Page MenuHomePhabricator
Differential D20430 Diff 48732 src/applications/config/option/PhabricatorSecurityConfigOptions.php

Changeset View

Standalone View

View Options

src/applications/config/option/PhabricatorSecurityConfigOptions.php

Show First 20 LinesShow All 157 Lines▼ Show 20 Lines return array(
'uri.allowed-protocols', 'uri.allowed-protocols',
'set', 'set',
array( array(
'http' => true, 'http' => true,
'https' => true, 'https' => true,
'mailto' => true, 'mailto' => true,
)) ))
->setSummary( ->setSummary(
pht('Determines which URI protocols are auto-linked.')) pht(
'Determines which URI protocols are valid for links and '.
'redirects.'))
->setDescription( ->setDescription(
pht( pht(
"When users write comments which have URIs, they'll be ". 'When users write comments which have URIs, they will be '.
"automatically linked if the protocol appears in this set. This ". 'automatically turned into clickable links if the URI protocol '.
"whitelist is primarily to prevent security issues like ". 'appears in this set.'.
"%s URIs.", "\n\n".
'javascript://')) 'This set of allowed protocols is primarily intended to prevent '.
'security issues with "javascript:" and other potentially '.
'dangerous URI handlers.'.
"\n\n".
aviveyUnsubmitted
Not Done
Inline Actions

maybe pht should know %n for newline?

avivey: maybe `pht` should know `%n` for newline?
epriestleyAuthorUnsubmitted
Done
Inline Actions

Currently, pht() resolves more or less as an unmodified sprintf(), and PHP sprintf() doesn't know "%n", so we'd have to do at least a bit more mangling than we currently do (versus qsprintf(), which uses xsprintf() to parse the pattern and which we can add new "%" rules to pretty easily).

I'd be slightly worried about the performance cost to parse the pattern at runtime, although this particular rule could probably be safely implemented with str_replace() since it doesn't actually consume or interact with arguments.

We might also need to clean this up on the bin/i18n extract pathway, but this is doable.

Mostly, it's not obvious to me that "%n" is dramatically better than "\n", even though this "\n\n". construction is pretty awkward. We'd still probably end up with '%n%n'. as the most visually clear representation of the string, I think? Dropping the mixed single-quoted and double-quoted strings would be a little bit nice, but this doesn't seem like a huge step forward unless I'm misunderstanding?

A bigger win here might be teaching PHP some kind of better HEREDOC to get rid of ALL the string quoting nonsense, although I think this is a dangerous path to walk down.

We could also put blocks like this in some kind of external file, but then we need to teach a bunch of editors how to interact with that sensibly.

epriestley: Currently, `pht()` resolves more or less as an unmodified `sprintf()`, and PHP `sprintf()`…
aviveyUnsubmitted
Not Done
Inline Actions

yeah, I was thinking we would inline %n%n into the preceding paragraph and get rid of both mixed quote and extra line, but it's probably more clear to just have it separate anyway. 🤷‍♂️

avivey: yeah, I was thinking we would inline `%n%n` into the preceding paragraph and get rid of both…
'This set is also used to enforce valid redirect URIs. '.
'Phabricator will refuse to issue a HTTP "Location" redirect to a '.
'URI with a protocol not on this set.'.
"\n\n".
'Usually, "http" and "https" should be present in this set. If '.
'you remove one or both protocols, some Phabricator features '.
'which rely on links or redirects may not work.'))
->addExample("http\nhttps", pht('Valid Setting')) ->addExample("http\nhttps", pht('Valid Setting'))
->setLocked(true), ->setLocked(true),
$this->newOption( $this->newOption(
'uri.allowed-editor-protocols', 'uri.allowed-editor-protocols',
'set', 'set',
array( array(
'http' => true, 'http' => true,
'https' => true, 'https' => true,
▲ Show 20 LinesShow All 140 LinesShow Last 20 Lines
Phabricator · Built by Phacility