1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2025-01-11 23:31:03 +01:00
Commit graph

5367 commits

Author SHA1 Message Date
epriestley
b7387f314b Raise a setup fatal for 'disable_functions' or 'disable_classes'
Summary:
Fixes T3709. PHP has two configuration options ('disable_functions', 'disable_classes') which allow functions and classes to be blacklisted at runtime.

Since these break things in an unclear way, raise a setup fatal if they are set.

We take a slightly more tailored approach to these in `phd` already, but I'd rather try just saying "no, this is bad" and see if we can get away with it. I suspect we can, and there's no legitimate reason to blacklist functions given that Phabricator must have access to, e.g., `proc_open()`.

Test Plan: {F54058}

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T3709

Differential Revision: https://secure.phabricator.com/D6739
2013-08-13 10:11:05 -07:00
epriestley
f37b315dec Correct switched-around configuration descriptions for metamta.herald.show-hints and metamta.reply.show-hints
Summary: Fixes T3710. The text on these options is switched around.

Test Plan: {F54051} {F54052}

Reviewers: btrahan, nmalcolm, chad

Reviewed By: chad

CC: aran

Maniphest Tasks: T3710

Differential Revision: https://secure.phabricator.com/D6737
2013-08-13 08:33:56 -07:00
Bob Trahan
65b875d29d Pholio - back end for image re-ordering
Summary:
companion diff to D6729. This is the back-end stuff, plus calls the JS in D6729 for when images are removed, un-removed, uploaded, or replaced.

Fixes T3640.

Test Plan: messed around with images. hit save - new order! temporarily showed these stories and got text about re-ordering stuff.

Reviewers: epriestley, chad

Reviewed By: epriestley

CC: Korvin, aran

Maniphest Tasks: T3640

Differential Revision: https://secure.phabricator.com/D6731
2013-08-12 13:09:07 -07:00
Chad Little
fe0873408d Clean up Notification colors a smidge
Summary: Picked better colors and hover states.

Test Plan: test new colors, stare intently.

Reviewers: epriestley, btrahan

Reviewed By: epriestley

CC: Korvin, aran

Differential Revision: https://secure.phabricator.com/D6730
2013-08-12 12:19:09 -07:00
epriestley
a167d7463d Allow Pholio mock images to be drag-reordered
Summary:
Ref T3640. JS part only, should give you a list in `imageOrder` on the server that you can read with `$request->getStrList('imageOrder')`.

NOTE: You can't drag images into the first position; this is an existing thing that I just need to fix with DraggableList.

@chad might have some design feedback.

Test Plan: Dragged images around, things seemed to work?

Reviewers: btrahan, chad

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T3640

Differential Revision: https://secure.phabricator.com/D6729
2013-08-12 12:08:54 -07:00
Chad Little
fe766ff683 Fix twitch name
Summary: fix spelling

Test Plan: i didn't test this, but seems ok?

Reviewers: epriestley, btrahan

Reviewed By: epriestley

CC: Korvin, aran

Differential Revision: https://secure.phabricator.com/D6728
2013-08-12 11:41:03 -07:00
epriestley
da8ffbac12 Don't synchronize Asana objects with no CCs and no responsible, non-author users
Summary: Ref T2852. Currently, we publish commits with no audit requests and reviews with no CCs or reviewers into Asana. This creates undesired notifications, so drop events which would publish an object that doesn't exist yet and has no followers or respible users.

Test Plan: Used `bin/feed republish` to publish a story about an object with no related users, saw the publish abort with the new message. Added a CC, published again, got a publish.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2852

Differential Revision: https://secure.phabricator.com/D6727
2013-08-12 11:20:30 -07:00
epriestley
a0f0ba6acd Stop using process/filesystem-based checks to determine if daemons are running
Summary:
We currently check if daemons are running using the filesystem and process list. These checks reach the wrong result for a lot of users because their webservers can't read the filesystem or process list. They also reach the wrong result for daemons running on other machines.

Instead, query the active daemon list to see if daemons are running. This should be significantly more reliable.

(We didn't do this before because the running daemon list mechanism didn't exist when the check was written, and at the time it was more complex than doing a simple filesystem/process list thing.)

Test Plan: Viewed `/repositories/` with and without daemons running, saw appropriate warning or lack of warning.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Differential Revision: https://secure.phabricator.com/D6722
2013-08-12 11:20:22 -07:00
epriestley
262475d151 Clean up a couple more doc references to the old MetaMTA application
Summary: This moved to CLI.

Test Plan: Read.

Reviewers: btrahan, chad

Reviewed By: chad

CC: aran

Differential Revision: https://secure.phabricator.com/D6724
2013-08-12 08:58:27 -07:00
epriestley
a02075698c When viewing a Ponder question, clear notifications about it
Summary: Fixes T3703. Clear question notifications when viewing a question.

Test Plan: Gave a question a token, logged in as author, saw notification, viewed question page, notification was marked read.

Reviewers: chad, btrahan

Reviewed By: chad

CC: aran

Maniphest Tasks: T3703

Differential Revision: https://secure.phabricator.com/D6723
2013-08-12 08:20:10 -07:00
Eric Stern
563f3ea236 Create 'Add Task' link on project/view page
Reviewed by: epriestley

See: https://github.com/facebook/phabricator/pull/368
2013-08-12 08:13:31 -07:00
epriestley
8ac2da9850 Provide hasChildren() to replace isEmptyContent()
Summary:
Fixes T3698. Sometimes views need to render differently depending on whether they contain content or not. The existing approach for this is `isEmptyContent()`, which doesn't work well and is sort of hacky (it implies double-rendering content, which is not always free or side-effect free).

Instead, provide a test for an element without children. This test is powerful enough to catch the easy cases of `null`, etc., and just do the expected thing, but will not catch a View which is reduced upon rendering. Since this is rare and we have no actual need for it today, just accept that as a limitation.

Test Plan:
Viewed Timeline and Feed UI examples. Viewed Feed (feed), Pholio (timelineview), and Differential (old transactionview).

{F53915}

Reviewers: chad, btrahan

Reviewed By: chad

CC: aran

Maniphest Tasks: T3698

Differential Revision: https://secure.phabricator.com/D6718
2013-08-12 07:51:01 -07:00
Tarmo Lehtpuu
52225f7eb9 Fix bug with macros search being global.
Summary: This fixed a bug with macros search finding macros flagged by any user. We should only look at flags by the current user.

Test Plan: Verify that no macros flagged by another user show up in macros search.

Reviewers: epriestley

Reviewed By: epriestley

CC: Korvin, aran

Differential Revision: https://secure.phabricator.com/D6717
2013-08-11 13:35:20 -07:00
Chad Little
4657158e71 Jira, TwitchTV login icons
Summary: icons

Test Plan: photoshop

Reviewers: epriestley, btrahan

Reviewed By: epriestley

CC: Korvin, aran

Differential Revision: https://secure.phabricator.com/D6716
2013-08-11 11:00:38 -07:00
Tarmo Lehtpuu
dc28d161ad Change (No Filtering) to be the default selected option.
Summary: Cleaning up my mess, (No Filtering) should be the default selected option in macros search form.

Test Plan: Go to /macro/query/advanced/ and verify that (No Filtering) is the default selected option.

Reviewers: epriestley

Reviewed By: epriestley

CC: Korvin, aran

Maniphest Tasks: T3692

Differential Revision: https://secure.phabricator.com/D6715
2013-08-11 10:05:47 -07:00
Bob Trahan
7225dc4525 Sort arcanist projects by name
Summary: Fixes T3691.

Test Plan: they be sorted now

Reviewers: epriestley

Reviewed By: epriestley

CC: edward, Korvin, aran

Maniphest Tasks: T3691

Differential Revision: https://secure.phabricator.com/D6714
2013-08-09 18:09:28 -07:00
Bob Trahan
ada749236a Herald - restore create an audit as an action for commit objects
Summary: I think we accidentally forgot to include this action in D6660.

Test Plan: verified it showed up in the UI to have the action be an audit

Reviewers: chad, epriestley

Reviewed By: epriestley

CC: Korvin, aran

Differential Revision: https://secure.phabricator.com/D6712
2013-08-09 13:01:00 -07:00
Bob Trahan
46c4459dc0 Conpherence notifications - fix ordering
Summary: we get participation data ordered, then query conpherences by phid... be sure to resort the conpherences based on participation data. I missed this in testing 'cuz my test data is so trashy, but it is glaringly obvious in production. :/

Test Plan: replied to a very old conpherence and noted it was first in the notification panel

Reviewers: chad, epriestley

Reviewed By: epriestley

CC: Korvin, aran

Maniphest Tasks: T3641

Differential Revision: https://secure.phabricator.com/D6711
2013-08-09 13:00:49 -07:00
Chad Little
e6f3c24bc3 Tweak colors on Conpherence Notification Menu
Summary: Fixes T3690. Uses standard colors, smaller borders.

Test Plan: Review Menu with and without a notification

Reviewers: epriestley, btrahan

Reviewed By: btrahan

CC: Korvin, aran

Maniphest Tasks: T3690

Differential Revision: https://secure.phabricator.com/D6710
2013-08-09 12:47:31 -07:00
Tarmo Lehtpuu
8c01cc97f4 Implement macros search by flags.
Summary: Reuse the existing flags functionality for searching macros. Currently implemented as a simple select element (for color).

Test Plan: Flagged some macros and tried searching by them.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D6709
2013-08-08 18:55:27 -07:00
Bob Trahan
399c3e4ee6 Conpherence - add dropdown menu
Summary: Fixes T3641. Probably needs some @chad love though on colors and what have you. Technique was to jam this into the existing notifications stuff as much as possible. I think its "okay" but if we were to add more stuff here (like a 3rd application) this could get a quality pass to consolidate even more code.

Test Plan: played with it in Chrome and Safari - looks reasonable

Reviewers: chad, epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T3641

Differential Revision: https://secure.phabricator.com/D6708
2013-08-08 13:43:33 -07:00
epriestley
07dd5df33b Support Twitch.tv as an OAuth provider
Summary:
This is mostly for personal reasons / lols, but they have a perfectly functional OAuth2 API and it takes like 15 minutes to add a provider now and I was in this code anyway...

@chad, we could use JIRA, Twitter and Twitch.tv auth icons if you have a chance.

Test Plan: {F53564}

Reviewers: btrahan, chad

Reviewed By: btrahan

CC: aran

Differential Revision: https://secure.phabricator.com/D6706
2013-08-08 13:34:30 -07:00
epriestley
d7c712a855 Remove actor as a follower from unowned Asana subtasks after touching them
Summary: Ref T2852. Asana adds the actor as a follower when they create a task, so subtasks currently have up to two followers (the actor and the reviewer) when they should have only one (the reviewer). Simply removing the actor is an effective remedy for this because unfollowing tasks occurs with sneaky ninja stealth in Asana and doesn't generate notifications or even transaction activity.

Test Plan: Synchronized a revision without this patch, saw two followers on the subtask. Synchronized a revision after this patch, saw the "removeFollowers" fire and only one follower on the subtask, with no record of the removal in notifications or the transaction log.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2852

Differential Revision: https://secure.phabricator.com/D6700
2013-08-08 12:01:48 -07:00
Jakub Vrana
8c93e3c941 Allow using colon in Depends On
Test Plan: Used it.

Reviewers: epriestley

Reviewed By: epriestley

CC: tdrhq, aran, Korvin

Differential Revision: https://secure.phabricator.com/D6705
2013-08-08 11:43:25 -07:00
Edward Speyer
bca9dfa10e Fix for D6260
Summary: Fixes a query in √D6260.

Test Plan: View a Releeph RQ and verify that the "churn" field renders and has the right numbers in it.

Reviewers: epriestley, btrahan

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D6702
2013-08-08 16:32:05 +01:00
Chad Little
f6e22a1ec0 Update status icons
Summary: Use standard colors.

Test Plan: create status

Reviewers: epriestley, btrahan

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D6701
2013-08-08 06:51:22 -07:00
epriestley
4f49ec1cff Remove HeraldDryRunAdapter
Summary: Ref T2769. This isn't a real adapter and its methods are increasingly hacky messes. Make "dry run" a first-class concept on the HeraldEngine instead and remove the adapter.

Test Plan: Ran Herald via test console and via CLI.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2769

Differential Revision: https://secure.phabricator.com/D6693
2013-08-07 18:04:40 -07:00
epriestley
ce163536ca Add a normal "view" page for Herald rules
Summary:
Ref T2769. This will house the transaction list and replace the "edit log" stuff.

The UI is a little bit rough and can probably share more code with the transaction history, but seems mostly-reasonable.

Test Plan: {F53253}

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2769

Differential Revision: https://secure.phabricator.com/D6690
2013-08-07 18:04:39 -07:00
epriestley
b767bd3f2d Move Herald rule querying into HeraldRuleQuery
Summary: Ref T2769. The `HeraldRule` class has some query logic; move it into `HeraldRuleQuery`. Also some minor cleanup.

Test Plan: Ran test console, created a new revision, used `reparse.php --herald`. Verified rules triggered correctly.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2769

Differential Revision: https://secure.phabricator.com/D6689
2013-08-07 18:04:38 -07:00
epriestley
75e43513c2 Remove HeraldActionConfig, HeraldFieldConfig
Summary:
Ref T2769. Move all of this stuff into Adapters and get rid of the hard-coded classes.

I cheated in two places.

Test Plan: Edited and activated Herald rules.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran, chad

Maniphest Tasks: T2769

Differential Revision: https://secure.phabricator.com/D6688
2013-08-07 18:04:37 -07:00
epriestley
2c2fcc58ca Remove HeraldConditionConfig
Summary: Ref T2769. Moves all traces of HeraldConditionConfig into Adapters.

Test Plan: Edited rules and used Test Console to exercise both affected code paths. Tried to save invalid rules to hit error pat.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2769

Differential Revision: https://secure.phabricator.com/D6679
2013-08-07 18:04:36 -07:00
epriestley
ca66eeb07c Remove HeraldContentTypeConfig and move repetition to Adapters
Summary: Ref T2769. Get rid of the last use of `HeraldContentTypeConfig` by moving repetition options into Adapters.

Test Plan: Viewed / edited Herald rules.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2769

Differential Revision: https://secure.phabricator.com/D6664
2013-08-07 18:04:35 -07:00
epriestley
0640931d30 Use Adapters to render Herald transcripts
Summary: Ref T2769. Use Adapters to build all the strings for transcripts, then get rid of the old maps.

Test Plan: Viewed revision and commit transcripts.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2769

Differential Revision: https://secure.phabricator.com/D6663
2013-08-07 18:04:34 -07:00
epriestley
78eb81ffd0 Remove almost all instances of HeraldContentTypeConfig
Summary: Ref T2769. This cleans up almost every use of the HeraldContentTypeConfig class.

Test Plan: Viewed and edited Herald rules.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2769

Differential Revision: https://secure.phabricator.com/D6662
2013-08-07 18:04:33 -07:00
epriestley
9c637604a2 Move most Herald actions and values into dynamic adapters
Summary: Ref T2769. Shift the bulk of value and action config into Adapters.

Test Plan: Viewed and edited Herald list and rules.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran, vrana

Maniphest Tasks: T2769

Differential Revision: https://secure.phabricator.com/D6660
2013-08-07 18:03:54 -07:00
epriestley
2e87f9f53c Move most Herald condition config into dynamic adapters
Summary: Ref T2769. Pushes most condition configuration into Adapters, out of the hard-coded class.

Test Plan: Looked at, edited, and dry-run'd Herald rules.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2769

Differential Revision: https://secure.phabricator.com/D6658
2013-08-07 18:03:53 -07:00
epriestley
3490b6dd11 Move most Herald field configuration into dynamic Adapters
Summary: Ref T2769. Herald has a giant hard-coded list of fields. Primarily make these dynamic and adapter-based.

Test Plan: Viewed and edited Herald rules.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2769

Differential Revision: https://secure.phabricator.com/D6657
2013-08-07 18:03:52 -07:00
epriestley
6badb05d64 Make Herald adapters provide content types
Summary:
Ref T2769. Get content types out of hard-coded config and into dynamic adapters.

This removes the "MERGE" and "OWNERS" content types, which were vestigal. These needs are likely better addressed through subscriptions/transactions, and are obsolete, and haven't existed for 2+ years and no one has asked for them to be restored.

Test Plan: Mostly a bunch of grep. Viewed rule list, rule edit. Edited a revision.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2769

Differential Revision: https://secure.phabricator.com/D6656
2013-08-07 18:03:51 -07:00
epriestley
307a41e895 Rename "HeraldObjectAdapter" to "HeraldAdapter"
Summary: Ref T2769. The term "Object" is redundant.

Test Plan: grep

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2769

Differential Revision: https://secure.phabricator.com/D6655
2013-08-07 18:03:50 -07:00
epriestley
b1c4a258c9 Add ApplicationTransactions to Herald
Summary: Ref T2769. I'm planning to keep this pretty simple, but we have this ad-hoc edit log for rules already and some other mess that we can clean up.

Test Plan: No effect yet; see future changes.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2769

Differential Revision: https://secure.phabricator.com/D6654
2013-08-07 18:03:49 -07:00
epriestley
589ae8d26d Use ApplicationSearch in Herald
Summary: Ref T2769. Ref T2625. Herald is currently a giant mishmash of hard-codes and weird special cases. Move toward modernization and normality.

Test Plan: {F52716}

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2625, T2769

Differential Revision: https://secure.phabricator.com/D6652
2013-08-07 18:03:47 -07:00
epriestley
a7ce55e3ca Remove extra side navs in Herald
Summary: Ref T2769. Removes some nonstandard side navs.

Test Plan: Viewed affected pages.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2769

Differential Revision: https://secure.phabricator.com/D6651
2013-08-07 18:03:46 -07:00
epriestley
ceb7f830a4 Make HeraldRuleQuery policy-aware
Summary: Ref T2769. dem policy checks

Test Plan: Loaded `/herald/`; loaded rule editor.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2769

Differential Revision: https://secure.phabricator.com/D6650
2013-08-07 18:03:45 -07:00
epriestley
8eed5b1f14 Make HeraldRule implement PhabricatorPolicyInterface
Summary:
Ref T603. Ref T2769. Herald currently interacts with policies in a bad way; specifically, I can create a rule which emails me for everything, and thus learn about objects I can't otherwise see.

This shouldn't be possible, so I'm going to reduce personal rules to have only the viewer's scope.

For global rules, I think I'm always going to let any user edit them, but make who the rule acts as part of the configuration. There will be an option to make a rule omnipotent, but only admins (or some other special subset of users) will be able to select it.

Transactions/subscriptions will provide a check against users editing global rules in ways that are bad.

Test Plan: Next diffs.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T603, T2769

Differential Revision: https://secure.phabricator.com/D6649
2013-08-07 18:03:44 -07:00
epriestley
2820fdc89b Add PHIDs to Herald Rules
Summary: Ref T2769. Precursor to various Herald-related modernizations.

Test Plan: Ran migration; loaded Herald via web.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2769

Differential Revision: https://secure.phabricator.com/D6648
2013-08-07 18:03:37 -07:00
epriestley
d3e700ce19 Further mitigate BREACH by reducing reflectiveness
Summary:
Ref T3684. The URI itself is reflected in a few places. It is generally not dangerous because we only let you add random stuff to the end of it for one or two controllers (e.g., the file download controller lets you add "/whatever.jpg"), but:

  - Remove it entirely in the main request, since it serves no purpose.
  - Remove query parameters in Ajax requests. These are available in DarkConsole proper.

Also mask a few things in the "Request" tab; I've never used these fields when debugging or during support, and they leak quasi-sensitive information that could get screenshotted or over-the-shoulder'd.

I didn't mitgate `__metablock__` because I think the threat is so close to 0 that it's not worthwhile.

Test Plan: Used Darkconsole, examined Requests tab.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T3684

Differential Revision: https://secure.phabricator.com/D6699
2013-08-07 16:09:25 -07:00
epriestley
7298589c86 Proof of concept mitigation of BREACH
Summary: Ref T3684 for discussion. This could be cleaned up a bit (it would be nice to draw entropy once per request, for instance, and maybe respect CSRF_TOKEN_LENGTH more closely) but should effectively mitigate BREACH.

Test Plan: Submitted forms; submitted forms after mucking with CSRF and observed CSRF error. Verified that source now has "B@..." tokens.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T3684

Differential Revision: https://secure.phabricator.com/D6686
2013-08-07 16:09:05 -07:00
epriestley
ab7a091212 Fix text-mode rendering of object and Asana link views
Summary:
Ref T2852. Two issues:

  - Embeds (`T12`, `{T12}`) have some handle issues because handles run afoul of visibility checks under some configs. Make handles unconditionally visible.
  - Asana links don't render correctly into text mode. Give them a valid text mode rendering so they don't flip out.

Test Plan: Made comments with `T12` and `http://app.asana.com/...` and published them to Asana.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2852

Differential Revision: https://secure.phabricator.com/D6696
2013-08-07 13:29:09 -07:00
epriestley
aa8c661d5d Don't publish story text for "close" stories to Asana
Summary: Ref T2852. After some discussion, Asana doesn't want "close" stories either.

Test Plan: Used `bin/feed republish` to publish close and non-close stories from Differential and Diffusion. Verified comments were synchronized in the expected cases.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2852

Differential Revision: https://secure.phabricator.com/D6697
2013-08-07 13:28:58 -07:00
Chad Little
9c999e3548 Update pinboard view styles, move to PHUI
Summary: Tightens up the CSS to display more items (4 wide on 15") and fixes some mobile CSS issues with appseach. Fixes T3614

Test Plan: Tested Pholio, Macros, mobile layouts

Reviewers: epriestley, btrahan

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T3614

Differential Revision: https://secure.phabricator.com/D6694
2013-08-07 10:58:09 -07:00