1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-25 06:50:55 +01:00
Commit graph

85 commits

Author SHA1 Message Date
epriestley
c8b4bfdcd1 Encode "<" and ">" in JSON/Ajax responses to prevent content-sniffing attacks
Summary:
Some browsers will still sniff content types even with "Content-Type" and
"X-Content-Type-Options: nosniff". Encode "<" and ">" to prevent them from
sniffing the content as HTML.

See T865.

Also unified some of the code on this pathway.

Test Plan: Verified Opera no longer sniffs the Conduit response into HTML for
the test case in T865. Unit tests pass.

Reviewers: cbg, btrahan

Reviewed By: cbg

CC: aran, epriestley

Maniphest Tasks: T139, T865

Differential Revision: https://secure.phabricator.com/D1606
2012-02-14 14:51:51 -08:00
epriestley
e8a7d8a905 Provide software protections for HTTP response splitting
Summary:
This addresses a few things:

  - Provide a software HTTP response spliting guard as an extra layer of
security, see http://news.php.net/php.internals/57655 and who knows what HPHP/i
does.
  - Cleans up webroot/index.php a little bit, I want to get that file under
control eventually.
  - Eventually I want to collect bytes in/out metrics and this allows us to do
that easily.
  - We may eventually want to write to a socket or do something else like that,
ala Litespawn.

Test Plan:
  - Ran unit tests.
  - Browsed around, checked headers and HTTP status codes.

Reviewers: btrahan, vrana

Reviewed By: btrahan

CC: aran, epriestley

Differential Revision: https://secure.phabricator.com/D1564
2012-02-06 09:59:34 -08:00
jungejason
12d1379dee Add instructions about how to support localhost
Summary:
With T764, http://localhost doesn't work anymore. So add instructions
about how to support it by modifying the hosts file.

Test Plan:
- turned on setup mode and the error message did show up
- turned off the setup mode and the error message also showed up

Reviewers: epriestley, btrahan

Reviewed By: epriestley

CC: aran, epriestley

Maniphest Tasks: T764

Differential Revision: https://secure.phabricator.com/D1370
2012-01-11 18:09:14 -08:00
epriestley
af37b637f5 Detect un-cookieable domain confiugration and explode
Summary:
Chrome/Chromium won't set cookies on these domains, at least under
Ubuntu. See T754. Detect brokenness and explode.

Test Plan:
Logged into phabricator as "http://derps/" (failed) and
"http://derps.com/" (worked) in Chromium. Set config to "http://derps/" (config
exploded) and "http://local.aphront.com/" (config OK).

Reviewers: btrahan, jungejason

Reviewed By: btrahan

CC: aran, btrahan

Maniphest Tasks: T754

Differential Revision: https://secure.phabricator.com/D1355
2012-01-11 08:12:50 -08:00
epriestley
522e5b4779 Build an event dispatch mechanism into Phabricator
Summary:
This is an attempt to satisfy a lot of the one-off requests a little more
generally, by providing a relatively generic piece of event architecture.

Allow the registation of event listeners which can react to various application
events (currently, task editing).

I'll doc this a bit better but I wanted to see if anyone had massive objections
to doing this or the broad approach. The specific problem I want to address is
that one client wants to do a bunch of routing for tasks via email, so it's
either build a hook, or have them override most of ManiphestReplyHandler, or
something slightly more general like this.

Test Plan: Wrote a silly listener that adds "Quack!" to a task every time it is
edited and edited some tasks. I was justly rewarded.

Reviewers: nh, jungejason, tuomaspelkonen, aran

Reviewed By: aran

CC: aran, epriestley

Differential Revision: 881
2011-09-30 12:16:40 -07:00
epriestley
1df7d4039e Store repository credentials with repositories
Summary:
Move toward storing credentials in configuration so it's easier to get the
daemons working. This should eventually solve all the key juggling junk you have
to do right now.

This only gets us part of the way to actually using these credentials in the
daemons since I have to go swap everything for $repository->execBlah().

I tried to write a web "Test Connection" button but it was too much of a mess to
get git to work since git doesn't give you access to its SSH command and SSH has
a bunch of interactive prompts which you can't really do anything about without
it or a bunch of ~/.ssh/config editing. This is what Git recommends:

https://git.wiki.kernel.org/index.php/GitFaq#How_do_I_specify_what_ssh_key_git_should_use.3F

..but it's not a great match for this use case.

Test Plan:
  - Only partial.
  - Ran "test_connection.php" on a Git repo with and without SSH, and with and
without valid credentials. This part works properly.
  - Ran "test_connection.php" on a public SVN repo, but I don't have private or
WEBDAV repos set up at the moment.
  - Mercurial doesn't work yet.
  - Daemons haven't been converted yet.

Reviewers: jungejason, tuomaspelkonen, aran

Reviewed By: jungejason

CC: aran, abdul, nmalcolm, epriestley, jungejason

Differential Revision: 888
2011-09-06 08:58:00 -07:00
epriestley
39b4d20ce5 Create AphrontWriteGuard, a backup mechanism for CSRF validation
Summary:
Provide a catchall mechanism to find unprotected writes.

  - Depends on D758.
  - Similar to WriteOnHTTPGet stuff from Facebook's stack.
  - Since we have a small number of storage mechanisms and highly structured
read/write pathways, we can explicitly answer the question "is this page
performing a write?".
  - Never allow writes without CSRF checks.
  - This will probably break some things. That's fine: they're CSRF
vulnerabilities or weird edge cases that we can fix. But don't push to Facebook
for a few days unless you're prepared to deal with this.
  - **>>> MEGADERP: All Conduit write APIs are currently vulnerable to CSRF!
<<<**

Test Plan:
  - Ran some scripts that perform writes (scripts/search indexers), no issues.
  - Performed normal CSRF submits.
  - Added writes to an un-CSRF'd page, got an exception.
  - Executed conduit methods.
  - Did login/logout (this works because the logged-out user validates the
logged-out csrf "token").
  - Did OAuth login.
  - Did OAuth registration.

Reviewers: pedram, andrewjcg, erling, jungejason, tuomaspelkonen, aran,
codeblock
Commenters: pedram
CC: aran, epriestley, pedram
Differential Revision: 777
2011-08-16 13:29:57 -07:00
epriestley
6f388f97d9 Improve Phabricator behavior for fatal errors
Summary:
  - Exceptions on the rendering pathway currently go uncaught and result in a
blank page. Commonly, this is a bad require_celerity_resource() call. Although
we can't safely render a page if the rendering pathway is broken, we can show a
useful message.
  - When PHP exits because of a fatal error, there is an opportunity to run code
in the shutdown handler. This allows us to show messages at least some of the
time, e.g. "call to unknown function derp() in somefile.php at line 99"
  - flip dem tables

Test Plan: Added fatals ("derp();") and rendering exceptions
("require_celerity_resource('does-not-exist')") to a controller and verified
that the error handling behavior is now more useful.
Reviewed By: aran
Reviewers: jungejason, tuomaspelkonen, aran
CC: aran, epriestley
Differential Revision: 680
2011-07-18 07:23:01 -07:00
epriestley
d28326446d Detect obviously erroneous "memory_limit" configurations
Summary: See comment. ALSO: THIS DIFF IS AMAZING.
Test Plan: Changed my memory limit to something absurd, got yelled at.
Reviewed By: mroch
Reviewers: colmdoyle, jungejason, aran, tuomaspelkonen, codeblock, tomo, mroch,
hsb
CC: aran, mroch, epriestley
Differential Revision: 657
2011-07-12 15:52:32 -07:00
epriestley
7aa3582120 Improve error messages for PHABRICATOR_ENV
Summary:
- Allow user to specify "myconf" (recommended) or "myconf.conf.php" (less
surprising).
  - Make sure syntax errors and other problems are surfaced.
  - If the configuration value isn't valid, give them a list of all valid
values.

Test Plan:
- Added a syntax error, got a useful error.
  - Set PHABRICATOR_ENV to a silly value, got a list of valid values.
  - Set PHABRICATOR_ENV to have .conf.php suffix, site still worked.

Reviewed By: kevinwallace
Reviewers: kevinwallace, codeblock, aran, jungejason, tuomaspelkonen
CC: aran, epriestley, kevinwallace
Differential Revision: 381
2011-05-31 19:18:36 -07:00
epriestley
d202e71ef1 Use parallel syntax highlighting API in differential
Summary:
Use the new API from D322 to highlight text in parallel in Differential.

Test Plan:
Verified that pygemntize calls started within 20ms of one another in DarkConsole
(also: added a feature to let me do this) instead of running serially.

Reviewed By: aran
Reviewers: jungejason, tuomaspelkonen, aran
CC: aran
Differential Revision: 323
2011-05-22 07:21:10 -07:00
epriestley
c6beb7a4fb Move to explicit initialization of PhutilErrorHandler. 2011-05-11 07:20:04 -07:00
epriestley
f7e2b03077 Add a "setup" mode which guides new users through application configuration
Summary:
Alters the installation instructions to guide installers into a "setup" mode
which does config file sanity checking.

Test Plan:
Put myself in setup mode, simulated all the failures it detects, took myself out
of setup mode, Phabricator works OK.

Reviewed By: tuomaspelkonen
Reviewers: jungejason, tuomaspelkonen, aran
CC: aran, tuomaspelkonen, epriestley
Differential Revision: 230
2011-05-10 15:12:30 -07:00
epriestley
5da364f8f9 Detect and fatal on magic_quotes_gpc
Summary:
This is evil, don't run with it enabled. Somehow got enabled on my
laptop?

Test Plan:
Loaded phabricator with magic_quotes_gpc enabled, was rebuffed.

Reviewed By: aran
Reviewers: jungejason, tuomaspelkonen, aran
CC: aran
Differential Revision: 184
2011-04-29 20:26:05 -07:00
epriestley
aa0ff43999 xhpastview 2011-04-06 22:43:56 -07:00
tuomaspelkonen
d5ee8c792c Modified DarkConsole Error Log to show more detailed information.
Summary:
When function phlog() is called, stacktrace and detailed log information
is shown in DarkConsole.

Test Plan:
Called 'phlog' function from various places in Phabricator and checked that
the debug information was available in DarkConsole.

Reviewed By: epriestley
Reviewers: epriestley
CC: jungejason, epriestley
Differential Revision: 101
2011-04-06 14:30:54 -07:00
epriestley
c72d9980d5 Slightly improve error message when the user specifies a bogus
config file.
2011-04-05 10:48:36 -07:00
epriestley
cc66c4890d Commit + Herald integration. 2011-04-04 14:13:14 -07:00
epriestley
3af9919e1c Add 'phabricator.timezone' config for HPHP installs. 2011-04-02 17:21:16 -07:00
epriestley
e6cf7a9cb0 More Diffusion junk. 2011-03-30 22:08:41 -07:00
epriestley
a100d97ed5 Preserve "next" URI by using OAuth 'state' parameter
Summary:
When a user clicks a link like /T32 and has to login, redirect them
to the resource once they've authenticated if possible. OAuth has a param
specifically for this, called 'state', so use it if possible. Facebook
supports it but Github does not.

Test Plan:
logged in with facebook after viewing /D20

Reviewed By: aran
Reviewers: aran
CC: aran, epriestley
Differential Revision: 61
2011-03-07 22:00:57 -08:00
epriestley
6439cd9856 Revert HipHop volatile symbol workaround. 2011-03-02 17:21:23 -08:00
epriestley
eccc76dae6 Fix some issues caught by HipHop, and work around some issues
caused by HipHop.
2011-02-26 21:01:42 -08:00
epriestley
d4bd2b0edd Add support for a PHUTIL_LIBRARY_ROOT variable in $_SERVER to make
it easeir to build Phabricator for hphp.
2011-02-25 18:58:37 -08:00
epriestley
0114a29681 Improve some of the top-level application hooks and setup messages.
Summary:

Test Plan:

Reviewers:

CC:
2011-02-24 14:52:57 -08:00
epriestley
a4852d4a64 Dedupe conf loading function.
Summary:

Test Plan:

Reviewers:

CC:
2011-02-11 13:17:06 -08:00
epriestley
7c3cd26510 Do an explicit check for MySQL install status.
Summary:

Test Plan:

Reviewers:

CC:
2011-02-07 20:55:33 -08:00
epriestley
c93dd9c090 Flesh out some DarkConsole stuff. 2011-02-02 22:38:42 -08:00
epriestley
a5c0c277ca Very slightly less terrible XHProf implementation. 2011-02-02 16:14:23 -08:00
epriestley
759eec3a77 Very rough cut of DarkConsole + XHProf 2011-02-02 13:48:52 -08:00
epriestley
03fec6e911 PhabricatorEnv
'infratructure' -> 'infrastructure' (rofl)
Recaptcha
Email Login / Forgot Password
Password Reset
2011-01-31 11:55:26 -08:00
epriestley
6c37f918b1 Somewhat proper 404 page, plus HTTP response code. 2011-01-30 08:44:28 -08:00
epriestley
ccf7df6093 Authentication 2011-01-26 15:34:20 -08:00
epriestley
dec8bac3a3 Conduit: differential.creatediff 2011-01-24 11:28:12 -08:00
epriestley
76258ce0e1 Import some code, some of which may be relevant to the project. 2011-01-17 19:31:39 -08:00