Summary:
Our smtp server responded slowly sometimes and reached the timeout, but actually
it had sent the email successfully. The mta then retried and sent duplicated
emails. So changed to a bigger default value.
Test Plan: Tested in our deployed and it worked
Reviewers: #blessed_reviewers, epriestley
Reviewed By: #blessed_reviewers, epriestley
Subscribers: epriestley, Korvin
Differential Revision: https://secure.phabricator.com/D8852
Summary: Fixes T4417. In this particular codepath, the lovely CreateHeader already added the to: information, so no need to slap it on the front all ghetto style.
Test Plan: imma push this live and test (I am lazy and don't want to configure amazon ses)
Reviewers: epriestley
CC: Korvin, epriestley, aran
Maniphest Tasks: T4417
Differential Revision: https://secure.phabricator.com/D8288
Summary:
Fixes T4143. This mitigates the "use a botnet to slowly try to login to every user account using the passwords '1234', 'password', 'asdfasdf', ..." attack, like the one that hit GitHub.
(I also donated some money to Openwall as a thanks for compiling this wordlist.)
Test Plan:
- Tried to register with a weak password; registered with a strong password.
- Tried to set VCS password to a weak password; set VCS password to a strong password.
- Tried to change password to a weak password; changed password to a strong password.
Reviewers: btrahan
Reviewed By: btrahan
CC: aran, chad
Maniphest Tasks: T4143
Differential Revision: https://secure.phabricator.com/D8048
Summary: Ref T4205. This is an initial implementation of Phragment. You can create and browse fragments in the system (but you can't yet view a fragment's patches / history).
Test Plan: Clicked around and created fragments.
Reviewers: epriestley, #blessed_reviewers
Reviewed By: epriestley
CC: Korvin, epriestley, aran
Maniphest Tasks: T4205
Differential Revision: https://secure.phabricator.com/D7726
Summary:
When sending an email through ses, the body property on the response object is not set, throwing a notice. This causes the system to assume a messsage failure, and requeues the email.
As the email is actually delivered, it causes an email bomb :(
Message Undefined property: stdClass::$body
#0 /sidekick/phabricator/phabricator/externals/amazon-ses/ses.php(571): PhutilErrorHandler::handleError(8, 'Undefined prope...', '/sidekick/phabr...', 571, Array)
#1 [internal function]: SimpleEmailServiceRequest->__responseWriteCallback(Resource id #290, '<SendRawEmailRe...')
#2 /sidekick/phabricator/phabricator/externals/amazon-ses/ses.php(526): curl_exec(Resource id #290)
#3 /sidekick/phabricator/phabricator/externals/amazon-ses/ses.php(267): SimpleEmailServiceRequest->getResponse()
#4 /sidekick/phabricator/phabricator/src/applications/metamta/adapter/PhabricatorMailImplementationAmazonSESAdapter.php(33): SimpleEmailService->sendRawEmail('To: brooke.brya...')
#5 /sidekick/phabricator/phabricator/externals/phpmailer/class.phpmailer-lite.php(502): PhabricatorMailImplementationAmazonSESAdapter->executeSend('To: brooke.brya...')
#6 /sidekick/phabricator/phabricator/src/applications/metamta/adapter/PhabricatorMailImplementationPHPMailerLiteAdapter.php(91): PHPMailerLite->Send()
#7 /sidekick/phabricator/phabricator/src/applications/metamta/storage/PhabricatorMetaMTAMail.php(631): PhabricatorMailImplementationPHPMailerLiteAdapter->send()
#8 /sidekick/phabricator/phabricator/src/applications/metamta/management/PhabricatorMailManagementSendTestWorkflow.php(130): PhabricatorMetaMTAMail->sendNow()
#9 /sidekick/phabricator/libphutil/src/parser/argument/PhutilArgumentParser.php(396): PhabricatorMailManagementSendTestWorkflow->execute(Object(PhutilArgumentParser))
#10 /sidekick/phabricator/libphutil/src/parser/argument/PhutilArgumentParser.php(292): PhutilArgumentParser->parseWorkflowsFull(Array)
#11 /sidekick/phabricator/phabricator/scripts/mail/manage_mail.php(28): PhutilArgumentParser->parseWorkflows(Array)
#12 {main}
Test Plan: Send a test email through SES mail provider running on php 5.5
Reviewers: epriestley, #blessed_reviewers
Reviewed By: epriestley
CC: Korvin, epriestley, aran, btrahan
Differential Revision: https://secure.phabricator.com/D7660
Summary: I opened a pull request to fix this in the WePay upstream, see
<https://github.com/wepay/PHP-SDK/pull/13>. Fix it here too now until that
gets pulled.
Auditors: btrahan
Summary: Clode blocks are now much clearer in blog posts with the usage of a bg color, border and scrolling for overflowing content
Test Plan: Create a phame post with a code block and see the visual difference
Reviewers: epriestley
Reviewed By: epriestley
CC: aran, Korvin, chad
Differential Revision: https://secure.phabricator.com/D6320
Summary:
This fixes at least two issues with the S3 library on newer versions of cURL/PHP:
- NOTICE: PHP message: [2013-07-02 22:15:54] ERROR 8: curl_setopt(): CURLOPT_SSL_VERIFYHOST with value 1 is deprecated and will be removed as of libcurl 7.28.1. It is recommended to use value 2 instead at [/core/lib/phabricator/externals/s3/S3.php:1744]
- `$this->request->body` was appended to without initializing it, which rasies an error on PHP 5.5.0.
I looked over the rest of the changes briefly and they all seem reasonable-ish.
Test Plan:
- Uploaded a file to S3.
- Downloaded a file from S3.
- Deleted a file from S3.
- Checked error logs for anything suspicious.
Reviewers: btrahan
Reviewed By: btrahan
CC: aran
Differential Revision: https://secure.phabricator.com/D6349
Summary:
Ref T2787.
I //think// we could also use WePay as a recurring payment provider, but this is somewhat messy (OAuth + requires account) -- basically it's "add a WePay account" instead of "add a credit card".
The WePay checkout workflow is a bit upsell-y but basically reasonable.
I like that their API just has a `request($method, $params)` method instead of 30,000 lines of methods for each request type. I did hit one bug; I'll send a pull for that.
Test Plan: Got as far as the charge callback in testing; the rest isn't implemented for any provider yet.
Reviewers: btrahan, vrana, chad
Reviewed By: btrahan
CC: aran
Maniphest Tasks: T2787
Differential Revision: https://secure.phabricator.com/D5982
Summary: If `jsxmin` is not available, use a pure PHP implementation instead (JsShrink).
Test Plan:
- Ran `arc lint --lintall` on all JS and fixed every relevant warning.
- Forced minification on and browsed around the site using JS behaviors. Didn't hit anything problematic.
Reviewers: vrana, btrahan
Reviewed By: vrana
CC: aran, Korvin
Differential Revision: https://secure.phabricator.com/D5670
Summary: Adds the Balanced PHP API to externals/. Ref T2787.
Test Plan: Used in next diff.
Reviewers: btrahan, chad
Reviewed By: chad
CC: aran, aurelijus
Maniphest Tasks: T2787
Differential Revision: https://secure.phabricator.com/D5764
Summary: Fixes T2962. That task discusses this issue.
Test Plan: Read php-curl documentation to verify this change makes sense. Sent an email with SES.
Reviewers: btrahan, garoevans
Reviewed By: garoevans
CC: aran
Maniphest Tasks: T2962
Differential Revision: https://secure.phabricator.com/D5669
Summary:
Currently, Celerity map rebuilds on Windows don't put Stripe or Raphael into the map. Move them into `webroot/rsrc/externals/` so they get picked up.
At some point we should maybe let the mapper load resources from mulitple locations, but this is more straightforward for now.
See https://github.com/facebook/phabricator/issues/294
Test Plan: Rebuilt map, verified Burnup Rate + Stripe work.
Reviewers: vrana, btrahan
Reviewed By: btrahan
CC: aran
Differential Revision: https://secure.phabricator.com/D5661
Summary:
Ref T2843. We currently drop any stdout/stderr emitted by sendmail. Instead, use `ExecFuture` so we'll throw an exception with debugging information preserved.
@tido, can you apply this and restart the daemons?
Test Plan: Rests on @tido
Reviewers: tido, btrahan
Reviewed By: btrahan
CC: aran
Maniphest Tasks: T2843
Differential Revision: https://secure.phabricator.com/D5464
Test Plan: Double clicked on the last word of title. Tag wasn't selected.
Reviewers: epriestley
Reviewed By: epriestley
CC: aran, Korvin
Differential Revision: https://secure.phabricator.com/D5462
Summary:
This is a major pain on Windows and the main reason why Phabricator doesn't work there and is hard to fix.
The sad part is that Windows support symlinks (via `MKLINK`) but Git on Windows doesn't use them.
Test Plan: Loaded Phabricator on Windows without JS errors.
Reviewers: epriestley
Reviewed By: epriestley
CC: aran, Korvin
Differential Revision: https://secure.phabricator.com/D5458
Summary:
Currently, if an image is too wide for the viewport, we freak out. Instead, scale it down.
This means we must also scale down all the rectangles on it, which is why this is tricky. However, all the draw/load separation has made it reasonably straightforward.
We'll possibly need to add some kind of "view full size" thing. I'm planning to add an element which shows "85%" or whatever if it's currently scaled.
Test Plan:
Before:
{F33607}
After:
{F33608}
Reviewers: chad, ljalonen
Reviewed By: chad
CC: aran
Differential Revision: https://secure.phabricator.com/D5088
Summary:
Added isNormalMouseEvent() that returns true if left mouse button triggered event click, mousedown or mouseup.
Modified isNormalMouseClick() to use new function.
Test Plan: Verified that new function works for click, mousedown and mouseup events.
Reviewers: epriestley
Reviewed By: epriestley
CC: aran, Korvin
Maniphest Tasks: T2475
Differential Revision: https://secure.phabricator.com/D4778
Summary:
If you run this code:
json_encode(array('tag' => phutil_tag('div', array())));
...you get this result, because json_encode() does not call toString() on objects:
{"tag":{}}
Instead, convert such objects to their underlying strings. Javelin has support for JX.HTML and for implicit conversion (which is kind of sketchy for other reasons) but it's sort of complicated (only happens on Ajax, not behaviors) and messy (not metadata-based), so ignore it for now.
We'll need to do something similar for serialization to the database. My plan there is just to throw on any objects. The only time we put HTML in the database is cache-related and those tiny number of callsites can manually handle it.
Test Plan: Various ajax things now receive the correct data.
Reviewers: vrana
Reviewed By: vrana
CC: aran
Maniphest Tasks: T2432
Differential Revision: https://secure.phabricator.com/D4684
Summary:
Submoduling is slightly convenient for developers but hellishly difficult for many users. Since we make about a dozen updates to Javelin per year, just include the source directly.
Even if we run `git submodule status` more often, this creates additional problems for users with PATH misconfigured.
Fixes T2062 by nuking it from orbit.
Test Plan: Loaded site, browsed around. Grepped for references to submodules.
Reviewers: btrahan, vrana
CC: aran
Maniphest Tasks: T2062
Differential Revision: https://secure.phabricator.com/D4581
Summary: basically when we're on a page we have a URIPath so set that and pass it over. I wasn't super duper happy with this but it seems to be the best way to pass this data.
Test Plan: verified the og:url was correct on my dev instance of phacility blog for both the main blog and individual post view
Reviewers: epriestley
Reviewed By: epriestley
CC: chad, aran, Korvin
Differential Revision: https://secure.phabricator.com/D4269
Summary:
When previewing, save drafts. When loading objects, restore drafts if they are available.
Depends on: D665
Test Plan:
- Viewed a Mock.
- Typed text into the comment box.
- Reloaded the page.
- Text still there.
- Hit submit, got my comment.
- Reloaded the page.
- Draft correctly deleted.
- Repeated for Macros.
Reviewers: btrahan, chad, vrana
Reviewed By: btrahan
CC: aran
Maniphest Tasks: T2104
Differential Revision: https://secure.phabricator.com/D4252
Summary:
See f5c2a2ab4b (commitcomment-2333247)
Copy of working implementation from PHPMailerLite.
Also expose the SSL/TLS options.
Test Plan: Switched to this mailer, configured Gmail SMTP, sent email. Verified email arrived intact.
Reviewers: btrahan, vrana
Reviewed By: btrahan
CC: aran, mbeck
Differential Revision: https://secure.phabricator.com/D4239
Summary:
Support SMTP as the mailer and user could turn on SMTP authentication if needed.
Import PHPMailer as PHPMailerLite doesn't support SMTP.
Make class PhabricatorMailImplementationPHPMailerAdapter final.
Test Plan: N/A
Reviewers: epriestley
Reviewed By: epriestley
CC: aran, Korvin
Maniphest Tasks: T2139
Differential Revision: https://secure.phabricator.com/D4063
Summary:
When users middle click or command-click an image, we should open it in a new tab, not open a lightbox.
See https://github.com/facebook/phabricator/issues/234
Test Plan: Left, middle, and command-clicked a lightbox image.
Reviewers: vrana, chad, btrahan
Reviewed By: vrana
CC: aran
Differential Revision: https://secure.phabricator.com/D4020
Summary: Companion diff to D4003.
Test Plan: Rigged up a response which loaded a CSS file with `body { background: red; }`, verified page turned red after I clicked the button.
Reviewers: vrana, chad, btrahan
Reviewed By: chad
CC: aran
Maniphest Tasks: T2086
Differential Revision: https://secure.phabricator.com/D4004
Summary: See D3795 / D3797. Also made the mask darker.
Test Plan: Mask now sizes properly on window resize in all browsers / mask uses.
Reviewers: btrahan
Reviewed By: btrahan
CC: aran
Differential Revision: https://secure.phabricator.com/D3798
Summary:
See D3727.
@paulshen, these are the only callsites we have in Phabricator so we can remove `setFile()` once it's clear on the Facebook side.
Test Plan: Uploaded a file with drag and drop.
Reviewers: paulshen, vrana, mnml0
Reviewed By: mnml0
CC: aran
Differential Revision: https://secure.phabricator.com/D3769
Summary:
Allow skins to serve arbitrary resources without needing to be mapped, so we can have a vibrant community of amateur skinners.
For "basic" skins, just put all the "css/" on the page always.
Includes an image to prove that works.
@vrana, pretty sure this has no impact outside of Phame but it does change Celerity so it might be to blame if there's any weirdness with static resources.
Test Plan:
{F21341}
{F21340}
Reviewers: btrahan
Reviewed By: btrahan
CC: aran
Maniphest Tasks: T1373
Differential Revision: https://secure.phabricator.com/D3719
Summary:
Lower the barrier to entry for installing and creating skins, so we can kill Wordpress. You can now install skins by dropping them into a directory, and build either "advanced" (full phutil library) skins or "basic" (simple PHP templates) skins.
Next up is getting static resources working in an easy way for skins.
I put these in `externals/` for now so they don't get hit by lint.
Test Plan: Viewed the Pokeblog with the Oblivious skin.
Reviewers: btrahan
Reviewed By: btrahan
CC: aran
Maniphest Tasks: T1373
Differential Revision: https://secure.phabricator.com/D3717
Summary: Pull in the latest version of Javelin.
Test Plan: Used application typeahead on a ":8080" install, got sent to the right URI.
Reviewers: btrahan
Reviewed By: btrahan
CC: aran
Differential Revision: https://secure.phabricator.com/D3584
Summary:
My average double click speed is 10 ms but I tried to double click as I think normal people double clicks and it was around 200 ms.
I don't want to make the timeout much longer because it looks like that something doesn't work.
Test Plan:
Double clicked on symbol.
Clicked on symbol.
Reviewers: epriestley
Reviewed By: epriestley
CC: aran, Korvin
Differential Revision: https://secure.phabricator.com/D3509
Summary:
- When a user uploads an oversized file, throw an exception.
- When an uncaught exception occurs during a Conduit request, return a Conduit response.
- When an uncaught exception occurs during a non-workflow Ajax request, return an Ajax response.
Test Plan:
- Uploaded overlarge files.
- Hit an exception page with ?__ajax__=1 and ?__conduit__=1
Reviewers: btrahan, vrana, jungejason
Reviewed By: btrahan
CC: aran
Maniphest Tasks: T875, T788
Differential Revision: https://secure.phabricator.com/D2385
Summary: PHP 5.4 raises an E_STRICT warning about "/e", and it's a generally awful idea, even though this case doesn't look exploitable. Silence the warning by using preg_replace_callback() instead of "/e".
Test Plan: Sent myself a message with a bunch of multibyte UTF8 characters in it, it came through cleanly.
Reviewers: btrahan, vrana, jungejason
Reviewed By: vrana
CC: aran
Maniphest Tasks: T1056
Differential Revision: https://secure.phabricator.com/D2147
Summary:
various stripe stuff, including
- external stripe library
- payment form
- test controller to play with payment form, sample business logic
My main questions / discussion topics are...
- is the stripe PHP library too big? (ie should I write something more simple just for phabricator?)
-- if its cool, what is the best way to include the client? (ie should I make it a submodule rather than the flat copy here?)
- is the JS I wrote (too) ridiculous?
-- particularly unhappy with the error message stuff being in JS *but* it seemed the best choice given the most juicy error messages come from the stripe JS such that the overall code complexity is lowest this way.
- how should the stripe JS be included?
-- flat copy like I did here?
-- some sort of external?
-- can we just load it off stripe servers at request time? (I like that from the "if stripe is down, stripe is down" perspective)
- wasn't sure if the date control was too silly and should just be baked into the form?
-- for some reason I feel like its good to be prepared to walk away from Stripe / switch providers here, though I think this is on the wrong side of pragmatic
Test Plan: - played around with sample client form
Reviewers: epriestley
Reviewed By: epriestley
CC: aran
Differential Revision: https://secure.phabricator.com/D2096
Summary:
Currently, we sort all results alphabetically. This isn't ideal. Instead, sort them like this:
- If the viewing user appears in the list, always sort them first. This is common in a lot of contexts and some "Ben Evans" guy is sorting first on secure.phabricator.com and causing me no end of aggravation.
- If the tokens match a "priority" component (e.g., username), sort that before results which do not have a "priority" match.
- Within a group (self, priority, everything else) sort tokens alphabetically.
NOTE: I need to go add setUser() to all the tokenizers to make the "self" rule work, but that's trivial so I figured I'd get this out first.
Test Plan:
https://secure.phabricator.com/file/data/4s2a72l5hhyyqqkq4bnd/PHID-FILE-x2r6ubk7s7dz54kxmtwx/Screen_Shot_2012-03-07_at_9.18.03_AM.png
Previously, "aaaaaepriestley" (first alphabetic match) would sort before "epriestley" (the viewing user). Now, "epriestley" sorts first because that is the viewer.
https://secure.phabricator.com/file/data/rmnxgnafz42f23fsjwui/PHID-FILE-yrnn55jl3ysbntldq3af/Screen_Shot_2012-03-07_at_9.18.09_AM.png
Previously, "aaaagopher" (first alphabetic match) would sort before "banana" (the "priority" match). Now, "banana" sorts first because it priority matches on username.
Reviewers: btrahan
Reviewed By: btrahan
CC: aran, epriestley
Maniphest Tasks: T946
Differential Revision: https://secure.phabricator.com/D1807
Summary:
- Update the Javelin submodule to pick up recent fixes (like D1749).
- Update the package definitions do do a slightly better job of packaging
resources.
Test Plan:
Up and down work in tokenizers now. Pages load slightly fewer
resources.
Reviewers: vrana, btrahan
Reviewed By: btrahan
CC: aran, epriestley
Maniphest Tasks: T927
Differential Revision: https://secure.phabricator.com/D1751
Summary:
This is so freaking cool that I will try to implement it also on Facebook.
Idea is from
http://strd6.com/2011/09/html5-javascript-pasting-image-data-in-chrome/.
I don't know how to properly detect support but lying about it is not a big
deal.
Test Plan:
Go to revision comment textarea.
Paste some text data - works as usual.
Paste some image data in Chrome - file is uploaded and a link to it is inserted.
Reviewers: epriestley
Reviewed By: epriestley
CC: aran, epriestley
Differential Revision: https://secure.phabricator.com/D1681