1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2025-01-10 14:51:06 +01:00
Commit graph

2820 commits

Author SHA1 Message Date
vrana
ff2b58dab7 Fix MySQL column escaping
Summary:
MySQL doesn't treat `\` as escaping character in ##``##.
This isn't probably SQL injection hole because I've found no calls of this method with user input.
But better safe than sorry.

See also [[http://dev.mysql.com/doc/refman/5.1/en/server-sql-mode.html#sqlmode_no_backslash_escapes | NO_BACKSLASH_ESCAPES]].

Test Plan:
  lang=sql
  SELECT `a\`b`; -- Throws: Syntax error near '`'.
  -- Should throw: Unknown column 'a`b'.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran

Differential Revision: https://secure.phabricator.com/D2109
2012-04-05 15:11:05 -07:00
vrana
23d5d7a1a6 Delete unused CSS
Summary: Unused since D2062.

Test Plan:
View commit.
View task.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran

Differential Revision: https://secure.phabricator.com/D2108
2012-04-05 10:54:06 -07:00
vrana
d1b7059a2d Open editor from stack trace
Summary:
I've considered that user may have set editor but not checked out Phabricator repositories.
But stack trace is useful mainly for developers.

Test Plan:
Click on path in Unhandled Exception.
Repeat with disabled editor.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran

Differential Revision: https://secure.phabricator.com/D2107
2012-04-04 18:19:14 -07:00
Bob Trahan
09172a1937 Add pagers to server clients and client authorizations in OAuth Server GUI
Summary: ...also make the pager usage in ChatLog use the nice formatWhereClause functionality

Test Plan: set $page_size = 2 and paged around the data a bit

Reviewers: epriestley

Reviewed By: epriestley

CC: aran

Maniphest Tasks: T905

Differential Revision: https://secure.phabricator.com/D2106
2012-04-04 17:51:16 -07:00
epriestley
05b4c90bfd Allow Commits to be attached to Tasks using edges
Summary: Use Edges to attach Commits and Tasks. Note, no "edit attached commits" interface from tasks yet since the search backend needs a little work to list commits in a sensible way.

Test Plan: Attached commits to tasks. Looked at commits, looked at tasks.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T904

Differential Revision: https://secure.phabricator.com/D2105
2012-04-04 17:34:25 -07:00
Bob Trahan
cc586b0afa For discussion -- Stripe integration
Summary:
various stripe stuff, including

- external stripe library
- payment form
- test controller to play with payment form, sample business logic

My main questions / discussion topics are...

- is the stripe PHP library too big? (ie should I write something more simple just for phabricator?)
-- if its cool, what is the best way to include the client? (ie should I make it a submodule rather than the flat copy here?)
- is the JS I wrote (too) ridiculous?
-- particularly unhappy with the error message stuff being in JS *but* it seemed the best choice given the most juicy error messages come from the stripe JS such that the overall code complexity is lowest this way.
- how should the stripe JS be included?
-- flat copy like I did here?
-- some sort of external?
-- can we just load it off stripe servers at request time? (I like that from the "if stripe is down, stripe is down" perspective)
- wasn't sure if the date control was too silly and should just be baked into the form?
-- for some reason I feel like its good to be prepared to walk away from Stripe / switch providers here, though I think this is on the wrong side of pragmatic

Test Plan: - played around with sample client form

Reviewers: epriestley

Reviewed By: epriestley

CC: aran

Differential Revision: https://secure.phabricator.com/D2096
2012-04-04 16:09:29 -07:00
epriestley
877cb136e8 Add an assocations-like "Edges" framework
Summary:
We have a lot of cases where we store object relationships, but it's all kind of messy and custom. Some particular problems:

  - We go to great lengths to enforce order stability in Differential revisions, but the implementation is complex and inelegant.
  - Some relationships are stored on-object, so we can't pull the inverses easily. For example, Maniphest shows child tasks but not parent tasks.
  - I want to add more of these and don't want to continue building custom stuff.
  - UIs like the "attach stuff to other stuff" UI need custom branches for each object type.
  - Stuff like "allow commits to close tasks" is notrivial because of nonstandard metadata storage.

Provide an association-like "edge" framework to fix these problems. This is nearly identical to associations, with a few differences:

  - I put edge metadata in a separate table and don't load it by default, to keep edge rows small and allow large metadata if necessary. The on-edge metadata seemed to get abused a lot at Facebook.
  - I put a 'seq' column on the edges to ensure they have an explicit, stable ordering within a source and type.

This isn't actually used anywhere yet, but my first target is attaching commits to tasks for T904.

Test Plan: Made a mock page that used Editor and Query. Verified adding and removing edges, overwriting edges, writing and loading edge data, sequence number generation.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran, 20after4

Differential Revision: https://secure.phabricator.com/D2088
2012-04-04 15:30:21 -07:00
vrana
bc61f36beb Replace elseif by else if
Summary:
Mostly written by me.
Omit external libraries.

Test Plan: http://phabricator.com/docs/phabricator/article/PHP_Coding_Standards.html

Reviewers: epriestley

Reviewed By: epriestley

CC: aran

Differential Revision: https://secure.phabricator.com/D2104
2012-04-04 15:24:47 -07:00
vrana
b8cb52a9da Return $this from shortcuts
Test Plan:
Search for `>setLineWidthFromChangesets(`.
Search for `>loadAndAttachAuxiliaryAttributes(`.

Reviewers: epriestley, jungejason

Reviewed By: jungejason

CC: aran

Differential Revision: https://secure.phabricator.com/D2102
2012-04-04 15:12:20 -07:00
vrana
582fc847f2 Use assert_instances_of() in Differential
Summary: NOTE: This is not produced by a script so there might be errors. Please review carefully.

Test Plan: Browse around Differential.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran

Differential Revision: https://secure.phabricator.com/D2103
2012-04-04 15:11:30 -07:00
epriestley
01767c482d Add a datepicker control
Summary: I looooove JS! It makes me giddy with glee!

Test Plan: Picked dates. See screenshots.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Differential Revision: https://secure.phabricator.com/D2086
2012-04-04 12:14:10 -07:00
vrana
84398fc581 Allow system agents in commit message object lists
Summary:
When system agent adds a comment then he is added to CC.
When I amend and update then I get message "Commit message references nonexistent ..."

Test Plan: Update revision with system agent in CC.

Reviewers: epriestley

Reviewed By: epriestley

CC: michalburger1, aran

Differential Revision: https://secure.phabricator.com/D2100
2012-04-04 10:46:00 -07:00
vrana
6a0b25c188 Fix wrong assert_instances_of() added by D2091
Test Plan: Display revision.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran

Differential Revision: https://secure.phabricator.com/D2095
2012-04-03 19:26:05 -07:00
vrana
a309d5ba2f Replace leading double underscore in function names by single underscore
Summary:
> PHP reserves all symbols starting with __ as magical. http://php.net/userlandnaming.rules

I didn't touch third-party S3 library.

Test Plan: /

Reviewers: epriestley

Reviewed By: epriestley

CC: aran

Differential Revision: https://secure.phabricator.com/D2077
2012-04-03 18:55:52 -07:00
vrana
7dfdf63948 Fix Jump to HEAD link
Test Plan:
Jump to head.
Go to doctor.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran

Differential Revision: https://secure.phabricator.com/D2097
2012-04-03 18:39:58 -07:00
vrana
6f855c8b52 Don't show current revision in dependencies
Test Plan: Edit Dependencies, don't see current revision.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran

Differential Revision: https://secure.phabricator.com/D2098
2012-04-03 18:39:34 -07:00
vrana
c241f50d77 Use assert_instances_of() in Diffusion
Summary: NOTE: This is not produced by a script so there might be errors. Please review carefully.

Test Plan: Browse around Diffusion.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran

Differential Revision: https://secure.phabricator.com/D2094
2012-04-03 16:31:10 -07:00
mkedia
591d50008f Allow projects to own packages
Summary:
- The UI is pretty straightforward, since Handle just works (tm)
- Added two methods to the owners object to handle the new layer of
  indirection. Then ran git grep PhabricatorOwnersOwner and changed
  callsites as appropriate.

Sending this to get a round of feedback before I test the non-trivial
changes in this diff.

Test Plan:
- owners tool: edit, view, list for basic functionality.
- phlog for the two new methods I added

Reviewers: epriestley, blair, jungejason

CC: aran

Differential Revision: https://secure.phabricator.com/D2079
2012-04-03 16:20:07 -07:00
vrana
8813c7be0e Use assert_instances_of() everywhere but Differential and Diffusion
Summary: NOTE: This is not produced by a script so there might be errors. Please review carefully.

Test Plan: Browse around.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran

Differential Revision: https://secure.phabricator.com/D2091
2012-04-03 14:53:20 -07:00
vrana
5623abecbf Don't set NULL values in array returned from loadObjects()
Summary: Delete some dead code in Feed along the way.

Test Plan:
/feed/
/search/

Reviewers: epriestley

Reviewed By: epriestley

CC: aran

Differential Revision: https://secure.phabricator.com/D2092
2012-04-03 14:46:39 -07:00
epriestley
9fc54f4dfb Minor, fix Diffusion home for untracked repositories. 2012-04-03 13:54:10 -07:00
vrana
5885764728 Allow IPv6
Test Plan:
/people/logs/
Search for `2620:0:1cfe:`.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, jungejason

Differential Revision: https://secure.phabricator.com/D2089
2012-04-03 11:36:50 -07:00
vrana
67e10e60f2 Return $this from setters
Summary:
Most setters returns `$this` but some don't.
I guess it's not by purpose.

Test Plan:
  arc lint

Reviewers: epriestley

Reviewed By: epriestley

CC: aran

Differential Revision: https://secure.phabricator.com/D2085
2012-04-02 18:48:37 -07:00
vrana
021c1b5a05 Display object shortcuts in search results
Summary: Search for D1234 currently finds everything but revision 1234.

Test Plan:
Search for:

- rX
- rX1234 under SVN
- rXabcd under GIT
- D1234
- T4

Reviewers: epriestley

Reviewed By: epriestley

CC: aran

Differential Revision: https://secure.phabricator.com/D2081
2012-04-02 18:39:09 -07:00
mkedia
be3c179561 Add some core phid functions
Summary: As title

Test Plan: hit diffcamp, owners to test HandleData

Reviewers: epriestley, btrahan

CC: aran

Differential Revision: https://secure.phabricator.com/D2063
2012-04-02 16:56:49 -07:00
vrana
5ee1341b97 Be able to search for Differential and other short strings
Summary:
I wanted to search for D1234 in texts of other documents.
But search tool always redirects me.

I've left the redirect behavior for simple search forms (header and home) and removed it from full search form.

I don't consider this complete because the first result in search for D1234 should be of course D1234 which is not the case currently.
I am not sure how to solve it:

- We can display a special result in this case.
- We can index the documents so that they will be searchable also for short strings.

I tend to use the first solution because revisions can be truncated at arbitrary length (rX1f1f1f should display revision rX1f1f1f1f1f1f1f).

Test Plan: Search for D1234, rX123, T4.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, epriestley, ddfisher

Differential Revision: https://secure.phabricator.com/D1905
2012-04-02 16:13:53 -07:00
John-Ashton Allen
44e3b6883b Changed MetaMta Body Parser to handle HTC mail application correctly
Summary: Added a regex to remove the text

Test Plan: Tested a few messages, from mail application them gmail, both seemed fine, will add unit tests

Reviewers: epriestley

Reviewed By: epriestley

CC: aran

Differential Revision: https://secure.phabricator.com/D2078
2012-04-02 15:21:54 -07:00
epriestley
687e5c0962 Improve homepage buttons for new users
Summary:
Show application names, then a human-readable description of what they're for.

Eventually we'll have better help / tutorial / onboarding / etc systems too.

Test Plan: See screenshot.

Reviewers: btrahan, mgummelt

Reviewed By: btrahan

CC: aran, davidreuss

Differential Revision: https://secure.phabricator.com/D2075
2012-04-02 15:21:02 -07:00
vrana
778b6bb483 Support operators in highlighting search results
Summary: Supports ", +, |, * and -.

Test Plan:
Search for `"Quoted search"`.
Search for `Phabric*`.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran

Differential Revision: https://secure.phabricator.com/D2076
2012-04-02 13:54:20 -07:00
epriestley
ffb074424d Quick fix, unbreak Herald. Proper fix should not go down this path.
Auditors: btrahan, makinde
2012-04-02 13:11:02 -07:00
vrana
b023480277 Display day of week in dates
Summary:
I've found it quite useful to know day of week of most displayed dates.
This is useful in periodic workflows (e.g. cut on Sunday, push on Tuesday).

It adds the day only to recent dates to save some space (similar approach as `ls -l`).

Test Plan: /

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, epriestley

Maniphest Tasks: T1034

Differential Revision: https://secure.phabricator.com/D1984
2012-04-02 12:28:46 -07:00
epriestley
b028920a5e Minor, subpriority default previously reverse ordered eveything
Auditors: btrahan
2012-04-02 12:26:50 -07:00
epriestley
dfb17b9c9c Minor, address feedback from D1731.
Auditors: btrahan
2012-04-02 12:14:26 -07:00
epriestley
e7853e4801 Allow tasks to be subprioritized by drag-and-drop
Summary:
Like the title says, similar to Facebook Tasks.

Not sure how I really feel about this, but I guess it's kind of OK? I never used
this feature in Facebook Tasks but I think some people like it.

The drag-and-drop to repri across priorities feels okayish.

Because subpriority is a double and we just split the difference when
reprioritizing, you lose ~a bit of precision every time you repri two tasks
against each other and so you can break it by swapping the priorities of two
tasks ~50 times. This case is pretty silly and pathological. We can add some
code to deal with this at some point if necessary.

I think this also fixes the whacky task layout widths once and for all.

(There are a couple of minor UI glitches like headers not vanishing and header
counts not updating that I'm not fixing because I am lazy.)

Test Plan: Dragged and dropped tasks around.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran, epriestley, mgummelt

Maniphest Tasks: T859

Differential Revision: https://secure.phabricator.com/D1731
2012-04-02 12:12:04 -07:00
epriestley
84c40a732e Minor, don't minify raphael.js since it doesn't survive it
Auditors: btrahan
2012-04-02 12:09:04 -07:00
vrana
c580775d58 Respect view mode on deleted path in Diffusion
Test Plan: /diffusion/X/browse/deleted?view=blame

Reviewers: epriestley

Reviewed By: epriestley

CC: aran

Differential Revision: https://secure.phabricator.com/D2074
2012-04-02 11:16:46 -07:00
epriestley
f49f1eaa5c Improve display of long project names in task list UI
Summary:
  - Shorten long project names.
  - Prevent wrapping.
  - Fix a double-escaping issue.

Test Plan: See screenshots below.

Reviewers: btrahan, 20after4

Reviewed By: btrahan

CC: aran

Differential Revision: https://secure.phabricator.com/D2073
2012-04-02 11:16:05 -07:00
epriestley
eeec726ded Remove all current Authors / Reviewers from "CCWelcome" mail
Summary:
We'll incorrectly send CCWelcome mail to users who would be added as CCs but are blocked by the new "$dont_add" stuff, for
example when a revision is updated and the user has a Herald rule which triggers them getting CC'd. See D2057.

Potentially a better fix for this would be to have "addCCs" return a list of the CCs it actually added, rather than duplicating the
logic of removing CCs in two places. However, that's not trivial since it's just a wrapper around alterRelationships() which is nasty
and would need a more complicated return type. I think this whole thing will get a refactoring pass at some point -- I want to build a
more generic "associations"-like datastore and replace some of the ad-hoc associations with it. So maybe I can clean it up when that
happens. For now, this should fix the immediate problem.

Test Plan: Updated a revision, didn't get CC welcomed.

Reviewers: vrana, btrahan

Reviewed By: vrana

CC: aran

Differential Revision: https://secure.phabricator.com/D2072
2012-04-02 10:41:03 -07:00
epriestley
49a0b3fab0 Show projects on Maniphest tasks
Summary:
  - Remove the "Priority" column, since this is indicated by the color swatch, to save space.
  - Reduce the "Updated" column from datetime to date only, since time isn't incredibly useful, to save space.
  - Show the first two projects a task is associated with, and "..." if there are more.
  - Show "None" (for "no owner") in a lighter color.

Test Plan: Looked at tasks on homepage and in Maniphest.

Reviewers: btrahan, 20after4

Reviewed By: btrahan

CC: aran, edward

Maniphest Tasks: T967

Differential Revision: https://secure.phabricator.com/D2065
2012-04-02 10:27:31 -07:00
vrana
c7b0daadb8 Remove duplicate code in image transform
Test Plan: /file/xform/thumb-160x120/ of JPG image

Reviewers: epriestley

Reviewed By: epriestley

CC: aran

Differential Revision: https://secure.phabricator.com/D2071
2012-04-02 10:14:31 -07:00
Hua Wang
01cbe72d9f Improve copy/paste from Diviner, in Phabricator
Summary: Change CSS style name from code to pre.  This depends on D2067.

Test Plan: Viewed the html from Firefox

Reviewers: epriestley

Reviewed By: epriestley

CC: jungejason, aran

Maniphest Tasks: T207

Differential Revision: https://secure.phabricator.com/D2068
2012-04-02 07:56:22 -07:00
Edward Speyer
c15d8d4d23 Relative date helper, for 'today' and 'yesterday'
Summary:
Format a date as 'today', 'yesterday', or 'Mar 27 2012'.  Optionally,
the final example can be rendered 'on Mar 27 2012' for things like:

  $excuse =
    'I fell out of a window '.
    phabricator_on_rel_date($time, $me);

Test Plan: Tested in my sandbox!!!!

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, epriestley

Differential Revision: https://secure.phabricator.com/D2035
2012-03-30 22:15:40 -07:00
vrana
99704ed485 Support operators in Phabricator search
Summary:
Boolean search supports operators, such as phrase search.
It can be further improved by setting [[http://dev.mysql.com/doc/mysql/en/server-system-variables.html#sysvar_ft_boolean_syntax | ft_boolean_syntax]] to `' |-><()~*:""&^'` (note the leading space):
Default value uses no operator for "optional word" and `+` for "mandatory word".
This value uses no operator for "mandatory word" and `|` for "optional word".

Test Plan: Search for "Enter the name" (with quotes).

Reviewers: epriestley

Reviewed By: epriestley

CC: aran

Differential Revision: https://secure.phabricator.com/D2064
2012-03-30 17:46:13 -07:00
Jason Ge
4aef876138 Add script to delete revisions without diff
Summary: detect all revisions that don't have a diff, then delete them.

Test Plan:
we have been using this script for several months in
Facebook and it's working well.

Reviewers: epriestley, nh, btrahan

Reviewed By: epriestley

CC: aran, epriestley

Maniphest Tasks: T605

Differential Revision: https://secure.phabricator.com/D2061
2012-03-30 14:14:38 -07:00
epriestley
25ffde6c5f Update Herald docs
Summary:
Update the Herald documentation with information about global vs personal rules.

NOTE: Some of the features mentioned here don't exist yet (flags, delete rules), I'll add them before I land this.

Test Plan: Read documentation

Reviewers: jungejason, btrahan

Reviewed By: btrahan

CC: aran, epriestley

Differential Revision: https://secure.phabricator.com/D2031
2012-03-30 14:13:30 -07:00
epriestley
5945546440 Unify Differential/Maniphest/Diffusion styles and allow commits to be flagged explicitly
Summary:
  - Differential, Maniphest and Diffusion use slightly different styles for the object detail panels.
  - Instead, use the same styles and CSS.
  - Add object actions to Diffusion, including "Flag".

Test Plan: Looked at revisions, tasks and commit. Flagged and unflagged commits.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran, epriestley

Maniphest Tasks: T1041

Differential Revision: https://secure.phabricator.com/D2062
2012-03-30 14:12:10 -07:00
epriestley
fcec4c368c Allow users to add flags via Herald rules
Summary: Add "Mark with flag" rules to Herald.

Test Plan: Created / edited a "Mark with flag" rule. Parsed revisions / commits, got flags added.

Reviewers: btrahan, jungejason

Reviewed By: btrahan

CC: aran, epriestley, vrana

Maniphest Tasks: T1041

Differential Revision: https://secure.phabricator.com/D2060
2012-03-30 13:51:54 -07:00
20after4
75e89c0c78 Amended D2009 based on feedback from @epriestley.
Test Plan:
Try out https://secure.phabricator.com/maniphest/view/projectall/?g=j  with tasks assigned to just one project,
          and also with tasks assigned to more than one project.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, epriestley

Differential Revision: https://secure.phabricator.com/D2012
2012-03-30 10:56:01 -07:00
epriestley
83d6bbeb29 Minor, jumped the gun on review feedback in D2040.
Auditors: btrahan
2012-03-30 10:50:38 -07:00
epriestley
698ec68327 General Herald refactoring pass
Summary:
**Who can delete global rules?**: I discussed this with @jungejason. The current behavior is that the rule author or any administrator can delete a global rule, but this
isn't consistent with who can edit a rule (anyone) and doesn't really make much sense (it's an artifact of the global/personal split). I proposed that anyone can delete a
rule but we don't actually delete them, and log the deletion. However, when it came time to actually write the code for this I backed off a bit and continued actually
deleting the rules -- I think this does a reasonable job of balancing accountability with complexity. So the new impelmentation is:

  - Personal rules can be deleted only by their owners.
  - Global rules can be deleted by any user.
  - All deletes are logged.
  - Logs are more detailed.
  - All logged actions can be viewed in aggregate.

**Minor Cleanup**

  - Merged `HomeController` and `AllController`.
  - Moved most queries to Query classes.
  - Use AphrontFormSelectControl::renderSelectTag() where appropriate (this is a fairly recent addition).
  - Use an AphrontErrorView to render the dry run notice (this didn't exist when I ported).
  - Reenable some transaction code (this works again now).
  - Removed the ability for admins to change rule authors (this was a little buggy, messy, and doesn't make tons of sense after the personal/global rule split).
  - Rules which depend on other rules now display the right options (all global rules, all your personal rules for personal rules).
  - Fix a bug in AphrontTableView where the "no data" cell would be rendered too wide if some columns are not visible.
  - Allow selectFilter() in AphrontNavFilterView to be called without a 'default' argument.

Test Plan:
  - Browsed, created, edited, deleted personal and gules.
  - Verified generated logs.
  - Did some dry runs.
  - Verified transcript list and transcript details.
  - Created/edited all/any rules; created/edited once/every time rules.
  - Filtered admin views by users.

Reviewers: jungejason, btrahan

Reviewed By: btrahan

CC: aran, epriestley

Differential Revision: https://secure.phabricator.com/D2040
2012-03-30 10:49:55 -07:00