1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-25 00:02:41 +01:00
Commit graph

22 commits

Author SHA1 Message Date
epriestley
88ae246593 Write search bolding in a way which is certainly HTML-safe
Summary:
This algorithm is tricky, and uses `phutil_safe_html()` directly, which makes it potentially unsafe.

In particular, D8859 fixes a bug with it which caused it to produce non-utf8 output. This doesn't guarantee it's a security problem, but does make it suspicious.

I don't actually see a way to break it, but rewrite it so that it's absolutely bulletproof and does not need to call `phutil_safe_html()`.

Test Plan:
{F147487}

@rugabarbo, if you have a chance, can you check if this still works for you?

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley, rugabarbo

Differential Revision: https://secure.phabricator.com/D8862
2014-04-26 12:44:16 -07:00
Pavel Ivanov
035d55f67f Fix strange bug for russian language search results
Summary:
I created this review to get an answer...
It should not be taken as a real fix.

I noticed that phabricator return corrupted search results for some russian queries (without this patch).
See screenshot:
{F147443}

But I can't reproduce this bug on https://secure.phabricator.com/
This search query causes problems only for my phabricator instance.

More than that, I didn't find any php.ini-settings that can resolve this problem.
It's look like your phabricator instance use /u-modifier by default.

But how is it possible?

Test Plan: NONE

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D8859
2014-04-25 11:52:17 -07:00
epriestley
a48128d36f Partially use ApplicationSearch in main search
Summary:
Ref T4365. Primary search currently uses `PhabricatorSearchQuery` for storage, which is pretty much the same as `PhabricatorSavedQuery`, except that it's old and not used anywhere else anymore.

Maniphest used to also use this table, but no longer does after Septmeber, 2013. We need to retain the class so the migration can work.

This introduces `PhabricatorSearchApplicationSearchEngine` and `PhabricatorSearchDocumentQuery`, but they're both stubs that I just needed for technical reasons and/or to pass lint. The next couple patches will move logic into them and use ApplicationSearch properly.

Test Plan:
  - Searched for stuff.
  - Searched for stuff with filters.
  - Searched for fulltext in Maniphest.
  - Grepped for `PhabricatorSearchQuery`.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T4365

Differential Revision: https://secure.phabricator.com/D8120
2014-02-03 12:51:08 -08:00
Vasyl Vavrychuk
e67302a4c9 Display closed documents with crossed text in search result.
Summary:
By default in search application document status field is "Open and Closed Documents".
Often searching with this default status I get confused that open and closed items in
search result are not distinguished.

Test Plan: Search and see open/closed issues distinguished.

Reviewers: chad, #blessed_reviewers, epriestley

Reviewed By: epriestley

CC: epriestley, aran, Korvin

Differential Revision: https://secure.phabricator.com/D7626
2013-11-25 20:05:36 -08:00
epriestley
3ed75109e6 Simplify handle rendering in search view
Summary:
Commits don't need special treatment since we have commit summaries. They're cool.

Also, this saves us some queries (I think, not sure).

Test Plan: Searched before and after this patch. Results look cool (the same).

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D5546
2013-04-02 16:49:14 -07:00
vrana
6ae4066d18 Kill phutil_render_tag()
Summary: Fixes some double escaping.

Test Plan: None.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T2432

Differential Revision: https://secure.phabricator.com/D4945
2013-02-13 16:32:13 -08:00
epriestley
ef7f16180c Restore merge of phutil_tag. 2013-02-13 14:51:18 -08:00
epriestley
73cce6e131 Revert "Promote phutil-tag again"
This reverts commit 8fbabdc06d, reversing
changes made to 2dab1c1e42.
2013-02-13 14:08:57 -08:00
vrana
c9ab1fe505 Return safe HTML from all render()
Summary:
This is pretty brutal and it adds some `phutil_safe_html()`.
But it is a big step in the right direction.

Test Plan: None.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T2432

Differential Revision: https://secure.phabricator.com/D4905
2013-02-11 18:18:18 -08:00
epriestley
39221b1d3f Merge branch 'master' into phutil_tag
(Synchronizing.)
2013-01-29 11:05:02 -08:00
vrana
13eb77fe6c Deduplicate handle code
Summary: There's quite some duplicate code here.

Test Plan: Searched for a commit.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D4665
2013-01-28 16:44:15 -08:00
vrana
3c1b8df8ae Convert simple phutil_render_tag() to phutil_tag()
Summary: Done manually.

Test Plan: Loaded homepage.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D4509
2013-01-24 19:30:50 -08:00
vrana
20768d65d5 Convert phutil_render_tag(X, Y, '...') to phutil_tag
Summary:
Created with spatch:

  lang=diff
  - phutil_render_tag
  + phutil_tag
    (X, Y, '...')

Then searched for `&` and `<` in the output and replaced them.

Test Plan: Loaded homepage.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D4503
2013-01-24 19:20:27 -08:00
Bob Trahan
730cf80a36 Expose subscribers in search and some polish
Summary: was poking at T654 and noticed subscribers weren't exposed in search UI so I did so. Also make ponder a little less silly on the double handles load. Finally, stopped showing the "Examine Index" link to non admins since they can't click it. Note this introduces a UI oddity in that you Users and Phriction Documents don't currently have the subscribe functionality.

Test Plan: searched for subscribers in all applications - it worked!

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D3907
2012-11-06 15:35:26 -08:00
vrana
ef85f49adc Delete license headers from files
Summary:
This commit doesn't change license of any file. It just makes the license implicit (inherited from LICENSE file in the root directory).

We are removing the headers for these reasons:

- It wastes space in editors, less code is visible in editor upon opening a file.
- It brings noise to diff of the first change of any file every year.
- It confuses Git file copy detection when creating small files.
- We don't have an explicit license header in other files (JS, CSS, images, documentation).
- Using license header in every file is not obligatory: http://www.apache.org/dev/apply-license.html#new.

This change is approved by Alma Chao (Lead Open Source and IP Counsel at Facebook).

Test Plan: Verified that the license survived only in LICENSE file and that it didn't modify externals.

Reviewers: epriestley, davidrecordon

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T2035

Differential Revision: https://secure.phabricator.com/D3886
2012-11-05 11:16:51 -08:00
vrana
6cc196a2e5 Move files in Phabricator one level up
Summary:
- `kill_init.php` said "Moving 1000 files" - I hope that this is not some limit in `FileFinder`.
- [src/infrastructure/celerity] `git mv utils.php map.php; git mv api/utils.php api.php`
- Comment `phutil_libraries` in `.arcconfig` and run `arc liberate`.

NOTE: `arc diff` timed out so I'm pushing it without review.

Test Plan:
/D1234
Browsed around, especially in `applications/repository/worker/commitchangeparser` and `applications/` in general.

Auditors: epriestley

Maniphest Tasks: T1103
2012-06-01 12:32:44 -07:00
epriestley
09c8af4de0 Upgrade phabricator to libphutil v2
Summary: Mechanical changes from D2588. No "Class.php" moves yet.

Test Plan: See D2588.

Reviewers: vrana, btrahan, jungejason

Reviewed By: vrana

CC: aran

Maniphest Tasks: T1103

Differential Revision: https://secure.phabricator.com/D2591
2012-05-30 14:26:29 -07:00
epriestley
bbe2063443 [NO CLUE WHAT I'M DOING] Add an Elasticsearch engine
Summary:
I have no idea what I'm doing, but here's part of an elasticsearch engine. These things work:

  - Indexing stuff (??)
  - Searching for text/type?
  - Reconstructing things??

All the complicated stuff doesn't work. I'm having a hard time figuring out the best way to model things because elasticsearch's documentation is not exactly the most complete or illuminating.

@amckinley, does this look sane-ish so far? Particularly, the /phabricator/<type>/<phid>/ URI scheme and how I've set up the relationships and fields in the documents?

How should I model the relationship and field queries? I want, like, an "equal" query but it seems like I've got "text" or "term" to work with and neither are exact match? And "term" doesn't consider PHIDs to be terms since they have hyphens in them?

I'll keep kind of slogging my way forward here but if you have valuable wisdom to share it would probably get me to a better end state much faster. The whole query construction phase is pretty much black magic to me.

Test Plan: nyancat

Reviewers: amckinley, vrana

Reviewed By: vrana

CC: jungejason, tuomaspelkonen, aran, 20after4, vrana

Differential Revision: https://secure.phabricator.com/D790
2012-04-20 15:33:09 -07:00
vrana
778b6bb483 Support operators in highlighting search results
Summary: Supports ", +, |, * and -.

Test Plan:
Search for `"Quoted search"`.
Search for `Phabric*`.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran

Differential Revision: https://secure.phabricator.com/D2076
2012-04-02 13:54:20 -07:00
Bob Trahan
84ea5c53e4 Kill PhabricatorFileURI
Summary:
we used to need this function for security purposes, but no longer need
it.   remove it so that some call sites can be optimized via smarter data
fetching, and so the whole codebase can have one less thing in it.

Test Plan:
verified the images displayed properly for each of the following
- viewed a diff with added images.
- viewed a user feed
- viewed a user profile
- viewed all image macros
- viewed a paste and clicked through "raw link"
weakness in testing around proxy files and transformed files.  not sure what
these are.  changes here are very programmatic however.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, btrahan, epriestley

Maniphest Tasks: T672

Differential Revision: https://secure.phabricator.com/D1354
2012-01-10 15:21:39 -08:00
epriestley
4bec2579d5 Some documentation updates. 2011-09-14 08:02:31 -07:00
epriestley
11d8f1af18 Improve search result listing
Summary:
Make it prettier, paginate, add user pictures, show document types, clean some
stuff up a little. Plenty of room for improvement but this should make it a lot
more useful.

Test Plan:
Here's what the new one looks like:
https://secure.phabricator.com/file/view/PHID-FILE-edce2b83c2e3a121c2b7/

Reviewed By: jungejason
Reviewers: tomo, jungejason, aran, tuomaspelkonen, mroch
Commenters: tomo
CC: aran, tomo, jungejason, epriestley
Differential Revision: 545
2011-06-29 13:25:38 -07:00