1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-14 10:52:41 +01:00
Commit graph

77 commits

Author SHA1 Message Date
epriestley
4c914a5c49 Remove all calls to renderSingleView() and deprecate it
Summary: After D5305, this method does nothing since we automatically figure out what we need to do.

Test Plan:
- Viewed a page with the main menu on it (MainMenuView).
- Viewed a revision with transactions on it (TransactionView).
- Viewed timeline UIExample (TimelineView, TimelineEventView).
- Viewed a revision (PropertyListView).
- Viewed a profile (ProfileHeaderView).
- Viewed Pholio list (PinboardView, PinboardItemView).
- Viewed Config (ObjectItemView, ObjectItemListView).
- Viewed Home (MenuView).
- Viewed a revision (HeaderView, CrumbsView, ActionListView).
- Viewed a revision with an inline comment (anchorview).
- Viewed a Phriction diff page (AphrontCrumbsView).
  - Filed T2721 to get rid of this.
- Looked at Pholio and made inlines and comments (mockimages, pholioinlinecomment/save/edit).
- Looked at conpherences.
- Browsed around.

Reviewers: chad, vrana

Reviewed By: chad

CC: edward, aran

Differential Revision: https://secure.phabricator.com/D5307
2013-03-09 13:52:41 -08:00
epriestley
dc8cc123da Fix Maniphest and Config transaction diff rendering
Summary:
I missed this in review of D5155: `wordwrap()` returns a string, but `phutil_utf8_hard_wrap()` returns an array.

Implode the returned arrays so the stuff underneath it doesn't choke.

Test Plan: Clicked "show details" on a maniphest task description change

Reviewers: AnhNhan, kwadwon

Reviewed By: kwadwon

CC: aran

Differential Revision: https://secure.phabricator.com/D5195
2013-03-03 11:37:45 -08:00
kwadwo
37ee66e27f changed wordwrap call to utf8 hard wrap call in multiple places
Summary: using to phutil_utf8_hard_wrap instead of wordwrap

Test Plan: hard_wrap already unit tested

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D5155
2013-02-28 09:17:58 -08:00
vrana
8eb404aea7 Avoid HTML escaping in plain text e-mails
Summary: Seen in e-mail from T2016.

Test Plan: None.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T2432

Differential Revision: https://secure.phabricator.com/D5016
2013-02-19 14:02:35 -08:00
epriestley
ef7f16180c Restore merge of phutil_tag. 2013-02-13 14:51:18 -08:00
epriestley
73cce6e131 Revert "Promote phutil-tag again"
This reverts commit 8fbabdc06d, reversing
changes made to 2dab1c1e42.
2013-02-13 14:08:57 -08:00
vrana
4eb84149c2 Convert everything to safe HTML
Summary: Sgrepped for `"=~/</"` and manually changed every HTML.

Test Plan: This doesn't work yet but it is hopefully one of the last diffs before Phabricator will be undoubtedly HTML safe.

Reviewers: epriestley

CC: aran, Korvin

Maniphest Tasks: T2432

Differential Revision: https://secure.phabricator.com/D4927
2013-02-13 12:35:40 -08:00
vrana
80fb84bd94 Convert PhabricatorTransactionView to safe HTML
Test Plan: Looked at revision detail with comments.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D4915
2013-02-11 19:01:20 -08:00
vrana
ae4e5807d6 Merge renderSingleView() and renderHTMLView()
Summary: They are same because render() returns safe HTML and raw strings are automatically escaped.

Test Plan: None.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D4909
2013-02-11 18:18:21 -08:00
vrana
c9ab1fe505 Return safe HTML from all render()
Summary:
This is pretty brutal and it adds some `phutil_safe_html()`.
But it is a big step in the right direction.

Test Plan: None.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T2432

Differential Revision: https://secure.phabricator.com/D4905
2013-02-11 18:18:18 -08:00
vrana
afc5333bb3 Convert AphrontFormView to safe HTML
Summary: Searched for `AphrontFormView` and then for `appendChild()`.

Test Plan: /login/

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T2432

Differential Revision: https://secure.phabricator.com/D4855
2013-02-07 18:01:00 -08:00
epriestley
95d37af5d9 render_tag -> tag: fix some more callsites
Summary:
  - Crumbs is straightforward.
  - Maniphest does a lot of string construction which isn't i18n or safehtml aware. I cheated under the theory that we'll resolve this properly in {T2217}.

Test Plan: Looked at crumbs and Maniphest.

Reviewers: vrana

Reviewed By: vrana

CC: aran

Maniphest Tasks: T2432

Differential Revision: https://secure.phabricator.com/D4748
2013-01-31 09:07:31 -08:00
epriestley
607fca98df render_tag -> tag: Maniphest summary view, setup issue view
Summary: One trivial, one not-so-trivial.

Test Plan: Viewed maniphest list; saw expected output.

Reviewers: vrana

Reviewed By: vrana

CC: aran

Maniphest Tasks: T2432

Differential Revision: https://secure.phabricator.com/D4725
2013-01-30 11:26:03 -08:00
epriestley
3093d1663d Add javelin_tag(), convert easy callsites
Summary:
  - Implements `javelin_tag()`, which is `javelin_render_tag()` on top of `phutil_tag()` instead of `phutil_render_tag()`.
  - Manually converts all or almost all of the trivial callsites.

Test Plan:
  - Site does not seem any more broken than before.

Reviewers: vrana

Reviewed By: vrana

CC: aran

Differential Revision: https://secure.phabricator.com/D4639
2013-01-25 12:57:17 -08:00
vrana
48561a8b1f Convert phutil_render_tag(X, Y, phutil_escape_html(Z)) to phutil_tag
Summary:
Created with spatch:

  lang=diff
  - phutil_render_tag
  + phutil_tag
    (X, Y,
  - phutil_escape_html(
    Z
  - )
    )

Test Plan: Loaded homepage

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D4501
2013-01-24 19:08:55 -08:00
vrana
b0edca7294 Display #1 instead of #comment-1 in comment anchors
Summary: I changed this a long time ago probably without knowing that this format is usable in Remarkup.

Test Plan: Viewed revision and task.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D4413
2013-01-11 15:51:21 -08:00
vrana
ef214e94ce Move setUser() to AphrontView
Summary: This is used in every other view.

Test Plan: Browsed around.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D4248
2012-12-20 14:49:52 -08:00
epriestley
239eca13d7 Fix fatal in Maniphest when viewing "show details" of a task description edit
Summary:
Clicking "show details" of a task description change in Maniphest currently throws an exception about the markup engine.

Since we don't actually need the engine an alternate fix would be "if ($this->markupEngine) { $renderer->setMarkupEngine($this->markupEngine); }" but we have one at the ready so just provide it. This should become part of the Transactions stuff anyway.

Test Plan: Clicked "show details".

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Differential Revision: https://secure.phabricator.com/D4167
2012-12-12 17:15:51 -08:00
vrana
ef85f49adc Delete license headers from files
Summary:
This commit doesn't change license of any file. It just makes the license implicit (inherited from LICENSE file in the root directory).

We are removing the headers for these reasons:

- It wastes space in editors, less code is visible in editor upon opening a file.
- It brings noise to diff of the first change of any file every year.
- It confuses Git file copy detection when creating small files.
- We don't have an explicit license header in other files (JS, CSS, images, documentation).
- Using license header in every file is not obligatory: http://www.apache.org/dev/apply-license.html#new.

This change is approved by Alma Chao (Lead Open Source and IP Counsel at Facebook).

Test Plan: Verified that the license survived only in LICENSE file and that it didn't modify externals.

Reviewers: epriestley, davidrecordon

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T2035

Differential Revision: https://secure.phabricator.com/D3886
2012-11-05 11:16:51 -08:00
epriestley
8213a70f3d Fix "fullName" rules for Maniphest transaction email
Summary: I changed this from `getName` to `getFullName` to make attached revisions, etc., render with "Dnnn", but accidentally made all users render as "username (Full Name)". Be a little more surgical in application of full names.

Test Plan: Created a task and attached a CC, a task and a revision. Verified the task and revision rendered with "Tnn", "Dnn" but the CC rendered as "username".

Reviewers: btrahan, vrana

Reviewed By: btrahan

CC: aran

Differential Revision: https://secure.phabricator.com/D3041
2012-07-23 14:01:09 -07:00
epriestley
9be12551a9 Move Task <=> Revision storage to Edges
Summary:
  - Add edges for this relationship.
  - Use edges to store this data.
  - Migrate old data.
  - Fix some warnings with generating feed stories about Aux and Edge transactions.
  - Fix a task-task edge issue with "Create Subtask".

Test Plan:
  - Migrated data, verified reivsions showed up.
  - Attached and detached tasks to revisions and vice versa.
  - Created a new revision with attached tasks.
  - Created a subtask.

Reviewers: btrahan, vrana

Reviewed By: btrahan

CC: aran

Differential Revision: https://secure.phabricator.com/D3018
2012-07-20 08:59:39 -07:00
epriestley
ba4fb05d91 Fix translations
Summary: Theses are sort of silly anyway since they should all have the actor in them rather than being sentence fragments, but make them work OK for English at least. See D3013.

Test Plan:
Ran:

  echo pht('added %d dependencie(s): %s', 1, 'derp')."\n";
  echo pht('added %d dependencie(s): %s', 2, 'derp, derp')."\n";

Got:

  added dependency: derp
  added dependencies: derp, derp

Reviewers: vrana, btrahan

Reviewed By: vrana

CC: aran

Differential Revision: https://secure.phabricator.com/D3015
2012-07-19 11:45:08 -07:00
epriestley
9196a6bd9f Use Edges to store dependencies between tasks in Maniphest
Summary:
  - Use edges to store "X depends on Y" information in Maniphest.
  - Show both "Depends On" and "Dependent Tasks".
  - Migrate all the old edges.

Test Plan:
  - Added some relationships, migrated, verified they were preserved.
  - Added some new valid relationships, verified tasks got updated with sensible transactions and sent reasonable emails.
  - Tried to add a cycle, got an ugly but effective error.

Reviewers: vrana, btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T1162

Differential Revision: https://secure.phabricator.com/D3006
2012-07-18 20:41:42 -07:00
epriestley
5d8b75b4da Use the unified markup cache for Maniphest
Summary:
  - See D2945.
  - Drop `cache` field from ManiphestTransaction.
  - Render task descriptions and transactions through PhabricatorMarkupEngine.
  - Also pull the list of macros more lazily.

Test Plan:
  - Verified transactions and transaction preview work correctly and interact with cache correctly.
  - Verified tasks descriptions and task preview work correctly.
  - Verified we don't hit the imagemacro table when we're rendering everything from cache anymore.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Differential Revision: https://secure.phabricator.com/D2946
2012-07-11 11:40:10 -07:00
epriestley
bda5c670bc Add useful text descriptions to edge transactions
Summary: See D2906. This just adds text so they render pretty.

Test Plan:
Got pretty emails and rendered transactions.

{F13706}

Reviewers: btrahan, davidreuss

Reviewed By: btrahan

CC: aran

Differential Revision: https://secure.phabricator.com/D2907
2012-07-02 15:42:16 -07:00
vrana
e9779b2db1 Bring back desciption to Maniphest attachment 2012-06-15 15:25:18 -07:00
vrana
0acb7734cd Use pht()
Summary:
This is the first step in Phabricator internationalization.
It adds a translation selector and calls it at startup.
Installations can add custom selectors to override some texts.
We can add official translations in future.

Next step is to allow user to choose his translation which will override the global one.

This is currently used only for English plurals.

Test Plan: Displayed a diff with unit test error, verified that it says 'Detail' or 'Details' and not 'Detail(s)'.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T1139

Differential Revision: https://secure.phabricator.com/D2753
2012-06-14 16:25:20 -07:00
vrana
6cc196a2e5 Move files in Phabricator one level up
Summary:
- `kill_init.php` said "Moving 1000 files" - I hope that this is not some limit in `FileFinder`.
- [src/infrastructure/celerity] `git mv utils.php map.php; git mv api/utils.php api.php`
- Comment `phutil_libraries` in `.arcconfig` and run `arc liberate`.

NOTE: `arc diff` timed out so I'm pushing it without review.

Test Plan:
/D1234
Browsed around, especially in `applications/repository/worker/commitchangeparser` and `applications/` in general.

Auditors: epriestley

Maniphest Tasks: T1103
2012-06-01 12:32:44 -07:00
epriestley
09c8af4de0 Upgrade phabricator to libphutil v2
Summary: Mechanical changes from D2588. No "Class.php" moves yet.

Test Plan: See D2588.

Reviewers: vrana, btrahan, jungejason

Reviewed By: vrana

CC: aran

Maniphest Tasks: T1103

Differential Revision: https://secure.phabricator.com/D2591
2012-05-30 14:26:29 -07:00
Bob Trahan
6be9f6f3a8 Make Maniphest Transaction preview tokenizer aware
Summary:
...pretty sure the JS is too hack-tastic but it works...! :D

also fixed a small error from assert_instances_of change where a null value is all errors and what have you

Test Plan: played around with tasks in firefox and safari. made cc, owner, and project changes, as well as priority, etc.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran

Maniphest Tasks: T1074

Differential Revision: https://secure.phabricator.com/D2234
2012-04-14 07:05:58 -07:00
vrana
8813c7be0e Use assert_instances_of() everywhere but Differential and Diffusion
Summary: NOTE: This is not produced by a script so there might be errors. Please review carefully.

Test Plan: Browse around.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran

Differential Revision: https://secure.phabricator.com/D2091
2012-04-03 14:53:20 -07:00
epriestley
e7853e4801 Allow tasks to be subprioritized by drag-and-drop
Summary:
Like the title says, similar to Facebook Tasks.

Not sure how I really feel about this, but I guess it's kind of OK? I never used
this feature in Facebook Tasks but I think some people like it.

The drag-and-drop to repri across priorities feels okayish.

Because subpriority is a double and we just split the difference when
reprioritizing, you lose ~a bit of precision every time you repri two tasks
against each other and so you can break it by swapping the priorities of two
tasks ~50 times. This case is pretty silly and pathological. We can add some
code to deal with this at some point if necessary.

I think this also fixes the whacky task layout widths once and for all.

(There are a couple of minor UI glitches like headers not vanishing and header
counts not updating that I'm not fixing because I am lazy.)

Test Plan: Dragged and dropped tasks around.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran, epriestley, mgummelt

Maniphest Tasks: T859

Differential Revision: https://secure.phabricator.com/D1731
2012-04-02 12:12:04 -07:00
epriestley
f49f1eaa5c Improve display of long project names in task list UI
Summary:
  - Shorten long project names.
  - Prevent wrapping.
  - Fix a double-escaping issue.

Test Plan: See screenshots below.

Reviewers: btrahan, 20after4

Reviewed By: btrahan

CC: aran

Differential Revision: https://secure.phabricator.com/D2073
2012-04-02 11:16:05 -07:00
epriestley
49a0b3fab0 Show projects on Maniphest tasks
Summary:
  - Remove the "Priority" column, since this is indicated by the color swatch, to save space.
  - Reduce the "Updated" column from datetime to date only, since time isn't incredibly useful, to save space.
  - Show the first two projects a task is associated with, and "..." if there are more.
  - Show "None" (for "no owner") in a lighter color.

Test Plan: Looked at tasks on homepage and in Maniphest.

Reviewers: btrahan, 20after4

Reviewed By: btrahan

CC: aran, edward

Maniphest Tasks: T967

Differential Revision: https://secure.phabricator.com/D2065
2012-04-02 10:27:31 -07:00
epriestley
36ab0c3313 Fix local-clobbering iterators in phabricator/
Summary:
These are the issues identified by the linter in D2052. I don't think any cause bugs, but they are all reasonable errors to raise and the linter correctly
detected that they are suspicious.

Test Plan: Mostly inspection.

Reviewers: vrana, btrahan

Reviewed By: vrana

CC: aran, epriestley

Differential Revision: https://secure.phabricator.com/D2053
2012-03-29 13:24:06 -07:00
epriestley
d0af617818 Add "final" to (almost) everything else
Summary: Last of the big final patches. Left a few debatable classes (12 out of about 400) that I'll deal with individually eventually.

Test Plan: Ran testEverythingImplemented.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran, epriestley

Maniphest Tasks: T795

Differential Revision: https://secure.phabricator.com/D1881
2012-03-13 16:21:04 -07:00
epriestley
b2890eeb0e Add "final" to all Phabricator "Controller" classes
Summary:
These are all unambiguously unextensible. Issues I hit:

  - Maniphest Change/Diff controllers, just consolidated them.
  - Some search controllers incorrectly extend from "Search" but should extend from "SearchBase". This has no runtime effects.
  - D1836 introduced a closure, which we don't handle correctly (somewhat on purpose; we target PHP 5.2). See T962.

Test Plan: Ran "testEverythingImplemented" unit test to identify classes extending from `final` classes. Resolved issues.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran, epriestley

Maniphest Tasks: T795

Differential Revision: https://secure.phabricator.com/D1843
2012-03-09 15:46:25 -08:00
epriestley
df361a0761 Improve rendering for Maniphest custom fields
Summary: We render these in a realtively unreadable way right now; allow customization and provide reasonable defaults.

Test Plan: Looked at some tasks with custom fields on them.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran, epriestley

Maniphest Tasks: T930

Differential Revision: https://secure.phabricator.com/D1790
2012-03-06 15:10:17 -08:00
epriestley
fa1d886864 Maniphest CSS changes
Summary:
  - Remove "0.5%" padding which makes Safari flip out and render every row differently sometimes.
  - Remove list padding from ManiphestTaskListView, put it in the controller composition instead.

Test Plan: Viewed all places where task lists appear.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran, epriestley

Differential Revision: https://secure.phabricator.com/D1788
2012-03-05 13:51:35 -08:00
epriestley
282d6e5ffa Unify Maniphest + Differential comment styles
Summary:
I want to add comments to commits, and they should obviously share code with the
nearly-identical comments in Maniphest and Differential. Unify code/style as
much as possible.

This program made possible by a generous grant from D1513.

Test Plan:
  - Looked at a bunch of different Differential and Maniphest comments; they
appeared to render identically to how they looked before.
  - Tested some edge cases like anchors and "show details" on description edits
in Maniphest.

Reviewers: btrahan, jungejason

Reviewed By: btrahan

CC: aran, epriestley

Maniphest Tasks: T904

Differential Revision: https://secure.phabricator.com/D1686
2012-02-24 13:02:35 -08:00
epriestley
386dcfff7e Rough batch editor for Maniphest
Summary:
First stab at a batch editor for Maniphest. Basically, you can select a group of
tasks and then import them into the "batch" interface, where you can edit all of
them at once.

High level goal is to make it easier for users in PM/filer/support/QA roles to
deal with large numbers of tasks quickly.

This implementation has a few major limitations:

  - The only available actions are "add projects" and "remove projects".
  - There is no review / undo / log stuff.
  - All the changes are applied in-process, which may not scale terribly well.

However, the immediate need is just around projects and this seemed like a
reasonable place to draw the line for a minimal useful version of the tool.

Test Plan: Used batch editor to add and remove projects from groups of tasks.

Reviewers: btrahan, yairlivne

Reviewed By: btrahan

CC: aran, epriestley, sandra

Maniphest Tasks: T441

Differential Revision: https://secure.phabricator.com/D1680
2012-02-24 13:00:48 -08:00
vrana
3e3f73235c Break all old differential comment anchors
Test Plan: Display revision, verify text, click on links.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, epriestley

Maniphest Tasks: T845

Differential Revision: https://secure.phabricator.com/D1591
2012-02-07 15:19:39 -08:00
Bob Trahan
e15b3fc6f3 Clean up initialization of Differential Show More Behavior in Maniphest
Summary:
add a static variable to the method and use it so we don't init more
than once!

Test Plan:
add a "phlog" and noted only init'd one time.   verified "show more"
links worked correctly.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, epriestley

Maniphest Tasks: T666

Differential Revision: https://secure.phabricator.com/D1553
2012-02-03 13:58:58 -08:00
epriestley
3c8bb8a608 Fix comment anchor jump highlighting
Summary: I accidentally broke the feature where we highlight comments which are
jumped to via anchor in D1327. We now test that the jump was sucessful by
looking for an item with the anchor ID, but we were only setting 'name'.
Instead, set 'id' as well so the highlighting code detects that the jump was
successful and adds the highlight class.

Test Plan: Clicked "Comment D1234#7" or whatever, got a nice yellow background.

Reviewers: btrahan, nh, jungejason

Reviewed By: btrahan

CC: aran, epriestley

Maniphest Tasks: T796

Differential Revision: https://secure.phabricator.com/D1471
2012-01-24 09:44:20 -08:00
epriestley
1a1da7d6c2 Integrate auxiliary fields into Maniphest transactions
Summary:
  - When changing auxiliary field values, use transactions.
  - Clean up some of the load/save logic for auxiliary fields so it's a little
more performant.

NOTE: The transaction display of auxiliary fields is incredibly hacky, I'll
follow up with a more nuanced approach but wanted to limit scope here.

Test Plan: Created and edited tasks with custom fields configured; created and
edited tasks without custom fields configured.

Reviewers: btrahan, jungejason, zeeg

Reviewed By: jungejason

CC: aran, jungejason

Maniphest Tasks: T418

Differential Revision: https://secure.phabricator.com/D1283
2011-12-27 16:01:49 -08:00
David Reuss
673f0d6c81 Display changed attachments as other changes in Maniphest
Summary:
When changing attachments, the removed part is squished together
with the added parts, making it hard to read. This changes the output
so it looks like other changes, seperating each action by a semicolon.

Test Plan:
Viewed a task where i had attached and deleted revisions, and
saw the output look as other changes of same type.

Reviewers: epriestley, btrahan

Reviewed By: epriestley

CC: aran, epriestley

Differential Revision: 1238
2011-12-19 08:37:29 -08:00
Bob Trahan
4fc37c3dde Add diff view for Maniphest Task "description changed" transactions
Summary:
use the handy DifferentialChangesetParser to do most of the heavy lifting inside
the pertinent view object.   update the controller to be aware of the "show
more" calls coming from the new ui and update the transactionID appropriately.

also snuck in a small change to AprontRequest to all getting all the request
data.  I used it to debug building this.

Test Plan: made a task and entered a bunch of test data.  had descriptions of
various lengths, as well as really long descriptions that i did not change to
much.   verified the diff looked correct and various "show more" links worked as
expected

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, btrahan, epriestley

Differential Revision: 1187
2011-12-08 18:15:19 -08:00
epriestley
69445222f7 Track content sources (email, web, conduit, mobile) for replies
Summary:
When an object is updated, record the content source for the update. This mostly
isn't terribly useful but one concrete thing I want to do with it is let admins
audit via-email replies more easily since there are a bunch of options which let
you do hyjinx if you intentionally configure them insecurely. I think having a
little more auditability around this feature is generally good. At some point
I'm going to turn this into a link admins can click to see details.

It also allows us to see how frequently different mechanisms are used, and lets
you see if someone is at their desk or on a mobile or whatever, at least
indirectly.

The "tablet" and "mobile" sources are currently unused but I figured I'd throw
them in anyway. SMS support should definitely happen at some point.

Not 100% sure about the design for this, I might change it to plain text at some
point.

Test Plan: Updated objects and saw update sources rendered.

Reviewers: jungejason, tuomaspelkonen, aran

Reviewed By: jungejason

CC: aran, epriestley, jungejason

Differential Revision: 844
2011-08-30 11:08:27 -07:00
epriestley
30024a8d86 Render full close status, not just "Closed", in Maniphest list view
Summary: Instead of just saying a task is "Closed", say "Resolved", "Wontfix",
etc.

Test Plan: Looked at task list view, saw "Resolved", "Wontfix", etc.

Reviewers: skrul, hunterbridges, jungejason, tuomaspelkonen, aran

Reviewed By: skrul

CC: aran, skrul, jungejason, epriestley

Differential Revision: 851
2011-08-22 18:27:03 -07:00
epriestley
39b4d20ce5 Create AphrontWriteGuard, a backup mechanism for CSRF validation
Summary:
Provide a catchall mechanism to find unprotected writes.

  - Depends on D758.
  - Similar to WriteOnHTTPGet stuff from Facebook's stack.
  - Since we have a small number of storage mechanisms and highly structured
read/write pathways, we can explicitly answer the question "is this page
performing a write?".
  - Never allow writes without CSRF checks.
  - This will probably break some things. That's fine: they're CSRF
vulnerabilities or weird edge cases that we can fix. But don't push to Facebook
for a few days unless you're prepared to deal with this.
  - **>>> MEGADERP: All Conduit write APIs are currently vulnerable to CSRF!
<<<**

Test Plan:
  - Ran some scripts that perform writes (scripts/search indexers), no issues.
  - Performed normal CSRF submits.
  - Added writes to an un-CSRF'd page, got an exception.
  - Executed conduit methods.
  - Did login/logout (this works because the logged-out user validates the
logged-out csrf "token").
  - Did OAuth login.
  - Did OAuth registration.

Reviewers: pedram, andrewjcg, erling, jungejason, tuomaspelkonen, aran,
codeblock
Commenters: pedram
CC: aran, epriestley, pedram
Differential Revision: 777
2011-08-16 13:29:57 -07:00