1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-22 21:40:55 +01:00
Commit graph

5309 commits

Author SHA1 Message Date
Eric Stern
b20a0eed13 Filter only possibly-tainted keys from superglobals
Summary: Ensures that weird behavior from filter_input_array does not remove keys from superglobals. Should fix T3677.

Test Plan:
Checked that $_SERVER contained same number of keys before and after
filtering, and that those affected by the original bug continue to be filtered
correctly.

Reviewers: epriestley, btrahan

Reviewed By: epriestley

CC: zorfling, aran, Korvin, wez

Maniphest Tasks: T3677

Differential Revision: https://secure.phabricator.com/D6680
2013-08-05 11:45:21 -07:00
epriestley
b712905dc1 Add a "document" style to PHUIRemarkupPreviewPanel and use it in Legalpad and Phriction
Summary: Ref T3671. Depends on D6674. Continues work in D6673, D6674 and extends it into Legalpad and Phriction. Then deletes a bunch of dead code.

Test Plan: Edited documents in Legalpad and Phriction, verified I got reasonable looking previews.

Reviewers: btrahan, Firehed

Reviewed By: btrahan

CC: aran, chad

Maniphest Tasks: T3671

Differential Revision: https://secure.phabricator.com/D6675
2013-08-05 10:47:26 -07:00
epriestley
b2fa1293a7 Use PHUIRemarkupPreviewPanel in Ponder
Summary:
Ref T3578. Ref T3671. Depends on D6673. Use `PHUIRemarkupPreviewPanel` (introduced in D6673) to provide question create/edit and answer edit previews in Ponder.

Then delete a million lines of duplicate code.

Test Plan: Edited a question; edited an answer. Saw live previews.

Reviewers: btrahan, Firehed

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T3578, T3671

Differential Revision: https://secure.phabricator.com/D6674
2013-08-05 10:47:06 -07:00
epriestley
193a9611e4 Partially generalize Remarkup previews and add support to Differential
Summary:
Ref T3671. A lot of applications have pretty ad-hoc preview code. Clean it up a bit and add Summary preview to Differential.

After ApplicationTransactions we might want to try to serialize the whole form and show a preview of all the transactions, but this seems not very useful in most cases (I'd guess that Remarkup previews are 99% of the value) and tricky to get right (e.g., adding images which don't exist yet to Pholio mocks).

I think I can add this in a few other places, too.

Test Plan:
Edited Maniphest Tasks and Differential Revisions, mashed some buttons. Verified previews rendered correctly. Grepped for removed CSS classes (no hits).

{F52907}

Reviewers: btrahan, Firehed

Reviewed By: btrahan

CC: aran, chad

Maniphest Tasks: T3671

Differential Revision: https://secure.phabricator.com/D6673
2013-08-05 10:46:39 -07:00
epriestley
86989c9f98 Provide a more flexible script for administrative management of audits
Summary: Fixes T3679. This comes up every so often and the old script is extremely broad (nuke everything in a repository). Provide a more surgical tool.

Test Plan: Ran a bunch of variations of the script and they all seemed to work OK.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran, staticshock

Maniphest Tasks: T3679

Differential Revision: https://secure.phabricator.com/D6678
2013-08-05 10:35:01 -07:00
epriestley
02ccca4bbd Fix Maniphest fatal if attached tasks are not an array
Summary: Fixes T3678. I think some very old rows may have a junk value here. This will be obsoleted by ApplicationTransactions and other modernization, most likely, so just fix it locally.

Test Plan: looked at a task

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T3678

Differential Revision: https://secure.phabricator.com/D6677
2013-08-05 10:27:50 -07:00
Chad Little
3fd2c0ff90 Re-implement one line stories.
Summary: This puts back the 'one line' story we previously had with the updated design.

Test Plan: Review my feed.

Reviewers: epriestley, btrahan

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D6666
2013-08-05 10:10:33 -07:00
Eric Stern
44a883f941 Pass raw QUERY_STRING to parser
Summary:
Fixes issue where double-encoding of $_SERVER occurs when php.ini forces all input to be sanitized

Ex:
filter.default = full_special_chars
filter.default_flags = 36

Fix line length

Test Plan: Encountered issue on clean install when registring new user (phusr not defined for email verification). php.ini on that server contains above filter settings. nginx/php-fpm with recommended settings for that server block from setup guide.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, epriestley

Differential Revision: https://secure.phabricator.com/D6672
2013-08-04 18:07:35 -07:00
Korvin Szanto
61f0671e87 Fix PhabricatorBot macro cacheing
Summary:
Previously, if there were no macros, we would ping conduit for a list of macros until we got something. Now we cache false when there are no results.
T3045

Test Plan: Ensure the init doesn't call the ##macro.query## conduit method more than once during the PhabricatorBot's lifetime.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran

Maniphest Tasks: T3045

Differential Revision: https://secure.phabricator.com/D6671
2013-08-04 15:40:04 -07:00
Korvin Szanto
40cf765ca2 Line highlighting for pastes
Summary:
Add the ability to select singular and multiple lines in paste to highlight.
This is related to T3627

Test Plan: Create a paste, select one or more lines.

Reviewers: epriestley, tberman

Reviewed By: epriestley

CC: aran, chad

Maniphest Tasks: T3627

Differential Revision: https://secure.phabricator.com/D6668
2013-08-04 12:12:37 -07:00
epriestley
a5f790e192 Handle "multipart/form-data" correctly even if we get the data
Summary: Fixes T3673. Supposedly we won't get any data in this case, but it seems we sometimes do. See discussion in task.

Test Plan: Used `var_dump()`, etc., to verify we short circuit out of "multipart/form-data" posts regardless of the presence of input data.

Reviewers: nmalcolm, btrahan

Reviewed By: nmalcolm

CC: aran

Maniphest Tasks: T3673

Differential Revision: https://secure.phabricator.com/D6670
2013-08-04 11:37:17 -07:00
epriestley
ed9edc5d3a Minor, fix Paste SQL patch for databases with all warnings turned on.
This column has no default value and throws if you have maximum warnings activated:

  EXCEPTION: (AphrontQueryException) #1364: Field 'commentVersion' doesn't have a default value...

Auditors: btrahan
2013-08-04 11:32:32 -07:00
epriestley
0de3b351b2 Fix string construction of submit button in Flag
Summary: Fixes T3674.

Test Plan: Clicked "flag for later"; checked error log.

Reviewers: btrahan, chad

Reviewed By: chad

CC: aran

Maniphest Tasks: T3674

Differential Revision: https://secure.phabricator.com/D6669
2013-08-04 08:16:09 -07:00
Bob Trahan
37a5c4b11a Paste - add transactions
Summary: Ref T3650. This adds a create transaction, transactions for metadata (title, langauge, view policy), and comments. Editor is used on all create /edit paths.

Test Plan: made some pastes via web and email - yay. edited pastes - yay. verified txns showed up on pastes and in feed correctly.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T3516, T3650

Differential Revision: https://secure.phabricator.com/D6645
2013-08-02 12:56:58 -07:00
Chad Little
4a4181aea6 Emoticons, Pack 1
Summary: n/a

Test Plan: photoshop, imageoptim

Reviewers: epriestley, btrahan

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D6661
2013-08-02 12:00:26 -07:00
Bob Trahan
ee9830a950 Fix a small bug - %d => %s
Summary: easy peasy. noticed it trying to fix an image.

Test Plan: can fix image by phid once more!

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D6659
2013-08-02 11:20:25 -07:00
epriestley
f0857e4fd8 Improve error message for bad timestamps
Summary: Ref T3031. While we should probably do more than this, provide a more useful error message so I don't have to make users run `date` and such.

Test Plan:
Added `|| true` and ran `arc list`:

  $ arc list --conduit-uri=http://local.aphront.com:8080/
  Exception
  ERR-INVALID-TOKEN: The request you submitted is signed with a timestamp, but that timestamp is not within 15 m of the current time. The signed timestamp is 1375454102 (Fri, 02 Aug 2013 07:35:02 -0700), and the current server time is 1375454102 (Fri, 02 Aug 2013 07:35:02 -0700). This is a differnce of 0 seconds, but the timestamps must differ from the server time by no more than 900 seconds. Your client or server clock may not be set correctly.
  (Run with --trace for a full exception trace.)

Reviewers: btrahan, chad

Reviewed By: chad

CC: aran

Maniphest Tasks: T3031

Differential Revision: https://secure.phabricator.com/D6653
2013-08-02 07:38:59 -07:00
Jakub Vrana
6c7f36f6b8 Use filtered query instead of filter in Elasticsearch
Summary:
The 'filter' works like this: Get all results matching query (all if there's no query), compute facets (if there are any) and then filter out the uninteresting results.
The 'filtered' query applies the filters when searching, not when processing results.
This is obviously not documented anywhere in the great Elasticsearch documentation.
http://stackoverflow.com/questions/14007078/performance-of-elastic-queries

We don't hit this problem very often as we usually use some query.

Test Plan: Searched for open documents using Elasticsearch, verified the sent JSON, verified results.

Reviewers: epriestley, wez

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D6643
2013-08-01 16:38:39 -07:00
Chad Little
78f73e7d45 Add one-line feed story.
Summary: It turns out not everything is interesting. This adds a oneline story with less vertical space.

Test Plan: UIExamples

Reviewers: epriestley, btrahan

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D6640
2013-08-01 15:23:07 -07:00
epriestley
fd2593e8ab Restore setting "disabled" on user handles of disabled users
Summary:
Fixes T3666. D6585 updated the User handles, but accidentally dropped this unusual property.

We should get rid of this -- it doesn't really make any sense on Handles -- but restore the previous beahvior to fix T3666 until we can nuke it.

Test Plan: Clicked some pages? (Actually testing this properly is a bit of a pain and I am super lazy.)

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T3666

Differential Revision: https://secure.phabricator.com/D6644
2013-08-01 14:50:45 -07:00
Bob Trahan
1663dc32c9 Pholio - finish off history view
Summary:
...bsasically add a "view mode" and play with that throughout the stack. Differences are...

 - normal mode has comments; history mode does not
 - normal mode has inline comments; history mode does not
 - page uris are correct with respect to either mode

 ...and that's about it. I played around (wasted too much time) trying to make this cuter. I think just jamming this mode in here is the easiest / cleanest thing at the end. Feel free to tell me otherwise!

This largely gets even better via T3612. However, this fixes T3572.

Test Plan: played around with a mock with some history. noted correct uris on images. noted no errors in js console.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T3572

Differential Revision: https://secure.phabricator.com/D6638
2013-08-01 13:59:37 -07:00
epriestley
75e56cb25d Publish create object stories into Asana sort of, but not really
Summary: Ref T2852. Current code works fine, but although we want to drop creation stories, we really only want to drop the story text, not the other effects of the creation story. Also generalize this mechanism so we don't have Asana-specific code in the publishers.

Test Plan: Used `bin/feed republish` to publish creation and non-creation stories. Verified creation story published no text.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2852

Differential Revision: https://secure.phabricator.com/D6639
2013-08-01 12:19:18 -07:00
epriestley
22d7b54378 Add missing "phabricator-remarkup" div
Summary: Fixes T3652.

Test Plan: Created a Ponder question with fancy remarkup in the descriptive text.

Reviewers: btrahan, Firehed

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T3652

Differential Revision: https://secure.phabricator.com/D6632
2013-07-30 15:50:27 -07:00
Bob Trahan
2ee1f8cb4e Add some create mail handlers for paste and files
Summary: Fixes T1144. Though actually I think T1144 wanted some handy way to email from the command-line / arc, this is cooler. :D

Test Plan: set conf properly and then ./bin/mail receive-test --as btrahan --to pasties@phabricator.dev | README  --> it worked...! couldn't test files as easily but verified exception thrown when I tried to test.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T1144

Differential Revision: https://secure.phabricator.com/D6622
2013-07-30 13:26:55 -07:00
epriestley
ece246cb72 Modernize Releeph Request create/edit controller
Summary: Ref T3092.

Test Plan: Created a new pick request. Edited an existing pick request.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T3092

Differential Revision: https://secure.phabricator.com/D6630
2013-07-30 12:38:32 -07:00
epriestley
333e377488 Modernize Releeph project create controller
Summary:
Ref T3092.

  - Check for a duplicate key error;
  - do less single loading and use Query classes;
  - use responsive UI elements;
  - add crumbs.

Test Plan: Created a new project, and hit error cases.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T3092

Differential Revision: https://secure.phabricator.com/D6629
2013-07-30 12:38:11 -07:00
Bob Trahan
c6ae9c5672 Fix Pholio feed fatal
Summary: need to filter images that we can't find mocks for. Fixes T3645. Note I have some other errors in my feed which are really tricky to debug and might be garbage data; I want to see what happens in prod post this push.

Test Plan: set a mock visibility to no one and feed worked

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T3645

Differential Revision: https://secure.phabricator.com/D6631
2013-07-30 12:27:44 -07:00
epriestley
8d21dc0d52 Use application PHIDs for ATOM
Summary: Ref T2715.

Test Plan: `phid.query`

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2715

Differential Revision: https://secure.phabricator.com/D6597
2013-07-30 06:49:13 -07:00
epriestley
bdc93f65a2 Use application PHIDs for Diviner Books
Summary: Ref T2715.

Test Plan: `phid.query`

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2715

Differential Revision: https://secure.phabricator.com/D6596
2013-07-30 06:47:07 -07:00
Chad Little
8e1dd430fd Fix feed action icons
Summary: Feed stories have the ability to attach actions, but they were broken

Test Plan: review ui examples

Reviewers: epriestley, btrahan

Reviewed By: btrahan

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D6621
2013-07-29 12:12:14 -07:00
epriestley
999b47ca5c Celery! 2013-07-29 12:07:35 -07:00
epriestley
1fd2d28b11 Restore mail to Ponder
Summary: Ref T3578. Use ApplicationTransactions mail.

Test Plan: {F52159}

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T3578

Differential Revision: https://secure.phabricator.com/D6620
2013-07-29 12:04:20 -07:00
epriestley
4308a932c2 Restore search indexing to Ponder questions
Summary: Ref T3578. Get indexing back, and try to simplify it a bit.

Test Plan: Rebuilt QUES and MOCK indexes with `bin/search`. Created question with unique string, verified it appeared as a result. Added an answer with a unique string, got it as a result too.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T3578

Differential Revision: https://secure.phabricator.com/D6619
2013-07-29 12:04:19 -07:00
epriestley
4c4fcb0bd1 Use ApplicationPHIDs to power object name typehaead results
Summary: Ref T2715. When you type "T12", etc., into the search box, use ApplicationPHIDs to try to find an object name match.

Test Plan: Typed "T12", "rP", "Q11", etc.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2715

Differential Revision: https://secure.phabricator.com/D6618
2013-07-29 12:04:17 -07:00
epriestley
5cc3bbf721 Use application PHIDs for application transactions
Summary: Ref T2715. Ref T3578. Load application transactions through application PHID infrastructure.

Test Plan: Viewed feed, saw successful loads of application transaction objects and rendered feed stories.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2715, T3578

Differential Revision: https://secure.phabricator.com/D6617
2013-07-29 12:04:15 -07:00
epriestley
1720d651da Restore feed stories to Ponder
Summary: Ref T3578. These are a touch rough still, but work.

Test Plan: {F52154}

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T3578

Differential Revision: https://secure.phabricator.com/D6616
2013-07-29 12:04:14 -07:00
epriestley
5037ba1cf8 Restore voting to Ponder
Summary: Ref T3578. Restores the voting UI and makes it a little prettier.

Test Plan: {F52089}

Reviewers: btrahan, chad

Reviewed By: chad

CC: aran

Maniphest Tasks: T3578

Differential Revision: https://secure.phabricator.com/D6614
2013-07-29 12:04:13 -07:00
epriestley
ba8803af96 Hide Ponder comments and "add comment" form behind a disclosure link
Summary: Ref T3373. This is probably about as good as I can get without actual design, but it seems mostly improved over what we had going on before?

Test Plan: {F52087}

Reviewers: btrahan, chad

Reviewed By: chad

CC: aran

Maniphest Tasks: T3373

Differential Revision: https://secure.phabricator.com/D6613
2013-07-29 12:04:12 -07:00
epriestley
644f377915 Move non-comment transactions to a separate history view in Ponder
Summary: Ref T3373. Most edits aren't too interesting, put them on a separate history page.

Test Plan: Viewed question page; viewed history page for question and answer.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T3373

Differential Revision: https://secure.phabricator.com/D6612
2013-07-29 12:04:11 -07:00
epriestley
cf9dc5d189 Fix bug when multiple comment forms appear on a single page
Summary:
Ref T3373. The submit listener doesn't properly scope the form it listens to right now, so several forms on the page mean that comments post to one of them more or less at random.

Scope it properly by telling it which object PHID it is associated with.

Test Plan: Made Question comments, saw comments Ajax in on the question itself rather than on an arbitrary answer.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T3373

Differential Revision: https://secure.phabricator.com/D6611
2013-07-29 12:04:10 -07:00
epriestley
b6130ad49e Restore Ponder question commenting
Summary: Ref T3373. Same issues as the other commenting patch; it's huge and the JS is a bit buggy. Backend is fine, though.

Test Plan: Made some comments on a question.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T3373

Differential Revision: https://secure.phabricator.com/D6610
2013-07-29 12:04:09 -07:00
epriestley
d4b24a2c07 Make Ponder status changes transaction-oriented and improve rendering of transactions
Summary: Ref T3373. Use transactions for status changes.

Test Plan: {F52083}

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T3373

Differential Revision: https://secure.phabricator.com/D6609
2013-07-29 12:04:08 -07:00
epriestley
4be9ccaea8 Restore comments on Ponder answers
Summary:
Ref T3373. This is still pretty messy:

  - The JS bugs out a bit with multiple primary object PHIDs on a single page. I'll fix this in a followup.
  - The comment form itself is enormous, I'll restore some show/hide stuff in a followup.

Test Plan: Added answer comments in Ponder.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T3373

Differential Revision: https://secure.phabricator.com/D6608
2013-07-29 12:04:07 -07:00
epriestley
946a5cd5ce Allow ponder answers to be edited
Summary:
Ref T3373. Use applicationtransactions to edit ponder answers.

Also enable tokens and subscriptions.

Test Plan: edited an answer

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T3373

Differential Revision: https://secure.phabricator.com/D6607
2013-07-29 12:04:06 -07:00
epriestley
71841e262a Migrate Ponder comments to ApplicationTransactions
Summary: Ref T3373. Bring the storage across.

Test Plan: {F52067}

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T3373

Differential Revision: https://secure.phabricator.com/D6606
2013-07-29 12:04:05 -07:00
epriestley
6172f2bbd1 Require answers' authors to be unique in Ponder
Summary: Ref T3578. I forget if this was an explicit decision or not, but we currently let the same user answer questions multiple times. I think this probably causes more confusion than it provides freedom. In conjunction with other UI issues (commenting being weird, notably), we're seeing some use of answers to comment, which is undesirable. Require each answer's author to be unique. Merge existing nonunique authors' answers.

Test Plan: {F52062}

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T3578

Differential Revision: https://secure.phabricator.com/D6605
2013-07-29 12:04:04 -07:00
epriestley
61e7043664 Make Ponder use ApplicationTransaction rendering for answers
Summary: Ref T3373. This breaks some stuff, but future diffs will fix it.

Test Plan: Viewed some questions, saw answer text.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran, chad

Maniphest Tasks: T3373

Differential Revision: https://secure.phabricator.com/D6604
2013-07-29 12:04:03 -07:00
epriestley
8fa5944768 Make adding an answer to a Ponder question a QuestionTransaction operation
Summary: Ref T3578. This is currently handled in a weird way in the Answer transaction. Instead, make it a Question transaction so, e.g., viewing Question transaction history shows who added answers and when.

Test Plan: Added answers to questions in Ponder.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T3578

Differential Revision: https://secure.phabricator.com/D6603
2013-07-29 12:03:48 -07:00
epriestley
e6967ed2ec Clean up more PonderQuestionQuery cruft
Summary: Ref T3578. Unroll these static methods for consistency.

Test Plan: grep

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T3578

Differential Revision: https://secure.phabricator.com/D6602
2013-07-29 12:03:44 -07:00
epriestley
5a3e3994f5 Make PonderQuestionEditor use ApplicationTransactions
Summary:
Ref T3373. Make PonderQuestions editable and use transactions.

This temporarily disables some stuff:

  - email;
  - feed;
  - comments;
  - voting.

I'll restore those in followups and wait to land this until they're at least mostly back online.

The transactions themselves also need more string/color/icon work.

Test Plan: Created and edited questions. Viewed transactions.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T3373

Differential Revision: https://secure.phabricator.com/D6601
2013-07-29 12:03:39 -07:00