Page Menu
Home
Phabricator
Search
Configure Global Search
Log In
Files
F13176471
D8551.diff
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Size
13 KB
Referenced Files
None
Subscribers
None
D8551.diff
View Options
diff --git a/src/__phutil_library_map__.php b/src/__phutil_library_map__.php
--- a/src/__phutil_library_map__.php
+++ b/src/__phutil_library_map__.php
@@ -1090,6 +1090,7 @@
'PhabricatorApplicationFiles' => 'applications/files/application/PhabricatorApplicationFiles.php',
'PhabricatorApplicationFlags' => 'applications/flag/application/PhabricatorApplicationFlags.php',
'PhabricatorApplicationHarbormaster' => 'applications/harbormaster/application/PhabricatorApplicationHarbormaster.php',
+ 'PhabricatorApplicationHelp' => 'applications/help/application/PhabricatorApplicationHelp.php',
'PhabricatorApplicationHerald' => 'applications/herald/application/PhabricatorApplicationHerald.php',
'PhabricatorApplicationHome' => 'applications/home/application/PhabricatorApplicationHome.php',
'PhabricatorApplicationLaunchView' => 'applications/meta/view/PhabricatorApplicationLaunchView.php',
@@ -1129,6 +1130,7 @@
'PhabricatorApplicationSlowvote' => 'applications/slowvote/application/PhabricatorApplicationSlowvote.php',
'PhabricatorApplicationStatusView' => 'applications/meta/view/PhabricatorApplicationStatusView.php',
'PhabricatorApplicationSubscriptions' => 'applications/subscriptions/application/PhabricatorApplicationSubscriptions.php',
+ 'PhabricatorApplicationSupport' => 'applications/support/application/PhabricatorApplicationSupport.php',
'PhabricatorApplicationSystem' => 'applications/system/application/PhabricatorApplicationSystem.php',
'PhabricatorApplicationTest' => 'applications/base/controller/__tests__/PhabricatorApplicationTest.php',
'PhabricatorApplicationTokens' => 'applications/tokens/application/PhabricatorApplicationTokens.php',
@@ -1569,6 +1571,7 @@
'PhabricatorHash' => 'infrastructure/util/PhabricatorHash.php',
'PhabricatorHashTestCase' => 'infrastructure/util/__tests__/PhabricatorHashTestCase.php',
'PhabricatorHelpController' => 'applications/help/controller/PhabricatorHelpController.php',
+ 'PhabricatorHelpEditorProtocolController' => 'applications/help/controller/PhabricatorHelpEditorProtocolController.php',
'PhabricatorHelpKeyboardShortcutController' => 'applications/help/controller/PhabricatorHelpKeyboardShortcutController.php',
'PhabricatorHomeController' => 'applications/home/controller/PhabricatorHomeController.php',
'PhabricatorHomeMainController' => 'applications/home/controller/PhabricatorHomeMainController.php',
@@ -3751,6 +3754,7 @@
'PhabricatorApplicationFiles' => 'PhabricatorApplication',
'PhabricatorApplicationFlags' => 'PhabricatorApplication',
'PhabricatorApplicationHarbormaster' => 'PhabricatorApplication',
+ 'PhabricatorApplicationHelp' => 'PhabricatorApplication',
'PhabricatorApplicationHerald' => 'PhabricatorApplication',
'PhabricatorApplicationHome' => 'PhabricatorApplication',
'PhabricatorApplicationLaunchView' => 'AphrontView',
@@ -3788,6 +3792,7 @@
'PhabricatorApplicationSlowvote' => 'PhabricatorApplication',
'PhabricatorApplicationStatusView' => 'AphrontView',
'PhabricatorApplicationSubscriptions' => 'PhabricatorApplication',
+ 'PhabricatorApplicationSupport' => 'PhabricatorApplication',
'PhabricatorApplicationSystem' => 'PhabricatorApplication',
'PhabricatorApplicationTest' => 'PhabricatorApplication',
'PhabricatorApplicationTokens' => 'PhabricatorApplication',
@@ -4315,6 +4320,7 @@
'PhabricatorHarbormasterConfigOptions' => 'PhabricatorApplicationConfigOptions',
'PhabricatorHashTestCase' => 'PhabricatorTestCase',
'PhabricatorHelpController' => 'PhabricatorController',
+ 'PhabricatorHelpEditorProtocolController' => 'PhabricatorHelpController',
'PhabricatorHelpKeyboardShortcutController' => 'PhabricatorHelpController',
'PhabricatorHomeController' => 'PhabricatorController',
'PhabricatorHomeMainController' => 'PhabricatorHomeController',
diff --git a/src/aphront/configuration/AphrontDefaultApplicationConfiguration.php b/src/aphront/configuration/AphrontDefaultApplicationConfiguration.php
--- a/src/aphront/configuration/AphrontDefaultApplicationConfiguration.php
+++ b/src/aphront/configuration/AphrontDefaultApplicationConfiguration.php
@@ -23,9 +23,6 @@
'' => 'DarkConsoleController',
'data/(?P<key>[^/]+)/' => 'DarkConsoleDataController',
),
- '/help/' => array(
- 'keyboardshortcut/' => 'PhabricatorHelpKeyboardShortcutController',
- ),
);
}
diff --git a/src/applications/config/option/PhabricatorSecurityConfigOptions.php b/src/applications/config/option/PhabricatorSecurityConfigOptions.php
--- a/src/applications/config/option/PhabricatorSecurityConfigOptions.php
+++ b/src/applications/config/option/PhabricatorSecurityConfigOptions.php
@@ -12,6 +12,9 @@
}
public function getOptions() {
+ $support_href = PhabricatorEnv::getDoclink(
+ 'article/feedback.html');
+
return array(
$this->newOption('security.alternate-file-domain', 'string', null)
->setSummary(pht("Alternate domain to serve files from."))
@@ -126,6 +129,41 @@
->addExample(
'{"http": true, "https": true"}', pht('Valid Setting'))
->setLocked(true),
+ $this->newOption(
+ 'uri.allowed-editor-protocols',
+ 'set',
+ array(
+ 'http' => true,
+ 'https' => true,
+
+ // This handler is installed by Textmate.
+ 'txmt' => true,
+
+ // This handler is for MacVim.
+ 'mvim' => true,
+
+ // Unofficial handler for Vim.
+ 'vim' => true,
+
+ // Unofficial handler for Sublime.
+ 'subl' => true,
+
+ // Unofficial handler for Emacs.
+ 'emacs' => true,
+
+ // This isn't a standard handler installed by an application, but
+ // is a reasonable name for a user-installed handler.
+ 'editor' => true,
+ ))
+ ->setSummary(pht('Whitelists editor protocols for "Open in Editor".'))
+ ->setDescription(
+ pht(
+ "Users can configure a URI pattern to open files in a text ".
+ "editor. The URI must use a protocol on this whitelist.\n\n".
+ "(If you use an editor which defines a protocol not on this ".
+ "list, [[ %s | let us know ]] and we'll update the defaults.)",
+ $support_href))
+ ->setLocked(true),
$this->newOption(
'celerity.resource-hash',
'string',
diff --git a/src/applications/help/application/PhabricatorApplicationHelp.php b/src/applications/help/application/PhabricatorApplicationHelp.php
new file mode 100644
--- /dev/null
+++ b/src/applications/help/application/PhabricatorApplicationHelp.php
@@ -0,0 +1,22 @@
+<?php
+
+final class PhabricatorApplicationHelp extends PhabricatorApplication {
+
+ public function canUninstall() {
+ return false;
+ }
+
+ public function isUnlisted() {
+ return true;
+ }
+
+ public function getRoutes() {
+ return array(
+ '/help/' => array(
+ 'keyboardshortcut/' => 'PhabricatorHelpKeyboardShortcutController',
+ 'editorprotocol/' => 'PhabricatorHelpEditorProtocolController',
+ ),
+ );
+ }
+
+}
diff --git a/src/applications/help/controller/PhabricatorHelpEditorProtocolController.php b/src/applications/help/controller/PhabricatorHelpEditorProtocolController.php
new file mode 100644
--- /dev/null
+++ b/src/applications/help/controller/PhabricatorHelpEditorProtocolController.php
@@ -0,0 +1,52 @@
+<?php
+
+final class PhabricatorHelpEditorProtocolController
+ extends PhabricatorHelpController {
+
+ public function shouldAllowPublic() {
+ return true;
+ }
+
+ public function processRequest() {
+ $request = $this->getRequest();
+ $viewer = $request->getUser();
+
+ $dialog = id(new AphrontDialogView())
+ ->setUser($viewer)
+ ->setMethod('GET')
+ ->setSubmitURI('/settings/panel/display/')
+ ->setTitle(pht('Unsupported Editor Protocol'))
+ ->appendParagraph(
+ pht(
+ 'Your configured editor URI uses an unsupported protocol. Change '.
+ 'your settings to use a supported protocol, or ask your '.
+ 'administrator to add support for the chosen protocol by '.
+ 'configuring: %s',
+ phutil_tag('tt', array(), 'uri.allowed-editor-protocols')))
+ ->addSubmitButton(pht('Change Settings'))
+ ->addCancelButton('/');
+
+ return id(new AphrontDialogResponse())
+ ->setDialog($dialog);
+ }
+
+ public static function hasAllowedProtocol($uri) {
+ $uri = new PhutilURI($uri);
+ $editor_protocol = $uri->getProtocol();
+ if (!$editor_protocol) {
+ // The URI must have a protocol.
+ return false;
+ }
+
+ $allowed_key = 'uri.allowed-editor-protocols';
+ $allowed_protocols = PhabricatorEnv::getEnvConfig($allowed_key);
+ if (empty($allowed_protocols[$editor_protocol])) {
+ // The protocol must be on the allowed protocol whitelist.
+ return false;
+ }
+
+ return true;
+ }
+
+
+}
diff --git a/src/applications/people/storage/PhabricatorUser.php b/src/applications/people/storage/PhabricatorUser.php
--- a/src/applications/people/storage/PhabricatorUser.php
+++ b/src/applications/people/storage/PhabricatorUser.php
@@ -441,14 +441,26 @@
}
}
- if ($editor) {
- return strtr($editor, array(
- '%%' => '%',
- '%f' => phutil_escape_uri($path),
- '%l' => phutil_escape_uri($line),
- '%r' => phutil_escape_uri($callsign),
- ));
+ if (!strlen($editor)) {
+ return null;
}
+
+ $uri = strtr($editor, array(
+ '%%' => '%',
+ '%f' => phutil_escape_uri($path),
+ '%l' => phutil_escape_uri($line),
+ '%r' => phutil_escape_uri($callsign),
+ ));
+
+ // The resulting URI must have an allowed protocol. Otherwise, we'll return
+ // a link to an error page explaining the misconfiguration.
+
+ $ok = PhabricatorHelpEditorProtocolController::hasAllowedProtocol($uri);
+ if (!$ok) {
+ return '/help/editorprotocol/';
+ }
+
+ return (string)$uri;
}
public function getAlternateCSRFString() {
diff --git a/src/applications/settings/panel/PhabricatorSettingsPanelDisplayPreferences.php b/src/applications/settings/panel/PhabricatorSettingsPanelDisplayPreferences.php
--- a/src/applications/settings/panel/PhabricatorSettingsPanelDisplayPreferences.php
+++ b/src/applications/settings/panel/PhabricatorSettingsPanelDisplayPreferences.php
@@ -26,6 +26,8 @@
$pref_monospaced_textareas =
PhabricatorUserPreferences::PREFERENCE_MONOSPACED_TEXTAREAS;
+ $errors = array();
+ $e_editor = null;
if ($request->isFormPost()) {
$monospaced = $request->getStr($pref_monospaced);
@@ -42,9 +44,35 @@
$pref_monospaced_textareas,
$request->getStr($pref_monospaced_textareas));
- $preferences->save();
- return id(new AphrontRedirectResponse())
- ->setURI($this->getPanelURI('?saved=true'));
+ $editor_pattern = $preferences->getPreference($pref_editor);
+ if (strlen($editor_pattern)) {
+ $ok = PhabricatorHelpEditorProtocolController::hasAllowedProtocol(
+ $editor_pattern);
+ if (!$ok) {
+ $allowed_key = 'uri.allowed-editor-protocols';
+ $allowed_protocols = PhabricatorEnv::getEnvConfig($allowed_key);
+
+ $proto_names = array();
+ foreach (array_keys($allowed_protocols) as $protocol) {
+ $proto_names[] = $protocol.'://';
+ }
+
+ $errors[] = pht(
+ 'Editor link has an invalid or missing protocol. You must '.
+ 'use a whitelisted editor protocol from this list: %s. To '.
+ 'add protocols, update %s.',
+ implode(', ', $proto_names),
+ phutil_tag('tt', array(), $allowed_key));
+
+ $e_editor = pht('Invalid');
+ }
+ }
+
+ if (!$errors) {
+ $preferences->save();
+ return id(new AphrontRedirectResponse())
+ ->setURI($this->getPanelURI('?saved=true'));
+ }
}
$example_string = <<<EXAMPLE
@@ -95,8 +123,8 @@
id(new AphrontFormTextControl())
->setLabel(pht('Editor Link'))
->setName($pref_editor)
- // How to pht()
->setCaption($editor_instructions)
+ ->setError($e_editor)
->setValue($preferences->getPreference($pref_editor)))
->appendChild(
id(new AphrontFormSelectControl())
@@ -139,6 +167,7 @@
$form_box = id(new PHUIObjectBoxView())
->setHeaderText(pht('Display Preferences'))
+ ->setFormErrors($errors)
->setFormSaved($request->getStr('saved') === 'true')
->setForm($form);
diff --git a/src/applications/support/application/PhabricatorApplicationSupport.php b/src/applications/support/application/PhabricatorApplicationSupport.php
new file mode 100644
--- /dev/null
+++ b/src/applications/support/application/PhabricatorApplicationSupport.php
@@ -0,0 +1,21 @@
+<?php
+
+final class PhabricatorApplicationSupport extends PhabricatorApplication {
+
+ public function canUninstall() {
+ return false;
+ }
+
+ public function isUnlisted() {
+ return true;
+ }
+
+ public function getRoutes() {
+ return array(
+ '/help/' => array(
+ 'keyboardshortcut/' => 'PhabricatorHelpKeyboardShortcutController',
+ ),
+ );
+ }
+
+}
File Metadata
Details
Attached
Mime Type
text/plain
Expires
Thu, May 9, 2:15 PM (3 w, 5 h ago)
Storage Engine
blob
Storage Format
Encrypted (AES-256-CBC)
Storage Handle
6274966
Default Alt Text
D8551.diff (13 KB)
Attached To
Mode
D8551: Whitelist allowed editor protocols
Attached
Detach File
Event Timeline
Log In to Comment