In D25464#13328, @speck wrote:

The Referenced Files section of this diff looks like someone is looking for a vulnerability. Any idea what’s happening here?

arc diff throws an error and arc land ignores it. Instead of getting it to work with Differential, I'm amending the commit manually with git commit --amend -s after arc land --hold.

Update commit message

I see this change as safe since:

Thaanks! Over-tested intensively with NULL, 'asd', objects, aliens, lizards etc.

The Referenced Files section of this diff looks like someone is looking for a vulnerability. Any idea what’s happening here?

Since this is for the timeline text maybe it should check for array and just say “multiple images” rather than grabbing the first.

Update per last comment

I am not sure about all these changes. In particular, the changes in PhabricatorSetupIssueUIExample.php and PhabricatorSetupIssueView.php probably warrant extra scrutiny.

• Update the resources map

Maybe I have to test this against PHP 8.1

Update config description

Mozilla's fixes were quick but not in good quality for direct submission to Phorge. I have adapted or rewritten two of the changes into D25462 and D25464.

Before landing this change, I would like to know the right way to credit both the original author and my modifications with Arcanist (Q85).

Thanks!

Reword

Awesome thanks for adding details and clarification

Impressing test plan :D Tested intensively. No nuclear implosions. Yuppie yeah! ✨

Note that I cannot see Task T15663

I'm not able to find #conduit in Matrix mozilla.org homeserver btw

(It needs to be quoted just in we.phorge.it since indeed we have a Tag called Conduit :D Sorry for that)

@valerio.bozzolan If you didn't get an answer, try asking in #conduit. I didn't realize that # needs to be quoted in Remarkup. 😢

@valerio.bozzolan Upstream removed code that enforces $always_visible when $file->getIsProfileImage() is true in PhabricatorFileQuery.php, but I'm afraid that this change may break other things, so I did not apply it here, but on the other hand kept the description of "Image will be Public".

Mention upstream commit

Nice! Thanks

Maybe we can mention the upstream commit, and we can amend to set their author information.

It would be great if Mozilla's team could join forces with Phorge. Would you (the core team) contact them in #conduit on chat.mozilla.org and mozilla.slack.com?

Fix lint warnings

I have reviewed it and made some comments. On a remotely related topic, TLS handshakes are expensive and persistent connections can reduce latency and server load by reusing TLS connections, so maybe we should make it configurable outside of cluster.databases as well.

I wonder if they are aware that Phorge exists and that we are open to contributions :)

I will keep this change in my production for a while:

In D25441#12816, @aklapper wrote:

Where to find the test plan?

This seems reasonable to me. It only adds further information to logs. I suppose there are some paths that could result in showing exception on the client-side but including monogram doesn’t seem concerning/dangerous.