1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-24 07:42:40 +01:00
Commit graph

5828 commits

Author SHA1 Message Date
epriestley
b1c4a258c9 Add ApplicationTransactions to Herald
Summary: Ref T2769. I'm planning to keep this pretty simple, but we have this ad-hoc edit log for rules already and some other mess that we can clean up.

Test Plan: No effect yet; see future changes.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2769

Differential Revision: https://secure.phabricator.com/D6654
2013-08-07 18:03:49 -07:00
epriestley
589ae8d26d Use ApplicationSearch in Herald
Summary: Ref T2769. Ref T2625. Herald is currently a giant mishmash of hard-codes and weird special cases. Move toward modernization and normality.

Test Plan: {F52716}

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2625, T2769

Differential Revision: https://secure.phabricator.com/D6652
2013-08-07 18:03:47 -07:00
epriestley
a7ce55e3ca Remove extra side navs in Herald
Summary: Ref T2769. Removes some nonstandard side navs.

Test Plan: Viewed affected pages.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2769

Differential Revision: https://secure.phabricator.com/D6651
2013-08-07 18:03:46 -07:00
epriestley
ceb7f830a4 Make HeraldRuleQuery policy-aware
Summary: Ref T2769. dem policy checks

Test Plan: Loaded `/herald/`; loaded rule editor.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2769

Differential Revision: https://secure.phabricator.com/D6650
2013-08-07 18:03:45 -07:00
epriestley
8eed5b1f14 Make HeraldRule implement PhabricatorPolicyInterface
Summary:
Ref T603. Ref T2769. Herald currently interacts with policies in a bad way; specifically, I can create a rule which emails me for everything, and thus learn about objects I can't otherwise see.

This shouldn't be possible, so I'm going to reduce personal rules to have only the viewer's scope.

For global rules, I think I'm always going to let any user edit them, but make who the rule acts as part of the configuration. There will be an option to make a rule omnipotent, but only admins (or some other special subset of users) will be able to select it.

Transactions/subscriptions will provide a check against users editing global rules in ways that are bad.

Test Plan: Next diffs.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T603, T2769

Differential Revision: https://secure.phabricator.com/D6649
2013-08-07 18:03:44 -07:00
epriestley
2820fdc89b Add PHIDs to Herald Rules
Summary: Ref T2769. Precursor to various Herald-related modernizations.

Test Plan: Ran migration; loaded Herald via web.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2769

Differential Revision: https://secure.phabricator.com/D6648
2013-08-07 18:03:37 -07:00
epriestley
d3e700ce19 Further mitigate BREACH by reducing reflectiveness
Summary:
Ref T3684. The URI itself is reflected in a few places. It is generally not dangerous because we only let you add random stuff to the end of it for one or two controllers (e.g., the file download controller lets you add "/whatever.jpg"), but:

  - Remove it entirely in the main request, since it serves no purpose.
  - Remove query parameters in Ajax requests. These are available in DarkConsole proper.

Also mask a few things in the "Request" tab; I've never used these fields when debugging or during support, and they leak quasi-sensitive information that could get screenshotted or over-the-shoulder'd.

I didn't mitgate `__metablock__` because I think the threat is so close to 0 that it's not worthwhile.

Test Plan: Used Darkconsole, examined Requests tab.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T3684

Differential Revision: https://secure.phabricator.com/D6699
2013-08-07 16:09:25 -07:00
epriestley
7298589c86 Proof of concept mitigation of BREACH
Summary: Ref T3684 for discussion. This could be cleaned up a bit (it would be nice to draw entropy once per request, for instance, and maybe respect CSRF_TOKEN_LENGTH more closely) but should effectively mitigate BREACH.

Test Plan: Submitted forms; submitted forms after mucking with CSRF and observed CSRF error. Verified that source now has "B@..." tokens.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T3684

Differential Revision: https://secure.phabricator.com/D6686
2013-08-07 16:09:05 -07:00
epriestley
ab7a091212 Fix text-mode rendering of object and Asana link views
Summary:
Ref T2852. Two issues:

  - Embeds (`T12`, `{T12}`) have some handle issues because handles run afoul of visibility checks under some configs. Make handles unconditionally visible.
  - Asana links don't render correctly into text mode. Give them a valid text mode rendering so they don't flip out.

Test Plan: Made comments with `T12` and `http://app.asana.com/...` and published them to Asana.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2852

Differential Revision: https://secure.phabricator.com/D6696
2013-08-07 13:29:09 -07:00
epriestley
aa8c661d5d Don't publish story text for "close" stories to Asana
Summary: Ref T2852. After some discussion, Asana doesn't want "close" stories either.

Test Plan: Used `bin/feed republish` to publish close and non-close stories from Differential and Diffusion. Verified comments were synchronized in the expected cases.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2852

Differential Revision: https://secure.phabricator.com/D6697
2013-08-07 13:28:58 -07:00
Chad Little
9c999e3548 Update pinboard view styles, move to PHUI
Summary: Tightens up the CSS to display more items (4 wide on 15") and fixes some mobile CSS issues with appseach. Fixes T3614

Test Plan: Tested Pholio, Macros, mobile layouts

Reviewers: epriestley, btrahan

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T3614

Differential Revision: https://secure.phabricator.com/D6694
2013-08-07 10:58:09 -07:00
Kieran Brownlees
8b07c498d4 Add NEEDS_REVISION support to DifferentialRevisionQuery
Reviewed by: epriestley

See: https://github.com/facebook/phabricator/pull/370
2013-08-07 08:00:32 -07:00
Chad Little
1ab7622edf Fix project stories.
Summary: Fix missed %s

Test Plan: Load up feed.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D6692
2013-08-06 21:01:20 -07:00
Chad Little
6775005bad Add differential comments to feed.
Summary: We already show transaction and maniphest comments.

Test Plan: Review my feed, see diff comment.

Reviewers: epriestley, btrahan

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D6687
2013-08-06 11:08:11 -07:00
Jakub Vrana
ce62632e15 Add example for bugtraq.logregex with two parts
Summary: Also fix displaying array examples.

Test Plan: Used it in `linkBugtraq()`.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T3620

Differential Revision: https://secure.phabricator.com/D6667
2013-08-06 09:29:22 -07:00
Chad Little
b348aaefb9 Add Hovercards / restyle feed one line stories.
Summary: This adds hovercards to most stories and removes the profile photo from one line stories. I don't know about my implementation, which has difficulties with application transactions (because it shows status). Which leads me to a bigger question, which is can we render all people through a common function like AphrontTagView so we can easily class and/or hovercard it anywhere.

Test Plan: Reviewed my feed, various stories.

Reviewers: epriestley, btrahan

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D6684
2013-08-06 09:20:04 -07:00
epriestley
5a352d0a69 Improve phd help
Summary: Fixes T3680. One description was wrong, and clean up some of the other stuff.

Test Plan: Ran `phd`.

Reviewers: btrahan, Korvin

Reviewed By: Korvin

CC: aran, jifriedman, Korvin

Maniphest Tasks: T3680

Differential Revision: https://secure.phabricator.com/D6683
2013-08-06 09:10:53 -07:00
Bob Trahan
0e6b5073cd Paste - add support for email replies and subscribers
Summary: Email replies and subscribers seem to go hand in hand so deploy both at once.

Test Plan: played around with bin/mail. Verified replies posted comments on the paste.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T3650

Differential Revision: https://secure.phabricator.com/D6682
2013-08-05 17:11:46 -07:00
epriestley
42af0d66d9 Use ApplicationSearch in Feed
Summary: Ref T2625. This doesn't do anything fancy, but gives feed a little more flexibility.

Test Plan: Viewed `/feed/`.

Reviewers: btrahan, chad

Reviewed By: chad

CC: aran

Maniphest Tasks: T2625

Differential Revision: https://secure.phabricator.com/D6681
2013-08-05 14:10:41 -07:00
Eric Stern
b20a0eed13 Filter only possibly-tainted keys from superglobals
Summary: Ensures that weird behavior from filter_input_array does not remove keys from superglobals. Should fix T3677.

Test Plan:
Checked that $_SERVER contained same number of keys before and after
filtering, and that those affected by the original bug continue to be filtered
correctly.

Reviewers: epriestley, btrahan

Reviewed By: epriestley

CC: zorfling, aran, Korvin, wez

Maniphest Tasks: T3677

Differential Revision: https://secure.phabricator.com/D6680
2013-08-05 11:45:21 -07:00
epriestley
b712905dc1 Add a "document" style to PHUIRemarkupPreviewPanel and use it in Legalpad and Phriction
Summary: Ref T3671. Depends on D6674. Continues work in D6673, D6674 and extends it into Legalpad and Phriction. Then deletes a bunch of dead code.

Test Plan: Edited documents in Legalpad and Phriction, verified I got reasonable looking previews.

Reviewers: btrahan, Firehed

Reviewed By: btrahan

CC: aran, chad

Maniphest Tasks: T3671

Differential Revision: https://secure.phabricator.com/D6675
2013-08-05 10:47:26 -07:00
epriestley
b2fa1293a7 Use PHUIRemarkupPreviewPanel in Ponder
Summary:
Ref T3578. Ref T3671. Depends on D6673. Use `PHUIRemarkupPreviewPanel` (introduced in D6673) to provide question create/edit and answer edit previews in Ponder.

Then delete a million lines of duplicate code.

Test Plan: Edited a question; edited an answer. Saw live previews.

Reviewers: btrahan, Firehed

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T3578, T3671

Differential Revision: https://secure.phabricator.com/D6674
2013-08-05 10:47:06 -07:00
epriestley
193a9611e4 Partially generalize Remarkup previews and add support to Differential
Summary:
Ref T3671. A lot of applications have pretty ad-hoc preview code. Clean it up a bit and add Summary preview to Differential.

After ApplicationTransactions we might want to try to serialize the whole form and show a preview of all the transactions, but this seems not very useful in most cases (I'd guess that Remarkup previews are 99% of the value) and tricky to get right (e.g., adding images which don't exist yet to Pholio mocks).

I think I can add this in a few other places, too.

Test Plan:
Edited Maniphest Tasks and Differential Revisions, mashed some buttons. Verified previews rendered correctly. Grepped for removed CSS classes (no hits).

{F52907}

Reviewers: btrahan, Firehed

Reviewed By: btrahan

CC: aran, chad

Maniphest Tasks: T3671

Differential Revision: https://secure.phabricator.com/D6673
2013-08-05 10:46:39 -07:00
epriestley
86989c9f98 Provide a more flexible script for administrative management of audits
Summary: Fixes T3679. This comes up every so often and the old script is extremely broad (nuke everything in a repository). Provide a more surgical tool.

Test Plan: Ran a bunch of variations of the script and they all seemed to work OK.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran, staticshock

Maniphest Tasks: T3679

Differential Revision: https://secure.phabricator.com/D6678
2013-08-05 10:35:01 -07:00
epriestley
02ccca4bbd Fix Maniphest fatal if attached tasks are not an array
Summary: Fixes T3678. I think some very old rows may have a junk value here. This will be obsoleted by ApplicationTransactions and other modernization, most likely, so just fix it locally.

Test Plan: looked at a task

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T3678

Differential Revision: https://secure.phabricator.com/D6677
2013-08-05 10:27:50 -07:00
Chad Little
3fd2c0ff90 Re-implement one line stories.
Summary: This puts back the 'one line' story we previously had with the updated design.

Test Plan: Review my feed.

Reviewers: epriestley, btrahan

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D6666
2013-08-05 10:10:33 -07:00
Eric Stern
44a883f941 Pass raw QUERY_STRING to parser
Summary:
Fixes issue where double-encoding of $_SERVER occurs when php.ini forces all input to be sanitized

Ex:
filter.default = full_special_chars
filter.default_flags = 36

Fix line length

Test Plan: Encountered issue on clean install when registring new user (phusr not defined for email verification). php.ini on that server contains above filter settings. nginx/php-fpm with recommended settings for that server block from setup guide.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, epriestley

Differential Revision: https://secure.phabricator.com/D6672
2013-08-04 18:07:35 -07:00
Korvin Szanto
61f0671e87 Fix PhabricatorBot macro cacheing
Summary:
Previously, if there were no macros, we would ping conduit for a list of macros until we got something. Now we cache false when there are no results.
T3045

Test Plan: Ensure the init doesn't call the ##macro.query## conduit method more than once during the PhabricatorBot's lifetime.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran

Maniphest Tasks: T3045

Differential Revision: https://secure.phabricator.com/D6671
2013-08-04 15:40:04 -07:00
Korvin Szanto
40cf765ca2 Line highlighting for pastes
Summary:
Add the ability to select singular and multiple lines in paste to highlight.
This is related to T3627

Test Plan: Create a paste, select one or more lines.

Reviewers: epriestley, tberman

Reviewed By: epriestley

CC: aran, chad

Maniphest Tasks: T3627

Differential Revision: https://secure.phabricator.com/D6668
2013-08-04 12:12:37 -07:00
epriestley
a5f790e192 Handle "multipart/form-data" correctly even if we get the data
Summary: Fixes T3673. Supposedly we won't get any data in this case, but it seems we sometimes do. See discussion in task.

Test Plan: Used `var_dump()`, etc., to verify we short circuit out of "multipart/form-data" posts regardless of the presence of input data.

Reviewers: nmalcolm, btrahan

Reviewed By: nmalcolm

CC: aran

Maniphest Tasks: T3673

Differential Revision: https://secure.phabricator.com/D6670
2013-08-04 11:37:17 -07:00
epriestley
ed9edc5d3a Minor, fix Paste SQL patch for databases with all warnings turned on.
This column has no default value and throws if you have maximum warnings activated:

  EXCEPTION: (AphrontQueryException) #1364: Field 'commentVersion' doesn't have a default value...

Auditors: btrahan
2013-08-04 11:32:32 -07:00
epriestley
0de3b351b2 Fix string construction of submit button in Flag
Summary: Fixes T3674.

Test Plan: Clicked "flag for later"; checked error log.

Reviewers: btrahan, chad

Reviewed By: chad

CC: aran

Maniphest Tasks: T3674

Differential Revision: https://secure.phabricator.com/D6669
2013-08-04 08:16:09 -07:00
Bob Trahan
37a5c4b11a Paste - add transactions
Summary: Ref T3650. This adds a create transaction, transactions for metadata (title, langauge, view policy), and comments. Editor is used on all create /edit paths.

Test Plan: made some pastes via web and email - yay. edited pastes - yay. verified txns showed up on pastes and in feed correctly.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T3516, T3650

Differential Revision: https://secure.phabricator.com/D6645
2013-08-02 12:56:58 -07:00
Chad Little
4a4181aea6 Emoticons, Pack 1
Summary: n/a

Test Plan: photoshop, imageoptim

Reviewers: epriestley, btrahan

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D6661
2013-08-02 12:00:26 -07:00
Bob Trahan
ee9830a950 Fix a small bug - %d => %s
Summary: easy peasy. noticed it trying to fix an image.

Test Plan: can fix image by phid once more!

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D6659
2013-08-02 11:20:25 -07:00
epriestley
f0857e4fd8 Improve error message for bad timestamps
Summary: Ref T3031. While we should probably do more than this, provide a more useful error message so I don't have to make users run `date` and such.

Test Plan:
Added `|| true` and ran `arc list`:

  $ arc list --conduit-uri=http://local.aphront.com:8080/
  Exception
  ERR-INVALID-TOKEN: The request you submitted is signed with a timestamp, but that timestamp is not within 15 m of the current time. The signed timestamp is 1375454102 (Fri, 02 Aug 2013 07:35:02 -0700), and the current server time is 1375454102 (Fri, 02 Aug 2013 07:35:02 -0700). This is a differnce of 0 seconds, but the timestamps must differ from the server time by no more than 900 seconds. Your client or server clock may not be set correctly.
  (Run with --trace for a full exception trace.)

Reviewers: btrahan, chad

Reviewed By: chad

CC: aran

Maniphest Tasks: T3031

Differential Revision: https://secure.phabricator.com/D6653
2013-08-02 07:38:59 -07:00
Jakub Vrana
6c7f36f6b8 Use filtered query instead of filter in Elasticsearch
Summary:
The 'filter' works like this: Get all results matching query (all if there's no query), compute facets (if there are any) and then filter out the uninteresting results.
The 'filtered' query applies the filters when searching, not when processing results.
This is obviously not documented anywhere in the great Elasticsearch documentation.
http://stackoverflow.com/questions/14007078/performance-of-elastic-queries

We don't hit this problem very often as we usually use some query.

Test Plan: Searched for open documents using Elasticsearch, verified the sent JSON, verified results.

Reviewers: epriestley, wez

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D6643
2013-08-01 16:38:39 -07:00
Chad Little
78f73e7d45 Add one-line feed story.
Summary: It turns out not everything is interesting. This adds a oneline story with less vertical space.

Test Plan: UIExamples

Reviewers: epriestley, btrahan

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D6640
2013-08-01 15:23:07 -07:00
epriestley
fd2593e8ab Restore setting "disabled" on user handles of disabled users
Summary:
Fixes T3666. D6585 updated the User handles, but accidentally dropped this unusual property.

We should get rid of this -- it doesn't really make any sense on Handles -- but restore the previous beahvior to fix T3666 until we can nuke it.

Test Plan: Clicked some pages? (Actually testing this properly is a bit of a pain and I am super lazy.)

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T3666

Differential Revision: https://secure.phabricator.com/D6644
2013-08-01 14:50:45 -07:00
Bob Trahan
1663dc32c9 Pholio - finish off history view
Summary:
...bsasically add a "view mode" and play with that throughout the stack. Differences are...

 - normal mode has comments; history mode does not
 - normal mode has inline comments; history mode does not
 - page uris are correct with respect to either mode

 ...and that's about it. I played around (wasted too much time) trying to make this cuter. I think just jamming this mode in here is the easiest / cleanest thing at the end. Feel free to tell me otherwise!

This largely gets even better via T3612. However, this fixes T3572.

Test Plan: played around with a mock with some history. noted correct uris on images. noted no errors in js console.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T3572

Differential Revision: https://secure.phabricator.com/D6638
2013-08-01 13:59:37 -07:00
epriestley
75e56cb25d Publish create object stories into Asana sort of, but not really
Summary: Ref T2852. Current code works fine, but although we want to drop creation stories, we really only want to drop the story text, not the other effects of the creation story. Also generalize this mechanism so we don't have Asana-specific code in the publishers.

Test Plan: Used `bin/feed republish` to publish creation and non-creation stories. Verified creation story published no text.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2852

Differential Revision: https://secure.phabricator.com/D6639
2013-08-01 12:19:18 -07:00
epriestley
22d7b54378 Add missing "phabricator-remarkup" div
Summary: Fixes T3652.

Test Plan: Created a Ponder question with fancy remarkup in the descriptive text.

Reviewers: btrahan, Firehed

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T3652

Differential Revision: https://secure.phabricator.com/D6632
2013-07-30 15:50:27 -07:00
Bob Trahan
2ee1f8cb4e Add some create mail handlers for paste and files
Summary: Fixes T1144. Though actually I think T1144 wanted some handy way to email from the command-line / arc, this is cooler. :D

Test Plan: set conf properly and then ./bin/mail receive-test --as btrahan --to pasties@phabricator.dev | README  --> it worked...! couldn't test files as easily but verified exception thrown when I tried to test.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T1144

Differential Revision: https://secure.phabricator.com/D6622
2013-07-30 13:26:55 -07:00
epriestley
ece246cb72 Modernize Releeph Request create/edit controller
Summary: Ref T3092.

Test Plan: Created a new pick request. Edited an existing pick request.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T3092

Differential Revision: https://secure.phabricator.com/D6630
2013-07-30 12:38:32 -07:00
epriestley
333e377488 Modernize Releeph project create controller
Summary:
Ref T3092.

  - Check for a duplicate key error;
  - do less single loading and use Query classes;
  - use responsive UI elements;
  - add crumbs.

Test Plan: Created a new project, and hit error cases.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T3092

Differential Revision: https://secure.phabricator.com/D6629
2013-07-30 12:38:11 -07:00
Bob Trahan
c6ae9c5672 Fix Pholio feed fatal
Summary: need to filter images that we can't find mocks for. Fixes T3645. Note I have some other errors in my feed which are really tricky to debug and might be garbage data; I want to see what happens in prod post this push.

Test Plan: set a mock visibility to no one and feed worked

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T3645

Differential Revision: https://secure.phabricator.com/D6631
2013-07-30 12:27:44 -07:00
epriestley
8d21dc0d52 Use application PHIDs for ATOM
Summary: Ref T2715.

Test Plan: `phid.query`

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2715

Differential Revision: https://secure.phabricator.com/D6597
2013-07-30 06:49:13 -07:00
epriestley
bdc93f65a2 Use application PHIDs for Diviner Books
Summary: Ref T2715.

Test Plan: `phid.query`

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2715

Differential Revision: https://secure.phabricator.com/D6596
2013-07-30 06:47:07 -07:00
Chad Little
8e1dd430fd Fix feed action icons
Summary: Feed stories have the ability to attach actions, but they were broken

Test Plan: review ui examples

Reviewers: epriestley, btrahan

Reviewed By: btrahan

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D6621
2013-07-29 12:12:14 -07:00
epriestley
999b47ca5c Celery! 2013-07-29 12:07:35 -07:00