Page MenuHomePhorge
Feed All Stories

Apr 13 2022

avivey created T15090: CVE-2022-24765 - Multi-user Git Privilege Escalation.
Apr 13 2022, 18:07 · Phorge General/Unknown, Restricted Project

Apr 11 2022

20after4 added a comment to T15084: Discussion: Maniphest vs Ponder for user support.

I'm setting the "Moderate" policy on Ponder to Trusted Contributors and I'll add a link to Ponder from the default home page.

Apr 11 2022, 17:17 · Phorge Upstream
20after4 changed the Moderate Policy policy for application Ponder from Administrators to Trusted Contributors (Project).
Apr 11 2022, 17:16
20after4 awarded T15084: Discussion: Maniphest vs Ponder for user support a Mountain of Wealth token.
Apr 11 2022, 17:15 · Phorge Upstream

Apr 9 2022

dcog added a comment to April 5, 2022.

Some initial findings on Rector...

Apr 9 2022, 19:43 · Governance

Apr 6 2022

20after4 awarded April 5, 2022 a Mountain of Wealth token.
Apr 6 2022, 16:59 · Governance

Apr 5 2022

Matthew created an object: April 19, 2022.
Apr 5 2022, 20:00 · Governance
Matthew edited the content of Planning Meetings.
Apr 5 2022, 19:58
Matthew added a comment to T15012: Update Diviner documentation to reference Phorge.

As discussed in {E2}, we might add temporary banners to Diviner to state that we are rebranding. This would allow some time for us to handle the code rebrand and address the underlying Diviner issues before we edit everything twice.

Apr 5 2022, 19:56 · Phorge
Matthew assigned T15084: Discussion: Maniphest vs Ponder for user support to 20after4.

As discussed in {E2}, we will be implementing this to control spam for now. If this doesn't work, we will revisit this discussion.

Apr 5 2022, 19:53 · Phorge Upstream
Matthew edited the content of April 5, 2022.
Apr 5 2022, 19:52 · Governance
avivey changed the join policy for Trusted Contributors.
Apr 5 2022, 19:45
Matthew triaged T15088: Allow for Diviner books to live in their own Repo as Wishlist priority.
Apr 5 2022, 19:00 · Harbormaster, Diviner
Matthew added a comment to T15012: Update Diviner documentation to reference Phorge.

I will note that also the tech docs aren’t fully generated since there should be docs for most of the phorge/phabricator classes. Also the arcanist docs aren’t generated at all.

Apr 5 2022, 18:57 · Phorge
Matthew created an object: April 5, 2022.
Apr 5 2022, 18:46 · Governance
Matthew edited the content of Planning Meetings.
Apr 5 2022, 18:41

Apr 4 2022

Matthew renamed T15087: [removed] from Can Cash App Be Hacked If You Are A New User Who Is Using The Low Security Feature? to [removed].
Apr 4 2022, 18:11
golyalpha added a comment to T15059: Phabricator doesn't email @outlook.com addresses.

Alright, I've just went through a similar process - they apparently have changed their process a little but there still is a form to fill out: https://support.microsoft.com/en-us/getsupport?oaspworkflow=start_1.0.0.0&wfname=capsub&productkey=edfsmsbl3 (you need a Microsoft Account to fill it out, but they'll contact you on the contact email you give in the form)

Apr 4 2022, 10:06 · Phorge
golyalpha closed T15087: [removed] as Invalid.

Obviously spam.

Apr 4 2022, 09:58
miler7425 created T15087: [removed].
Apr 4 2022, 06:21

Apr 3 2022

golyalpha created T15086: Support Inbound Mail over IMAP.
Apr 3 2022, 18:17 · Mail

Apr 2 2022

alinaparker186 updated alinaparker186.
Apr 2 2022, 13:00
canvas_supplier_singapore updated canvas_supplier_singapore.
Apr 2 2022, 10:41

Apr 1 2022

golyalpha added a comment to T15082: Consider allowing milestone columns to be ordered arbitrarily on workboards.

Reordering milestones is convenient when you want to treat milestones as workflow steps rather than sequential numerical versions.

Apr 1 2022, 05:40 · Projects

Mar 31 2022

20after4 added a comment to T15082: Consider allowing milestone columns to be ordered arbitrarily on workboards.

epriestley was very much against this idea but wikimedia's users loved it.

Do we have epristley's reasoning as to why he was against this? Might help in deciding about including this patch in Phorge.

Mar 31 2022, 23:55 · Projects
bird_control updated bird_control.
Mar 31 2022, 09:27

Mar 30 2022

Matthew closed D25035: Hide the blurb of a user when that user is disabled.
Mar 30 2022, 15:17
Matthew committed rP7d4357683a31: Hide the blurb of a user when that user is disabled (authored by Matthew).
Hide the blurb of a user when that user is disabled
Mar 30 2022, 15:17
Matthew renamed T15085: [removed] from Can Cash App Be Hacked If Someone Compromise The Password? to [removed].
Mar 30 2022, 15:10
Matthew closed T15085: [removed] as Spite.
Mar 30 2022, 15:10
dinhickup updated dinhickup.
Mar 30 2022, 06:09
dinhickup created T15085: [removed].
Mar 30 2022, 06:07
mrbk25 updated mrbk25.
Mar 30 2022, 04:43
mrbk25 updated mrbk25.
Mar 30 2022, 04:43
mrbk25 updated mrbk25.
Mar 30 2022, 04:42
mrbk25 updated mrbk25.
Mar 30 2022, 04:42

Mar 29 2022

Matthew triaged T15084: Discussion: Maniphest vs Ponder for user support as Low priority.
Mar 29 2022, 16:25 · Phorge Upstream
golyalpha added a comment to T15077: Rebrand: Tracking task.

Since all changes are going to be submitted to the upstream prior to landing here in Phorge it would be easiest if changes were made to a clone of Phabricator and not a clone of Phorge.

Mar 29 2022, 07:26 · Phorge
golyalpha added a comment to T15082: Consider allowing milestone columns to be ordered arbitrarily on workboards.

epriestley was very much against this idea but wikimedia's users loved it.

Mar 29 2022, 07:16 · Projects
woakeschris41 updated woakeschris41.
Mar 29 2022, 06:31
Matthew added a comment to T15075: Add support for @link in diviner.

Thanks for your comments! Namespacing might be useful, we would have to figure out what that looked like. I was thinking "/book/group/link" as that would be pretty natural (and is very close to what Diviner does already: "/book/group/filename"). It would also allow for us to eventually make Diviner widely useful, see secure: T4558. However, that is a broader discussion that should probably wait...

Mar 29 2022, 03:54 · Diviner
speck added a comment to T15075: Add support for @link in diviner.

A few thoughts. This sounds like a great idea as searching by article title seems a little fragile as you mention. I think a good practice for using the proposed @link would be to fully namespace it somehow like @link development.processes.i18n, though I'm not totally sure what that looks like as I'm not familiar with the Diviner format or structure. If we have the use of namespaces then managing multiple @link declarations might lead to confusion or tedious to maintain. To me this also feels more similar to something like an @id rather than @link. What are your thoughts?

Mar 29 2022, 03:36 · Diviner
speck added a comment to T15079: Upstream TranslateWiki's changes.

A highly unfortunate side-effect of T15077: Rebrand: Tracking task is that it will invalidate a ton of translations. My guess is that upstream did not want to maintain these translations as part of the release product, possibly due to not requiring translations be part of the Phabricator release process. If we pull them into the Phorge codebase then we would likely need to update all translations for any text changes made during development, prior to release. I think it would make sense to host the translations in a repository here but I would worry about them quickly falling out of date. Handling of translations is likely a larger-sized project that we would need help managing.

Mar 29 2022, 03:30 · Localization, Phorge General/Unknown
speck edited the content of March 21, 2022.
Mar 29 2022, 03:18
speck added a comment to T15006: Re-brand Phorge.

As part of {E1} we reviewed this as a priority item, and have created T15077: Rebrand: Tracking task for concrete first steps forwards. There is a lot of text to update and review and that task is setup with instructions on how we're approaching it as well as listing out all the individual applications to update. Anyone interested in assisting please review that task and feel free to put your name on an application/folder, as well as ask any questions for clarification.

Mar 29 2022, 03:17 · Phorge
speck edited the content of March 21, 2022.
Mar 29 2022, 03:13
speck updated the task description for T15077: Rebrand: Tracking task.
Mar 29 2022, 03:13 · Phorge
speck added a comment to T15077: Rebrand: Tracking task.

I put up some coding guidelines that I could recall from when I was working with upstream on example changes. I won't be back at my home office for another week so there may be some things I'm missing but I think a number of things were covered/discussed with Evan on the example changes in https://secure.phabricator.com/D21712.

Mar 29 2022, 03:08 · Phorge
Matthew closed T15071: Setup recurring Core meeting as Resolved.

I am closing this, future meetings are scheduled now. See March 21, 2022 for more information.

Mar 29 2022, 03:04 · Governance
speck updated the task description for T15077: Rebrand: Tracking task.
Mar 29 2022, 03:00 · Phorge
Matthew created T15083: Lipsum randomly fails when there are no repositories defined.
Mar 29 2022, 02:59 · Owners
speck edited the content of Planning Meetings.
Mar 29 2022, 02:41
speck updated the task description for T15077: Rebrand: Tracking task.
Mar 29 2022, 02:35 · Phorge
speck updated the task description for T15077: Rebrand: Tracking task.
Mar 29 2022, 02:35 · Phorge
speck created an object: March 21, 2022.
Mar 29 2022, 02:34
speck edited the content of Planning Meetings.
Mar 29 2022, 02:29
speck created an object: Planning Meetings.
Mar 29 2022, 02:25
Matthew updated the task description for T15077: Rebrand: Tracking task.
Mar 29 2022, 00:42 · Phorge

Mar 25 2022

20after4 added a subtask for T15081: Figure out if there are patches from Wikimedia's fork that are desirable to upstream in Phorge: T15082: Consider allowing milestone columns to be ordered arbitrarily on workboards.
Mar 25 2022, 13:18 · Phorge Upstream
20after4 added a parent task for T15082: Consider allowing milestone columns to be ordered arbitrarily on workboards: T15081: Figure out if there are patches from Wikimedia's fork that are desirable to upstream in Phorge.
Mar 25 2022, 13:18 · Projects
20after4 added a project to T15082: Consider allowing milestone columns to be ordered arbitrarily on workboards: Projects.
Mar 25 2022, 13:17 · Projects
20after4 created T15082: Consider allowing milestone columns to be ordered arbitrarily on workboards.
Mar 25 2022, 13:17 · Projects
golyalpha updated the task description for T15080: Intermittent DNS issues when attempting to visit we.phorge.it.
Mar 25 2022, 11:52 · Phorge Upstream
golyalpha added a comment to T15080: Intermittent DNS issues when attempting to visit we.phorge.it.
In T15080#1970, @speck wrote:

Unfortunately this type of issue is in an area that's beyond my network/configuration experience. Is CloudFlare our NS provider?

Mar 25 2022, 09:21 · Phorge Upstream
golyalpha added a comment to T15078: Support for hardware keys as second factor.

What you're talking about is more like mTLS (mutual TLS), that's not actually how WebAuthn works. (Though supporting mTLS for sign-ins might also be something worth looking into)

Mar 25 2022, 09:19 · Auth
20after4 added a comment to T15081: Figure out if there are patches from Wikimedia's fork that are desirable to upstream in Phorge.
  • e95157e39bf5 Show matching context from the document body in ferret search results
    • This is not perfect but it generally works - display a snippet from the matched document and highlight the matched words - kind standard and expected from any full-text search engine. Probably not my best work as far as code quality / it's a bit hacky and performance may not be stellar, however, it's been in use at wikimedia for quite some time without any major issues that I'm aware of.
  • bba62cf52435 Hide the "hidden" fields on custom form previews.
    • This is a single line change to css that makes things a lot cleaner when you have a lot of custom forms with a lot of custom fields.
    • submitted as D25037
  • 9191d4838278 Make "task type" and date-type custom fields work in herald.
  • 3d33d1cceac7 Implement Atom/RSS discovery on Phame blog pages
  • ebfe30890b52 Add column sequence to the conduit api results for column.search
    • This seems like an obvious omission from the conduit api for columns and the change is straightforward.
    • submitted as D25038
  • 893664bd44b8 EditEngine: 'Duplicate Form' action to create new forms from existing config.
    • This makes it much easier to clutter up your custom forms with 100 variations of your forms. It also makes it much easier to make a new form vs. starting from scratch every time. It's sort of a hack and the custom form management UI needs a lot of improvement generally, this was just the minimum change I could implement to make life slightly easier for myself and fellow Wikimedia phab admins. Not sure it's a good idea in the upstream without further changes to go with it.
  • 44a94dc04b3f Fix validation of "column" transaction type in "maniphest.edit"
Mar 25 2022, 08:20 · Phorge Upstream
20after4 created T15081: Figure out if there are patches from Wikimedia's fork that are desirable to upstream in Phorge.
Mar 25 2022, 07:52 · Phorge Upstream
20after4 created P3 Wikimedia patches.
Mar 25 2022, 07:50
20after4 added a comment to D25035: Hide the blurb of a user when that user is disabled.

fwiw, this is how I handled it in the wikimedia fork:

Mar 25 2022, 04:45
speck accepted D25035: Hide the blurb of a user when that user is disabled.

Ah interesting. My own preference would be updating PhabricatoPeopleProfileController as I would associate this more as a view-level change but looking again at how this is structured I don't think it would cause any issues and I don't feel too strongly about changing it.

Mar 25 2022, 02:42
Matthew added a comment to D25035: Hide the blurb of a user when that user is disabled.
In D25035#1059, @speck wrote:

Real quick before landing -- should this change be made here in PhabricatorUser or would it be sufficient in PhabricatorPeopleProfileController? Placing it here affects the profile at the data model source which would likely cause the same blurb-scrub in any other location it might render, but it might also cause problems in areas which need to access the profile data for other reasons other than rendering, e.g. if a profile gets copied/cloned in memory then this might result in losing the profile data altogether. Updating only PhabricatoPeopleProfileController to call cleanupProfile() instead of within PhabricatorUser would only scrub it at the time it's being rendered (to the profile page at least).

Mar 25 2022, 02:32
speck added a comment to D25035: Hide the blurb of a user when that user is disabled.

Real quick before landing -- should this change be made here in PhabricatorUser or would it be sufficient in PhabricatorPeopleProfileController? Placing it here affects the profile at the data model source which would likely cause the same blurb-scrub in any other location it might render, but it might also cause problems in areas which need to access the profile data for other reasons other than rendering, e.g. if a profile gets copied/cloned in memory then this might result in losing the profile data altogether. Updating only PhabricatoPeopleProfileController to call cleanupProfile() instead of within PhabricatorUser would only scrub it at the time it's being rendered (to the profile page at least).

Mar 25 2022, 01:50
Matthew added a comment to D25035: Hide the blurb of a user when that user is disabled.
In D25035#1051, @speck wrote:

I'm having trouble landing this, I keep getting 403 errors. I suspect it's a local configuration issue, though...

All that should be required to land is being in Blessed Committers I think, which you are a member of

Mar 25 2022, 01:37
Matthew updated the diff for D25035: Hide the blurb of a user when that user is disabled.

Address code review comments

Mar 25 2022, 01:36
Matthew added a comment to T15080: Intermittent DNS issues when attempting to visit we.phorge.it.
In T15080#1970, @speck wrote:

Unfortunately this type of issue is in an area that's beyond my network/configuration experience. Is CloudFlare our NS provider?

Mar 25 2022, 01:32 · Phorge Upstream
speck added a comment to T15078: Support for hardware keys as second factor.

I've only looked at the new auth frameworks briefly (WebAuthn, is there another standard too?). My basic understanding is that the browser provides the client with its own certificate which HTTP requests are able to include with it, as a means of providing authentication for the user. This seems like a reasonable thing to allow though I'd also be interested in learning more about the tech in general.

Mar 25 2022, 01:24 · Auth
speck added a comment to T15080: Intermittent DNS issues when attempting to visit we.phorge.it.

Unfortunately this type of issue is in an area that's beyond my network/configuration experience. Is CloudFlare our NS provider?

Mar 25 2022, 01:20 · Phorge Upstream
speck accepted D25035: Hide the blurb of a user when that user is disabled.

I'm having trouble landing this, I keep getting 403 errors. I suspect it's a local configuration issue, though...

Mar 25 2022, 01:18

Mar 24 2022

Matthew added a comment to D25035: Hide the blurb of a user when that user is disabled.

Thank you for the review, @avivey !

Mar 24 2022, 23:18
Matthew triaged T15080: Intermittent DNS issues when attempting to visit we.phorge.it as High priority.
Mar 24 2022, 22:52 · Phorge Upstream
Matthew added a task to D25035: Hide the blurb of a user when that user is disabled: Unknown Object (Maniphest Task).
Mar 24 2022, 22:10
golyalpha added a comment to T15078: Support for hardware keys as second factor.

We should definitely focus on implementing WebAuthn, as that allows us to support almost every standard hardware key solution out there.

Mar 24 2022, 18:35 · Auth
golyalpha created T15080: Intermittent DNS issues when attempting to visit we.phorge.it.
Mar 24 2022, 18:19 · Phorge Upstream
avivey accepted D25035: Hide the blurb of a user when that user is disabled.

lgtm.

Mar 24 2022, 18:03
avivey added a comment to T15078: Support for hardware keys as second factor.

The upstream discussion is at https://secure.phabricator.com/T8787

Mar 24 2022, 18:00 · Auth
Matthew triaged T15079: Upstream TranslateWiki's changes as Wishlist priority.
Mar 24 2022, 02:30 · Localization, Phorge General/Unknown
Matthew created T15079: Upstream TranslateWiki's changes.
Mar 24 2022, 02:30 · Localization, Phorge General/Unknown

Mar 23 2022

golyalpha created T15078: Support for hardware keys as second factor.
Mar 23 2022, 16:50 · Auth

Mar 22 2022

golyalpha updated the task description for T15077: Rebrand: Tracking task.
Mar 22 2022, 12:39 · Phorge
Matthew requested review of D25035: Hide the blurb of a user when that user is disabled.
Mar 22 2022, 04:07
Matthew updated the task description for T15077: Rebrand: Tracking task.
Mar 22 2022, 04:00 · Phorge
dcog awarded T15076: Expand Calendar recurring events a Love token.
Mar 22 2022, 00:17 · Calendar

Mar 21 2022

Matthew closed T15069: Disable spammers as Resolved.

Closing this task now, to prevent it from turning into a perpetual task.

Mar 21 2022, 20:57 · Upstream General/Unknown
avivey triaged T15077: Rebrand: Tracking task as High priority.
Mar 21 2022, 20:17 · Phorge
Matthew created T15076: Expand Calendar recurring events.
Mar 21 2022, 18:04 · Calendar
Matthew claimed T15075: Add support for @link in diviner.
Mar 21 2022, 17:44 · Diviner
Matthew created T15075: Add support for @link in diviner.
Mar 21 2022, 17:44 · Diviner
Matthew added a comment to T15069: Disable spammers.

The choice to not allow administrators to edit profiles is a strange one... at the very least, we should probably upstream Mukunda's patch.

Mar 21 2022, 16:23 · Upstream General/Unknown
golyalpha added a comment to T15069: Disable spammers.

Another one popped up: https://we.phorge.it/p/seo-auckland/

Mar 21 2022, 15:59 · Upstream General/Unknown
seo-auckland updated seo-auckland.
Mar 21 2022, 11:40