Summary:
this replaces uses with warning suppression of each() (depreccated in
PHP7, removed in PHP8) with foreach
Test Plan: can verify that these chages do work (tested on my own install)
Reviewers: O1 Blessed Committers, #blessed_committers, dsadad, avivey, valerio.bozzolan
Reviewed By: O1 Blessed Committers, #blessed_committers, dsadad, avivey, valerio.bozzolan
Subscribers: avivey, Cigaryno, speck, tobiaswiese, valerio.bozzolan, Matthew
Differential Revision: https://we.phorge.it/D25059
Summary:
Ref T5479. Ref T13658. This was a contributed application from the early days of Phabricator which never had customers or users in the wild. The contributor moved on from the project many years ago.
Any capabilities in this general role would look different today. It also has one or two product name literal strings, so this is as good a time as any to remove it.
This change does not remove storage; I'll issue upgrade guidance and do that separately after some time.
Test Plan: Grepped for "phragment", got no relevant hits.
Subscribers: hach-que, PHID-OPKG-gm6ozazyms6q6i22gyam
Maniphest Tasks: T13658, T5479
Differential Revision: https://secure.phabricator.com/D21793
Summary:
Ref T13570. Fixes T13235. In most cases, we use modern (v4) signatures for almost all AWS API calls, and have for several years.
However, sending email via SES currently uses an older piece of external code which uses the older (v3) signature method.
AWS is retiring v3 signatures on October 1 2020, so this pathway will stop working.
Update the pathway to use `PhutilAWSFuture`, which provides v4 signatures.
T13235 discusses poor error messages from SES. Switching to Futures fixes this for free, as they have more useful error handling.
Test Plan:
- Configured an SES mailer, including the new `region` parameter.
- Used `bin/mail send-test` to send mail via SES.
- Sent invalid mail (from an unverified address); got a more useful error message.
- Grepped for removed external, no hits.
Maniphest Tasks: T13570, T13235
Differential Revision: https://secure.phabricator.com/D21461
Summary:
See <https://discourse.phabricator-community.org/t/how-to-override-localhost-localdomain-in-email-message-id/3876/>.
Currently, Phabricator generates a "Message-ID" only in a subset of cases (roughly: when the message is first-in-thread and we expect the thread may have more than one message).
In cases where it does not generate a message ID, it expects the SMTP server to generate one for it. Servers will generally do this, and some ONLY do this (that is, they ignore IDs from Phabricator and replace them). Thus, several pieces of configuration control whether Phabricator attempts to generate a "Message-ID" at all.
The PHPMailer code has fallback behavior which generates a "<random>@localhost.localdomain" message ID. This is never desirable and ignores Phabricator-level configuration that Message IDs should not be generated.
For now, remove this code: it is never the desired behavior and sometimes explicitly contradicts the intent of configuration.
Possibly, a better change may be to make Phabricator always generate a message ID in cases where it isn't forbidden from doing so by configuration. However, that's a more complicated change and it's not clear if/when it would produce better behavior, so start here for now.
Test Plan: Confirmed by affected user (see linked thread).
Differential Revision: https://secure.phabricator.com/D21272
Summary: Ref T13395. Moves a small amount of remaining "libphutil/" code into "phabricator/" and stops us from loading "libphutil/".
Test Plan: Browsed around; there are likely remaining issues.
Maniphest Tasks: T13395
Differential Revision: https://secure.phabricator.com/D20981
Summary: Fixes T13472. This library uses `$a{0}`, but this is deprecated in favor of `$a[0]`.
Test Plan:
Ran `bin/search index Txxx --force` on a task with "filing" in the title (this term reaches the "m" rule of the stemmer).
(I'm not on new enough PHP for this to actually raise an error, but I'll follow up with the reporting user.)
Maniphest Tasks: T13472
Differential Revision: https://secure.phabricator.com/D20941
Summary: Ref T13472. Ref T13395. These classes are only used by Phabricator and not likely to find much use in Arcanist.
Test Plan: Grepped libphutil and Arcanist for removed symbols.
Maniphest Tasks: T13472, T13395
Differential Revision: https://secure.phabricator.com/D20939
Summary: Ref PHI1166. I'm documenting our dependencies, and we have approximately 5,000 lines of external code to support WePay as a Phortune provider. We don't use it, I'm almost certain it doesn't work, and we have no plans to use it in the near future. If we did pursue it, I'd probably just wrap the API in a 100-line `WePayFuture` anyway since 5K lines of dependencies to make a couple method calls is ridiculous.
Test Plan: Grepped for `wepay`, `httpful`, `restful`.
Reviewers: amckinley
Reviewed By: amckinley
Subscribers: aurelijus
Differential Revision: https://secure.phabricator.com/D20521
Summary: Ref T13222. Ref T920. This is the last of the upstream adapter updates.
Test Plan:
- Sent mail with SES.
- Sent mail with "sendmail". I don't have sendmail actually configured to an upstream MTA so I'm not 100% sure this worked, but the `sendmail` binary didn't complain and almost all of the code is shared with SES, so I'm reasonably confident this actually works.
Reviewers: amckinley
Reviewed By: amckinley
Maniphest Tasks: T13222, T920
Differential Revision: https://secure.phabricator.com/D19965
Summary:
Ref T920. D19937 provides about 100 lines of code which can do essentially everything here; throw out the trillion lines of full external API stuff.
(I am generally not sure why everyone writes API libraries like this instead of like D19937.)
Test Plan: Send SMS messages with D19937, so I don't think we need any of this code anymore. This code is techncially reachable through some pathways like `bin/sms`, but won't be for long.
Reviewers: amckinley
Reviewed By: amckinley
Subscribers: aurelijus
Maniphest Tasks: T920
Differential Revision: https://secure.phabricator.com/D19938
Summary: Builds out some images to use to identify repositories. Fixes T12825.
Test Plan:
Try setting custom, built in, and null images.
{F4998175}
{F4998192}
Reviewers: epriestley
Reviewed By: epriestley
Subscribers: Korvin
Maniphest Tasks: T12825
Differential Revision: https://secure.phabricator.com/D18116
Summary:
Fixes T12372. Long-term fix is T12404, this is a bandaid in the interim.
See T12372 for additional discussion.
Test Plan: Confirmed functional by a user in T12372.
Reviewers: chad
Reviewed By: chad
Maniphest Tasks: T12372
Differential Revision: https://secure.phabricator.com/D17501
Summary:
Fixes T12195. For the past few years, Recaptcha (now part of Google) has supported
a new, "no captcha" one-click user interface. This new UI is stable, doesn't
require any typing or reading words, and can even work without JavaScript (if
the administrator enables it on the Recaptcha side).
Furthermore, the new Recaptcha has a completely trivial API that can be dealt
with in a few lines of code. Thus, the external `recaptcha` php library is now
gone.
This API is a complete replacement for the old one, and does not require any
upgrade path for users or Phabricator administrators - public and secret keys
for the "new" Recaptcha UI are the exact same as the "classic" Recaptcha. Any
old Recaptcha keys for a domain will continue to work.
Note that Google is currently testing Yet Another new Captcha API, called
"Invisible reCAPTCHA", that will not require user interaction at all. In fact,
the user will not even be aware there //is even a captcha form//, as far as I
understand. However, this new API is 1) in beta, 2) requires new Recaptcha keys
(so it cannot be a drop-in replacement), and 3) requires more drastic API
changes, as form submission buttons must instead invoke JavaScript code, rather
than a token being passed along with the form submission. This would require far
more extensive changes to the controllers. Maybe when it's several years old, it
can be considered.
Signed-off-by: Austin Seipp <aseipp@pobox.com>
Test Plan:
Created a brand-new Phabricator installation, saw the new Captcha UI
on administrator sign up. Logged out, made 5 invalid login attempts, and saw the
new Captcha UI. Reworked the conditional to invert the condition, etc to test
and make sure the API responded properly.
Reviewers: epriestley, #blessed_reviewers, chad
Reviewed By: epriestley, #blessed_reviewers
Subscribers: avivey, Korvin
Maniphest Tasks: T12195
Differential Revision: https://secure.phabricator.com/D17304
Summary:
- Allow proper parsing of attachments with missing Content-Disposition
header
Test Plan:
- Create application email for Maniphest.
- Send example broken email from Outlook 2007 to that address {F1842816}
Reviewers: #blessed_reviewers, epriestley
Reviewed By: #blessed_reviewers, epriestley
Subscribers: epriestley
Differential Revision: https://secure.phabricator.com/D16584
Summary:
Fixes T10728. Fixes T10476. SES uses third-party code with unique, creative ideas about error handling.
- Make the error handling behavior more correct, so it doesn't try to use undefined variables.
- Simplify the error handling behavior (throw exceptions sooner, remove redundant code).
- Explicitly test for `-smtp` misconfigurations. These can arise if you read the wrong column out of the table in the AWS docs, as in T10728.
- Explicitly test for SimpleXML, to catch T10476 before it does damage.
Test Plan:
- Configured SES to use a bogus SMTP endpoint.
- Faked past the SMTP check, hit sane error on the connection.
- Undid faking, hit immediate hard stop on the STMP check.
Reviewers: chad
Reviewed By: chad
Maniphest Tasks: T10476, T10728
Differential Revision: https://secure.phabricator.com/D15632
Summary: Ref T10728. This property does not exist and is never referenced. The `'resource'` key is also never referenced, so I believe this can be safely removed.
Test Plan: Will make @amckinley do my job for me.
Reviewers: chad
Reviewed By: chad
Subscribers: amckinley
Maniphest Tasks: T10728
Differential Revision: https://secure.phabricator.com/D15624
Summary:
Ref T5155. Swaps Phabricator over to the new first-party S3 client using the v4 authentication API so it works in all regions.
The API requires an explicit region, so the new `amazon-s3.region` is now required. I'll write guidance about this.
Test Plan:
- Uploaded files to S3.
- Migrated ~1GB of files to S3.
- Loaded a bunch of files off S3.
- Browsed around the S3 bucket.
- Deleted a file, verified the data on S3 was destroyed.
- Hit new setup warning.
Reviewers: chad
Reviewed By: chad
Maniphest Tasks: T5155
Differential Revision: https://secure.phabricator.com/D14982
Summary:
Ref T9897. Purge a bunch of stuff:
- Remove skins.
- Remove all custom sites for skin resources.
- Remove "framed", "notlive", "preview", separate "live" controllers (see below).
- Merge "publish" and "unpublish" controllers into one.
New behavior:
- Blogs and posts have three views:
- "View": Internal view URI, which is a normal detail page.
- "Internal Live": Internal view URI which is a little prettier.
- "External Live": External view URI for an external domain.
Right now, the differences are pretty minor (basically, different crumbs/chrome). This mostly gives us room to put some milder flavor of skins back later (photography or more "presentation" elements, for example).
This removes 9 million lines of code so I probably missed a couple of things, but I think it's like 95% of the way there.
Test Plan:
Here are some examples of what the "view", "internal" and "external" views look like for blogs (posts are similar):
"View": Unchanged
{F1021634}
"Internal": No chrome or footer. Still write actions (edit, post commments). Has crumbs to get back into Phame.
{F1021635}
"External": No chrome or footer. No write actions. No Phabricator crumbs. No policy/status information.
{F1021638}
I figure we'll probably tweak these a bit to figure out what makes sense (like: maybe no actions on "internal, live"? and "external, live" probably needs a way to set a root "Company >" crumb?) but that they're reasonable-ish as a first cut?
Reviewers: chad
Reviewed By: chad
Maniphest Tasks: T9897
Differential Revision: https://secure.phabricator.com/D14740
Summary: Ref T9546. I only got the title to always show the blog title (better than nothing) -- showing the post title properly isn't trivial and is more work than I want to do right now.
Test Plan:
- Description now has remarkup.
- Title now shows blog title (better than nothing).
Reviewers: chad
Reviewed By: chad
Maniphest Tasks: T9546
Differential Revision: https://secure.phabricator.com/D14423
Summary: Adds Remarkup rules and CSS, cleans up some spacing a color. Ref T9546
Test Plan: Review a blog post list, and a blog
Reviewers: epriestley
Reviewed By: epriestley
Subscribers: Korvin
Maniphest Tasks: T9546
Differential Revision: https://secure.phabricator.com/D14421
Summary:
Ref T7785. Makes Figlet available without installing the `figlet` package.
The PEAR Text_Figlet code is really sketchy and includes this API, which is quite marvelous:
```
function loadFont($filename, $loadgerman = true)
```
At some point, this should probably be rewritten into a modern style, but it's not trivial since the figlet file format and rendering engine are somewhat complicated. I made some adjustments:
- Broke the dependency on the PEAR core.
- Prevented it from doing any wrong HTML escaping.
- Looked through it for any glaring security or correctness problems.
This code isn't very pretty or modern, but as far as I can tell it's safe and does render Figlet fonts in a reasonable way.
Test Plan: {F803268}
Reviewers: chad
Reviewed By: chad
Maniphest Tasks: T9408, T7785
Differential Revision: https://secure.phabricator.com/D14102
Summary:
Ref T7785. This prepares for (but does not yet use) a pure PHP implementation of Figlet parsing and rendering.
Figlet is somewhat complex, but a parser already exists in PEAR. I'll make sure it's suitable and hook it up in the next diff.
Test Plan: N/A, code not reachable
Reviewers: chad
Reviewed By: chad
Maniphest Tasks: T9408, T7785
Differential Revision: https://secure.phabricator.com/D14101
Summary:
Ref T7785. Convert the Cowsay Remarkup rule to use a PHP implementation so we don't have to execute an external `cowsay` binary.
I removed some of the default ".cow" files that come with Cowsay because they:
- include Perl code which we can not interpret; or
- are primarily in-jokes or standalone visual puns or artwork rather than usable actors on the grand stage of cowsay; or
- offended my delicate sensibilities.
Users can add new cows to `resources/cows/custom/` if they want to make new cows available.
I have included a majestic original artwork depicting the "Companion Cube" character from //Portal//.
Test Plan: {F802535}
Reviewers: chad
Reviewed By: chad
Maniphest Tasks: T9408, T7785
Differential Revision: https://secure.phabricator.com/D14100
Summary: phpqrcode has some old looking php syntax. Fix it quickly since it's one line.
Test Plan:
Before this patch, went to add a TOTP token, saw the error about the undefined variable.
After this patch, successfully added a TOTP token, and used it.
Reviewers: avivey, epriestley, #blessed_reviewers
Reviewed By: epriestley, #blessed_reviewers
Subscribers: Korvin
Maniphest Tasks: T9300
Differential Revision: https://secure.phabricator.com/D14019
Summary: Under some unusual circumstances, mailparse appears to incorrectly discard the last line of some mail messages.
Test Plan:
- Constructed a raw mail with no terminal newline.
- Piped it into `mail_receiver.php`.
- Saw the last line vanish into the aether.
- Applied patch; repeated; last line survived.
Reviewers: btrahan, chad
Reviewed By: chad
Subscribers: chad, epriestley
Differential Revision: https://secure.phabricator.com/D12494
Summary:
Fixes T6559. No more flash, use Websockets. This is less aggressive than the earlier version, and retains more server logic.
- Support "wss".
- Make the client work.
- Remove "notification.user" entirely.
- Seems ok?
Test Plan:
In Safari, Firefox and Chrome, saw the browsers connect. Made a bunch of comments/updates and saw notifications.
Notable holes in the test plan:
- Haven't tested "wss" yet. I'll do this on secure.
- Notifications are //too fast// now, locally. I get them after I hit submit but before the page reloads.
- There are probably some other rough edges, this is a fairly big patch.
Reviewers: joshuaspence, btrahan
Reviewed By: joshuaspence, btrahan
Subscribers: fabe, btrahan, epriestley
Maniphest Tasks: T6713, T6559
Differential Revision: https://secure.phabricator.com/D11143
Summary: Ref T2787. This brings us up to date.
Test Plan: `git clone`
Reviewers: btrahan, chad
Reviewed By: chad
Subscribers: epriestley
Maniphest Tasks: T2787
Differential Revision: https://secure.phabricator.com/D9916
Summary: I'm pretty sure that `@group` annotations are useless now... see D9855. Also fixed various other minor issues.
Test Plan: Eye-ball it.
Reviewers: #blessed_reviewers, epriestley, chad
Reviewed By: #blessed_reviewers, epriestley
Subscribers: epriestley, Korvin, hach-que
Differential Revision: https://secure.phabricator.com/D9859
Summary: It seems that there was a [[17cbfacae6 | recent-ish commit]] to the `JsShrink` external library. I'm not sure what this commit actually achieves, but we may as well bring it upstream.
Test Plan: Eyeball it.
Reviewers: vrana, epriestley, #blessed_reviewers
Reviewed By: epriestley, #blessed_reviewers
Subscribers: epriestley, Korvin
Differential Revision: https://secure.phabricator.com/D9414
Summary:
Provides a working SMS implementation with support for Twilio.
This version doesn't really retry if we get any gruff at all. Future versions should retry.
Test Plan: used bin/sms to send messages and look at them.
Reviewers: chad, epriestley
Reviewed By: epriestley
Subscribers: aurelijus, epriestley, Korvin
Maniphest Tasks: T920
Differential Revision: https://secure.phabricator.com/D8930
Summary: Ref T4398. I found a reasonable-ish LGPLv3 library for doing this, which isn't too huge or unwieldy.
Test Plan:
- Scanned QR code with Authy.
- Scanned QR code with Google Authenticator.
{F149317}
Reviewers: btrahan
Reviewed By: btrahan
Subscribers: epriestley
Maniphest Tasks: T4398
Differential Revision: https://secure.phabricator.com/D8923
Summary:
Our smtp server responded slowly sometimes and reached the timeout, but actually
it had sent the email successfully. The mta then retried and sent duplicated
emails. So changed to a bigger default value.
Test Plan: Tested in our deployed and it worked
Reviewers: #blessed_reviewers, epriestley
Reviewed By: #blessed_reviewers, epriestley
Subscribers: epriestley, Korvin
Differential Revision: https://secure.phabricator.com/D8852
Summary: Fixes T4417. In this particular codepath, the lovely CreateHeader already added the to: information, so no need to slap it on the front all ghetto style.
Test Plan: imma push this live and test (I am lazy and don't want to configure amazon ses)
Reviewers: epriestley
CC: Korvin, epriestley, aran
Maniphest Tasks: T4417
Differential Revision: https://secure.phabricator.com/D8288
Summary:
Fixes T4143. This mitigates the "use a botnet to slowly try to login to every user account using the passwords '1234', 'password', 'asdfasdf', ..." attack, like the one that hit GitHub.
(I also donated some money to Openwall as a thanks for compiling this wordlist.)
Test Plan:
- Tried to register with a weak password; registered with a strong password.
- Tried to set VCS password to a weak password; set VCS password to a strong password.
- Tried to change password to a weak password; changed password to a strong password.
Reviewers: btrahan
Reviewed By: btrahan
CC: aran, chad
Maniphest Tasks: T4143
Differential Revision: https://secure.phabricator.com/D8048
Summary: Ref T4205. This is an initial implementation of Phragment. You can create and browse fragments in the system (but you can't yet view a fragment's patches / history).
Test Plan: Clicked around and created fragments.
Reviewers: epriestley, #blessed_reviewers
Reviewed By: epriestley
CC: Korvin, epriestley, aran
Maniphest Tasks: T4205
Differential Revision: https://secure.phabricator.com/D7726
Summary:
When sending an email through ses, the body property on the response object is not set, throwing a notice. This causes the system to assume a messsage failure, and requeues the email.
As the email is actually delivered, it causes an email bomb :(
Message Undefined property: stdClass::$body
#0 /sidekick/phabricator/phabricator/externals/amazon-ses/ses.php(571): PhutilErrorHandler::handleError(8, 'Undefined prope...', '/sidekick/phabr...', 571, Array)
#1 [internal function]: SimpleEmailServiceRequest->__responseWriteCallback(Resource id #290, '<SendRawEmailRe...')
#2 /sidekick/phabricator/phabricator/externals/amazon-ses/ses.php(526): curl_exec(Resource id #290)
#3 /sidekick/phabricator/phabricator/externals/amazon-ses/ses.php(267): SimpleEmailServiceRequest->getResponse()
#4 /sidekick/phabricator/phabricator/src/applications/metamta/adapter/PhabricatorMailImplementationAmazonSESAdapter.php(33): SimpleEmailService->sendRawEmail('To: brooke.brya...')
#5 /sidekick/phabricator/phabricator/externals/phpmailer/class.phpmailer-lite.php(502): PhabricatorMailImplementationAmazonSESAdapter->executeSend('To: brooke.brya...')
#6 /sidekick/phabricator/phabricator/src/applications/metamta/adapter/PhabricatorMailImplementationPHPMailerLiteAdapter.php(91): PHPMailerLite->Send()
#7 /sidekick/phabricator/phabricator/src/applications/metamta/storage/PhabricatorMetaMTAMail.php(631): PhabricatorMailImplementationPHPMailerLiteAdapter->send()
#8 /sidekick/phabricator/phabricator/src/applications/metamta/management/PhabricatorMailManagementSendTestWorkflow.php(130): PhabricatorMetaMTAMail->sendNow()
#9 /sidekick/phabricator/libphutil/src/parser/argument/PhutilArgumentParser.php(396): PhabricatorMailManagementSendTestWorkflow->execute(Object(PhutilArgumentParser))
#10 /sidekick/phabricator/libphutil/src/parser/argument/PhutilArgumentParser.php(292): PhutilArgumentParser->parseWorkflowsFull(Array)
#11 /sidekick/phabricator/phabricator/scripts/mail/manage_mail.php(28): PhutilArgumentParser->parseWorkflows(Array)
#12 {main}
Test Plan: Send a test email through SES mail provider running on php 5.5
Reviewers: epriestley, #blessed_reviewers
Reviewed By: epriestley
CC: Korvin, epriestley, aran, btrahan
Differential Revision: https://secure.phabricator.com/D7660
Summary: I opened a pull request to fix this in the WePay upstream, see
<https://github.com/wepay/PHP-SDK/pull/13>. Fix it here too now until that
gets pulled.
Auditors: btrahan
Summary: Clode blocks are now much clearer in blog posts with the usage of a bg color, border and scrolling for overflowing content
Test Plan: Create a phame post with a code block and see the visual difference
Reviewers: epriestley
Reviewed By: epriestley
CC: aran, Korvin, chad
Differential Revision: https://secure.phabricator.com/D6320
Summary:
This fixes at least two issues with the S3 library on newer versions of cURL/PHP:
- NOTICE: PHP message: [2013-07-02 22:15:54] ERROR 8: curl_setopt(): CURLOPT_SSL_VERIFYHOST with value 1 is deprecated and will be removed as of libcurl 7.28.1. It is recommended to use value 2 instead at [/core/lib/phabricator/externals/s3/S3.php:1744]
- `$this->request->body` was appended to without initializing it, which rasies an error on PHP 5.5.0.
I looked over the rest of the changes briefly and they all seem reasonable-ish.
Test Plan:
- Uploaded a file to S3.
- Downloaded a file from S3.
- Deleted a file from S3.
- Checked error logs for anything suspicious.
Reviewers: btrahan
Reviewed By: btrahan
CC: aran
Differential Revision: https://secure.phabricator.com/D6349
Summary:
Ref T2787.
I //think// we could also use WePay as a recurring payment provider, but this is somewhat messy (OAuth + requires account) -- basically it's "add a WePay account" instead of "add a credit card".
The WePay checkout workflow is a bit upsell-y but basically reasonable.
I like that their API just has a `request($method, $params)` method instead of 30,000 lines of methods for each request type. I did hit one bug; I'll send a pull for that.
Test Plan: Got as far as the charge callback in testing; the rest isn't implemented for any provider yet.
Reviewers: btrahan, vrana, chad
Reviewed By: btrahan
CC: aran
Maniphest Tasks: T2787
Differential Revision: https://secure.phabricator.com/D5982
Summary: If `jsxmin` is not available, use a pure PHP implementation instead (JsShrink).
Test Plan:
- Ran `arc lint --lintall` on all JS and fixed every relevant warning.
- Forced minification on and browsed around the site using JS behaviors. Didn't hit anything problematic.
Reviewers: vrana, btrahan
Reviewed By: vrana
CC: aran, Korvin
Differential Revision: https://secure.phabricator.com/D5670
Summary: Adds the Balanced PHP API to externals/. Ref T2787.
Test Plan: Used in next diff.
Reviewers: btrahan, chad
Reviewed By: chad
CC: aran, aurelijus
Maniphest Tasks: T2787
Differential Revision: https://secure.phabricator.com/D5764
Summary: Fixes T2962. That task discusses this issue.
Test Plan: Read php-curl documentation to verify this change makes sense. Sent an email with SES.
Reviewers: btrahan, garoevans
Reviewed By: garoevans
CC: aran
Maniphest Tasks: T2962
Differential Revision: https://secure.phabricator.com/D5669
Summary:
Currently, Celerity map rebuilds on Windows don't put Stripe or Raphael into the map. Move them into `webroot/rsrc/externals/` so they get picked up.
At some point we should maybe let the mapper load resources from mulitple locations, but this is more straightforward for now.
See https://github.com/facebook/phabricator/issues/294
Test Plan: Rebuilt map, verified Burnup Rate + Stripe work.
Reviewers: vrana, btrahan
Reviewed By: btrahan
CC: aran
Differential Revision: https://secure.phabricator.com/D5661