1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2025-01-15 09:11:07 +01:00
Commit graph

76 commits

Author SHA1 Message Date
epriestley
02aa193cb0 Add a common password blacklist
Summary:
Fixes T4143. This mitigates the "use a botnet to slowly try to login to every user account using the passwords '1234', 'password', 'asdfasdf', ..." attack, like the one that hit GitHub.

(I also donated some money to Openwall as a thanks for compiling this wordlist.)

Test Plan:
  - Tried to register with a weak password; registered with a strong password.
  - Tried to set VCS password to a weak password; set VCS password to a strong password.
  - Tried to change password to a weak password; changed password to a strong password.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran, chad

Maniphest Tasks: T4143

Differential Revision: https://secure.phabricator.com/D8048
2014-01-23 14:01:18 -08:00
James Rhodes
4c143ad3b2 Phragment v0
Summary: Ref T4205.  This is an initial implementation of Phragment.  You can create and browse fragments in the system (but you can't yet view a fragment's patches / history).

Test Plan: Clicked around and created fragments.

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley

CC: Korvin, epriestley, aran

Maniphest Tasks: T4205

Differential Revision: https://secure.phabricator.com/D7726
2013-12-07 12:43:49 +11:00
Brooke Bryan
8af2f0d755 Fix undefined property in Amazon SES
Summary:
When sending an email through ses, the body property on the response object is not set, throwing a notice.  This causes the system to assume a messsage failure, and requeues the email.

As the email is actually delivered, it causes an email bomb :(

Message Undefined property: stdClass::$body
#0 /sidekick/phabricator/phabricator/externals/amazon-ses/ses.php(571): PhutilErrorHandler::handleError(8, 'Undefined prope...', '/sidekick/phabr...', 571, Array)
#1 [internal function]: SimpleEmailServiceRequest->__responseWriteCallback(Resource id #290, '<SendRawEmailRe...')
#2 /sidekick/phabricator/phabricator/externals/amazon-ses/ses.php(526): curl_exec(Resource id #290)
#3 /sidekick/phabricator/phabricator/externals/amazon-ses/ses.php(267): SimpleEmailServiceRequest->getResponse()
#4 /sidekick/phabricator/phabricator/src/applications/metamta/adapter/PhabricatorMailImplementationAmazonSESAdapter.php(33): SimpleEmailService->sendRawEmail('To: brooke.brya...')
#5 /sidekick/phabricator/phabricator/externals/phpmailer/class.phpmailer-lite.php(502): PhabricatorMailImplementationAmazonSESAdapter->executeSend('To: brooke.brya...')
#6 /sidekick/phabricator/phabricator/src/applications/metamta/adapter/PhabricatorMailImplementationPHPMailerLiteAdapter.php(91): PHPMailerLite->Send()
#7 /sidekick/phabricator/phabricator/src/applications/metamta/storage/PhabricatorMetaMTAMail.php(631): PhabricatorMailImplementationPHPMailerLiteAdapter->send()
#8 /sidekick/phabricator/phabricator/src/applications/metamta/management/PhabricatorMailManagementSendTestWorkflow.php(130): PhabricatorMetaMTAMail->sendNow()
#9 /sidekick/phabricator/libphutil/src/parser/argument/PhutilArgumentParser.php(396): PhabricatorMailManagementSendTestWorkflow->execute(Object(PhutilArgumentParser))
#10 /sidekick/phabricator/libphutil/src/parser/argument/PhutilArgumentParser.php(292): PhutilArgumentParser->parseWorkflowsFull(Array)
#11 /sidekick/phabricator/phabricator/scripts/mail/manage_mail.php(28): PhutilArgumentParser->parseWorkflows(Array)
#12 {main}

Test Plan: Send a test email through SES mail provider running on php 5.5

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley

CC: Korvin, epriestley, aran, btrahan

Differential Revision: https://secure.phabricator.com/D7660
2013-11-26 12:52:38 -08:00
epriestley
435134f7eb Strip +x from some WePay files
Summary: I opened a pull request to fix this in the WePay upstream, see
<https://github.com/wepay/PHP-SDK/pull/13>. Fix it here too now until that
gets pulled.

Auditors: btrahan
2013-11-12 17:48:47 -08:00
epriestley
09be177376 Update WePay API to HEAD
Summary: This is mostly to pick up the LICENSE file for packaging purposes,
but also fixes a bug I reported.

Auditors: btrahan
2013-11-06 14:05:29 -08:00
epriestley
f88a2b735d Remove spurious "+x" from files that shouldn't have it
Summary: We have a bunch of files with +x that aren't actually executable.
Remove +x from PNGs, etc.
2013-10-05 05:18:17 -07:00
Cam Spiers
66450698ba Provide clearer syntax highlighting for phame posts. Including background colour, overflow scrolling and border. Also support for tt tag differentiation
Summary: Clode blocks are now much clearer in blog posts with the usage of a bg color, border and scrolling for overflowing content

Test Plan: Create a phame post with a code block and see the visual difference

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin, chad

Differential Revision: https://secure.phabricator.com/D6320
2013-07-03 06:25:45 -07:00
epriestley
d20f4f6f20 Update S3 external library
Summary:
This fixes at least two issues with the S3 library on newer versions of cURL/PHP:

  - NOTICE: PHP message: [2013-07-02 22:15:54] ERROR 8: curl_setopt(): CURLOPT_SSL_VERIFYHOST with value 1 is deprecated and will be removed as of libcurl 7.28.1. It is recommended to use value 2 instead at [/core/lib/phabricator/externals/s3/S3.php:1744]
  - `$this->request->body` was appended to without initializing it, which rasies an error on PHP 5.5.0.

I looked over the rest of the changes briefly and they all seem reasonable-ish.

Test Plan:
  - Uploaded a file to S3.
  - Downloaded a file from S3.
  - Deleted a file from S3.
  - Checked error logs for anything suspicious.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Differential Revision: https://secure.phabricator.com/D6349
2013-07-02 18:55:08 -07:00
epriestley
49ef13e876 Add WePay as a one-time payment provider
Summary:
Ref T2787.

I //think// we could also use WePay as a recurring payment provider, but this is somewhat messy (OAuth + requires account) -- basically it's "add a WePay account" instead of "add a credit card".

The WePay checkout workflow is a bit upsell-y but basically reasonable.

I like that their API just has a `request($method, $params)` method instead of 30,000 lines of methods for each request type. I did hit one bug; I'll send a pull for that.

Test Plan: Got as far as the charge callback in testing; the rest isn't implemented for any provider yet.

Reviewers: btrahan, vrana, chad

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2787

Differential Revision: https://secure.phabricator.com/D5982
2013-05-21 15:34:46 -07:00
epriestley
0569218201 Use JsShrink if jsxmin is not available
Summary: If `jsxmin` is not available, use a pure PHP implementation instead (JsShrink).

Test Plan:
  - Ran `arc lint --lintall` on all JS and fixed every relevant warning.
  - Forced minification on and browsed around the site using JS behaviors. Didn't hit anything problematic.

Reviewers: vrana, btrahan

Reviewed By: vrana

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D5670
2013-05-18 17:04:22 -07:00
epriestley
23786784ef Add Balanced Payments API
Summary: Adds the Balanced PHP API to externals/. Ref T2787.

Test Plan: Used in next diff.

Reviewers: btrahan, chad

Reviewed By: chad

CC: aran, aurelijus

Maniphest Tasks: T2787

Differential Revision: https://secure.phabricator.com/D5764
2013-04-25 09:47:30 -07:00
epriestley
1e6deff8ba Don't use deprected "1" value to cURL CURLOPT_SSL_VERIFYHOST
Summary: Fixes T2962. That task discusses this issue.

Test Plan: Read php-curl documentation to verify this change makes sense. Sent an email with SES.

Reviewers: btrahan, garoevans

Reviewed By: garoevans

CC: aran

Maniphest Tasks: T2962

Differential Revision: https://secure.phabricator.com/D5669
2013-04-12 08:10:22 -07:00
epriestley
95f57756aa Move all external JS into webroot/rsrc/externals
Summary:
Currently, Celerity map rebuilds on Windows don't put Stripe or Raphael into the map. Move them into `webroot/rsrc/externals/` so they get picked up.

At some point we should maybe let the mapper load resources from mulitple locations, but this is more straightforward for now.

See https://github.com/facebook/phabricator/issues/294

Test Plan: Rebuilt map, verified Burnup Rate + Stripe work.

Reviewers: vrana, btrahan

Reviewed By: btrahan

CC: aran

Differential Revision: https://secure.phabricator.com/D5661
2013-04-11 10:06:05 -07:00
epriestley
9ca2bb991c Use ExecFuture to raise sendmail error codes out of PHPMailer
Summary:
Ref T2843. We currently drop any stdout/stderr emitted by sendmail. Instead, use `ExecFuture` so we'll throw an exception with debugging information preserved.

@tido, can you apply this and restart the daemons?

Test Plan: Rests on @tido

Reviewers: tido, btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2843

Differential Revision: https://secure.phabricator.com/D5464
2013-03-30 15:51:32 -07:00
Jakub Vrana
4d2cf457d4 Add space in header tags
Test Plan: Double clicked on the last word of title. Tag wasn't selected.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D5462
2013-03-30 10:10:30 -07:00
Jakub Vrana
1ee7bbe305 Move Javelin to webroot
Summary:
This is a major pain on Windows and the main reason why Phabricator doesn't work there and is hard to fix.
The sad part is that Windows support symlinks (via `MKLINK`) but Git on Windows doesn't use them.

Test Plan: Loaded Phabricator on Windows without JS errors.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D5458
2013-03-28 05:18:57 +00:00
epriestley
17b9ac41f1 Treat keyCode 10 as "return" in JX.Event
Summary: Fixes T2753. Return is sent as either 10 or 13, depending on browser and OS. See, e.g. [[ http://code.google.com/p/chromium/issues/detail?id=79407 | this Chromium issue ]].

Test Plan: @cystorm confirmed this patch fixes the issue on his system.

Reviewers: btrahan, codeblock

Reviewed By: codeblock

CC: cystorm, aran

Maniphest Tasks: T2753

Differential Revision: https://secure.phabricator.com/D5381
2013-03-19 10:57:54 -07:00
epriestley
34db006c4b Attempt to fix IE8 mixed content warning. 2013-02-26 08:00:20 -08:00
epriestley
26f8e76ee2 When an image is too wide in Pholio, scale it down
Summary:
Currently, if an image is too wide for the viewport, we freak out. Instead, scale it down.

This means we must also scale down all the rectangles on it, which is why this is tricky. However, all the draw/load separation has made it reasonably straightforward.

We'll possibly need to add some kind of "view full size" thing. I'm planning to add an element which shows "85%" or whatever if it's currently scaled.

Test Plan:
Before:

{F33607}

After:

{F33608}

Reviewers: chad, ljalonen

Reviewed By: chad

CC: aran

Differential Revision: https://secure.phabricator.com/D5088
2013-02-23 06:28:34 -08:00
epriestley
49c40d209d Tokens v1
Summary:
Features!

  - Giving tokens.
  - Taking tokens back.
  - Not giving tokens.

Test Plan: See screenshots.

Reviewers: chad, vrana

Reviewed By: chad

CC: aran, btrahan

Maniphest Tasks: T2541

Differential Revision: https://secure.phabricator.com/D4964
2013-02-15 07:47:14 -08:00
epriestley
0f1bdbe147 Merge branch 'master' into phutil_tag
(Sync.)
2013-02-04 06:19:52 -08:00
Lauri-Henrik Jalonen
209bf71b32 Add isNormalMouseEvent() to Javelin
Summary:
Added isNormalMouseEvent() that returns true if left mouse button triggered event click, mousedown or mouseup.
Modified isNormalMouseClick() to use new function.

Test Plan: Verified that new function works for click, mousedown and mouseup events.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T2475

Differential Revision: https://secure.phabricator.com/D4778
2013-02-01 08:48:27 -08:00
epriestley
fc4cb57357 Fix JSON encoding of PhutilSafeHTML for browser consumption
Summary:
If you run this code:

  json_encode(array('tag' => phutil_tag('div', array())));

...you get this result, because json_encode() does not call toString() on objects:

  {"tag":{}}

Instead, convert such objects to their underlying strings. Javelin has support for JX.HTML and for implicit conversion (which is kind of sketchy for other reasons) but it's sort of complicated (only happens on Ajax, not behaviors) and messy (not metadata-based), so ignore it for now.

We'll need to do something similar for serialization to the database. My plan there is just to throw on any objects. The only time we put HTML in the database is cache-related and those tiny number of callsites can manually handle it.

Test Plan: Various ajax things now receive the correct data.

Reviewers: vrana

Reviewed By: vrana

CC: aran

Maniphest Tasks: T2432

Differential Revision: https://secure.phabricator.com/D4684
2013-01-28 18:11:27 -08:00
epriestley
07767fda00 Use direct inclusion, not submodules, to bring Javelin into Phabricator
Summary:
Submoduling is slightly convenient for developers but hellishly difficult for many users. Since we make about a dozen updates to Javelin per year, just include the source directly.

Even if we run `git submodule status` more often, this creates additional problems for users with PATH misconfigured.

Fixes T2062 by nuking it from orbit.

Test Plan: Loaded site, browsed around. Grepped for references to submodules.

Reviewers: btrahan, vrana

CC: aran

Maniphest Tasks: T2062

Differential Revision: https://secure.phabricator.com/D4581
2013-01-22 12:43:55 -08:00
Bob Trahan
2b0526e9f9 one more phame tweak for better social sharing -- make sure $uri is the full uri
Summary: basically when we're on a page we have a URIPath so set that and pass it over. I wasn't super duper happy with this but it seems to be the best way to pass this data.

Test Plan: verified the og:url was correct on my dev instance of phacility blog for both the main blog and individual post view

Reviewers: epriestley

Reviewed By: epriestley

CC: chad, aran, Korvin

Differential Revision: https://secure.phabricator.com/D4269
2012-12-21 13:46:23 -08:00
epriestley
b116861b16 Add draft support to ApplicationTransactions
Summary:
When previewing, save drafts. When loading objects, restore drafts if they are available.

Depends on: D665

Test Plan:
  - Viewed a Mock.
  - Typed text into the comment box.
  - Reloaded the page.
  - Text still there.
  - Hit submit, got my comment.
  - Reloaded the page.
  - Draft correctly deleted.
  - Repeated for Macros.

Reviewers: btrahan, chad, vrana

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2104

Differential Revision: https://secure.phabricator.com/D4252
2012-12-21 05:57:14 -08:00
epriestley
eeb97db283 Fix EncodeQ implementation in PHPMailer, and provide SSL/TLS options
Summary:
See f5c2a2ab4b (commitcomment-2333247)

Copy of working implementation from PHPMailerLite.

Also expose the SSL/TLS options.

Test Plan: Switched to this mailer, configured Gmail SMTP, sent email. Verified email arrived intact.

Reviewers: btrahan, vrana

Reviewed By: btrahan

CC: aran, mbeck

Differential Revision: https://secure.phabricator.com/D4239
2012-12-20 11:11:15 -08:00
Hangjun Ye
f5c2a2ab4b Support SMTP as the mailer.
Summary:
Support SMTP as the mailer and user could turn on SMTP authentication if needed.
Import PHPMailer as PHPMailerLite doesn't support SMTP.

Make class PhabricatorMailImplementationPHPMailerAdapter final.

Test Plan: N/A

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T2139

Differential Revision: https://secure.phabricator.com/D4063
2012-12-09 02:37:02 -08:00
epriestley
d9fd43704f Improve Lightbox behavior for nonstandard clicks
Summary:
When users middle click or command-click an image, we should open it in a new tab, not open a lightbox.

See https://github.com/facebook/phabricator/issues/234

Test Plan: Left, middle, and command-clicked a lightbox image.

Reviewers: vrana, chad, btrahan

Reviewed By: vrana

CC: aran

Differential Revision: https://secure.phabricator.com/D4020
2012-11-22 08:25:13 -08:00
epriestley
7138427a05 Modify Celerity to emit required resources on Ajax responses
Summary: Companion diff to D4003.

Test Plan: Rigged up a response which loaded a CSS file with `body { background: red; }`, verified page turned red after I clicked the button.

Reviewers: vrana, chad, btrahan

Reviewed By: chad

CC: aran

Maniphest Tasks: T2086

Differential Revision: https://secure.phabricator.com/D4004
2012-11-21 08:37:01 -08:00
epriestley
e0cc277d5f Fix mask positioning and use mask classes in lightbox
Summary: See D3795 / D3797. Also made the mask darker.

Test Plan: Mask now sizes properly on window resize in all browsers / mask uses.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Differential Revision: https://secure.phabricator.com/D3798
2012-10-23 11:39:33 -07:00
epriestley
a3ffab6205 Use JX.Request.setRawData()
Summary:
See D3727.

@paulshen, these are the only callsites we have in Phabricator so we can remove `setFile()` once it's clear on the Facebook side.

Test Plan: Uploaded a file with drag and drop.

Reviewers: paulshen, vrana, mnml0

Reviewed By: mnml0

CC: aran

Differential Revision: https://secure.phabricator.com/D3769
2012-10-20 10:53:51 -07:00
epriestley
26f7425ee2 Allow blog resources to be served without Celerity
Summary:
Allow skins to serve arbitrary resources without needing to be mapped, so we can have a vibrant community of amateur skinners.

For "basic" skins, just put all the "css/" on the page always.

Includes an image to prove that works.

@vrana, pretty sure this has no impact outside of Phame but it does change Celerity so it might be to blame if there's any weirdness with static resources.

Test Plan:
{F21341}
{F21340}

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T1373

Differential Revision: https://secure.phabricator.com/D3719
2012-10-17 08:37:05 -07:00
epriestley
b3ad8507af Allow simple template-based skin definitions
Summary:
Lower the barrier to entry for installing and creating skins, so we can kill Wordpress. You can now install skins by dropping them into a directory, and build either "advanced" (full phutil library) skins or "basic" (simple PHP templates) skins.

Next up is getting static resources working in an easy way for skins.

I put these in `externals/` for now so they don't get hit by lint.

Test Plan: Viewed the Pokeblog with the Oblivious skin.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T1373

Differential Revision: https://secure.phabricator.com/D3717
2012-10-17 08:36:48 -07:00
epriestley
5b7616ad6e Update Javelin to D3573
Summary: Pull in the latest version of Javelin.

Test Plan: Used application typeahead on a ":8080" install, got sent to the right URI.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Differential Revision: https://secure.phabricator.com/D3584
2012-10-01 14:09:33 -07:00
vrana
8481f7ef09 Don't open symbols on double click
Summary:
My average double click speed is 10 ms but I tried to double click as I think normal people double clicks and it was around 200 ms.
I don't want to make the timeout much longer because it looks like that something doesn't work.

Test Plan:
Double clicked on symbol.
Clicked on symbol.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D3509
2012-09-17 16:08:53 -07:00
vrana
bde2c7ffc6 Update Javelin 2012-06-08 16:16:41 -07:00
epriestley
7b5f47b17d Enforce upload size limits and transport exceptions with appropriate response encoding
Summary:
  - When a user uploads an oversized file, throw an exception.
  - When an uncaught exception occurs during a Conduit request, return a Conduit response.
  - When an uncaught exception occurs during a non-workflow Ajax request, return an Ajax response.

Test Plan:
  - Uploaded overlarge files.
  - Hit an exception page with ?__ajax__=1 and ?__conduit__=1

Reviewers: btrahan, vrana, jungejason

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T875, T788

Differential Revision: https://secure.phabricator.com/D2385
2012-05-07 06:17:00 -07:00
vrana
6c0e22b3a3 Support IE8
Test Plan:
View revision in Chrome.
View revision in Firefox.
View revision in IE8.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran

Differential Revision: https://secure.phabricator.com/D2251
2012-04-17 11:01:30 -07:00
epriestley
1db0dadbcf Minor, use preg_replace_callback() in PHPMailerLite. See D2147.
Auditors: btrahan, vrana, 20after4
2012-04-16 07:05:41 -07:00
epriestley
f7b569e5d9 Don't use "/e" in PHPMailer Lite
Summary: PHP 5.4 raises an E_STRICT warning about "/e", and it's a generally awful idea, even though this case doesn't look exploitable. Silence the warning by using preg_replace_callback() instead of "/e".

Test Plan: Sent myself a message with a bunch of multibyte UTF8 characters in it, it came through cleanly.

Reviewers: btrahan, vrana, jungejason

Reviewed By: vrana

CC: aran

Maniphest Tasks: T1056

Differential Revision: https://secure.phabricator.com/D2147
2012-04-08 10:02:16 -07:00
Bob Trahan
cc586b0afa For discussion -- Stripe integration
Summary:
various stripe stuff, including

- external stripe library
- payment form
- test controller to play with payment form, sample business logic

My main questions / discussion topics are...

- is the stripe PHP library too big? (ie should I write something more simple just for phabricator?)
-- if its cool, what is the best way to include the client? (ie should I make it a submodule rather than the flat copy here?)
- is the JS I wrote (too) ridiculous?
-- particularly unhappy with the error message stuff being in JS *but* it seemed the best choice given the most juicy error messages come from the stripe JS such that the overall code complexity is lowest this way.
- how should the stripe JS be included?
-- flat copy like I did here?
-- some sort of external?
-- can we just load it off stripe servers at request time? (I like that from the "if stripe is down, stripe is down" perspective)
- wasn't sure if the date control was too silly and should just be baked into the form?
-- for some reason I feel like its good to be prepared to walk away from Stripe / switch providers here, though I think this is on the wrong side of pragmatic

Test Plan: - played around with sample client form

Reviewers: epriestley

Reviewed By: epriestley

CC: aran

Differential Revision: https://secure.phabricator.com/D2096
2012-04-04 16:09:29 -07:00
epriestley
84c40a732e Minor, don't minify raphael.js since it doesn't survive it
Auditors: btrahan
2012-04-02 12:09:04 -07:00
epriestley
43bd76336c Use Javelin placeholders and new sorting rules broadly; consolidate tokenizer construction code
Summary:
  - We have three nearly-identical blocks of Tokenizer construction code; consolidate them into Prefab.
  - Add placeholder support.
  - Augment server-side stuff to specify placeholder text.

Test Plan: Verified behavior of Differential edit tokenizers, Differential comment tokenizers, Maniphest edit tokenizers, Maniphest comment tokenizers, Maniphest filter tokenizers, Differential filter tokenizers, Owners filter tokenizers, Owners edit tokenizers, Herald edit tokenizers, Audit filter tokenizers.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran, epriestley

Maniphest Tasks: T772, T946

Differential Revision: https://secure.phabricator.com/D1844
2012-03-09 15:46:39 -08:00
epriestley
492d047a49 Improve tokenizer sorting rules
Summary:
Currently, we sort all results alphabetically. This isn't ideal. Instead, sort them like this:

  - If the viewing user appears in the list, always sort them first. This is common in a lot of contexts and some "Ben Evans" guy is sorting first on secure.phabricator.com and causing me no end of aggravation.
  - If the tokens match a "priority" component (e.g., username), sort that before results which do not have a "priority" match.
  - Within a group (self, priority, everything else) sort tokens alphabetically.

NOTE: I need to go add setUser() to all the tokenizers to make the "self" rule work, but that's trivial so I figured I'd get this out first.

Test Plan:
https://secure.phabricator.com/file/data/4s2a72l5hhyyqqkq4bnd/PHID-FILE-x2r6ubk7s7dz54kxmtwx/Screen_Shot_2012-03-07_at_9.18.03_AM.png

Previously, "aaaaaepriestley" (first alphabetic match) would sort before "epriestley" (the viewing user). Now, "epriestley" sorts first because that is the viewer.

https://secure.phabricator.com/file/data/rmnxgnafz42f23fsjwui/PHID-FILE-yrnn55jl3ysbntldq3af/Screen_Shot_2012-03-07_at_9.18.09_AM.png

Previously, "aaaagopher" (first alphabetic match) would sort before "banana" (the "priority" match). Now, "banana" sorts first because it priority matches on username.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran, epriestley

Maniphest Tasks: T946

Differential Revision: https://secure.phabricator.com/D1807
2012-03-07 13:17:44 -08:00
epriestley
41a265b464 Update Javelin and packaging
Summary:
  - Update the Javelin submodule to pick up recent fixes (like D1749).
  - Update the package definitions do do a slightly better job of packaging
resources.

Test Plan:
Up and down work in tokenizers now. Pages load slightly fewer
resources.

Reviewers: vrana, btrahan

Reviewed By: btrahan

CC: aran, epriestley

Maniphest Tasks: T927

Differential Revision: https://secure.phabricator.com/D1751
2012-03-01 17:23:00 -08:00
vrana
97144c0932 Support paste file uploads
Summary:
This is so freaking cool that I will try to implement it also on Facebook.
Idea is from
http://strd6.com/2011/09/html5-javascript-pasting-image-data-in-chrome/.
I don't know how to properly detect support but lying about it is not a big
deal.

Test Plan:
Go to revision comment textarea.
Paste some text data - works as usual.
Paste some image data in Chrome - file is uploaded and a link to it is inserted.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, epriestley

Differential Revision: https://secure.phabricator.com/D1681
2012-02-23 16:36:58 -08:00
epriestley
bf3dd8663c Add "buoyant" headers to Differential
Summary:
As you scroll through a diff, add a fixed-position header to the top of the
document to provide context. This is particularly useful with keyboard
navigation.

The technical implementation is that we seed the document with invisible
markers. When the user scrolls past one, we show a header with that text until
they scroll past another.

Test Plan:
Scrolled through a revision, was presented with context.

https://secure.phabricator.com/file/data/5xhh2jmoon6ukr5qjkh3/PHID-FILE-463ituscyhyw7utnox7m/Screen_Shot_2012-02-22_at_2.48.19_PM.png

Reviewers: btrahan

Reviewed By: btrahan

CC: aran, epriestley

Maniphest Tasks: T696

Differential Revision: https://secure.phabricator.com/D1673
2012-02-23 12:26:14 -08:00
epriestley
228c3781a2 Add gRaphael charting library
Summary:
I typed up like 30 pages here and then got my soul crushed by T895, but here's
the summary:

I looked at several charting libraries. There aren't very many that seem to be
any good and have an open-source license.

I also want the charts to be scriptable in JS so we can add good interactivity
where appropriate.

Raphael is an SVG drawing library which seems very solid. gRaphael is a charting
library on top of Raphael that is a lot less solid, but seems kind of OK.

Overall, I think this selection gives us a lot of flexibility, although we'll
have to pay some costs up front. I'd rather do that then get limited later,
though.

That said, I'm open to other suggestions here if anyone has experience or wants
to take a different stab at researching things.

This is largely for @vii and D1643.

Test Plan: Created a basic, fairly OK chart (see next revision).

Reviewers: btrahan, vii

Reviewed By: btrahan

CC: aran, epriestley

Differential Revision: https://secure.phabricator.com/D1654
2012-02-21 15:10:24 -08:00
vrana
460efc4489 Include added reviewers and ccs in preview
Summary: Preview of Add Reviewers looks silly without actually showing them

Test Plan:
Go to any diff
Leap into action: Add Reviewers
Add some reviewers
Write some comment
Preview including Added reviewers should be displayed
Change action to Comment
Added reviewers should disappear
Repeat with Add CCs

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, epriestley, vrana

Differential Revision: https://secure.phabricator.com/D1276
2012-01-04 17:08:13 -08:00