1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-16 03:42:41 +01:00
Commit graph

297 commits

Author SHA1 Message Date
Chad Little
e4806631a5 Use PHUIDocumentProView in Phame
Summary: Updates "View Post" to use PHUIDocumentViewPro, updates calls to `newPage` and other minor modernizations. Edit Page updated to show proper document display as well. Ref T9545

Test Plan:
Write a blog post, edit it.

{F945897}

{F945896}

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Maniphest Tasks: T9545

Differential Revision: https://secure.phabricator.com/D14415
2015-11-05 12:14:45 -08:00
Joshua Spence
495cb7a2e0 Mark PhabricatorPHIDType::getPHIDTypeApplicationClass() as abstract
Summary: Fixes T9625. As explained in a `TODO` comment, seems reasonable enough.

Test Plan: Unit tests.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: Korvin, hach-que

Maniphest Tasks: T9625

Differential Revision: https://secure.phabricator.com/D14068
2015-11-03 06:47:12 +11:00
Chad Little
be9cc235b2 Add Application Routes to Phame AppSearch queries
Summary: Fixes T9388, lays in basic ApplicationSearch.

Test Plan: Build a dashboard with Posts and Blogs, click on search icon, get sent to correct page.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Maniphest Tasks: T9388

Differential Revision: https://secure.phabricator.com/D14146
2015-09-23 12:48:19 -07:00
epriestley
bcc5e55af2 Push construction of routing maps into Sites
Summary:
This enables CORGI.

Currently, `AphrontSite` subclasses can't really have their own routes. They can do this sort of hacky rewriting of paths, but that's a mess and not desirable in the long run.

Instead, let subclasses build their own routing maps. This will let CORP and ORG have their own routing maps.

I was able to get rid of the `PhameBlogResourcesSite` since it can really just share the standard resources site.

Test Plan:
  - With no base URI set, and a base URI set, loaded main page and resources (from main site).
  - With file domain set, loaded resources from main site and file site.
  - Loaded a skinned blog from a domain.
  - Loaded a skinned blog from the main site.
  - Viewed "Request" tab of DarkConsole to see site/controller info.

Reviewers: chad

Reviewed By: chad

Differential Revision: https://secure.phabricator.com/D14008
2015-08-31 04:01:01 -07:00
Joshua Spence
79f2e81f38 Various linter fixes
Summary: Self-explanatory.

Test Plan: Eyeball it.

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: Korvin

Differential Revision: https://secure.phabricator.com/D13808
2015-08-08 10:19:45 +10:00
Chad Little
082ef68d85 Clean up Phame a little
Summary: Remove redundent UI, use standard components, remove unused CSS.

Test Plan: Use Phame

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D13755
2015-07-29 17:03:13 -07:00
Chad Little
1643685e72 Modernize Phame process handlers
Summary: Converts Phame to use handleRequest where appropriate.

Test Plan: Write some blog posts, publish, edit, view.

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T8628

Differential Revision: https://secure.phabricator.com/D13677
2015-07-22 13:32:25 -07:00
Chad Little
22740f1752 PhameBlogSearchEngine
Summary: Modernize PhameBlogQuery, create a skeleton Search Engine.

Test Plan: Built a dashboard for testing, verify view pages still work.

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T6269

Differential Revision: https://secure.phabricator.com/D13670
2015-07-22 13:31:47 -07:00
Chad Little
602bc4e2fd PhamePostSearchEngine
Summary: A very basic search engine for Phame Posts

Test Plan: Built a dashboard to test various queries. Saw posts.

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T6269

Differential Revision: https://secure.phabricator.com/D13671
2015-07-22 07:30:52 -07:00
Chad Little
690463b037 Add Projects to Phame Blog and Phame Post
Summary: Allows setting of Projects to Blogs and Posts.

Test Plan: Set a Project on a post and a blog, see on view page.

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D13669
2015-07-22 07:08:00 -07:00
Chad Little
a8cf612fe0 Make Phame Blogs and Posts Flaggable
Summary: Will attempt at modernizing Phame in smaller pieces. First up, flagging.

Test Plan: Flag a Post, Flag a Blog

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D13668
2015-07-22 07:04:21 -07:00
Chad Little
1985ef390b Add Subscribers to Phame Posts and Blogs
Summary: Makes it possible to subscribe to blogs and posts

Test Plan: Verify I can subscribe to blogs and posts.

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D13672
2015-07-22 07:00:36 -07:00
Chad Little
997ba9ddc5 [Redesign] Update Phame UI
Summary: Ref T8099, Updates Phame to be more ObjectBox-y

Test Plan: Review Phame in random ways

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T8099

Differential Revision: https://secure.phabricator.com/D13520
2015-07-01 16:06:47 -07:00
epriestley
262be61ee5 Merge branch 'master' into redesign-2015 2015-06-29 14:07:58 -07:00
epriestley
6b7183a762 Modularize Aphront "sites"
Summary:
Fixes T5702. The path here is long and windy:

  - I want to move `blog.phacility.com` to the new `secure` host.
  - That host has `security.require-https` set, which I want to keep set (before, this was handled in a sort of hacky way at the nginx/preamble level, but I've cleaned up everything else now).
  - Currently, that setting forces blogs to HTTPS too, which won't work.
  - To let blogs be individually configurable, we need to either modularize site config or make things hackier.
  - Modularize rather than increasing hackiness.
  - Also add a little "modules" panel in Config. See T6859. This feels like a reasonable middle ground between putting this stuff in Applications and burying it in `bin/somewhere`.

Test Plan:
  - Visited normal site.
  - Visited phame on-domain site.
  - Visited phame off-domain site.
  - Viewed static resources.

{F561897}

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T5702

Differential Revision: https://secure.phabricator.com/D13474
2015-06-29 14:04:48 -07:00
epriestley
53ef057b1b Merge branch 'master' into redesign-2015 2015-06-15 08:06:23 -07:00
Joshua Spence
b6d745b666 Extend from Phobject
Summary: All classes should extend from some other class. See D13275 for some explanation.

Test Plan: `arc unit`

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D13283
2015-06-15 18:02:27 +10:00
epriestley
57b898af9a Merge branch 'master' into redesign-2015 2015-06-10 07:44:58 -07:00
Joshua Spence
f47e69c015 Mark some strings for translation
Summary: Add some more `pht`izations.

Test Plan: Eyeball it.

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: hach-que, Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D13200
2015-06-09 23:06:52 +10:00
epriestley
6dede2e2c5 Make PhameBlog implement PhabricatorApplicationTransactionInterface
Summary: Ref T6367.

Test Plan: Static correctness.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T6367

Differential Revision: https://secure.phabricator.com/D13143
2015-06-03 18:59:42 -07:00
Chad Little
e4788df9a5 [Redesign] PHUIPagerView
Summary: Ref T8099, Moves AphrontPagerView to PHUIPagerView, converts to standard PHUIButtons and adds some additional features for icon placement on buttons.

Test Plan: Tested Advanced Search and Searching files in Diffusion. Works as expected.

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T8342, T8099

Differential Revision: https://secure.phabricator.com/D13092
2015-06-02 14:34:04 -07:00
Joshua Spence
bf81fda036 Linter fixes
Summary: Apply various minor linter fixes.

Test Plan: `arc lint`

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D13109
2015-06-02 22:14:01 +10:00
Joshua Spence
36e2d02d6e phtize all the things
Summary: `pht`ize a whole bunch of strings in rP.

Test Plan: Intense eyeballing.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: hach-que, Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D12797
2015-05-22 21:16:39 +10:00
Bob Trahan
81a475d5a6 Transactions - make implementing TYPE_XXXX_POLICY transactions optional
Summary: Ref T6403. This was actually simple stuff.

Test Plan: changed the edit policy of a paste. changed the edit and join policy of a phame blog.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T6403

Differential Revision: https://secure.phabricator.com/D12933
2015-05-19 12:58:18 -07:00
Bob Trahan
16c8d44c37 Transactions - make customization of TYPE_EDGE optional
Summary: Ref T6403. This does TYPE_EDGE since I just had to deal with T8252. Look like this fixes a few editors (maybe) that would have had fatals with mentions like slowvote and ponder.

Test Plan: made a phame post mentioning a task and it worked! joined / left a project, watched / unwatched a project and that worked! blind faith for other sites.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T6403

Differential Revision: https://secure.phabricator.com/D12929
2015-05-19 11:26:53 -07:00
Bob Trahan
8ff7222d0e Phame - add edge transaction implementations.
Summary: Fixes T8252. See T6403 for longer term fix.

Test Plan: made a post with a task mention in it and it worked

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T8252

Differential Revision: https://secure.phabricator.com/D12926
2015-05-19 10:46:28 -07:00
Bob Trahan
b6733e4a86 Phame - move over post creation and edit to use an editor
Summary: This adds the bare minimum transaction set for editing posts. Fixes T7626 because now files will be correctly attached to phame posts on subsequent edits. Future work here should be adding transaction types like `TYPE_BLOG` for when posts are moved between blogs, `TYPE_VISIBILITY` for when posts are moved to published, etc. Nothing too tricky there but keeping this diff relatively small seems prudent.

Test Plan: made posts successfully. also made errors like no title, no phame title, and duplicate phame title and got correct errors. added a file to a post and verified file has phame post in "attached" tab, which should fix T7626.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T7626

Differential Revision: https://secure.phabricator.com/D12864
2015-05-15 13:07:45 -07:00
Bob Trahan
f16dda288d Phame - move over blog create + edit to transactions + editor
Summary: Ref T7626. Modernizes the code a bit here so we can eventually make progress on T7626 and other stuff.

Test Plan: made a blog, edited a blog, made errors - stuff looked good

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T7626

Differential Revision: https://secure.phabricator.com/D12849
2015-05-14 17:05:58 -07:00
Bob Trahan
7bfbc46a63 Quicksand - add phame live URLs to quicksand blacklist
Summary: Fixes T8160. AFAIK this is the only route pattern that needs blacklisting. Double checked that the resource controller is good to go; it is because its a celerity resource controller descendant and returns data differently than normal controllers

Test Plan: Clicked "view live" on a block. Read a few posts. Clicked into a post and read it. Clicked an image and it linked to the image.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T8160

Differential Revision: https://secure.phabricator.com/D12817
2015-05-12 14:44:47 -07:00
Joshua Spence
70c8649142 Use phutil_json_decode instead of json_decode
Summary: Generally, `phutil_json_decode` should be preferred over `json_decode`.

Test Plan: Eyellballed.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D12680
2015-05-05 20:48:55 +10:00
epriestley
f5580c7a08 Make buildWhereClause() a method of AphrontCursorPagedPolicyAwareQuery
Summary:
Ref T4100. Ref T5595.

To support a unified "Projects:" query across all applications, a future diff is going to add a set of "Edge Logic" capabilities to `PolicyAwareQuery` which write the required SELECT, JOIN, WHERE, HAVING and GROUP clauses for you.

With the addition of "Edge Logic", we'll have three systems which may need to build components of query claues: ordering/paging, customfields/applicationsearch, and edge logic.

For most clauses, queries don't currently call into the parent explicitly to get default components. I want to move more query construction logic up the class tree so it can be shared.

For most methods, this isn't a problem, but many subclasses define a `buildWhereClause()`. Make all such definitions protected and consistent.

This causes no behavioral changes.

Test Plan: Ran `arc unit --everything`, which does a pretty through job of verifying this statically.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: yelirekim, hach-que, epriestley

Maniphest Tasks: T4100, T5595

Differential Revision: https://secure.phabricator.com/D12453
2015-04-20 10:06:09 -07:00
epriestley
156b156e77 Give Conduit params/return/errors protected visibility
Summary:
Ref T7803. Ref T5873. I want to drive Conduit through more shared infrastructure, but can't currently add parameters automatically.

Put a `getX()` around the `defineX()` methods so the parent can provide default behaviors.

Also like 60% of methods don't define any special error types; don't require them to implement this method. I want to move away from this in general.

Test Plan:
  - Ran `arc unit --everything`.
  - Called `conduit.query`.
  - Browsed Conduit UI.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: hach-que, epriestley

Maniphest Tasks: T5873, T7803

Differential Revision: https://secure.phabricator.com/D12380
2015-04-13 11:58:35 -07:00
epriestley
c169199e64 Allow applications to have multiple "help" menu items
Summary:
Ref T7199. Convert the single help menu item into a dropdown and allow applications to list multiple items there.

When an application has mail command objects, link them in the menu.

Test Plan:
{F355925}

{F355926}

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T7199

Differential Revision: https://secure.phabricator.com/D12244
2015-04-01 11:51:48 -07:00
epriestley
64dddc76c5 Remove Controller->getHandle() and Controller->loadHandles()
Summary: Ref T7689. Modernize all callsites of these methods.

Test Plan:
- Poked at dashboards.
  - Pretty sure this code is technically unreachable right now.
- Viewed commit; viewed "Audit Status".
- Viewed a fund; viewed "Payable to"; viewed "Owner".
- Viewed herald rules; viewed "Author"; viewed "Applies To".
- Viewed a Legalpad document; viewed "Contributors".
- Viewed Phame post list; viewed blog; viewed post (viewed "Blog", viewed "Blogger").
- Viewed a macro; viewed "Audio".
- Viewed a Phriction page; viewed "Last Author".
- Viewed a Ponder question; viewed "Author".
- Viewed a Ponder answer; viewed header.
  - Behavior changed very slightly here; whatevs.
- Viewed a Countdown; viewed "Author".

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T7689

Differential Revision: https://secure.phabricator.com/D12210
2015-03-31 05:48:20 -07:00
Chad Little
c038c643f4 Move PHUIErrorView to PHUIInfoView
Summary: Since this element isn't strictly about errors, re-label as info view instead.

Test Plan: Grepped for all callsites, tested UIExamples and a few other random pages.

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: hach-que, Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D11867
2015-03-01 14:45:56 -08:00
Chad Little
ae7dc8b9d2 Add getGroup to ConfigOptions
Summary: Adds core and apps grouping to configuration options, makes it somewhat easier to browse config options.

Test Plan: Set each option, review list. Breakdown is nearly 50/50 apps/core.

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D11722
2015-02-09 13:10:56 -08:00
Chad Little
99292c5c6a Use icons with Config Options page
Summary: This sets an icon for each config, makes it easier to scan.

Test Plan:
Reload Config page, see all new icons

{F281089}

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D11619
2015-02-02 10:17:25 -08:00
Chad Little
3da38c74da PHUIErrorView
Summary: Clean up the error view styling.

Test Plan:
Tested as many as I could find, built additional tests in UIExamples

{F280452}

{F280453}

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: hach-que, Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D11605
2015-02-01 20:14:56 -08:00
Chad Little
8b06804394 Remove getIconName from all applications
Summary: Not used anymore

Test Plan: grep for 'getIconName'

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: hach-que, Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D11582
2015-01-30 12:11:21 -08:00
Chad Little
170dc15c05 Make border conditional in crumbs
Summary: Add a setBorder call to CrumbsView to be more deliberate when a border is drawn. Could not find any CSS hacks to set it conditionally CSS.

Test Plan: Browsed every application that called crumbs and make a design decision. Also fixed a few bad layouts.

Reviewers: btrahan, epriestley

Reviewed By: btrahan

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D11533
2015-01-28 09:33:49 -08:00
Chad Little
6018ef91b8 Remove 1x AppIcons, use FontIcons instead
Summary: Removes the 1x application icons, and uses the fonticons instead. Feed was only known location.

Test Plan:
feed, dashboards, grep for use

{F275636}

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: hach-que, Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D11496
2015-01-25 14:14:41 -08:00
Chad Little
5d8bb61dde Add FontIcon bridge to AppIcons
Summary: Select a similar or better FontAwesome icon to represent each application

Test Plan: Visual inspection

Reviewers: epriestley, btrahan

Subscribers: hach-que, Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D11489
2015-01-24 23:43:01 -08:00
Joshua Spence
c2ac63e9ad Increase visibility of PhabricatorController::buildApplicationMenu methods
Summary: Ref T6822. This method needs to be `public` because it is called from `PhabricatorApplicationSearchController::buildApplicationMenu()`.

Test Plan: I wouldn't expect //increasing// method visibility to break anything.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T6822

Differential Revision: https://secure.phabricator.com/D11416
2015-01-16 07:41:26 +11:00
Joshua Spence
d6b882a804 Fix visiblity of LiskDAO::getConfiguration()
Summary: Ref T6822.

Test Plan: `grep`

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: hach-que, Korvin, epriestley

Maniphest Tasks: T6822

Differential Revision: https://secure.phabricator.com/D11370
2015-01-14 06:54:13 +11:00
Chad Little
790d250967 Move ActionList mobile links to better location
Summary: Ref T5752, moves mobile action menus to the object box instead of crumbs.

Test Plan: View action menus at tablet, desktop, and mobile break points. Verify clicking buttons works as expected opening menu.

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T5752

Differential Revision: https://secure.phabricator.com/D11340
2015-01-12 07:24:35 -08:00
Joshua Spence
e7f8e79742 Fix method visibility for PhabricatorController subclasses
Summary: Ref T6822.

Test Plan: Visual inspection. These methods are only called from within `PhabricatorController` subclasses.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T6822

Differential Revision: https://secure.phabricator.com/D11241
2015-01-07 07:34:59 +11:00
Bob Trahan
384b670709 Fix string truncation calls all over the codebase.
Summary: Fixes T6608, though I'll also clean up the comment for PhutilStringTruncator in another diff. If I understand correctly, before T1191, MySQL column length was by character count and post T1191 its by byte count. Ergo, most of these changes are going from codepoint -> bytes. See test plan for complete list of what was and was not done.

Test Plan:
Thought very carefully about each callsite and made changes as appropos. "Display" means the string is clearly used for display-only purposes and correctly uses "glyph" already.

grep -rn PhutilUTF8StringTruncator *

applications/calendar/query/PhabricatorCalendarEventSearchEngine.php:217:        ->addAttribute(id(new PhutilUTF8StringTruncator())  -- display
applications/chatlog/controller/PhabricatorChatLogChannelLogController.php:111:      $author = id(new PhutilUTF8StringTruncator())  -- display
applications/conduit/method/ConduitConnectConduitAPIMethod.php:62:    $client_description = id(new PhutilUTF8StringTruncator()) -- was codepoint, changed to bytes
applications/conpherence/view/ConpherenceFileWidgetView.php:22:        ->setFileName(id(new PhutilUTF8StringTruncator()) -- display
applications/differential/controller/DifferentialDiffViewController.php:65:            id(new PhutilUTF8StringTruncator()) -- display
applications/differential/event/DifferentialHovercardEventListener.php:69:        id(new PhutilUTF8StringTruncator()) -- display
applications/differential/parser/DifferentialCommitMessageParser.php:144:      $short = id(new PhutilUTF8StringTruncator()) -- was glyphs, made to bytes
applications/differential/view/DifferentialLocalCommitsView.php:80:      $summary = id(new PhutilUTF8StringTruncator()) -- display
applications/diffusion/controller/DiffusionBrowseFileController.php:686:            id(new PhutilUTF8StringTruncator()) -- display
applications/feed/story/PhabricatorFeedStory.php:392:      $text = id(new PhutilUTF8StringTruncator()) -- display, unless people are saving the results of renderSummary() somewhere...
applications/harbormaster/storage/build/HarbormasterBuild.php:216:    $log_source = id(new PhutilUTF8StringTruncator()) -- was codepoints now bytes
applications/herald/storage/transcript/HeraldObjectTranscript.php:55:        // NOTE: PhutilUTF8StringTruncator has huge runtime for giant strings. -- not applicable
applications/maniphest/export/ManiphestExcelDefaultFormat.php:107:        id(new PhutilUTF8StringTruncator()) -- bytes
applications/metamta/storage/PhabricatorMetaMTAMail.php:587:        $body = id(new PhutilUTF8StringTruncator()) -- bytes
applications/people/event/PhabricatorPeopleHovercardEventListener.php:62:        id(new PhutilUTF8StringTruncator()) -- display
applications/phame/conduit/PhameCreatePostConduitAPIMethod.php:93:      id(new PhutilUTF8StringTruncator()) -- was codepoints, now bytes
applications/pholio/storage/PholioTransaction.php:300:        id(new PhutilUTF8StringTruncator()) -- display
applications/phortune/provider/PhortuneBalancedPaymentProvider.php:147:    $charge_as = id(new PhutilUTF8StringTruncator()) -- bytes
applications/ponder/storage/PonderAnswerTransaction.php:86:          id(new PhutilUTF8StringTruncator()) -- display
applications/ponder/storage/PonderQuestionTransaction.php:267:            id(new PhutilUTF8StringTruncator()) -- display
applications/ponder/storage/PonderQuestionTransaction.php:276:            id(new PhutilUTF8StringTruncator()) -- display
applications/repository/storage/PhabricatorRepositoryCommitData.php:43:    $summary = id(new PhutilUTF8StringTruncator()) -- was codepoints, now bytes
applications/repository/worker/commitmessageparser/PhabricatorRepositoryCommitMessageParserWorker.php:20:    $data->setAuthorName(id(new PhutilUTF8StringTruncator()) -- was codepoints, now bytes
applications/slowvote/query/PhabricatorSlowvoteSearchEngine.php:158:        $item->addAttribute(id(new PhutilUTF8StringTruncator()) -- display
infrastructure/daemon/workers/query/PhabricatorWorkerLeaseQuery.php:317:    $host = id(new PhutilUTF8StringTruncator()) -- bytes
view/form/control/AphrontFormPolicyControl.php:61:      $policy_short_name = id(new PhutilUTF8StringTruncator()) -- glyphs, probably display only

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T6608

Differential Revision: https://secure.phabricator.com/D11219
2015-01-05 11:14:54 -08:00
Joshua Spence
8dee37a132 Fix some linter violations
Summary: Self-explanatory.

Test Plan: `arc lint`

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D11142
2015-01-03 09:11:41 +11:00
epriestley
2037979142 Prevent Phame blogs from using invalid skins
Summary: Via HackerOne. An attacker with access to both Phame and the filesystem could potentially load a skin that lives outside of the configured skin directories, because we had insufficient checks on the actual skin at load time.

Test Plan: Attempted to build a blog with an invalid skin; got an exception instead of a mis-load of a sketchy skin.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D10992
2014-12-15 10:41:49 -08:00
epriestley
10b86c2aa3 Don't show meme Remarkup hint button if Macro application is not usable
Summary: See <https://phabricator.wikimedia.org/T906>. This behavior is a bug; we should remove the button if the user can't use the application.

Test Plan:
- With Macro uninstalled, did these things verifying the button vanished:
  - Sent a user a message.
  - Edited a revision.
  - Edited repository basic information.
  - Edited an initiative.
  - Edited a Harbormaster build step.
  - Added task comments.
  - Edited profile blurb.
  - Edited blog description.
  - Commented on Pholio mock.
  - Uploaded Pholio image.
  - Edited Phortune merchant.
  - Edited Phriction document.
  - Edited Ponder answer.
  - Edited Ponder question.
  - Edited Slowvote poll.
  - Edited a comment.
- Reinstalled Macro and saw button come back.
- Used button to put silly text on a funny picture.

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D10900
2014-11-24 15:25:25 -08:00
epriestley
a4b281aa29 Fix Phame handling of $request
Summary: Fixes T6386. I missed this callsite in D10698.

Test Plan: Loaded local domained blog, no fatal.

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: epriestley

Maniphest Tasks: T6386

Differential Revision: https://secure.phabricator.com/D10744
2014-10-24 09:02:18 -07:00
Joshua Spence
3cf9a5820f Minor formatting changes
Summary: Apply some autofix linter rules.

Test Plan: `arc lint` and `arc unit`

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: epriestley, Korvin, hach-que

Differential Revision: https://secure.phabricator.com/D10585
2014-10-08 08:39:49 +11:00
epriestley
8fa8415c07 Automatically build all Lisk schemata
Summary:
Ref T1191. Now that the whole database is covered, we don't need to do as much work to build expected schemata. Doing them database-by-database was helpful in converting, but is just reudndant work now.

Instead of requiring every application to build its Lisk objects, just build all Lisk objects.

I removed `harbormaster.lisk_counter` because it is unused.

It would be nice to autogenerate edge schemata, too, but that's a little trickier.

Test Plan: Database setup issues are all green.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley, hach-que

Maniphest Tasks: T1191

Differential Revision: https://secure.phabricator.com/D10620
2014-10-02 09:51:20 -07:00
epriestley
1dfa94e571 Use binary collations for most text
Summary:
Ref T1191. For most text columns, we either don't care if "a" and "A" are the same, or we expect them to be different (for example: keys, domains, secrets, etc). Default text columns to the `_bin` collation so they are compared by strict character value. This is safer in cases where we aren't sure.

For some text columns, we allow the user to sort by the column in the UI (like Maniphest task titles) or we do care that "A" and "a" are the same (for example: project names). Introduce a new class of virtual data types, the "sort..." types, to cover these columns. These are like the "text..." types but use sorting collations which treat "A" and "a" the same.

Test Plan:
  - Made an effort to identify all columns where the UI relies on database collation.
  - Ran `bin/storage adjust` and cleared all warnings.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: beng, epriestley

Maniphest Tasks: T1191

Differential Revision: https://secure.phabricator.com/D10602
2014-10-01 08:18:53 -07:00
epriestley
4fcc634a99 Fix almost all remaining schemata issues
Summary:
Ref T1191. This fixes nearly every remaining blocker for utf8mb4 -- primarily, overlong keys.

Remaining issue is https://secure.phabricator.com/T1191#77467

Test Plan: I'll annotate inline.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley, hach-que

Maniphest Tasks: T6099, T6129, T6133, T6134, T6150, T6148, T6147, T6146, T6105, T1191

Differential Revision: https://secure.phabricator.com/D10601
2014-10-01 08:18:36 -07:00
epriestley
03519c53bb Mark questionable column nullability for later
Summary:
Ref T1191. Ref T6203. While generating expected schemata, I ran into these columns which seem to have sketchy nullability.

  - Mark most of them for later resolution (T6203). They work fine today and don't need to block T1191. Changing them can break the application, so we can't autofix them.
  - Forgive a couple of them that are sort-of reasonable or going to get wiped out.

Test Plan: Saw 94 remaining warnings.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: hach-que, epriestley

Maniphest Tasks: T1191, T6203

Differential Revision: https://secure.phabricator.com/D10593
2014-10-01 07:59:44 -07:00
epriestley
4f87adc438 Ignore keys with trailing index on table primary key for now
Summary:
Ref T1191. We have several keys on `<x, y, id>`. When `id` is an auto-increment primary key, I believe this is exactly equivalent to a key on `<x, y>`, because the leaf nodes are implicitly sorted by `id`. We omit the implicit `id` elsewhere.

It would be nice to drop the `id` bit for consistency, but it's not doing any harm and this doesn't need to block the primary work of T1191.

Test Plan: Saw slightly fewer warnings.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T1191

Differential Revision: https://secure.phabricator.com/D10592
2014-10-01 07:55:09 -07:00
epriestley
502d18ede4 Generate expected scheamta for Passphrase, Paste, Phlux, Phame
Summary: Ref T1191. Nothing notable in these.

Test Plan: Viewed web UI.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T1191

Differential Revision: https://secure.phabricator.com/D10528
2014-09-24 13:50:57 -07:00
epriestley
298604c9d3 Rename "beta" to "prototype" and document support policy
Summary:
Fixes T6084. Changes:

  - Rename `phabricator.show-beta-applications` to `phabricator.show-prototypes`, to reinforce that these include early-development applications.
  - Migrate the config setting.
  - Add an explicit "no support" banner to the config page.
  - Rename "Beta" to "Prototype" in the UI.
  - Use "bomb" icon instead of "half star" icon.
  - Document prototype applications in more detail.
  - Explicitly document that we do not support these applications.

Test Plan:
  - Ran migration.
  - Resolved "obsolete config" issue.
  - Viewed config setting.
  - Browsed prototypes in Applications app.
  - Viewed documentation.

Reviewers: chad, btrahan

Reviewed By: btrahan

Subscribers: epriestley, hach-que

Maniphest Tasks: T6084

Differential Revision: https://secure.phabricator.com/D10493
2014-09-17 18:25:57 -07:00
Bob Trahan
b93bc7e479 phutil_utf8_shorten => PhutilUTF8StringTruncator
Summary: Ref T3307. Only one I thought was tricky was Excel; I went with bytes there like it was email.

Test Plan: played around on a few endpoints but mostly thought carefully

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T3307

Differential Revision: https://secure.phabricator.com/D10392
2014-08-29 15:15:13 -07:00
Chad Little
42258ce0be Remove "Edit" text on Phame
Summary: Fixes T5731

Test Plan: Load list of self-created posts

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T5731

Differential Revision: https://secure.phabricator.com/D10192
2014-08-08 10:02:22 -07:00
Joshua Spence
8fd098329b Rename AphrontQueryException subclasses
Summary: Ref T5655. Depends on D10149.

Test Plan: Ran `arc unit`

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: epriestley, Korvin, hach-que

Maniphest Tasks: T5655

Differential Revision: https://secure.phabricator.com/D10150
2014-08-06 07:51:21 +10:00
epriestley
f9fe5e3a60 Render Phame templates in the expected order
Summary: Currently, content runs before header. Instead, run header, content, footer. This makes it easier to use `header.php` for includes, for Phacility.

Test Plan: Made Phacility blog work better, see next diff.

Reviewers: chad

Reviewed By: chad

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D10067
2014-07-28 19:08:45 -07:00
epriestley
3fca1b2d2d Fix some missing renames of Application classes
Summary: I think these got caught in the crossfire between Conduit and
Applications. Ref T5655.

Auditors: joshuaspence
2014-07-24 18:03:59 -07:00
Joshua Spence
023dee0d3b Rename Conduit classes
Summary: Ref T5655. Rename Conduit classes and provide a `getAPIMethodName` method to declare the API method.

Test Plan:
```
> echo '{}' | arc --conduit-uri='http://phabricator.joshuaspence.com' call-conduit user.whoami
Waiting for JSON parameters on stdin...
{"error":null,"errorMessage":null,"response":{"phid":"PHID-USER-lioqffnwn6y475mu5ndb","userName":"josh","realName":"Joshua Spence","image":"http:\/\/phabricator.joshuaspence.com\/res\/1404425321T\/phabricator\/3eb28cd9\/rsrc\/image\/avatar.png","uri":"http:\/\/phabricator.joshuaspence.com\/p\/josh\/","roles":["admin","verified","approved","activated"]}}
```

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: epriestley, Korvin, hach-que

Maniphest Tasks: T5655

Differential Revision: https://secure.phabricator.com/D9991
2014-07-25 10:54:15 +10:00
Joshua Spence
97a8700e45 Rename PHIDType classes
Summary: Ref T5655. Rename `PhabricatorPHIDType` subclasses for clarity (see discussion in D9839). I'm not too keen on some of the resulting class names, so feel free to suggest alternatives.

Test Plan: Ran unit tests.

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: epriestley, Korvin, hach-que

Maniphest Tasks: T5655

Differential Revision: https://secure.phabricator.com/D9986
2014-07-24 08:05:46 +10:00
epriestley
b0623305b7 Add some missing application names
Summary: Add some missing methods from D10027.

Test Plan: Viewed `/applications/query/all/` without hitting exceptions.

Reviewers: joshuaspence

Subscribers: epriestley, hach-que

Differential Revision: https://secure.phabricator.com/D10029
2014-07-23 08:15:44 -07:00
Joshua Spence
86c399b657 Rename PhabricatorApplication subclasses
Summary: Ref T5655. Some discussion in D9839. Generally speaking, `Phabricator{$name}Application` is clearer than `PhabricatorApplication{$name}`.

Test Plan:
# Pinned and uninstalled some applications.
# Applied patch and performed migrations.
# Verified that the pinned applications were still pinned and that the uninstalled applications were still uninstalled.
# Performed a sanity check on the database contents.

Reviewers: btrahan, epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: hach-que, epriestley, Korvin

Maniphest Tasks: T5655

Differential Revision: https://secure.phabricator.com/D9982
2014-07-23 10:03:09 +10:00
Joshua Spence
f4b05312cd Fix broken references to auth adapters
This was broken in D9999 but somehow didn't fail linting or unit tests.

Auditors: epriestley
2014-07-22 21:20:45 +10:00
Joshua Spence
254542237a Simplify the implementation of PhabricatorPHIDType subclasses
Summary: Instead of implementing the `getTypeConstant` method in all subclasses of `PhabricatorPHIDType`, provide a `final` implementation in the base class which uses reflection. See D9837 for a similar implementation.

Test Plan: Ran `arc unit`.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: epriestley, Korvin, hach-que

Differential Revision: https://secure.phabricator.com/D9985
2014-07-22 00:38:23 +10:00
Joshua Spence
8756d82cf6 Remove @group annotations
Summary: I'm pretty sure that `@group` annotations are useless now... see D9855. Also fixed various other minor issues.

Test Plan: Eye-ball it.

Reviewers: #blessed_reviewers, epriestley, chad

Reviewed By: #blessed_reviewers, epriestley

Subscribers: epriestley, Korvin, hach-que

Differential Revision: https://secure.phabricator.com/D9859
2014-07-10 08:12:48 +10:00
epriestley
46d9bebc84 Remove all device = true from page construction
Summary: Fixes T5446. Depends on D9687.

Test Plan: Mostly regexp'd this. Lint doesn't complain.

Reviewers: chad

Reviewed By: chad

Subscribers: epriestley, hach-que

Maniphest Tasks: T5446

Differential Revision: https://secure.phabricator.com/D9690
2014-06-23 15:18:14 -07:00
Joshua Spence
0a62f13464 Change double quotes to single quotes.
Summary: Ran `arc lint --apply-patches --everything` over rP, mainly to change double quotes to single quotes where appropriate. These changes also validate that the `ArcanistXHPASTLinter::LINT_DOUBLE_QUOTE` rule is working as expected.

Test Plan: Eyeballed it.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: epriestley, Korvin, hach-que

Differential Revision: https://secure.phabricator.com/D9431
2014-06-09 11:36:50 -07:00
epriestley
23a238b045 Remove "organization", "communication" and "miscellaneous" app groups
Summary:
Merge "Organization" and "Communication" into "Core". The split between these three was always tenuous, and this is easier to use and nicer looking on the new launcher.

Merge "Miscellaneous" into "Utilities" since they're basically the same thing.

Test Plan: Looked at app launcher.

Reviewers: chad

Reviewed By: chad

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D9334
2014-05-29 15:25:26 -07:00
Chad Little
0120388a75 Found some missing icons
Summary: Did a more exhaustive grep on setIcon and found 99.9% of the icons.

Test Plan: I verified icon names on UIExamples, but unable to test some of the more complex flows visually. Mostly a read and replace.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin, hach-que

Differential Revision: https://secure.phabricator.com/D9088
2014-05-13 07:45:39 -07:00
Chad Little
b2f3001ec4 Replace Sprite-Icons with FontAwesome
Summary: The removes the sprite sheet 'icons' and replaces it with FontAwesome fonts.

Test Plan:
- Grep for SPRITE_ICONS and replace
- Grep for sprite-icons and replace
- Grep for PhabricatorActionList and choose all new icons
- Grep for Crumbs and fix icons
- Test/Replace PHUIList Icon support
- Test/Replace ObjectList Icon support (foot, epoch, etc)
- Browse as many pages as I could get to
- Remove sprite-icons and move remarkup to own sheet
- Review this diff in Differential

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin, hach-que

Differential Revision: https://secure.phabricator.com/D9052
2014-05-12 10:08:32 -07:00
epriestley
ac9c82fcdf Check view policy, not join policy, when raising an error for Phame custom domains
Summary: A user in IRC hit this; this looks like a typo.

Test Plan: Created a new blog with a public view policy, a non-public join policy, and a custom domain.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: legien, epriestley

Differential Revision: https://secure.phabricator.com/D8980
2014-05-05 10:54:44 -07:00
epriestley
7145587df7 Lock down some config options
Summary:
This is just a general review of config options, to reduce the amount of damage a rogue administrator (without host access) can do. In particular:

  - Fix some typos.
  - Lock down some options which would potentially let a rogue administrator do something sketchy.
    - Most of the new locks relate to having them register a new service account, then redirect services to their account. This potentially allows them to read email.
    - Lock down some general disk stuff, which could be troublesome in combination with other vulnerabilities.

Test Plan:
  - Read through config options.
  - Tried to think about how to do evil things with each one.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D8928
2014-05-01 10:23:49 -07:00
Bob Trahan
5f02ed5bbb Phame - add some application polish.
Summary:
Fixes T4880. More specifically

 - adds an "edit" pencil to post lists iff you can edit the post
   - style change so this has no text-decoration
 - adds a "no data" box if you have no posts in a given view
   - style change to crush some margins so it formats like posts do
 - adds some validation that your configuration is correct if you are specifying a custom domain
 - updates docs about custom domains

Test Plan: clicked around and it was better! (see screenshots) read doc changes carefully

Reviewers: epriestley, chad

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T4880

Differential Revision: https://secure.phabricator.com/D8918
2014-04-30 13:19:14 -07:00
epriestley
38cc38eaf6 Modernize documentation links
Summary:
  - Point them at the new Diviner.
  - Make them a little less cumbersome to write.

Test Plan: Found almost all of these links in the UI and clicked them.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D8553
2014-03-17 15:01:31 -07:00
epriestley
ad88ff28a1 Reject Phame domains which include a port number
Summary: Via HackerOne. This doesn't actually have any security impact as far as we can tell, but a researcher reported it since it seems suspicious. At a minimum, it could be confusing. Also improve some i18n stuff.

Test Plan: Hit all the error cases, then saved a valid custom domain.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: aran, epriestley

Differential Revision: https://secure.phabricator.com/D8493
2014-03-11 15:53:15 -07:00
Bob Trahan
a1faac0a21 Phame - create conduit API to create posts
Summary:
nothing too crazy here. try to be smart about some defaults (i.e. phame title is optional and can be derived from title; post as not a draft by default; etc). Fixes T3695.

also do a little re-factoring to centralizing initializing new posts and turning posts into dictionaries. also change blogs => posts in another conduit method so it makes sense and stuff.

Test Plan: made some posts via conduit. testing trying to specify blogger, phame title, and isDraft, all worked nicely

Reviewers: chad, epriestley

Reviewed By: epriestley

Subscribers: aran, epriestley, Korvin

Maniphest Tasks: T3695

Differential Revision: https://secure.phabricator.com/D8485
2014-03-11 15:51:53 -07:00
epriestley
5854de8c1c Don't 302 to an external URI, even after CSRF POST
Summary:
Via HackerOne. This defuses an attack which allows users to steal OAuth tokens through a clever sequence of steps:

  - The attacker begins the OAuth workflow and copies the Facebook URL.
  - The attacker mutates the URL to use the JS/anchor workflow, and to redirect to `/phame/live/X/` instead of `/login/facebook:facebook.com/`, where `X` is the ID of some blog they control. Facebook isn't strict about paths, so this is allowed.
  - The blog has an external domain set (`blog.evil.com`), and the attacker controls that domain.
  - The user gets stopped on the "live" controller with credentials in the page anchor (`#access_token=...`) and a message ("This blog has moved...") in a dialog. They click "Continue", which POSTs a CSRF token.
  - When a user POSTs a `<form />` with no `action` attribute, the browser retains the page anchor. So visiting `/phame/live/8/#anchor` and clicking the "Continue" button POSTs you to a page with `#anchor` intact.
  - Some browsers (including Firefox and Chrome) retain the anchor after a 302 redirect.
  - The OAuth credentials are thus preserved when the user reaches `blog.evil.com`, and the attacker's site can read them.

This 302'ing after CSRF post is unusual in Phabricator and unique to Phame. It's not necessary -- instead, just use normal links, which drop anchors.

I'm going to pursue further steps to mitigate this class of attack more thoroughly:

  - Ideally, we should render forms with an explicit `action` attribute, but this might be a lot of work. I might render them with `#` if no action is provided. We never expect anchors to survive POST, and it's surprising to me that they do.
  - I'm going to blacklist OAuth parameters (like `access_token`) from appearing in GET on all pages except whitelisted pages (login pages). Although it's not important here, I think these could be captured from referrers in some cases. See also T4342.

Test Plan: Browsed all the affected Phame interfaces.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran, arice

Differential Revision: https://secure.phabricator.com/D8481
2014-03-10 16:21:07 -07:00
epriestley
5801176edc When creating a new Phame blog post, check that the author has permission to post to the blog
Summary:
Via HackerOne. We're missing this permissions check, so you can sneak around it with URL editing right now.

I checked the other queries in this application and they seem OK.

Test Plan: Tried to post to a blog I had no permission to join.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Differential Revision: https://secure.phabricator.com/D8423
2014-03-06 14:06:07 -08:00
Chad Little
b74c7a3d37 Simplify PHUIObjectBoxViews handling of Save and Error states
Summary: This removes the bulk of the "Form Errors" text, some variations likely exists. These are a bit redundant and space consuming. I'd also like to back ErrorView more into PHUIObjectBox.

Test Plan: Test out the forms, see errors without the text.

Reviewers: epriestley, btrahan

CC: Korvin, epriestley, aran, hach-que

Differential Revision: https://secure.phabricator.com/D7924
2014-01-10 09:17:37 -08:00
epriestley
5173b4954d Move Celerity gradually toward multiple source support
Summary: Ref T4222. This doesn't actually support multiple sources yet, but moves us closer by getting rid of some dead and exceedingly-singletoney code.

Test Plan: Browsed around, looked at Phame blogs.

Reviewers: btrahan, hach-que

Reviewed By: hach-que

CC: aran

Maniphest Tasks: T4222

Differential Revision: https://secure.phabricator.com/D7874
2014-01-01 07:46:18 -08:00
epriestley
d8c11a2106 Move build-time resources to "CelerityPhysicalResources" to fix Phame
Summary:
Ref T4222. This fixes some issues with Phame's resource construction.

Phame requires a fully virtual resource source, and since I want to run wordpress templates unmodified some day I don't want to build resource maps for skins.

Move all the stuff that depends on resource lists being discoverable at build time to `CelerityPhysicalResources`, and only generate maps for subclasses.

The root `CelerityResources` can now construct virtual resources; construct a virtual resource for Phame and use it.

Test Plan: Off-domain blogs work correctly now. On-domain blogs with custom skins work correctly now.

Reviewers: btrahan, hach-que

Reviewed By: hach-que

CC: aran

Maniphest Tasks: T4222

Differential Revision: https://secure.phabricator.com/D7873
2013-12-31 19:21:56 -08:00
epriestley
2c35532256 Drive all Celerity operations from the new map
Summary:
Ref T4222.

  - Removes the old map and changes the CelerityResourceMap API to be entirely driven by the new map.
  - The new map is about 50% smaller and organized more sensibly.
  - This removes the `/pkg/` URI component. All resources are now required to have unique names, so we can tell if a resource is a package or not by looking at the name.
  - Removes some junky old APIs.
  - Cleans up some other APIs.
  - Added some feedback for `bin/celerity map`.
  - `CelerityResourceMap` is still a singleton which is inextricably bound to the Phabricator map; this will change in the future.

Test Plan:
  - Reloaded pages.
  - Verified packaging works by looking at generated includes.
  - Forced minification on and verified it worked.
  - Forced no-timestamps on and verified it worked.
  - Rebuilt map.
  - Ran old script and verified error message.
  - Checked logs.

Reviewers: btrahan, hach-que

Reviewed By: hach-que

CC: chad, aran

Maniphest Tasks: T4222

Differential Revision: https://secure.phabricator.com/D7872
2013-12-31 18:04:25 -08:00
epriestley
60cb65bfbb Make resolveResources() and packageResources() private on CelerityResourceMap
Summary: Ref T4222. These are the last two "return a big ball of mud" methods. Make the API stronger so I can swap out the implementations.

Test Plan: Reloaded pages.

Reviewers: btrahan, hach-que

Reviewed By: hach-que

CC: aran

Maniphest Tasks: T4222

Differential Revision: https://secure.phabricator.com/D7871
2013-12-31 18:03:24 -08:00
epriestley
60ff29ed06 Make lookupSymbolInformation() a private API on CelerityResourceMap
Summary: Ref T4222. Same deal as D7867, but for this other super nebulous "return a blob of stuff" method.

Test Plan: Regenerated map, browsed around, etc.

Reviewers: btrahan, hach-que

Reviewed By: hach-que

CC: aran

Maniphest Tasks: T4222

Differential Revision: https://secure.phabricator.com/D7868
2013-12-31 18:03:09 -08:00
epriestley
a5dc9067af Provide convenience method addTextCrumb() to PhabricatorCrumbsView
Summary: We currently have a lot of calls to `addCrumb(id(new PhabricatorCrumbView())->...)` which can be expressed much more simply with a convenience method. Nearly all crumbs are only textual.

Test Plan:
  - This was mostly automated, then I cleaned up a few unusual sites manually.
  - Bunch of grep / randomly clicking around.

Reviewers: btrahan, chad

Reviewed By: btrahan

CC: hach-que, aran

Differential Revision: https://secure.phabricator.com/D7787
2013-12-18 17:47:34 -08:00
Jakub Vrana
a29b5b070f Replace some hsprintf() by phutil_tag()
Test Plan: Looked at a diff with inline comment.

Reviewers: epriestley

Reviewed By: epriestley

CC: Korvin, epriestley, aran

Differential Revision: https://secure.phabricator.com/D7549
2013-11-11 09:23:23 -08:00
James Rhodes
24579e2956 Add phame.queryblog and phame.querypost Conduit calls.
Summary: This implements Conduit calls for querying Phame blogs and Phame posts.

Test Plan: Made some calls and they seem to generally work.

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley

CC: Korvin, epriestley, aran

Maniphest Tasks: T3695

Differential Revision: https://secure.phabricator.com/D7478
2013-11-02 16:31:30 -07:00
epriestley
2a5c987c71 Lock policy queries to their applications
Summary:
While we mostly have reasonable effective object accessibility when you lock a user out of an application, it's primarily enforced at the controller level. Users can still, e.g., load the handles of objects they can't actually see. Instead, lock the queries to the applications so that you can, e.g., never load a revision if you don't have access to Differential.

This has several parts:

  - For PolicyAware queries, provide an application class name method.
  - If the query specifies a class name and the user doesn't have permission to use it, fail the entire query unconditionally.
  - For handles, simplify query construction and count all the PHIDs as "restricted" so we get a UI full of "restricted" instead of "unknown" handles.

Test Plan:
  - Added a unit test to verify I got all the class names right.
  - Browsed around, logged in/out as a normal user with public policies on and off.
  - Browsed around, logged in/out as a restricted user with public policies on and off. With restrictions, saw all traces of restricted apps removed or restricted.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Differential Revision: https://secure.phabricator.com/D7367
2013-10-21 17:20:27 -07:00
epriestley
073cb0e78c Make PhabricatorPolicyInterface require a getPHID() method
Summary:
Ref T603. This cleans up an existing callsite in the policy filter, and opens up some stuff in the future.

Some policy objects don't have real PHIDs:

  PhabricatorTokenGiven
  PhabricatorSavedQuery
  PhabricatorNamedQuery
  PhrequentUserTime
  PhabricatorFlag
  PhabricatorDaemonLog
  PhabricatorConduitMethodCallLog
  ConduitAPIMethod
  PhabricatorChatLogEvent
  PhabricatorChatLogChannel

Although it would be reasonable to add real PHIDs to some of these (like `ChatLogChannel`), it probably doesn't make much sense for others (`DaemonLog`, `MethodCallLog`). Just let them return `null`.

Also remove some duplicate `$id` and `$phid` properties. These are declared on `PhabricatorLiskDAO` and do not need to be redeclared.

Test Plan: Ran the `testEverythingImplemented` unit test, which verifies that all classes conform to the interface.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T603

Differential Revision: https://secure.phabricator.com/D7306
2013-10-14 14:35:47 -07:00
Chad Little
97c690fc0f PHUIPropertyListView
Summary: This builds out and implements PHUIPropertyListView (container) and PHUIPropertyListItemView (section) as well as adding tabs.

Test Plan: Tested each page I edited with the exception of Releeph and Phortune, though those changes look ok to me diff wise. Updated examples page with tabs.

Reviewers: epriestley, btrahan

Reviewed By: epriestley

CC: Korvin, epriestley, aran

Differential Revision: https://secure.phabricator.com/D7283
2013-10-11 07:53:56 -07:00
epriestley
b592630d72 Provide more structure to PHUIObjectBoxView
Summary:
Three changes here.

  - Add `setActionList()`, and use that to set the action list.
  - Add `setPropertyList()`, and use that to set the property list.

These will let us add some apropriate CSS so we can fix the border issue, and get rid of a bunch of goofy `.x + .y` selectors.

  - Replace `addContent()` with `appendChild()`.

This is just a consistency thing; `AphrontView` already provides `appendChild()`, and `addContent()` did the same thing.

Test Plan:
  - Viewed "All Config".
  - Viewed a countdown.
  - Viewed a revision (add comment, change list, table of contents, comment, local commits, open revisions affecting these files, update history).
  - Viewed Diffusion (browse, change, history, repository, lint).
  - Viewed Drydock (resource, lease).
  - Viewed Files.
  - Viewed Herald.
  - Viewed Legalpad.
  - Viewed macro (edit, edit audio, view).
  - Viewed Maniphest.
  - Viewed Applications.
  - Viewed Paste.
  - Viewed People.
  - Viewed Phulux.
  - Viewed Pholio.
  - Viewed Phame (blog, post).
  - Viewed Phortune (account, product).
  - Viewed Ponder (questions, answers, comments).
  - Viewed Releeph.
  - Viewed Projects.
  - Viewed Slowvote.

NOTE: Images in Files aren't on a black background anymore -- I assume that's on purpose?

NOTE: Some jankiness in Phortune, I'll clean that up when I get back to it. Not related to this diff.

Reviewers: chad

Reviewed By: chad

CC: aran

Differential Revision: https://secure.phabricator.com/D7174
2013-09-30 09:36:04 -07:00
Chad Little
94d0704fdb Add objectheaders to new View
Summary: This adds the 'PHUIObjectBox' to nearly every place that should get it. I need to comb through Diffusion a little more. I've left Differential mostly alone, but may decide to do it anyways this weekend. I'm sure I missed something else, but these are easy enough to update.

Test Plan: tested each new layout.

Reviewers: epriestley, btrahan

Reviewed By: epriestley

CC: Korvin, aran

Differential Revision: https://secure.phabricator.com/D7162
2013-09-28 15:55:38 -07:00
epriestley
2e5ac128b3 Explain policy exception rules to users
Summary:
Ref T603. Adds clarifying text which expands on policies and explains exceptions and rules. The goal is to provide an easy way for users to learn about special policy rules, like "task owners can always see a task".

This presentation might be a little aggressive. That's probably OK as we introduce policies, but something a little more tempered might be better down the road.

Test Plan: See screenshot.

Reviewers: btrahan, chad

Reviewed By: chad

CC: aran

Maniphest Tasks: T603

Differential Revision: https://secure.phabricator.com/D7150
2013-09-27 08:43:41 -07:00
Chad Little
9be7a948f9 Move PHUIFormBoxView to PHUIObjectBoxView
Summary: I'd like to reuse this for other content areas, renaming for now. This might be weird to keep setForm, but I can fix that later if we need.

Test Plan: reload a few forms in maniphest, projects, differential

Reviewers: epriestley, btrahan

Reviewed By: epriestley

CC: Korvin, aran

Differential Revision: https://secure.phabricator.com/D7120
2013-09-25 11:23:29 -07:00
epriestley
dc389c90bb Simplify policy header implementation
Summary: Instead of rendering this in all callers, just pass the object into the header and let it figure out how to format it.

Test Plan: Looked at Legalpad, Paste, and Pholio.

Reviewers: chad, btrahan

Reviewed By: chad

CC: aran

Differential Revision: https://secure.phabricator.com/D7039
2013-09-19 11:56:58 -07:00
Chad Little
104c6244c3 Policy Header rollout
Summary: Adds policy headers to more (all?) places currently in use.

Test Plan: test each page changed.

Reviewers: epriestley

Reviewed By: epriestley

CC: Korvin, aran

Differential Revision: https://secure.phabricator.com/D7032
2013-09-18 16:27:24 -07:00
epriestley
a17b9cd2a1 Fix Phame fatal
Summary: Fixes T3847.

Test Plan: "Edit Post"

Reviewers: chad, btrahan

Reviewed By: chad

CC: aran

Maniphest Tasks: T3847

Differential Revision: https://secure.phabricator.com/D7031
2013-09-18 16:00:03 -07:00
Chad Little
e8bb24fd60 Policy, Status in PHUIHeaderView
Summary: The adds the ability to set 'properties' such as state, privacy, due date to the header of objects.

Test Plan: Implemented in Paste, Pholio. Tested various states.

Reviewers: epriestley, btrahan

Reviewed By: epriestley

CC: Korvin, aran

Differential Revision: https://secure.phabricator.com/D7016
2013-09-17 09:12:37 -07:00
Bob Trahan
b902005bed Kill PhabricatorObjectDataHandle
Summary: Ref T603. Killing this class is cool because the classes that replace it are policy-aware. Tried to keep my wits about me as I did this and fixed a few random things along the way. (Ones I remember right now are pulling a query outside of a foreach loop in Releeph and fixing the text in UIExample to note that the ace of hearts if "a powerful" card and not the "most powerful" card (Q of spades gets that honor IMO))

Test Plan: tested the first few changes (execute, executeOne X handle, object) then got real mechanical / careful with the other changes.

Reviewers: epriestley

Reviewed By: epriestley

CC: Korvin, aran, FacebookPOC

Maniphest Tasks: T603

Differential Revision: https://secure.phabricator.com/D6941
2013-09-11 12:27:28 -07:00
Bob Trahan
07b8becfc6 Policy - introduce parentQuery and pass around policy configuration from parent to child
Summary: Ref T603. Ref D6941.

Test Plan: Clicked around all over - looked good. I plan to re-test D6941 to make sure the executeOne case works now as intended

Reviewers: epriestley

Reviewed By: epriestley

CC: Korvin, aran

Maniphest Tasks: T603

Differential Revision: https://secure.phabricator.com/D6944
2013-09-11 12:19:34 -07:00
Chad Little
5ba20b8924 Move PhabricatorObjectItem to PHUIObjectItem, add 'plain' setting for lists.
Summary: Adds plain support for object lists that just look like lists

Test Plan: review UIexamples and a number of other applications

Reviewers: epriestley, btrahan

Reviewed By: epriestley

CC: Korvin, aran

Differential Revision: https://secure.phabricator.com/D6922
2013-09-09 14:14:34 -07:00
Gareth Evans
fcba0c74d9 Replace all "attach first..." exceptions with assertAttached()
Summary:
Ref T3599
Go through everything, grep a bit, replace some bits.

Test Plan: Navigate around a bit

Reviewers: epriestley

Reviewed By: epriestley

CC: Korvin, aran

Maniphest Tasks: T3599

Differential Revision: https://secure.phabricator.com/D6871
2013-09-03 06:02:14 -07:00
Chad Little
bb9be01d55 Update forms to use PHUIFormBoxView
Summary: Some more callsites, let me know if you see others, I think think is 98% of them now.

Test Plan: tested each page

Reviewers: epriestley, btrahan

Reviewed By: btrahan

CC: Korvin, aran

Differential Revision: https://secure.phabricator.com/D6814
2013-08-26 15:45:58 -07:00
Chad Little
fe2a96e37f Update Form Layouts
Summary:
This attempts some consistency in form layouts. Notably, they all now contain headers and are 16px off the sides and tops of pages. Also updated dialogs to the same look and feel. I think I got 98% of forms with this pass, but it's likely I missed some buried somewhere.

TODO: will take another pass as consolidating these colors and new gradients in another diff.

Test Plan: Played in my sandbox all week. Please play with it too and let me know how they feel.

Reviewers: epriestley, btrahan

Reviewed By: epriestley

CC: Korvin, aran

Differential Revision: https://secure.phabricator.com/D6806
2013-08-26 11:53:11 -07:00
epriestley
751cd547c2 Remove dust from page construction
Summary:
  ^\s+(['"])dust\1\s*=>\s*true,?\s*$\n

Test Plan: Looked through the diff.

Reviewers: chad

Reviewed By: chad

CC: aran

Differential Revision: https://secure.phabricator.com/D6769
2013-08-19 18:09:35 -07:00
Bob Trahan
1457797c4a Move PhamePost to new phid stuff
Summary: Ref T2715

Test Plan: phid.query and a brief phame post read

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T2715

Differential Revision: https://secure.phabricator.com/D6579
2013-07-26 13:15:08 -07:00
Bob Trahan
a07096daeb Move PhameBlog to new phid stuff
Summary: Ref T2715

Test Plan: loaded phame and viewed all blogs link. did phid.query successfully

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T2715

Differential Revision: https://secure.phabricator.com/D6578
2013-07-26 12:19:12 -07:00
Bob Trahan
9838251515 Make PhabricatorActionListView logged-out user savvy
Summary:
Fixes T2691. Now, all PhabricatorActionListViews in the codebase setObjectHref to $request->getRequestURI. This value is passed over to PhabricatorActionItems right before they are rendered. If a PhabricatorActionItem is a workflow and there is no user OR the user is logged out, we used this objectURI to construct a log in URI.

Potentially added some undesirable behavior to aggressively setUser (and later setObjectURI) from within the List on Actions... This should be okay-ish unless there was a vision of actions having different user objects associated with them. I think this is a safe assumption.

Test Plan: played around with a mock all logged out (Ref T2652) and it worked!

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T2691

Differential Revision: https://secure.phabricator.com/D6416
2013-07-12 11:39:47 -07:00
Cam Spiers
5cf7258577 Provide syntax highlighting css for oblivious phame posts
Summary: I have simply copied the existing css into the oblivious skin. I don't know if this is the right approach (code duplication), but considering this skin should be isolated (and will potentially differ) I think this makes sense.

Test Plan: Use a code block on a phame post.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin, chad

Differential Revision: https://secure.phabricator.com/D6313
2013-06-26 15:01:56 -07:00
Cam Spiers
4770437bb3 Fix issue where phame "View Live" functionality works by using POST not GET
Summary: Currently you can't refresh the live blog or a blog post after clicking "View Live" due to POST action. I have removed the setRenderAsForm call on the "View Live" actions. I am unsure if this has any unintended consequences but I have tested and not found any.

Test Plan: Click the "View Live" action within a blog post or blog, and observe that the request occurs via GET not POST

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D6314
2013-06-26 06:12:23 -07:00
Cam Spiers
97dc484854 Fix issue where https is not honoured when loading disqus api
Summary: Currently if disqus is used and a phame post is loaded over ssl, the disqus api is not loaded over https. This fixes that by honouring the protocol being used by the html document.

Test Plan: Open a phame post over https

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D6311
2013-06-25 16:32:51 -07:00
Cam Spiers
0495eb1586 Fix issue where "phabricator" disqus account is used by default and not overridable
Summary: Currently setting "disqus.shortname" via config isn't actually used in the instantiation of disqus. This fix uses the shortname configured.

Test Plan: Open a phame post with disqus enabled and a shortname other than "phabricator" specified.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D6310
2013-06-25 16:28:56 -07:00
epriestley
3b9ccf11f2 Drive auth config with the database
Summary: Ref T1536. This is the last major migration. Moves us over to the DB and drops all the config stuff.

Test Plan:
  - Ran the migration.
  - Saw all my old config brought forward and respected, with accurate settings.
  - Ran LDAP import.
  - Grepped for all removed config options.

Reviewers: btrahan, chad

Reviewed By: btrahan

CC: aran, wez

Maniphest Tasks: T1536

Differential Revision: https://secure.phabricator.com/D6243
2013-06-20 11:18:11 -07:00
Chad Little
f1bf27959f PHUIList, PHUIDocument updates
Summary:
This diff covers a bit of ground.

- PHUIDocumentExample has been added
- PHUIDocument has been extended with new features
- PhabricatorMenuView is now PHUIListView
- PhabricatorMenuItemView is now PHUIItemListView

Overall - I think I've gotten all the edges covered here. There is some derpi-ness that we can talk about, comments in the code. Responsive design is missing from the new features on PHUIDocument, will follow up later.

Test Plan: Tested mobile and desktop menus, old phriction layout, new document views, new lists, and object lists.

Reviewers: epriestley, btrahan

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D6130
2013-06-05 08:41:43 -07:00
Chad Little
fab9a138f3 Use PHUIFeedStory in Phame
Summary: This swaps out ObjectItemListView for PHUIFeedStory when viewing posts in a Phame blog.

Test Plan: Write blog posts, published or not, and test in Phame. Web and iOS tested.

Reviewers: epriestley, btrahan

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D5989
2013-05-21 15:32:17 -07:00
deedydas
3d16eb5e57 Token support for Phriction Documents, Ponder Questions, and Phame Blogs
Summary:
Ref T3023

Token support for Phriction Documents, Ponder Questions, and Phame Blogs

Test Plan: Token notifications and visual display seems to be working for the above types

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin, AnhNhan

Maniphest Tasks: T3023

Differential Revision: https://secure.phabricator.com/D5862
2013-05-09 14:52:22 -07:00
Chad Little
43ff24b0f3 Update form styles, implement in many places
Summary:
This creates a common form look and feel across the site. I spent a bit of time working out a number of kinks in our various renderings. Some things:

- Font Styles are correctly applied for form elements now.
- Everything lines up!
- Selects are larger, easier to read, interact.
- Inputs have been squared.
- Consistant CSS applied glow (try it!)
- Improved Mobile Responsiveness
- CSS applied to all form elements, not just Aphront
- Many other minor tweaks.

I tried to hit as many high profile forms as possible in an effort to increase consistency. Stopped for now and will follow up after this lands. I know Evan is not a super fan of the glow, but after working with it for a week, it's way cleaner and responsive than the OS controls. Give it a try.

Test Plan: Tested many applications, forms, mobile and tablet.

Reviewers: epriestley, btrahan

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D5860
2013-05-07 14:07:06 -07:00
Jakub Vrana
e8dd67b88c Properly escape inline <script>
Test Plan:
Loaded Phabricator page, checked the source code. Also:

    $c_uri = '//connect.facebook.net/en_US/all.js#xfbml=1&appId=';
    echo CelerityStaticResourceResponse::renderInlineScript(
      jsprintf(
        'console.log(%s); // </script>
        %s',
        $c_uri,
        "</script><b>x</b>"));

Reviewers: epriestley, btrahan

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D5741
2013-04-20 17:55:47 -07:00
Chad Little
8ea5c8c74e Modernize Phame
Summary: Adds crumbs, mobile layouts, mobile navs, phts

Test Plan: Tested Phame in iOS and Chrome

Reviewers: epriestley, btrahan

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D5684
2013-04-14 08:02:29 -07:00
Bob Trahan
649f5cc178 Phame - fix some issues with feed reported on github (290, 291)
Summary: we need a link with type=self to pass xml validation. Note we will always fail validation until we remove any sigil-related stuff from the resultant HTML since we just made that up for our purposes. Also serves up the feed link on the blog view controller, complete with tooltip about how the custom domain stuff isn't supported.

Test Plan: viewed a blog page and liked the feed uri property. viewed a feed and verified the new link self stuff. post push I'll try the validator again.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin, vrana

Differential Revision: https://secure.phabricator.com/D5667
2013-04-11 16:10:09 -07:00
Bob Trahan
53f6936b8a Phame - "fix" blog feed
Summary: we don't post enough so this got reported as broken. Instead of specifying a published after date, just let the query class fetch the natural pagination limit ordered by id, and PHP will sort by publishedDate per usual. While its possible we might not get the right stuff relative to published date, its highly, highly unlikely given the large pagination size.

Test Plan: loaded up the blog xml link

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D5593
2013-04-05 12:12:49 -07:00
vrana
b3a63a62a2 Introduce PhabricatorEmptyQueryException
Summary: It's dumb to execute a query which we know will return an empty result.

Test Plan: Looked at comment preview with "11", didn't see "1 = 0" in DarkConsole.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D5177
2013-03-06 19:22:00 -08:00
epriestley
92c4dfdfb1 Fix an extra %s in BlogFeedController
Summary: Fished this out of the secure.phabricator.com error log. Introduced in D4869.

Test Plan: Eyeballed it.

Reviewers: chad, vrana

Reviewed By: chad

CC: aran

Differential Revision: https://secure.phabricator.com/D5199
2013-03-03 13:57:59 -08:00
epriestley
0a069cb55a Require a viewer to load handles
Summary:
Unmuck almost all of the we-sort-of-have-viewers-some-of-the-time mess.

There are a few notable cases here:

  - I used Omnipotent users when indexing objects for search. I think this is correct; we do policy filtering when showing results.
  - I cheated in a bad way in the Remarkup object rule, but fixing this requires fixing all the PhabricatorRemarkupEngine callsites (there are 85). I'll do that in the next diff.
  - I cheated in a few random places, like when sending mail about package edits. These aren't a big deal.

Test Plan:
  - Grepped for all PhabricatorObjectHandleData references.
  - Gave them viewers.

Reviewers: vrana

Reviewed By: vrana

CC: aran, edward

Maniphest Tasks: T603

Differential Revision: https://secure.phabricator.com/D5151
2013-02-28 17:15:09 -08:00
epriestley
2f66138464 Fix an open redirect issue in Phame with "View Live"
Summary: Currently, you can set a blog URI to "evil.com" and then the live controller will issue a redirect. Instead, require a CSRF check. If it fails, pop a "this blog has moved" dialog.

Test Plan:
  - Clicked "View Live" for in-app and on-domain blogs and posts.
  - Hit URI directly.

{F33302}

Reviewers: vrana

Reviewed By: vrana

CC: cbg, aran

Differential Revision: https://secure.phabricator.com/D5021
2013-02-19 16:04:54 -08:00
epriestley
a22bea2a74 Apply lint rules to Phabricator
Summary: Mostly applies a new call spacing rule; also a few things that have slipped through via pull requests and such

Test Plan: `find src/ -type f -name '*.php' | xargs -n16 arc lint --output summary --apply-patches`

Reviewers: chad

Reviewed By: chad

CC: aran

Differential Revision: https://secure.phabricator.com/D5002
2013-02-19 13:33:10 -08:00
epriestley
f5aa92ecda Fix Phame escaping issue
Summary: Fixes blog.phacility.com, etc. There's bascially no plausible way we can do better here, especially once we get the Wordpress "API" up and running.

Test Plan: patched secure.phabricator.com live

Reviewers: vrana

Reviewed By: vrana

CC: aran

Differential Revision: https://secure.phabricator.com/D4958
2013-02-14 13:09:47 -08:00
epriestley
ef7f16180c Restore merge of phutil_tag. 2013-02-13 14:51:18 -08:00
epriestley
73cce6e131 Revert "Promote phutil-tag again"
This reverts commit 8fbabdc06d, reversing
changes made to 2dab1c1e42.
2013-02-13 14:08:57 -08:00
vrana
4eb84149c2 Convert everything to safe HTML
Summary: Sgrepped for `"=~/</"` and manually changed every HTML.

Test Plan: This doesn't work yet but it is hopefully one of the last diffs before Phabricator will be undoubtedly HTML safe.

Reviewers: epriestley

CC: aran, Korvin

Maniphest Tasks: T2432

Differential Revision: https://secure.phabricator.com/D4927
2013-02-13 12:35:40 -08:00
vrana
868ca71451 Fix some HTML problems
Summary: I'm too lazy to attaching them for diffs where they were introduced.

Test Plan:
/
/D1, wrote comment with code snippet
DarkConsole
commit detail, wrote comment
task detail, wrote comment

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T2432

Differential Revision: https://secure.phabricator.com/D4911
2013-02-11 18:18:26 -08:00
vrana
58b6e2cac6 Convert AphrontDialogView to safe HTML
Summary:
Done by searching for `AphrontDialogView` and then `appendChild()`.

Also added some `pht()`.

Test Plan: None.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D4882
2013-02-09 15:11:35 -08:00
vrana
d817dfa8fc Convert some phutil_escape_html() to hsprintf()
Summary: Found by `sgrep_php -e '"...".phutil_escape_html(...)'`.

Test Plan:
/
/D1
/uiexample/
/countdown/1/
/herald/transcript/1/all/

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T2432

Differential Revision: https://secure.phabricator.com/D4869
2013-02-08 15:59:02 -08:00
vrana
2f508bf0dc Delete some phutil_safe_html()
Test Plan: Displayed revision.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T2432

Differential Revision: https://secure.phabricator.com/D4829
2013-02-05 15:52:48 -08:00
vrana
be4662e667 Convert setCaption() to safe HTML
Test Plan: /settings/panel/display/

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T2432

Differential Revision: https://secure.phabricator.com/D4824
2013-02-05 15:52:43 -08:00
epriestley
8f1311bbc1 Merge branch 'master' into phutil_tag
(Final sync.)
2013-02-05 10:23:16 -08:00
Debarghya Das
ccb206e984 Added a Disable Macros function that can be called in some contexts where Macros are unsuitable
Summary: Semi Fixed T2397

Test Plan: Can disable the meme button on manually toggling the class variable.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T2397

Differential Revision: https://secure.phabricator.com/D4781
2013-02-04 09:54:03 -08:00
epriestley
40547030a5 render_tag -> tag: PropertyListView
Summary: Converts callsites in PropertyListView (addDetail() and setTextContent()).

Test Plan: Grepped for PhabricatorPropertyListView, addDetail() and setTextContent().

Reviewers: vrana

Reviewed By: vrana

CC: aran

Maniphest Tasks: T2432

Differential Revision: https://secure.phabricator.com/D4695
2013-01-29 11:01:47 -08:00
epriestley
edfcd7bd2d render_tag -> tag: phame, remarkup
Summary: Converts various callsites from render_tag variants to tag variants.

Test Plan: See inlines.

Reviewers: vrana, btrahan

Reviewed By: vrana

CC: aran

Maniphest Tasks: T2432

Differential Revision: https://secure.phabricator.com/D4689
2013-01-28 18:44:15 -08:00
vrana
9670f0c636 Convert phutil_render_tag(X, Y, phutil_render_tag(...)) to phutil_render_html
Summary:
Created with spatch:

  lang=diff
  - phutil_render_tag
  + phutil_render_html
    (X, Y, phutil_render_tag(...))

  - phutil_render_tag
  + phutil_render_html
    (X, Y, phutil_render_html(...))

Test Plan: Loaded homepage

Reviewers: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D4502
2013-01-24 19:35:51 -08:00
vrana
3c1b8df8ae Convert simple phutil_render_tag() to phutil_tag()
Summary: Done manually.

Test Plan: Loaded homepage.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D4509
2013-01-24 19:30:50 -08:00
vrana
21a5956a35 Convert phutil_render_tag(X, Y, pht('...')) to phutil_tag
Summary:
Created with spatch:

  lang=diff
  - phutil_render_tag
  + phutil_tag
    (X, Y, pht('...'))

The searched for `<` and `&` by sgrep.

Test Plan: Loaded homepage.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D4504
2013-01-24 19:20:30 -08:00
vrana
20768d65d5 Convert phutil_render_tag(X, Y, '...') to phutil_tag
Summary:
Created with spatch:

  lang=diff
  - phutil_render_tag
  + phutil_tag
    (X, Y, '...')

Then searched for `&` and `<` in the output and replaced them.

Test Plan: Loaded homepage.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D4503
2013-01-24 19:20:27 -08:00
vrana
48561a8b1f Convert phutil_render_tag(X, Y, phutil_escape_html(Z)) to phutil_tag
Summary:
Created with spatch:

  lang=diff
  - phutil_render_tag
  + phutil_tag
    (X, Y,
  - phutil_escape_html(
    Z
  - )
    )

Test Plan: Loaded homepage

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D4501
2013-01-24 19:08:55 -08:00