1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-30 10:42:41 +01:00
Commit graph

11818 commits

Author SHA1 Message Date
epriestley
75781dba1a Improve autocomplete behavior in lists and with noncompleting results
Summary:
Ref T10163. Currently, we don't activate on indented lines, but were too aggressive about this, and would not activate on lines like `  - Hey, @user...`, where we should.

Instead, don't activate on indented lines if there's only an indent (i.e., `#` probably means enumerated list).

Also, if results don't have autocompletes (rare but possible with projects missing slugs), improve behavior.

Test Plan:
  - Typed `  #a`, got no autocomplete.
  - Missing slug thing is a pain to test locallly, `#1 z z z z` reproduces in production. I'll just verify it there.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10163

Differential Revision: https://secure.phabricator.com/D15040
2016-01-16 15:18:24 -08:00
epriestley
75b8d3312b Hide the autocompleter intelligently when you ignore it and keep typing
Summary:
Ref T10163. When we think the user has finished typing a word (because they typed a space, period, or other similar characters) and nothing else they might type could possibly change the outcome (usually because the words they have typed already match nothing), just deactivate the autocomplete.

As a special case, if the word they have typed already select exactly one result, //and// they have already typed exactly that result,  assume they just typed it from memory and deactivate.

Test Plan:
  - Typed `@dog qwer zxcv` and saw autocomplete deactivate on the space before `z` (on my local install, `@dog` is ambiguous but `@dog qwer` matches nothing).
  - Typed `@epriestley ` and saw autocomplete deactivate on space.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10163

Differential Revision: https://secure.phabricator.com/D15039
2016-01-16 14:41:43 -08:00
epriestley
849b4c765a When the autocompleter would fall off the bottom of the screen, put it above the text instead
Summary: Ref T10163. In cases like Conpherence, the autocompleter can currently render off the bottom of the screen. Put it above if it would be offscreen.

Test Plan: {F1062286}

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10163

Differential Revision: https://secure.phabricator.com/D15038
2016-01-16 14:38:25 -08:00
epriestley
14ebf662f3 Don't show the autocompleter until the user types at least one character
Summary: Ref T10163. Activate on `@d`, not just `@`. Note that if you type `@d` and then press delete once so you're left with `@`, we stay active (and show the "type a username" hint).

Test Plan:
  - Typed `@`, no completer.
  - Typed `d`, got completer.
  - Typed delete, still had completer, now showing hint prompt.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10163

Differential Revision: https://secure.phabricator.com/D15037
2016-01-16 14:38:11 -08:00
epriestley
4f3a9a8aca Immediately cancel autocomplete if the user types certain characters anywhere
Summary:
Ref T10163. Some characters are almost certainly punctuation or markup rather than autocomplete requests. Immediately cancel any active autocomplete when the user types one of these.

Note that some of these are also suffix characters. If you type `@dog,`, you have until the next character to decide you actually mean to autocomplete. Once you type something else we deactivate.

If you type `#dog#` or `##`, we deactivate immediately.

Test Plan: Typed `@dog#`, etc.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10163

Differential Revision: https://secure.phabricator.com/D15036
2016-01-16 14:38:00 -08:00
epriestley
df272dfa26 Allow autocomplete to activate after ">", ":" or "!"
Summary: Ref T10163. This allows activation in blockquotes or after `NOTE:`, for consistency.

Test Plan: Typed `>@dog`, etc., got autocomplete.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10163

Differential Revision: https://secure.phabricator.com/D15035
2016-01-16 13:28:48 -08:00
epriestley
2d495e9701 Improve autocomplete behavior when typing ordered lists
Summary:
Ref T10163.

  - If a user types an autocomplete character ("@" or "#") and then a space, deactivate immediately (probably an ordered list).
  - If a user types an autocomplete character indented on a line with no other prior text, don't activate (probably an ordered list or code block).

Test Plan:
Typed:

  - `# `, saw immediate deactivation.
  - ` #`, saw no activation in the first place.
  - `#x`, saw activation.
  - `asdf #x`, saw activation.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10163

Differential Revision: https://secure.phabricator.com/D15033
2016-01-15 11:19:04 -08:00
epriestley
7f19216e44 Better fix for autocomplete blur (select on mousedown instead of delaying blur)
Summary: Ref T10163. I would still sometimes not get a replacement after clicking with the delayed blur. This seems to fix the issue more consistently: instead of listening for a click event (which fires after the blur), listen for a mousedown event (which fires before the blur).

Test Plan: Observed consistent selection via mouse locally.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10163

Differential Revision: https://secure.phabricator.com/D15032
2016-01-15 09:47:23 -08:00
epriestley
3c19004f9f Fix blur and sort behavior for autocomplete
Summary:
Ref T10163.

  - If you click a result, we get a blur before your click hits, and deactivate before the click can work. Instead, wait before responding to blur.
  - Use the standard sort handler which puts unixnames over human names. Also use the standard filter which deals with disabled users not matching unless they're the only match.

Test Plan:
  - Clicked a result, got a replacement.
  - Named myself "dog dog", typed "@dog", user "@dog" was now first match despite me being "@admin".
  - Used normal typeaheads to make sure I didn't break sort handler.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10163

Differential Revision: https://secure.phabricator.com/D15031
2016-01-15 09:33:15 -08:00
epriestley
77447fc945 Add a motivational profile menu panel
Summary: Motivate your employees with inspirational quotes. A new quote every day!

Test Plan: So inspirational.

Reviewers: chad

Reviewed By: chad

Differential Revision: https://secure.phabricator.com/D15026
2016-01-15 09:14:24 -08:00
epriestley
22aebab1c1 Add a visual divider element to profile menus
Summary: Ref T10054.

Test Plan: {F1061529}

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10054

Differential Revision: https://secure.phabricator.com/D15024
2016-01-15 09:14:01 -08:00
epriestley
f4c8cdb39a Remove icon nav entirely
Summary: Ref T10054. People, projects, and instances no longer use icon nav, so we can get rid of it in favor of profile menus.

Test Plan: Grepped for everything, looked through workboards/profiles again.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10054

Differential Revision: https://secure.phabricator.com/D15022
2016-01-15 09:13:39 -08:00
epriestley
da5d01e542 Convert user profiles to Profile Panels
Summary:
Ref T10054. Primary goal is to be able to remove IconNav from the codebase.

I've made these non-editable so users can't customize them yet. We //might// want administrators to customize these globally instead? In any case, we avoid a bunch of product questions by just locking these down for now.

Test Plan: {F1061348}

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10054

Differential Revision: https://secure.phabricator.com/D15020
2016-01-15 09:13:13 -08:00
epriestley
2a6b2dbbfd Prepare Profile Panels for adoption in other applications
Summary: Ref T10054. Take specialization off the objects and put it on Engine subclasses instead. One reason for this is that certain objects (like users) might have multiple different sets of panels in the future (e.g., their user profile and their home page).

Test Plan:
  - No user-visible changes.
  - PanelEngine no longer has any hardcoded "project" stuff.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10054

Differential Revision: https://secure.phabricator.com/D15018
2016-01-15 09:12:53 -08:00
epriestley
c019f76283 Make profile menu full-height
Summary:
Ref T10054. This makes the profile menu full-height. It uses two pieces of dark magic:

  - `calc()`, which allows you to do math in CSS.
  - The `vh` unit, which is CSS for "viewport height".

Apparently this kind of stuff just works now? CSS got good at some point?

Test Plan:
  - Page looks correct in Safari, Chrome, Firefox.
  - Checked `caniuse.com` for `vh` and `calc()`, saw they're supported?

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10054

Differential Revision: https://secure.phabricator.com/D15017
2016-01-15 09:12:34 -08:00
epriestley
468031d1fd Rough initial cut of profile new profile menu
Summary:
Ref T10054. I haven't done any of the big-picture layout stuff yet, but this should get look-and-feel somewhere in the ballpark of reasonablness, I think.

Major missing stuff:

  - No "collapse" state or action yet.
  - Menu is not full-height (requires changes to the rendering pipeline).

Test Plan: {F1060941}

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10054

Differential Revision: https://secure.phabricator.com/D15016
2016-01-15 09:12:09 -08:00
epriestley
5d6dd7df7d Add a basic remarkup typeahead for users and projects
Summary: Ref T3725. This probably has 900,000 bugs. This will need updates for subprojects/milestones.

Test Plan:
  - Tested very gently in Safari, Firefox and Chrome.
  - Reasonable inputs appear to work.
  - Clicking, escape, tab, return, arrow keys work OK?

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T3725

Differential Revision: https://secure.phabricator.com/D15029
2016-01-15 09:11:46 -08:00
Aviv Eyal
aadc1b7bf0 Add PHIDType for HeraldTransaction
Test Plan: Paste a HLXS phid to the quick-search box, get transaction page.

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D15028
2016-01-15 16:40:48 +00:00
Aviv Eyal
98d2370672 Add link to Herald Transaction when blocking pushes
Summary: Ref T9719.

Test Plan: Tried to push, get dragon and a link.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: epriestley

Maniphest Tasks: T9719

Differential Revision: https://secure.phabricator.com/D15027
2016-01-15 03:01:47 +00:00
epriestley
3f439e25bc Remove newFromMenu() from SideNav
Summary: Ref T10054. Just simplifying this a bit before I start laying in the new profile menus.

Test Plan:
  - Viewed Diviner on desktop and checked the mobile menu.
  - Viewed Files on desktop and checked the mobile menu.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10054

Differential Revision: https://secure.phabricator.com/D15015
2016-01-14 05:33:34 -08:00
epriestley
473693786b Allow profile menu items to be disabled
Summary:
Ref T10054.

I made this a dropdown (currently: "Visible" or "Disabled") since I imagine we //miiiight// want to add a "Hidden, but click 'More' to reveal" state or do other special stuff in this vein. Not 100% sold on that but seemed within the realm of plausibility.

Test Plan: {F1060759}

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10054

Differential Revision: https://secure.phabricator.com/D15012
2016-01-13 11:46:15 -08:00
epriestley
1c5167dc74 Allow profile menu items to be reordered
Summary: Ref T10054. Allows users to drag menu items to reorder them.

Test Plan: Reordered a project menu.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10054

Differential Revision: https://secure.phabricator.com/D15011
2016-01-13 11:45:57 -08:00
epriestley
f24318f308 Make "profile menu" configuration mostly work
Summary:
Ref T10054. This does a big chunk of the legwork to let users reconfigure profile menus (currently, just project menus).

This includes:

  - Editing builtin items (e.g., you can rename the default items).
  - Creating new items (for now, only links are available).

This does not yet include:

  - Hiding items.
  - Reordering items.
  - Lots of fancy types of items (dashboards, etc).
  - Any UI changes.
  - Documentation (does feature: TODO link for documentation).

Test Plan:
{F1060695}

{F1060696}

{F1060697}

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10054

Differential Revision: https://secure.phabricator.com/D15010
2016-01-13 11:45:31 -08:00
epriestley
bb6df2e5f3 Hacks on Hacks
Summary:
hack hack hack

(`class_exists()` no longer throws in a libphutil environment.)

Test Plan: derpaderp

Reviewers: chad

Reviewed By: chad

Differential Revision: https://secure.phabricator.com/D15013
2016-01-13 11:09:13 -08:00
epriestley
fdd5500fec Change wording of "Show Entire File" to "Show All Context"
Summary: Fixes T10139. This clarification seems reasonable to me.

Test Plan:
  - Viewed a revision with context.
  - Clicked "Show All Context".
  - Saw "All Context Shown".

{F1060624}

{F1060625}

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10139

Differential Revision: https://secure.phabricator.com/D15009
2016-01-13 11:09:01 -08:00
epriestley
102eacbfb7 Make project page/navigation construction more consistent, particularly on mobile
Summary: Ref T10054. This mostly makes sure that mobile gets to have the same profile menu that Desktop does.

Test Plan:
  - Viewed menus on mobile, saw all profile menu actions available.
  - Viewed/used changed pages (column detail, edit column, edit picture).

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10054

Differential Revision: https://secure.phabricator.com/D15008
2016-01-13 09:34:57 -08:00
epriestley
7bde92b9c9 Begin modularizing profile panel/link construction
Summary: Ref T10054. This has no product impact, but prepares us for customizable side nav on "profiles" (today, projects; probably users some day; and maybe other stuff down the road).

Test Plan: Clicked all links on a profile, everything was exactly the same as before.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10054

Differential Revision: https://secure.phabricator.com/D15007
2016-01-13 09:34:41 -08:00
epriestley
1eab16c395 Move repository URIs to a dedicated index
Summary:
Ref T4705 (there are also some other adjacent related tasks dealing with URIs).

Currently, we issue a "get repositories matching URIs: ..." query by loading every possible repository and then checking their URIs in PHP.

Instead, put URIs in a separate table. I plan for each repository to potentially have multiple URIs soon, so this prepares for that.

Test Plan:
  - Ran migrations.
  - Looked at index table, made sure it appeared sensible.
  - Ran some queries by `uri` to find repositories, found the repositories I expected.
  - Updated the remote URI of a repository, saw queries / index update appropriately.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4705

Differential Revision: https://secure.phabricator.com/D15005
2016-01-13 09:34:31 -08:00
epriestley
d57c1d6ce2 Make hashtags at the end of bolded text render properly
Summary: Fixes T10096. The `**` was being parsed as part of the hashtag, so `**#asdf**` interpreted `#asdf**` as a hashtag.

Test Plan: Unit test; bolded stuff with hashy contents.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10096

Differential Revision: https://secure.phabricator.com/D15006
2016-01-12 10:03:20 -08:00
epriestley
b812a2171a Make custom "date" field feed stories human-readable
Summary: Fixes T10130.

Test Plan: {F1060142}

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10130

Differential Revision: https://secure.phabricator.com/D15004
2016-01-12 07:11:26 -08:00
epriestley
dd21761df9 Don't return any results for viewerprojects() if the viewer is in no projects
Summary:
Fixes T10135. When the viewer is a member of no projects, specify the constraint type as a new "EMPTY" type.

When a query has an "EMPTY" constraint, fail fast with no results.

Test Plan:
  - Viewed a viewerprojects() query result set as a user in no projects.
    - Before patch: got a lot of hits. After patch: no hits.
  - Viewed a normal result set, no changes.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10135

Differential Revision: https://secure.phabricator.com/D15003
2016-01-12 07:11:14 -08:00
epriestley
77ac52c180 Update Phabricator documentation of script-and-regex linter for behavioral change
Summary: Ref T10124. Corresponding doc update.

Test Plan: COPY / PASTE

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10124

Differential Revision: https://secure.phabricator.com/D15001
2016-01-11 17:37:32 -08:00
epriestley
39a87f6000 Turn off subprojects and milestones in the UI completely for now
Summary: A lot of confusing stuff happens when you create a milestone or subproject which isn't explained clearly in the UI. This is causing more harm than good on the balance since we're still figuring out how to move forward here. Just turn it off for now until we're closer to pushing it forward.

Test Plan: Viewed a project, no more UI for subprojects or milestones.

Reviewers: chad

Reviewed By: chad

Differential Revision: https://secure.phabricator.com/D14999
2016-01-11 14:54:23 -08:00
epriestley
7e0558612b Fix excessively harsh validation of certain complex configuration
Summary:
See IRC. We're supposed to repair configuration, but if custom validators throw a generic `Exception` or use `PhutilTypeSpec` to do a check, we may explode way harder than we intend to.

Instead, soften these exceptions into validation exceptions so we repair configuration, raise a setup issue, and continue.

Test Plan: {F1059609}

Reviewers: chad

Reviewed By: chad

Differential Revision: https://secure.phabricator.com/D14998
2016-01-11 14:20:11 -08:00
epriestley
8e1b2f9861 Remove "username@phabricator.mycompany.com" creating a Conpherence
Summary:
Ref T10121. This doesn't work at all at HEAD, and even when it did it was mostly just confusing to installs with unexpected setups where Phabricator is receiving mail at `@mycompany.com` and this is colliding with real addresses.

It might make sense to restore it some day after the next Conphernece update, but just strip it out for now. Since it doesn't work anyway, I'm pretty confident no one is using it.

Test Plan:
  - Before patch: send mail to `dog@local.phacility.com`, got a policy error from Conpherece.
  - After patch: sent mail to `dog@local.phacility.com`, got a correct "no routable recipients" error.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10121

Differential Revision: https://secure.phabricator.com/D14997
2016-01-11 10:32:23 -08:00
epriestley
516ba5e6c5 Fix an issue where generation of mail processing error email could fail in the presence of duplicate headers
Summary:
Ref T10121. If a user sends mail with duplicate headers, like:

```
X-Duplicate: A
X-Duplicate: B
```

...and we process it with `mail_handler.php`, we may end up with `array('A', 'B')` as the header value. When we try to write this back into an error response mail, it fails.

Test Plan:
  - Generated a message with duplicate headers.
  - Piped it into `mail_handler.php` with `--process-duplicates` and `--trace` to get a look at it.
  - Faked an exception.
  - Before patch: bad error email.
  - After patch: clean error email showing multiple header values.

```
$ ./bin/mail show-outbound --id 12386
PROPERTIES
ID: 12386
Status: queued
Related PHID:
Message:

PARAMETERS
sensitive: 1
is-error: 1
force: 1
subject: Error Processing Mail (Exception)
raw-to: ["epriestley@phacility.com"]

HEADERS
X-Phabricator-Sent-This-Message: Yes
X-Mail-Transport-Agent: MetaMTA
X-Auto-Response-Suppress: All

TEXT BODY
Your email to Phabricator was not processed, because an error occurred while
trying to handle it:

Exception: TEST

-- Original Message Body -----------------------------------------------------

testy testy

-- Original Message Headers --------------------------------------------------

from: Evan Priestley <epriestley@phacility.com>
content-type: text/plain; charset=us-ascii
content-transfer-encoding: 7bit
x-smtp-server: smtp.gmail.com:epriestley@phacility.com
subject: test outbound mail
message-id: 7isvptmllqvdvtdxthvdwzg3woj5au7csyuh3hopypjv6y6hqb32qm4bcrd4jtid
x-universally-unique-identifier: 4E489E20-F674-49B2-94BA-0DE44F504EAA
date: Mon, 11 Jan 2016 09:50:12 -0800
date: Mon, 11 Jan 2016 09:50:13 -0800
date: Mon, 11 Jan 2016 09:50:14 -0800
date: Mon, 11 Jan 2016 09:50:15 -0800
to: epriestley@yghe.net
mime-version: 1.0 (Mac OS X Mail 8.2 \(2104\))

HTML BODY
(This message has no HTML body.)
```

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10121

Differential Revision: https://secure.phabricator.com/D14996
2016-01-11 10:16:57 -08:00
epriestley
a061bd2d09 Parse and display commit authorship date in Git in Diffusion
Summary: Fixes T8826. Git tracks an "author date", which may be different from the "committed date". We don't currently extract/show this; do so.

Test Plan: {F1059235}

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T8826

Differential Revision: https://secure.phabricator.com/D14995
2016-01-11 09:32:37 -08:00
epriestley
9fb929dff3 Show repositories in global autocomplete dropdown
Summary: Fixes T9523.

Test Plan: {F1059225}

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T9523

Differential Revision: https://secure.phabricator.com/D14994
2016-01-11 09:32:23 -08:00
epriestley
add8333b98 Improve behavior of "owner" transaction in "maniphest.edit" endpoint
Summary:
Fixes T10117.

  - I accidentally broke setting `null` to unassign tasks at some point when I added richer validation.
  - Raise a better error if the user passes junk.

Test Plan:
  - Unassigned a task via API and web UI.
  - Reassigned a task via API and web UI.
  - Tried to do an invalid assign via API, got a sensible error.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10117

Differential Revision: https://secure.phabricator.com/D14992
2016-01-11 09:19:18 -08:00
epriestley
b848ab87b3 Introduce "local names" for commits
Summary: Ref T4245. Full commit display names (like `rPaaaa`) are going to be obnoxious soon in some cases (e.g., `rPaaaa` becomes `R123:aaaa`, which is much uglier) so reduce how often we show the repository in cases where it isn't really necessary to include it.

Test Plan:
  - Saw no more `rX` on repository list view for Git/Mercurial (still present for Subversion).
  - Saw no more `rX` on various repository detail views, except when referencing other commits (e.g., mentions).
  - Grepped for removed `getShortName()`.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4245

Differential Revision: https://secure.phabricator.com/D14990
2016-01-11 09:18:30 -08:00
epriestley
96ebd35824 Change repository "Clone/Checkout As" to "Short Name"
Summary:
Ref T4245.

  - Rename "Clone/Checkout As" to "Short Name" in the UI.
  - Allow any repository to have a short name, not just hosted repositories.

Test Plan:
  - Ran migration.
  - Reviewed old transactions, saw they looked good.
  - Edited an existing repository's short name.
  - Gave an imported repository a new short name.
  - Removed a repository's short name.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4245

Differential Revision: https://secure.phabricator.com/D14989
2016-01-11 09:17:32 -08:00
epriestley
a06715ccdd Allow repository short names to be used as identifiers
Summary:
Ref T4245. This allows `bin/repository update bread` to work, in addition to `rBREAD`, `R123`, `123`, `BREAD`, etc., if a repository has a short name set.

This primarily affects CLI commands (like `bin/repository`) and Conduit API calls. It has no normal user-facing impact.

Test Plan: Ran `bin/repository update bread` and such.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4245

Differential Revision: https://secure.phabricator.com/D14988
2016-01-11 09:17:13 -08:00
epriestley
5a723bff91 Support synthetic submits from stacked actions
Summary: Fixes T10116.

Test Plan:
  - Prior to patch: Control/Command + Enter submitted form but ignored actions.
  - After patch: verifid command + enter submits actions.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10116

Differential Revision: https://secure.phabricator.com/D14991
2016-01-11 09:16:53 -08:00
epriestley
f59ebf4c09 Fix incorrect key handling in extended policy filtering
Summary:
Via HackerOne. The use of `$key` here should be `$extended_key`.

Exploiting this requires a very unusual group of objects to be subjected to extended policy checks. I believe there is no way to actually get anything bad through the policy filter today, but this could have been an issue in the future.

Test Plan:
  - Added a unit test which snuck something through the policy filter.
  - Fixed use of `$extended_key`.
  - Test now passes.

Reviewers: chad

Reviewed By: chad

Differential Revision: https://secure.phabricator.com/D14993
2016-01-11 07:04:47 -08:00
epriestley
0b3d10c3da Enforce sensible, unique clone/checkout names for repositories
Summary:
Fixes T7938.

  - Primarily, users can currently shoot themselves in the foot by putting `../../etc/passwd` and other similar nonsense in these fields (this is not dangerous, but also does not work). Require sensible names.
  - Enforce uniqueness so these names can be used in URIs and as identifiers in the future.
  - (This doesn't start actually using them for anything fancy yet.)

Test Plan:
  - Gave several repositories clone names: a valid name, two duplicate names, an invalid, name, some with no names.
  - Ran migrations.
  - Got clean conversion for valid names, appropriate errors for invalid/duplicate names.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T7938

Differential Revision: https://secure.phabricator.com/D14986
2016-01-11 02:06:44 -08:00
epriestley
e84693f589 Fix a bad lookup in hovercards
Summary:
If you try to pull the hovercard of something you can no longer see (maybe you loaded the page, then the policy changed) there won't be a value in the array here.

(The rest of the code anticipates this possibility.)

Test Plan: Hovered some stuff.

Reviewers: chad

Reviewed By: chad

Differential Revision: https://secure.phabricator.com/D14987
2016-01-10 12:12:12 -08:00
epriestley
96b1665eaa Link "continue" action to confirm dialog in bulk jobs that are unconfirmed
Summary: See Q266.

Test Plan: Created a bulk job, clicked "Details" instead of "Confirm", clicked "Continue" to get back to confirmation dialog.

Reviewers: chad

Reviewed By: chad

Differential Revision: https://secure.phabricator.com/D14985
2016-01-10 10:55:58 -08:00
epriestley
01fba34327 Give <hr /> in remarkup clear: both
Summary: Ref T10110.

Test Plan:
Before:

{F1058545}

After:

{F1058546}

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10110

Differential Revision: https://secure.phabricator.com/D14984
2016-01-10 09:34:14 -08:00
epriestley
cb08757032 Swap S3 to first-party client
Summary:
Ref T5155. Swaps Phabricator over to the new first-party S3 client using the v4 authentication API so it works in all regions.

The API requires an explicit region, so the new `amazon-s3.region` is now required. I'll write guidance about this.

Test Plan:
  - Uploaded files to S3.
  - Migrated ~1GB of files to S3.
  - Loaded a bunch of files off S3.
  - Browsed around the S3 bucket.
  - Deleted a file, verified the data on S3 was destroyed.
  - Hit new setup warning.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T5155

Differential Revision: https://secure.phabricator.com/D14982
2016-01-10 07:55:27 -08:00
epriestley
ff6bfe387d Don't drop "phabricator-remarkup-embed-image" class from Remarkup images with width or height
Summary: Ref T10110. If an image had `width` or `height`, we would accidentally not give it an `$image_class`.

Test Plan:
{F1057988}

{F1057989}

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10110

Differential Revision: https://secure.phabricator.com/D14983
2016-01-09 15:40:45 -08:00