1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-23 23:32:40 +01:00
Commit graph

4086 commits

Author SHA1 Message Date
vrana
a22ef4e9b4 Kill most of phutil_escape_html()
Summary:
This resolves lots of double escaping.
We changed most of `phutil_render_tag(, , $s)` to `phutil_tag(, , $s)` which means that `$s` is now auto-escaped.
Also `pht()` auto escapes if it gets `PhutilSafeHTML`.

Test Plan: None.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T2432

Differential Revision: https://secure.phabricator.com/D4889
2013-02-11 15:27:38 -08:00
epriestley
f1a36cf3c8 Make it easier to use print_r() debugging
Summary:
The fixed-position side nav background thing tends to make looking at print_r() output hard. Also, it breaks Ajax, etc.

  - Loudly call out unexpected output on normal pages, to catch extra spaces before `<?php`, etc.
  - Display unexpected output in an attractive panel on normal pages.
  - Log unexpected output instead of breaking Ajax.

Test Plan:
{F32267}

Also triggered various fatals and verified they still show the right messages (no blank pages).

Reviewers: vrana, btrahan, chad

Reviewed By: btrahan

CC: aran

Differential Revision: https://secure.phabricator.com/D4892
2013-02-11 11:06:59 -08:00
epriestley
1e74c05ac6 Add timestamps to development-mode static resource URIs
Summary:
When a developer changes CSS, it is normally sufficient to reload the page to get changes to show up, because browsers revalidate resources on reload.

However, if you reload the page and then an Ajax request adds new CSS to the page, this CSS does not trigger revalidation. The developer must currently clear their cache or re-run `scripts/celerity_mapper.php webroot`, to get this request to skip cache. We rarely use CSS over Ajax right now, so this hasn't cropped up much, but Conpherence does use this and clearing the resource is a big pain.

This seems to work fine normally, but I'm worried it might break some of the extra-celerity-resources stuff Facebook is doing.

Test Plan: In development mode, changed `conpherence/message-pane.css` and saw changes reflected on reload. Verified normal page loads do not cause additional HTTP requests. This change has no effect in production mode.

Reviewers: edward, vrana, btrahan

Reviewed By: vrana

CC: aran

Maniphest Tasks: T2428

Differential Revision: https://secure.phabricator.com/D4902
2013-02-11 11:06:41 -08:00
epriestley
ca0d6aca10 Add separate exception for when the repository clone is unreadable.
Summary: Show a more specific exception when the local clone cannot be read because of permission issues.

Test Plan: Create a repository in an unreadable location and check for the right exception.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T2368

Differential Revision: https://secure.phabricator.com/D4868
2013-02-11 08:35:00 -08:00
kwadwo
76aee9985a Conduit file upload method that takes in the files content hash and name. Returns the file phid if successful. Updates to phutil library map.
Summary: Conduit method to upload a a new file using a hash

Test Plan: Try uploading a file using its content hash

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D4899
2013-02-11 06:30:02 -08:00
indiefan
eaa72c6155 Fixing a bug in the bot ignore logic to use sender.
Summary: Also added sender to the campfire adapter. This isn't extremely useful as it's just a numeric id, but it allows us to add ignores (specifically having the bot ignore itself).

Test Plan: Ran the bot, ignored itself.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D4893
2013-02-09 16:10:33 -08:00
epriestley
0f8984f5a7 Move XHProf sampling code out of index.php
Summary:
  - Separate the ideas of "requested" (explicit user request) vs "started" (user request or sampling).
  - Move this code out of index.php into the XHProf stuff (general effort to make index.php smaller).

Test Plan:
Verified that profiling still works, and profiling extends to ajax requests.

Set sampling rate to 2, saw 50% samples.

Looked at database, saw sampling data populating properly.

Reviewers: vrana, nh

Reviewed By: vrana

CC: aran

Differential Revision: https://secure.phabricator.com/D4891
2013-02-09 15:47:55 -08:00
vrana
b72e7969a1 Move Pygments handling to libphutil
Test Plan: None.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D4875
2013-02-09 15:19:55 -08:00
vrana
9b8da73765 Convert AphrontTableView to safe HTML
Summary:
Lots of killed `phutil_escape_html()`.

Done by searching for `AphrontTableView` and then `$rows` (usually) backwards.

Test Plan:
Looked at homepage.

  echo id(new AphrontTableView(array(array('<'))))->render();

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D4884
2013-02-09 15:11:38 -08:00
vrana
58b6e2cac6 Convert AphrontDialogView to safe HTML
Summary:
Done by searching for `AphrontDialogView` and then `appendChild()`.

Also added some `pht()`.

Test Plan: None.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D4882
2013-02-09 15:11:35 -08:00
vrana
e4736bf977 Avoid double escaping in error view title
Summary: Searched for `AphrontErrorView` and then for `setTitle()`.

Test Plan: None.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T2432

Differential Revision: https://secure.phabricator.com/D4880
2013-02-09 15:11:33 -08:00
epriestley
879c14e13a Consolidate HTTP header access
Summary: Route all `$_SERVER['HTTP_...']` stuff through AphrontRequest (it would be nice to make this non-static, but the stack is a bit tangled right now...)

Test Plan: Verified CSRF and cascading profiling. `var_dump()`'d User-Agent and Referer and verified they are populated and returned correct values when accessed. Restarted server to trigger setup checks.

Reviewers: vrana

Reviewed By: vrana

CC: aran

Differential Revision: https://secure.phabricator.com/D4888
2013-02-09 15:01:57 -08:00
epriestley
f5827871d5 When a page is profiled, profile all AJAX requests too
Summary: If a page is profiled, add an "X-Phabricator-Profiler" header to all Ajax requests, and profile those too.

Test Plan: Profiled a page, checked Darkconsole, saw profiles for everything.

Reviewers: vrana, btrahan

Reviewed By: vrana

CC: aran

Differential Revision: https://secure.phabricator.com/D4885
2013-02-09 13:29:47 -08:00
epriestley
27a537c15f When viewing a thread with no picture, load no images instead of all images
Summary:
Currently, we select every file when looking at a thread with no splash image.

(Possibly the Query stuff should try to catch this.)

Test Plan: No more `SELECT * FROM files` query.

Reviewers: chad, btrahan, vrana

Reviewed By: vrana

CC: aran

Differential Revision: https://secure.phabricator.com/D4887
2013-02-09 13:28:51 -08:00
epriestley
4a3a4fdea3 Make Conpherence a lot faster
Summary: Remove a sleep().

Test Plan: Thread cost dropped from ~1s to ~70ms for a test thread based on profiling after D4885.

Reviewers: btrahan, chad, vrana

Reviewed By: chad

CC: aran

Differential Revision: https://secure.phabricator.com/D4886
2013-02-09 13:00:06 -08:00
Nick Pellegrino
628bef0771 Default to right status when viewing a config 'class' option
Summary: T2361

Test Plan:
Set value to metamta.mail-adapter and reload page.  Defaults to assigned value.
Performed same test with metamta.can-send-as-user to check that functionality is not broken for config 'boolean' options.

Reviewers: epriestley

Reviewed By: epriestley

CC: kwadwon, aran, Korvin

Maniphest Tasks: T2361

Differential Revision: https://secure.phabricator.com/D4881
2013-02-09 11:03:57 -08:00
epriestley
1190e0516f Fix double escaping on PhabricatorFileLinkListView
Summary: Fallout from D4822.

Test Plan: {F32108}

Reviewers: chad, btrahan, vrana

Reviewed By: chad

CC: aran

Differential Revision: https://secure.phabricator.com/D4879
2013-02-09 08:43:37 -08:00
Chad Little
2cc1da20e7 Mobile-ize Phriction
Summary: Walk through using Phriction on mobile, cleaned up missing conversion.

Test Plan: View History, edit document, create document, delete document.

Reviewers: epriestley, btrahan

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D4872
2013-02-09 08:36:28 -08:00
kwadwo
9d031a51df Files now share storage. New files are written only if no other files have the same contentHash. Storage is only deleted if no other file is sharing it.
Summary: Storage is shared between files in a smart way. When uploading files, if other file have the same contentHash, then share storage. On delete, storage is permanently deleted only if no other files are sharing it

Test Plan: Upload multiple copies of the same file, while tracking database. Delete copies of files and check to see that the storage is only deleted if no other files are using it

Reviewers: epriestley

CC: aran, Korvin

Maniphest Tasks: T2454

Differential Revision: https://secure.phabricator.com/D4775
2013-02-09 07:03:58 -08:00
epriestley
3dd5d693c8 Fix double escaping in Pholio subscribers
Summary:
Fallout from D4822. We now escape text by default, and imploding links causes double-escaping. See here for details:

http://www.phabricator.com/docs/phabricator/article/Rendering_HTML.html

Test Plan: {F32100}

Reviewers: ljalonen, chad, btrahan, vrana

Reviewed By: ljalonen

CC: aran

Differential Revision: https://secure.phabricator.com/D4878
2013-02-09 06:51:47 -08:00
epriestley
3706ec4879 Promote phutil_tag
Summary: Fixes T2432. Anything else we should do before we land this? I'll land the lint rules at the same time.

Test Plan: See D4807.

Reviewers: vrana, btrahan

CC: aran, lesha, edward

Maniphest Tasks: T2432

Differential Revision: https://secure.phabricator.com/D4822
2013-02-08 17:30:08 -08:00
epriestley
7ec8e885e1 Merge branch 'master' into phutil_tag
(Final final sync.)
2013-02-08 17:29:32 -08:00
vrana
d817dfa8fc Convert some phutil_escape_html() to hsprintf()
Summary: Found by `sgrep_php -e '"...".phutil_escape_html(...)'`.

Test Plan:
/
/D1
/uiexample/
/countdown/1/
/herald/transcript/1/all/

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T2432

Differential Revision: https://secure.phabricator.com/D4869
2013-02-08 15:59:02 -08:00
epriestley
51947ac332 Make diviner documentation generation book-oriented
Summary:
I want to allow a single project to generate multiple "books" of documentation, so we can separate user-facing documentation from technical documentation and such.

Generalize the ".divinerconfig" file into a "diviner book" configuration file.

Since only the "generate" workflow actually reads any of this stuff, move it all down into the generate workflow.

Also, namespace the cache.

Test Plan: Ran `bin/diviner generate --book src/docs/user.book`, saw appropriate output. Verified cache generated in a namespace in `.divinercache/`.

Reviewers: btrahan, indiefan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T988

Differential Revision: https://secure.phabricator.com/D4857
2013-02-08 10:48:30 -08:00
epriestley
6e5d8d4577 Fix documentation to require "sudo" for bin/aphlict
Summary: This script must run as root because it requires a privileged port to enable the flash cross-domain stuff. We give you a useful error message if you don't run it as root, but can be more clear in the documentation.

Test Plan: Read file

Reviewers: Afaque_Hussain, btrahan

Reviewed By: Afaque_Hussain

CC: aran

Differential Revision: https://secure.phabricator.com/D4867
2013-02-08 10:48:23 -08:00
Chad Little
51dfeb7950 pht for phriction
Summary: Scan all phriction app files for text to pht

Test Plan: Use phriction in ALL CAPS, seems reasonably usable.

Reviewers: epriestley, btrahan

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D4862
2013-02-08 09:54:27 -08:00
Afaque Hussain
9c19e9b7d8 Preserving the Animation of Gif Images
Summary: Preserving animation of GIF profile Pictures

Test Plan: Uploaded Animated images as profile pictures to check if the animation of gif images is preserved and it does :) somewhat !

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D4833
2013-02-08 09:42:28 -08:00
Chad Little
cc084822da Remove panel background in Phriction
Summary: For consistency, remove panel backgrounds on forms.

Test Plan: Reload pages

Reviewers: btrahan, epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D4863
2013-02-08 08:00:17 -08:00
Lauri-Henrik Jalonen
bed728f23e Show saved inline comments
Summary: Saved inline comments are now shown for images.

Test Plan: Verified that inline comments are loaded and shown.

Reviewers: epriestley

CC: aran, Korvin

Maniphest Tasks: T2446

Differential Revision: https://secure.phabricator.com/D4866
2013-02-08 07:40:55 -08:00
vrana
7063ee638e Pass actor to revision unsubscriber editor
Summary: I wonder how I tested this.

Test Plan: Subscribed, unsubscribed.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D4860
2013-02-07 18:19:19 -08:00
vrana
138da5a279 Kill some PhutilSafeHTML
Summary: Also couple of unrelated Ponder changes.

Test Plan: /Q5

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D4858
2013-02-07 18:01:01 -08:00
vrana
7dd19ba93f Convert AphrontFormLayoutView to safe HTML
Summary: Searched for `AphrontFormLayoutView` and then `appendChild()`.

Test Plan: /V1

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T2432

Differential Revision: https://secure.phabricator.com/D4856
2013-02-07 18:01:00 -08:00
vrana
afc5333bb3 Convert AphrontFormView to safe HTML
Summary: Searched for `AphrontFormView` and then for `appendChild()`.

Test Plan: /login/

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T2432

Differential Revision: https://secure.phabricator.com/D4855
2013-02-07 18:01:00 -08:00
vrana
85961c8eca Convert AphrontFormInsetView to safe HTML
Summary: Done by searching for `AphrontFormInsetView` and verifying all method calls.

Test Plan: /repository/edit/1/tracking/

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T2432

Differential Revision: https://secure.phabricator.com/D4845
2013-02-07 18:00:59 -08:00
vrana
059920c2da Convert AphrontErrorView to safe HTML
Summary: Done by searching for `AphrontErrorView` and then `appendChild()`.

Test Plan:
Looked at Commit Detail.
Looked at Revision Detail.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T2432

Differential Revision: https://secure.phabricator.com/D4843
2013-02-07 17:26:01 -08:00
Nick Harper
714a3cc536 Catch exception in differential
Summary:
This masks possible configuration issues and slightly degrades functionality
with the tradeoff of having differential work when phabricator isn't quite
configured correctly.

Test Plan:
remove directory for a repository, load differential revision from that repo,
and see differential load.

Reviewers: epriestley, vrana

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T2512

Differential Revision: https://secure.phabricator.com/D4859
2013-02-07 16:59:14 -08:00
Bob Trahan
275f708f14 Conpherence - make messages to btrahan@metamta.domain start conpherences
Summary: I'm not super happy with the prettiness of the code, but I wasn't able to come up with a good way to clean it up. Happy for suggestions.

Test Plan: sent message to btrahan@phabricator.dev from gmail. Copied raw email and piped it to mail_handler.php -- it created a conpherence! Repeated but sent to btrahan and xerxes and noted that the conpherence was created for both users

Reviewers: epriestley, chad

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T2431

Differential Revision: https://secure.phabricator.com/D4854
2013-02-07 15:17:11 -08:00
Chad Little
4cafbbc525 Fix IE7 and IE8 issues.
Summary: Resolves submit issues in IE7, scrollbars in IE7 and homepage layout issues in IE7 and IE8.

Test Plan: used IE7 and IE8. Logged in, bounced around. Checked Chrome as well.

Reviewers: epriestley, btrahan

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T2469, T2470

Differential Revision: https://secure.phabricator.com/D4853
2013-02-07 13:41:46 -08:00
Bob Trahan
07f72cf463 Fix conpherence name clearing bug
Summary: pre-patch, when you upload a photo if the conphernece has a name it gets cleared. Post patch this no longer happens. Patch also makes the case where you delete the conpherence name have more sensical text.

Test Plan: named a conpherence, uploaded an image, verified the name stayed the same. Deleted a conpherence name by changing the text to nothing and verified it work correctly, including having good transaction text.

Reviewers: epriestley, chad

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T2399

Differential Revision: https://secure.phabricator.com/D4852
2013-02-07 11:17:20 -08:00
Bob Trahan
56c8387403 rebuild celerity map - conpherence wasn't working.
Summary: .

Test Plan: conpherence loaded

Reviewers: epriestley, chad, vrana

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D4851
2013-02-07 10:46:08 -08:00
epriestley
5f9a063333 Use some HTTPSFuture in CampfireBot
Summary:
  - Use PhutilURI to correct for specifying "https://yourname.campfire.com/" instead of "https://yourname.campfire.com".
  - Use HTTPSFuture to get logging via `--trace` and error detection (CA stuff should be OK since 37signals has real certs).
  - On destruction, only try to leave rooms we've actually joined.

Test Plan: Setup a bot, had it join a room, talked to it.

Reviewers: indiefan

Reviewed By: indiefan

CC: aran

Differential Revision: https://secure.phabricator.com/D4849
2013-02-07 10:32:33 -08:00
epriestley
11bb8db970 Merge branch 'master' into phutil_tag
(Sync.)
2013-02-07 08:08:01 -08:00
Lauri-Henrik Jalonen
3ce3f5d368 Drafts are saved as inline comments for images when user comments mock
Summary: Drafts are saved as inline comments for images when user comments mock.

Test Plan: Verified that drafts receive transactionphid when user comments mock.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T2446

Differential Revision: https://secure.phabricator.com/D4850
2013-02-07 08:02:52 -08:00
indiefan
431e2bee6e First (rough) pass at campfire protocol adapter for bot.
Summary:
Decided the best approach for refactoring the message/command stuff would be to actually start implementing the campfire adapter to get a better idea of what the abstractions should look like. It feels awkward and unwieldy trying to maintain the irc command interface (notice the message instantiation in the `processReadBuffer()` method. However, i'm still not clear what the best approach is without requiring a re-write of nearly all the existing handlers and defining essentially a custom dsl on top of irc's.

I suppose given that alternative, implementing to irc's dsl doesn't sound all that bad. Just feels like poor coupling.

Also, I know that there is some http stuff in libphutil's futures library, but the https future is shit and I need to do some custom curlopt stuff I wasn't sure how to do with that. But if you think this should be refactored, let me know.

I tested this with the ObjectHandler (messages with DXXX initiate the bot to respond with the title/link just as with irc), but beyond that, I haven't tried any of the other handlers, so if there are complications you think i'm going to run into, just let me know (this is one of the reasons for requesting review early on).

Also, this diff is against my last one, even though that hasn't been merged down yet. It was starting to get large and I'd prefer to keep to two conversations separate.

Fixing some lint issues.

Test Plan: Ran the bot with the Object Handler in campfire and observed it behaving properly.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T2462

Differential Revision: https://secure.phabricator.com/D4830
2013-02-07 06:34:06 -08:00
epriestley
4004621d76 Make Pholio selection reticle prettier
Summary:
The selection reticle in Pholio is functional but not very pretty right now. Make it look a little nicer.

  - Using `box-sizing: border-box;` allows us to get rid of the `x - 1` and `y - 2` stuff.
  - I draw the reticle with two elements: one mostly-transparent which creates a fill, and one fully opaque to create a strong dashed border.

Test Plan: {F31803}

Reviewers: ljalonen, chad

Reviewed By: chad

CC: aran, kchr

Differential Revision: https://secure.phabricator.com/D4836
2013-02-07 06:26:36 -08:00
epriestley
5b39bbe71b Batch Conpherence access to markup cache
Summary: Bulk process markup instead of doing them one at a time. Fixes T2504.

Test Plan: Viewed service profile, saw a single call for all the cache entries.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2504

Differential Revision: https://secure.phabricator.com/D4844
2013-02-06 17:53:51 -08:00
Bob Trahan
68814d4eca add conpherence schema patch to the list so it runs
Summary: ...i tend to forget to do this for some reason. my bad.

Test Plan: NA

Reviewers: epriestley, chad

Reviewed By: chad

CC: aran, Korvin

Maniphest Tasks: T2503

Differential Revision: https://secure.phabricator.com/D4840
2013-02-06 15:28:24 -08:00
vrana
f864d9e611 Fix double escaping in phutil_tag
Summary:
I wasn't able to reproduce the "recursion detected" in real web request but I saw lots of 1073741824 refcounts in `debug_zval_dump()` of $object.
I'm not sure how that happens.

Test Plan: D4807#4

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T2432

Differential Revision: https://secure.phabricator.com/D4839
2013-02-06 15:21:05 -08:00
Bob Trahan
6a23cc1677 fix derp from rP84efcb86698a00f863dbdb4cbd4c149c96e498dc i missed 2013-02-06 14:05:11 -08:00
Bob Trahan
1cde41b994 Conpherence - add crop
Summary:
mainly, this adds the image cropper - yay!

 - also removes the file image from the handle stuff I added in V1. now we do all this crazy photo stuff.

Test Plan:
 - uploaded a photo by dragging to header and noted 120 x 80 showed up on reload
 - uploaded a photo by dragging to edit dialogue spot and noted 120 x 80 showed up on reload
 - cropped a photo - noted it cropped right
 - cropped a photo again and again and again - seems like it crops okay

Reviewers: epriestley, chad

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T2418, T2399

Differential Revision: https://secure.phabricator.com/D4790
2013-02-06 14:03:52 -08:00