2011-08 August

Updated 4,582 Days AgoPublic

Actions

Summary of significant changes to Phabricator, Arcanist and libphutil in August 2011.

Security

• Fixed a security hole where an attacker can execute CSRF attacks by uploading a Java applet and then tricking a victim into visiting a page which embeds it. See the configuration file for details. Completely stopping this attack requires some configuration.
• Fixed a CSRF hole in drag-and-drop file uploads.
• Fixed a CSRF hole in Conduit.
• Added a CSRF write guard across the entire stack.
• Tightened cookie security policies.

Arcanist

• Added "arc upload".
• Added "arc download".
• Added "arc paste".
• Added a "--json" mode to "arc upload".
• Added an XHPAST rule for brace formatting.
• Added an XHPAST hook for overriding naming warnings.
• Fixed bugs in binary file detection.
• Added basic support for Mercurial.
• Added local commit information to DCVS diffs.

Conduit

• Added a file.info method.
• Added a paste.create method.
• Added a maniphest.createtask method.
• Added a maniphest.find method.
• Added a user.info method.
• Added a phid.info method.
• Added a phriction.info method.
• Added a phriction.edit method.
• Added a phriction.history method.

Differential

• Refined copy for "Show 20 Lines".
• Added "J" and "K" (uppercase) to jump between files.
• Added custom field specifications. The review schema is now largely runtime-configurable.
• Fixed a bug with the interaction between "Reply" and "Undo".
• For DVCS revisions, Differential now shows local commit information.

Diffusion

• Improved display behavior of commit messages.
• Fixed a bug where Diffusion wouldn't show "empty directory" when it should.
• Fixed a bug where SVN file moves displayed incorrectly.
• Fixed a bug where the daemon could get stuck on deleted repositories.

Files

• Added an S3 storage engine.

Maniphest

• Added custom field support, which allows runtime configuration of task fields.
• Added file attach control to task creation workflow.
• Added task status edit control on the task edit workflow.
• Maniphest now uses the active project filter as the default project value when creating a new task.
• Added task dependencies.
• Added "Create Another Task", "Create Subtask" and "Create Another Subtask" workflows.
• Maniphest now renders the entire task status, not just "Closed" (e.g., "Invalid", "Wontfix") on the list view.

Javelin

• Removed JX.defer.

IRC Bot

• Added IRC auth support.
• Added SSL support.
• Fixed a bug where the bot would try to JOIN too quickly.
• Added support for slowvote object references.

Phriction

• Added a "description" field for edits.

Setup

• Added detection for 'open_basedir'.
• Added detection for 'safe_mode'.
• Added detection for bad 'date.timezone'.
• Improved pcntl detection.

libphutil

• Fixed a bug where "disk full" would be incorrectly detected.
• Added Filesystem::writeUniqueFile().
• Fixed an XHPAST issue with statement lists.
• Improved HTTP/HTTPS futures.

Misc

• Loosened @mention parsing to allow "@mention." at the end of a sentence.
• Added the ability to upload SSH public keys.
• Added a rough version of drag-and-drop file uploads to Remarkup.
• Merged "Preferences" into "Settings".
• Improved GC daemon for large Herald transcript datasets.
• Added "esc" as a documented keystroke to keystroke help.
• Added a "Rainbow" syntax highlighter.
• Improved unit test MySQL isolation somewhat.
• Many documentation updates.
• Rendered object handles now show object status where applicable (e.g., a closed task is rendered with strikethru).
• Added a full object reference syntax to Remarkup.
• Made search engines pluggable.
• Fixed error messages when file uploads fail.
• Herald rules in the X-Herald-Rules header are now sticky and persist across later emails.
• Improved unhandled exception dialogs and stack traces.
• Allowed use of "Reply-To" to authorize reply emails.
• Added tracking for content sources (e.g., email, web, conduit).
• Made Phriction links more powerful.