1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-27 01:02:42 +01:00
Commit graph

5593 commits

Author SHA1 Message Date
Edward Speyer
bca9dfa10e Fix for D6260
Summary: Fixes a query in √D6260.

Test Plan: View a Releeph RQ and verify that the "churn" field renders and has the right numbers in it.

Reviewers: epriestley, btrahan

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D6702
2013-08-08 16:32:05 +01:00
Chad Little
f6e22a1ec0 Update status icons
Summary: Use standard colors.

Test Plan: create status

Reviewers: epriestley, btrahan

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D6701
2013-08-08 06:51:22 -07:00
epriestley
4f49ec1cff Remove HeraldDryRunAdapter
Summary: Ref T2769. This isn't a real adapter and its methods are increasingly hacky messes. Make "dry run" a first-class concept on the HeraldEngine instead and remove the adapter.

Test Plan: Ran Herald via test console and via CLI.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2769

Differential Revision: https://secure.phabricator.com/D6693
2013-08-07 18:04:40 -07:00
epriestley
ce163536ca Add a normal "view" page for Herald rules
Summary:
Ref T2769. This will house the transaction list and replace the "edit log" stuff.

The UI is a little bit rough and can probably share more code with the transaction history, but seems mostly-reasonable.

Test Plan: {F53253}

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2769

Differential Revision: https://secure.phabricator.com/D6690
2013-08-07 18:04:39 -07:00
epriestley
b767bd3f2d Move Herald rule querying into HeraldRuleQuery
Summary: Ref T2769. The `HeraldRule` class has some query logic; move it into `HeraldRuleQuery`. Also some minor cleanup.

Test Plan: Ran test console, created a new revision, used `reparse.php --herald`. Verified rules triggered correctly.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2769

Differential Revision: https://secure.phabricator.com/D6689
2013-08-07 18:04:38 -07:00
epriestley
75e43513c2 Remove HeraldActionConfig, HeraldFieldConfig
Summary:
Ref T2769. Move all of this stuff into Adapters and get rid of the hard-coded classes.

I cheated in two places.

Test Plan: Edited and activated Herald rules.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran, chad

Maniphest Tasks: T2769

Differential Revision: https://secure.phabricator.com/D6688
2013-08-07 18:04:37 -07:00
epriestley
2c2fcc58ca Remove HeraldConditionConfig
Summary: Ref T2769. Moves all traces of HeraldConditionConfig into Adapters.

Test Plan: Edited rules and used Test Console to exercise both affected code paths. Tried to save invalid rules to hit error pat.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2769

Differential Revision: https://secure.phabricator.com/D6679
2013-08-07 18:04:36 -07:00
epriestley
ca66eeb07c Remove HeraldContentTypeConfig and move repetition to Adapters
Summary: Ref T2769. Get rid of the last use of `HeraldContentTypeConfig` by moving repetition options into Adapters.

Test Plan: Viewed / edited Herald rules.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2769

Differential Revision: https://secure.phabricator.com/D6664
2013-08-07 18:04:35 -07:00
epriestley
0640931d30 Use Adapters to render Herald transcripts
Summary: Ref T2769. Use Adapters to build all the strings for transcripts, then get rid of the old maps.

Test Plan: Viewed revision and commit transcripts.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2769

Differential Revision: https://secure.phabricator.com/D6663
2013-08-07 18:04:34 -07:00
epriestley
78eb81ffd0 Remove almost all instances of HeraldContentTypeConfig
Summary: Ref T2769. This cleans up almost every use of the HeraldContentTypeConfig class.

Test Plan: Viewed and edited Herald rules.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2769

Differential Revision: https://secure.phabricator.com/D6662
2013-08-07 18:04:33 -07:00
epriestley
9c637604a2 Move most Herald actions and values into dynamic adapters
Summary: Ref T2769. Shift the bulk of value and action config into Adapters.

Test Plan: Viewed and edited Herald list and rules.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran, vrana

Maniphest Tasks: T2769

Differential Revision: https://secure.phabricator.com/D6660
2013-08-07 18:03:54 -07:00
epriestley
2e87f9f53c Move most Herald condition config into dynamic adapters
Summary: Ref T2769. Pushes most condition configuration into Adapters, out of the hard-coded class.

Test Plan: Looked at, edited, and dry-run'd Herald rules.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2769

Differential Revision: https://secure.phabricator.com/D6658
2013-08-07 18:03:53 -07:00
epriestley
3490b6dd11 Move most Herald field configuration into dynamic Adapters
Summary: Ref T2769. Herald has a giant hard-coded list of fields. Primarily make these dynamic and adapter-based.

Test Plan: Viewed and edited Herald rules.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2769

Differential Revision: https://secure.phabricator.com/D6657
2013-08-07 18:03:52 -07:00
epriestley
6badb05d64 Make Herald adapters provide content types
Summary:
Ref T2769. Get content types out of hard-coded config and into dynamic adapters.

This removes the "MERGE" and "OWNERS" content types, which were vestigal. These needs are likely better addressed through subscriptions/transactions, and are obsolete, and haven't existed for 2+ years and no one has asked for them to be restored.

Test Plan: Mostly a bunch of grep. Viewed rule list, rule edit. Edited a revision.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2769

Differential Revision: https://secure.phabricator.com/D6656
2013-08-07 18:03:51 -07:00
epriestley
307a41e895 Rename "HeraldObjectAdapter" to "HeraldAdapter"
Summary: Ref T2769. The term "Object" is redundant.

Test Plan: grep

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2769

Differential Revision: https://secure.phabricator.com/D6655
2013-08-07 18:03:50 -07:00
epriestley
b1c4a258c9 Add ApplicationTransactions to Herald
Summary: Ref T2769. I'm planning to keep this pretty simple, but we have this ad-hoc edit log for rules already and some other mess that we can clean up.

Test Plan: No effect yet; see future changes.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2769

Differential Revision: https://secure.phabricator.com/D6654
2013-08-07 18:03:49 -07:00
epriestley
589ae8d26d Use ApplicationSearch in Herald
Summary: Ref T2769. Ref T2625. Herald is currently a giant mishmash of hard-codes and weird special cases. Move toward modernization and normality.

Test Plan: {F52716}

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2625, T2769

Differential Revision: https://secure.phabricator.com/D6652
2013-08-07 18:03:47 -07:00
epriestley
a7ce55e3ca Remove extra side navs in Herald
Summary: Ref T2769. Removes some nonstandard side navs.

Test Plan: Viewed affected pages.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2769

Differential Revision: https://secure.phabricator.com/D6651
2013-08-07 18:03:46 -07:00
epriestley
ceb7f830a4 Make HeraldRuleQuery policy-aware
Summary: Ref T2769. dem policy checks

Test Plan: Loaded `/herald/`; loaded rule editor.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2769

Differential Revision: https://secure.phabricator.com/D6650
2013-08-07 18:03:45 -07:00
epriestley
8eed5b1f14 Make HeraldRule implement PhabricatorPolicyInterface
Summary:
Ref T603. Ref T2769. Herald currently interacts with policies in a bad way; specifically, I can create a rule which emails me for everything, and thus learn about objects I can't otherwise see.

This shouldn't be possible, so I'm going to reduce personal rules to have only the viewer's scope.

For global rules, I think I'm always going to let any user edit them, but make who the rule acts as part of the configuration. There will be an option to make a rule omnipotent, but only admins (or some other special subset of users) will be able to select it.

Transactions/subscriptions will provide a check against users editing global rules in ways that are bad.

Test Plan: Next diffs.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T603, T2769

Differential Revision: https://secure.phabricator.com/D6649
2013-08-07 18:03:44 -07:00
epriestley
2820fdc89b Add PHIDs to Herald Rules
Summary: Ref T2769. Precursor to various Herald-related modernizations.

Test Plan: Ran migration; loaded Herald via web.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2769

Differential Revision: https://secure.phabricator.com/D6648
2013-08-07 18:03:37 -07:00
epriestley
d3e700ce19 Further mitigate BREACH by reducing reflectiveness
Summary:
Ref T3684. The URI itself is reflected in a few places. It is generally not dangerous because we only let you add random stuff to the end of it for one or two controllers (e.g., the file download controller lets you add "/whatever.jpg"), but:

  - Remove it entirely in the main request, since it serves no purpose.
  - Remove query parameters in Ajax requests. These are available in DarkConsole proper.

Also mask a few things in the "Request" tab; I've never used these fields when debugging or during support, and they leak quasi-sensitive information that could get screenshotted or over-the-shoulder'd.

I didn't mitgate `__metablock__` because I think the threat is so close to 0 that it's not worthwhile.

Test Plan: Used Darkconsole, examined Requests tab.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T3684

Differential Revision: https://secure.phabricator.com/D6699
2013-08-07 16:09:25 -07:00
epriestley
7298589c86 Proof of concept mitigation of BREACH
Summary: Ref T3684 for discussion. This could be cleaned up a bit (it would be nice to draw entropy once per request, for instance, and maybe respect CSRF_TOKEN_LENGTH more closely) but should effectively mitigate BREACH.

Test Plan: Submitted forms; submitted forms after mucking with CSRF and observed CSRF error. Verified that source now has "B@..." tokens.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T3684

Differential Revision: https://secure.phabricator.com/D6686
2013-08-07 16:09:05 -07:00
epriestley
ab7a091212 Fix text-mode rendering of object and Asana link views
Summary:
Ref T2852. Two issues:

  - Embeds (`T12`, `{T12}`) have some handle issues because handles run afoul of visibility checks under some configs. Make handles unconditionally visible.
  - Asana links don't render correctly into text mode. Give them a valid text mode rendering so they don't flip out.

Test Plan: Made comments with `T12` and `http://app.asana.com/...` and published them to Asana.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2852

Differential Revision: https://secure.phabricator.com/D6696
2013-08-07 13:29:09 -07:00
epriestley
aa8c661d5d Don't publish story text for "close" stories to Asana
Summary: Ref T2852. After some discussion, Asana doesn't want "close" stories either.

Test Plan: Used `bin/feed republish` to publish close and non-close stories from Differential and Diffusion. Verified comments were synchronized in the expected cases.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2852

Differential Revision: https://secure.phabricator.com/D6697
2013-08-07 13:28:58 -07:00
Chad Little
9c999e3548 Update pinboard view styles, move to PHUI
Summary: Tightens up the CSS to display more items (4 wide on 15") and fixes some mobile CSS issues with appseach. Fixes T3614

Test Plan: Tested Pholio, Macros, mobile layouts

Reviewers: epriestley, btrahan

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T3614

Differential Revision: https://secure.phabricator.com/D6694
2013-08-07 10:58:09 -07:00
Kieran Brownlees
8b07c498d4 Add NEEDS_REVISION support to DifferentialRevisionQuery
Reviewed by: epriestley

See: https://github.com/facebook/phabricator/pull/370
2013-08-07 08:00:32 -07:00
Chad Little
1ab7622edf Fix project stories.
Summary: Fix missed %s

Test Plan: Load up feed.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D6692
2013-08-06 21:01:20 -07:00
Chad Little
6775005bad Add differential comments to feed.
Summary: We already show transaction and maniphest comments.

Test Plan: Review my feed, see diff comment.

Reviewers: epriestley, btrahan

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D6687
2013-08-06 11:08:11 -07:00
Jakub Vrana
ce62632e15 Add example for bugtraq.logregex with two parts
Summary: Also fix displaying array examples.

Test Plan: Used it in `linkBugtraq()`.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T3620

Differential Revision: https://secure.phabricator.com/D6667
2013-08-06 09:29:22 -07:00
Chad Little
b348aaefb9 Add Hovercards / restyle feed one line stories.
Summary: This adds hovercards to most stories and removes the profile photo from one line stories. I don't know about my implementation, which has difficulties with application transactions (because it shows status). Which leads me to a bigger question, which is can we render all people through a common function like AphrontTagView so we can easily class and/or hovercard it anywhere.

Test Plan: Reviewed my feed, various stories.

Reviewers: epriestley, btrahan

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D6684
2013-08-06 09:20:04 -07:00
epriestley
5a352d0a69 Improve phd help
Summary: Fixes T3680. One description was wrong, and clean up some of the other stuff.

Test Plan: Ran `phd`.

Reviewers: btrahan, Korvin

Reviewed By: Korvin

CC: aran, jifriedman, Korvin

Maniphest Tasks: T3680

Differential Revision: https://secure.phabricator.com/D6683
2013-08-06 09:10:53 -07:00
Bob Trahan
0e6b5073cd Paste - add support for email replies and subscribers
Summary: Email replies and subscribers seem to go hand in hand so deploy both at once.

Test Plan: played around with bin/mail. Verified replies posted comments on the paste.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T3650

Differential Revision: https://secure.phabricator.com/D6682
2013-08-05 17:11:46 -07:00
epriestley
42af0d66d9 Use ApplicationSearch in Feed
Summary: Ref T2625. This doesn't do anything fancy, but gives feed a little more flexibility.

Test Plan: Viewed `/feed/`.

Reviewers: btrahan, chad

Reviewed By: chad

CC: aran

Maniphest Tasks: T2625

Differential Revision: https://secure.phabricator.com/D6681
2013-08-05 14:10:41 -07:00
Eric Stern
b20a0eed13 Filter only possibly-tainted keys from superglobals
Summary: Ensures that weird behavior from filter_input_array does not remove keys from superglobals. Should fix T3677.

Test Plan:
Checked that $_SERVER contained same number of keys before and after
filtering, and that those affected by the original bug continue to be filtered
correctly.

Reviewers: epriestley, btrahan

Reviewed By: epriestley

CC: zorfling, aran, Korvin, wez

Maniphest Tasks: T3677

Differential Revision: https://secure.phabricator.com/D6680
2013-08-05 11:45:21 -07:00
epriestley
b712905dc1 Add a "document" style to PHUIRemarkupPreviewPanel and use it in Legalpad and Phriction
Summary: Ref T3671. Depends on D6674. Continues work in D6673, D6674 and extends it into Legalpad and Phriction. Then deletes a bunch of dead code.

Test Plan: Edited documents in Legalpad and Phriction, verified I got reasonable looking previews.

Reviewers: btrahan, Firehed

Reviewed By: btrahan

CC: aran, chad

Maniphest Tasks: T3671

Differential Revision: https://secure.phabricator.com/D6675
2013-08-05 10:47:26 -07:00
epriestley
b2fa1293a7 Use PHUIRemarkupPreviewPanel in Ponder
Summary:
Ref T3578. Ref T3671. Depends on D6673. Use `PHUIRemarkupPreviewPanel` (introduced in D6673) to provide question create/edit and answer edit previews in Ponder.

Then delete a million lines of duplicate code.

Test Plan: Edited a question; edited an answer. Saw live previews.

Reviewers: btrahan, Firehed

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T3578, T3671

Differential Revision: https://secure.phabricator.com/D6674
2013-08-05 10:47:06 -07:00
epriestley
193a9611e4 Partially generalize Remarkup previews and add support to Differential
Summary:
Ref T3671. A lot of applications have pretty ad-hoc preview code. Clean it up a bit and add Summary preview to Differential.

After ApplicationTransactions we might want to try to serialize the whole form and show a preview of all the transactions, but this seems not very useful in most cases (I'd guess that Remarkup previews are 99% of the value) and tricky to get right (e.g., adding images which don't exist yet to Pholio mocks).

I think I can add this in a few other places, too.

Test Plan:
Edited Maniphest Tasks and Differential Revisions, mashed some buttons. Verified previews rendered correctly. Grepped for removed CSS classes (no hits).

{F52907}

Reviewers: btrahan, Firehed

Reviewed By: btrahan

CC: aran, chad

Maniphest Tasks: T3671

Differential Revision: https://secure.phabricator.com/D6673
2013-08-05 10:46:39 -07:00
epriestley
86989c9f98 Provide a more flexible script for administrative management of audits
Summary: Fixes T3679. This comes up every so often and the old script is extremely broad (nuke everything in a repository). Provide a more surgical tool.

Test Plan: Ran a bunch of variations of the script and they all seemed to work OK.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran, staticshock

Maniphest Tasks: T3679

Differential Revision: https://secure.phabricator.com/D6678
2013-08-05 10:35:01 -07:00
epriestley
02ccca4bbd Fix Maniphest fatal if attached tasks are not an array
Summary: Fixes T3678. I think some very old rows may have a junk value here. This will be obsoleted by ApplicationTransactions and other modernization, most likely, so just fix it locally.

Test Plan: looked at a task

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T3678

Differential Revision: https://secure.phabricator.com/D6677
2013-08-05 10:27:50 -07:00
Chad Little
3fd2c0ff90 Re-implement one line stories.
Summary: This puts back the 'one line' story we previously had with the updated design.

Test Plan: Review my feed.

Reviewers: epriestley, btrahan

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D6666
2013-08-05 10:10:33 -07:00
Eric Stern
44a883f941 Pass raw QUERY_STRING to parser
Summary:
Fixes issue where double-encoding of $_SERVER occurs when php.ini forces all input to be sanitized

Ex:
filter.default = full_special_chars
filter.default_flags = 36

Fix line length

Test Plan: Encountered issue on clean install when registring new user (phusr not defined for email verification). php.ini on that server contains above filter settings. nginx/php-fpm with recommended settings for that server block from setup guide.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, epriestley

Differential Revision: https://secure.phabricator.com/D6672
2013-08-04 18:07:35 -07:00
Korvin Szanto
61f0671e87 Fix PhabricatorBot macro cacheing
Summary:
Previously, if there were no macros, we would ping conduit for a list of macros until we got something. Now we cache false when there are no results.
T3045

Test Plan: Ensure the init doesn't call the ##macro.query## conduit method more than once during the PhabricatorBot's lifetime.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran

Maniphest Tasks: T3045

Differential Revision: https://secure.phabricator.com/D6671
2013-08-04 15:40:04 -07:00
Korvin Szanto
40cf765ca2 Line highlighting for pastes
Summary:
Add the ability to select singular and multiple lines in paste to highlight.
This is related to T3627

Test Plan: Create a paste, select one or more lines.

Reviewers: epriestley, tberman

Reviewed By: epriestley

CC: aran, chad

Maniphest Tasks: T3627

Differential Revision: https://secure.phabricator.com/D6668
2013-08-04 12:12:37 -07:00
epriestley
a5f790e192 Handle "multipart/form-data" correctly even if we get the data
Summary: Fixes T3673. Supposedly we won't get any data in this case, but it seems we sometimes do. See discussion in task.

Test Plan: Used `var_dump()`, etc., to verify we short circuit out of "multipart/form-data" posts regardless of the presence of input data.

Reviewers: nmalcolm, btrahan

Reviewed By: nmalcolm

CC: aran

Maniphest Tasks: T3673

Differential Revision: https://secure.phabricator.com/D6670
2013-08-04 11:37:17 -07:00
epriestley
ed9edc5d3a Minor, fix Paste SQL patch for databases with all warnings turned on.
This column has no default value and throws if you have maximum warnings activated:

  EXCEPTION: (AphrontQueryException) #1364: Field 'commentVersion' doesn't have a default value...

Auditors: btrahan
2013-08-04 11:32:32 -07:00
epriestley
0de3b351b2 Fix string construction of submit button in Flag
Summary: Fixes T3674.

Test Plan: Clicked "flag for later"; checked error log.

Reviewers: btrahan, chad

Reviewed By: chad

CC: aran

Maniphest Tasks: T3674

Differential Revision: https://secure.phabricator.com/D6669
2013-08-04 08:16:09 -07:00
Bob Trahan
37a5c4b11a Paste - add transactions
Summary: Ref T3650. This adds a create transaction, transactions for metadata (title, langauge, view policy), and comments. Editor is used on all create /edit paths.

Test Plan: made some pastes via web and email - yay. edited pastes - yay. verified txns showed up on pastes and in feed correctly.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T3516, T3650

Differential Revision: https://secure.phabricator.com/D6645
2013-08-02 12:56:58 -07:00
Chad Little
4a4181aea6 Emoticons, Pack 1
Summary: n/a

Test Plan: photoshop, imageoptim

Reviewers: epriestley, btrahan

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D6661
2013-08-02 12:00:26 -07:00
Bob Trahan
ee9830a950 Fix a small bug - %d => %s
Summary: easy peasy. noticed it trying to fix an image.

Test Plan: can fix image by phid once more!

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D6659
2013-08-02 11:20:25 -07:00