1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-18 04:42:40 +01:00
Commit graph

7854 commits

Author SHA1 Message Date
vrana
718d22d607 Convert Remarkup to safe HTML
Test Plan: None.

Reviewers: epriestley

CC: aran, Korvin

Maniphest Tasks: T2432

Differential Revision: https://secure.phabricator.com/D4919
2013-02-13 12:34:49 -08:00
Afaque Hussain
2dab1c1e42 Made conduit permanently installed
Summary: Made conduit permanently installed

Test Plan: Tried to uninstall conduit from applications app and I couldn't :)

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D4935
2013-02-13 12:21:50 -08:00
Chad Little
2591b4bc77 pht for Paste
Summary: Fill in missing pht's for Paste

Test Plan: Review Paste in ALLCAPS.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D4934
2013-02-13 11:47:31 -08:00
vrana
5ad526942b Convert AphrontPanelView to safe HTML (except children)
Summary: Fixes some double escaping and potential XSS.

Test Plan: Looked at homepage.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T2432

Differential Revision: https://secure.phabricator.com/D4917
2013-02-13 10:30:32 -08:00
Chad Little
b4d69800f9 Moderize Projects
Summary: Add mobile menus, PHTs and clean up panels. There is a litle more to do, but will tackle feed, etc in another diff.

Test Plan: Test Project filters on Chrome and iOS browser.

Reviewers: epriestley, btrahan

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D4931
2013-02-13 09:22:14 -08:00
Afaque Hussain
829fa6664f Created Chat log application class
Summary: Created a chat log application which displays on the home page.

Test Plan: Loaded the home page to see if the chat log application really shows up on the home page.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D4930
2013-02-13 07:28:14 -08:00
Lauri-Henrik Jalonen
29d6180e35 Show drafts and inline comments
Summary:
Show drafts for users that made them.
Show inline comments beside image, highlights them when user mouseovers selection.
Allow users that can view mock to add inline comment instead of only allowing users that can edit mock to add inline comment.

Test Plan:
Verified that inline comments are shown beside image. Verified that only drafts for current user are shown. Verified that inline comment is
highlithed when user mouseovers their selection.

Reviewers: epriestley

CC: aran, Korvin

Maniphest Tasks: T2446

Differential Revision: https://secure.phabricator.com/D4929
2013-02-13 07:23:51 -08:00
taichi
21ddd3a73f escape svn repository file paths. 2013-02-13 19:30:11 +09:00
vrana
5a9e834658 Dont display empty other locations of lint errors 2013-02-12 14:01:27 -08:00
indiefan
eb942f3e1e Updated Campfire adapter to be able to post sound messages and paste messages.
Test Plan: Ran the bot with a handler that sends sound commands.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D4922
2013-02-12 11:30:21 -08:00
vrana
80fb84bd94 Convert PhabricatorTransactionView to safe HTML
Test Plan: Looked at revision detail with comments.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D4915
2013-02-11 19:01:20 -08:00
vrana
868ca71451 Fix some HTML problems
Summary: I'm too lazy to attaching them for diffs where they were introduced.

Test Plan:
/
/D1, wrote comment with code snippet
DarkConsole
commit detail, wrote comment
task detail, wrote comment

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T2432

Differential Revision: https://secure.phabricator.com/D4911
2013-02-11 18:18:26 -08:00
vrana
8c71815028 Merge renderChildren() and renderHTMLChildren()
Summary: `renderChildren()` now returns array which isn't ideal but I prefer it to having two methods.

Test Plan: None.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D4910
2013-02-11 18:18:23 -08:00
vrana
ae4e5807d6 Merge renderSingleView() and renderHTMLView()
Summary: They are same because render() returns safe HTML and raw strings are automatically escaped.

Test Plan: None.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D4909
2013-02-11 18:18:21 -08:00
vrana
c9ab1fe505 Return safe HTML from all render()
Summary:
This is pretty brutal and it adds some `phutil_safe_html()`.
But it is a big step in the right direction.

Test Plan: None.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T2432

Differential Revision: https://secure.phabricator.com/D4905
2013-02-11 18:18:18 -08:00
epriestley
edaff9e2a3 Improve description of "Show Filetree"
Summary: Clearer?

Test Plan: Read it.

Reviewers: nh

Reviewed By: nh

CC: aran

Differential Revision: https://secure.phabricator.com/D4908
2013-02-11 15:58:32 -08:00
vrana
37b98450a5 Replace array_interleave() by phutil_implode_html()
Summary:
I like this abstraction better.
Result of `phutil_implode_html()` may be also used as a param of `hsprintf()`.

Test Plan: None.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D4904
2013-02-11 15:27:43 -08:00
vrana
c3ae8286db Configure PhutilXHPAST linter
Test Plan:
  $ arc lint src/applications/audit/controller/PhabricatorAuditListController.php

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T2432

Differential Revision: https://secure.phabricator.com/D4895
2013-02-11 15:27:41 -08:00
vrana
a22ef4e9b4 Kill most of phutil_escape_html()
Summary:
This resolves lots of double escaping.
We changed most of `phutil_render_tag(, , $s)` to `phutil_tag(, , $s)` which means that `$s` is now auto-escaped.
Also `pht()` auto escapes if it gets `PhutilSafeHTML`.

Test Plan: None.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T2432

Differential Revision: https://secure.phabricator.com/D4889
2013-02-11 15:27:38 -08:00
epriestley
f1a36cf3c8 Make it easier to use print_r() debugging
Summary:
The fixed-position side nav background thing tends to make looking at print_r() output hard. Also, it breaks Ajax, etc.

  - Loudly call out unexpected output on normal pages, to catch extra spaces before `<?php`, etc.
  - Display unexpected output in an attractive panel on normal pages.
  - Log unexpected output instead of breaking Ajax.

Test Plan:
{F32267}

Also triggered various fatals and verified they still show the right messages (no blank pages).

Reviewers: vrana, btrahan, chad

Reviewed By: btrahan

CC: aran

Differential Revision: https://secure.phabricator.com/D4892
2013-02-11 11:06:59 -08:00
epriestley
1e74c05ac6 Add timestamps to development-mode static resource URIs
Summary:
When a developer changes CSS, it is normally sufficient to reload the page to get changes to show up, because browsers revalidate resources on reload.

However, if you reload the page and then an Ajax request adds new CSS to the page, this CSS does not trigger revalidation. The developer must currently clear their cache or re-run `scripts/celerity_mapper.php webroot`, to get this request to skip cache. We rarely use CSS over Ajax right now, so this hasn't cropped up much, but Conpherence does use this and clearing the resource is a big pain.

This seems to work fine normally, but I'm worried it might break some of the extra-celerity-resources stuff Facebook is doing.

Test Plan: In development mode, changed `conpherence/message-pane.css` and saw changes reflected on reload. Verified normal page loads do not cause additional HTTP requests. This change has no effect in production mode.

Reviewers: edward, vrana, btrahan

Reviewed By: vrana

CC: aran

Maniphest Tasks: T2428

Differential Revision: https://secure.phabricator.com/D4902
2013-02-11 11:06:41 -08:00
epriestley
ca0d6aca10 Add separate exception for when the repository clone is unreadable.
Summary: Show a more specific exception when the local clone cannot be read because of permission issues.

Test Plan: Create a repository in an unreadable location and check for the right exception.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T2368

Differential Revision: https://secure.phabricator.com/D4868
2013-02-11 08:35:00 -08:00
kwadwo
76aee9985a Conduit file upload method that takes in the files content hash and name. Returns the file phid if successful. Updates to phutil library map.
Summary: Conduit method to upload a a new file using a hash

Test Plan: Try uploading a file using its content hash

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D4899
2013-02-11 06:30:02 -08:00
indiefan
eaa72c6155 Fixing a bug in the bot ignore logic to use sender.
Summary: Also added sender to the campfire adapter. This isn't extremely useful as it's just a numeric id, but it allows us to add ignores (specifically having the bot ignore itself).

Test Plan: Ran the bot, ignored itself.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D4893
2013-02-09 16:10:33 -08:00
epriestley
0f8984f5a7 Move XHProf sampling code out of index.php
Summary:
  - Separate the ideas of "requested" (explicit user request) vs "started" (user request or sampling).
  - Move this code out of index.php into the XHProf stuff (general effort to make index.php smaller).

Test Plan:
Verified that profiling still works, and profiling extends to ajax requests.

Set sampling rate to 2, saw 50% samples.

Looked at database, saw sampling data populating properly.

Reviewers: vrana, nh

Reviewed By: vrana

CC: aran

Differential Revision: https://secure.phabricator.com/D4891
2013-02-09 15:47:55 -08:00
vrana
b72e7969a1 Move Pygments handling to libphutil
Test Plan: None.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D4875
2013-02-09 15:19:55 -08:00
vrana
9b8da73765 Convert AphrontTableView to safe HTML
Summary:
Lots of killed `phutil_escape_html()`.

Done by searching for `AphrontTableView` and then `$rows` (usually) backwards.

Test Plan:
Looked at homepage.

  echo id(new AphrontTableView(array(array('<'))))->render();

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D4884
2013-02-09 15:11:38 -08:00
vrana
58b6e2cac6 Convert AphrontDialogView to safe HTML
Summary:
Done by searching for `AphrontDialogView` and then `appendChild()`.

Also added some `pht()`.

Test Plan: None.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D4882
2013-02-09 15:11:35 -08:00
vrana
e4736bf977 Avoid double escaping in error view title
Summary: Searched for `AphrontErrorView` and then for `setTitle()`.

Test Plan: None.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T2432

Differential Revision: https://secure.phabricator.com/D4880
2013-02-09 15:11:33 -08:00
epriestley
879c14e13a Consolidate HTTP header access
Summary: Route all `$_SERVER['HTTP_...']` stuff through AphrontRequest (it would be nice to make this non-static, but the stack is a bit tangled right now...)

Test Plan: Verified CSRF and cascading profiling. `var_dump()`'d User-Agent and Referer and verified they are populated and returned correct values when accessed. Restarted server to trigger setup checks.

Reviewers: vrana

Reviewed By: vrana

CC: aran

Differential Revision: https://secure.phabricator.com/D4888
2013-02-09 15:01:57 -08:00
epriestley
f5827871d5 When a page is profiled, profile all AJAX requests too
Summary: If a page is profiled, add an "X-Phabricator-Profiler" header to all Ajax requests, and profile those too.

Test Plan: Profiled a page, checked Darkconsole, saw profiles for everything.

Reviewers: vrana, btrahan

Reviewed By: vrana

CC: aran

Differential Revision: https://secure.phabricator.com/D4885
2013-02-09 13:29:47 -08:00
epriestley
27a537c15f When viewing a thread with no picture, load no images instead of all images
Summary:
Currently, we select every file when looking at a thread with no splash image.

(Possibly the Query stuff should try to catch this.)

Test Plan: No more `SELECT * FROM files` query.

Reviewers: chad, btrahan, vrana

Reviewed By: vrana

CC: aran

Differential Revision: https://secure.phabricator.com/D4887
2013-02-09 13:28:51 -08:00
epriestley
4a3a4fdea3 Make Conpherence a lot faster
Summary: Remove a sleep().

Test Plan: Thread cost dropped from ~1s to ~70ms for a test thread based on profiling after D4885.

Reviewers: btrahan, chad, vrana

Reviewed By: chad

CC: aran

Differential Revision: https://secure.phabricator.com/D4886
2013-02-09 13:00:06 -08:00
Nick Pellegrino
628bef0771 Default to right status when viewing a config 'class' option
Summary: T2361

Test Plan:
Set value to metamta.mail-adapter and reload page.  Defaults to assigned value.
Performed same test with metamta.can-send-as-user to check that functionality is not broken for config 'boolean' options.

Reviewers: epriestley

Reviewed By: epriestley

CC: kwadwon, aran, Korvin

Maniphest Tasks: T2361

Differential Revision: https://secure.phabricator.com/D4881
2013-02-09 11:03:57 -08:00
epriestley
1190e0516f Fix double escaping on PhabricatorFileLinkListView
Summary: Fallout from D4822.

Test Plan: {F32108}

Reviewers: chad, btrahan, vrana

Reviewed By: chad

CC: aran

Differential Revision: https://secure.phabricator.com/D4879
2013-02-09 08:43:37 -08:00
Chad Little
2cc1da20e7 Mobile-ize Phriction
Summary: Walk through using Phriction on mobile, cleaned up missing conversion.

Test Plan: View History, edit document, create document, delete document.

Reviewers: epriestley, btrahan

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D4872
2013-02-09 08:36:28 -08:00
kwadwo
9d031a51df Files now share storage. New files are written only if no other files have the same contentHash. Storage is only deleted if no other file is sharing it.
Summary: Storage is shared between files in a smart way. When uploading files, if other file have the same contentHash, then share storage. On delete, storage is permanently deleted only if no other files are sharing it

Test Plan: Upload multiple copies of the same file, while tracking database. Delete copies of files and check to see that the storage is only deleted if no other files are using it

Reviewers: epriestley

CC: aran, Korvin

Maniphest Tasks: T2454

Differential Revision: https://secure.phabricator.com/D4775
2013-02-09 07:03:58 -08:00
epriestley
3dd5d693c8 Fix double escaping in Pholio subscribers
Summary:
Fallout from D4822. We now escape text by default, and imploding links causes double-escaping. See here for details:

http://www.phabricator.com/docs/phabricator/article/Rendering_HTML.html

Test Plan: {F32100}

Reviewers: ljalonen, chad, btrahan, vrana

Reviewed By: ljalonen

CC: aran

Differential Revision: https://secure.phabricator.com/D4878
2013-02-09 06:51:47 -08:00
epriestley
3706ec4879 Promote phutil_tag
Summary: Fixes T2432. Anything else we should do before we land this? I'll land the lint rules at the same time.

Test Plan: See D4807.

Reviewers: vrana, btrahan

CC: aran, lesha, edward

Maniphest Tasks: T2432

Differential Revision: https://secure.phabricator.com/D4822
2013-02-08 17:30:08 -08:00
epriestley
7ec8e885e1 Merge branch 'master' into phutil_tag
(Final final sync.)
2013-02-08 17:29:32 -08:00
vrana
d817dfa8fc Convert some phutil_escape_html() to hsprintf()
Summary: Found by `sgrep_php -e '"...".phutil_escape_html(...)'`.

Test Plan:
/
/D1
/uiexample/
/countdown/1/
/herald/transcript/1/all/

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T2432

Differential Revision: https://secure.phabricator.com/D4869
2013-02-08 15:59:02 -08:00
epriestley
51947ac332 Make diviner documentation generation book-oriented
Summary:
I want to allow a single project to generate multiple "books" of documentation, so we can separate user-facing documentation from technical documentation and such.

Generalize the ".divinerconfig" file into a "diviner book" configuration file.

Since only the "generate" workflow actually reads any of this stuff, move it all down into the generate workflow.

Also, namespace the cache.

Test Plan: Ran `bin/diviner generate --book src/docs/user.book`, saw appropriate output. Verified cache generated in a namespace in `.divinercache/`.

Reviewers: btrahan, indiefan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T988

Differential Revision: https://secure.phabricator.com/D4857
2013-02-08 10:48:30 -08:00
epriestley
6e5d8d4577 Fix documentation to require "sudo" for bin/aphlict
Summary: This script must run as root because it requires a privileged port to enable the flash cross-domain stuff. We give you a useful error message if you don't run it as root, but can be more clear in the documentation.

Test Plan: Read file

Reviewers: Afaque_Hussain, btrahan

Reviewed By: Afaque_Hussain

CC: aran

Differential Revision: https://secure.phabricator.com/D4867
2013-02-08 10:48:23 -08:00
Chad Little
51dfeb7950 pht for phriction
Summary: Scan all phriction app files for text to pht

Test Plan: Use phriction in ALL CAPS, seems reasonably usable.

Reviewers: epriestley, btrahan

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D4862
2013-02-08 09:54:27 -08:00
Afaque Hussain
9c19e9b7d8 Preserving the Animation of Gif Images
Summary: Preserving animation of GIF profile Pictures

Test Plan: Uploaded Animated images as profile pictures to check if the animation of gif images is preserved and it does :) somewhat !

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D4833
2013-02-08 09:42:28 -08:00
Chad Little
cc084822da Remove panel background in Phriction
Summary: For consistency, remove panel backgrounds on forms.

Test Plan: Reload pages

Reviewers: btrahan, epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D4863
2013-02-08 08:00:17 -08:00
Lauri-Henrik Jalonen
bed728f23e Show saved inline comments
Summary: Saved inline comments are now shown for images.

Test Plan: Verified that inline comments are loaded and shown.

Reviewers: epriestley

CC: aran, Korvin

Maniphest Tasks: T2446

Differential Revision: https://secure.phabricator.com/D4866
2013-02-08 07:40:55 -08:00
vrana
7063ee638e Pass actor to revision unsubscriber editor
Summary: I wonder how I tested this.

Test Plan: Subscribed, unsubscribed.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D4860
2013-02-07 18:19:19 -08:00
vrana
138da5a279 Kill some PhutilSafeHTML
Summary: Also couple of unrelated Ponder changes.

Test Plan: /Q5

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D4858
2013-02-07 18:01:01 -08:00
vrana
7dd19ba93f Convert AphrontFormLayoutView to safe HTML
Summary: Searched for `AphrontFormLayoutView` and then `appendChild()`.

Test Plan: /V1

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T2432

Differential Revision: https://secure.phabricator.com/D4856
2013-02-07 18:01:00 -08:00