Add Edit All link to Differential revision
Summary:
Some text editors support opening multiple files at once.
I've used space as paths separator which may be compatible with some other
editors (I didn't tried any other though).
Note: This approach is incompatible with spaces in paths.
I am fine with changing it to anything else to support such paths or more
editors.
Probably the cleanest solution (yet still incompatible with most editors) would
be to use something like ##editor://open/?file=A&line=1&file=B&line=2## but it
would require also changing the way how it's configured and I think it's not
worth it.
BTW, I've used a hacky bookmarklet for this feature before.

Deleted or added paths may not exist in users filesystem but we don't know which
so the button tries to open everything.

Test Plan:
Click Edit All.
Delete Editor Link in settings, verify that the button is missing.
View diff without revision, verify that the button is missing.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, epriestley

Differential Revision: https://secure.phabricator.com/D1741
2012-03-01 10:09:32 -08:00
epriestley
21f0aba701 Use an inline dialog element for inline comments in Differential
Summary:
The current approach of using a modal overlay dialog to create/edit inline
comments is pretty silly. Use an inline textarea instead.

This element isn't perfect and we have some mild modalness issues, but I think
it's better than the silly thing we've got going on right now. We can keep
poking it as people break it.

Test Plan:
  - Created comments; submitted and undid them in empty and nonempty states.
Used undo for nonempty states + cancel.
  - Edited comments; saved and canceled them. Used undo for changed state.
  - Replied to comments; yada yada as above.
  - Deleted comments.
  - Did various modal trickery where I clicked "Reply" on something else with a
dialog already up, this very mildly glitches but I think it's not a big issue.

Reviewers: vrana, btrahan, Makinde, nh

Reviewed By: vrana

CC: aran, epriestley

Maniphest Tasks: T431

Differential Revision: https://secure.phabricator.com/D1716
2012-02-29 14:28:48 -08:00
epriestley
3289059452 Unify "toggle buttons" controls
Summary: This control is a very thin shell right now with Maniphest/Differential
code duplication; unify the implemenations better for use in Audit.

Test Plan: Clicked toggle buttons in Differential and Maniphest.

Reviewers: btrahan, jungejason

Reviewed By: btrahan

CC: aran, epriestley

Differential Revision: https://secure.phabricator.com/D1700
2012-02-27 12:59:05 -08:00
John Fremlin VII
583cca0d7c Various statistics about revisions at /differential/stats/revisions/
Summary:
Show some statistics, like number of revisions, number of
revisions per week, lines per revision, etc. for phrivolous amusement.

Test Plan:
 - Went to /differential/stats/revisions/
Numbers seem right
 - Clicked 'Accepted'
Again
 - Changed to another user with long history
Load time was not too long though delay noticeable
 - Clicked 'Requested changes to'
User was preserved, looks good

Reviewers: epriestley, btrahan

Reviewed By: epriestley

CC: aran, epriestley

Differential Revision: https://secure.phabricator.com/D1643
2012-02-21 12:13:18 -08:00
epriestley
92f3ffd811 Drive differential revision list with custom fields
Summary:
Build the revision list table out of custom fields instead of hard-coding it, so
installs can add all sorts of zany things to it.

NOTE: You may need to implement sortFieldsForRevisionList() if you have a custom
DifferentialFieldSelector, or some fields might show up out of order.

This implementation will preserve the expected behavior:

  public function sortFieldsForRevisionList(array $fields) {
    $default = new DifferentialDefaultFieldSelector();
    return $default->sortFieldsForRevisionList($fields);
  }

Test Plan:
  - Loaded differential revision list, identical to old list.
  - Profiled page to verify the cost increase isn't significant (it's quite
small).

Reviewers: jungejason, btrahan

Reviewed By: btrahan

CC: aran, btrahan, davidreuss, epriestley

Maniphest Tasks: T773, T729

Differential Revision: https://secure.phabricator.com/D1388
2012-02-20 05:38:21 -08:00
epriestley
da1d57b60a When viewing raw file content in Differential, cache it into the File tool
before displaying it

Summary:
@alok reported a vulnerability where Flash will run carefully-crafted plain text
files.

When the user requests a raw file, cache it into Files if it isn't already
there. Then redirect them to Files. This solves the problem by executing the
SWF/TXT with CDN-domain permissions, not content-domain permissions, provided
the install is correctly configured. (Followup diff coming to make this more
universally true.)

NOTE: We'll still show raw data in Diffusion. The barrier to XSS here is much
higher (you need commit access) but I'll do something similar there. We aren't
vulnerable in Paste, since we already use Files.

Test Plan: Clicked "View Old File", "View New File" in an alt-domain
configuration, got redirected to a cookie-free domain before being delivered the
response.

Reviewers: btrahan, alok

Reviewed By: btrahan

CC: aran, epriestley

Differential Revision: https://secure.phabricator.com/D1607
2012-02-14 17:00:20 -08:00