No OneTemporary
Actions

Size

13 KB

Referenced Files

None

Subscribers

None

View Options

	diff --git a/src/aphront/configuration/AphrontDefaultApplicationConfiguration.php b/src/aphront/configuration/AphrontDefaultApplicationConfiguration.php
	index 5a56efb255..05850cb468 100644
	--- a/src/aphront/configuration/AphrontDefaultApplicationConfiguration.php
	+++ b/src/aphront/configuration/AphrontDefaultApplicationConfiguration.php
	@@ -1,312 +1,316 @@
	<?php

	/**
	* NOTE: Do not extend this!
	*
	* @concrete-extensible
	* @group aphront
	*/
	class AphrontDefaultApplicationConfiguration
	extends AphrontApplicationConfiguration {

	public function __construct() {

	}

	public function getApplicationName() {
	return 'aphront-default';
	}

	public function getURIMap() {
	return $this->getResourceURIMapRules() + array(
	'/~/' => array(
	'' => 'DarkConsoleController',
	'data/(?P<key>[^/]+)/' => 'DarkConsoleDataController',
	),
	);
	}

	protected function getResourceURIMapRules() {
	+ $extensions = CelerityResourceController::getSupportedResourceTypes();
	+ $extensions = array_keys($extensions);
	+ $extensions = implode('\|', $extensions);
	+
	return array(
	'/res/' => array(
	'(?:(?P<mtime>[0-9]+)T/)?'.
	'(?P<library>[^/]+)/'.
	'(?P<hash>[a-f0-9]{8})/'.
	- '(?P<path>.+\.(?:css\|js\|jpg\|png\|swf\|gif\|woff))'
	+ '(?P<path>.+\.(?:'.$extensions.'))'
	=> 'CelerityPhabricatorResourceController',
	),
	);
	}

	/**
	* @phutil-external-symbol class PhabricatorStartup
	*/
	public function buildRequest() {
	$parser = new PhutilQueryStringParser();
	$data = array();

	// If the request has "multipart/form-data" content, we can't use
	// PhutilQueryStringParser to parse it, and the raw data supposedly is not
	// available anyway (according to the PHP documentation, "php://input" is
	// not available for "multipart/form-data" requests). However, it is
	// available at least some of the time (see T3673), so double check that
	// we aren't trying to parse data we won't be able to parse correctly by
	// examining the Content-Type header.
	$content_type = idx($_SERVER, 'CONTENT_TYPE');
	$is_form_data = preg_match('@^multipart/form-data@i', $content_type);

	$raw_input = PhabricatorStartup::getRawInput();
	if (strlen($raw_input) && !$is_form_data) {
	$data += $parser->parseQueryString($raw_input);
	} else if ($_POST) {
	$data += $_POST;
	}

	$data += $parser->parseQueryString(idx($_SERVER, 'QUERY_STRING', ''));

	$cookie_prefix = PhabricatorEnv::getEnvConfig('phabricator.cookie-prefix');

	$request = new AphrontRequest($this->getHost(), $this->getPath());
	$request->setRequestData($data);
	$request->setApplicationConfiguration($this);
	$request->setCookiePrefix($cookie_prefix);

	return $request;
	}

	public function handleException(Exception $ex) {
	$request = $this->getRequest();

	// For Conduit requests, return a Conduit response.
	if ($request->isConduit()) {
	$response = new ConduitAPIResponse();
	$response->setErrorCode(get_class($ex));
	$response->setErrorInfo($ex->getMessage());

	return id(new AphrontJSONResponse())
	->setAddJSONShield(false)
	->setContent($response->toDictionary());
	}

	// For non-workflow requests, return a Ajax response.
	if ($request->isAjax() && !$request->isJavelinWorkflow()) {
	// Log these; they don't get shown on the client and can be difficult
	// to debug.
	phlog($ex);

	$response = new AphrontAjaxResponse();
	$response->setError(
	array(
	'code' => get_class($ex),
	'info' => $ex->getMessage(),
	));
	return $response;
	}

	$user = $request->getUser();
	if (!$user) {
	// If we hit an exception very early, we won't have a user.
	$user = new PhabricatorUser();
	}

	if ($ex instanceof PhabricatorSystemActionRateLimitException) {
	$dialog = id(new AphrontDialogView())
	->setTitle(pht('Slow Down!'))
	->setUser($user)
	->setErrors(array(pht('You are being rate limited.')))
	->appendParagraph($ex->getMessage())
	->appendParagraph($ex->getRateExplanation())
	->addCancelButton('/', pht('Okaaaaaaaaaaaaaay...'));

	$response = new AphrontDialogResponse();
	$response->setDialog($dialog);
	return $response;
	}

	if ($ex instanceof PhabricatorAuthHighSecurityRequiredException) {

	$form = id(new PhabricatorAuthSessionEngine())->renderHighSecurityForm(
	$ex->getFactors(),
	$ex->getFactorValidationResults(),
	$user,
	$request);

	$dialog = id(new AphrontDialogView())
	->setUser($user)
	->setTitle(pht('Entering High Security'))
	->setShortTitle(pht('Security Checkpoint'))
	->setWidth(AphrontDialogView::WIDTH_FORM)
	->addHiddenInput(AphrontRequest::TYPE_HISEC, true)
	->setErrors(
	array(
	pht(
	'You are taking an action which requires you to enter '.
	'high security.'),
	))
	->appendParagraph(
	pht(
	'High security mode helps protect your account from security '.
	'threats, like session theft or someone messing with your stuff '.
	'while you\'re grabbing a coffee. To enter high security mode, '.
	'confirm your credentials.'))
	->appendChild($form->buildLayoutView())
	->appendParagraph(
	pht(
	'Your account will remain in high security mode for a short '.
	'period of time. When you are finished taking sensitive '.
	'actions, you should leave high security.'))
	->setSubmitURI($request->getPath())
	->addCancelButton($ex->getCancelURI())
	->addSubmitButton(pht('Enter High Security'));

	foreach ($request->getPassthroughRequestParameters() as $key => $value) {
	$dialog->addHiddenInput($key, $value);
	}

	$response = new AphrontDialogResponse();
	$response->setDialog($dialog);
	return $response;
	}

	if ($ex instanceof PhabricatorPolicyException) {

	if (!$user->isLoggedIn()) {
	// If the user isn't logged in, just give them a login form. This is
	// probably a generally more useful response than a policy dialog that
	// they have to click through to get a login form.
	//
	// Possibly we should add a header here like "you need to login to see
	// the thing you are trying to look at".
	$login_controller = new PhabricatorAuthStartController($request);

	$auth_app_class = 'PhabricatorApplicationAuth';
	$auth_app = PhabricatorApplication::getByClass($auth_app_class);
	$login_controller->setCurrentApplication($auth_app);

	return $login_controller->processRequest();
	}

	$list = $ex->getMoreInfo();
	foreach ($list as $key => $item) {
	$list[$key] = phutil_tag('li', array(), $item);
	}
	if ($list) {
	$list = phutil_tag('ul', array(), $list);
	}

	$content = array(
	phutil_tag(
	'div',
	array(
	'class' => 'aphront-policy-rejection',
	),
	$ex->getRejection()),
	phutil_tag(
	'div',
	array(
	'class' => 'aphront-capability-details',
	),
	pht('Users with the "%s" capability:', $ex->getCapabilityName())),
	$list,
	);

	$dialog = new AphrontDialogView();
	$dialog
	->setTitle($ex->getTitle())
	->setClass('aphront-access-dialog')
	->setUser($user)
	->appendChild($content);

	if ($this->getRequest()->isAjax()) {
	$dialog->addCancelButton('/', pht('Close'));
	} else {
	$dialog->addCancelButton('/', pht('OK'));
	}

	$response = new AphrontDialogResponse();
	$response->setDialog($dialog);
	return $response;
	}

	if ($ex instanceof AphrontUsageException) {
	$error = new AphrontErrorView();
	$error->setTitle($ex->getTitle());
	$error->appendChild($ex->getMessage());

	$view = new PhabricatorStandardPageView();
	$view->setRequest($this->getRequest());
	$view->appendChild($error);

	$response = new AphrontWebpageResponse();
	$response->setContent($view->render());
	$response->setHTTPResponseCode(500);

	return $response;
	}


	// Always log the unhandled exception.
	phlog($ex);

	$class = get_class($ex);
	$message = $ex->getMessage();

	if ($ex instanceof AphrontQuerySchemaException) {
	$message .=
	"\n\n".
	"NOTE: This usually indicates that the MySQL schema has not been ".
	"properly upgraded. Run 'bin/storage upgrade' to ensure your ".
	"schema is up to date.";
	}

	if (PhabricatorEnv::getEnvConfig('phabricator.developer-mode')) {
	$trace = id(new AphrontStackTraceView())
	->setUser($user)
	->setTrace($ex->getTrace());
	} else {
	$trace = null;
	}

	$content = phutil_tag(
	'div',
	array('class' => 'aphront-unhandled-exception'),
	array(
	phutil_tag('div', array('class' => 'exception-message'), $message),
	$trace,
	));

	$dialog = new AphrontDialogView();
	$dialog
	->setTitle('Unhandled Exception ("'.$class.'")')
	->setClass('aphront-exception-dialog')
	->setUser($user)
	->appendChild($content);

	if ($this->getRequest()->isAjax()) {
	$dialog->addCancelButton('/', 'Close');
	}

	$response = new AphrontDialogResponse();
	$response->setDialog($dialog);
	$response->setHTTPResponseCode(500);

	return $response;
	}

	public function willSendResponse(AphrontResponse $response) {
	return $response;
	}

	public function build404Controller() {
	return array(new Phabricator404Controller($this->getRequest()), array());
	}

	public function buildRedirectController($uri) {
	return array(
	new PhabricatorRedirectController($this->getRequest()),
	array(
	'uri' => $uri,
	));
	}

	}
	diff --git a/src/infrastructure/celerity/CelerityResourceController.php b/src/infrastructure/celerity/CelerityResourceController.php
	index 88f4a84969..0263312bec 100644
	--- a/src/infrastructure/celerity/CelerityResourceController.php
	+++ b/src/infrastructure/celerity/CelerityResourceController.php
	@@ -1,112 +1,112 @@
	<?php

	abstract class CelerityResourceController extends PhabricatorController {

	protected function buildResourceTransformer() {
	return null;
	}

	public function shouldRequireLogin() {
	return false;
	}

	public function shouldRequireEnabledUser() {
	return false;
	}

	public function shouldAllowPartialSessions() {
	return true;
	}

	abstract public function getCelerityResourceMap();

	protected function serveResource($path, $package_hash = null) {
	// Sanity checking to keep this from exposing anything sensitive, since it
	// ultimately boils down to disk reads.
	if (preg_match('@(//\|\.\.)@', $path)) {
	return new Aphront400Response();
	}

	$type = CelerityResourceTransformer::getResourceType($path);
	- $type_map = $this->getSupportedResourceTypes();
	+ $type_map = self::getSupportedResourceTypes();

	if (empty($type_map[$type])) {
	throw new Exception("Only static resources may be served.");
	}

	if (AphrontRequest::getHTTPHeader('If-Modified-Since') &&
	!PhabricatorEnv::getEnvConfig('phabricator.developer-mode')) {
	// Return a "304 Not Modified". We don't care about the value of this
	// field since we never change what resource is served by a given URI.
	return $this->makeResponseCacheable(new Aphront304Response());
	}

	$map = $this->getCelerityResourceMap();

	if ($map->isPackageResource($path)) {
	$resource_names = $map->getResourceNamesForPackageName($path);
	if (!$resource_names) {
	return new Aphront404Response();
	}

	try {
	$data = array();
	foreach ($resource_names as $resource_name) {
	$data[] = $map->getResourceDataForName($resource_name);
	}
	$data = implode("\n\n", $data);
	} catch (Exception $ex) {
	return new Aphront404Response();
	}
	} else {
	try {
	$data = $map->getResourceDataForName($path);
	} catch (Exception $ex) {
	return new Aphront404Response();
	}
	}

	$xformer = $this->buildResourceTransformer();
	if ($xformer) {
	$data = $xformer->transformResource($path, $data);
	}

	$response = new AphrontFileResponse();
	$response->setContent($data);
	$response->setMimeType($type_map[$type]);

	// NOTE: This is a piece of magic required to make WOFF fonts work in
	// Firefox. Possibly we should generalize this.
	if ($type == 'woff') {
	// We could be more tailored here, but it's not currently trivial to
	// generate a comprehensive list of valid origins (an install may have
	// arbitrarily many Phame blogs, for example), and we lose nothing by
	// allowing access from anywhere.
	$response->addAllowOrigin("*");
	}

	return $this->makeResponseCacheable($response);
	}

	- protected function getSupportedResourceTypes() {
	+ public static function getSupportedResourceTypes() {
	return array(
	'css' => 'text/css; charset=utf-8',
	'js' => 'text/javascript; charset=utf-8',
	'png' => 'image/png',
	'gif' => 'image/gif',
	'jpg' => 'image/jpeg',
	'swf' => 'application/x-shockwave-flash',
	'woff' => 'font/woff',
	'eot' => 'font/eot',
	'ttf' => 'font/ttf',
	);
	}

	private function makeResponseCacheable(AphrontResponse $response) {
	$response->setCacheDurationInSeconds(60 * 60 * 24 * 30);
	$response->setLastModified(time());

	return $response;
	}

	}

File Metadata

Mime Type: text/x-diff
Expires: Sun, Sep 7, 10:35 AM (22 h, 13 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 223148
Default Alt Text: (13 KB)

No OneTemporaryActions

View Options

File Metadata

Event Timeline

No OneTemporary
Actions