1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-27 09:12:41 +01:00
Commit graph

1959 commits

Author SHA1 Message Date
epriestley
23fd936b47 Add some basic signature stripping
Summary: See discussion in T789. Covered the obvious cases, at least. We can refine this as we get a larger sample size.

Test Plan: Unit test coverage.

Reviewers: btrahan, vrana, jungejason

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T789

Differential Revision: https://secure.phabricator.com/D2154
2012-04-08 15:04:12 -07:00
epriestley
056fd755da Detect missing InnoDB in MySQL
Summary: See T993. MySQL fails very very softly if you request an engine which does not exist. Detect and fail if the InnoDB engine is missing or broken.

Test Plan: Faked InnoDB missing, got a failure. Ran normally, got success.

Reviewers: btrahan, vrana, jungejason

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T993

Differential Revision: https://secure.phabricator.com/D2160
2012-04-08 15:03:38 -07:00
epriestley
e4df959064 Use Celerity to version all static resources
Summary:
We don't use versioned URIs for images, so when they change users may get old versions.

This was a particular issue with the recent logo change, which several users reported cache-related issues from.

Instead, use Celerity to manage image URI versions in addition to CSS/JS.

This is complicated, because we need to rewrite image URIs inside of CSS, which means the hash of a CSS file has to be derived from the current image data. Otherwise, when we updated an image the CSS wouldn't update, so we wouldn't be any better off.

So basically we:

  - Find all the "raw" files, and put them into the map.
  - Find all the CSS/JS, perform content-altering transformations on it (i.e., not minification) based on the partial map, and then put it into the map based on transformed hashes.

(If we wanted, we could now do CSS variables or whatever for "free", more or less.)

Test Plan:
  - Regenerated celerity map, browsed site, verified images generated with versioned URIs.
  - Moved "blue" flag image over "green" flag image, regenerated map, verified "green" flag image and the associated CSS changed hashes.
  - Added transformation unit tests; ran unit tests.

Reviewers: btrahan, vrana, jungejason

Reviewed By: vrana

CC: aran

Maniphest Tasks: T1073

Differential Revision: https://secure.phabricator.com/D2146
2012-04-08 10:07:51 -07:00
epriestley
f7b569e5d9 Don't use "/e" in PHPMailer Lite
Summary: PHP 5.4 raises an E_STRICT warning about "/e", and it's a generally awful idea, even though this case doesn't look exploitable. Silence the warning by using preg_replace_callback() instead of "/e".

Test Plan: Sent myself a message with a bunch of multibyte UTF8 characters in it, it came through cleanly.

Reviewers: btrahan, vrana, jungejason

Reviewed By: vrana

CC: aran

Maniphest Tasks: T1056

Differential Revision: https://secure.phabricator.com/D2147
2012-04-08 10:02:16 -07:00
epriestley
b90d41dd90 Add an "--ignore-duplicates" flag to import_project_symbols.php
Summary: People are hella lazy and don't want to do this themselves.

Test Plan: Generated a symbol file with duplicates and piped it in, got an import under --ignore-duplicates.

Reviewers: kdeggelman, btrahan, vrana, jungejason

Reviewed By: jungejason

CC: aran

Differential Revision: https://secure.phabricator.com/D2145
2012-04-07 17:25:38 -07:00
epriestley
dd21f7e37c Make error views look less awful
Summary: These elements look heavy and out of place right now.

Test Plan: Looked at error views in uiexample page.

Reviewers: btrahan, vrana, jungejason

Reviewed By: jungejason

CC: aran

Differential Revision: https://secure.phabricator.com/D2144
2012-04-07 17:25:31 -07:00
epriestley
780da42126 Show user a notice when they view "My Projects" for feed but haven't joined any projects
Summary: Currently, we show them everything. Instead, show them an explicit notice.

Test Plan: Looked at "My Projects" feed with no projects.

Reviewers: btrahan, vrana, jungejason

Reviewed By: jungejason

CC: aran

Maniphest Tasks: T1015

Differential Revision: https://secure.phabricator.com/D2143
2012-04-07 17:25:24 -07:00
epriestley
ee278a302e Improve Diffusion blame views
Summary:
  - Make some effort to simplify the code.
  - Make "Skip Past This Commit" work in Git and Mercurial.
  - Make blame work in Mercurial.
  - Add tooltip hover state to show more information about commits.

Test Plan: Viewed blame views in SVN, Git, Hg. Clicked line numbers, hovered/clicked commits, hovered/clicked "blame past..."

Reviewers: btrahan, vrana, jungejason

Reviewed By: vrana

CC: aran

Maniphest Tasks: T378

Differential Revision: https://secure.phabricator.com/D2142
2012-04-07 17:24:35 -07:00
vrana
df67401e24 Add typehints to Diffusion browse file controller
Test Plan: Display commit.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran

Differential Revision: https://secure.phabricator.com/D2139
2012-04-07 16:03:55 -07:00
Jason Ge
bbeb850d63 Fix missing inline comments issue
Summary:
some inline comments are missing in the revision page. The
reason is that the inline comments got overwritten if multiple groups of
comments are modifying the same file
(https://secure.phabricator.com/diffusion/P/browse/master/src/applications/differential/view/revisioncomment/DifferentialRevisionCommentView.php;f6748bc1907d946ffe5a0957964a5eb5fe90514f$299).

Test Plan: the comments used to be missing renders now.

Reviewers: epriestley, nh

Reviewed By: epriestley

CC: hwang, aran

Differential Revision: https://secure.phabricator.com/D2135
2012-04-07 14:05:52 -07:00
Jason Ge
4f5ce3d9a3 Update ibrary map file
Summary: Update ibrary map file. It's probably caused by D2113.

Test Plan: arc unit passed for the testEverythingImplemented test case.

Reviewers: vrana, epriestley

Reviewed By: epriestley

CC: aran

Differential Revision: https://secure.phabricator.com/D2134
2012-04-07 14:04:58 -07:00
epriestley
d4839f402c Minor, test fix for D2140? I think this fixes the issue in D2140, pushing to verify...
Auditors: 20after4, btrahan
2012-04-07 12:59:06 -07:00
vrana
5493c0e58e Fix typo 2012-04-07 11:45:31 -07:00
epriestley
ff4f72fdab Minor documentation updates.
Auditors: vrana, btrahan
2012-04-07 11:05:58 -07:00
epriestley
6c2e032dbe Minor, fix a heading in documentation.
Auditors: vrana, btrahan
2012-04-07 11:02:48 -07:00
epriestley
c894344505 Minor, fix some doc links.
Auditors: vrana, btrahan
2012-04-07 10:59:14 -07:00
vrana
d4c5761f41 Customizable MySQL implementation
Test Plan:
- /
- upgrade_schema.php
- Setup
- Try disabling mysql_connect.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran

Differential Revision: https://secure.phabricator.com/D2133
2012-04-07 10:54:12 -07:00
epriestley
34ca4a9ba7 Update arcanist documentation to reflect "land", a sane relative commit, and "--auto"
Summary: See D2080. The introduction of `arc land`, defaulting to `origin/master`, and --auto enormously simplifies the documentation.

Test Plan: Read documentation.

Reviewers: btrahan

Reviewed By: btrahan

CC: 20after4, aran

Maniphest Tasks: T894

Differential Revision: https://secure.phabricator.com/D2082
2012-04-07 10:39:51 -07:00
epriestley
869f24bf33 Fix reticle for diff-of-diffs
Summary:
The older logic was incorrect:

  - It chose `change.left` for `data.on_right` being true.
  - 'O' and 'N' mean 'old' and 'new', not 'left' and 'right'. In diff-of-diffs, both sides are 'N'.

So, select the changeset ID correctly (pick the right side one for on_right), and select the new file prefix correctly (N for new, O for old).

Test Plan: Waved my mouse over some inline comments in a diff-of-diffs, got reasonable-looking reticles.

Reviewers: vrana, btrahan

Reviewed By: vrana

CC: aran

Maniphest Tasks: T1076

Differential Revision: https://secure.phabricator.com/D2138
2012-04-07 10:39:41 -07:00
vrana
7507981f22 Don't fatal with inaccessible database
Test Plan: Disable `mysql_connect()`.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran

Differential Revision: https://secure.phabricator.com/D2137
2012-04-07 10:31:36 -07:00
vrana
58d0ee2de0 Improve Windows support
Test Plan: Display stacktrace, verify that filenames are links.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran

Differential Revision: https://secure.phabricator.com/D2132
2012-04-07 10:15:54 -07:00
epriestley
3fdd8c497c Possible fix for T1076, pushing to verify.
I think the issue is that we don't set the left-side changesetID correctly. This seems to work correctly locally, but I'm not sure I got a good repro. Pushing to verify the production test cases provided in T1076.

Auditors: vrana, btrahan
2012-04-07 10:01:28 -07:00
vrana
9b043e5966 Bump required PHP version
Summary:
`mysql_set_charset()` is available since PHP 5.2.3.
I've searched also for other new functions and this is the newest.

Test Plan: /

Reviewers: epriestley

Reviewed By: epriestley

CC: aran

Differential Revision: https://secure.phabricator.com/D2126
2012-04-06 15:26:46 -07:00
Jason Ge
f6748bc190 The existing Audit code forgot to set authorPHID
Summary:
The audit tools has many false positive about Author Not
Matching with Revision. The fix is to set the authorPHID which was
missing in the existing code

Test Plan:
run reparse.php and it doesn't generate false positive result
anymore.

Reviewers: nh, epriestley

Reviewed By: epriestley

CC: aran

Differential Revision: https://secure.phabricator.com/D2119
2012-04-06 14:16:42 -07:00
epriestley
f7c74e3fb8 Remove an extra </p>
Summary: renderMiniPanel() renders the entire <p>.

Test Plan: Looked at page source for homepage, verified there was no double </p>.

Reviewers: vrana, btrahan

Reviewed By: vrana

CC: aran

Maniphest Tasks: T1079

Differential Revision: https://secure.phabricator.com/D2128
2012-04-06 14:09:24 -07:00
vrana
a234a712cd Disable autoload in search for internal class
Test Plan:
/diffusion/symbol/Exception/?jump=1&type=class&lang=php
/diffusion/symbol/Countable/?jump=1&type=class&lang=php

Reviewers: epriestley

Reviewed By: epriestley

CC: aran

Differential Revision: https://secure.phabricator.com/D2124
2012-04-06 12:46:12 -07:00
vrana
e69ba98e20 Prepare for MySQLi support
Summary: This separates common MySQL stuff (identifiers and comments escaping, error codes, connection retries) from PHP extension specific stuff (connect, query, fetch, errors, escape string).

Test Plan:
/
Use `AphrontMySQLiDatabaseConnection` in `PhabricatorLiskDAO`, load homepage, edit task, save task.

Reviewers: epriestley

Reviewed By: epriestley

CC: nh, aran

Differential Revision: https://secure.phabricator.com/D2113
2012-04-06 12:43:56 -07:00
vrana
2211a0b07e Don't render <div> inside <span>
Test Plan: D1

Reviewers: epriestley

Reviewed By: epriestley

CC: aran

Differential Revision: https://secure.phabricator.com/D2121
2012-04-06 10:15:44 -07:00
vrana
23b65c13f4 Use Filesystem::readRandomBytes() in setup
Test Plan: Run setup.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran

Differential Revision: https://secure.phabricator.com/D2123
2012-04-06 10:10:33 -07:00
vrana
36ee5dba51 Jump to TOC after Show Diff
Summary: I've found it useful mainly on smaller screen or with lots of comments.

Test Plan: Show Diff

Reviewers: epriestley

Reviewed By: epriestley

CC: aran

Differential Revision: https://secure.phabricator.com/D2122
2012-04-06 09:56:28 -07:00
vrana
1f2028adf0 Render valid HTML
Summary: Also delete some dead code.

Test Plan: /D1

Reviewers: tuomaspelkonen, epriestley

Reviewed By: epriestley

CC: aran, epriestley

Differential Revision: https://secure.phabricator.com/D2120
2012-04-06 09:56:14 -07:00
vrana
6aa729b1c9 Support MySQL 5.5
Summary:
`116.utf8.sql` throws this under MySQL 5.5:

> Column length too big for column 'keyBody' (max = 21845); use BLOB or TEXT instead

I guess that's because MySQL 5.5 changed maximum length of UTF-8 character from 3 bytes to 4.

I've updated also `116.utf8.sql` for people with new installs.

Test Plan:
  upgrade_schema.php

Reviewers: epriestley

Reviewed By: epriestley

CC: aran

Differential Revision: https://secure.phabricator.com/D2117
2012-04-06 09:55:58 -07:00
vrana
23988ca482 Support Windows
Test Plan:
Enable setup.
Disable setup.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran

Differential Revision: https://secure.phabricator.com/D2118
2012-04-06 09:34:06 -07:00
vrana
426d6f2b1f Make getTransactionKey() protected
Test Plan: Search for `getTransactionKey`.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran

Differential Revision: https://secure.phabricator.com/D2115
2012-04-06 09:33:37 -07:00
vrana
bc5307f7d5 Fix whitespace 2012-04-06 01:00:32 -07:00
vrana
5f341c79cb Pass connection to mysql_set_charset() 2012-04-05 17:23:29 -07:00
vrana
64facecb87 Fix typo in AphrontMySQLDatabaseConnection 2012-04-05 17:19:07 -07:00
vrana
f698e860cf Remove duplicate remarkup rule
Summary: D2110

Test Plan:
  [[wiki]]
  [[http://example.com]]
  [[http://example.com | example.com]]

Reviewers: epriestley

Reviewed By: epriestley

CC: aran

Differential Revision: https://secure.phabricator.com/D2111
2012-04-05 16:31:17 -07:00
Nick Harper
efb49a6a09 Fix differential.createrevision conduit call
Summary:
This introduces some boundary checking for
PhabricatorOwnersOwner::loadAffiliatedUserPHIDs() if it gets passed an empty
array, which happened when I ran arc diff and it called
differential.createrevision.

Test Plan: ran arc diff

Reviewers: epriestley, meitros, jungejason

CC: aran

Differential Revision: https://secure.phabricator.com/D2112
2012-04-05 15:28:58 -07:00
vrana
ff2b58dab7 Fix MySQL column escaping
Summary:
MySQL doesn't treat `\` as escaping character in ##``##.
This isn't probably SQL injection hole because I've found no calls of this method with user input.
But better safe than sorry.

See also [[http://dev.mysql.com/doc/refman/5.1/en/server-sql-mode.html#sqlmode_no_backslash_escapes | NO_BACKSLASH_ESCAPES]].

Test Plan:
  lang=sql
  SELECT `a\`b`; -- Throws: Syntax error near '`'.
  -- Should throw: Unknown column 'a`b'.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran

Differential Revision: https://secure.phabricator.com/D2109
2012-04-05 15:11:05 -07:00
vrana
23d5d7a1a6 Delete unused CSS
Summary: Unused since D2062.

Test Plan:
View commit.
View task.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran

Differential Revision: https://secure.phabricator.com/D2108
2012-04-05 10:54:06 -07:00
vrana
d1b7059a2d Open editor from stack trace
Summary:
I've considered that user may have set editor but not checked out Phabricator repositories.
But stack trace is useful mainly for developers.

Test Plan:
Click on path in Unhandled Exception.
Repeat with disabled editor.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran

Differential Revision: https://secure.phabricator.com/D2107
2012-04-04 18:19:14 -07:00
Bob Trahan
09172a1937 Add pagers to server clients and client authorizations in OAuth Server GUI
Summary: ...also make the pager usage in ChatLog use the nice formatWhereClause functionality

Test Plan: set $page_size = 2 and paged around the data a bit

Reviewers: epriestley

Reviewed By: epriestley

CC: aran

Maniphest Tasks: T905

Differential Revision: https://secure.phabricator.com/D2106
2012-04-04 17:51:16 -07:00
epriestley
05b4c90bfd Allow Commits to be attached to Tasks using edges
Summary: Use Edges to attach Commits and Tasks. Note, no "edit attached commits" interface from tasks yet since the search backend needs a little work to list commits in a sensible way.

Test Plan: Attached commits to tasks. Looked at commits, looked at tasks.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T904

Differential Revision: https://secure.phabricator.com/D2105
2012-04-04 17:34:25 -07:00
Bob Trahan
cc586b0afa For discussion -- Stripe integration
Summary:
various stripe stuff, including

- external stripe library
- payment form
- test controller to play with payment form, sample business logic

My main questions / discussion topics are...

- is the stripe PHP library too big? (ie should I write something more simple just for phabricator?)
-- if its cool, what is the best way to include the client? (ie should I make it a submodule rather than the flat copy here?)
- is the JS I wrote (too) ridiculous?
-- particularly unhappy with the error message stuff being in JS *but* it seemed the best choice given the most juicy error messages come from the stripe JS such that the overall code complexity is lowest this way.
- how should the stripe JS be included?
-- flat copy like I did here?
-- some sort of external?
-- can we just load it off stripe servers at request time? (I like that from the "if stripe is down, stripe is down" perspective)
- wasn't sure if the date control was too silly and should just be baked into the form?
-- for some reason I feel like its good to be prepared to walk away from Stripe / switch providers here, though I think this is on the wrong side of pragmatic

Test Plan: - played around with sample client form

Reviewers: epriestley

Reviewed By: epriestley

CC: aran

Differential Revision: https://secure.phabricator.com/D2096
2012-04-04 16:09:29 -07:00
epriestley
877cb136e8 Add an assocations-like "Edges" framework
Summary:
We have a lot of cases where we store object relationships, but it's all kind of messy and custom. Some particular problems:

  - We go to great lengths to enforce order stability in Differential revisions, but the implementation is complex and inelegant.
  - Some relationships are stored on-object, so we can't pull the inverses easily. For example, Maniphest shows child tasks but not parent tasks.
  - I want to add more of these and don't want to continue building custom stuff.
  - UIs like the "attach stuff to other stuff" UI need custom branches for each object type.
  - Stuff like "allow commits to close tasks" is notrivial because of nonstandard metadata storage.

Provide an association-like "edge" framework to fix these problems. This is nearly identical to associations, with a few differences:

  - I put edge metadata in a separate table and don't load it by default, to keep edge rows small and allow large metadata if necessary. The on-edge metadata seemed to get abused a lot at Facebook.
  - I put a 'seq' column on the edges to ensure they have an explicit, stable ordering within a source and type.

This isn't actually used anywhere yet, but my first target is attaching commits to tasks for T904.

Test Plan: Made a mock page that used Editor and Query. Verified adding and removing edges, overwriting edges, writing and loading edge data, sequence number generation.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran, 20after4

Differential Revision: https://secure.phabricator.com/D2088
2012-04-04 15:30:21 -07:00
vrana
bc61f36beb Replace elseif by else if
Summary:
Mostly written by me.
Omit external libraries.

Test Plan: http://phabricator.com/docs/phabricator/article/PHP_Coding_Standards.html

Reviewers: epriestley

Reviewed By: epriestley

CC: aran

Differential Revision: https://secure.phabricator.com/D2104
2012-04-04 15:24:47 -07:00
vrana
b8cb52a9da Return $this from shortcuts
Test Plan:
Search for `>setLineWidthFromChangesets(`.
Search for `>loadAndAttachAuxiliaryAttributes(`.

Reviewers: epriestley, jungejason

Reviewed By: jungejason

CC: aran

Differential Revision: https://secure.phabricator.com/D2102
2012-04-04 15:12:20 -07:00
vrana
582fc847f2 Use assert_instances_of() in Differential
Summary: NOTE: This is not produced by a script so there might be errors. Please review carefully.

Test Plan: Browse around Differential.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran

Differential Revision: https://secure.phabricator.com/D2103
2012-04-04 15:11:30 -07:00
epriestley
01767c482d Add a datepicker control
Summary: I looooove JS! It makes me giddy with glee!

Test Plan: Picked dates. See screenshots.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Differential Revision: https://secure.phabricator.com/D2086
2012-04-04 12:14:10 -07:00