No OneTemporary
Actions

Size

67 KB

Referenced Files

None

Subscribers

None

View Options

	diff --git a/src/applications/config/controller/PhabricatorConfigEditController.php b/src/applications/config/controller/PhabricatorConfigEditController.php
	index 56668d4eb3..5dafbbedf1 100644
	--- a/src/applications/config/controller/PhabricatorConfigEditController.php
	+++ b/src/applications/config/controller/PhabricatorConfigEditController.php
	@@ -1,484 +1,484 @@
	<?php

	final class PhabricatorConfigEditController
	extends PhabricatorConfigController {

	private $key;

	public function willProcessRequest(array $data) {
	$this->key = $data['key'];
	}

	public function processRequest() {
	$request = $this->getRequest();
	$user = $request->getUser();


	$options = PhabricatorApplicationConfigOptions::loadAllOptions();
	if (empty($options[$this->key])) {
	// This may be a dead config entry, which existed in the past but no
	// longer exists. Allow it to be edited so it can be reviewed and
	// deleted.
	$option = id(new PhabricatorConfigOption())
	->setKey($this->key)
	->setType('wild')
	->setDefault(null)
	->setDescription(
	pht(
	"This configuration option is unknown. It may be misspelled, ".
	"or have existed in a previous version of Phabricator."));
	$group = null;
	$group_uri = $this->getApplicationURI();
	} else {
	$option = $options[$this->key];
	$group = $option->getGroup();
	$group_uri = $this->getApplicationURI('group/'.$group->getKey().'/');
	}

	$issue = $request->getStr('issue');
	if ($issue) {
	// If the user came here from an open setup issue, send them back.
	$done_uri = $this->getApplicationURI('issue/'.$issue.'/');
	} else {
	$done_uri = $group_uri;
	}

	// Check if the config key is already stored in the database.
	// Grab the value if it is.
	$config_entry = id(new PhabricatorConfigEntry())
	->loadOneWhere(
	'configKey = %s AND namespace = %s',
	$this->key,
	'default');
	if (!$config_entry) {
	$config_entry = id(new PhabricatorConfigEntry())
	->setConfigKey($this->key)
	->setNamespace('default')
	->setIsDeleted(true);
	}

	$e_value = null;
	$errors = array();
	if ($request->isFormPost() && !$option->getLocked()) {

	$result = $this->readRequest(
	$option,
	$request);

	list($e_value, $value_errors, $display_value, $xaction) = $result;
	$errors = array_merge($errors, $value_errors);

	if (!$errors) {

	$editor = id(new PhabricatorConfigEditor())
	->setActor($user)
	->setContinueOnNoEffect(true)
	->setContentSource(
	PhabricatorContentSource::newForSource(
	PhabricatorContentSource::SOURCE_WEB,
	array(
	'ip' => $request->getRemoteAddr(),
	)));

	try {
	$editor->applyTransactions($config_entry, array($xaction));
	return id(new AphrontRedirectResponse())->setURI($done_uri);
	} catch (PhabricatorConfigValidationException $ex) {
	$e_value = pht('Invalid');
	$errors[] = $ex->getMessage();
	}
	}
	} else {
	$display_value = $this->getDisplayValue($option, $config_entry);
	}

	$form = new AphrontFormView();
	$form->setFlexible(true);

	$error_view = null;
	if ($errors) {
	$error_view = id(new AphrontErrorView())
	->setTitle(pht('You broke everything!'))
	->setErrors($errors);
	} else if ($option->getHidden()) {
	$msg = pht(
	"This configuration is hidden and can not be edited or viewed from ".
	"the web interface.");

	$error_view = id(new AphrontErrorView())
	->setTitle(pht('Configuration Hidden'))
	->setSeverity(AphrontErrorView::SEVERITY_WARNING)
	->appendChild('<p>'.phutil_escape_html($msg).'</p>');
	} else if ($option->getLocked()) {
	$msg = pht(
	"This configuration is locked and can not be edited from the web ".
	"interface.");

	$error_view = id(new AphrontErrorView())
	->setTitle(pht('Configuration Locked'))
	->setSeverity(AphrontErrorView::SEVERITY_NOTICE)
	->appendChild('<p>'.phutil_escape_html($msg).'</p>');
	}

	if ($option->getHidden()) {
	$control = null;
	} else {
	$control = $this->renderControl(
	$option,
	$display_value,
	$e_value);
	}

	$engine = new PhabricatorMarkupEngine();
	$engine->addObject($option, 'description');
	$engine->process();
	$description = phutil_render_tag(
	'div',
	array(
	'class' => 'phabricator-remarkup',
	),
	$engine->getOutput($option, 'description'));

	$form
	->setUser($user)
	->addHiddenInput('issue', $request->getStr('issue'))
	->appendChild(
	id(new AphrontFormMarkupControl())
	->setLabel(pht('Description'))
	->setValue($description))
	->appendChild($control);

	$submit_control = id(new AphrontFormSubmitControl())
	->addCancelButton($done_uri);

	if (!$option->getLocked()) {
	$submit_control->setValue(pht('Save Config Entry'));
	}

	$form->appendChild($submit_control);

	$examples = $this->renderExamples($option);
	if ($examples) {
	$form->appendChild(
	id(new AphrontFormMarkupControl())
	->setLabel(pht('Examples'))
	->setValue($examples));
	}

	if (!$option->getHidden()) {
	$form->appendChild(
	id(new AphrontFormMarkupControl())
	->setLabel(pht('Default'))
	->setValue($this->renderDefaults($option)));
	}

	$title = pht('Edit %s', $this->key);
	$short = pht('Edit');

	$crumbs = $this->buildApplicationCrumbs();
	$crumbs->addCrumb(
	id(new PhabricatorCrumbView())
	->setName(pht('Config'))
	->setHref($this->getApplicationURI()));

	if ($group) {
	$crumbs->addCrumb(
	id(new PhabricatorCrumbView())
	->setName($group->getName())
	->setHref($group_uri));
	}

	$crumbs->addCrumb(
	id(new PhabricatorCrumbView())
	->setName($this->key)
	->setHref('/config/edit/'.$this->key));


	$xactions = id(new PhabricatorConfigTransactionQuery())
	->withObjectPHIDs(array($config_entry->getPHID()))
	->setViewer($user)
	->execute();

	$xaction_view = id(new PhabricatorApplicationTransactionView())
	->setUser($user)
	->setTransactions($xactions);

	return $this->buildApplicationPage(
	array(
	$crumbs,
	id(new PhabricatorHeaderView())->setHeader($title),
	$error_view,
	$form,
	$xaction_view,
	),
	array(
	'title' => $title,
	'device' => true,
	));
	}

	private function readRequest(
	PhabricatorConfigOption $option,
	AphrontRequest $request) {

	$xaction = new PhabricatorConfigTransaction();
	$xaction->setTransactionType(PhabricatorConfigTransaction::TYPE_EDIT);

	$e_value = null;
	$errors = array();

	$value = $request->getStr('value');
	if (!strlen($value)) {
	$value = null;

	$xaction->setNewValue(
	array(
	'deleted' => true,
	'value' => null,
	));

	return array($e_value, $errors, $value, $xaction);
	}

	$type = $option->getType();
	$set_value = null;

	switch ($type) {
	case 'int':
	if (preg_match('/^-?[0-9]+$/', trim($value))) {
	$set_value = (int)$value;
	} else {
	$e_value = pht('Invalid');
	$errors[] = pht('Value must be an integer.');
	}
	break;
	case 'string':
	$set_value = (string)$value;
	break;
	case 'list<string>':
	$set_value = $request->getStrList('value');
	break;
	case 'bool':
	switch ($value) {
	case 'true':
	$set_value = true;
	break;
	case 'false':
	$set_value = false;
	break;
	default:
	$e_value = pht('Invalid');
	$errors[] = pht('Value must be boolean, "true" or "false".');
	break;
	}
	break;
	case 'class':
	if (!class_exists($value)) {
	$e_value = pht('Invalid');
	$errors[] = pht('Class does not exist.');
	} else {
	$base = $option->getBaseClass();
	if (!is_subclass_of($value, $base)) {
	$e_value = pht('Invalid');
	$errors[] = pht('Class is not of valid type.');
	} else {
	$set_value = $value;
	}
	}
	break;
	default:
	$json = json_decode($value, true);
	if ($json === null && strtolower($value) != 'null') {
	$e_value = pht('Invalid');
	$errors[] = pht(
	'The given value must be valid JSON. This means, among '.
	'other things, that you must wrap strings in double-quotes.');
	$set_value = $json;
	}
	break;
	}

	if (!$errors) {
	$xaction->setNewValue(
	array(
	'deleted' => false,
	'value' => $set_value,
	));
	} else {
	$xaction = null;
	}

	return array($e_value, $errors, $value, $xaction);
	}

	private function getDisplayValue(
	PhabricatorConfigOption $option,
	PhabricatorConfigEntry $entry) {

	if ($entry->getIsDeleted()) {
	return null;
	}

	$type = $option->getType();
	$value = $entry->getValue();
	switch ($type) {
	case 'int':
	case 'string':
	return $value;
	case 'bool':
	return $value ? 'true' : 'false';
	case 'list<string>':
	return implode("\n", nonempty($value, array()));
	default:
	return $this->prettyPrintJSON($value);
	}
	}

	private function renderControl(
	PhabricatorConfigOption $option,
	$display_value,
	$e_value) {

	$type = $option->getType();
	switch ($type) {
	case 'int':
	case 'string':
	$control = id(new AphrontFormTextControl());
	break;
	case 'bool':
	$control = id(new AphrontFormSelectControl())
	->setOptions(
	array(
	'' => pht('(Use Default)'),
	- 'true' => idx($option->getOptions(), 0),
	- 'false' => idx($option->getOptions(), 1),
	+ 'true' => idx($option->getBoolOptions(), 0),
	+ 'false' => idx($option->getBoolOptions(), 1),
	));
	break;
	case 'class':
	$symbols = id(new PhutilSymbolLoader())
	->setType('class')
	->setAncestorClass($option->getBaseClass())
	->setConcreteOnly(true)
	->selectSymbolsWithoutLoading();
	$names = ipull($symbols, 'name', 'name');
	asort($names);
	$names = array(
	'' => pht('(Use Default)'),
	) + $names;

	$control = id(new AphrontFormSelectControl())
	->setOptions($names);
	break;
	case 'list<string>':
	$control = id(new AphrontFormTextAreaControl())
	->setCaption(pht('Separate values with newlines or commas.'));
	break;
	default:
	$control = id(new AphrontFormTextAreaControl())
	->setHeight(AphrontFormTextAreaControl::HEIGHT_VERY_TALL)
	->setCustomClass('PhabricatorMonospaced')
	->setCaption(pht('Enter value in JSON.'));
	break;
	}

	$control
	->setLabel('Value')
	->setError($e_value)
	->setValue($display_value)
	->setName('value');

	if ($option->getLocked()) {
	$control->setDisabled(true);
	}

	return $control;
	}

	private function renderExamples(PhabricatorConfigOption $option) {
	$examples = $option->getExamples();
	if (!$examples) {
	return null;
	}

	$table = array();
	$table[] = '<tr class="column-labels">';
	$table[] = '<th>'.pht('Example').'</th>';
	$table[] = '<th>'.pht('Value').'</th>';
	$table[] = '</tr>';
	foreach ($examples as $example) {
	list($value, $description) = $example;

	if ($value === null) {
	$value = '<em>'.pht('(empty)').'</em>';
	} else {
	$value = nl2br(phutil_escape_html($value));
	}

	$table[] = '<tr>';
	$table[] = '<th>'.phutil_escape_html($description).'</th>';
	$table[] = '<td>'.$value.'</td>';
	$table[] = '</tr>';
	}

	require_celerity_resource('config-options-css');

	return phutil_render_tag(
	'table',
	array(
	'class' => 'config-option-table',
	),
	implode("\n", $table));
	}

	private function renderDefaults(PhabricatorConfigOption $option) {
	$stack = PhabricatorEnv::getConfigSourceStack();
	$stack = $stack->getStack();

	/*

	TODO: Once DatabaseSource lands, do this:

	foreach ($stack as $key => $source) {
	unset($stack[$key]);
	if ($source instanceof PhabricatorConfigDatabaseSource) {
	break;
	}
	}

	*/


	$table = array();
	$table[] = '<tr class="column-labels">';
	$table[] = '<th>'.pht('Source').'</th>';
	$table[] = '<th>'.pht('Value').'</th>';
	$table[] = '</tr>';
	foreach ($stack as $key => $source) {
	$value = $source->getKeys(
	array(
	$option->getKey(),
	));

	if (!array_key_exists($option->getKey(), $value)) {
	$value = '<em>'.pht('(empty)').'</em>';
	} else {
	$value = $this->prettyPrintJSON($value[$option->getKey()]);
	}

	$table[] = '<tr>';
	$table[] = '<th>'.phutil_escape_html($source->getName()).'</th>';
	$table[] = '<td>'.$value.'</td>';
	$table[] = '</tr>';
	}

	require_celerity_resource('config-options-css');

	return phutil_render_tag(
	'table',
	array(
	'class' => 'config-option-table',
	),
	implode("\n", $table));
	}

	}
	diff --git a/src/applications/config/option/PhabricatorAuthenticationConfigOptions.php b/src/applications/config/option/PhabricatorAuthenticationConfigOptions.php
	index 84742e9fbe..d2f49d4886 100644
	--- a/src/applications/config/option/PhabricatorAuthenticationConfigOptions.php
	+++ b/src/applications/config/option/PhabricatorAuthenticationConfigOptions.php
	@@ -1,123 +1,123 @@
	<?php

	final class PhabricatorAuthenticationConfigOptions
	extends PhabricatorApplicationConfigOptions {

	public function getName() {
	return pht("Authentication");
	}

	public function getDescription() {
	return pht("Options relating to authentication.");
	}

	public function getOptions() {
	return array(
	$this->newOption(
	'auth.password-auth-enabled', 'bool', true)
	- ->setOptions(
	+ ->setBoolOptions(
	array(
	pht("Allow password authentication"),
	pht("Don't allow password authentication")
	))
	->setSummary(pht("Enables password-based authentication."))
	->setDescription(
	pht(
	"Can users login with a username/password, or by following the ".
	"link from a password reset email? You can disable this and ".
	"configure one or more OAuth providers instead.")),
	$this->newOption('auth.sessions.web', 'int', 5)
	->setSummary(
	pht("Number of web sessions a user can have simultaneously."))
	->setDescription(
	pht(
	"Maximum number of simultaneous web sessions each user is ".
	"permitted to have. Setting this to '1' will prevent a user from ".
	"logging in on more than one browser at the same time.")),
	$this->newOption('auth.sessions.conduit', 'int', 5)
	->setSummary(
	pht(
	"Number of simultaneous Conduit sessions each user is permitted."))
	->setDescription(
	pht(
	"Maximum number of simultaneous Conduit sessions each user is ".
	"permitted to have.")),
	$this->newOption('auth.sshkeys.enabled', 'bool', false)
	- ->setOptions(
	+ ->setBoolOptions(
	array(
	pht("Enable SSH key storage"),
	pht("Disable SSH key storage")))
	->setSummary(
	pht("Allow users to associate SSH keys with their accounts."))
	->setDescription(
	pht(
	"Set this true to enable the Settings -> SSH Public Keys panel, ".
	"which will allow users to associated SSH public keys with their ".
	"accounts. This is only really useful if you're setting up ".
	"services over SSH and want to use Phabricator for ".
	"authentication; in most situations you can leave this ".
	"disabled.")),
	$this->newOption('auth.require-email-verification', 'bool', false)
	- ->setOptions(
	+ ->setBoolOptions(
	array(
	pht("Require email verification"),
	pht("Don't require email verification")
	))
	->setSummary(
	pht("Require email verification before a user can log in."))
	->setDescription(
	pht(
	"If true, email addresses must be verified (by clicking a link ".
	"in an email) before a user can login. By default, verification ".
	"is optional unless 'auth.email-domains' is nonempty.")),
	$this->newOption('auth.email-domains', 'list<string>', array())
	->setSummary(pht("Only allow registration from particular domains."))
	->setDescription(
	pht(
	"You can restrict allowed email addresses to certain domains ".
	"(like 'yourcompany.com') by setting a list of allowed domains ".
	"here. Users will only be allowed to register using email ".
	"addresses at one of the domains, and will only be able to add ".
	"new email addresses for these domains. If you configure this, ".
	"it implies 'auth.require-email-verification'.\n\n".
	"You should omit the '@' from domains. Note that the domain must ".
	"match exactly. If you allow 'yourcompany.com', that permits ".
	"'joe@yourcompany.com' but rejects 'joe@mail.yourcompany.com'."))
	->addExample(
	"yourcompany.com\nmail.yourcompany.com",
	pht('Valid Setting')),
	$this->newOption('auth.login-message', 'string', null)
	->setLocked(true)
	->setSummary(pht("A block of HTML displayed on the login screen."))
	->setDescription(
	pht(
	"You can provide an arbitrary block of HTML here, which will ".
	"appear on the login screen. Normally, you'd use this to provide ".
	"login or registration instructions to users.")),
	$this->newOption('account.editable', 'bool', true)
	- ->setOptions(
	+ ->setBoolOptions(
	array(
	pht("Allow editing"),
	pht("Prevent editing")
	))
	->setSummary(
	pht(
	"Determines whether or not basic account information is ".
	"editable."))
	->setDescription(
	pht(
	"Is basic account information (email, real name, profile ".
	"picture) editable? If you set up Phabricator to automatically ".
	"synchronize account information from some other authoritative ".
	"system, you can disable this to ensure information remains ".
	"consistent across both systems.")),
	$this->newOption('account.minimum-password-length', 'int', 8)
	->setSummary(pht("Minimum password length."))
	->setDescription(
	pht(
	"When users set or reset a password, it must have at least this ".
	"many characters.")),
	);
	}

	}
	diff --git a/src/applications/config/option/PhabricatorConfigOption.php b/src/applications/config/option/PhabricatorConfigOption.php
	index e80a92ac83..076a4f1367 100644
	--- a/src/applications/config/option/PhabricatorConfigOption.php
	+++ b/src/applications/config/option/PhabricatorConfigOption.php
	@@ -1,159 +1,165 @@
	<?php

	final class PhabricatorConfigOption
	extends Phobject
	implements PhabricatorMarkupInterface{

	private $key;
	private $default;
	private $summary;
	private $description;
	private $type;
	- private $options;
	+ private $boolOptions;
	private $group;
	private $examples;
	private $locked;
	private $hidden;
	private $masked;
	private $baseClass;

	public function setBaseClass($base_class) {
	$this->baseClass = $base_class;
	return $this;
	}

	public function getBaseClass() {
	return $this->baseClass;
	}

	public function setMasked($masked) {
	$this->masked = $masked;
	return $this;
	}

	public function getMasked() {
	if ($this->getHidden()) {
	return true;
	}
	return $this->masked;
	}

	public function setHidden($hidden) {
	$this->hidden = $hidden;
	return $this;
	}

	public function getHidden() {
	return $this->hidden;
	}

	public function setLocked($locked) {
	$this->locked = $locked;
	return $this;
	}

	public function getLocked() {
	if ($this->getHidden()) {
	return true;
	}
	return $this->locked;
	}

	public function addExample($value, $description) {
	$this->examples[] = array($value, $description);
	return $this;
	}

	public function getExamples() {
	return $this->examples;
	}

	public function setGroup(PhabricatorApplicationConfigOptions $group) {
	$this->group = $group;
	return $this;
	}

	public function getGroup() {
	return $this->group;
	}

	- public function setOptions(array $options) {
	- $this->options = $options;
	+ public function setBoolOptions(array $options) {
	+ $this->boolOptions = $options;
	return $this;
	}

	- public function getOptions() {
	- return $this->options;
	+ public function getBoolOptions() {
	+ if ($this->boolOptions) {
	+ return $this->boolOptions;
	+ }
	+ return array(
	+ pht('True'),
	+ pht('False'),
	+ );
	}

	public function setKey($key) {
	$this->key = $key;
	return $this;
	}

	public function getKey() {
	return $this->key;
	}

	public function setDefault($default) {
	$this->default = $default;
	return $this;
	}

	public function getDefault() {
	return $this->default;
	}

	public function setSummary($summary) {
	$this->summary = $summary;
	return $this;
	}

	public function getSummary() {
	if (empty($this->summary)) {
	return $this->getDescription();
	}
	return $this->summary;
	}

	public function setDescription($description) {
	$this->description = $description;
	return $this;
	}

	public function getDescription() {
	return $this->description;
	}

	public function setType($type) {
	$this->type = $type;
	return $this;
	}

	public function getType() {
	return $this->type;
	}

	/* -( PhabricatorMarkupInterface )----------------------------------------- */

	public function getMarkupFieldKey($field) {
	return $this->getKey().':'.$field;
	}

	public function newMarkupEngine($field) {
	return PhabricatorMarkupEngine::newMarkupEngine(array());
	}

	public function getMarkupText($field) {
	return $this->getDescription();
	}

	public function didMarkupText($field, $output, PhutilMarkupEngine $engine) {
	return $output;
	}

	public function shouldUseMarkupCache($field) {
	return false;
	}

	}
	diff --git a/src/applications/config/option/PhabricatorCoreConfigOptions.php b/src/applications/config/option/PhabricatorCoreConfigOptions.php
	index 50395654d8..5d2c1f7c7a 100644
	--- a/src/applications/config/option/PhabricatorCoreConfigOptions.php
	+++ b/src/applications/config/option/PhabricatorCoreConfigOptions.php
	@@ -1,151 +1,151 @@
	<?php

	final class PhabricatorCoreConfigOptions
	extends PhabricatorApplicationConfigOptions {

	public function getName() {
	return pht("Core");
	}

	public function getDescription() {
	return pht("Configure core options, including URIs.");
	}

	public function getOptions() {
	return array(
	$this->newOption('phabricator.base-uri', 'string', null)
	->setSummary(pht("URI where Phabricator is installed."))
	->setDescription(
	pht(
	"Set the URI where Phabricator is installed. Setting this ".
	"improves security by preventing cookies from being set on other ".
	"domains, and allows daemons to send emails with links that have ".
	"the correct domain."))
	->addExample('http://phabricator.example.com/', pht('Valid Setting')),
	$this->newOption('phabricator.production-uri', 'string', null)
	->setSummary(
	pht("Primary install URI, for multi-environment installs."))
	->setDescription(
	pht(
	"If you have multiple Phabricator environments (like a ".
	"development/staging environment for working on testing ".
	"Phabricator, and a production environment for deploying it), ".
	"set the production environment URI here so that emails and other ".
	"durable URIs will always generate with links pointing at the ".
	"production environment. If unset, defaults to ".
	"{{phabricator.base-uri}}. Most installs do not need to set ".
	"this option."))
	->addExample('http://phabricator.example.com/', pht('Valid Setting')),
	$this->newOption('phabricator.timezone', 'string', null)
	->setSummary(
	pht("The timezone Phabricator should use."))
	->setDescription(
	pht(
	"PHP requires that you set a timezone in your php.ini before ".
	"using date functions, or it will emit a warning. If this isn't ".
	"possible (for instance, because you are using HPHP) you can set ".
	"some valid constant for date_default_timezone_set() here and ".
	"Phabricator will set it on your behalf, silencing the warning."))
	->addExample('America/New_York', pht('US East (EDT)'))
	->addExample('America/Chicago', pht('US Central (CDT)'))
	->addExample('America/Boise', pht('US Mountain (MDT)'))
	->addExample('America/Los_Angeles', pht('US West (PDT)')),
	$this->newOption('phabricator.serious-business', 'bool', false)
	- ->setOptions(
	+ ->setBoolOptions(
	array(
	pht('Serious business'),
	pht('Shenanigans'), // That should be interesting to translate. :P
	))
	->setSummary(
	pht("Should Phabricator be serious?"))
	->setDescription(
	pht(
	"By default, Phabricator includes some silly nonsense in the UI, ".
	"such as a submit button called 'Clowncopterize' in Differential ".
	"and a call to 'Leap Into Action'. If you'd prefer more ".
	"traditional UI strings like 'Submit', you can set this flag to ".
	"disable most of the jokes and easter eggs.")),
	$this->newOption('environment.append-paths', 'list<string>', null)
	->setSummary(
	pht("These paths get appended to your \$PATH envrionment variable."))
	->setDescription(
	pht(
	"Phabricator occasionally shells out to other binaries on the ".
	"server. An example of this is the \"pygmentize\" command, used ".
	"to syntax-highlight code written in languages other than PHP. ".
	"By default, it is assumed that these binaries are in the \$PATH ".
	"of the user running Phabricator (normally 'apache', 'httpd', or ".
	"'nobody'). Here you can add extra directories to the \$PATH ".
	"environment variable, for when these binaries are in ".
	"non-standard locations."))
	->addExample('/usr/local/bin', pht('Add One Path'))
	->addExample("/usr/bin\n/usr/local/bin", pht('Add Multiple Paths')),
	);
	}

	protected function didValidateOption(
	PhabricatorConfigOption $option,
	$value) {

	$key = $option->getKey();
	if ($key == 'phabricator.base-uri' \|\|
	$key == 'phabricator.production-uri') {

	$uri = new PhutilURI($value);
	$protocol = $uri->getProtocol();
	if ($protocol !== 'http' && $protocol !== 'https') {
	throw new PhabricatorConfigValidationException(
	pht(
	"Config option '%s' is invalid. The URI must start with ".
	"'http://' or 'https://'.",
	$key));
	}

	$domain = $uri->getDomain();
	if (strpos($domain, '.') === false) {
	throw new PhabricatorConfigValidationException(
	pht(
	"Config option '%s' is invalid. The URI must contain a dot ('.'), ".
	"like 'http://example.com/', not just a bare name like ".
	"'http://example/'. Some web browsers will not set cookies on ".
	"domains with no TLD.",
	$key));
	}

	$path = $uri->getPath();
	if ($path !== '' && $path !== '/') {
	throw new PhabricatorConfigValidationException(
	pht(
	"Config option '%s' is invalid. The URI must NOT have a path, ".
	"e.g. 'http://phabricator.example.com/' is OK, but ".
	"'http://example.com/phabricator/' is not. Phabricator must be ".
	"installed on an entire domain; it can not be installed on a ".
	"path.",
	$key));
	}
	}


	if ($key === 'phabricator.timezone') {
	$old = date_default_timezone_get();
	$ok = @date_default_timezone_set($value);
	@date_default_timezone_set($old);

	if (!$ok) {
	throw new PhabricatorConfigValidationException(
	pht(
	"Config option '%s' is invalid. The timezone identifier must ".
	"be a valid timezone identifier recognized by PHP, like ".
	"'America/Los_Angeles'. You can find a list of valid identifiers ".
	"here: %s",
	$key,
	'http://php.net/manual/timezones.php'));
	}
	}



	}


	}
	diff --git a/src/applications/config/option/PhabricatorDeveloperConfigOptions.php b/src/applications/config/option/PhabricatorDeveloperConfigOptions.php
	index 46092c43be..0ad37fe8b3 100644
	--- a/src/applications/config/option/PhabricatorDeveloperConfigOptions.php
	+++ b/src/applications/config/option/PhabricatorDeveloperConfigOptions.php
	@@ -1,145 +1,145 @@
	<?php

	final class PhabricatorDeveloperConfigOptions
	extends PhabricatorApplicationConfigOptions {

	public function getName() {
	return pht("Developer / Debugging");
	}

	public function getDescription() {
	return pht("Options for Phabricator developers, including debugging.");
	}

	public function getOptions() {
	return array(
	$this->newOption('darkconsole.enabled', 'bool', false)
	- ->setOptions(
	+ ->setBoolOptions(
	array(
	pht("Enable DarkConsole"),
	pht("Disable DarkConsole"),
	))
	->setSummary(pht("Enable Phabricator's debugging console."))
	->setDescription(
	pht(
	"DarkConsole is a development and profiling tool built into ".
	"Phabricator's web interface. You should leave it disabled unless ".
	"you are developing or debugging Phabricator.\n\n".
	"Set this option to enable DarkConsole, which will put a link ".
	"in the page footer to actually activate it. Once activated, ".
	"it will appear at the top of every page and can be toggled ".
	"by pressing the '`' key.\n\n".
	"DarkConsole exposes potentially sensitive data (like queries, ".
	"stack traces, and configuration) so you generally should not ".
	"turn it on in production.")),
	$this->newOption('darkconsole.always-on', 'bool', false)
	- ->setOptions(
	+ ->setBoolOptions(
	array(
	pht("Always Activate DarkConsole"),
	pht("Require DarkConsole Activation"),
	))
	->setSummary(pht("Activate DarkConsole on every page."))
	->setDescription(
	pht(
	"This option allows you to enable DarkConsole on every page, ".
	"even for logged-out users. This is only really useful if you ".
	"need to debug something on a logged-out page. You should not ".
	"enable this option in production.\n\n".
	"You must enable DarkConsole by setting {{darkconsole.enabled}} ".
	"before this option will have any effect.")),
	$this->newOption('debug.stop-on-redirect', 'bool', false)
	- ->setOptions(
	+ ->setBoolOptions(
	array(
	pht("Stop Before HTTP Redirect"),
	pht("Use Normal HTTP Redirects"),
	))
	->setSummary(
	pht(
	"Confirm before redirecting so DarkConsole can be examined."))
	->setDescription(
	pht(
	"Normally, Phabricator issues HTTP redirects after a successful ".
	"POST. This can make it difficult to debug things which happen ".
	"while processing the POST, because service and profiling ".
	"information are lost. By setting this configuration option, ".
	"Phabricator will show a page instead of automatically ".
	"redirecting, allowing you to examine service and profiling ".
	"information. It also makes the UX awful, so you should only ".
	"enable it when debugging.")),
	$this->newOption('debug.profile-rate', 'int', 0)
	->addExample(0, pht('No profiling'))
	->addExample(1, pht('Profile every request (slow)'))
	->addExample(1000, pht('Profile 0.1%% of all requests'))
	->setSummary(pht("Automatically profile some percentage of pages."))
	->setDescription(
	pht(
	"Normally, Phabricator profiles pages only when explicitly ".
	"requested via DarkConsole. However, it may be useful to profile ".
	"some pages automatically.\n\n".
	"Set this option to a positive integer N to profile 1 / N pages ".
	"automatically. For example, setting it to 1 will profile every ".
	"page, while setting it to 1000 will profile 1 page per 1000 ".
	"requests (i.e., 0.1%% of requests).\n\n".
	"Since profiling is slow and generates a lot of data, you should ".
	"set this to 0 in production (to disable it) or to a large number ".
	"(to collect a few samples, if you're interested in having some ".
	"data to look at eventually). In development, it may be useful to ".
	"set it to 1 in order to debug performance problems.\n\n".
	"NOTE: You must install XHProf for profiling to work.")),
	$this->newOption('phabricator.show-stack-traces', 'bool', false)
	- ->setOptions(
	+ ->setBoolOptions(
	array(
	pht('Show stack traces'),
	pht('Hide stack traces'),
	))
	->setSummary(pht("Show stack traces when unhandled exceptions occur."))
	->setDescription(
	pht(
	"When unhandled exceptions occur, stack traces are hidden by ".
	"default. You can enable traces for development to make it easier ".
	"to debug problems.")),
	$this->newOption('phabricator.show-error-callout', 'bool', false)
	- ->setOptions(
	+ ->setBoolOptions(
	array(
	pht('Show error callout'),
	pht('Hide error callout'),
	))
	->setSummary(pht("Show error callout."))
	->setDescription(
	pht(
	"Shows an error callout if a page generated PHP errors, warnings ".
	"or notices. This makes it harder to miss problems while ".
	"developing Phabricator. A callout is simply a red error at the ".
	"top of the page.")),
	$this->newOption('celerity.force-disk-reads', 'bool', false)
	- ->setOptions(
	+ ->setBoolOptions(
	array(
	pht('Force disk reads'),
	pht("Don't force disk reads"),
	))
	->setSummary(pht("Force Celerity to read from disk on every request."))
	->setDescription(
	pht(
	"In a development environment, it is desirable to force static ".
	"resources (CSS and JS) to be read from disk on every request, so ".
	"that edits to them appear when you reload the page even if you ".
	"haven't updated the resource maps. This setting ensures requests ".
	"will be verified against the state on disk. Generally, you ".
	"should leave this off in production (caching behavior and ".
	"performance improve with it off) but turn it on in development. ".
	"(These settings are the defaults.)")),
	$this->newOption('celerity.minify', 'bool', false)
	- ->setOptions(
	+ ->setBoolOptions(
	array(
	pht('Minify static resources.'),
	pht("Don't minify static resources."),
	))
	->setSummary(pht("Minify static Celerity resources."))
	->setDescription(
	pht(
	"Minify static resources by removing whitespace and comments. You ".
	"should enable this in production, but disable it in ".
	"development.")),
	);
	}
	}
	diff --git a/src/applications/config/option/PhabricatorDisqusConfigOptions.php b/src/applications/config/option/PhabricatorDisqusConfigOptions.php
	index decafe9907..20d82b3c93 100644
	--- a/src/applications/config/option/PhabricatorDisqusConfigOptions.php
	+++ b/src/applications/config/option/PhabricatorDisqusConfigOptions.php
	@@ -1,64 +1,64 @@
	<?php

	final class PhabricatorDisqusConfigOptions
	extends PhabricatorApplicationConfigOptions {

	public function getName() {
	return pht("Integration with Disqus");
	}

	public function getDescription() {
	return pht("Disqus authentication and integration options.");
	}

	public function getOptions() {
	return array(
	$this->newOption('disqus.auth-enabled', 'bool', false)
	- ->setOptions(
	+ ->setBoolOptions(
	array(
	pht("Enable Disqus Authentication"),
	pht("Disable Disqus Authentication"),
	))
	->setDescription(
	pht(
	'Allow users to login to Phabricator using Disqus credentials.')),
	$this->newOption('disqus.registration-enabled', 'bool', true)
	- ->setOptions(
	+ ->setBoolOptions(
	array(
	pht("Enable Disqus Registration"),
	pht("Disable Disqus Registration"),
	))
	->setDescription(
	pht(
	'Allow users to create new Phabricator accounts using Disqus '.
	'credentials.')),
	$this->newOption('disqus.auth-permanent', 'bool', false)
	- ->setOptions(
	+ ->setBoolOptions(
	array(
	pht("Permanently Bind Disqus Accounts"),
	pht("Allow Disqus Account Unlinking"),
	))
	->setDescription(
	pht(
	'Are Phabricator accounts permanently bound to Disqus '.
	'accounts?')),
	$this->newOption('disqus.application-id', 'string', null)
	->setDescription(
	pht(
	'Disqus "Client ID" to use for Disqus API access.')),
	$this->newOption('disqus.application-secret', 'string', null)
	->setDescription(
	pht(
	'Disqus "Secret" to use for Diqsus API access.')),
	$this->newOption('disqus.shortname', 'string', null)
	->setSummary(pht("Shortname for Disqus comment widget."))
	->setDescription(
	pht(
	"Website shortname to use for Disqus comment widget in Phame. ".
	"For more information, see:\n\n".
	"[[http://docs.disqus.com/help/4/ \| Disqus Quick Start Guide]]\n".
	"[[http://docs.disqus.com/help/68/ \| Information on Shortnames]]")),
	);
	}

	}
	diff --git a/src/applications/config/option/PhabricatorFacebookConfigOptions.php b/src/applications/config/option/PhabricatorFacebookConfigOptions.php
	index fdf828701f..96f062d622 100644
	--- a/src/applications/config/option/PhabricatorFacebookConfigOptions.php
	+++ b/src/applications/config/option/PhabricatorFacebookConfigOptions.php
	@@ -1,75 +1,75 @@
	<?php

	final class PhabricatorFacebookConfigOptions
	extends PhabricatorApplicationConfigOptions {

	public function getName() {
	return pht("Integration with Facebook");
	}

	public function getDescription() {
	return pht("Facebook authentication and integration options.");
	}

	public function getOptions() {
	return array(
	$this->newOption('facebook.auth-enabled', 'bool', false)
	- ->setOptions(
	+ ->setBoolOptions(
	array(
	pht("Enable Facebook Authentication"),
	pht("Disable Facebook Authentication"),
	))
	->setDescription(
	pht(
	'Allow users to login to Phabricator using Facebook credentials.')),
	$this->newOption('facebook.registration-enabled', 'bool', true)
	- ->setOptions(
	+ ->setBoolOptions(
	array(
	pht("Enable Facebook Registration"),
	pht("Disable Facebook Registration"),
	))
	->setDescription(
	pht(
	'Allow users to create new Phabricator accounts using Facebook '.
	'credentials.')),
	$this->newOption('facebook.auth-permanent', 'bool', false)
	- ->setOptions(
	+ ->setBoolOptions(
	array(
	pht("Permanently Bind Facebook Accounts"),
	pht("Allow Facebook Account Unlinking"),
	))
	->setDescription(
	pht(
	'Are Phabricator accounts permanently bound to Facebook '.
	'accounts?')),
	$this->newOption('facebook.application-id', 'string', null)
	->setDescription(
	pht(
	'Facebook "Application ID" to use for Facebook API access.')),
	$this->newOption('facebook.application-secret', 'string', null)
	->setDescription(
	pht(
	'Facebook "Application Secret" to use for Facebook API access.')),
	$this->newOption('facebook.require-https-auth', 'bool', false)
	- ->setOptions(
	+ ->setBoolOptions(
	array(
	pht("Require HTTPS"),
	pht("Do Not Require HTTPS"),
	))
	->setSummary(
	pht(
	'Reject Facebook logins from accounts that do not have Facebook '.
	'configured in HTTPS-only mode.'))
	->setDescription(
	pht(
	'You can require users logging in via Facebook auth have Facebook '.
	'set to HTTPS-only, which ensures their Facebook cookies are '.
	'SSL-only. This makes it more difficult for an attacker to '.
	'escalate a cookie-sniffing attack which captures Facebook '.
	'credentials into Phabricator access, but will require users '.
	'change their Facebook settings if they do not have this mode '.
	'enabled.')),
	);
	}

	}
	diff --git a/src/applications/config/option/PhabricatorGitHubConfigOptions.php b/src/applications/config/option/PhabricatorGitHubConfigOptions.php
	index d7c0531b01..dc471c3a55 100644
	--- a/src/applications/config/option/PhabricatorGitHubConfigOptions.php
	+++ b/src/applications/config/option/PhabricatorGitHubConfigOptions.php
	@@ -1,56 +1,56 @@
	<?php

	final class PhabricatorGitHubConfigOptions
	extends PhabricatorApplicationConfigOptions {

	public function getName() {
	return pht("Integration with GitHub");
	}

	public function getDescription() {
	return pht("GitHub authentication and integration options.");
	}

	public function getOptions() {
	return array(
	$this->newOption('github.auth-enabled', 'bool', false)
	- ->setOptions(
	+ ->setBoolOptions(
	array(
	pht("Enable GitHub Authentication"),
	pht("Disable GitHub Authentication"),
	))
	->setDescription(
	pht(
	'Allow users to login to Phabricator using GitHub credentials.')),
	$this->newOption('github.registration-enabled', 'bool', true)
	- ->setOptions(
	+ ->setBoolOptions(
	array(
	pht("Enable GitHub Registration"),
	pht("Disable GitHub Registration"),
	))
	->setDescription(
	pht(
	'Allow users to create new Phabricator accounts using GitHub '.
	'credentials.')),
	$this->newOption('github.auth-permanent', 'bool', false)
	- ->setOptions(
	+ ->setBoolOptions(
	array(
	pht("Permanently Bind GitHub Accounts"),
	pht("Allow GitHub Account Unlinking"),
	))
	->setDescription(
	pht(
	'Are Phabricator accounts permanently bound to GitHub '.
	'accounts?')),
	$this->newOption('github.application-id', 'string', null)
	->setDescription(
	pht(
	'GitHub "Client ID" to use for GitHub API access.')),
	$this->newOption('github.application-secret', 'string', null)
	->setDescription(
	pht(
	'GitHub "Secret" to use for GitHub API access.')),
	);
	}

	}
	diff --git a/src/applications/config/option/PhabricatorGoogleConfigOptions.php b/src/applications/config/option/PhabricatorGoogleConfigOptions.php
	index 6e35637b13..b16bb8f22d 100644
	--- a/src/applications/config/option/PhabricatorGoogleConfigOptions.php
	+++ b/src/applications/config/option/PhabricatorGoogleConfigOptions.php
	@@ -1,56 +1,56 @@
	<?php

	final class PhabricatorGoogleConfigOptions
	extends PhabricatorApplicationConfigOptions {

	public function getName() {
	return pht("Integration with Google");
	}

	public function getDescription() {
	return pht("Google authentication and integration options.");
	}

	public function getOptions() {
	return array(
	$this->newOption('google.auth-enabled', 'bool', false)
	- ->setOptions(
	+ ->setBoolOptions(
	array(
	pht("Enable Google Authentication"),
	pht("Disable Google Authentication"),
	))
	->setDescription(
	pht(
	'Allow users to login to Phabricator using Google credentials.')),
	$this->newOption('google.registration-enabled', 'bool', true)
	- ->setOptions(
	+ ->setBoolOptions(
	array(
	pht("Enable Google Registration"),
	pht("Disable Google Registration"),
	))
	->setDescription(
	pht(
	'Allow users to create new Phabricator accounts using Google '.
	'credentials.')),
	$this->newOption('google.auth-permanent', 'bool', false)
	- ->setOptions(
	+ ->setBoolOptions(
	array(
	pht("Permanently Bind Google Accounts"),
	pht("Allow Google Account Unlinking"),
	))
	->setDescription(
	pht(
	'Are Phabricator accounts permanently bound to Google '.
	'accounts?')),
	$this->newOption('google.application-id', 'string', null)
	->setDescription(
	pht(
	'Google "Client ID" to use for Google API access.')),
	$this->newOption('google.application-secret', 'string', null)
	->setDescription(
	pht(
	'Google "Secret" to use for Google API access.')),
	);
	}

	}
	diff --git a/src/applications/config/option/PhabricatorLDAPConfigOptions.php b/src/applications/config/option/PhabricatorLDAPConfigOptions.php
	index c67a7a748a..1a932f22b3 100644
	--- a/src/applications/config/option/PhabricatorLDAPConfigOptions.php
	+++ b/src/applications/config/option/PhabricatorLDAPConfigOptions.php
	@@ -1,68 +1,68 @@
	<?php

	final class PhabricatorLDAPConfigOptions
	extends PhabricatorApplicationConfigOptions {

	public function getName() {
	return pht("Integration with LDAP");
	}

	public function getDescription() {
	return pht("LDAP authentication and integration options.");
	}

	public function getOptions() {
	return array(
	$this->newOption('ldap.auth-enabled', 'bool', false)
	- ->setOptions(
	+ ->setBoolOptions(
	array(
	pht("Enable LDAP Authentication"),
	pht("Disable LDAP Authentication"),
	))
	->setDescription(
	pht('Enable LDAP for authentication and registration.')),
	$this->newOption('ldap.hostname', 'string', null)
	->setDescription(pht('LDAP server host name.')),
	$this->newOption('ldap.port', 'int', 389)
	->setDescription(pht('LDAP server port.')),
	$this->newOption('ldap.anonymous-user-name', 'string', null)
	->setDescription(
	pht('Username to login to LDAP server with.')),
	$this->newOption('ldap.anonymous-user-password', 'string', null)
	->setDescription(
	pht('Password to login to LDAP server with.')),

	// TODO: I have only a vague understanding of what these options do;
	// improve the documentation here and provide examples.

	$this->newOption('ldap.base_dn', 'string', null)
	->setDescription(pht('LDAP base domain name.')),
	$this->newOption('ldap.search_attribute', 'string', null),
	$this->newOption('ldap.search-first', 'bool', false)
	- ->setOptions(
	+ ->setBoolOptions(
	array(
	pht("Enabled"),
	pht("Disabled"),
	)),
	$this->newOption('ldap.username-attribute', 'string', null),
	$this->newOption('ldap.real_name_attributes', 'list<string>', array())
	->setDescription(
	pht(
	"Attribute or attributes to use as the user's real name. If ".
	"multiple attributes are provided, they will be joined with ".
	"spaces.")),
	$this->newOption('ldap.activedirectory_domain', 'string', null),
	$this->newOption('ldap.version', 'int', 3),
	$this->newOption('ldap.referrals', 'bool', true)
	- ->setOptions(
	+ ->setBoolOptions(
	array(
	pht("Follow Referrals"),
	pht("Do Not Follow Referrals"),
	))
	->setDescription(
	pht("You may need to disable this if you use Windows 2003 ".
	"Active Directory.")),
	);
	}

	}
	diff --git a/src/applications/config/option/PhabricatorNotificationConfigOptions.php b/src/applications/config/option/PhabricatorNotificationConfigOptions.php
	index 3304079915..80e974a4cc 100644
	--- a/src/applications/config/option/PhabricatorNotificationConfigOptions.php
	+++ b/src/applications/config/option/PhabricatorNotificationConfigOptions.php
	@@ -1,59 +1,59 @@
	<?php

	final class PhabricatorNotificationConfigOptions
	extends PhabricatorApplicationConfigOptions {

	public function getName() {
	return pht("Notifications");
	}

	public function getDescription() {
	return pht("Configure real-time notifications.");
	}

	public function getOptions() {
	return array(
	$this->newOption('notification.enabled', 'bool', false)
	- ->setOptions(
	+ ->setBoolOptions(
	array(
	pht("Enable Real-Time Notifications"),
	pht("Disable Real-Time Notifications"),
	))
	->setSummary(pht('Enable real-time notifications.'))
	->setDescription(
	pht(
	"Enable real-time notifications. You must also run a Node.js ".
	"based notification server for this to work. Consult the ".
	"documentation in 'Notifications User Guide: Setup and ".
	"Configuration' for instructions.")),
	$this->newOption(
	'notification.client-uri',
	'string',
	'http://localhost:22280')
	->setDescription(pht('Location of the client server.')),
	$this->newOption(
	'notification.server-uri',
	'string',
	'http://localhost:22281')
	->setDescription(pht('Location of the notification receiver server.')),
	$this->newOption('notification.user', 'string', null)
	->setSummary(pht('Drop permissions to a less-privileged user.'))
	->setDescription(
	pht(
	"The notifcation server must be started as root so it can bind ".
	"to privileged ports, but if you specify a system user here it ".
	"will drop permissions to that user after binding to the ports ".
	"it needs.")),
	$this->newOption('notification.log', 'string', '/var/log/aphlict.log')
	->setDescription(pht('Location of the server log file.')),
	$this->newOption(
	'notification.pidfile',
	'string',
	'/var/run/aphlict.pid')
	->setDescription(pht('Location of the server PID file.')),
	$this->newOption('notification.debug', 'bool', false)
	->setDescription(pht('Enable debug output in the browser.')),
	);
	}

	}
	diff --git a/src/applications/config/option/PhabricatorPolicyConfigOptions.php b/src/applications/config/option/PhabricatorPolicyConfigOptions.php
	index 84eb6140ae..0f828616f7 100644
	--- a/src/applications/config/option/PhabricatorPolicyConfigOptions.php
	+++ b/src/applications/config/option/PhabricatorPolicyConfigOptions.php
	@@ -1,36 +1,36 @@
	<?php

	final class PhabricatorPolicyConfigOptions
	extends PhabricatorApplicationConfigOptions {

	public function getName() {
	return pht("Policy");
	}

	public function getDescription() {
	return pht("Options relating to object visibility.");
	}

	public function getOptions() {
	return array(
	$this->newOption('policy.allow-public', 'bool', false)
	- ->setOptions(
	+ ->setBoolOptions(
	array(
	pht('Allow Public Visibility'),
	pht('Require Login')))
	->setSummary(pht("Allow users to set object visibility to public."))
	->setDescription(
	pht(
	"Phabricator allows you to set the visibility of objects (like ".
	"repositories and source code) to 'Public', which means anyone ".
	"on the internet can see them, even without being logged in. ".
	"This is great for open source, but some installs may never want ".
	"to make anything public, so this policy is disabled by default. ".
	"You can enable it here, which will let you set the policy for ".
	"objects to 'Public'. With this option disabled, the most open".
	"policy is 'All Users', which means users must be logged in to ".
	"view things.")),
	);
	}

	}
	diff --git a/src/applications/config/option/PhabricatorRecaptchaConfigOptions.php b/src/applications/config/option/PhabricatorRecaptchaConfigOptions.php
	index 3355d3fee7..5aef7058c8 100644
	--- a/src/applications/config/option/PhabricatorRecaptchaConfigOptions.php
	+++ b/src/applications/config/option/PhabricatorRecaptchaConfigOptions.php
	@@ -1,39 +1,39 @@
	<?php

	final class PhabricatorRecaptchaConfigOptions
	extends PhabricatorApplicationConfigOptions {

	public function getName() {
	return pht("Integration with Recaptcha");
	}

	public function getDescription() {
	return pht("Configure Recaptcha captchas.");
	}

	public function getOptions() {

	return array(
	$this->newOption('recaptcha.enabled', 'bool', false)
	- ->setOptions(
	+ ->setBoolOptions(
	array(
	pht("Enable Recaptcha"),
	pht("Disable Recaptcha"),
	))
	->setSummary(pht('Enable captchas with Recaptcha.'))
	->setDescription(
	pht(
	"Enable recaptcha to require users solve captchas after a few ".
	"failed login attempts. This hinders brute-force attacks against ".
	"user passwords. For more information, see http://recaptcha.net/")),
	$this->newOption('recaptcha.public-key', 'string', null)
	->setDescription(
	pht('Recaptcha public key, obtained by signing up for Recaptcha.')),
	$this->newOption('recaptcha.private-key', 'string', null)
	->setMasked(true)
	->setDescription(
	pht('Recaptcha private key, obtained by signing up for Recaptcha.')),
	);
	}

	}
	diff --git a/src/applications/config/option/PhabricatorSecurityConfigOptions.php b/src/applications/config/option/PhabricatorSecurityConfigOptions.php
	index 24e9df9cf5..7679004394 100644
	--- a/src/applications/config/option/PhabricatorSecurityConfigOptions.php
	+++ b/src/applications/config/option/PhabricatorSecurityConfigOptions.php
	@@ -1,182 +1,182 @@
	<?php

	final class PhabricatorSecurityConfigOptions
	extends PhabricatorApplicationConfigOptions {

	public function getName() {
	return pht("Security");
	}

	public function getDescription() {
	return pht("Security options.");
	}

	public function getOptions() {
	return array(
	$this->newOption('security.alternate-file-domain', 'string', null)
	->setSummary(pht("Alternate domain to serve files from."))
	->setDescription(
	pht(
	"IMPORTANT: By default, Phabricator serves files from the same ".
	"domain the application lives on. This is convenient but not ".
	"secure: it creates a large class of vulnerabilities which can ".
	"not be generally mitigated.\n\n".

	"To avoid this, you should configure a second domain in the same ".
	"way you have the primary domain configured (i.e., point it at ".
	"the same machine and set up the same vhost rules) and provide ".
	"it here. For instance, if your primary install is on ".
	"'http://www.phabricator-example.com/', you could configure ".
	"'http://www.phabricator-files.com/' and specify the entire ".
	"domain (with protocol) here. This will enforce that files are ".
	"served only from the alternate domain. Ideally, you should use ".
	"a completely separate domain name rather than just a different ".
	"subdomain.\n\n".

	"It is STRONGLY RECOMMENDED that you configure this. Your ".
	"install is NOT SECURE unless you do so."))
	->addExample('http://www.phabricator-files.com/', pht('Valid Setting')),
	$this->newOption(
	'security.hmac-key',
	'string',
	'[D\t~Y7eNmnQGJ;rnH6aF;m2!vJ8@v8C=Cs:aQS\.Qw')
	->setSummary(
	pht("Key for HMAC digests."))
	->setDescription(
	pht(
	"Default key for HMAC digests where the key is not important ".
	"(i.e., the hash itself is secret). You can change this if you ".
	"want (to any other string), but doing so will break existing ".
	"sessions and CSRF tokens.")),
	$this->newOption('security.require-https', 'bool', false)
	->setSummary(
	pht("Force users to connect via https instead of http."))
	->setDescription(
	pht(
	"If the web server responds to both HTTP and HTTPS requests but ".
	"you want users to connect with only HTTPS, you can set this ".
	"to true to make Phabricator redirect HTTP requests to HTTPS.\n\n".

	"Normally, you should just configure your server not to accept ".
	"HTTP traffic, but this setting may be useful if you originally ".
	"used HTTP and have now switched to HTTPS but don't want to ".
	"break old links, or if your webserver sits behind a load ".
	"balancer which terminates HTTPS connections and you can not ".
	"reasonably configure more granular behavior there.\n\n".

	"NOTE: Phabricator determines if a request is HTTPS or not by ".
	"examining the PHP \$_SERVER['HTTPS'] variable. If you run ".
	"Apache/mod_php this will probably be set correctly for you ".
	"automatically, but if you run Phabricator as CGI/FCGI (e.g., ".
	"through nginx or lighttpd), you need to configure your web ".
	"server so that it passes the value correctly based on the ".
	"connection type. Alternatively, you can add a PHP snippet to ".
	"the top of this configuration file to directly set ".
	"\$_SERVER['HTTPS'] to the correct value."))
	- ->setOptions(
	+ ->setBoolOptions(
	array(
	pht('Force HTTPS'),
	pht('Allow HTTP'),
	)),
	$this->newOption(
	'phabricator.csrf-key',
	'string',
	'0b7ec0592e0a2829d8b71df2fa269b2c6172eca3')
	->setSummary(
	pht("Hashed with other inputs to generate CSRF tokens."))
	->setDescription(
	pht(
	"This is hashed with other inputs to generate CSRF tokens. If ".
	"you want, you can change it to some other string which is ".
	"unique to your install. This will make your install more secure ".
	"in a vague, mostly theoretical way. But it will take you like 3 ".
	"seconds of mashing on your keyboard to set it up so you might ".
	"as well.")),
	$this->newOption(
	'phabricator.mail-key',
	'string',
	'5ce3e7e8787f6e40dfae861da315a5cdf1018f12')
	->setSummary(
	pht("Hashed with other inputs to generate mail tokens."))
	->setDescription(
	pht(
	"This is hashed with other inputs to generate mail tokens. If ".
	"you want, you can change it to some other string which is ".
	"unique to your install. In particular, you will want to do ".
	"this if you accidentally send a bunch of mail somewhere you ".
	"shouldn't have, to invalidate all old reply-to addresses.")),
	// TODO: This should really be dict<string,bool> but that doesn't exist
	// yet.
	$this->newOption('uri.allowed-protocols', 'wild', null)
	->setSummary(
	pht("Determines which URI protocols are auto-linked."))
	->setDescription(
	pht(
	"When users write comments which have URIs, they'll be ".
	"automatically linked if the protocol appears in this set. This ".
	"whitelist is primarily to prevent security issues like ".
	"javascript:// URIs."))
	->addExample(
	'{"http": true, "https": true"}', pht('Valid Setting')),
	$this->newOption(
	'celerity.resource-hash',
	'string',
	'd9455ea150622ee044f7931dabfa52aa')
	->setSummary(
	pht("An input to the hash function when building resource hashes."))
	->setDescription(
	pht(
	"This value is an input to the hash function when building ".
	"resource hashes. It has no security value, but if you ".
	"accidentally poison user caches (by pushing a bad patch or ".
	"having something go wrong with a CDN, e.g.) you can change this ".
	"to something else and rebuild the Celerity map to break user ".
	"caches. Unless you are doing Celerity development, it is ".
	"exceptionally unlikely that you need to modify this.")),
	);
	}

	protected function didValidateOption(
	PhabricatorConfigOption $option,
	$value) {

	$key = $option->getKey();
	if ($key == 'security.alternate-file-domain') {

	$uri = new PhutilURI($value);
	$protocol = $uri->getProtocol();
	if ($protocol !== 'http' && $protocol !== 'https') {
	throw new PhabricatorConfigValidationException(
	pht(
	"Config option '%s' is invalid. The URI must start with ".
	"'http://' or 'https://'.",
	$key));
	}

	$domain = $uri->getDomain();
	if (strpos($domain, '.') === false) {
	throw new PhabricatorConfigValidationException(
	pht(
	"Config option '%s' is invalid. The URI must contain a dot ('.'), ".
	"like 'http://example.com/', not just a bare name like ".
	"'http://example/'. Some web browsers will not set cookies on ".
	"domains with no TLD.",
	$key));
	}

	$path = $uri->getPath();
	if ($path !== '' && $path !== '/') {
	throw new PhabricatorConfigValidationException(
	pht(
	"Config option '%s' is invalid. The URI must NOT have a path, ".
	"e.g. 'http://phabricator.example.com/' is OK, but ".
	"'http://example.com/phabricator/' is not. Phabricator must be ".
	"installed on an entire domain; it can not be installed on a ".
	"path.",
	$key));
	}
	}
	}


	}
	diff --git a/src/applications/differential/config/PhabricatorDifferentialConfigOptions.php b/src/applications/differential/config/PhabricatorDifferentialConfigOptions.php
	index a92654af8d..0de28169b1 100644
	--- a/src/applications/differential/config/PhabricatorDifferentialConfigOptions.php
	+++ b/src/applications/differential/config/PhabricatorDifferentialConfigOptions.php
	@@ -1,67 +1,67 @@
	<?php

	final class PhabricatorDifferentialConfigOptions
	extends PhabricatorApplicationConfigOptions {

	public function getName() {
	return pht('Differential');
	}

	public function getDescription() {
	return pht('Configure Differential code review.');
	}

	public function getOptions() {
	return array(
	$this->newOption('differential.show-host-field', 'bool', false)
	- ->setOptions(
	+ ->setBoolOptions(
	array(
	pht('Disable "Host" Fields'),
	pht('Show "Host" Fields'),
	))
	->setSummary(pht('Show or hide the "Host" and "Path" fields.'))
	->setDescription(
	pht(
	'Differential can show "Host" and "Path" fields on revisions, '.
	'with information about the machine and working directory where '.
	'the change came from. These fields are disabled by default '.
	'because they may occasionally have sensitive information, but '.
	'they can be useful if you work in an environment with shared '.
	'development machines. You can set this option to true to enable '.
	'these fields.')),
	$this->newOption('differential.show-test-plan-field', 'bool', true)
	- ->setOptions(
	+ ->setBoolOptions(
	array(
	pht('Hide "Test Plan" Field'),
	pht('Show "Test Plan" Field'),
	))
	->setSummary(pht('Show or hide the "Test Plan" field.'))
	->setDescription(
	pht(
	'Differential has a required "Test Plan" field by default, which '.
	'requires authors to fill out information about how they verified '.
	'the correctness of their changes when they send code for review. '.
	'If you would prefer not to use this field, you can disable it '.
	'here. You can also make it optional (instead of required) by '.
	'setting {{differential.require-test-plan-field}}.')),
	$this->newOption('differential.enable-email-accept', 'bool', false)
	- ->setOptions(
	+ ->setBoolOptions(
	array(
	pht('Disable Email "!accept" Action'),
	pht('Enable Email "!accept" Action'),
	))
	->setSummary(pht('Enable or disable "!accept" action via email.'))
	->setDescription(
	pht(
	'If inbound email is configured, users can interact with '.
	'revisions by using "!actions" in email replies (for example, '.
	'"!resign" or "!rethink"). However, by default, users may not '.
	'"!accept" revisions via email: email authentication can be '.
	'configured to be very weak, and email "!accept" is kind of '.
	'sketchy and implies the revision may not actually be receiving '.
	'thorough review. You can enable "!accept" by setting this '.
	'option to true.')),
	);
	}

	}

File Metadata

Mime Type: text/x-diff
Expires: Wed, Dec 3, 1:22 PM (4 h, 3 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 433477
Default Alt Text: (67 KB)

No OneTemporaryActions

View Options

File Metadata

Event Timeline

No OneTemporary
Actions