Page MenuHomePhorge
Feed All Stories

Nov 11 2023

speck added a comment to D25464: Enforce viewable MIME types config on PDF documents.

The Referenced Files section of this diff looks like someone is looking for a vulnerability. Any idea what’s happening here?

Nov 11 2023, 15:51
speck added inline comments to D25465: Fix loop in contribution docs.
Nov 11 2023, 15:48
speck added a comment to D25441: Fix possible array to string conversion renaming Pholio Mockup image.

Since this is for the timeline text maybe it should check for array and just say “multiple images” rather than grabbing the first.

Nov 11 2023, 15:43
aklapper updated the diff for D25414: Fix PHP 8.1 "strlen(null)" exception rendering PHUISegmentBar without a label.

Update per last comment

Nov 11 2023, 15:23
waldyrious added a comment to D25466: Improve command line prompts in setup issue pages.

I am not sure about all these changes. In particular, the changes in PhabricatorSetupIssueUIExample.php and PhabricatorSetupIssueView.php probably warrant extra scrutiny.

Nov 11 2023, 13:08 · Config, UX
waldyrious updated the diff for D25466: Improve command line prompts in setup issue pages.
  • Update the resources map
Nov 11 2023, 12:57 · Config, UX
waldyrious updated the test plan for D25466: Improve command line prompts in setup issue pages.
Nov 11 2023, 12:56 · Config, UX
waldyrious updated the summary of D25466: Improve command line prompts in setup issue pages.
Nov 11 2023, 12:55 · Config, UX
waldyrious updated the test plan for D25466: Improve command line prompts in setup issue pages.
Nov 11 2023, 12:54 · Config, UX
waldyrious requested review of D25466: Improve command line prompts in setup issue pages.
Nov 11 2023, 12:50 · Config, UX
aklapper added a comment to D25441: Fix possible array to string conversion renaming Pholio Mockup image.

Maybe I have to test this against PHP 8.1

Nov 11 2023, 12:48
aklapper closed D25450: Add Diffusion policy capability "Can Edit and View Identities".
Nov 11 2023, 12:27
aklapper closed T15443: Add Diffusion policy capability "Can Edit and View Identities" as Resolved by committing rP90f651d669e4: Add Diffusion policy capability "Can Edit and View Identities".
Nov 11 2023, 12:27 · Diffusion, Policy
aklapper committed rP90f651d669e4: Add Diffusion policy capability "Can Edit and View Identities".
Add Diffusion policy capability "Can Edit and View Identities"
Nov 11 2023, 12:27
waldyrious updated the summary of D25465: Fix loop in contribution docs.
Nov 11 2023, 11:16
waldyrious requested review of D25465: Fix loop in contribution docs.
Nov 11 2023, 11:14
l2dy updated the diff for D25464: Enforce viewable MIME types config on PDF documents.

Update config description

Nov 11 2023, 10:45
l2dy updated the question details for Q83: Pull security fixes from Mozilla's fork.
Nov 11 2023, 08:41 · Security, Phorge
l2dy added a comment to Q83: Pull security fixes from Mozilla's fork (Answer 108).

Mozilla's fixes were quick but not in good quality for direct submission to Phorge. I have adapted or rewritten two of the changes into D25462 and D25464.

Nov 11 2023, 08:25
l2dy updated the question details for Q83: Pull security fixes from Mozilla's fork.
Nov 11 2023, 08:13 · Security, Phorge
l2dy requested review of D25464: Enforce viewable MIME types config on PDF documents.
Nov 11 2023, 08:13
l2dy added a comment to D25462: Fix view policy inheritance on image transforms.

Before landing this change, I would like to know the right way to credit both the original author and my modifications with Arcanist (Q85).

Nov 11 2023, 02:43
l2dy closed D25463: Correct default database prefix in documentation.
Nov 11 2023, 02:33
l2dy committed rPc97a50472c5b: Correct default database prefix in documentation.
Correct default database prefix in documentation
Nov 11 2023, 02:33
speck accepted D25463: Correct default database prefix in documentation.

Thanks!

Nov 11 2023, 02:27
l2dy updated the diff for D25463: Correct default database prefix in documentation.

Reword

Nov 11 2023, 02:26
speck accepted D25462: Fix view policy inheritance on image transforms.

Awesome thanks for adding details and clarification

Nov 11 2023, 02:26
l2dy requested review of D25463: Correct default database prefix in documentation.
Nov 11 2023, 02:24
l2dy added inline comments to D25462: Fix view policy inheritance on image transforms.
Nov 11 2023, 00:34
l2dy added inline comments to D25462: Fix view policy inheritance on image transforms.
Nov 11 2023, 00:27
speck added inline comments to D25462: Fix view policy inheritance on image transforms.
Nov 11 2023, 00:03

Nov 10 2023

Matthew created T15664: Bug: Unable to add an empty repository to an owners package.
Nov 10 2023, 19:52 · Diffusion
l2dy asked Q85: How does amending author information work with `arc land`?.
Nov 10 2023, 18:01
valerio.bozzolan accepted D25450: Add Diffusion policy capability "Can Edit and View Identities".

Impressing test plan :D Tested intensively. No nuclear implosions. Yuppie yeah! ✨

Nov 10 2023, 16:49
valerio.bozzolan added a comment to Q83: Pull security fixes from Mozilla's fork.

Note that I cannot see Task T15663

Nov 10 2023, 16:45 · Security, Phorge
l2dy changed the visibility for Q83: Pull security fixes from Mozilla's fork.
Nov 10 2023, 16:40 · Security, Phorge
valerio.bozzolan updated the answer details for Q83: Pull security fixes from Mozilla's fork (Answer 108).
Nov 10 2023, 16:15
valerio.bozzolan updated the answer details for Q83: Pull security fixes from Mozilla's fork (Answer 108).
Nov 10 2023, 16:13
valerio.bozzolan updated the answer details for Q83: Pull security fixes from Mozilla's fork (Answer 108).
Nov 10 2023, 16:13
valerio.bozzolan updated the answer details for Q83: Pull security fixes from Mozilla's fork (Answer 108).
Nov 10 2023, 16:12
valerio.bozzolan added Q83: Pull security fixes from Mozilla's fork (Answer 108).
Nov 10 2023, 16:12
valerio.bozzolan added a comment to Q83: Pull security fixes from Mozilla's fork.

I'm not able to find #conduit in Matrix mozilla.org homeserver btw

Nov 10 2023, 16:11 · Security, Phorge
valerio.bozzolan added a comment to Q83: Pull security fixes from Mozilla's fork.

(It needs to be quoted just in we.phorge.it since indeed we have a Tag called Conduit :D Sorry for that)

Nov 10 2023, 16:10 · Security, Phorge
l2dy updated the question details for Q83: Pull security fixes from Mozilla's fork.
Nov 10 2023, 16:08 · Security, Phorge
valerio.bozzolan edited the content of Organizations Using Phorge.
Nov 10 2023, 16:07
valerio.bozzolan edited the content of Organizations Using Phorge.
Nov 10 2023, 16:07
l2dy added a comment to Q83: Pull security fixes from Mozilla's fork.

@valerio.bozzolan If you didn't get an answer, try asking in #conduit. I didn't realize that # needs to be quoted in Remarkup. 😢

Nov 10 2023, 16:05 · Security, Phorge
l2dy added a comment to D25462: Fix view policy inheritance on image transforms.

@valerio.bozzolan Upstream removed code that enforces $always_visible when $file->getIsProfileImage() is true in PhabricatorFileQuery.php, but I'm afraid that this change may break other things, so I did not apply it here, but on the other hand kept the description of "Image will be Public".

Nov 10 2023, 15:58
l2dy updated the summary of D25462: Fix view policy inheritance on image transforms.
Nov 10 2023, 15:57
l2dy updated the diff for D25462: Fix view policy inheritance on image transforms.

Mention upstream commit

Nov 10 2023, 15:56
valerio.bozzolan added a comment to Q83: Pull security fixes from Mozilla's fork.

Nice! Thanks

Nov 10 2023, 15:48 · Security, Phorge
valerio.bozzolan added a comment to D25462: Fix view policy inheritance on image transforms.

Maybe we can mention the upstream commit, and we can amend to set their author information.

Nov 10 2023, 15:40
l2dy added a comment to Q83: Pull security fixes from Mozilla's fork.

It would be great if Mozilla's team could join forces with Phorge. Would you (the core team) contact them in #conduit on chat.mozilla.org and mozilla.slack.com?

Nov 10 2023, 15:39 · Security, Phorge
l2dy updated the diff for D25462: Fix view policy inheritance on image transforms.

Fix lint warnings

Nov 10 2023, 15:13
l2dy requested review of D25462: Fix view policy inheritance on image transforms.
Nov 10 2023, 15:10
l2dy updated the question details for Q83: Pull security fixes from Mozilla's fork.
Nov 10 2023, 13:39 · Security, Phorge
l2dy added a comment to T15045: Support SSL/TLS for MariaDB connections.

I have reviewed it and made some comments. On a remotely related topic, TLS handshakes are expensive and persistent connections can reduce latency and server load by reusing TLS connections, so maybe we should make it configurable outside of cluster.databases as well.

Nov 10 2023, 13:07 · Security
valerio.bozzolan added a comment to Q83: Pull security fixes from Mozilla's fork.

I wonder if they are aware that Phorge exists and that we are open to contributions :)

Nov 10 2023, 13:05 · Security, Phorge
valerio.bozzolan added a comment to D25461: Disallow webcrawlers to follow Paste line number anchor links.

I will keep this change in my production for a while:

Nov 10 2023, 13:01
valerio.bozzolan added a comment to D25441: Fix possible array to string conversion renaming Pholio Mockup image.

Where to find the test plan?

Nov 10 2023, 12:31
valerio.bozzolan updated the test plan for D25441: Fix possible array to string conversion renaming Pholio Mockup image.
Nov 10 2023, 12:27
aklapper requested review of D25461: Disallow webcrawlers to follow Paste line number anchor links.
Nov 10 2023, 11:57
aklapper added a revision to T15662: Disallow webcrawlers to follow Paste line number anchor links: D25461: Disallow webcrawlers to follow Paste line number anchor links.
Nov 10 2023, 11:57
aklapper created T15662: Disallow webcrawlers to follow Paste line number anchor links.
Nov 10 2023, 11:51
aklapper closed T15661: Make "git cat-file" exception messages include repository monogram/slug as Resolved by committing rP87e9c936ad1c: Make "git cat-file" exception messages include repository monogram/slug.
Nov 10 2023, 10:40
aklapper closed D25460: Make "git cat-file" exception messages include repository monogram/slug.
Nov 10 2023, 10:40
aklapper committed rP87e9c936ad1c: Make "git cat-file" exception messages include repository monogram/slug.
Make "git cat-file" exception messages include repository monogram/slug
Nov 10 2023, 10:40
waldyrious added a watcher for Remarkup: waldyrious.
Nov 10 2023, 09:17
waldyrious closed D25425: Remove mention of Phabricator in the Auth setup check.
Nov 10 2023, 09:13
waldyrious committed rP0729aa574bfd: Remove mention of Phabricator in the Auth setup check.
Remove mention of Phabricator in the Auth setup check
Nov 10 2023, 09:13
waldyrious closed D25458: Adjust message in timezone conflict form.
Nov 10 2023, 09:03
waldyrious committed rP8092d90c79fc: Adjust message in timezone conflict form.
Adjust message in timezone conflict form
Nov 10 2023, 09:03
bekay updated the task description for T15583: Typeahead datasource query for repos should match substrings.
Nov 10 2023, 07:57 · Feature Requests, Diffusion
speck added inline comments to D25421: Audit Feed: less verbose when the author is the committer.
Nov 10 2023, 04:04
speck accepted D25460: Make "git cat-file" exception messages include repository monogram/slug.

This seems reasonable to me. It only adds further information to logs. I suppose there are some paths that could result in showing exception on the client-side but including monogram doesn’t seem concerning/dangerous.

Nov 10 2023, 03:58
speck accepted D25425: Remove mention of Phabricator in the Auth setup check.
Nov 10 2023, 03:56

Nov 9 2023

waldyrious created P25 arc land error.
Nov 9 2023, 22:55
valerio.bozzolan added inline comments to D25421: Audit Feed: less verbose when the author is the committer.
Nov 9 2023, 20:08
valerio.bozzolan edited the content of Next Up.
Nov 9 2023, 20:06
valerio.bozzolan closed T15497: Exception when viewing incoming Chat room messages, when not in Participants as Resolved by committing rP8507d3a95072: Fix Exception in Chat room when you are not a Participant.
Nov 9 2023, 20:06 · Conpherence
valerio.bozzolan closed D25408: Fix Exception in Chat room when you are not a Participant.
Nov 9 2023, 20:06
valerio.bozzolan committed rP8507d3a95072: Fix Exception in Chat room when you are not a Participant.
Fix Exception in Chat room when you are not a Participant
Nov 9 2023, 20:06
valerio.bozzolan edited the content of Next Up.
Nov 9 2023, 20:03
aklapper closed T15652: Unhandled Exception: Call to undefined method PhabricatorTokenGivenQuery::withIDs() as Resolved by committing rPdfa15726ea5a: Fix cursor paging issue in Given Token query call.
Nov 9 2023, 20:01 · Bug Reports
aklapper closed D25455: Fix cursor paging issue in Given Token query call.
Nov 9 2023, 20:01
aklapper committed rPdfa15726ea5a: Fix cursor paging issue in Given Token query call.
Fix cursor paging issue in Given Token query call
Nov 9 2023, 20:01
aklapper added a comment to D25460: Make "git cat-file" exception messages include repository monogram/slug.

If this is considered too dangerous to merge, I could first test this in downstream for a while.

Nov 9 2023, 19:25
aklapper requested review of D25460: Make "git cat-file" exception messages include repository monogram/slug.
Nov 9 2023, 19:24
aklapper added a revision to T15661: Make "git cat-file" exception messages include repository monogram/slug: D25460: Make "git cat-file" exception messages include repository monogram/slug.
Nov 9 2023, 19:24
aklapper created T15661: Make "git cat-file" exception messages include repository monogram/slug.
Nov 9 2023, 19:14
l2dy closed D25459: Fix doc link to Restarting Phorge.
Nov 9 2023, 11:34
l2dy committed rPce5e0f3e333e: Fix doc link to Restarting Phorge.
Fix doc link to Restarting Phorge
Nov 9 2023, 11:34
valerio.bozzolan added a comment to D25457: Update diffusion browse to generate Table of Contents when viewed as remarkup.
  1. for CSS classes, it seems Phorge would use .collapsible-content instead of camel case
Nov 9 2023, 07:16
valerio.bozzolan updated the summary of D25408: Fix Exception in Chat room when you are not a Participant.
Nov 9 2023, 06:36
valerio.bozzolan updated the summary of D25408: Fix Exception in Chat room when you are not a Participant.
Nov 9 2023, 06:32
valerio.bozzolan updated the diff for D25408: Fix Exception in Chat room when you are not a Participant.

Follow review tips

Nov 9 2023, 06:31
valerio.bozzolan added a comment to D25459: Fix doc link to Restarting Phorge.
In D25459#13138, @speck wrote:

Would there be a bunch of these lying around?

Nov 9 2023, 06:21
valerio.bozzolan accepted D25425: Remove mention of Phabricator in the Auth setup check.

Ah! Thanks! I was not aware that it was a common practice:

Nov 9 2023, 06:15
waldyrious added a comment to D25425: Remove mention of Phabricator in the Auth setup check.

the prefix was added to have arcanist/phorge indication. So, if we use just $ it's better to remove it.

Nov 9 2023, 01:08
waldyrious updated the diff for D25458: Adjust message in timezone conflict form.
  • Adjust message per code review suggestion
Nov 9 2023, 00:52