1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-14 10:52:41 +01:00
Commit graph

186 commits

Author SHA1 Message Date
epriestley
f852a09e1c Whitelist blacklisting pcntl_ functions for setup checks so Debian installs don't fatal instantly
Summary: See IRC. This is dumb but I think we should try to work by default on Debian, and it doesn't cost us too much. See inline comment for more.

Test Plan:
  - No `disable_functions`, restarted, worked fine.
  - Set `disable_functions = pcntl_derp`, restarted, worked fine.
  - Set `disable_functions = derp`, restarted, setup fatal.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Differential Revision: https://secure.phabricator.com/D6741
2013-08-13 12:23:29 -07:00
epriestley
b7387f314b Raise a setup fatal for 'disable_functions' or 'disable_classes'
Summary:
Fixes T3709. PHP has two configuration options ('disable_functions', 'disable_classes') which allow functions and classes to be blacklisted at runtime.

Since these break things in an unclear way, raise a setup fatal if they are set.

We take a slightly more tailored approach to these in `phd` already, but I'd rather try just saying "no, this is bad" and see if we can get away with it. I suspect we can, and there's no legitimate reason to blacklist functions given that Phabricator must have access to, e.g., `proc_open()`.

Test Plan: {F54058}

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T3709

Differential Revision: https://secure.phabricator.com/D6739
2013-08-13 10:11:05 -07:00
epriestley
f37b315dec Correct switched-around configuration descriptions for metamta.herald.show-hints and metamta.reply.show-hints
Summary: Fixes T3710. The text on these options is switched around.

Test Plan: {F54051} {F54052}

Reviewers: btrahan, nmalcolm, chad

Reviewed By: chad

CC: aran

Maniphest Tasks: T3710

Differential Revision: https://secure.phabricator.com/D6737
2013-08-13 08:33:56 -07:00
Jakub Vrana
ce62632e15 Add example for bugtraq.logregex with two parts
Summary: Also fix displaying array examples.

Test Plan: Used it in `linkBugtraq()`.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T3620

Differential Revision: https://secure.phabricator.com/D6667
2013-08-06 09:29:22 -07:00
Bob Trahan
2ee1f8cb4e Add some create mail handlers for paste and files
Summary: Fixes T1144. Though actually I think T1144 wanted some handy way to email from the command-line / arc, this is cooler. :D

Test Plan: set conf properly and then ./bin/mail receive-test --as btrahan --to pasties@phabricator.dev | README  --> it worked...! couldn't test files as easily but verified exception thrown when I tried to test.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T1144

Differential Revision: https://secure.phabricator.com/D6622
2013-07-30 13:26:55 -07:00
epriestley
5cc3bbf721 Use application PHIDs for application transactions
Summary: Ref T2715. Ref T3578. Load application transactions through application PHID infrastructure.

Test Plan: Viewed feed, saw successful loads of application transaction objects and rendered feed stories.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2715, T3578

Differential Revision: https://secure.phabricator.com/D6617
2013-07-29 12:04:15 -07:00
epriestley
cf9dc5d189 Fix bug when multiple comment forms appear on a single page
Summary:
Ref T3373. The submit listener doesn't properly scope the form it listens to right now, so several forms on the page mean that comments post to one of them more or less at random.

Scope it properly by telling it which object PHID it is associated with.

Test Plan: Made Question comments, saw comments Ajax in on the question itself rather than on an arbitrary answer.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T3373

Differential Revision: https://secure.phabricator.com/D6611
2013-07-29 12:04:10 -07:00
epriestley
149efe68ab Improve usability of DarkConsole settings
Summary:
Fixes T3632. Cleans up a bunch of DarkConsole stuff:

  - The config setting had out-of-date instructions. Modernize the instructions.
  - The setting was sort of hidden under "Display Preferences". Move it to a new "Developer Preferences".
  - The setting magically appeared if DarkConsole was enabled on the install. Instead, always show it but explain why it isn't availalbe.
  - When the user enables the console, also force it to actually be shown.
  - Call out instructions about use of the "`" key more clearly.

Test Plan: Viewed config setting. Viewed settings panel. Changed setting. Enabling the setting showed DarkConsole.

Reviewers: garoevans, chad, btrahan

Reviewed By: chad

CC: aran

Maniphest Tasks: T3632

Differential Revision: https://secure.phabricator.com/D6594
2013-07-27 20:18:58 -07:00
epriestley
7657c5e145 Fix exception with "phabricator.allowed-uris" when trying to set cookies
Summary: The `phabricator.allowed-uris` config setting is not checked properly when trying to set cookies.

Test Plan:
Set an alternate URI, then accessed Phabricator. No longer received a secondary cookie error.

Hit the new exceptions to test them:

{F51131}
{F51132}

Reviewers: btrahan, garoevans

Reviewed By: btrahan

CC: aran

Differential Revision: https://secure.phabricator.com/D6528
2013-07-22 12:21:08 -07:00
epriestley
911aaee89c Convert config to application PHIDs
Summary: Ref T2715.

Test Plan: Used `phid.query` to load config entries. Edited config entries.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2715

Differential Revision: https://secure.phabricator.com/D6520
2013-07-22 12:17:38 -07:00
epriestley
7ed6996604 Provide basic infrastructure for moving PHIDs, Handles and Object Names to applications
Summary:
See discussion in T2715. Currently, PHIDs are all hard coded in the PHID application. In the long run, we need to move them out into actual applications.

A specific immediate issue is Releeph, which uses a very very old and very broken mechanism to inject PHIDs in a way that only sort of works.

Moving forward, every PHID type will be provided by a `PhabricatorPHIDType` subclass, which will manage loading it, etc.

This also moves toward cleaning up the "load objects by name" (where "name" means something like `D12`) code, which is an //enormous// mess and spread across at least 4-5 callsites.

Test Plan: Used `phid.lookup` and `phid.query` to load Slowvotes.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Differential Revision: https://secure.phabricator.com/D6502
2013-07-21 06:34:21 -07:00
epriestley
0b1b988107 Add arcanist and libphutil versions to /config/all/
Summary: Fixes T3453. Makes it easier for me to get version info when supporting users, since they can copy/paste from the web UI instead of running a bunch of `git` commands.

Test Plan: {F50749}

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T3453

Differential Revision: https://secure.phabricator.com/D6491
2013-07-18 12:41:03 -07:00
Jakub Vrana
21d5992a58 Separate missing patches by newlines
Test Plan: Looked at it.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D6493
2013-07-18 11:31:30 -07:00
epriestley
1b48e922d4 Add a setup warning for port in mysql.host
Summary:
A pull from GitHub recently added `mysql.port`, for explicitly configuring the MySQL port. See:

  - https://github.com/facebook/libphutil/pull/27
  - https://github.com/facebook/phabricator/pull/356

Add a setup warning for old-style configurations (which will still work properly), to get them to move to the new style.

Test Plan: {F50113}

Reviewers: btrahan, chad

Reviewed By: chad

CC: aran

Differential Revision: https://secure.phabricator.com/D6449
2013-07-14 16:57:50 -07:00
Levi Jackson
d27e7c52b2 Add explicit mysql.port configuration
See: https://github.com/facebook/phabricator/pull/356

Reviewed by: epriestley
2013-07-14 16:06:23 -07:00
epriestley
2b37911097 Make it easier to configure an Asana workspace ID
Summary:
Ref T2852. It's a little tricky to figure out Asana workspace IDs right now. If the viewer has a linked account, just pull their workspaces and show them which IDs are available.

(In theory, we could use a `<select>`, but it would have more edge cases; this seems like a pretty solid fix.)

Test Plan: {F49938}

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2852

Differential Revision: https://secure.phabricator.com/D6437
2013-07-12 13:10:03 -07:00
epriestley
b6df427c2f Add a "disabled" style
Summary: Fixes T3525. This feels way better, although it's still a little hard for me to pick out of lists with otherwise default-colored items.

Test Plan: {F49910} {F49911}

Reviewers: chad

Reviewed By: chad

CC: aran

Maniphest Tasks: T3525

Differential Revision: https://secure.phabricator.com/D6435
2013-07-12 11:31:20 -07:00
epriestley
147302dfa6 Improve "Ignore" action for setup warnings
Summary:
  - The dialog has no body text.
  - It uses an "Ignore" link because it predates action items.

Test Plan:
{F49894}
{F49895}
{F49896}

Reviewers: chad, btrahan

Reviewed By: chad

CC: aran

Differential Revision: https://secure.phabricator.com/D6433
2013-07-12 11:20:24 -07:00
epriestley
c05e026e65 Detect and warn about APC 3.1.14 / 3.1.15
Summary:
These versions are broken, but package distros seem to be picking them up. :/

Since the error you get is completely useless, fatal immediately with a useful message.

Ref T2594.

Test Plan: Faked verisions and hit the issue.

Reviewers: btrahan

Reviewed By: btrahan

CC: brennantaylor, Arijit, aran

Maniphest Tasks: T2594

Differential Revision: https://secure.phabricator.com/D6415
2013-07-10 13:20:00 -07:00
epriestley
dd3f4fd267 Add a setup warning for probable misconfiguration of 'apc.stat'
Summary: Fixes T3501. `apc.stat` should generally be 0 in production and 1 in development. Raise a setup warning if it isn't.

Test Plan:
Hit both setup warnings.

{F49176}

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T3501

Differential Revision: https://secure.phabricator.com/D6376
2013-07-08 11:56:14 -07:00
epriestley
c3b2184977 Mostly modernize Conduit logs
Summary:
  - Add GC support to conduit logs.
  - Add Query support to conduit logs.
  - Record the actual user PHID.
  - Show client name.
  - Support querying by specific method, so I can link to this from a setup issue.

@wez, this migration may not be fast. It took about 8 seconds for me to migrate 800,000 rows in the `conduit_methodcalllog` table. This adds a GC which should keep the table at a more manageable size in the future.

You can safely delete all data older than 30 days from this table, although you should do it by `id` instead of `dateCreated` since there's no key on `dateCreated` until this patch.

Test Plan:
  - Ran GC.
  - Looked at log UI.
  - Ran Conduit methods.

Reviewers: btrahan

Reviewed By: btrahan

CC: wez, aran

Differential Revision: https://secure.phabricator.com/D6332
2013-07-01 12:37:34 -07:00
epriestley
6857ffb6f5 Validate all components of $PATH configuration
Summary: Fixes T3400. Users are crafty. Attempt to outwit them.

Test Plan: Added all kinds of nonsense to my PATH to hit all the errors. Verified sensible-looking error messages which I couldn't figure out any way to misread or outwit.

Reviewers: chad, btrahan

Reviewed By: chad

CC: aran

Maniphest Tasks: T3400

Differential Revision: https://secure.phabricator.com/D6318
2013-06-28 17:23:36 -07:00
Jakub Vrana
9cc6e87172 Fix a typo in message and translate it
Test Plan: /config/issue/config.unknown.auth.password-auth-enabled/

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D6322
2013-06-28 09:40:40 -07:00
epriestley
b62ecb7c11 Make UX for misspelled or delted config much less bad
Summary:
Fixes T3436. Currently, when installs have configuration options which we don't know about, we raise a fairly confusing/ambiguous message about the options being unknown. Instead:

  - Keep a list of previously valid (but now deleted) config, with explanatory reasons for what happened to it. Present this information, along with altenate wording ("Obsolete Config" instead of "Unknown Config") where applicable.
  - Show a list of all the places the config is defined.
  - Provide an active link to delete it from the web UI.
  - Provide a command to delete it from the CLI.
  - Allow `bin/config delete` to delete configuration options which no longer have a definition.

Test Plan:
  - Set an auth key in database, local and file config.
  - Walked through the setup issue, cleaning it up.
  - Set an invalid key and made sure I still got a reasonable error (this now has better cleanup instructions).

Reviewers: btrahan, chad

Reviewed By: chad

CC: aran

Maniphest Tasks: T3436

Differential Revision: https://secure.phabricator.com/D6317
2013-06-26 11:01:19 -07:00
Chad Little
78311f758d Make ignored setup issues grey
Summary: When I ignore setup issues, I want them to look dealt with, and keep yellow for new ones. Also updated callout colors.

Test Plan: Ignored a number of issues.

Reviewers: epriestley, btrahan

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D6300
2013-06-25 10:17:46 -07:00
epriestley
09ebd6617e Add "invisible" styling/config to Phabricator
Summary: Ref T3322. Depends on D6297. Here are some Phabricator tweaks to complment D6297.

Test Plan: {F47522}

Reviewers: garoevans

Reviewed By: garoevans

CC: aran, chad

Maniphest Tasks: T3322

Differential Revision: https://secure.phabricator.com/D6298
2013-06-25 08:40:29 -07:00
Chad Little
dd2319cded Make setup issues cards.y
Summary: Generally prefer 'cards' to represent individual 'items' or 'action items', so I think it works here.

Test Plan: Reload setup issues pages.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D6252
2013-06-20 13:25:01 -07:00
epriestley
1834584e98 Provide contextual help on auth provider configuration
Summary:
Ref T1536.

  - Move all the provider-specific help into contextual help in Auth.
  - This provides help much more contextually, and we can just tell the user the right values to use to configure things.
  - Rewrite account/registration help to reflect the newer state of the word.
  - Also clean up a few other loose ends.

Test Plan: {F46937}

Reviewers: chad, btrahan

Reviewed By: chad

CC: aran

Maniphest Tasks: T1536

Differential Revision: https://secure.phabricator.com/D6247
2013-06-20 11:18:48 -07:00
epriestley
3b9ccf11f2 Drive auth config with the database
Summary: Ref T1536. This is the last major migration. Moves us over to the DB and drops all the config stuff.

Test Plan:
  - Ran the migration.
  - Saw all my old config brought forward and respected, with accurate settings.
  - Ran LDAP import.
  - Grepped for all removed config options.

Reviewers: btrahan, chad

Reviewed By: btrahan

CC: aran, wez

Maniphest Tasks: T1536

Differential Revision: https://secure.phabricator.com/D6243
2013-06-20 11:18:11 -07:00
epriestley
32f6c88896 Add first-time-setup registration flow
Summary:
Ref T1536. Currently, when you install Phabricator you're dumped on the login screen and have to consult the documentation to learn about `bin/accountadmin`.

Instead, detect that an install is running first-time setup:

  - It has no configured providers; and
  - it has no user accounts.

We can safely deduce that such an install isn't configured yet, and let the user create an admin account from the web UI.

After they login, we raise a setup issue and lead them to configure authentication.

(This could probably use some UI and copy tweaks.)

Test Plan:
{F46738}

{F46739}

Reviewers: chad, btrahan

Reviewed By: chad

CC: aran

Maniphest Tasks: T1536

Differential Revision: https://secure.phabricator.com/D6228
2013-06-19 16:28:48 -07:00
epriestley
ce01d6fc2b Add a setup issue to warn about an unconfigured upload limit
Summary:
Ref T3354. There's no way for us to test most of the config options which actually affect this limit, so the Phabricator config is basically a canary value to indicate "the administrator hasn't configured anything yet".

Raise a setup issue if it isn't set. There's a trail to get here from Files, but we've de-emphasized the old-school upload form so it's hard to unearth.

Emphasize the warning that you need to read the documentation and configure like 30 other things to make this work.

Test Plan: Cleared my config, verified I got the issue, read it, set my config, issue went away.

Reviewers: jamesr, chad

Reviewed By: chad

CC: aran

Maniphest Tasks: T3354

Differential Revision: https://secure.phabricator.com/D6185
2013-06-12 05:49:41 -07:00
epriestley
059183f6b5 Allow configuration to have custom UI types
Summary:
Ref T1703. This sets the stage for (but does not yet implement) custom UI types for config. In particular, a draggable list for custom fields.

I might make all the builtin types go through this at some point too, but don't really want to bother for the moment. It would be very slightly cleaner but woudn't get us much of anything.

Test Plan:
UI now renders via custom code, although that code does nothing (produces an unadorned text field):

{F45693}

Reviewers: chad

Reviewed By: chad

CC: aran

Maniphest Tasks: T1703

Differential Revision: https://secure.phabricator.com/D6154
2013-06-07 12:36:18 -07:00
Bryan Cuccioli
d78386584f Globally limit the size of generated emails.
Summary: At the global level, truncate emails at a user-configured size.

Test Plan: Untested, as I could not get PHP to send emails on my box, but if you can this should be very easy to test. Just set the max size to something like .001 kilobytes and make sure it does the right thing.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin, AnhNhan

Maniphest Tasks: T1392

Differential Revision: https://secure.phabricator.com/D6118
2013-06-05 05:47:31 -07:00
epriestley
6551ea8245 Detect missing 'svn', 'hg' and 'git' during setup
Summary:
These are a bit tricky because we don't want to require you to install a VCS you don't use just to use Phabricator. Test that repositories exist before performing the checks.

I'll couple this with additional checks during repository creation.

Test Plan: Changed binary names to nonexistent ones, verified setup issues raised properly.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Differential Revision: https://secure.phabricator.com/D6040
2013-05-27 13:40:34 -07:00
epriestley
9c925464ba Default "environment.append-paths" to include likely paths
Summary:
A few more of these issues have cropped up recently. Basically:

  - Webservers often (by default, I guess?) have a different or nonexistent $PATH.
  - Users have a hard time figuring this out, since it's not obvious that the webserver might have a different configuration than the CLI, and they can run "git" and such themselves fine, and they don't normally use SetEnv or similar in webserver config.

I've been pursuing one prong of attack here (better detection and more tailored errors); this is a second prong (try to just guess the configuration correctly).

In 99% of cases, the binaries in question are in one of these three places, so just make them the default appended paths. If users have wacky configs they can override the setting.

Test Plan: Viewed config locally.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Differential Revision: https://secure.phabricator.com/D6039
2013-05-27 13:40:21 -07:00
Gareth Evans
ef797494ca Add Allowed uris config
Summary:
Kind of a quick look at an idea for T2184

Ref T2184

Test Plan: Make sure the site still loads

Reviewers: epriestley

CC: aran, Korvin, mbishopim3

Maniphest Tasks: T2184

Differential Revision: https://secure.phabricator.com/D6045
2013-05-26 10:57:45 -07:00
epriestley
6dda35897a Use setContentSourceFromRequest() in more places
Summary: I introduced this helper at some point, clean up all the code duplication around content sources.

Test Plan: Grepped; hit edit interfaces for most/all of these.

Reviewers: btrahan, chad, edward

Reviewed By: chad

CC: aran

Differential Revision: https://secure.phabricator.com/D6030
2013-05-24 10:48:34 -07:00
epriestley
e591ef4db9 Add setup checks for the availability of 'which' and 'diff' binaries
Summary:
Spent an hour or two helping a user figure this out. Make sure I never do that again.

If the webserver is configured with an empty or bogus PATH, binaries like 'which' and 'diff' (and 'git', and 'svn', etc.) may not be available. In most cases, this is fine, because we get an error like "sh: whatever-command not found", which is obvious to diagnose.

In the case of 'diff', we don't get this, because 'diff' is expected to exit with a nonzero code for differing files -- so we interpret the "sh: whatever-command not found" as "files differ" and then try to parse the empty output.

Explicitly check for 'which' (on Windows, 'where') and 'diff' during setup (I plan to refine the behavior around 'git', 'svn' and 'hg' at some point, but this is less pressing since the errors are trivial to support).

Test Plan: Faked failures on all modes, verified setup warnings look reasonable.

Reviewers: btrahan, chad

Reviewed By: btrahan

CC: aran

Differential Revision: https://secure.phabricator.com/D6008
2013-05-23 14:42:07 -07:00
epriestley
1898a540d8 Add a setup warning about missing 'fileinfo'
Summary:
See <https://github.com/facebook/phabricator/issues/320>. We have a soft dependency on 'fileinfo', which we try to recover from (with `file`) but won't be able to on Windows and apparently FreeBSD systems. Since users can ignore setup checks anyway now, just raise a warning during install.

I believe almost all installs should have this extension, it has been part of the core for a long time.

Test Plan: Faked setup failure, looked at warning. "Solved" setup failure, saw it go away.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Differential Revision: https://secure.phabricator.com/D5952
2013-05-17 10:00:40 -07:00
deedydas
9885165fb9 Updated the CLI for smoother use
Summary: Ref T2903

Test Plan: Tested all CLI possibilities

Reviewers: epriestley, AnhNhan

Reviewed By: epriestley

CC: AnhNhan, aran, Korvin, jqh9804

Maniphest Tasks: T2903

Differential Revision: https://secure.phabricator.com/D5711
2013-04-29 12:14:54 -07:00
Zedstar
f53cde8f92 Using PhabricatorExternalAccount
Summary: Using PhabricatorExternalAccount in place maniphest.default-public-author.

Test Plan:
Using receivemail to see if the a new entry is made in the 'phabircator_user.user_externalaccount' table. Few things, I noticed that phabricator creates table 'user_externalaccout'. And now it throws up error 'Unknown column 'dateCreated' in 'field list''. Awaiting your comments.
{F41370}

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin, AnhNhan

Maniphest Tasks: T1205

Differential Revision: https://secure.phabricator.com/D5747
2013-04-28 13:22:33 -07:00
Jakub Vrana
a1664d4c64 Mark customized config values in Current Settings
Test Plan: /config/all/

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D5677
2013-04-13 09:31:24 -07:00
deedydas
0b1410b1d7 Fixed T2630
Summary: Fixes T2630

Test Plan: Did not test yet.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T2630

Differential Revision: https://secure.phabricator.com/D5456
2013-04-10 13:11:22 -07:00
Jakub Vrana
c48bb5494a Add setup check for missing SQL patches
Test Plan: Saw the warning, upgraded storage, didn't see it.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D5618
2013-04-09 21:37:20 -07:00
epriestley
97ff7fe259 Make "isInstalled()" respect beta apps
Summary:
Currently, `isInstalled()` and `getAllInstalledApplications()` are inconsistent:

  - `isInstalled()` returns true for beta apps, even if `phabricator.show-beta-applications` is false.
  - `getAllInstalledApplications()` omits beta apps if `phabricator.show-beta-applications` is false.

Making the beta config control installs (not just homepage visibility) makes far more sense as we roll out more thorough application integrations.

Make `isInstalled()` respect beta, and clean up some callsites.

D5602 builds on this.

Test Plan: Installed/uninstalled beta apps, verified Conpherence menu/panel and other application integrations dropped out of the UI.

Reviewers: vrana, btrahan

Reviewed By: vrana

CC: aran

Differential Revision: https://secure.phabricator.com/D5603
2013-04-06 09:25:13 -07:00
James Rhodes
3b1a1ae7e3 [SECURITY] Prevented PhabricatorSetupIssueView from exposing sensitive config options.
Summary:
Currently PhabricatorSetupIssueView will show the current values of
configuration options regardless of whether or not they are defined
as hidden options.  This means that if the MySQL server stops, Phabricator
will present the MySQL connection credentials to anyone who can access
the Phabricator page.

Test Plan:
Stop the MySQL server for a Phabricator instance.  It should display 'hidden'
instead of the MySQL password.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D5596
2013-04-06 00:39:53 -07:00
epriestley
8b6fc615f4 Ignore and README for support/bin
Summary:
See D5561. Ref T2378.

  - Add `support/bin/*` to .gitignore so any symlinks or binaries won't get picked up by Git.
  - Add a README so Git preserves the directory and there's at least //some// documentation of its existence.

Test Plan: ummmmm

Reviewers: jevripio, codeblock, btrahan

Reviewed By: jevripio

CC: aran

Maniphest Tasks: T2378

Differential Revision: https://secure.phabricator.com/D5562
2013-04-03 12:58:39 -07:00
Angelos Evripiotis
81389e79e7 Fix config name typo in SetupCheckPygment
Summary:
Use correct spelling of 'environment.append-paths' so that the current
value of the variable will display as expected in the
'pygmentize Not Found' setup issue screen.

Test Plan:
* Enabled Pygments but haven't installed it
* Follow 'unresolved setup issues' link to 'Not Found' screen
* See that 'envinronment.append-paths' is None
* Set 'environment.append-paths'
* See that 'envinronment.append-paths' is still None
* Apply this fix
* See that 'environment.append-paths' is now '/usr/bin'

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D5555
2013-04-03 10:04:17 -07:00
epriestley
cde1416446 Guarantee the existence of the Phabricator access log
Summary:
We have a fair number of conditionals on the existence of the access log. Instead, always build it and just don't write it if the user doesn't want a version on disk.

Also, formalize logged-in user PHID (avoids object existence juggling) in the access log and move microseconds-since-startup to PhabricatorStartup (simplifies index.php).

Depends on D5532. Fixes T2860. Ref T2870.

Test Plan: Disabled access log, verified XHProf writes occurred correctly.

Reviewers: btrahan, chad

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2860, T2870

Differential Revision: https://secure.phabricator.com/D5533
2013-04-02 09:53:56 -07:00
epriestley
b048bd0593 Add platform detection and a Windows-specific monospaced font override
Summary: Use UA strings to detect platform; override general monospaced settings with platform-specific ones. Fixes T2868.

Test Plan: whatcouldgowrong

Reviewers: chad

Reviewed By: chad

CC: aran

Maniphest Tasks: T2868

Differential Revision: https://secure.phabricator.com/D5526
2013-04-01 13:48:57 -07:00