Page MenuHomePhorge
Feed All Stories

Tue, Dec 10

valerio.bozzolan added a comment to T15074: Hide profile pictures and descriptions of disabled users.

(I cannot edit this task lol - I would like to add Spam mitigation tag to keep an additional eye on these nice things)

Tue, Dec 10, 13:55 · Spam mitigation, Security
valerio.bozzolan added a project to T15705: Lower the search ranking of disabled user accounts: Spam mitigation.
Tue, Dec 10, 13:54 · Spam mitigation, UX
valerio.bozzolan added a project to T15965: Repository Identity "Automatically Detected User": it reads unverified emails, with spam concerns: Spam mitigation.
Tue, Dec 10, 13:54 · Spam mitigation, Diffusion, Security
valerio.bozzolan created Spam mitigation.
Tue, Dec 10, 13:53
aklapper added a comment to D25775: Do not re-subscribe @mentions when editing task description.

More understanding on the root cause is needed. Probably the root cause is "just" that getOldValue() returns an empty string. In that case we should probably at least understand what object is that (sub-class of PhabricatorTransactionRemarkupChange?) and we probably we need something like a generateOldValue() or something similar.

Tue, Dec 10, 11:59 · Maniphest
aklapper updated the summary of D25774: Strike through archived projects in navigation crumbs.
Tue, Dec 10, 11:11 · Projects
aklapper accepted D25846: Fix Diffusion commands in non-English environments.

After installing subversion and setting LC_ALL instead of LANG I can finally reproduce on a Fedora 40 system:

Tue, Dec 10, 09:52
aklapper updated the test plan for D25846: Fix Diffusion commands in non-English environments.
Tue, Dec 10, 09:46
aklapper requested changes to D25850: Allow customizing default Phurl view and edit policies.

Oh true, got it. Have to replace PhabricatorPolicyCapability::POLICY_ADMIN, with 'capability' => PhabricatorPolicies::POLICY_ADMIN, here

Tue, Dec 10, 09:31
aklapper updated the test plan for D25850: Allow customizing default Phurl view and edit policies.
Tue, Dec 10, 09:30
aklapper added inline comments to D25850: Allow customizing default Phurl view and edit policies.
Tue, Dec 10, 09:24
valerio.bozzolan added inline comments to D25850: Allow customizing default Phurl view and edit policies.
Tue, Dec 10, 09:22

Dec 9 2024

mturdus closed T15920: Make table of contents visible when using wide screens as Resolved by committing rP9448e815721c: Show table of contents by default on wide screens.
Dec 9 2024, 17:33 · UX, Feature Requests
mturdus closed D25790: Show table of contents by default on wide screens.
Dec 9 2024, 17:33
mturdus committed rP9448e815721c: Show table of contents by default on wide screens.
Show table of contents by default on wide screens
Dec 9 2024, 17:33
taavi added a comment to D25850: Allow customizing default Phurl view and edit policies.

What happens to already-existing URLs? Maybe nice to mention in the test plan

Dec 9 2024, 17:24
taavi updated the test plan for D25850: Allow customizing default Phurl view and edit policies.
Dec 9 2024, 17:23
valerio.bozzolan added a comment to T15972: Add config option for maximum file size.

We can also ship this feature in two phases, so, first, adding the option files.maximum-file-size, and then the second one when it's ready or requested lol

Dec 9 2024, 16:03 · Config, Discussion Needed, Files
BlankEclair added a comment to T15972: Add config option for maximum file size.

Yeah, I agree, though I would then only work on implementing files.maximum-file-size because we don't really care that much about adding exceptions to the rule (as far as I know lol)

Dec 9 2024, 14:16 · Config, Discussion Needed, Files
valerio.bozzolan planned changes to D25847: Fix regression in Remarkup unit tests and harden.
Dec 9 2024, 13:34 · Remarkup
valerio.bozzolan updated the diff for D25847: Fix regression in Remarkup unit tests and harden.

last change promise lol

Dec 9 2024, 11:55 · Remarkup
valerio.bozzolan added inline comments to D25847: Fix regression in Remarkup unit tests and harden.
Dec 9 2024, 11:42 · Remarkup
valerio.bozzolan retitled D25847: Fix regression in Remarkup unit tests and harden from Fix regression in Remarkup unit tests
Dec 9 2024, 11:42 · Remarkup
valerio.bozzolan added a revision to T15974: Do not consider emails and custom protocols as internal links: D25847: Fix regression in Remarkup unit tests and harden.
Dec 9 2024, 11:42 · User-valerio.bozzolan, Remarkup
valerio.bozzolan updated the diff for D25847: Fix regression in Remarkup unit tests and harden.

arc unit

Dec 9 2024, 11:42 · Remarkup
valerio.bozzolan updated the diff for D25847: Fix regression in Remarkup unit tests and harden.

harden

Dec 9 2024, 11:36 · Remarkup
valerio.bozzolan updated the diff for D25847: Fix regression in Remarkup unit tests and harden.

\o/

Dec 9 2024, 11:21 · Remarkup
valerio.bozzolan removed a revision from T15974: Do not consider emails and custom protocols as internal links: D25847: Fix regression in Remarkup unit tests and harden.
Dec 9 2024, 11:21 · User-valerio.bozzolan, Remarkup
valerio.bozzolan added a revision to T15974: Do not consider emails and custom protocols as internal links: D25847: Fix regression in Remarkup unit tests and harden.
Dec 9 2024, 11:21 · User-valerio.bozzolan, Remarkup
valerio.bozzolan retitled D25847: Fix regression in Remarkup unit tests and harden from Fix regression in Remarkup unit tests
Dec 9 2024, 11:21 · Remarkup
valerio.bozzolan created T15974: Do not consider emails and custom protocols as internal links.
Dec 9 2024, 11:10 · User-valerio.bozzolan, Remarkup
aklapper closed T15969: Hovercards "RuntimeException: Undefined index: objectPHID" when passing bogus data as Resolved by committing rPa5384ca60470: Hovercards: Avoid "Undefined index: objectPHID" when passing bogus data.
Dec 9 2024, 11:00
aklapper committed rPa5384ca60470: Hovercards: Avoid "Undefined index: objectPHID" when passing bogus data.
Hovercards: Avoid "Undefined index: objectPHID" when passing bogus data
Dec 9 2024, 11:00
aklapper closed D25849: Hovercards: Avoid "Undefined index: objectPHID" when passing bogus data.
Dec 9 2024, 11:00
valerio.bozzolan planned changes to D25847: Fix regression in Remarkup unit tests and harden.
Dec 9 2024, 09:52 · Remarkup
valerio.bozzolan retitled D25847: Fix regression in Remarkup unit tests and harden from Fix unit test PhutilPygmentizeParserTestCase to Fix regression in Remarkup unit tests.
Dec 9 2024, 09:52 · Remarkup
valerio.bozzolan added a revision to T15973: Fix unit test PhutilRemarkupEngineTestCase: D25847: Fix regression in Remarkup unit tests and harden.
Dec 9 2024, 09:52 · Bug Reports, User-valerio.bozzolan, Remarkup
valerio.bozzolan updated the diff for D25847: Fix regression in Remarkup unit tests and harden.

also tried to fix PhutilRemarkupEngineTestCase

Dec 9 2024, 09:51 · Remarkup
valerio.bozzolan planned changes to D25847: Fix regression in Remarkup unit tests and harden.

but fails in link-edge-cases.txt now (thus it's likely not complete):

Dec 9 2024, 09:44 · Remarkup
valerio.bozzolan created T15973: Fix unit test PhutilRemarkupEngineTestCase.
Dec 9 2024, 09:43 · Bug Reports, User-valerio.bozzolan, Remarkup
valerio.bozzolan accepted D25849: Hovercards: Avoid "Undefined index: objectPHID" when passing bogus data.

Double slam-accept

Dec 9 2024, 09:01
valerio.bozzolan retitled D25845: Repository Identity "Automatically Detected User": don't trust unverified emails from Repository Identity: don't trust unverified emails
Dec 9 2024, 08:57
valerio.bozzolan renamed T15965: Repository Identity "Automatically Detected User": it reads unverified emails, with spam concerns from Repository Identity: it reads unverified emails, with spam concerns to Repository Identity "Automatically Detected User": it reads unverified emails, with spam concerns.
Dec 9 2024, 08:56 · Spam mitigation, Diffusion, Security
valerio.bozzolan added a comment to T15972: Add config option for maximum file size.

Uh, that would be so good. So you can say "When the moon is full".

Dec 9 2024, 08:36 · Config, Discussion Needed, Files
avivey added a comment to T15972: Add config option for maximum file size.

Sounds reasonable.

Dec 9 2024, 08:12 · Config, Discussion Needed, Files
valerio.bozzolan added a comment to T15965: Repository Identity "Automatically Detected User": it reads unverified emails, with spam concerns.

Take for example this commit that has a default (empty) identity:

Dec 9 2024, 08:04 · Spam mitigation, Diffusion, Security
avivey added a comment to T15965: Repository Identity "Automatically Detected User": it reads unverified emails, with spam concerns.

"Steal credit" might actually lead to a real issue: If a new user can get themselves identified as an old, trusted, user based on commit history, their changes might not be checked as rigorously by the rest of the team - similar to the XZ Utils backdoor issue, only faster.

Dec 9 2024, 07:56 · Spam mitigation, Diffusion, Security
valerio.bozzolan added a comment to T15965: Repository Identity "Automatically Detected User": it reads unverified emails, with spam concerns.

Limitation: to steal a commit identity, it must be the default. Sorry I forgot to say.

Dec 9 2024, 07:33 · Spam mitigation, Diffusion, Security

Dec 8 2024

valerio.bozzolan added a comment to T15965: Repository Identity "Automatically Detected User": it reads unverified emails, with spam concerns.
In T15965#20052, @speck wrote:

What can a malicious user accomplish by claiming unverified email for commits?

Dec 8 2024, 18:25 · Spam mitigation, Diffusion, Security
valerio.bozzolan added a project to T15972: Add config option for maximum file size: Discussion Needed.

I like your option names. I like to specify PHIDs and not numeric IDs so it's more portable against import/exports 👍 Let's add Discussion Needed to attract some +1 or nice suggestions.

Dec 8 2024, 18:11 · Config, Discussion Needed, Files
valerio.bozzolan added a comment to D25850: Allow customizing default Phurl view and edit policies.

What happens to already-existing URLs? Maybe nice to mention in the test plan

Dec 8 2024, 17:17
BlankEclair created T15972: Add config option for maximum file size.
Dec 8 2024, 12:43 · Config, Discussion Needed, Files
taavi closed D25851: docs: Remove extra 'B' from PHP config value.
Dec 8 2024, 12:21
taavi committed rPe5d7c9aa4e0b: docs: Remove extra 'B' from PHP config value.
docs: Remove extra 'B' from PHP config value
Dec 8 2024, 12:21
avivey accepted D25851: docs: Remove extra 'B' from PHP config value.
Dec 8 2024, 12:19
taavi requested review of D25851: docs: Remove extra 'B' from PHP config value.
Dec 8 2024, 11:31
taavi created T15971: Protect against duplicate form submission.
Dec 8 2024, 11:03 · Feature Requests
taavi added inline comments to D25850: Allow customizing default Phurl view and edit policies.
Dec 8 2024, 10:42
taavi updated the diff for D25850: Allow customizing default Phurl view and edit policies.

Fix my local unit test config

Dec 8 2024, 10:40
taavi requested review of D25850: Allow customizing default Phurl view and edit policies.
Dec 8 2024, 10:37
taavi added a revision to T15970: phurl: Allow setting default edit policy for URLs: D25850: Allow customizing default Phurl view and edit policies.
Dec 8 2024, 10:37 · Policy, Feature Requests
valerio.bozzolan added a project to T15970: phurl: Allow setting default edit policy for URLs: Policy.

Thanks. I see, from this page is not possible:

Dec 8 2024, 09:49 · Policy, Feature Requests

Dec 7 2024

speck added a comment to T15965: Repository Identity "Automatically Detected User": it reads unverified emails, with spam concerns.

What can a malicious user accomplish by claiming unverified email for commits? The idea outlined here sounds right but I’d like to understand what potential harm could be done on its current state, and also whether there’s any legitimate use case for the current behavior.

Dec 7 2024, 16:10 · Spam mitigation, Diffusion, Security
taavi created T15970: phurl: Allow setting default edit policy for URLs.
Dec 7 2024, 11:26 · Policy, Feature Requests

Dec 6 2024

aklapper closed T15968: Unit test PhabricatorAuthInviteTestCase::testDuplicateInvite fails, a subtask of T15064: Make Phorge compatible with PHP 8.1/8.2/8.3/8.4, as Resolved.
Dec 6 2024, 12:17 · PHP 8 support
aklapper closed D25848: Fix PhabricatorAuthInviteTestCase::testDuplicateInvite unit test.
Dec 6 2024, 12:17
aklapper closed T15968: Unit test PhabricatorAuthInviteTestCase::testDuplicateInvite fails as Resolved by committing rARCabda70208340: Fix PhabricatorAuthInviteTestCase::testDuplicateInvite unit test.
Dec 6 2024, 12:17 · PHP 8 support
aklapper committed rARCabda70208340: Fix PhabricatorAuthInviteTestCase::testDuplicateInvite unit test.
Fix PhabricatorAuthInviteTestCase::testDuplicateInvite unit test
Dec 6 2024, 12:17
valerio.bozzolan closed D25844: Add first unit test for mimemailparser headers.
Dec 6 2024, 12:13
valerio.bozzolan committed rP9d3e25885335: Add first unit test for mimemailparser headers.
Add first unit test for mimemailparser headers
Dec 6 2024, 12:12
valerio.bozzolan accepted D25848: Fix PhabricatorAuthInviteTestCase::testDuplicateInvite unit test.

Double slam-accept

Dec 6 2024, 12:12
aklapper updated the diff for D25849: Hovercards: Avoid "Undefined index: objectPHID" when passing bogus data.

Right... one day I may get used to all those Phorge shortcuts, thanks

Dec 6 2024, 11:58
aklapper updated the diff for D25848: Fix PhabricatorAuthInviteTestCase::testDuplicateInvite unit test.

Oops, no for real

Dec 6 2024, 11:49
aklapper updated the diff for D25848: Fix PhabricatorAuthInviteTestCase::testDuplicateInvite unit test.

Uhm, right, heh

Dec 6 2024, 11:48

Dec 5 2024

valerio.bozzolan accepted D25849: Hovercards: Avoid "Undefined index: objectPHID" when passing bogus data.

...like line 105 :)

Dec 5 2024, 22:57
valerio.bozzolan added a comment to D25849: Hovercards: Avoid "Undefined index: objectPHID" when passing bogus data.

Thaaanks - If I'm not wrong we can = idx($card, 'objectPHID');

Dec 5 2024, 22:40
aklapper added a revision to T15969: Hovercards "RuntimeException: Undefined index: objectPHID" when passing bogus data: D25849: Hovercards: Avoid "Undefined index: objectPHID" when passing bogus data.
Dec 5 2024, 22:38
aklapper requested review of D25849: Hovercards: Avoid "Undefined index: objectPHID" when passing bogus data.
Dec 5 2024, 22:38
aklapper created T15969: Hovercards "RuntimeException: Undefined index: objectPHID" when passing bogus data.
Dec 5 2024, 22:28
valerio.bozzolan accepted D25848: Fix PhabricatorAuthInviteTestCase::testDuplicateInvite unit test.

lgtm

Dec 5 2024, 22:07
aklapper added a revision to T15968: Unit test PhabricatorAuthInviteTestCase::testDuplicateInvite fails: D25848: Fix PhabricatorAuthInviteTestCase::testDuplicateInvite unit test.
Dec 5 2024, 18:04 · PHP 8 support
aklapper requested review of D25848: Fix PhabricatorAuthInviteTestCase::testDuplicateInvite unit test.
Dec 5 2024, 18:04
pppery closed D25838: Rewrite regex for project names to be not prone to catastrophic backtracking.
Dec 5 2024, 17:40
pppery closed T15371: RuntimeException in preg_replace_callback: Text disappears due to catastrophic backtracking regex in Remarkup parsing as Resolved by committing rP9c73d62c4466: Rewrite regex for project names to be not prone to catastrophic backtracking.
Dec 5 2024, 17:40 · Bug Reports, Remarkup, Affects-Wikimedia
pppery committed rP9c73d62c4466: Rewrite regex for project names to be not prone to catastrophic backtracking.
Rewrite regex for project names to be not prone to catastrophic backtracking
Dec 5 2024, 17:40
pppery updated the diff for D25838: Rewrite regex for project names to be not prone to catastrophic backtracking.

Rebase

Dec 5 2024, 17:39
aklapper accepted D25847: Fix regression in Remarkup unit tests and harden.

I applied this patch locally on top of git master and output does not complain anymore about 'link-brackets.txt' (thus it's correct) but fails in link-edge-cases.txt now (thus it's likely not complete):

Dec 5 2024, 17:38 · Remarkup
aklapper created T15968: Unit test PhabricatorAuthInviteTestCase::testDuplicateInvite fails.
Dec 5 2024, 17:25 · PHP 8 support
valerio.bozzolan added a revision to T15967: Fix unit test PhutilPygmentizeParserTestCase: D25847: Fix regression in Remarkup unit tests and harden.
Dec 5 2024, 15:52 · Bug Reports, User-valerio.bozzolan, Remarkup
valerio.bozzolan requested review of D25847: Fix regression in Remarkup unit tests and harden.
Dec 5 2024, 15:52 · Remarkup
valerio.bozzolan updated the task description for T15967: Fix unit test PhutilPygmentizeParserTestCase.
Dec 5 2024, 15:50 · Bug Reports, User-valerio.bozzolan, Remarkup
valerio.bozzolan created T15967: Fix unit test PhutilPygmentizeParserTestCase.
Dec 5 2024, 15:48 · Bug Reports, User-valerio.bozzolan, Remarkup
valerio.bozzolan moved T15966: Fix unit test PhabricatorChangeParserTestCase::testSubversionPartialParser for non-English terminals from Backlog to PingDeath 🌚 on the User-valerio.bozzolan board.
Dec 5 2024, 15:44 · Bug Reports, User-valerio.bozzolan, Diffusion
valerio.bozzolan added a revision to T15966: Fix unit test PhabricatorChangeParserTestCase::testSubversionPartialParser for non-English terminals: D25846: Fix Diffusion commands in non-English environments.
Dec 5 2024, 15:43 · Bug Reports, User-valerio.bozzolan, Diffusion
valerio.bozzolan requested review of D25846: Fix Diffusion commands in non-English environments.
Dec 5 2024, 15:43
valerio.bozzolan updated the diff for D25845: Repository Identity "Automatically Detected User": don't trust unverified emails.

run unit test

Dec 5 2024, 15:35
valerio.bozzolan created T15966: Fix unit test PhabricatorChangeParserTestCase::testSubversionPartialParser for non-English terminals.
Dec 5 2024, 15:34 · Bug Reports, User-valerio.bozzolan, Diffusion
valerio.bozzolan claimed T15965: Repository Identity "Automatically Detected User": it reads unverified emails, with spam concerns.
Dec 5 2024, 10:09 · Spam mitigation, Diffusion, Security
valerio.bozzolan changed the visibility for D25845: Repository Identity "Automatically Detected User": don't trust unverified emails.
Dec 5 2024, 10:02
valerio.bozzolan updated subscribers of T15965: Repository Identity "Automatically Detected User": it reads unverified emails, with spam concerns.

Adding @aklapper as subscriber in this security issue since I trust this user (unclear if this should be flagged as security thought, feel free to open)

Dec 5 2024, 10:01 · Spam mitigation, Diffusion, Security