Page MenuHomePhorge

AphlictProject
ActivePublic

Members

  • This project does not have any members.
  • View All

Watchers

  • This project does not have any watchers.
  • View All

Recent Activity

Thu, May 1

avivey updated the post content for Blog Post: DoS attack against Aphlict.
Thu, May 1, 19:02 · Aphlict
avivey added a comment to T16047: Handle security issues in Aphlict.

Re "implement in php" - AFAICT, there's no built-in support for websockets in php, but I found at least 2 pure-php implementations out there that might work.

Thu, May 1, 18:57 · Aphlict, Security
avivey updated the task description for T16047: Handle security issues in Aphlict.
Thu, May 1, 18:56 · Aphlict, Security
avivey created T16047: Handle security issues in Aphlict.
Thu, May 1, 18:54 · Aphlict, Security
avivey updated the post content for Blog Post: DoS attack against Aphlict.
Thu, May 1, 18:43 · Aphlict
valerio.bozzolan added a comment to Blog Post: DoS attack against Aphlict.

Thanks. We can update the "We didn't yet release a fix on Phorge" and the "We'll release" since D25967 it's now fixed in master 👍

Thu, May 1, 18:27 · Aphlict
avivey added a comment to Blog Post: DoS attack against Aphlict.
In J6#66, @Cigaryno wrote:

Thanks for this! Is this any related to the security vulnerability warning I got with npm install last month, which prompted me to run npm audit fix?

Thu, May 1, 16:26 · Aphlict
Cigaryno added a comment to Blog Post: DoS attack against Aphlict.

Thanks for this! Is this any related to the security vulnerability warning I got with npm install last month, which prompted me to run npm audit fix?

Thu, May 1, 14:51 · Aphlict
aklapper closed T16037: Bump ws npm package for Aphlict as Resolved by committing rPde2b53638299: Aphlict: Bump NodeJS package ws from 7.5.0 to 7.5.10.
Thu, May 1, 10:38 · Security, Aphlict
avivey created Blog Post: DoS attack against Aphlict.
Thu, May 1, 08:04 · Aphlict
avivey triaged T16037: Bump ws npm package for Aphlict as High priority.

Possible ways to reduce risk for future issues:

  • add a Setup Check that runs npm audit
  • remove node, use php-based websocket implementation
Thu, May 1, 07:49 · Security, Aphlict

Tue, Apr 29

valerio.bozzolan added a project to T16037: Bump ws npm package for Aphlict: Security.
Tue, Apr 29, 21:11 · Security, Aphlict

Mon, Apr 28

valerio.bozzolan added a comment to T16037: Bump ws npm package for Aphlict.

Relevant report:

Mon, Apr 28, 08:01 · Security, Aphlict

Tue, Apr 22

connorgurney added a comment to T16040: Regression: Sending a message in Conpherence rooms opens dialog to edit room.

This project is now abandonware without you. 😆

Tue, Apr 22, 15:31 · UX, Bug Reports, Aphlict, Conpherence
valerio.bozzolan added a comment to T16040: Regression: Sending a message in Conpherence rooms opens dialog to edit room.

Gents, you’re both nothing short of geniuses

Tue, Apr 22, 15:20 · UX, Bug Reports, Aphlict, Conpherence
connorgurney added a comment to T16040: Regression: Sending a message in Conpherence rooms opens dialog to edit room.

Gents, you’re both nothing short of geniuses—fixed before I’d even blinked! Thanks. Will look at fixing it permanently in T15513.

Tue, Apr 22, 14:16 · UX, Bug Reports, Aphlict, Conpherence
aklapper closed T16040: Regression: Sending a message in Conpherence rooms opens dialog to edit room as Resolved by committing rPcadc00d744eb: Revert "Fix editing Conpherence rooms on mobile".
Tue, Apr 22, 13:16 · UX, Bug Reports, Aphlict, Conpherence
aklapper added a revision to T16040: Regression: Sending a message in Conpherence rooms opens dialog to edit room: D25969: Revert "Fix editing Conpherence rooms on mobile".
Tue, Apr 22, 12:55 · UX, Bug Reports, Aphlict, Conpherence
aklapper renamed T16040: Regression: Sending a message in Conpherence rooms opens dialog to edit room from Fix bug with inability to take actions in Conpherence rooms as dialog to edit room appears instead to Regression: Sending a message in Conpherence rooms opens dialog to edit room.
Tue, Apr 22, 12:55 · UX, Bug Reports, Aphlict, Conpherence
aklapper added a comment to T16040: Regression: Sending a message in Conpherence rooms opens dialog to edit room.

I can reproduce, looks like the change in src/applications/conpherence/controller/ConpherenceViewController.php is the culprit.
No clue what's a correct fix, thus proposing to revert the entire commit.

Tue, Apr 22, 12:54 · UX, Bug Reports, Aphlict, Conpherence
valerio.bozzolan added a comment to T16040: Regression: Sending a message in Conpherence rooms opens dialog to edit room.

Eventually please try reverting this change in your local copy:

Tue, Apr 22, 12:32 · UX, Bug Reports, Aphlict, Conpherence
valerio.bozzolan added a comment to T16040: Regression: Sending a message in Conpherence rooms opens dialog to edit room.

Tip: activate DarkConsole and check requests there 👍

Tue, Apr 22, 12:29 · UX, Bug Reports, Aphlict, Conpherence
connorgurney renamed T16040: Regression: Sending a message in Conpherence rooms opens dialog to edit room from Fix bug with inability to take actions in Conpherence rooms as modal to edit room appears instead to Fix bug with inability to take actions in Conpherence rooms as dialog to edit room appears instead.
Tue, Apr 22, 01:31 · UX, Bug Reports, Aphlict, Conpherence
connorgurney added a comment to T16040: Regression: Sending a message in Conpherence rooms opens dialog to edit room.

From checking the network requests when I load an unrelated page and the modal appears, I can see a POST request to /conpherence/edit/1/ which returns the modal. I've attached both the request and the response, with light redactions, to P48 and P49.

Tue, Apr 22, 01:30 · UX, Bug Reports, Aphlict, Conpherence
connorgurney created P49 HTTP response for dialog to edit Conpherence room in T16040.
Tue, Apr 22, 01:29 · UX, Bug Reports, Aphlict, Conpherence
connorgurney created P48 HTTP request for modal to edit Conpherence room in T16040.
Tue, Apr 22, 01:27 · UX, Bug Reports, Aphlict, Conpherence
connorgurney updated the task description for T16040: Regression: Sending a message in Conpherence rooms opens dialog to edit room.
Tue, Apr 22, 01:07 · UX, Bug Reports, Aphlict, Conpherence
connorgurney claimed T16040: Regression: Sending a message in Conpherence rooms opens dialog to edit room.
Tue, Apr 22, 01:06 · UX, Bug Reports, Aphlict, Conpherence
connorgurney created T16040: Regression: Sending a message in Conpherence rooms opens dialog to edit room.
Tue, Apr 22, 01:05 · UX, Bug Reports, Aphlict, Conpherence

Mon, Apr 21

pppery added a project to T16037: Bump ws npm package for Aphlict: Aphlict.
Mon, Apr 21, 22:37 · Security, Aphlict

Jul 24 2023

avivey closed T15502: Aphlict expects Phorge to be installed in a directory called "phabricator" as Resolved by committing rPbf025c5fb491: Aphlict - search for default config in the right place.
Jul 24 2023, 07:42 · Bug Reports, Aphlict

Jul 10 2023

avivey added a revision to T15502: Aphlict expects Phorge to be installed in a directory called "phabricator": D25344: Aphlict - search for default config in the right place.
Jul 10 2023, 20:56 · Bug Reports, Aphlict

Jun 29 2023

Cigaryno added a project to T15502: Aphlict expects Phorge to be installed in a directory called "phabricator": Bug Reports.
Jun 29 2023, 10:49 · Bug Reports, Aphlict

Jun 26 2023

valerio.bozzolan added a parent task for T15502: Aphlict expects Phorge to be installed in a directory called "phabricator": T15006: Re-brand Phorge.
Jun 26 2023, 19:38 · Bug Reports, Aphlict
valerio.bozzolan triaged T15502: Aphlict expects Phorge to be installed in a directory called "phabricator" as Normal priority.
Jun 26 2023, 19:38 · Bug Reports, Aphlict

Jun 29 2021

Ekubischta closed T15021: Exclude the Aphlict package-lock.json from linting rule, a subtask of T15019: Make Aphlict a node package, as Resolved.
Jun 29 2021, 02:45 · Aphlict
Ekubischta closed T15021: Exclude the Aphlict package-lock.json from linting rule as Resolved.
Jun 29 2021, 02:45 · Aphlict

Jun 25 2021

Ekubischta added a comment to T15021: Exclude the Aphlict package-lock.json from linting rule.

D25012 solves it, but I wonder if we should just exclude it from the "type": "text" linters

Jun 25 2021, 22:27 · Aphlict
Ekubischta added a revision to T15021: Exclude the Aphlict package-lock.json from linting rule: D25012: Updated .arclint in Phorge to exclude package-lock.json from Aphlict setup.
Jun 25 2021, 22:24 · Aphlict
Ekubischta claimed T15021: Exclude the Aphlict package-lock.json from linting rule.
Jun 25 2021, 22:18 · Aphlict
avivey added a comment to T15021: Exclude the Aphlict package-lock.json from linting rule.

ahh, there's a global setting for revisions - differential.generated-paths.

Jun 25 2021, 18:56 · Aphlict
avivey added a comment to T15021: Exclude the Aphlict package-lock.json from linting rule.

I was thinking of ArcanistGeneratedLinter.php, but it looks like the only way to mark a file is by adding @generated in it, and I think we can't do that?
I thought there was another way, because this also applies to revisions (it folds the file by default).

Jun 25 2021, 18:55 · Aphlict
Ekubischta added a comment to T15021: Exclude the Aphlict package-lock.json from linting rule.
In T15021#564, @avivey wrote:

There might be a way to explicitly define it as generated, which (used to) exclude it from lint.

Jun 25 2021, 18:49 · Aphlict

Jun 21 2021

avivey added a comment to T15021: Exclude the Aphlict package-lock.json from linting rule.

There might be a way to explicitly define it as generated, which (used to) exclude it from lint.

Jun 21 2021, 17:33 · Aphlict
Ekubischta updated the task description for T15021: Exclude the Aphlict package-lock.json from linting rule.
Jun 21 2021, 14:28 · Aphlict
Ekubischta updated the task description for T15021: Exclude the Aphlict package-lock.json from linting rule.
Jun 21 2021, 14:27 · Aphlict
Ekubischta created T15021: Exclude the Aphlict package-lock.json from linting rule.
Jun 21 2021, 14:26 · Aphlict
deadalnix closed T15019: Make Aphlict a node package as Resolved.

I see that this has been added to the changelog already here: https://we.phorge.it/w/changelog/2021.25/ . Fantastic!

Jun 21 2021, 11:43 · Aphlict
deadalnix added a comment to T15019: Make Aphlict a node package.

I landed the code, but leaving the task open because we need to add a release note whenever we know where they go.

Jun 21 2021, 11:39 · Aphlict

Jun 20 2021

Matthew added a revision to T15019: Make Aphlict a node package: D25006: Add package.json for aphlict.
Jun 20 2021, 23:48 · Aphlict