Page MenuHomePhorge
Files F2988963

No OneTemporary
Actions

View Options

diff --git a/src/applications/config/check/PhabricatorSetupCheckStorage.php b/src/applications/config/check/PhabricatorSetupCheckStorage.php
index 8834609b1a..3394647d6e 100644
--- a/src/applications/config/check/PhabricatorSetupCheckStorage.php
+++ b/src/applications/config/check/PhabricatorSetupCheckStorage.php
@@ -1,44 +1,103 @@
<?php
final class PhabricatorSetupCheckStorage extends PhabricatorSetupCheck {
+ /**
+ * @phutil-external-symbol class PhabricatorStartup
+ */
protected function executeChecks() {
$upload_limit = PhabricatorEnv::getEnvConfig('storage.upload-size-limit');
if (!$upload_limit) {
$message = pht(
'The Phabricator file upload limit is not configured. You may only '.
'be able to upload very small files until you configure it, because '.
'some PHP default limits are very low (as low as 2MB).');
$this
->newIssue('config.storage.upload-size-limit')
->setShortName(pht('Upload Limit'))
->setName(pht('Upload Limit Not Yet Configured'))
->setMessage($message)
->addPhabricatorConfig('storage.upload-size-limit');
+ } else {
+ $memory_limit = PhabricatorStartup::getOldMemoryLimit();
+ if ($memory_limit && ((int)$memory_limit > 0)) {
+ $memory_limit_bytes = phutil_parse_bytes($memory_limit);
+ $memory_usage_bytes = memory_get_usage();
+ $upload_limit_bytes = phutil_parse_bytes($upload_limit);
+
+ $available_bytes = ($memory_limit_bytes - $memory_usage_bytes);
+
+ if ($upload_limit_bytes > $available_bytes) {
+ $summary = pht(
+ 'Your PHP memory limit is configured in a way that may prevent '.
+ 'you from uploading large files.');
+
+ $message = pht(
+ 'When you upload a file via drag-and-drop or the API, the entire '.
+ 'file is buffered into memory before being written to permanent '.
+ 'storage. Phabricator needs memory available to store these '.
+ 'files while they are uploaded, but PHP is currently configured '.
+ 'to limit the available memory.'.
+ "\n\n".
+ 'Your Phabricator %s is currently set to a larger value (%s) than '.
+ 'the amount of available memory (%s) that a PHP process has '.
+ 'available to use, so uploads via drag-and-drop and the API will '.
+ 'hit the memory limit before they hit other limits.'.
+ "\n\n".
+ '(Note that the application itself must also fit in available '.
+ 'memory, so not all of the memory under the memory limit is '.
+ 'available for buffering file uploads.)'.
+ "\n\n".
+ "The easiest way to resolve this issue is to set %s to %s in your ".
+ "PHP configuration, to disable the memory limit. There is ".
+ "usually little or no value to using this option to limit ".
+ "Phabricator process memory.".
+ "\n\n".
+ "You can also increase the limit, or decrease %s, or ignore this ".
+ "issue and accept that these upload mechanisms will be limited ".
+ "in the size of files they can handle.",
+ phutil_tag('tt', array(), 'storage.upload-size-limit'),
+ phutil_format_bytes($upload_limit_bytes),
+ phutil_format_bytes($available_bytes),
+ phutil_tag('tt', array(), 'memory_limit'),
+ phutil_tag('tt', array(), '-1'),
+ phutil_tag('tt', array(), 'storage.upload-size-limit'));
+
+ $this
+ ->newIssue('php.memory_limit.upload')
+ ->setName(pht('Memory Limit Restricts File Uploads'))
+ ->setSummary($summary)
+ ->setMessage($message)
+ ->addPHPConfig('memory_limit')
+ ->addPHPConfigOriginalValue('memory_limit', $memory_limit)
+ ->addPhabricatorConfig('storage.upload-size-limit');
+ }
+ }
}
+
$local_path = PhabricatorEnv::getEnvConfig('storage.local-disk.path');
if (!$local_path) {
return;
}
if (!Filesystem::pathExists($local_path) ||
!is_readable($local_path) ||
!is_writable($local_path)) {
$message = pht(
'Configured location for storing uploaded files on disk ("%s") does '.
'not exist, or is not readable or writable. Verify the directory '.
'exists and is readable and writable by the webserver.',
$local_path);
$this
->newIssue('config.storage.local-disk.path')
->setShortName(pht('Local Disk Storage'))
->setName(pht('Local Disk Storage Not Readable/Writable'))
->setMessage($message)
->addPhabricatorConfig('storage.local-disk.path');
}
}
}
diff --git a/src/applications/config/issue/PhabricatorSetupIssue.php b/src/applications/config/issue/PhabricatorSetupIssue.php
index 51f24f6cf5..b02f8b6bce 100644
--- a/src/applications/config/issue/PhabricatorSetupIssue.php
+++ b/src/applications/config/issue/PhabricatorSetupIssue.php
@@ -1,142 +1,165 @@
<?php
final class PhabricatorSetupIssue {
private $issueKey;
private $name;
private $message;
private $isFatal;
private $summary;
private $shortName;
private $isIgnored = false;
private $phpExtensions = array();
private $phabricatorConfig = array();
private $relatedPhabricatorConfig = array();
private $phpConfig = array();
private $commands = array();
private $mysqlConfig = array();
+ private $originalPHPConfigValues = array();
public function addCommand($command) {
$this->commands[] = $command;
return $this;
}
public function getCommands() {
return $this->commands;
}
public function setShortName($short_name) {
$this->shortName = $short_name;
return $this;
}
public function getShortName() {
if ($this->shortName === null) {
return $this->getName();
}
return $this->shortName;
}
public function setName($name) {
$this->name = $name;
return $this;
}
public function getName() {
return $this->name;
}
public function setSummary($summary) {
$this->summary = $summary;
return $this;
}
public function getSummary() {
if ($this->summary === null) {
return $this->getMessage();
}
return $this->summary;
}
public function setIssueKey($issue_key) {
$this->issueKey = $issue_key;
return $this;
}
public function getIssueKey() {
return $this->issueKey;
}
public function setIsFatal($is_fatal) {
$this->isFatal = $is_fatal;
return $this;
}
public function getIsFatal() {
return $this->isFatal;
}
public function addPHPConfig($php_config) {
$this->phpConfig[] = $php_config;
return $this;
}
+ /**
+ * Set an explicit value to display when showing the user PHP configuration
+ * values.
+ *
+ * If Phabricator has changed a value by the time a config issue is raised,
+ * you can provide the original value here so the UI makes sense. For example,
+ * we alter `memory_limit` during startup, so if the original value is not
+ * provided it will look like it is always set to `-1`.
+ *
+ * @param string PHP configuration option to provide a value for.
+ * @param string Explicit value to show in the UI.
+ * @return this
+ */
+ public function addPHPConfigOriginalValue($php_config, $value) {
+ $this->originalPHPConfigValues[$php_config] = $value;
+ return $this;
+ }
+
+ public function getPHPConfigOriginalValue($php_config, $default = null) {
+ return idx($this->originalPHPConfigValues, $php_config, $default);
+ }
+
public function getPHPConfig() {
return $this->phpConfig;
}
public function addMySQLConfig($mysql_config) {
$this->mysqlConfig[] = $mysql_config;
return $this;
}
public function getMySQLConfig() {
return $this->mysqlConfig;
}
public function addPhabricatorConfig($phabricator_config) {
$this->phabricatorConfig[] = $phabricator_config;
return $this;
}
public function getPhabricatorConfig() {
return $this->phabricatorConfig;
}
public function addRelatedPhabricatorConfig($phabricator_config) {
$this->relatedPhabricatorConfig[] = $phabricator_config;
return $this;
}
public function getRelatedPhabricatorConfig() {
return $this->relatedPhabricatorConfig;
}
public function addPHPExtension($php_extension) {
$this->phpExtensions[] = $php_extension;
return $this;
}
public function getPHPExtensions() {
return $this->phpExtensions;
}
public function setMessage($message) {
$this->message = $message;
return $this;
}
public function getMessage() {
return $this->message;
}
public function setIsIgnored($is_ignored) {
$this->isIgnored = $is_ignored;
return $this;
}
public function getIsIgnored() {
return $this->isIgnored;
}
}
diff --git a/src/applications/config/view/PhabricatorSetupIssueView.php b/src/applications/config/view/PhabricatorSetupIssueView.php
index f8bea6539c..bdf7562cfd 100644
--- a/src/applications/config/view/PhabricatorSetupIssueView.php
+++ b/src/applications/config/view/PhabricatorSetupIssueView.php
@@ -1,441 +1,443 @@
<?php
final class PhabricatorSetupIssueView extends AphrontView {
private $issue;
public function setIssue(PhabricatorSetupIssue $issue) {
$this->issue = $issue;
return $this;
}
public function getIssue() {
return $this->issue;
}
public function render() {
$issue = $this->getIssue();
$description = array();
$description[] = phutil_tag(
'div',
array(
'class' => 'setup-issue-instructions',
),
phutil_escape_html_newlines($issue->getMessage()));
$configs = $issue->getPHPConfig();
if ($configs) {
- $description[] = $this->renderPHPConfig($configs);
+ $description[] = $this->renderPHPConfig($configs, $issue);
}
$configs = $issue->getMySQLConfig();
if ($configs) {
$description[] = $this->renderMySQLConfig($configs);
}
$configs = $issue->getPhabricatorConfig();
if ($configs) {
$description[] = $this->renderPhabricatorConfig($configs);
}
$related_configs = $issue->getRelatedPhabricatorConfig();
if ($related_configs) {
$description[] = $this->renderPhabricatorConfig($related_configs,
$related = true);
}
$commands = $issue->getCommands();
if ($commands) {
$run_these = pht('Run these %d command(s):', count($commands));
$description[] = phutil_tag(
'div',
array(
'class' => 'setup-issue-config',
),
array(
phutil_tag('p', array(), $run_these),
phutil_tag('pre', array(), phutil_implode_html("\n", $commands)),
));
}
$extensions = $issue->getPHPExtensions();
if ($extensions) {
$install_these = pht(
'Install these %d PHP extension(s):', count($extensions));
$install_info = pht(
'You can usually install a PHP extension using %s or %s. Common '.
'package names are %s or %s. Try commands like these:',
phutil_tag('tt', array(), 'apt-get'),
phutil_tag('tt', array(), 'yum'),
hsprintf('<tt>php-<em>%s</em></tt>', pht('extname')),
hsprintf('<tt>php5-<em>%s</em></tt>', pht('extname')));
// TODO: We should do a better job of detecting how to install extensions
// on the current system.
$install_commands = hsprintf(
"\$ sudo apt-get install php5-<em>extname</em> ".
"# Debian / Ubuntu\n".
"\$ sudo yum install php-<em>extname</em> ".
"# Red Hat / Derivatives");
$fallback_info = pht(
"If those commands don't work, try Google. The process of installing ".
"PHP extensions is not specific to Phabricator, and any instructions ".
"you can find for installing them on your system should work. On Mac ".
"OS X, you might want to try Homebrew.");
$restart_info = pht(
'After installing new PHP extensions, <strong>restart your webserver '.
'for the changes to take effect</strong>.',
hsprintf(''));
$description[] = phutil_tag(
'div',
array(
'class' => 'setup-issue-config',
),
array(
phutil_tag('p', array(), $install_these),
phutil_tag('pre', array(), implode("\n", $extensions)),
phutil_tag('p', array(), $install_info),
phutil_tag('pre', array(), $install_commands),
phutil_tag('p', array(), $fallback_info),
phutil_tag('p', array(), $restart_info),
));
}
$next = phutil_tag(
'div',
array(
'class' => 'setup-issue-next',
),
pht('To continue, resolve this problem and reload the page.'));
$name = phutil_tag(
'div',
array(
'class' => 'setup-issue-name',
),
$issue->getName());
$issue = phutil_tag(
'div',
array(
'class' => 'setup-issue',
),
array(
$name,
$description,
$next,
));
$debug_info = phutil_tag(
'div',
array(
'class' => 'setup-issue-debug',
),
pht('Host: %s', php_uname('n')));
return phutil_tag(
'div',
array(
'class' => 'setup-issue-shell',
),
array(
$issue,
$debug_info,
));
}
private function renderPhabricatorConfig(array $configs, $related = false) {
$issue = $this->getIssue();
$table_info = phutil_tag(
'p',
array(),
pht(
'The current Phabricator configuration has these %d value(s):',
count($configs)));
$options = PhabricatorApplicationConfigOptions::loadAllOptions();
$hidden = array();
foreach ($options as $key => $option) {
if ($option->getHidden()) {
$hidden[$key] = true;
}
}
$table = null;
$dict = array();
foreach ($configs as $key) {
if (isset($hidden[$key])) {
$dict[$key] = null;
} else {
$dict[$key] = PhabricatorEnv::getUnrepairedEnvConfig($key);
}
}
$table = $this->renderValueTable($dict, $hidden);
if ($this->getIssue()->getIsFatal()) {
$update_info = phutil_tag(
'p',
array(),
pht(
'To update these %d value(s), run these command(s) from the command '.
'line:',
count($configs)));
$update = array();
foreach ($configs as $key) {
$update[] = hsprintf(
'<tt>phabricator/ $</tt> ./bin/config set %s <em>value</em>',
$key);
}
$update = phutil_tag('pre', array(), phutil_implode_html("\n", $update));
} else {
$update = array();
foreach ($configs as $config) {
if (idx($options, $config) && $options[$config]->getLocked()) {
continue;
}
$link = phutil_tag(
'a',
array(
'href' => '/config/edit/'.$config.'/?issue='.$issue->getIssueKey(),
),
pht('Edit %s', $config));
$update[] = phutil_tag('li', array(), $link);
}
if ($update) {
$update = phutil_tag('ul', array(), $update);
if (!$related) {
$update_info = phutil_tag(
'p',
array(),
pht('You can update these %d value(s) here:', count($configs)));
} else {
$update_info = phutil_tag(
'p',
array(),
pht('These %d configuration value(s) are related:', count($configs)));
}
} else {
$update = null;
$update_info = null;
}
}
return phutil_tag(
'div',
array(
'class' => 'setup-issue-config',
),
array(
$table_info,
$table,
$update_info,
$update,
));
}
- private function renderPHPConfig(array $configs) {
+ private function renderPHPConfig(array $configs, $issue) {
$table_info = phutil_tag(
'p',
array(),
pht(
'The current PHP configuration has these %d value(s):',
count($configs)));
$dict = array();
foreach ($configs as $key) {
- $dict[$key] = ini_get($key);
+ $dict[$key] = $issue->getPHPConfigOriginalValue(
+ $key,
+ ini_get($key));
}
$table = $this->renderValueTable($dict);
ob_start();
phpinfo();
$phpinfo = ob_get_clean();
$rex = '@Loaded Configuration File\s*</td><td class="v">(.*?)</td>@i';
$matches = null;
$ini_loc = null;
if (preg_match($rex, $phpinfo, $matches)) {
$ini_loc = trim($matches[1]);
}
$rex = '@Additional \.ini files parsed\s*</td><td class="v">(.*?)</td>@i';
$more_loc = array();
if (preg_match($rex, $phpinfo, $matches)) {
$more_loc = trim($matches[1]);
if ($more_loc == '(none)') {
$more_loc = array();
} else {
$more_loc = preg_split('/\s*,\s*/', $more_loc);
}
}
$info = array();
if (!$ini_loc) {
$info[] = phutil_tag(
'p',
array(),
pht(
'To update these %d value(s), edit your PHP configuration file.',
count($configs)));
} else {
$info[] = phutil_tag(
'p',
array(),
pht(
'To update these %d value(s), edit your PHP configuration file, '.
'located here:',
count($configs)));
$info[] = phutil_tag(
'pre',
array(),
$ini_loc);
}
if ($more_loc) {
$info[] = phutil_tag(
'p',
array(),
pht(
'PHP also loaded these configuration file(s):',
count($more_loc)));
$info[] = phutil_tag(
'pre',
array(),
implode("\n", $more_loc));
}
$info[] = phutil_tag(
'p',
array(),
pht(
'You can find more information about PHP configuration values in the '.
'%s.',
phutil_tag(
'a',
array(
'href' => 'http://php.net/manual/ini.list.php',
'target' => '_blank',
),
pht('PHP Documentation'))));
$info[] = phutil_tag(
'p',
array(),
pht(
'After editing the PHP configuration, <strong>restart your '.
'webserver for the changes to take effect</strong>.',
hsprintf('')));
return phutil_tag(
'div',
array(
'class' => 'setup-issue-config',
),
array(
$table_info,
$table,
$info,
));
}
private function renderMySQLConfig(array $config) {
$values = array();
foreach ($config as $key) {
$value = PhabricatorSetupCheckMySQL::loadRawConfigValue($key);
if ($value === null) {
$value = phutil_tag(
'em',
array(),
pht('(Not Supported)'));
}
$values[$key] = $value;
}
$table = $this->renderValueTable($values);
$doc_href = PhabricatorEnv::getDoclink('User Guide: Amazon RDS');
$doc_link = phutil_tag(
'a',
array(
'href' => $doc_href,
'target' => '_blank',
),
pht('User Guide: Amazon RDS'));
$info = array();
$info[] = phutil_tag(
'p',
array(),
pht(
'If you are using Amazon RDS, some of the instructions above may '.
'not apply to you. See %s for discussion of Amazon RDS.',
$doc_link));
$table_info = phutil_tag(
'p',
array(),
pht(
'The current MySQL configuration has these %d value(s):',
count($config)));
return phutil_tag(
'div',
array(
'class' => 'setup-issue-config',
),
array(
$table_info,
$table,
$info,
));
}
private function renderValueTable(array $dict, array $hidden = array()) {
$rows = array();
foreach ($dict as $key => $value) {
if (isset($hidden[$key])) {
$value = phutil_tag('em', array(), 'hidden');
} else {
$value = $this->renderValueForDisplay($value);
}
$cols = array(
phutil_tag('th', array(), $key),
phutil_tag('td', array(), $value),
);
$rows[] = phutil_tag('tr', array(), $cols);
}
return phutil_tag('table', array(), $rows);
}
private function renderValueForDisplay($value) {
if ($value === null) {
return phutil_tag('em', array(), 'null');
} else if ($value === false) {
return phutil_tag('em', array(), 'false');
} else if ($value === true) {
return phutil_tag('em', array(), 'true');
} else if ($value === '') {
return phutil_tag('em', array(), 'empty string');
} else if ($value instanceof PhutilSafeHTML) {
return $value;
} else {
return PhabricatorConfigJSON::prettyPrintJSON($value);
}
}
}
diff --git a/support/PhabricatorStartup.php b/support/PhabricatorStartup.php
index b39d94785a..3270cb8e00 100644
--- a/support/PhabricatorStartup.php
+++ b/support/PhabricatorStartup.php
@@ -1,780 +1,790 @@
<?php
/**
* Handle request startup, before loading the environment or libraries. This
* class bootstraps the request state up to the point where we can enter
* Phabricator code.
*
* NOTE: This class MUST NOT have any dependencies. It runs before libraries
* load.
*
* Rate Limiting
* =============
*
* Phabricator limits the rate at which clients can request pages, and issues
* HTTP 429 "Too Many Requests" responses if clients request too many pages too
* quickly. Although this is not a complete defense against high-volume attacks,
* it can protect an install against aggressive crawlers, security scanners,
* and some types of malicious activity.
*
* To perform rate limiting, each page increments a score counter for the
* requesting user's IP. The page can give the IP more points for an expensive
* request, or fewer for an authetnicated request.
*
* Score counters are kept in buckets, and writes move to a new bucket every
* minute. After a few minutes (defined by @{method:getRateLimitBucketCount}),
* the oldest bucket is discarded. This provides a simple mechanism for keeping
* track of scores without needing to store, access, or read very much data.
*
* Users are allowed to accumulate up to 1000 points per minute, averaged across
* all of the tracked buckets.
*
* @task info Accessing Request Information
* @task hook Startup Hooks
* @task apocalypse In Case Of Apocalypse
* @task validation Validation
* @task ratelimit Rate Limiting
*/
final class PhabricatorStartup {
private static $startTime;
private static $globals = array();
private static $capturingOutput;
private static $rawInput;
+ private static $oldMemoryLimit;
// TODO: For now, disable rate limiting entirely by default. We need to
// iterate on it a bit for Conduit, some of the specific score levels, and
// to deal with NAT'd offices.
private static $maximumRate = 0;
/* -( Accessing Request Information )-------------------------------------- */
/**
* @task info
*/
public static function getStartTime() {
return self::$startTime;
}
/**
* @task info
*/
public static function getMicrosecondsSinceStart() {
return (int)(1000000 * (microtime(true) - self::getStartTime()));
}
/**
* @task info
*/
public static function setGlobal($key, $value) {
self::validateGlobal($key);
self::$globals[$key] = $value;
}
/**
* @task info
*/
public static function getGlobal($key, $default = null) {
self::validateGlobal($key);
if (!array_key_exists($key, self::$globals)) {
return $default;
}
return self::$globals[$key];
}
/**
* @task info
*/
public static function getRawInput() {
return self::$rawInput;
}
/* -( Startup Hooks )------------------------------------------------------ */
/**
* @task hook
*/
public static function didStartup() {
self::$startTime = microtime(true);
self::$globals = array();
static $registered;
if (!$registered) {
// NOTE: This protects us against multiple calls to didStartup() in the
// same request, but also against repeated requests to the same
// interpreter state, which we may implement in the future.
register_shutdown_function(array(__CLASS__, 'didShutdown'));
$registered = true;
}
self::setupPHP();
self::verifyPHP();
if (isset($_SERVER['REMOTE_ADDR'])) {
self::rateLimitRequest($_SERVER['REMOTE_ADDR']);
}
self::normalizeInput();
self::verifyRewriteRules();
self::detectPostMaxSizeTriggered();
self::beginOutputCapture();
self::$rawInput = (string)file_get_contents('php://input');
}
/**
* @task hook
*/
public static function didShutdown() {
$event = error_get_last();
if (!$event) {
return;
}
switch ($event['type']) {
case E_ERROR:
case E_PARSE:
case E_COMPILE_ERROR:
break;
default:
return;
}
$msg = ">>> UNRECOVERABLE FATAL ERROR <<<\n\n";
if ($event) {
// Even though we should be emitting this as text-plain, escape things
// just to be sure since we can't really be sure what the program state
// is when we get here.
$msg .= htmlspecialchars(
$event['message']."\n\n".$event['file'].':'.$event['line'],
ENT_QUOTES,
'UTF-8');
}
// flip dem tables
$msg .= "\n\n\n";
$msg .= "\xe2\x94\xbb\xe2\x94\x81\xe2\x94\xbb\x20\xef\xb8\xb5\x20\xc2\xaf".
"\x5c\x5f\x28\xe3\x83\x84\x29\x5f\x2f\xc2\xaf\x20\xef\xb8\xb5\x20".
"\xe2\x94\xbb\xe2\x94\x81\xe2\x94\xbb";
self::didFatal($msg);
}
public static function loadCoreLibraries() {
$phabricator_root = dirname(dirname(__FILE__));
$libraries_root = dirname($phabricator_root);
$root = null;
if (!empty($_SERVER['PHUTIL_LIBRARY_ROOT'])) {
$root = $_SERVER['PHUTIL_LIBRARY_ROOT'];
}
ini_set(
'include_path',
$libraries_root.PATH_SEPARATOR.ini_get('include_path'));
@include_once $root.'libphutil/src/__phutil_library_init__.php';
if (!@constant('__LIBPHUTIL__')) {
self::didFatal(
"Unable to load libphutil. Put libphutil/ next to phabricator/, or ".
"update your PHP 'include_path' to include the parent directory of ".
"libphutil/.");
}
phutil_load_library('arcanist/src');
// Load Phabricator itself using the absolute path, so we never end up doing
// anything surprising (loading index.php and libraries from different
// directories).
phutil_load_library($phabricator_root.'/src');
}
/* -( Output Capture )----------------------------------------------------- */
public static function beginOutputCapture() {
if (self::$capturingOutput) {
self::didFatal('Already capturing output!');
}
self::$capturingOutput = true;
ob_start();
}
public static function endOutputCapture() {
if (!self::$capturingOutput) {
return null;
}
self::$capturingOutput = false;
return ob_get_clean();
}
/* -( In Case of Apocalypse )---------------------------------------------- */
/**
* Fatal the request completely in response to an exception, sending a plain
* text message to the client. Calls @{method:didFatal} internally.
*
* @param string Brief description of the exception context, like
* `"Rendering Exception"`.
* @param Exception The exception itself.
* @param bool True if it's okay to show the exception's stack trace
* to the user. The trace will always be logged.
* @return exit This method **does not return**.
*
* @task apocalypse
*/
public static function didEncounterFatalException(
$note,
Exception $ex,
$show_trace) {
$message = '['.$note.'/'.get_class($ex).'] '.$ex->getMessage();
$full_message = $message;
$full_message .= "\n\n";
$full_message .= $ex->getTraceAsString();
if ($show_trace) {
$message = $full_message;
}
self::didFatal($message, $full_message);
}
/**
* Fatal the request completely, sending a plain text message to the client.
*
* @param string Plain text message to send to the client.
* @param string Plain text message to send to the error log. If not
* provided, the client message is used. You can pass a more
* detailed message here (e.g., with stack traces) to avoid
* showing it to users.
* @return exit This method **does not return**.
*
* @task apocalypse
*/
public static function didFatal($message, $log_message = null) {
if ($log_message === null) {
$log_message = $message;
}
self::endOutputCapture();
$access_log = self::getGlobal('log.access');
if ($access_log) {
// We may end up here before the access log is initialized, e.g. from
// verifyPHP().
$access_log->setData(
array(
'c' => 500,
));
$access_log->write();
}
header(
'Content-Type: text/plain; charset=utf-8',
$replace = true,
$http_error = 500);
error_log($log_message);
echo $message;
exit(1);
}
/* -( Validation )--------------------------------------------------------- */
/**
* @task validation
*/
private static function setupPHP() {
error_reporting(E_ALL | E_STRICT);
+ self::$oldMemoryLimit = ini_get('memory_limit');
ini_set('memory_limit', -1);
// If we have libxml, disable the incredibly dangerous entity loader.
if (function_exists('libxml_disable_entity_loader')) {
libxml_disable_entity_loader(true);
}
}
+
+ /**
+ * @task validation
+ */
+ public static function getOldMemoryLimit() {
+ return self::$oldMemoryLimit;
+ }
+
/**
* @task validation
*/
private static function normalizeInput() {
// Replace superglobals with unfiltered versions, disrespect php.ini (we
// filter ourselves)
$filter = array(INPUT_GET, INPUT_POST,
INPUT_SERVER, INPUT_ENV, INPUT_COOKIE);
foreach ($filter as $type) {
$filtered = filter_input_array($type, FILTER_UNSAFE_RAW);
if (!is_array($filtered)) {
continue;
}
switch ($type) {
case INPUT_SERVER:
$_SERVER = array_merge($_SERVER, $filtered);
break;
case INPUT_GET:
$_GET = array_merge($_GET, $filtered);
break;
case INPUT_COOKIE:
$_COOKIE = array_merge($_COOKIE, $filtered);
break;
case INPUT_POST:
$_POST = array_merge($_POST, $filtered);
break;
case INPUT_ENV;
$_ENV = array_merge($_ENV, $filtered);
break;
}
}
// rebuild $_REQUEST, respecting order declared in ini files
$order = ini_get('request_order');
if (!$order) {
$order = ini_get('variables_order');
}
if (!$order) {
// $_REQUEST will be empty, leave it alone
return;
}
$_REQUEST = array();
for ($i = 0; $i < strlen($order); $i++) {
switch ($order[$i]) {
case 'G':
$_REQUEST = array_merge($_REQUEST, $_GET);
break;
case 'P':
$_REQUEST = array_merge($_REQUEST, $_POST);
break;
case 'C':
$_REQUEST = array_merge($_REQUEST, $_COOKIE);
break;
default:
// $_ENV and $_SERVER never go into $_REQUEST
break;
}
}
}
/**
* @task validation
*/
private static function verifyPHP() {
$required_version = '5.2.3';
if (version_compare(PHP_VERSION, $required_version) < 0) {
self::didFatal(
"You are running PHP version '".PHP_VERSION."', which is older than ".
"the minimum version, '{$required_version}'. Update to at least ".
"'{$required_version}'.");
}
if (get_magic_quotes_gpc()) {
self::didFatal(
"Your server is configured with PHP 'magic_quotes_gpc' enabled. This ".
"feature is 'highly discouraged' by PHP's developers and you must ".
"disable it to run Phabricator. Consult the PHP manual for ".
"instructions.");
}
if (extension_loaded('apc')) {
$apc_version = phpversion('apc');
$known_bad = array(
'3.1.14' => true,
'3.1.15' => true,
'3.1.15-dev' => true,
);
if (isset($known_bad[$apc_version])) {
self::didFatal(
"You have APC {$apc_version} installed. This version of APC is ".
"known to be bad, and does not work with Phabricator (it will ".
"cause Phabricator to fatal unrecoverably with nonsense errors). ".
"Downgrade to version 3.1.13.");
}
}
}
/**
* @task validation
*/
private static function verifyRewriteRules() {
if (isset($_REQUEST['__path__']) && strlen($_REQUEST['__path__'])) {
return;
}
if (php_sapi_name() == 'cli-server') {
// Compatibility with PHP 5.4+ built-in web server.
$url = parse_url($_SERVER['REQUEST_URI']);
$_REQUEST['__path__'] = $url['path'];
return;
}
if (!isset($_REQUEST['__path__'])) {
self::didFatal(
"Request parameter '__path__' is not set. Your rewrite rules ".
"are not configured correctly.");
}
if (!strlen($_REQUEST['__path__'])) {
self::didFatal(
"Request parameter '__path__' is set, but empty. Your rewrite rules ".
"are not configured correctly. The '__path__' should always ".
"begin with a '/'.");
}
}
/**
* @task validation
*/
private static function validateGlobal($key) {
static $globals = array(
'log.access' => true,
'csrf.salt' => true,
);
if (empty($globals[$key])) {
throw new Exception("Access to unknown startup global '{$key}'!");
}
}
/**
* Detect if this request has had its POST data stripped by exceeding the
* 'post_max_size' PHP configuration limit.
*
* PHP has a setting called 'post_max_size'. If a POST request arrives with
* a body larger than the limit, PHP doesn't generate $_POST but processes
* the request anyway, and provides no formal way to detect that this
* happened.
*
* We can still read the entire body out of `php://input`. However according
* to the documentation the stream isn't available for "multipart/form-data"
* (on nginx + php-fpm it appears that it is available, though, at least) so
* any attempt to generate $_POST would be fragile.
*
* @task validation
*/
private static function detectPostMaxSizeTriggered() {
// If this wasn't a POST, we're fine.
if ($_SERVER['REQUEST_METHOD'] != 'POST') {
return;
}
// If there's POST data, clearly we're in good shape.
if ($_POST) {
return;
}
// For HTML5 drag-and-drop file uploads, Safari submits the data as
// "application/x-www-form-urlencoded". For most files this generates
// something in POST because most files decode to some nonempty (albeit
// meaningless) value. However, some files (particularly small images)
// don't decode to anything. If we know this is a drag-and-drop upload,
// we can skip this check.
if (isset($_REQUEST['__upload__'])) {
return;
}
// PHP generates $_POST only for two content types. This routing happens
// in `main/php_content_types.c` in PHP. Normally, all forms use one of
// these content types, but some requests may not -- for example, Firefox
// submits files sent over HTML5 XMLHTTPRequest APIs with the Content-Type
// of the file itself. If we don't have a recognized content type, we
// don't need $_POST.
//
// NOTE: We use strncmp() because the actual content type may be something
// like "multipart/form-data; boundary=...".
//
// NOTE: Chrome sometimes omits this header, see some discussion in T1762
// and http://code.google.com/p/chromium/issues/detail?id=6800
$content_type = isset($_SERVER['CONTENT_TYPE'])
? $_SERVER['CONTENT_TYPE']
: '';
$parsed_types = array(
'application/x-www-form-urlencoded',
'multipart/form-data',
);
$is_parsed_type = false;
foreach ($parsed_types as $parsed_type) {
if (strncmp($content_type, $parsed_type, strlen($parsed_type)) === 0) {
$is_parsed_type = true;
break;
}
}
if (!$is_parsed_type) {
return;
}
// Check for 'Content-Length'. If there's no data, we don't expect $_POST
// to exist.
$length = (int)$_SERVER['CONTENT_LENGTH'];
if (!$length) {
return;
}
// Time to fatal: we know this was a POST with data that should have been
// populated into $_POST, but it wasn't.
$config = ini_get('post_max_size');
PhabricatorStartup::didFatal(
"As received by the server, this request had a nonzero content length ".
"but no POST data.\n\n".
"Normally, this indicates that it exceeds the 'post_max_size' setting ".
"in the PHP configuration on the server. Increase the 'post_max_size' ".
"setting or reduce the size of the request.\n\n".
"Request size according to 'Content-Length' was '{$length}', ".
"'post_max_size' is set to '{$config}'.");
}
/* -( Rate Limiting )------------------------------------------------------ */
/**
* Adjust the permissible rate limit score.
*
* By default, the limit is `1000`. You can use this method to set it to
* a larger or smaller value. If you set it to `2000`, users may make twice
* as many requests before rate limiting.
*
* @param int Maximum score before rate limiting.
* @return void
* @task ratelimit
*/
public static function setMaximumRate($rate) {
self::$maximumRate = $rate;
}
/**
* Check if the user (identified by `$user_identity`) has issued too many
* requests recently. If they have, end the request with a 429 error code.
*
* The key just needs to identify the user. Phabricator uses both user PHIDs
* and user IPs as keys, tracking logged-in and logged-out users separately
* and enforcing different limits.
*
* @param string Some key which identifies the user making the request.
* @return void If the user has exceeded the rate limit, this method
* does not return.
* @task ratelimit
*/
public static function rateLimitRequest($user_identity) {
if (!self::canRateLimit()) {
return;
}
$score = self::getRateLimitScore($user_identity);
if ($score > (self::$maximumRate * self::getRateLimitBucketCount())) {
// Give the user some bonus points for getting rate limited. This keeps
// bad actors who keep slamming the 429 page locked out completely,
// instead of letting them get a burst of requests through every minute
// after a bucket expires.
self::addRateLimitScore($user_identity, 50);
self::didRateLimit($user_identity);
}
}
/**
* Add points to the rate limit score for some user.
*
* If users have earned more than 1000 points per minute across all the
* buckets they'll be locked out of the application, so awarding 1 point per
* request roughly corresponds to allowing 1000 requests per second, while
* awarding 50 points roughly corresponds to allowing 20 requests per second.
*
* @param string Some key which identifies the user making the request.
* @param float The cost for this request; more points pushes them toward
* the limit faster.
* @return void
* @task ratelimit
*/
public static function addRateLimitScore($user_identity, $score) {
if (!self::canRateLimit()) {
return;
}
$current = self::getRateLimitBucket();
// There's a bit of a race here, if a second process reads the bucket before
// this one writes it, but it's fine if we occasionally fail to record a
// user's score. If they're making requests fast enough to hit rate
// limiting, we'll get them soon.
$bucket_key = self::getRateLimitBucketKey($current);
$bucket = apc_fetch($bucket_key);
if (!is_array($bucket)) {
$bucket = array();
}
if (empty($bucket[$user_identity])) {
$bucket[$user_identity] = 0;
}
$bucket[$user_identity] += $score;
apc_store($bucket_key, $bucket);
}
/**
* Determine if rate limiting is available.
*
* Rate limiting depends on APC, and isn't available unless the APC user
* cache is available.
*
* @return bool True if rate limiting is available.
* @task ratelimit
*/
private static function canRateLimit() {
if (!self::$maximumRate) {
return false;
}
if (!function_exists('apc_fetch')) {
return false;
}
return true;
}
/**
* Get the current bucket for storing rate limit scores.
*
* @return int The current bucket.
* @task ratelimit
*/
private static function getRateLimitBucket() {
return (int)(time() / 60);
}
/**
* Get the total number of rate limit buckets to retain.
*
* @return int Total number of rate limit buckets to retain.
* @task ratelimit
*/
private static function getRateLimitBucketCount() {
return 5;
}
/**
* Get the APC key for a given bucket.
*
* @param int Bucket to get the key for.
* @return string APC key for the bucket.
* @task ratelimit
*/
private static function getRateLimitBucketKey($bucket) {
return 'rate:bucket:'.$bucket;
}
/**
* Get the APC key for the smallest stored bucket.
*
* @return string APC key for the smallest stored bucket.
* @task ratelimit
*/
private static function getRateLimitMinKey() {
return 'rate:min';
}
/**
* Get the current rate limit score for a given user.
*
* @param string Unique key identifying the user.
* @return float The user's current score.
* @task ratelimit
*/
private static function getRateLimitScore($user_identity) {
$min_key = self::getRateLimitMinKey();
// Identify the oldest bucket stored in APC.
$cur = self::getRateLimitBucket();
$min = apc_fetch($min_key);
// If we don't have any buckets stored yet, store the current bucket as
// the oldest bucket.
if (!$min) {
apc_store($min_key, $cur);
$min = $cur;
}
// Destroy any buckets that are older than the minimum bucket we're keeping
// track of. Under load this normally shouldn't do anything, but will clean
// up an old bucket once per minute.
$count = self::getRateLimitBucketCount();
for ($cursor = $min; $cursor < ($cur - $count); $cursor++) {
apc_delete(self::getRateLimitBucketKey($cursor));
apc_store($min_key, $cursor + 1);
}
// Now, sum up the user's scores in all of the active buckets.
$score = 0;
for (; $cursor <= $cur; $cursor++) {
$bucket = apc_fetch(self::getRateLimitBucketKey($cursor));
if (isset($bucket[$user_identity])) {
$score += $bucket[$user_identity];
}
}
return $score;
}
/**
* Emit an HTTP 429 "Too Many Requests" response (indicating that the user
* has exceeded application rate limits) and exit.
*
* @return exit This method **does not return**.
* @task ratelimit
*/
private static function didRateLimit() {
$message =
"TOO MANY REQUESTS\n".
"You are issuing too many requests too quickly.\n".
"To adjust limits, see \"Configuring a Preamble Script\" in the ".
"documentation.";
header(
'Content-Type: text/plain; charset=utf-8',
$replace = true,
$http_error = 429);
echo $message;
exit(1);
}
}

File Metadata

Mime Type
text/x-diff
Expires
Sat, Feb 22, 17:11 (20 h, 45 m ago)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
1179142
Default Alt Text
(44 KB)

Event Timeline

Content licensed under Creative Commons Attribution-ShareAlike 4.0 (CC-BY-SA) unless otherwise noted; code licensed under Apache 2.0 or other open source licenses. · CC BY-SA 4.0 · Apache 2.0