1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-29 17:00:59 +01:00
Commit graph

3918 commits

Author SHA1 Message Date
vrana
a22ef4e9b4 Kill most of phutil_escape_html()
Summary:
This resolves lots of double escaping.
We changed most of `phutil_render_tag(, , $s)` to `phutil_tag(, , $s)` which means that `$s` is now auto-escaped.
Also `pht()` auto escapes if it gets `PhutilSafeHTML`.

Test Plan: None.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T2432

Differential Revision: https://secure.phabricator.com/D4889
2013-02-11 15:27:38 -08:00
vrana
9b8da73765 Convert AphrontTableView to safe HTML
Summary:
Lots of killed `phutil_escape_html()`.

Done by searching for `AphrontTableView` and then `$rows` (usually) backwards.

Test Plan:
Looked at homepage.

  echo id(new AphrontTableView(array(array('<'))))->render();

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D4884
2013-02-09 15:11:38 -08:00
vrana
58b6e2cac6 Convert AphrontDialogView to safe HTML
Summary:
Done by searching for `AphrontDialogView` and then `appendChild()`.

Also added some `pht()`.

Test Plan: None.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D4882
2013-02-09 15:11:35 -08:00
vrana
e4736bf977 Avoid double escaping in error view title
Summary: Searched for `AphrontErrorView` and then for `setTitle()`.

Test Plan: None.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T2432

Differential Revision: https://secure.phabricator.com/D4880
2013-02-09 15:11:33 -08:00
epriestley
7ec8e885e1 Merge branch 'master' into phutil_tag
(Final final sync.)
2013-02-08 17:29:32 -08:00
vrana
d817dfa8fc Convert some phutil_escape_html() to hsprintf()
Summary: Found by `sgrep_php -e '"...".phutil_escape_html(...)'`.

Test Plan:
/
/D1
/uiexample/
/countdown/1/
/herald/transcript/1/all/

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T2432

Differential Revision: https://secure.phabricator.com/D4869
2013-02-08 15:59:02 -08:00
epriestley
51947ac332 Make diviner documentation generation book-oriented
Summary:
I want to allow a single project to generate multiple "books" of documentation, so we can separate user-facing documentation from technical documentation and such.

Generalize the ".divinerconfig" file into a "diviner book" configuration file.

Since only the "generate" workflow actually reads any of this stuff, move it all down into the generate workflow.

Also, namespace the cache.

Test Plan: Ran `bin/diviner generate --book src/docs/user.book`, saw appropriate output. Verified cache generated in a namespace in `.divinercache/`.

Reviewers: btrahan, indiefan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T988

Differential Revision: https://secure.phabricator.com/D4857
2013-02-08 10:48:30 -08:00
epriestley
6e5d8d4577 Fix documentation to require "sudo" for bin/aphlict
Summary: This script must run as root because it requires a privileged port to enable the flash cross-domain stuff. We give you a useful error message if you don't run it as root, but can be more clear in the documentation.

Test Plan: Read file

Reviewers: Afaque_Hussain, btrahan

Reviewed By: Afaque_Hussain

CC: aran

Differential Revision: https://secure.phabricator.com/D4867
2013-02-08 10:48:23 -08:00
Chad Little
51dfeb7950 pht for phriction
Summary: Scan all phriction app files for text to pht

Test Plan: Use phriction in ALL CAPS, seems reasonably usable.

Reviewers: epriestley, btrahan

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D4862
2013-02-08 09:54:27 -08:00
Afaque Hussain
9c19e9b7d8 Preserving the Animation of Gif Images
Summary: Preserving animation of GIF profile Pictures

Test Plan: Uploaded Animated images as profile pictures to check if the animation of gif images is preserved and it does :) somewhat !

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D4833
2013-02-08 09:42:28 -08:00
Chad Little
cc084822da Remove panel background in Phriction
Summary: For consistency, remove panel backgrounds on forms.

Test Plan: Reload pages

Reviewers: btrahan, epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D4863
2013-02-08 08:00:17 -08:00
Lauri-Henrik Jalonen
bed728f23e Show saved inline comments
Summary: Saved inline comments are now shown for images.

Test Plan: Verified that inline comments are loaded and shown.

Reviewers: epriestley

CC: aran, Korvin

Maniphest Tasks: T2446

Differential Revision: https://secure.phabricator.com/D4866
2013-02-08 07:40:55 -08:00
vrana
7063ee638e Pass actor to revision unsubscriber editor
Summary: I wonder how I tested this.

Test Plan: Subscribed, unsubscribed.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D4860
2013-02-07 18:19:19 -08:00
vrana
138da5a279 Kill some PhutilSafeHTML
Summary: Also couple of unrelated Ponder changes.

Test Plan: /Q5

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D4858
2013-02-07 18:01:01 -08:00
vrana
7dd19ba93f Convert AphrontFormLayoutView to safe HTML
Summary: Searched for `AphrontFormLayoutView` and then `appendChild()`.

Test Plan: /V1

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T2432

Differential Revision: https://secure.phabricator.com/D4856
2013-02-07 18:01:00 -08:00
vrana
afc5333bb3 Convert AphrontFormView to safe HTML
Summary: Searched for `AphrontFormView` and then for `appendChild()`.

Test Plan: /login/

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T2432

Differential Revision: https://secure.phabricator.com/D4855
2013-02-07 18:01:00 -08:00
vrana
85961c8eca Convert AphrontFormInsetView to safe HTML
Summary: Done by searching for `AphrontFormInsetView` and verifying all method calls.

Test Plan: /repository/edit/1/tracking/

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T2432

Differential Revision: https://secure.phabricator.com/D4845
2013-02-07 18:00:59 -08:00
vrana
059920c2da Convert AphrontErrorView to safe HTML
Summary: Done by searching for `AphrontErrorView` and then `appendChild()`.

Test Plan:
Looked at Commit Detail.
Looked at Revision Detail.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T2432

Differential Revision: https://secure.phabricator.com/D4843
2013-02-07 17:26:01 -08:00
Nick Harper
714a3cc536 Catch exception in differential
Summary:
This masks possible configuration issues and slightly degrades functionality
with the tradeoff of having differential work when phabricator isn't quite
configured correctly.

Test Plan:
remove directory for a repository, load differential revision from that repo,
and see differential load.

Reviewers: epriestley, vrana

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T2512

Differential Revision: https://secure.phabricator.com/D4859
2013-02-07 16:59:14 -08:00
Bob Trahan
275f708f14 Conpherence - make messages to btrahan@metamta.domain start conpherences
Summary: I'm not super happy with the prettiness of the code, but I wasn't able to come up with a good way to clean it up. Happy for suggestions.

Test Plan: sent message to btrahan@phabricator.dev from gmail. Copied raw email and piped it to mail_handler.php -- it created a conpherence! Repeated but sent to btrahan and xerxes and noted that the conpherence was created for both users

Reviewers: epriestley, chad

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T2431

Differential Revision: https://secure.phabricator.com/D4854
2013-02-07 15:17:11 -08:00
Chad Little
4cafbbc525 Fix IE7 and IE8 issues.
Summary: Resolves submit issues in IE7, scrollbars in IE7 and homepage layout issues in IE7 and IE8.

Test Plan: used IE7 and IE8. Logged in, bounced around. Checked Chrome as well.

Reviewers: epriestley, btrahan

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T2469, T2470

Differential Revision: https://secure.phabricator.com/D4853
2013-02-07 13:41:46 -08:00
Bob Trahan
07f72cf463 Fix conpherence name clearing bug
Summary: pre-patch, when you upload a photo if the conphernece has a name it gets cleared. Post patch this no longer happens. Patch also makes the case where you delete the conpherence name have more sensical text.

Test Plan: named a conpherence, uploaded an image, verified the name stayed the same. Deleted a conpherence name by changing the text to nothing and verified it work correctly, including having good transaction text.

Reviewers: epriestley, chad

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T2399

Differential Revision: https://secure.phabricator.com/D4852
2013-02-07 11:17:20 -08:00
Bob Trahan
56c8387403 rebuild celerity map - conpherence wasn't working.
Summary: .

Test Plan: conpherence loaded

Reviewers: epriestley, chad, vrana

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D4851
2013-02-07 10:46:08 -08:00
epriestley
5f9a063333 Use some HTTPSFuture in CampfireBot
Summary:
  - Use PhutilURI to correct for specifying "https://yourname.campfire.com/" instead of "https://yourname.campfire.com".
  - Use HTTPSFuture to get logging via `--trace` and error detection (CA stuff should be OK since 37signals has real certs).
  - On destruction, only try to leave rooms we've actually joined.

Test Plan: Setup a bot, had it join a room, talked to it.

Reviewers: indiefan

Reviewed By: indiefan

CC: aran

Differential Revision: https://secure.phabricator.com/D4849
2013-02-07 10:32:33 -08:00
epriestley
11bb8db970 Merge branch 'master' into phutil_tag
(Sync.)
2013-02-07 08:08:01 -08:00
Lauri-Henrik Jalonen
3ce3f5d368 Drafts are saved as inline comments for images when user comments mock
Summary: Drafts are saved as inline comments for images when user comments mock.

Test Plan: Verified that drafts receive transactionphid when user comments mock.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T2446

Differential Revision: https://secure.phabricator.com/D4850
2013-02-07 08:02:52 -08:00
indiefan
431e2bee6e First (rough) pass at campfire protocol adapter for bot.
Summary:
Decided the best approach for refactoring the message/command stuff would be to actually start implementing the campfire adapter to get a better idea of what the abstractions should look like. It feels awkward and unwieldy trying to maintain the irc command interface (notice the message instantiation in the `processReadBuffer()` method. However, i'm still not clear what the best approach is without requiring a re-write of nearly all the existing handlers and defining essentially a custom dsl on top of irc's.

I suppose given that alternative, implementing to irc's dsl doesn't sound all that bad. Just feels like poor coupling.

Also, I know that there is some http stuff in libphutil's futures library, but the https future is shit and I need to do some custom curlopt stuff I wasn't sure how to do with that. But if you think this should be refactored, let me know.

I tested this with the ObjectHandler (messages with DXXX initiate the bot to respond with the title/link just as with irc), but beyond that, I haven't tried any of the other handlers, so if there are complications you think i'm going to run into, just let me know (this is one of the reasons for requesting review early on).

Also, this diff is against my last one, even though that hasn't been merged down yet. It was starting to get large and I'd prefer to keep to two conversations separate.

Fixing some lint issues.

Test Plan: Ran the bot with the Object Handler in campfire and observed it behaving properly.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T2462

Differential Revision: https://secure.phabricator.com/D4830
2013-02-07 06:34:06 -08:00
epriestley
4004621d76 Make Pholio selection reticle prettier
Summary:
The selection reticle in Pholio is functional but not very pretty right now. Make it look a little nicer.

  - Using `box-sizing: border-box;` allows us to get rid of the `x - 1` and `y - 2` stuff.
  - I draw the reticle with two elements: one mostly-transparent which creates a fill, and one fully opaque to create a strong dashed border.

Test Plan: {F31803}

Reviewers: ljalonen, chad

Reviewed By: chad

CC: aran, kchr

Differential Revision: https://secure.phabricator.com/D4836
2013-02-07 06:26:36 -08:00
epriestley
5b39bbe71b Batch Conpherence access to markup cache
Summary: Bulk process markup instead of doing them one at a time. Fixes T2504.

Test Plan: Viewed service profile, saw a single call for all the cache entries.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2504

Differential Revision: https://secure.phabricator.com/D4844
2013-02-06 17:53:51 -08:00
Bob Trahan
68814d4eca add conpherence schema patch to the list so it runs
Summary: ...i tend to forget to do this for some reason. my bad.

Test Plan: NA

Reviewers: epriestley, chad

Reviewed By: chad

CC: aran, Korvin

Maniphest Tasks: T2503

Differential Revision: https://secure.phabricator.com/D4840
2013-02-06 15:28:24 -08:00
vrana
f864d9e611 Fix double escaping in phutil_tag
Summary:
I wasn't able to reproduce the "recursion detected" in real web request but I saw lots of 1073741824 refcounts in `debug_zval_dump()` of $object.
I'm not sure how that happens.

Test Plan: D4807#4

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T2432

Differential Revision: https://secure.phabricator.com/D4839
2013-02-06 15:21:05 -08:00
Bob Trahan
6a23cc1677 fix derp from rP84efcb86698a00f863dbdb4cbd4c149c96e498dc i missed 2013-02-06 14:05:11 -08:00
Bob Trahan
1cde41b994 Conpherence - add crop
Summary:
mainly, this adds the image cropper - yay!

 - also removes the file image from the handle stuff I added in V1. now we do all this crazy photo stuff.

Test Plan:
 - uploaded a photo by dragging to header and noted 120 x 80 showed up on reload
 - uploaded a photo by dragging to edit dialogue spot and noted 120 x 80 showed up on reload
 - cropped a photo - noted it cropped right
 - cropped a photo again and again and again - seems like it crops okay

Reviewers: epriestley, chad

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T2418, T2399

Differential Revision: https://secure.phabricator.com/D4790
2013-02-06 14:03:52 -08:00
Edward Speyer
fb7d5d17a2 Don't do image stuff with unviewable images
Summary: If a file isn't a viewable image, don't try to figure out metadata (size, etc.) when rendering a `{F...}` tag in Remarkup.

Test Plan: Uploaded a .rtf, added it as `{F1}` in a new Maniphest task, saw no errors in the dark console.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T2479

Differential Revision: https://secure.phabricator.com/D4837
2013-02-06 21:43:14 +00:00
epriestley
361ce491f2 Make file storage more testable
Summary: Fixes T2474. Adds a storage dummy storage engine for unit tests, and adds a couple of simple tests for basic file storage.

Test Plan: Ran `arc unit` to execute unit tests.

Reviewers: kwadwon

Reviewed By: kwadwon

CC: aran

Maniphest Tasks: T2474

Differential Revision: https://secure.phabricator.com/D4777
2013-02-06 13:37:42 -08:00
epriestley
e518135dfb Improve STRICT_ALL_TABLES warning
Summary:
  - Make the warning describe rationale and point at the MySQL manual explicitly.
  - Add a reference to the developer mode config, in case the user wants to resolve the probelm by disabling developer mode.
  - Now that the message is huge, provide a summary.
  - Move from "Database" to "MySQL" setup checks -- this is kind of arbitrary, but the former is used for fatals (pre-install) and the latter for warnings (post-install) right now. This has no practical impact on anything and is purely stylistic.

Test Plan:
{F31798}

{F31799}

Reviewers: edward, blc

Reviewed By: edward

CC: aran

Differential Revision: https://secure.phabricator.com/D4835
2013-02-06 13:37:31 -08:00
epriestley
84efcb8669 Minor, fix an issue with PhabricatorMenuView and default null keys.
This is kind of gross, but breaking some menus right now which end up with double-`''` keys. The current meaning of setKey(null) is different from not calling it (it means `setKey('')`).

This should be fixed more reasonably but there's a lot of legacy cruft in PhabricatorSideNavFilterView.

Auditors: btrahan
2013-02-06 11:42:22 -08:00
Lauri-Henrik Jalonen
57c001f522 Select portions from mock
Summary: Comment draft is now saved

Test Plan: Verified that draft is saved

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin, chad

Maniphest Tasks: T2446

Differential Revision: https://secure.phabricator.com/D4831
2013-02-06 11:28:04 -08:00
Toby Hughes
1188876ea9 Fix exception in OAuthServerAuthController
Summary:
We've been building a Jenkins plugin that allows you to use your Phabricator login details in Jenkins using the inbuilt OAuthServer. I noticed that when making a request to /oauthserver/auth/?client_id=&response_type=code I get an error back from the server.

I've traced this down to two bugs in PhabricatorOAuthServerAuthController, the first causes a null value error on $access_token_uri, and the second fails on userHasAuthorizedClient without a $scope array.

Test Plan: Go to /oauthserver/auth/?client_id=<client_id>&response_type=code and get a valid authorization code back

Reviewers: epriestley, btrahan

Reviewed By: btrahan

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D4808
2013-02-06 09:00:01 -08:00
epriestley
f912fa1ab7 Minor, fix celerity map. 2013-02-06 08:32:36 -08:00
epriestley
24ced7e7bd Expose commit information via conduit instead of user information
Summary:
After D4825, this information is often available to us in a safe way. Provide it explictly.

This removes or reduces functionality in some cases, but I think we can plug those holes with Conpherence addresses and/or explicit user acknowledgement/config.

Test Plan: Patched a commit with `arc patch` and got the original address out.

Reviewers: btrahan, edward, vrana

Reviewed By: btrahan

CC: aran

Differential Revision: https://secure.phabricator.com/D4828
2013-02-05 20:10:57 -08:00
indiefan
574bc3ba31 First pass at decoupling Phabricator bot behavior from the protocol it's running on, this pulls the connection, reading, and writing functionalities out of the bot itself and into the adapter.
Summary:
Ugh, just wrote out a huge message, only to lose it with a fat-fingered ctrl-c. Le sigh.

First pass at decoupling the bot from the protocol. Noticeably absent is the command/message coupling. After this design pass I'll give that a go. Could use some advice, thinking that handlers should only create messages (which can be public or private) and not open ended, undefined 'commands'. The problem being that there needs to be some consistant api if we want handlers to be protocol agnostic. Perhaps that's a pipedream, what are your thoughts?

Secondly, a few notes, design review requests on the changes i did make:
 # Config. For now i'm passing config through to the adapter. This was mainly to remain backwards compatible on the config. I was thinking it should probably be namespaced into it's own subobject though to distinguish the adapter config from the bot config.
 # Adapter selection. This flavor is the one-bot-daemon, config specified protocol version. The upside is that in the future they won't have to run different daemons for this stuff, just have different config, and the door is open for multiple protocol adapters down the road if need be. The downside is that I had to rename the daemon (non-backwards compatible change) and there will need to be some sort of runtime evaluation for instatiation of the adapter. For now I just have a crude switch, but I was thinking of just taking the string they supply as the class name (ala `try { new $clasName(); } catch...`) so as to allow for homegrown adapters, but I wasn't sure how such runtime magic would go over. Also, an alternative would be to make the PhabricatorBot class a non-abstract non-final base class and have the adapters be accompanied by a bot class that just defines their adapter as a property. The upside of which is backwards compatibility (welcome back PhabricatorIRCBot) and perhaps a little bit clearer plugin path for homegrowners.
 # Logging. You'll notice I commented out two very important logging lines in the irc adapter. This isn't intended to remain commented out, but I'm not sure what the best way is to get logging at this layer. I'm wary of just composing the daemon back down into the adapter (bi-directional object composition makes my skin crawl), but something needs to happen, obviously. Advice?

That's it. After the feedback on the above, you can either merge down, or wait until i finish the command/message refactor if you don't think the diff will grow too large. Up to you, this all functions as is.

Test Plan: Ran an irc bot, connected, read input, and wrote output including handler integration.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T2462

Differential Revision: https://secure.phabricator.com/D4757
2013-02-05 18:46:54 -08:00
vrana
2f508bf0dc Delete some phutil_safe_html()
Test Plan: Displayed revision.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T2432

Differential Revision: https://secure.phabricator.com/D4829
2013-02-05 15:52:48 -08:00
vrana
6bb7a282b1 Convert AphrontFormControl to safe HTML
Summary: Everything here now should properly handle plain strings and safe HTML.

Test Plan: /settings/panel/display/

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T2432

Differential Revision: https://secure.phabricator.com/D4826
2013-02-05 15:52:46 -08:00
vrana
be4662e667 Convert setCaption() to safe HTML
Test Plan: /settings/panel/display/

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T2432

Differential Revision: https://secure.phabricator.com/D4824
2013-02-05 15:52:43 -08:00
vrana
bcf9b9d4a7 Convert some phutil_escape_html() to hsprintf()
Summary:
In the second phase, I want to get rid of the most of `phutil_escape_html()` calls in favor of plain strings or `PhutilSafeHTML`.
This is an example of how it could look.

Test Plan: /api/user.whoami

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T2432

Differential Revision: https://secure.phabricator.com/D4823
2013-02-05 15:52:41 -08:00
Bob Trahan
cb38ab27ce fix find / replace error from addressing feedback in D4708. now links to tasks work again. 2013-02-05 13:48:31 -08:00
Bob Trahan
1d0058abcf Update PeopleMenu to only show integration with applications if they are installed
Summary: do so via event engine. note different order now...

Test Plan: toggled "show beta applications" to off and noted that Conpherence disappeared. Otherwise noted that links showed.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T2424

Differential Revision: https://secure.phabricator.com/D4708
2013-02-05 13:46:02 -08:00
Bob Trahan
34b6c32d2e fix conpherence menu selection
Summary: i think the DOM changed in conpherence with the menu upgrades. just noticed that when you select a new conpherence the old one is not de-selected. this fixes it by updating the javascript to ascend one node higher and then use DOM.scry with the right data sigil to get the nodes

Test Plan: read some messages, noted only the one I was reading had the entry highlighted in the left.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T2399

Differential Revision: https://secure.phabricator.com/D4819
2013-02-05 11:58:19 -08:00
epriestley
8f1311bbc1 Merge branch 'master' into phutil_tag
(Final sync.)
2013-02-05 10:23:16 -08:00