1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-28 17:52:43 +01:00
Commit graph

13 commits

Author SHA1 Message Date
epriestley
b116861b16 Add draft support to ApplicationTransactions
Summary:
When previewing, save drafts. When loading objects, restore drafts if they are available.

Depends on: D665

Test Plan:
  - Viewed a Mock.
  - Typed text into the comment box.
  - Reloaded the page.
  - Text still there.
  - Hit submit, got my comment.
  - Reloaded the page.
  - Draft correctly deleted.
  - Repeated for Macros.

Reviewers: btrahan, chad, vrana

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2104

Differential Revision: https://secure.phabricator.com/D4252
2012-12-21 05:57:14 -08:00
epriestley
0fd77783a4 Add previews to ApplicationTransaction
Summary:
Implements previews for Macros and Pholio.

(Design is nonfinal -- kind of split the difference between `diff_full_view.png`, laziness, and space concerns. Next couple diffs will add more stuff here.)

Test Plan: {F28055}

Reviewers: btrahan, chad

Reviewed By: btrahan

CC: aran, vrana

Maniphest Tasks: T2104

Differential Revision: https://secure.phabricator.com/D4246
2012-12-21 05:51:33 -08:00
epriestley
4fe09a0ac7 Add passthru to AphrontRequest
Summary:
For transaction interfaces, I want to prompt the user when they take an action that has no effect, e.g.:

  Action Has No Effect

  You can not close this task, because someone else has already closed it.

  Do you want to post your comment anyway?

        [Cancel] [Post Comment]

We already do this for Differential, but it's all hard-coded. T912 is an open task for fixing this for Maniphest.

To do this in a general way, I want to embed the entire request in the dialog as hidden inputs, then add a "__continue__" key and resubmit the form. The endpoint will read this key the second time through and apply what effects it can (e.g., just post a comment).

This adds a mechanism for getting all the request data, minus "magic" like __dialog__ and __csrf__. We need to jump through some hoops because of how PHP encodes arrays.

Test Plan: Ran unit tests, built "no effect" dialogs on top of this.

Reviewers: btrahan, vrana

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T912, T2104

Differential Revision: https://secure.phabricator.com/D4158
2012-12-11 17:27:02 -08:00
epriestley
ba7723d905 Modernize Macro application
Summary: Adds feed, email, notifications, comments, partial editing, subscriptions, enable/disable, flags and crumbs to Macro.

Test Plan:
{F26839}
{F26840}
{F26841}
{F26842}
{F26843}
{F26844}
{F26845}

Reviewers: vrana, btrahan, chad

Reviewed By: vrana

CC: aran

Maniphest Tasks: T2157, T175, T2104

Differential Revision: https://secure.phabricator.com/D4141
2012-12-11 14:01:03 -08:00
vrana
ef85f49adc Delete license headers from files
Summary:
This commit doesn't change license of any file. It just makes the license implicit (inherited from LICENSE file in the root directory).

We are removing the headers for these reasons:

- It wastes space in editors, less code is visible in editor upon opening a file.
- It brings noise to diff of the first change of any file every year.
- It confuses Git file copy detection when creating small files.
- We don't have an explicit license header in other files (JS, CSS, images, documentation).
- Using license header in every file is not obligatory: http://www.apache.org/dev/apply-license.html#new.

This change is approved by Alma Chao (Lead Open Source and IP Counsel at Facebook).

Test Plan: Verified that the license survived only in LICENSE file and that it didn't modify externals.

Reviewers: epriestley, davidrecordon

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T2035

Differential Revision: https://secure.phabricator.com/D3886
2012-11-05 11:16:51 -08:00
epriestley
38c83ef846 Defuse a "Host:" header attack
Summary:
Django released a security update recently dealing with malicious "Host" headers:

https://www.djangoproject.com/weblog/2012/oct/17/security/

We're vulnerable to the same attack. Plug the hole.

The risk here is that an attacker does something like this:

  # Register "evil.com".
  # Point it at secure.phabricator.com in DNS.
  # Send a legitimate user a link to "secure.phabricator.com:ignored@evil.com".
  # They login and get cookies. Normally Phabricator refuses to set cookies on domains it does not recognize.
  # The attacker now points "evil.com" at his own servers and reads the auth cookies on the next request.

Test Plan: Unit tests.

Reviewers: vrana, btrahan

Reviewed By: vrana

CC: aran

Differential Revision: https://secure.phabricator.com/D3766
2012-10-22 10:49:06 -07:00
epriestley
83bbad8ba0 Move skins toward modularization
Summary:
Two high-level things happening here:

  - We no longer ever need to put meta-UI (content creation, editing, notices, etc.) on live blog views, since this is all in Phame now. I pulled this out.
  - On the other hand, I pushed more routing/control logic into Skins and made the root skin a Controller instead of a View. This simplifies some of the code above skins, and the theory behind this is that it gives us greater flexibility to, e.g., put a glue layer between Phame and Wordpress templates or whatever else, and allows skins to handle routing and thus add pages like "About" or "Bio".
  - I added a basic skin below the root skin which is more like the old root skin and has standard rendering hooks.
  - "Ten Eleven" is a play on the popular (default?) Wordpress themes called "Twenty Ten", "Twenty Eleven" and "Twenty Twelve".

Test Plan: Viewed live blog and live posts. They aren't pretty, but they don't have extraneous resources.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T1373

Differential Revision: https://secure.phabricator.com/D3714
2012-10-17 08:36:25 -07:00
epriestley
a0070d8bf4 Make AphrontRequest::getHost() work properly in the presence of a port
Summary: This currently gives us back "domain.com:port" if there's a port, which messes up the new Phame logic. Make `getHost()` do what one would reasonably expect it to.

Test Plan: Loaded my local, which is on 8080.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Differential Revision: https://secure.phabricator.com/D3571
2012-09-30 21:19:35 -07:00
vrana
f466c54fc0 Simplify AphrontRequest::getStrList()
Test Plan: https://secure.phabricator.com/diffusion/P/browse/master/src/aphront/__tests__/AphrontRequestTestCase.php;65bbd24974974672$68-75

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D3531
2012-09-21 13:05:26 -07:00
epriestley
ee05fe81a4 Add redirect to HTTPS option
Summary: Rehash of D3411. In cgi/fcgi setups we have no idea if the request is HTTP or HTTPS as far as I can tell, so make this config-triggered again. Also handle @vrana's "off" case.

Test Plan: Set this flag, observed redirect to https when `$_SERVER['HTTPS']` was absent.

Reviewers: nh, vrana

Reviewed By: nh

CC: aran

Differential Revision: https://secure.phabricator.com/D3420
2012-09-04 09:56:30 -07:00
Bob Trahan
321df38ccf Deleting unused private member variable from AphrontRequest
Summary: I was poking around to see how this class worked and noticed this variable does nothing.

Test Plan: Careful inspection and reasoning that unused private member variable can be deleted.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D3068
2012-07-25 13:48:46 -07:00
Jonathan Lomas
4131fd34d3 Allow use of any whitespace or a comma as a task ID delimiter in custom query. 2012-06-15 15:54:09 -07:00
vrana
6cc196a2e5 Move files in Phabricator one level up
Summary:
- `kill_init.php` said "Moving 1000 files" - I hope that this is not some limit in `FileFinder`.
- [src/infrastructure/celerity] `git mv utils.php map.php; git mv api/utils.php api.php`
- Comment `phutil_libraries` in `.arcconfig` and run `arc liberate`.

NOTE: `arc diff` timed out so I'm pushing it without review.

Test Plan:
/D1234
Browsed around, especially in `applications/repository/worker/commitchangeparser` and `applications/` in general.

Auditors: epriestley

Maniphest Tasks: T1103
2012-06-01 12:32:44 -07:00
Renamed from src/aphront/request/AphrontRequest.php (Browse further)