1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-23 14:00:56 +01:00
Commit graph

11026 commits

Author SHA1 Message Date
Chad Little
9ea6249a18 Shrink aphront table headers
Summary: These already have a larger font, the extra height isn't needed. Make them the same size as `td`

Test Plan: Look at a bunch of tables.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Differential Revision: https://secure.phabricator.com/D14135
2015-09-19 19:42:19 -07:00
Chad Little
666f19e504 Make icon setting in Section Headers easier/consistent
Summary: You can already pass other icons, but this makes it a bit simpler.

Test Plan: Test Maniphest, Badges

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Differential Revision: https://secure.phabricator.com/D14131
2015-09-19 11:29:01 -07:00
Chad Little
9c43853815 Restore the delicate balance of the universe 2015-09-18 13:59:11 -07:00
Chad Little
36c8df3ef9 Add pageObjects to Macro
Summary: Fixes T9442

Test Plan: Like a macro, log out, switch to notchad, clear notification by visiting page

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Maniphest Tasks: T9442

Differential Revision: https://secure.phabricator.com/D14129
2015-09-18 13:58:07 -07:00
Chad Little
ce7aa92c67 Normalize Paste, Remarkup code embed colors
Summary: These currently use different yellows, and more importantly when pygmentized, is hard to read. This lightens up code embeds and pastes.

Test Plan:
Review Diviner docs, Pastes, and normal code embeds.

{F820471}

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: tycho.tatitscheff, Korvin

Differential Revision: https://secure.phabricator.com/D14123
2015-09-17 08:23:22 -07:00
Chad Little
f899762364 Better Paste layout on mobile
Summary: Builds a container of paste, makes it smaller on mobile.

Test Plan: View on desktop, tablet, mobile.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Differential Revision: https://secure.phabricator.com/D14122
2015-09-17 08:22:40 -07:00
Chad Little
2e0cbaa366 Usability updates to ActionPanel
Summary: Wraps entire element in the anchor tag, gives a hover state, makes icons bounce.

Test Plan: Hover and click.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Differential Revision: https://secure.phabricator.com/D14124
2015-09-17 08:22:23 -07:00
Chad Little
23b2653f52 More ActionPanel colors, hardening
Summary: Adds full ROYGBIVP color spectrum, adds basic overflow, collapse protection.

Test Plan: Review small and large panels are various breakpoints.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Differential Revision: https://secure.phabricator.com/D14120
2015-09-16 09:22:31 -07:00
Chad Little
a62337dcd8 Update PHUIActionPanelView
Summary: Making these a little more fun, a little more flexible and better looking. Will have an update for rSAAS in a bit.

Test Plan:
Make lots of them. Click.

{F815658}

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Differential Revision: https://secure.phabricator.com/D14115
2015-09-15 18:32:01 -07:00
epriestley
0449a07f53 Add bin/auth unlimit and clean up a TODO
Summary:
I stumbled across this TODO and was worried that there was a glaring hole in MFA that I'd somehow forgotten about, but the TODO is just out of date.

These actions are rate limited properly by `PhabricatorAuthTryFactorAction`, which permits a maximum of 10 actions per hour.

  - Remove the TODO.
  - Add `bin/auth unlimit` to make it easier to reset rate limits if someone needs to do that for whatever reason.

Test Plan:
  - Tried to brute force through MFA.
  - Got rate limited properly after 10 failures.
  - Reset rate limit with `bin/auth unlimit`.
  - Saw the expected number of actions clear.

{F805288}

Reviewers: chad

Reviewed By: chad

Subscribers: joshuaspence

Differential Revision: https://secure.phabricator.com/D14105
2015-09-14 07:03:39 -07:00
epriestley
6bd8ee861c Use PEAR Text_Figlet to render figlet fonts
Summary:
Ref T7785. Makes Figlet available without installing the `figlet` package.

The PEAR Text_Figlet code is really sketchy and includes this API, which is quite marvelous:

```
    function loadFont($filename, $loadgerman = true)
```

At some point, this should probably be rewritten into a modern style, but it's not trivial since the figlet file format and rendering engine are somewhat complicated. I made some adjustments:

  - Broke the dependency on the PEAR core.
  - Prevented it from doing any wrong HTML escaping.
  - Looked through it for any glaring security or correctness problems.

This code isn't very pretty or modern, but as far as I can tell it's safe and does render Figlet fonts in a reasonable way.

Test Plan: {F803268}

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T9408, T7785

Differential Revision: https://secure.phabricator.com/D14102
2015-09-13 12:31:07 -07:00
epriestley
935ced1edd Include "Figlet" and PEAR "Text_Figlet" in externals
Summary:
Ref T7785. This prepares for (but does not yet use) a pure PHP implementation of Figlet parsing and rendering.

Figlet is somewhat complex, but a parser already exists in PEAR. I'll make sure it's suitable and hook it up in the next diff.

Test Plan: N/A, code not reachable

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T9408, T7785

Differential Revision: https://secure.phabricator.com/D14101
2015-09-13 12:30:48 -07:00
epriestley
c705c8011e Use PHP implementation of Cowsay for cowsay rule
Summary:
Ref T7785. Convert the Cowsay Remarkup rule to use a PHP implementation so we don't have to execute an external `cowsay` binary.

I removed some of the default ".cow" files that come with Cowsay because they:

  - include Perl code which we can not interpret; or
  - are primarily in-jokes or standalone visual puns or artwork rather than usable actors on the grand stage of cowsay; or
  - offended my delicate sensibilities.

Users can add new cows to `resources/cows/custom/` if they want to make new cows available.

I have included a majestic original artwork depicting the "Companion Cube" character from //Portal//.

Test Plan: {F802535}

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T9408, T7785

Differential Revision: https://secure.phabricator.com/D14100
2015-09-13 12:27:30 -07:00
epriestley
c02f750267 Remove dot/Graphviz Remarkup rule
Summary: Ref T9408. This rule is unsafe in principle, and a practical vulnerability has been found by a security researcher.

Test Plan: `grep`

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T9408

Differential Revision: https://secure.phabricator.com/D14103
2015-09-13 12:27:23 -07:00
Chad Little
d199560a6b Add a box around the pager in Diffusion
Summary: Fixes T9392, adds some sweet sweet margin to the pager.

Test Plan: See pager with new padding, test different pages, breakpoints.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Maniphest Tasks: T9392

Differential Revision: https://secure.phabricator.com/D14098
2015-09-11 08:59:56 -07:00
epriestley
1c45a7d8e2 Revert "Allow search results to be snippeted, roughly"
Summary:
This reverts commit 1583738842.

See T8646 for discussion. This version of the feature feels terrible on real data.

Test Plan: Strict revert.

Reviewers: chad

Reviewed By: chad

Differential Revision: https://secure.phabricator.com/D14097
2015-09-10 20:57:26 -07:00
epriestley
6679a85ee1 Leafy vegetables from out-of-order lands. 2015-09-10 19:52:36 -07:00
epriestley
4e181a5611 Clean up browse/history links in Diffusion
Summary:
Fixes T9126. In particular:

  - Add "Browse" links to all history views.
  - Use icons to show "Browse" and "History" links, instead of text.
  - Use FontAwesome.
  - Generally standardize handling of these elements.

This might need a little design attention, but I think it's an improvement overall.

Test Plan:
  - Viewed repository history.
  - Viewed branch history.
  - Viewed file history.
  - Viewed table of contents on a commit.
  - Viewed merged changes on a merge commit.
  - Viewed a directory containing an external.
  - Viewed a deleted file.

{F788419}

{F788420}

{F788421}

{F788422}

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T9126

Differential Revision: https://secure.phabricator.com/D14096
2015-09-10 19:28:49 -07:00
epriestley
1583738842 Allow search results to be snippeted, roughly
Summary:
Ref T8646. This is fairly rough:

This interface is very niche, and not really flexible enough to accommodate other result customization (but I don't think we have any plans here)?

I'm just //summarizing// the content of documents, basically showing the first paragraph of their content, summary, etc. This isn't what Google does: it shows snippets surrounding the actual search terms. However, this is more involved and might be less useful in structured data: for example, I'd imagine that the first line of most phriciton documents, maniphest tasks and Differential revisions really might be the best machine-generatable summary of them. The actual contextual snippeting in Google doesn't often seem hugely useful to me. But this might also not be very useful.

There's not much design, not sure if you had any ideas.

I only implemented this for tasks, revisions and the wiki since those seem most useful.

I'm generally on the fence about this, but it's not a ton of work to swap out for something else later. Maybe we can see how it feels? But happy to toss it or rethink the approach.

Test Plan: {F788026}

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T8646

Differential Revision: https://secure.phabricator.com/D14095
2015-09-10 19:06:36 -07:00
Mihir Kedia
ae0348aac9 Add dialog to purge opcode/data caches
Summary: Reachable via the cache config page, restricted to admins only. This makes it convenient to hotfix phabricator without requiring a restart.

Test Plan:
  - Local dev machine doesn't have apc, so I get the not installed message.
  - Faked the name and isEnabled parameters, verified dialog shows up as expected.
  - Didn't test clear code

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: tycho.tatitscheff, joshuaspence, Korvin

Differential Revision: https://secure.phabricator.com/D14064
2015-09-10 14:19:02 -07:00
epriestley
f8080ce931 Add CustomField support to Owners
Summary: Fixes T9351. This is straightforward since this application is now relatively modern and doesn't have any bizarre craziness.

Test Plan:
{F787981}

{F787982}

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T9351

Differential Revision: https://secure.phabricator.com/D14093
2015-09-10 13:32:31 -07:00
epriestley
093a625698 Show users what's wrong when they try to edit an inline with an editor already open
Summary: Fixes T8572. Ideally we would probably just permit this, but clean up the behavior until the day arrives when inline code is actually rewritten.

Test Plan:
  - Tried to launch editors in Differential and Diffusion while comments were already open.
  - Verified that "Jump to inline" works in both cases.

{F788008}

{F788009}

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T8572

Differential Revision: https://secure.phabricator.com/D14094
2015-09-10 11:36:38 -07:00
epriestley
738cb1fa78 Fix Mercurial unable to authenticate with HTTP when pulling
Summary: As described in T7959, it looks like Diffusion does not provide Mercurial the required HTTP credentials when pulling from an external repository.

Test Plan: Add an external Mercurial repository to Diffusion, that requires HTTP authentication. A private BitBucket repository for example.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: epriestley

Projects: #mercurial, #diffusion

Differential Revision: https://secure.phabricator.com/D14092
2015-09-10 05:40:14 -07:00
epriestley
25786df3a1 Give "Arcanist Client Results" a more clear name
Summary: Fixes T9380. See that task for discussion. This doesn't feel awesome but is maybe the least-bad fix? I think this name is clearer.

Test Plan: Looked at autoplan in Harbormaster, saw new name.

Reviewers: meitros, chad

Reviewed By: chad

Maniphest Tasks: T9380

Differential Revision: https://secure.phabricator.com/D14088
2015-09-09 19:18:08 -07:00
epriestley
de01f3e2e0 Add Maniphest Task email creator to CCs
Summary: Fixes T9369.

Test Plan:
  - Sent a mail with Mail.app to `bugs@local.phacility.com`.
  - Used "View Raw Mail", copy-pasted it into `mail.txt` on disk.
  - Ran `cat mail.txt | ./scripts/mail/manage_mail.php --process-duplicates`.
  - Saw task get created and me get added as CC.
  - Changed "To" to include another user, ran command again, saw task get created and other user get added as CC.

Reviewers: chad

Reviewed By: chad

Subscribers: Korvin

Maniphest Tasks: T9369

Differential Revision: https://secure.phabricator.com/D14086
2015-09-09 14:07:07 -07:00
epriestley
345cc66f0f Fix some missing "@" in doclinks
Summary: Fixes T9368.

Test Plan: Grepped for "Adding New Classes".

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T9368

Differential Revision: https://secure.phabricator.com/D14087
2015-09-09 14:06:49 -07:00
epriestley
d2374c468f Fix missing willUpload hook for drag-and-drop chunked upload
Summary:
Ref T9324. When you upload a normal file, we call `willUpload` and then `didUpload`.

When you upload a chunked file, we never call `willUpload`. This can get things out of sync. Make sure we invoke this event for both chunked and non-chunked uploads.

Test Plan: Got cleaner behavior (redirect after all uploads finish) in new Phacility file upload area.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T9324

Differential Revision: https://secure.phabricator.com/D14083
2015-09-08 16:20:58 -07:00
epriestley
7425407c12 Improve bin/config set errors for complex values
Summary:
  - Fix missing space before "For example:".
  - Fix instruction to run `bin/config set value` instead of `bin/config set key value`.
  - Minor cleanup.

Test Plan: Tried to set `files.image-mime-types`, `load-libraries`.

Reviewers: chad

Reviewed By: chad

Differential Revision: https://secure.phabricator.com/D14080
2015-09-08 08:49:33 -07:00
epriestley
6915011067 Provide an AphrontController implementation of willSendResponse()
Summary: This is required by Aphront now but not given a default implementation in the base class.

Test Plan: CORGI sites now work.

Reviewers: chad

Reviewed By: chad

Differential Revision: https://secure.phabricator.com/D14079
2015-09-07 17:18:35 -07:00
Chad Little
5794d45da3 Fix word-break on remarkup tables
Summary: Tables headers break all kinds of funky even though we set `word-break` to word presumably because width is not calculated. Just use normal breaks.

Test Plan: Test developer documentation table in sand box, table is readable on desktop, phone break points.

Reviewers: epriestley

Subscribers: Korvin

Differential Revision: https://secure.phabricator.com/D14063
2015-09-05 10:06:45 -07:00
epriestley
76665f725b Correct a bad Herald migration
Summary:
One of the migrations in rPa335004a91 (`20150730.herald.5.sql`) incorrectly swapped "add" and "add blocking" Differential Herald rules.

Swap any rules last modified before this patch was applied back. This is the best we can do without possibly overwriting more recent, intentional data. I'll issue some guidance on this in the changelog.

Test Plan:
  - Made a rule, ran patch, no change.
  - Changed rule modified time to a few months ago, ran patch, saw swap from non-blocking to blocking.

Reviewers: chad

Reviewed By: chad

Differential Revision: https://secure.phabricator.com/D14061
2015-09-04 15:11:25 -07:00
epriestley
5dccc14bbf Modularize generation of supplemental login messages
Summary:
Ref T9346. This mostly allows us to give users additional advice based on which instance they are trying to log in to in the Phacility cluster.

It's also slightly more flexible than `auth.login-message` was, and maybe we'll add some more hooks here eventually.

This feels like it's a sidegrade in complexity rather than really an improvement, but not too terrible.

Test Plan:
  - Wrote the custom handler in T9346 to replicate old config functionality.
  - Wrote a smart handler for Phacility that can provide context-sensitive messages based on which OAuth client you're trying to use.

See new message box at top (implementation in next diff):

{F780375}

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T9346

Differential Revision: https://secure.phabricator.com/D14057
2015-09-04 10:34:39 -07:00
epriestley
6f372943db Add support for temporary files to file.allocate
Summary:
Ref T7148. I can do most of the export stuff by only modifying the Instances codebase, but want to upload all the backups and exports as temporary files and can't currently do this via the API.

Make the necessary API changes so that the export workflow can use them when it gets built out.

Test Plan: See next diff. Uploaded files with `arc upload --temporary` and saw them upload as temporary files.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T7148

Differential Revision: https://secure.phabricator.com/D14055
2015-09-04 10:34:32 -07:00
Chad Little
7641c9c7bc Build LauncherButton for PHUIObjectItemView
Summary: There are a handful of places I've been wanting to use a button here. Adds that ability and uses in app launcher.

Test Plan:
Test Applicatons->Launcher at desktop, mobile, tablet breakpoints

{F780453}

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Differential Revision: https://secure.phabricator.com/D14059
2015-09-04 10:34:25 -07:00
epriestley
cd2f9786bf Shuffle various parts of the config edit UI around
Summary:
Fixes T9339.

  - Don't show edit control for locked config at all.
  - Don't show a "Cancel" button either.
  - Change "Value" label to "Database Value" for non-custom config.
  - Highlight effective value.
  - Move examples under current state.
  - Tweak some formatting.

Test Plan: {F777878}

Reviewers: chad, avivey

Reviewed By: chad, avivey

Subscribers: avivey

Maniphest Tasks: T9339

Differential Revision: https://secure.phabricator.com/D14054
2015-09-03 12:15:30 -07:00
Chad Little
29399849c0 Scroll on overflow of property list (mobile)
Summary: Fixes T9314. Functionally phui-status-list should get moved off a table, but that's another day. This catches many other possible issues.

Test Plan: Review changes on a narrow browser.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Maniphest Tasks: T9314

Differential Revision: https://secure.phabricator.com/D14036
2015-09-03 11:06:39 -07:00
Chad Little
42ed524120 Break long strings in all remarkup areas
Summary: Fixes T9264. I'm surprised this hasn't come up before, but any long string or URL in remarkup will overflow and cause remarkup areas to scroll. Prefer breaking these words.

Test Plan:
Review a timeline feed in Differential and a Ponder answer.

{F768105}

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Maniphest Tasks: T9264

Differential Revision: https://secure.phabricator.com/D14018
2015-09-03 11:03:21 -07:00
Chad Little
1e1551d970 Add CCs to Phriction Edit page
Summary: Fixes T4099. Allows prepopulating CCs when building Phriction pages.

Test Plan: Add notchad, remove notchad.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Maniphest Tasks: T4099

Differential Revision: https://secure.phabricator.com/D14042
2015-09-03 10:55:17 -07:00
Chad Little
4428a25a7c Minor Ponder Comment tweaks
Summary: Makes the New Comment, See Comments more obviously placed to find.

Test Plan: Review new CSS, answer question, comment, etc.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Differential Revision: https://secure.phabricator.com/D14043
2015-09-03 10:53:16 -07:00
epriestley
9d0332c2c0 Modernize OAuthserver and provide more context on "no permission" exception
Summary:
Ref T7173. Depends on D14049. Now that Phacility can install custom exception handlers, this puts enough information on the exception so that we can figure out what to do with it.

  - Generally modernize some of this code.
  - Add some more information to PolicyExceptions so the new RequestExceptionHandler can handle them properly.

Test Plan: Failed authorizations, then succeeded authorizations. See next diff.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T7173

Differential Revision: https://secure.phabricator.com/D14050
2015-09-03 10:05:23 -07:00
epriestley
1fc60a9a6e Modularize Aphront exception handling
Summary:
Ref T1806. Ref T7173. Depends on D14047.

Currently, all exception handling is in this big messy clump in `AphrontDefaultApplicationConfiguration`.

Split it out into modular classes. This will let a future change add new classes in the Phacility cluster which intercept particular exceptions we care about and replaces the default, generic responses with more useful, tailored responses.

Test Plan:
{F777391}

- Hit a Conduit error (made a method throw).
- Hit an Ajax error (made comment preview throw).
- Hit a high security error (tried to edit TOTP).
- Hit a rate limiting error (added a bunch of email addresses).
- Hit a policy error (tried to look at something with no permission).
- Hit an arbitrary exception (made a randomc ontroller throw).

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T1806, T7173

Differential Revision: https://secure.phabricator.com/D14049
2015-09-03 10:04:42 -07:00
epriestley
20ce1a905f Replace AphrontUsageException with AphrontMalformedRequestException
Summary:
Ref T1806. Ref T7173. Context here is that I want to fix "you can not log in to this instance" being a confusing mess with an opaque error. To do this without hacks, I want to:

  - clean up some exception handling behavior (this diff);
  - modularize exception handling (next diff);
  - replace confusing, over-general exceptions with tailored ones in the Phacility cluster, using the new modular stuff.

This cleans up an awkward "AphrontUsageException" which does some weird stuff right now. In particular, it is extensible and extended in one place in Diffusion, but that extension is meaningless.

Realign this as "AphrontMalformedRequestException", which is a better description of what it is and does: raises errors before we can get as far as normal routing and site handling.

Test Plan: Hit some of these exceptions, saw the expected "abandon all hope" error page.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T1806, T7173

Differential Revision: https://secure.phabricator.com/D14047
2015-09-03 10:04:17 -07:00
epriestley
7ebbe0fe71 Add a "Printable Version" link to Phortune invoices
Summary:
Ref T9309. This is a minor quality of life improvement, hopefully. We already have print CSS, just expose it more clearly.

Also, hide actions (these never seem useful?) and footers from printable versions. I opened the printable version in a new window since it now doesn't have any actions.

Test Plan:
{F777241}

{F777242}

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T9309

Differential Revision: https://secure.phabricator.com/D14045
2015-09-03 10:03:50 -07:00
epriestley
28621244ad Fix abrupt failure mode for uncloned repositories in Diffusion
Summary:
Fixes T9080. We try to list alternatives for the current ref (for example, if you're viewing a branch named "master" but there's also a tag named "master", or, in Mercurial, there are several branches named "master") but fail to abruptly if we can't get the list.

It's fine if we can't get the list; just continue. This is common when the repository hasn't cloned yet.

Test Plan: In a local repository with bad credentials, tried to do anything before and after. Before: completely blocked by error; after: things work normally.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T9080

Differential Revision: https://secure.phabricator.com/D14044
2015-09-03 10:03:31 -07:00
epriestley
a13db0a3ec Allow Controllers to return a wider range of "response-like" objects
Summary:
Ref T1806. Ref T5752. Currently, `handleRequest()` needs to return an `AphrontResponse`, but sometimes it's really convenient to return some other object, like a Dialog, and let that convert into a response elsewhere.

Formalize this and clean up some of the existing hacks for it so there's less custom/magical code in Phabricator-specific classes and more general code in Aphront classes.

More broadly, I want to clean up T5752 before pursuing T9132, since I'm generally happy with how `SearchEngine` works except for how it interacts with side navs / application menus. I want to fix that first so a new Editor (which will have a lot in common with SearchEngine in terms of how controllers interact with it) doesn't make the problem twice as bad.

Test Plan:
  - Loaded a bunch of normal pages.
  - Loaded dialogs.
  - Loaded proxy responses (submitted empty comments in Maniphest).

Reviewers: chad

Reviewed By: chad

Subscribers: joshuaspence

Maniphest Tasks: T1806, T5752

Differential Revision: https://secure.phabricator.com/D14032
2015-09-01 15:52:52 -07:00
epriestley
29948eaa5b Use phutil_hashes_are_identical() when comparing hashes in Phabricator
Summary: See D14025. In all cases where we compare hashes, use strict, constant-time comparisons.

Test Plan: Logged in, logged out, added TOTP, ran Conduit, terminated sessions, submitted forms, changed password. Tweaked CSRF token, got rejected.

Reviewers: chad

Reviewed By: chad

Subscribers: chenxiruanhai

Differential Revision: https://secure.phabricator.com/D14026
2015-09-01 15:52:44 -07:00
epriestley
13516cf35f Fix an issue with "packages(...)" in typeaheads
Summary:
Fixes T9302. This datasource wasn't resolving package PHIDs correctly for the actual query.

Also fixes an issue with the "Affected packages that need audit" Herald rule.

Test Plan: Ran a "Needs Audit" query with only packages, and only `packages(user)`.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T9302

Differential Revision: https://secure.phabricator.com/D14029
2015-09-01 15:35:25 -07:00
epriestley
809c7fb4f3 Fix an issue where paths could bleed across repos in Owners
Summary:
Ref T8320. I missed this a while ago and then it came to me in a dream.

Only consider paths in the same repo when looking at ownership.

(I think this is rarely reachable in practice.)

Test Plan: Verified that files and commits still listed ownership properly.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T8320

Differential Revision: https://secure.phabricator.com/D14022
2015-09-01 08:07:06 -07:00
epriestley
ce7c2097b2 Update Owners docs a bit
Summary:
Fixes T9218. Fixes T8320. Fixes T8661. This isn't exhaustive but documents the stuff that cropped up in this iteration as needing documentation. In particular:

  - Be explicit about multiple ownership.
  - Explain value of having one place to update your giant regexp of a trillion paths.

Test Plan: Read documentation.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T8320, T8661, T9218

Differential Revision: https://secure.phabricator.com/D14023
2015-08-31 16:01:01 -07:00
epriestley
fe66d52a22 Don't copy null attributes passed to JX.$N()
Summary:
Fixes T8919. In Safari, `node.href = null;` has no effect, but in Chrome it is like `node.href = "null";`.

Instead, just use semantics similar to `phutil_tag()`: don't assign attributes with `null` values.

Test Plan:
No more `/null` href in Chrome in Owners typehaead.

Typeahead still works in Chrome/Safari.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T8919

Differential Revision: https://secure.phabricator.com/D14021
2015-08-31 15:52:04 -07:00