1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-30 01:10:58 +01:00
Commit graph

3792 commits

Author SHA1 Message Date
epriestley
baab61a01e Correct a mask config value
Summary:
The correct name of this key is 'github.application-secret', not
'github.secret'. Make DarkConsole check that all the masked keys exist to
prevent this from happening again. This isn't super important since this
is just intended to protected against casual security lapses (taking a
screenshot with DarkCnosole's "Config" tab open, for instance) but it's easy
to check for so it seems worthwhile to get right.

Test Plan:
Loaded page without the actual config file change, got an exception.
Fixed the config, reloaded the page, good news goats (really trying to get this
to catch on since goats are adorable).

Reviewed By: aran
Reviewers: tuomaspelkonen, jungejason, aran
CC: aran
Differential Revision: 189
2011-04-30 11:56:16 -07:00
epriestley
94df249775 Improve schema upgrade workflow for unprivileged users
Summary:
In a basically reasonable configuration where you connect
with a non-privileged user from the web workflow, upgrade_schema.php
won't have enough privileges. Allow the user to override the normal
auth with -u and -p.

Test Plan:
Tried to do a schema upgrade with an underprivileged user,
got a useful error message instead of garbage.

Reviewed By: Girish
Reviewers: Girish, davidrecordon, jungejason, tuomaspelkonen, aran
CC: aran, epriestley, Girish
Differential Revision: 191
2011-04-30 00:50:48 -07:00
epriestley
3e2f648175 Use define() instead of PHP 5.3-only global 'const' in upgrade_schema.php
Summary:
This global 'const' syntax was introduced in PHP 5.3:

http://www.php.net/manual/en/language.constants.syntax.php

We're PHP 5.2.x elsewhere so just use define(). Made the constant a little more
specific too.

Test Plan:
Ran upgrade_schema.php script.

Reviewed By: Girish
Reviewers: tuomaspelkonen, Girish, davidrecordon
CC: jungejason, aran, epriestley, Girish
Differential Revision: 190
2011-04-29 23:18:00 -07:00
epriestley
b3397030e6 Fix Differential "unsubscribe" so it properly blocks resubscription
Summary:
DifferentialRevision stores this field as a dictionary but the
Editor incorrectly passed it to Herald as a raw value array. Ideally the
property should be called unsubscribedDict or something but I'm increasingly
thinking we're going to centralize subscriptions for Adjutant or some similar
system so I'm disinclined to pursue the schema change just yet. I provided an
explicit raw-value-oriented API, at least.

Test Plan:
With two accounts, A and B: created universal Herald CC rule with
user B, created a revision with user A, had user B unsubscribe, had user A
update the revision. User B was not resubscribed.

Reviewed By: aran
Reviewers: jungejason, tuomaspelkonen, aran
CC: ola, aran, epriestley
Differential Revision: 188
2011-04-29 22:31:51 -07:00
epriestley
864e0d8a2f Fix XSS hole in inline comment editing
Summary:
Thanks to erling for the report. This was XSSable, although you could
only get yourself.

Test Plan:
Made a comment like "</textarea><h1>" and edited it before and after
the patch. Proper behavior with this patch.

Reviewed By: aran
Reviewers: erling, jungejason, tuomaspelkonen, aran
CC: aran
Differential Revision: 187
2011-04-29 20:27:25 -07:00
epriestley
78d33b1771 Silence an undeclared variable warning
Summary:
If you don't have a custom renderer, this variable does not get set
and emits a warning when you try to read it.

Test Plan:
Loaded page before and after change, warnings went away (lines
145 and 154 in old file).

Reviewed By: aran
Reviewers: tuomaspelkonen, aran
CC: jungejason, aran, epriestley
Differential Revision: 186
2011-04-29 20:27:02 -07:00
epriestley
79d037fe66 Use a stricter regexp in Diffusion remarkup
Summary:
Just minor bookkeeping, but the current regexp is too liberal and
will match things which can't possibly be revision hashes.

Test Plan:
Typed things which should and shouldn't be revision links, they
got handled properly.

Reviewed By: aran
Reviewers: jungejason, tuomaspelkonen, aran
CC: aran
Differential Revision: 185
2011-04-29 20:26:30 -07:00
epriestley
5da364f8f9 Detect and fatal on magic_quotes_gpc
Summary:
This is evil, don't run with it enabled. Somehow got enabled on my
laptop?

Test Plan:
Loaded phabricator with magic_quotes_gpc enabled, was rebuffed.

Reviewed By: aran
Reviewers: jungejason, tuomaspelkonen, aran
CC: aran
Differential Revision: 184
2011-04-29 20:26:05 -07:00
adonohue
c2893d8670 Hook for database configuration plugin
Summary:
This permits individual deployments to better configure their
database configuration, e.g. to allow more dynamic configuration that reacts
to database moves or master/slave replication.

Test Plan:
Browse

Reviewed By: epriestley
Reviewers: Girish, epriestley
CC: aran, epriestley
Differential Revision: 183
2011-04-29 19:41:16 -07:00
David Recordon
c59b56b490 Edited README via GitHub 2011-04-29 16:10:08 -07:00
bobtrahan
44de791910 updating the README 2011-04-29 10:20:24 -07:00
grglr
3f3304fd61 Differential whitespace mode IGNORE ALL now shows correct indentation
Summary:
Fixed buggy and incomplete logic for handling IGNORE ALL mode properly.
A subparser is used to parse the non-ws-ignoring changeset while a
ws-ignoring changeset is handed off to the original parser.  At a later
step, the original parser queries the subparser for its lines of text
(which are formatted properly due to being in non-ws-ignoring mode) and
uses them to replace the text in the ws-ignoring diff.

Task ID: 549940

Test Plan:
-turn off caching temporarily (the cached view is still indented
improperly)
-visit http://phabricator.dev1943.facebook.com/D242591
-note aligned, but not completely highlighted, indentation right above the
comments complaining about
indentation issues

Reviewed By: aran
Reviewers: tuomaspelkonen, jungejason, aran
Commenters: epriestley
CC: aran, epriestley, grglr
Differential Revision: 174
2011-04-28 16:10:59 -07:00
gpatangay
4a2981252f [phabricator] Add mysql slave and read-only database connections
Summary:
Add ability to define mysql slaves and then use that connection on 'r'
connection modes. 'w' connections go to the master server.

Test Plan:
- php -l and checkModule
 - worked in my devbox

Reviewed By: jungejason
Reviewers: dpepper, tuomaspelkonen, jungejason
CC: jungejason, aran
Revert Plan:
sure

Differential Revision: 175
2011-04-28 15:27:19 -07:00
elynde
6fb24ba4a4 Merge branch 'master' of github.com:facebook/phabricator 2011-04-28 14:45:30 -07:00
elynde
bd0a4c0d04 Differential Updates View
Summary:
This adds a new view to differential called Updates.

The high-level goal of Updates is to enabled differential to be
effectively used without email notifications. I've tried doing things
like automatically deleting differential emails where I'm in the 'to'
line since they show up on the main diffential page but then there's
always the chance an important diff flies by without me seeing it. Also,
sometimes someone comments on a diff post-commit but differential
doesn't surface those diffs.

I re-created a test db on my devserver using mysqldump to get data on
revs > 230000 so I would have some test data. We need to add a simple
viewtime table but I didn't want to do that in production. Here's the
table:

  CREATE TABLE differential_viewtime (
    viewerPHID varchar(64) not null,
    objectPHID varchar(64) not null,
    viewTime int unsigned not null,
    PRIMARY KEY (viewerPHID, objectPHID)
  );

Issues:
  -Once we turn this on, all diffs will be 'unviewed'. What do you think
about a 'Clear All' button or something?
  -Maybe we should add a pager

This feature would be insanely useful, let me know what you think.

Test Plan:
Loaded Updates in my sandbox

  http://phabricator.dev1577.snc6.facebook.com/differential/filter/updates/

Clicked a diff, then went back, made sure diff disappeared from Updates
list

Reviewed By: tuomaspelkonen
Reviewers: epriestley, jungejason, tuomaspelkonen
Commenters: epriestley
CC: epriestley, elynde, tuomaspelkonen
Differential Revision: 169
2011-04-28 14:40:41 -07:00
adonohue
f910c379ce Modify whitespace default implementation
Summary:
Take Tuomas's first diff. Sorry, my bad on diff feedback.

Test Plan:
Load D240353 without any options and make sure 'ignore-trailing'
selected.

Reviewed By: tuomaspelkonen
Reviewers: tuomaspelkonen
CC: epriestley, aran, tuomaspelkonen
Differential Revision: 172
2011-04-28 09:22:02 -07:00
tuomaspelkonen
2b0b39c4e4 Differential defaults to 'ignore-trailing' until indentation issues are solved.
Summary:
'ignore-all' is very confusing, especially for Python, because the indentation
is incorrect.

Test Plan:
Tested loading D240353 without any options and made sure 'ignore-trailing' was
selected and the diff looked correct.

Reviewed By: aran
Reviewers: jungejason, simpkins, aran, dpepper
Commenters: dpepper
CC: grglr, aran, dpepper, tuomaspelkonen
Differential Revision: 171
2011-04-27 18:55:46 -07:00
jungejason
ad4a497355 Enable differential.find handle empty input.
Summary:
return empty array when the query input is empty.

Test Plan:
send empty input.

Reviewed By: tuomaspelkonen
Reviewers: tuomaspelkonen
CC: tuomaspelkonen
Differential Revision: 167
2011-04-26 23:59:40 -07:00
jungejason
a9e2e51b98 Enable updating task->revision assoc
Summary: add a conduit method to enable querying revisions' phid from
their revision_IDs, and another one to update the task->revision assoc.

Test Plan: for querying revision_phid method, tested empty, one, and two
revisions in the query. For the one to update the task->revision assoc,
I have another diff in facebook which verified it add and remove assoc
correctly.

Reviewers: tuomaspelkonen, epriestley

CC:

Differential Revision: 165
2011-04-26 19:14:47 -07:00
tuomaspelkonen
afedb711d9 Added commit information to 'getrevision' conduit call.
Summary:
differential.getrevision now returns commits for a given revision.
URI is also return in differential.getrevision.

Test Plan:
Tested from Conduit Console UI that the calls were working
correctly.

Reviewed By: jungejason
Reviewers: jungejason
CC: epriestley, simpkins, dpepper, jungejason
Differential Revision: 163
2011-04-25 15:32:33 -07:00
tuomaspelkonen
6a0234fed3 Added differential revision reviewers information to differential.getrevision
conduit call.

Summary:
The reviewer information was not available for revisions before this.

Test Plan:
Tested with Conduit Console that correct reviewers were returned.

Reviewed By: jungejason
Reviewers: jungejason
Commenters: epriestley
CC: epriestley, tuomaspelkonen, jungejason
Differential Revision: 160
2011-04-25 15:02:35 -07:00
tuomaspelkonen
9367c41a28 Tasks can be defined in the commit message (Phabricator part).
Summary:
Phabricator did not support giving the task ids in the commit message.
Currently there is no default implementation for this, but there is a
Facebook specific implementation. At some point default implementation
for Maniphest tasks to revisions will be added.

Test Plan:
Tested with the Facebook specific implementation that task ids are
recognized in the commit message and tasks are automatically attached
to revisions.

The task attached to this revision was added from the commit message.

Reviewed By: jungejason
Reviewers: jungejason, epriestley
CC: dpepper, edward, gpatangay, tuomaspelkonen, jungejason
Differential Revision: 240996
2011-04-22 18:40:16 -07:00
Aizat Faiz
74777227a3 Merge branch 'master' of github.com:facebook/phabricator 2011-04-21 17:23:57 -07:00
Aizat Faiz
a8296c5a54 Display file name in <title> for easier browsing of code
Summary:
Having the filename in the <title> will make it easier to browse through many
many tabs of diffusion

Test Plan:
Open up a file or directory in diffusion and ensure that it shows only the file
name.

Reviewed By: tuomaspelkonen
Reviewers: epriestley, tuomaspelkonen, jungejason
Commenters: epriestley
CC: epriestley, aizatto, tuomaspelkonen
Differential Revision: 150
2011-04-21 17:22:47 -07:00
Adam Simpkins
d4576262db add a getrevision conduit method
Summary:
Add a method to get the information about a revision, including its full
list of diffs.

We could add an option to just return the diff IDs if we wanted.  For my
use case, I need the full set of information for each diff, so fewer
round trips is better.  This is also how the old json.php page used to
work.

Test Plan:
Tuomas tested it in his sandbox.

Reviewed By: tuomaspelkonen
Reviewers: jungejason, tuomaspelkonen, epriestley
CC: tuomaspelkonen
Differential Revision: 156
2011-04-20 21:02:32 -07:00
bhiller
dbb01cfe63 Merge branch 'master' of github.com:facebook/phabricator 2011-04-20 18:51:58 -07:00
bhiller
15e71e9bf4 [differential] Prevent un-closeable overlay
Summary:
Currently if I go to leave an inline comment and then decide
against it and hit <tab>-<enter>, the inline comment edit dialog closes
but the overlay doesn't disappear due to a JS error around trying to
access the markup property of null. This fixes that by setting the
payload to an array with empty markup so that the JS works and the
overlay disappears.

Test Plan:
clicked on the line number column, then pressed ok and
confirmed the dialog closed, the overlay disappeared and there were no
JS errors. also tested that for clicking the reply link and when editing
an existing inline comment.

Reviewed By: aran
Reviewers: epriestley, aran
CC: aran, bh
Revert Plan:
OK

Differential Revision: 154
2011-04-20 18:50:57 -07:00
leon
c5157e821b Merge branch 'master' of https://github.com/facebook/phabricator 2011-04-20 17:08:29 -07:00
leon
dcb2e43960 Removing reordering code that wasn't needed
Summary:
Remove reordering code for package array as it's ordered in the first place

Test Plan:
Called API through conduit console, still works

Reviewed By: epriestley
Reviewers: epriestley, tuomaspelkonen
CC: ju, dpepper, epriestley
Blame Revision:
126

Differential Revision: 141
2011-04-20 17:07:46 -07:00
leon
bff6aef87a Adding conduit API method to find owner for the affected file
Summary:
Adding method that given a path will go up the folder hierarchy until it finds
the owning package
and return owners for that package.

Task ID: #403724

Test Plan:
Tried the new API call through console on various path combinations

Reviewed By: epriestley
Reviewers: epriestley, dpepper, tuomaspelkonen
CC: epriestley, Leon
Revert Plan:
n/a

Tags: bootcamp, Push Efficiency

- begin *PUBLIC* platform impact section -
Bugzilla: #
- end platform impact -

Differential Revision: 126
2011-04-20 17:07:12 -07:00
tuomaspelkonen
976d1e65df Fixed image macro with '-' in the name.
Summary:
Fixed the image macro regex not to use '-' as the separator.
Also minor improvement to randomon.

Test Plan:
Tried different image marcors.

Reviewed By: jungejason
Reviewers: jungejason
CC: epriestley, jungejason
Differential Revision: 153
2011-04-20 16:51:26 -07:00
tuomaspelkonen
6baeda8aad Added a conduit method for getting all the diffs for a revision.
Summary:
Loading all diffs for a differential revision is needed by at least
perflab.

Test Plan:
Created a simple script that queried the conduit and made sure that
it returned correct values.

Reviewed By: jungejason
Reviewers: jungejason
CC: epriestley, jungejason
Differential Revision: 155
2011-04-20 16:31:48 -07:00
tuomaspelkonen
a6c770217d Fixed whitespace options in Differential.
Summary:
Whitespace options could not be selected and the 'ignore_all' was not working.

Test Plan:
Made sure that whitespace is ignored correctly and selected option is handled
correctly.

Reviewed By: jungejason
Reviewers: jungejason
CC: epriestley, jungejason, tuomaspelkonen
Differential Revision: 149
2011-04-19 23:07:44 -07:00
tuomaspelkonen
01844087cd Added a conduit method for querying revision feedback.
Summary:
Push tools needs information about differential revision comments. Added
a method that returns the needed information.

Test Plan:
Tested that /intern/push/merges shows correct information.

Reviewed By: jungejason
Reviewers: jungejason
CC: epriestley, jungejason
Differential Revision: 152
2011-04-19 19:34:23 -07:00
tuomaspelkonen
1c3e21dda1 Fixed replies to go on the correct side of the diff in Differential.
Summary:
Replies to comments went always to the left side of the diff. There
was a confusion between 'is_new' and 'on_right'. Database wants the
information if the reply is on the left or on the right. The database
does not care if the comment is a reply or an original comment.

The code looks a bit confusing, because the database field is called
'isNewFile' and that is used to determine, which side the comment
applies to.

Test Plan:
Tested that every of combination of new comment/reply to the left/right side
worked when editing and after submitting the comment.

Reviewed By: jungejason
Reviewers: jungejason
CC: epriestley, jungejason
Differential Revision: 148
2011-04-18 17:15:00 -07:00
tuomaspelkonen
ecc32e4d08 Only table of contents are shown for large diffs by default.
Summary:
Differential used to only show diffs for the first 100 files. Now all
the files are shown in the table of contents and there is a link to
the standalone view for every file. The inline diffs can still be
seen, if user clicks "Show All Files Inline".

Inline comments can also be added in the standalone view, but there is
no form to submit them. The revision page must be reloaded to able to
submit the inline comment.

Test Plan:
Changed the limit to three for testing purposes and checked that a diff of
mine with 5 files had the links to the standalone views. Made sure that
adding a comment in a standalone view worked and that after reloading the
revision page the comment was visible. Changed the limit back to 100 and
made sure that my diff had all the files inline and that the anchor links
were working.

Reviewed By: jungejason
Reviewers: jungejason
CC: epriestley, simpkins, jungejason, tuomaspelkonen
Differential Revision: 147
2011-04-18 16:26:08 -07:00
jungejason
c223aaa79e Enable phd to load extra libraries
Summary: add --load-phutil-library for libraries other than phabricator
and libphutil.

Test Plan: launch a daemon in facebook such as
PhabricatorDifferentialCommentDaemon.

Reviewers: epriestley, tuomaspelkonen

CC:

Differential Revision: 146
2011-04-15 18:57:03 -07:00
tuomaspelkonen
ebdcedc87f Better error messages for nonexistent CCs, reviewers, etc. in arc
Summary:
The existing message is confusing and might cause people to think
that there is something wrong in the field name, e.g., 'CC' instead
of the value.

Test Plan:
Tested by putting random crap in CC and Reviewers and made sure the
error message was using the new format.

Reviewed By: jungejason
Reviewers: epriestley, jungejason
CC: mdevine, jungejason
Differential Revision: 145
2011-04-15 15:23:59 -07:00
jungejason
825748586b Create timeline events for comments
Summary: to enable publishing to internfeed, we create timeline events
for the comments.

Test Plan: create a test revision, comments on it and check if it
creates a timeline event with correct data at /daemon/timeline.

Reviewers: epriestley,tuomaspelkonen

CC:

Differential Revision: 144
2011-04-14 22:18:01 -07:00
epriestley
4e8968aff3 Don't send a new query if the keydown doesn't edit the query value,
i.e. command-tab or shift.
2011-04-14 19:17:17 -07:00
tuomaspelkonen
40554e2d8a Removed broken inline comment anchors.
Summary:
Inline comment anchros were present for all different diffs inside a
revision. They were only working for the current diff. Removed the
links that were for different diffs.

I couldn't get the automatic linking to other diffs working, probably
because the anchors didn't work when the page was reloaded. This is also
a bit confusing if the diff changes when clicking on anchor.

We might want to carry all the comments along in the future, but I
don't think it's needed at the moment.

Test Plan:
Tested on a revision, which had inline comments for differerent diffs
that only the comments for the latest diff had anchors when the page
was loaded. Changed the diff manually on the page and made sure the
anchors for that diff were working correctly and the anchors for the
latest diff were not available.

Reviewed By: epriestley
Reviewers: epriestley
CC: jungejason, epriestley
Differential Revision: 142
2011-04-14 19:03:41 -07:00
epriestley
927407c426 Be more explicit about PHID sourcing in PhabricatorObjectSelectorDialog 2011-04-14 18:36:33 -07:00
adonohue
acd1cc8d22 "Reply" for inline comments
Summary:
"Reply" for inline comments

Test Plan:
Add consecutive and overlapping new inline comments and replies.

Reviewed By: epriestley
Reviewers: epriestley
CC: aran, epriestley
Differential Revision: 143
2011-04-14 18:31:21 -07:00
tuomaspelkonen
28155a5115 Fixed Differential quotes rendering. (phabricator)
Summary:
When quoting someone's text in differential, the text was not properly
rendered. Now the quoted text is rendered nicely and it's easy to locate.

Test Plan:
Disabled the inline cache, Checked that quotes in D211086 are rendered
correctly. Started writing a new comment starting with '>' and made
sure the new comment was rendered correctly while writing it.

Reviewed By: epriestley
Reviewers: epriestley
CC: jungejason, tuomaspelkonen, epriestley
Differential Revision: 138
2011-04-14 16:20:46 -07:00
tuomaspelkonen
b029cb8b4a Merge branch 'opacity' 2011-04-14 16:10:43 -07:00
tuomaspelkonen
6bc3f9ce6f Decreased the opacity on the mask for dialogs
Summary:
The transparent mask around the dialogs was too dark. Code was hard to
read. Now opacity has a value of 37, which makes the code easy to read,
but still clearly indicates that the dialog is present.

Test Plan:
I was able to read the code easily through the mask.

Reviewed By: epriestley
Reviewers: epriestley
CC: epriestley, tuomaspelkonen
Differential Revision: 139
2011-04-14 16:10:19 -07:00
adonohue
9757edb268 Fix "Resign as Reviewer" to appear only when actually a Reviewer
Summary: Is this an appropriate place to say "herp derp?"

Test Plan: Check for Resign as Reviewer for the following table
                          waiting for review | accepted | committed
Am actually reviewer
Am not reviewer but CC'ed
Unrelated

Reviewers: epriestley

CC:

Differential Revision: 140
2011-04-14 15:14:44 -07:00
epriestley
bc1be958bd Allow GitCommitChangeParser to parse 'T' (type change) messages in
git history.
2011-04-14 14:16:53 -07:00
epriestley
6e713ad784 Don't reveal oauth application token information
Summary:
There's an OAuth diagnostics page at /oauth/facebook/diagnose/, which
shows some diagnostic information. Currently, it attempts to establish an
application token session and shows the token if it is successful. An attacker
could use this to do vaguely nefarious things (retreive application statistics,
I think?).

This interface was originally admin-only but then I threw out the very silly
admin mode patch I had at the time and we currently have no admin mode, and
thus this interface is public. This token isn't useful in diagnosis anyway,
so don't reveal it.

Test Plan:
Visited oauth diagnostics page, no token revealed

Reviewed By: tuomaspelkonen
Reviewers: tuomaspelkonen, jungejason
CC: tuomaspelkonen
Differential Revision: 136
2011-04-14 13:32:49 -07:00
epriestley
ca7a0de1cf Prevent a race in Phabricator workers
Summary: See D133. Workers can also be subject to the same race, invert the
row relationship in the same way.

Test Plan: Launched repository master daemons and some taskmasters and used
the Daemon console to veify that they were able to process tasks. Manually
checked the database to make sure data got linked correctly and that new data
was inserted correctly.

Reviewers: jungejason

CC: tuomaspelkonen

Differential Revision: 135
2011-04-14 12:09:56 -07:00