@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.)
hq.recaptime.dev/wiki/Phorge
phorge
phabricator
Add the ability to create a macro from a url
Test Plan: Enter in a url and create a macro. :)
Reviewers: epriestley
Reviewed By: epriestley
CC: epriestley, aran, dctrwatson, Korvin
Differential Revision: https://secure.phabricator.com/D5039
authored by
Matt Robenolt
and committed by
epriestley
e6281c3d
3c989590
+70
-9
+3
conf/default.conf.php
+3
conf/default.conf.php
···
58
58
// configuration file to directly set $_SERVER['HTTPS'] to the correct value.
59
59
'security.require-https' => false,
60
60
61
+
// Is Phabricator permitted to make outbound HTTP requests?
62
+
'security.allow-outbound-http' => true,
63
+
61
64
62
65
// -- Internationalization -------------------------------------------------- //
63
66
+12
src/applications/config/option/PhabricatorSecurityConfigOptions.php
+12
src/applications/config/option/PhabricatorSecurityConfigOptions.php
···
154
154
"inline. This has mild security implications (you'll leak ".
155
155
"referrers to YouTube) and is pretty silly (but sort of ".
156
156
"awesome).")),
157
+
$this->newOption('security.allow-outbound-http', 'bool', true)
158
+
->setBoolOptions(
159
+
array(
160
+
pht("Allow"),
161
+
pht("Disallow"),
162
+
))
163
+
->setSummary(
164
+
pht("Allow outbound HTTP requests"))
165
+
->setDescription(
166
+
pht(
167
+
"If you enable this, you are allowing Phabricator to potentially ".
168
+
"make requests to external servers.")),
157
169
);
158
170
}
159
171
+10
-1
src/applications/files/storage/PhabricatorFile.php
+10
-1
src/applications/files/storage/PhabricatorFile.php
···
333
333
}
334
334
335
335
336
-
public static function newFromFileDownload($uri, array $params) {
336
+
public static function newFromFileDownload($uri, array $params = array()) {
337
+
// Make sure we're allowed to make a request first
338
+
if (!PhabricatorEnv::getEnvConfig('security.allow-outbound-http')) {
339
+
throw new Exception("Outbound HTTP requests are disabled!");
340
+
}
341
+
337
342
$uri = new PhutilURI($uri);
338
343
339
344
$protocol = $uri->getProtocol();
···
351
356
list($file_data) = id(new HTTPSFuture($uri))
352
357
->setTimeout($timeout)
353
358
->resolvex();
359
+
360
+
$params = $params + array(
361
+
'name' => basename($uri),
362
+
);
354
363
355
364
return self::newFromFileData($file_data, $params);
356
365
}
+33
-1
src/applications/macro/controller/PhabricatorMacroEditController.php
+33
-1
src/applications/macro/controller/PhabricatorMacroEditController.php
···
24
24
$e_name = true;
25
25
$e_file = true;
26
26
$file = null;
27
+
$can_fetch = PhabricatorEnv::getEnvConfig('security.allow-outbound-http');
27
28
28
29
$request = $this->getRequest();
29
30
$user = $request->getUser();
···
57
58
'name' => $request->getStr('name'),
58
59
'authorPHID' => $user->getPHID(),
59
60
));
61
+
} else if ($request->getStr('url')) {
62
+
try {
63
+
$file = PhabricatorFile::newFromFileDownload(
64
+
$request->getStr('url'),
65
+
array(
66
+
'name' => $request->getStr('name'),
67
+
'authorPHID' => $user->getPHID(),
68
+
));
69
+
} catch (Exception $ex) {
70
+
$errors[] = pht('Could not fetch URL: %s', $ex->getMessage());
71
+
}
60
72
} else if ($request->getStr('phid')) {
61
73
$file = id(new PhabricatorFile())->loadOneWhere(
62
74
'phid = %s',
···
167
179
$other_label = pht('File');
168
180
}
169
181
182
+
if ($can_fetch) {
183
+
$form->appendChild(
184
+
id(new AphrontFormTextControl())
185
+
->setLabel(pht('URL'))
186
+
->setName('url')
187
+
->setValue($request->getStr('url'))
188
+
->setError($e_file));
189
+
}
190
+
170
191
$form->appendChild(
171
192
id(new AphrontFormFileControl())
172
193
->setLabel($other_label)
···
221
242
$upload_form = id(new AphrontFormView())
222
243
->setFlexible(true)
223
244
->setEncType('multipart/form-data')
224
-
->setUser($request->getUser())
245
+
->setUser($request->getUser());
246
+
247
+
if ($can_fetch) {
248
+
$upload_form
249
+
->appendChild(
250
+
id(new AphrontFormTextControl())
251
+
->setLabel(pht('URL'))
252
+
->setName('url')
253
+
->setValue($request->getStr('url')));
254
+
}
255
+
256
+
$upload_form
225
257
->appendChild(
226
258
id(new AphrontFormFileControl())
227
259
->setLabel(pht('File'))
+12
-7
src/applications/settings/panel/PhabricatorSettingsPanelProfile.php
+12
-7
src/applications/settings/panel/PhabricatorSettingsPanelProfile.php
···
205
205
->setLabel('Change Image')
206
206
->setName('image')
207
207
->setError($e_image)
208
-
->setCaption('Supported formats: '.implode(', ', $supported_formats)))
209
-
->appendChild(
208
+
->setCaption(
209
+
'Supported formats: '.implode(', ', $supported_formats)));
210
+
211
+
if (PhabricatorEnv::getEnvConfig('security.allow-outbound-http')) {
212
+
$form->appendChild(
210
213
id(new AphrontFormTextControl())
211
214
->setLabel('Import Gravatar')
212
215
->setName('gravatar')
213
216
->setError($e_image)
214
-
->setCaption('Enter gravatar email address'))
215
-
->appendChild(
216
-
id(new AphrontFormSubmitControl())
217
-
->setValue('Save')
218
-
->addCancelButton('/p/'.$user->getUsername().'/'));
217
+
->setCaption('Enter gravatar email address'));
218
+
}
219
+
220
+
$form->appendChild(
221
+
id(new AphrontFormSubmitControl())
222
+
->setValue('Save')
223
+
->addCancelButton('/p/'.$user->getUsername().'/'));
219
224
220
225
$panel = new AphrontPanelView();
221
226
$panel->setHeader('Edit Profile Details');