| 
									
										
										
										
											2011-01-16 13:51:39 -08:00
										 |  |  | <?php | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /* | 
					
						
							| 
									
										
										
										
											2012-01-10 16:42:00 -08:00
										 |  |  |  * Copyright 2012 Facebook, Inc. | 
					
						
							| 
									
										
										
										
											2011-01-16 13:51:39 -08:00
										 |  |  |  * | 
					
						
							|  |  |  |  * Licensed under the Apache License, Version 2.0 (the "License"); | 
					
						
							|  |  |  |  * you may not use this file except in compliance with the License. | 
					
						
							|  |  |  |  * You may obtain a copy of the License at | 
					
						
							|  |  |  |  * | 
					
						
							|  |  |  |  *   http://www.apache.org/licenses/LICENSE-2.0 | 
					
						
							|  |  |  |  * | 
					
						
							|  |  |  |  * Unless required by applicable law or agreed to in writing, software | 
					
						
							|  |  |  |  * distributed under the License is distributed on an "AS IS" BASIS, | 
					
						
							|  |  |  |  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | 
					
						
							|  |  |  |  * See the License for the specific language governing permissions and | 
					
						
							|  |  |  |  * limitations under the License. | 
					
						
							|  |  |  |  */ | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-05-20 21:15:00 -07:00
										 |  |  | $__start__ = microtime(true); | 
					
						
							| 
									
										
										
										
											2012-05-05 11:28:30 -07:00
										 |  |  | $access_log = null; | 
					
						
							| 
									
										
										
										
											2011-04-29 20:10:00 -07:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-02-02 22:38:42 -08:00
										 |  |  | error_reporting(E_ALL | E_STRICT); | 
					
						
							| 
									
										
										
											
												Detect obviously erroneous "memory_limit" configurations
Summary: See comment. ALSO: THIS DIFF IS AMAZING.
Test Plan: Changed my memory limit to something absurd, got yelled at.
Reviewed By: mroch
Reviewers: colmdoyle, jungejason, aran, tuomaspelkonen, codeblock, tomo, mroch,
hsb
CC: aran, mroch, epriestley
Differential Revision: 657
											
										 
											2011-07-12 15:42:14 -07:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2012-05-05 11:28:30 -07:00
										 |  |  | if ($_SERVER['REQUEST_METHOD'] == 'POST' && !$_POST && | 
					
						
							|  |  |  |     isset($_REQUEST['__file__'])) { | 
					
						
							| 
									
										
										
										
											2012-05-03 17:30:17 -07:00
										 |  |  |   $size = ini_get('post_max_size'); | 
					
						
							|  |  |  |   phabricator_fatal( | 
					
						
							|  |  |  |     "Request size exceeds PHP 'post_max_size' ('{$size}')."); | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2012-04-06 12:54:05 -07:00
										 |  |  | $required_version = '5.2.3'; | 
					
						
							| 
									
										
										
										
											2012-03-26 10:32:01 -07:00
										 |  |  | if (version_compare(PHP_VERSION, $required_version) < 0) { | 
					
						
							|  |  |  |   phabricator_fatal_config_error( | 
					
						
							|  |  |  |     "You are running PHP version '".PHP_VERSION."', which is older than ". | 
					
						
							|  |  |  |     "the minimum version, '{$required_version}'. Update to at least ". | 
					
						
							|  |  |  |     "'{$required_version}'."); | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
											
												Detect obviously erroneous "memory_limit" configurations
Summary: See comment. ALSO: THIS DIFF IS AMAZING.
Test Plan: Changed my memory limit to something absurd, got yelled at.
Reviewed By: mroch
Reviewers: colmdoyle, jungejason, aran, tuomaspelkonen, codeblock, tomo, mroch,
hsb
CC: aran, mroch, epriestley
Differential Revision: 657
											
										 
											2011-07-12 15:42:14 -07:00
										 |  |  | phabricator_detect_insane_memory_limit(); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-03-30 22:08:41 -07:00
										 |  |  | ini_set('memory_limit', -1); | 
					
						
							| 
									
										
										
										
											2011-02-02 22:38:42 -08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-02-24 14:52:57 -08:00
										 |  |  | $env = getenv('PHABRICATOR_ENV'); // Apache
 | 
					
						
							| 
									
										
										
										
											2011-02-26 20:57:21 -08:00
										 |  |  | if (!$env) { | 
					
						
							|  |  |  |   if (isset($_ENV['PHABRICATOR_ENV'])) { | 
					
						
							|  |  |  |     $env = $_ENV['PHABRICATOR_ENV']; | 
					
						
							|  |  |  |   } | 
					
						
							|  |  |  | } | 
					
						
							| 
									
										
										
										
											2011-02-24 14:52:57 -08:00
										 |  |  | 
 | 
					
						
							|  |  |  | if (!$env) { | 
					
						
							|  |  |  |   phabricator_fatal_config_error( | 
					
						
							| 
									
										
										
										
											2011-01-31 11:55:26 -08:00
										 |  |  |     "The 'PHABRICATOR_ENV' environmental variable is not defined. Modify ". | 
					
						
							|  |  |  |     "your httpd.conf to include 'SetEnv PHABRICATOR_ENV <env>', where '<env>' ". | 
					
						
							|  |  |  |     "is one of 'development', 'production', or a custom environment."); | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-02-24 14:52:57 -08:00
										 |  |  | if (!isset($_REQUEST['__path__'])) { | 
					
						
							|  |  |  |   phabricator_fatal_config_error( | 
					
						
							|  |  |  |     "__path__ is not set. Your rewrite rules are not configured correctly."); | 
					
						
							| 
									
										
										
										
											2011-02-07 20:55:33 -08:00
										 |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-04-29 20:10:00 -07:00
										 |  |  | if (get_magic_quotes_gpc()) { | 
					
						
							|  |  |  |   phabricator_fatal_config_error( | 
					
						
							|  |  |  |     "Your server is configured with PHP 'magic_quotes_gpc' enabled. This ". | 
					
						
							|  |  |  |     "feature is 'highly discouraged' by PHP's developers and you must ". | 
					
						
							|  |  |  |     "disable it to run Phabricator. Consult the PHP manual for instructions."); | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-07-16 07:49:04 -07:00
										 |  |  | register_shutdown_function('phabricator_shutdown'); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-02-11 13:17:06 -08:00
										 |  |  | require_once dirname(dirname(__FILE__)).'/conf/__init_conf__.php'; | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-04-05 10:48:36 -07:00
										 |  |  | try { | 
					
						
							| 
									
										
										
											
												Improve error messages for PHABRICATOR_ENV
Summary:
- Allow user to specify "myconf" (recommended) or "myconf.conf.php" (less
surprising).
  - Make sure syntax errors and other problems are surfaced.
  - If the configuration value isn't valid, give them a list of all valid
values.
Test Plan:
- Added a syntax error, got a useful error.
  - Set PHABRICATOR_ENV to a silly value, got a list of valid values.
  - Set PHABRICATOR_ENV to have .conf.php suffix, site still worked.
Reviewed By: kevinwallace
Reviewers: kevinwallace, codeblock, aran, jungejason, tuomaspelkonen
CC: aran, epriestley, kevinwallace
Differential Revision: 381
											
										 
											2011-05-30 19:52:51 -07:00
										 |  |  |   setup_aphront_basics(); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-04-05 10:48:36 -07:00
										 |  |  |   $conf = phabricator_read_config_file($env); | 
					
						
							|  |  |  |   $conf['phabricator.env'] = $env; | 
					
						
							| 
									
										
										
										
											2011-01-31 11:55:26 -08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-04-05 10:48:36 -07:00
										 |  |  |   PhabricatorEnv::setEnvConfig($conf); | 
					
						
							| 
									
										
										
										
											2011-01-31 11:55:26 -08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2012-07-02 19:39:41 -07:00
										 |  |  |   // This needs to be done before we create the log, because
 | 
					
						
							|  |  |  |   // PhabricatorAccessLog::getLog() calls date()
 | 
					
						
							|  |  |  |   $tz = PhabricatorEnv::getEnvConfig('phabricator.timezone'); | 
					
						
							|  |  |  |   if ($tz) { | 
					
						
							|  |  |  |     date_default_timezone_set($tz); | 
					
						
							|  |  |  |   } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
											  
											
												Allow Phabricator to write an access log using PhutilDeferredLog
Summary: Provide a configurable access log.
Test Plan:
Got a sensible-looking log including logged-in, logged-out, conduit, 404, etc:
  [Mon, 23 Apr 2012 20:08:12 -0700]	32599	orbital	-	epriestley	DifferentialCommentPreviewController	-	/differential/comment/preview/42/	http://local.aphront.com:8080/D42	200	65406
  [Mon, 23 Apr 2012 20:08:12 -0700]	32881	orbital	-	epriestley	DifferentialChangesetViewController	-	/differential/changeset/	http://local.aphront.com:8080/D42	200	72669
  [Mon, 23 Apr 2012 20:08:39 -0700]	32882	orbital	127.0.0.1	epriestley	DifferentialRevisionListController	-	/differential/	http://local.aphront.com:8080/D42	200	106444
  [Mon, 23 Apr 2012 20:08:54 -0700]	32867	orbital	127.0.0.1	epriestley	DifferentialRevisionListController	-	/differential/	http://local.aphront.com:8080/differential/	200	112229
  [Mon, 23 Apr 2012 20:09:05 -0700]	32530	orbital	127.0.0.1	epriestley	PhabricatorDirectoryMainController	-	/	http://local.aphront.com:8080/differential/	200	141350
  [Mon, 23 Apr 2012 20:09:10 -0700]	32598	orbital	127.0.0.1	epriestley	PhabricatorDirectoryCategoryViewController	-	/directory/6/	http://local.aphront.com:8080/	200	43474
  [Mon, 23 Apr 2012 20:09:12 -0700]	32880	orbital	127.0.0.1	epriestley	PhabricatorConduitConsoleController	-	/conduit/	http://local.aphront.com:8080/directory/6/	200	139340
  [Mon, 23 Apr 2012 20:09:15 -0700]	32868	orbital	127.0.0.1	epriestley	PhabricatorConduitAPIController	arcanist.projectinfo	/api/arcanist.projectinfo	http://local.aphront.com:8080/conduit/	200	128774
  [Mon, 23 Apr 2012 20:10:04 -0700]	32599	orbital	127.0.0.1	epriestley	Phabricator404Controller	-	/asdbmabdmbsm	-	404	38782
  [Mon, 23 Apr 2012 20:10:04 -0700]	32881	orbital	127.0.0.1	-	CelerityResourceController	-	/res/c9a43002/rsrc/css/aphront/request-failure-view.css	http://local.aphront.com:8080/asdbmabdmbsm	200	25160
  [Mon, 23 Apr 2012 20:10:57 -0700]	32882	orbital	127.0.0.1	epriestley	PhabricatorLogoutController	-	/logout/	http://local.aphront.com:8080/asdbmabdmbsm	200	40810
  [Mon, 23 Apr 2012 20:10:57 -0700]	32867	orbital	127.0.0.1	-	PhabricatorLoginController	-	/login/	http://local.aphront.com:8080/asdbmabdmbsm	200	42526
  [Mon, 23 Apr 2012 20:10:59 -0700]	32919	orbital	127.0.0.1	-	PhabricatorLoginController	-	/login/	http://local.aphront.com:8080/asdbmabdmbsm	200	49052
  [Mon, 23 Apr 2012 20:10:59 -0700]	32880	orbital	127.0.0.1	-	CelerityResourceController	-	/res/c80156c4/rsrc/js/application/core/behavior-dark-console.js	http://local.aphront.com:8080/login/	200	33166
  [Mon, 23 Apr 2012 20:10:59 -0700]	32868	orbital	127.0.0.1	-	CelerityResourceController	-	/res/4965d970/rsrc/css/aphront/dark-console.css	http://local.aphront.com:8080/login/	200	38078
  [Mon, 23 Apr 2012 20:10:59 -0700]	32599	orbital	127.0.0.1	-	CelerityResourceController	-	/res/pkg/8a5de8a3/javelin.pkg.js	http://local.aphront.com:8080/login/	200	40534
  [Mon, 23 Apr 2012 20:10:59 -0700]	32882	orbital	127.0.0.1	-	CelerityResourceController	-	/res/pkg/9c4e265b/core.pkg.css	http://local.aphront.com:8080/login/	200	41262
  [Mon, 23 Apr 2012 20:10:59 -0700]	32881	orbital	127.0.0.1	-	CelerityResourceController	-	/res/pkg/0c96375e/core.pkg.js	http://local.aphront.com:8080/login/	200	43720
  [Mon, 23 Apr 2012 20:10:59 -0700]	32921	orbital	127.0.0.1	-	CelerityResourceController	-	/res/caa86a45/rsrc/js/javelin/core/init.js	http://local.aphront.com:8080/login/	200	47566
  [Mon, 23 Apr 2012 20:10:59 -0700]	32867	orbital	127.0.0.1	-	CelerityResourceController	-	/res/f46289e9/rsrc/js/application/core/behavior-error-log.js	http://local.aphront.com:8080/login/	200	29328
  [Mon, 23 Apr 2012 20:10:59 -0700]	32919	orbital	127.0.0.1	-	CelerityResourceController	-	/res/7e62ff40/rsrc/image/phabricator_logo.png	http://local.aphront.com:8080/login/	200	25583
  [Mon, 23 Apr 2012 20:10:59 -0700]	32880	orbital	127.0.0.1	-	CelerityResourceController	-	/res/8c6200d3/rsrc/image/sprite.png	http://local.aphront.com:8080/login/	200	29829
  [Mon, 23 Apr 2012 20:11:01 -0700]	32868	orbital	127.0.0.1	-	PhabricatorOAuthLoginController	-	/oauth/facebook/login/  http://local.aphront.com:8080/login/	200	855931
  [Mon, 23 Apr 2012 20:11:02 -0700]	32882	orbital	127.0.0.1	epriestley789	PhabricatorLoginValidateController	-	/login/validate/	http://local.aphront.com:8080/login/	200	29793
  [Mon, 23 Apr 2012 20:11:02 -0700]	32881	orbital	127.0.0.1	epriestley789	PhabricatorDirectoryMainController	-	/	http://local.aphront.com:8080/login/	200	91638
Reviewers: jungejason, btrahan, vrana
Reviewed By: btrahan
CC: aran
Differential Revision: https://secure.phabricator.com/D2310
											
										 
											2012-04-25 07:24:08 -07:00
										 |  |  |   // This is the earliest we can get away with this, we need env config first.
 | 
					
						
							|  |  |  |   PhabricatorAccessLog::init(); | 
					
						
							|  |  |  |   $access_log = PhabricatorAccessLog::getLog(); | 
					
						
							|  |  |  |   if ($access_log) { | 
					
						
							|  |  |  |     $access_log->setData( | 
					
						
							|  |  |  |       array( | 
					
						
							|  |  |  |         'R' => idx($_SERVER, 'HTTP_REFERER', '-'), | 
					
						
							|  |  |  |         'r' => idx($_SERVER, 'REMOTE_ADDR', '-'), | 
					
						
							|  |  |  |         'M' => idx($_SERVER, 'REQUEST_METHOD', '-'), | 
					
						
							|  |  |  |       )); | 
					
						
							|  |  |  |   } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-04-05 10:48:36 -07:00
										 |  |  |   DarkConsoleXHProfPluginAPI::hookProfiler(); | 
					
						
							| 
									
										
										
										
											2011-02-02 13:48:52 -08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-05-11 07:20:04 -07:00
										 |  |  |   PhutilErrorHandler::initialize(); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-04-05 10:48:36 -07:00
										 |  |  | } catch (Exception $ex) { | 
					
						
							| 
									
										
										
										
											2011-07-16 07:49:04 -07:00
										 |  |  |   phabricator_fatal("[Initialization Exception] ".$ex->getMessage()); | 
					
						
							| 
									
										
										
										
											2011-04-05 10:48:36 -07:00
										 |  |  | } | 
					
						
							| 
									
										
										
										
											2011-02-02 22:38:42 -08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-04-05 12:24:21 -07:00
										 |  |  | PhutilErrorHandler::setErrorListener( | 
					
						
							|  |  |  |   array('DarkConsoleErrorLogPluginAPI', 'handleErrors')); | 
					
						
							| 
									
										
										
										
											2011-04-02 17:21:16 -07:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-02-24 14:52:57 -08:00
										 |  |  | foreach (PhabricatorEnv::getEnvConfig('load-libraries') as $library) { | 
					
						
							|  |  |  |   phutil_load_library($library); | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-05-05 11:00:05 -07:00
										 |  |  | if (PhabricatorEnv::getEnvConfig('phabricator.setup')) { | 
					
						
							| 
									
										
										
										
											2012-04-10 15:39:59 -07:00
										 |  |  |   try { | 
					
						
							|  |  |  |     PhabricatorSetup::runSetup(); | 
					
						
							|  |  |  |   } catch (Exception $ex) { | 
					
						
							|  |  |  |     echo "EXCEPTION!\n"; | 
					
						
							|  |  |  |     echo $ex; | 
					
						
							|  |  |  |   } | 
					
						
							| 
									
										
										
										
											2011-05-05 11:00:05 -07:00
										 |  |  |   return; | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2012-01-10 16:42:00 -08:00
										 |  |  | phabricator_detect_bad_base_uri(); | 
					
						
							| 
									
										
										
										
											2011-02-24 14:52:57 -08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2012-06-14 13:43:09 -07:00
										 |  |  | $translation = PhabricatorEnv::newObjectFromConfig('translation.provider'); | 
					
						
							|  |  |  | PhutilTranslator::getInstance() | 
					
						
							|  |  |  |   ->setLanguage($translation->getLanguage()) | 
					
						
							|  |  |  |   ->addTranslations($translation->getTranslations()); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-01-16 13:51:39 -08:00
										 |  |  | $host = $_SERVER['HTTP_HOST']; | 
					
						
							|  |  |  | $path = $_REQUEST['__path__']; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | switch ($host) { | 
					
						
							|  |  |  |   default: | 
					
						
							| 
									
										
										
										
											2011-02-24 14:52:57 -08:00
										 |  |  |     $config_key = 'aphront.default-application-configuration-class'; | 
					
						
							| 
									
										
										
										
											2012-03-21 14:48:58 -07:00
										 |  |  |     $application = PhabricatorEnv::newObjectFromConfig($config_key); | 
					
						
							| 
									
										
										
										
											2011-01-16 13:51:39 -08:00
										 |  |  |     break; | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-04-05 12:24:21 -07:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-01-16 13:51:39 -08:00
										 |  |  | $application->setHost($host); | 
					
						
							|  |  |  | $application->setPath($path); | 
					
						
							| 
									
										
										
										
											2011-02-02 13:48:52 -08:00
										 |  |  | $application->willBuildRequest(); | 
					
						
							| 
									
										
										
										
											2011-01-16 13:51:39 -08:00
										 |  |  | $request = $application->buildRequest(); | 
					
						
							| 
									
										
											  
											
												Create AphrontWriteGuard, a backup mechanism for CSRF validation
Summary:
Provide a catchall mechanism to find unprotected writes.
  - Depends on D758.
  - Similar to WriteOnHTTPGet stuff from Facebook's stack.
  - Since we have a small number of storage mechanisms and highly structured
read/write pathways, we can explicitly answer the question "is this page
performing a write?".
  - Never allow writes without CSRF checks.
  - This will probably break some things. That's fine: they're CSRF
vulnerabilities or weird edge cases that we can fix. But don't push to Facebook
for a few days unless you're prepared to deal with this.
  - **>>> MEGADERP: All Conduit write APIs are currently vulnerable to CSRF!
<<<**
Test Plan:
  - Ran some scripts that perform writes (scripts/search indexers), no issues.
  - Performed normal CSRF submits.
  - Added writes to an un-CSRF'd page, got an exception.
  - Executed conduit methods.
  - Did login/logout (this works because the logged-out user validates the
logged-out csrf "token").
  - Did OAuth login.
  - Did OAuth registration.
Reviewers: pedram, andrewjcg, erling, jungejason, tuomaspelkonen, aran,
codeblock
Commenters: pedram
CC: aran, epriestley, pedram
Differential Revision: 777
											
										 
											2011-08-03 11:49:27 -07:00
										 |  |  | 
 | 
					
						
							|  |  |  | $write_guard = new AphrontWriteGuard($request); | 
					
						
							| 
									
										
										
										
											2011-08-31 13:25:13 -07:00
										 |  |  | PhabricatorEventEngine::initialize(); | 
					
						
							| 
									
										
											  
											
												Create AphrontWriteGuard, a backup mechanism for CSRF validation
Summary:
Provide a catchall mechanism to find unprotected writes.
  - Depends on D758.
  - Similar to WriteOnHTTPGet stuff from Facebook's stack.
  - Since we have a small number of storage mechanisms and highly structured
read/write pathways, we can explicitly answer the question "is this page
performing a write?".
  - Never allow writes without CSRF checks.
  - This will probably break some things. That's fine: they're CSRF
vulnerabilities or weird edge cases that we can fix. But don't push to Facebook
for a few days unless you're prepared to deal with this.
  - **>>> MEGADERP: All Conduit write APIs are currently vulnerable to CSRF!
<<<**
Test Plan:
  - Ran some scripts that perform writes (scripts/search indexers), no issues.
  - Performed normal CSRF submits.
  - Added writes to an un-CSRF'd page, got an exception.
  - Executed conduit methods.
  - Did login/logout (this works because the logged-out user validates the
logged-out csrf "token").
  - Did OAuth login.
  - Did OAuth registration.
Reviewers: pedram, andrewjcg, erling, jungejason, tuomaspelkonen, aran,
codeblock
Commenters: pedram
CC: aran, epriestley, pedram
Differential Revision: 777
											
										 
											2011-08-03 11:49:27 -07:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-01-16 13:51:39 -08:00
										 |  |  | $application->setRequest($request); | 
					
						
							|  |  |  | list($controller, $uri_data) = $application->buildController(); | 
					
						
							| 
									
										
											  
											
												Allow Phabricator to write an access log using PhutilDeferredLog
Summary: Provide a configurable access log.
Test Plan:
Got a sensible-looking log including logged-in, logged-out, conduit, 404, etc:
  [Mon, 23 Apr 2012 20:08:12 -0700]	32599	orbital	-	epriestley	DifferentialCommentPreviewController	-	/differential/comment/preview/42/	http://local.aphront.com:8080/D42	200	65406
  [Mon, 23 Apr 2012 20:08:12 -0700]	32881	orbital	-	epriestley	DifferentialChangesetViewController	-	/differential/changeset/	http://local.aphront.com:8080/D42	200	72669
  [Mon, 23 Apr 2012 20:08:39 -0700]	32882	orbital	127.0.0.1	epriestley	DifferentialRevisionListController	-	/differential/	http://local.aphront.com:8080/D42	200	106444
  [Mon, 23 Apr 2012 20:08:54 -0700]	32867	orbital	127.0.0.1	epriestley	DifferentialRevisionListController	-	/differential/	http://local.aphront.com:8080/differential/	200	112229
  [Mon, 23 Apr 2012 20:09:05 -0700]	32530	orbital	127.0.0.1	epriestley	PhabricatorDirectoryMainController	-	/	http://local.aphront.com:8080/differential/	200	141350
  [Mon, 23 Apr 2012 20:09:10 -0700]	32598	orbital	127.0.0.1	epriestley	PhabricatorDirectoryCategoryViewController	-	/directory/6/	http://local.aphront.com:8080/	200	43474
  [Mon, 23 Apr 2012 20:09:12 -0700]	32880	orbital	127.0.0.1	epriestley	PhabricatorConduitConsoleController	-	/conduit/	http://local.aphront.com:8080/directory/6/	200	139340
  [Mon, 23 Apr 2012 20:09:15 -0700]	32868	orbital	127.0.0.1	epriestley	PhabricatorConduitAPIController	arcanist.projectinfo	/api/arcanist.projectinfo	http://local.aphront.com:8080/conduit/	200	128774
  [Mon, 23 Apr 2012 20:10:04 -0700]	32599	orbital	127.0.0.1	epriestley	Phabricator404Controller	-	/asdbmabdmbsm	-	404	38782
  [Mon, 23 Apr 2012 20:10:04 -0700]	32881	orbital	127.0.0.1	-	CelerityResourceController	-	/res/c9a43002/rsrc/css/aphront/request-failure-view.css	http://local.aphront.com:8080/asdbmabdmbsm	200	25160
  [Mon, 23 Apr 2012 20:10:57 -0700]	32882	orbital	127.0.0.1	epriestley	PhabricatorLogoutController	-	/logout/	http://local.aphront.com:8080/asdbmabdmbsm	200	40810
  [Mon, 23 Apr 2012 20:10:57 -0700]	32867	orbital	127.0.0.1	-	PhabricatorLoginController	-	/login/	http://local.aphront.com:8080/asdbmabdmbsm	200	42526
  [Mon, 23 Apr 2012 20:10:59 -0700]	32919	orbital	127.0.0.1	-	PhabricatorLoginController	-	/login/	http://local.aphront.com:8080/asdbmabdmbsm	200	49052
  [Mon, 23 Apr 2012 20:10:59 -0700]	32880	orbital	127.0.0.1	-	CelerityResourceController	-	/res/c80156c4/rsrc/js/application/core/behavior-dark-console.js	http://local.aphront.com:8080/login/	200	33166
  [Mon, 23 Apr 2012 20:10:59 -0700]	32868	orbital	127.0.0.1	-	CelerityResourceController	-	/res/4965d970/rsrc/css/aphront/dark-console.css	http://local.aphront.com:8080/login/	200	38078
  [Mon, 23 Apr 2012 20:10:59 -0700]	32599	orbital	127.0.0.1	-	CelerityResourceController	-	/res/pkg/8a5de8a3/javelin.pkg.js	http://local.aphront.com:8080/login/	200	40534
  [Mon, 23 Apr 2012 20:10:59 -0700]	32882	orbital	127.0.0.1	-	CelerityResourceController	-	/res/pkg/9c4e265b/core.pkg.css	http://local.aphront.com:8080/login/	200	41262
  [Mon, 23 Apr 2012 20:10:59 -0700]	32881	orbital	127.0.0.1	-	CelerityResourceController	-	/res/pkg/0c96375e/core.pkg.js	http://local.aphront.com:8080/login/	200	43720
  [Mon, 23 Apr 2012 20:10:59 -0700]	32921	orbital	127.0.0.1	-	CelerityResourceController	-	/res/caa86a45/rsrc/js/javelin/core/init.js	http://local.aphront.com:8080/login/	200	47566
  [Mon, 23 Apr 2012 20:10:59 -0700]	32867	orbital	127.0.0.1	-	CelerityResourceController	-	/res/f46289e9/rsrc/js/application/core/behavior-error-log.js	http://local.aphront.com:8080/login/	200	29328
  [Mon, 23 Apr 2012 20:10:59 -0700]	32919	orbital	127.0.0.1	-	CelerityResourceController	-	/res/7e62ff40/rsrc/image/phabricator_logo.png	http://local.aphront.com:8080/login/	200	25583
  [Mon, 23 Apr 2012 20:10:59 -0700]	32880	orbital	127.0.0.1	-	CelerityResourceController	-	/res/8c6200d3/rsrc/image/sprite.png	http://local.aphront.com:8080/login/	200	29829
  [Mon, 23 Apr 2012 20:11:01 -0700]	32868	orbital	127.0.0.1	-	PhabricatorOAuthLoginController	-	/oauth/facebook/login/  http://local.aphront.com:8080/login/	200	855931
  [Mon, 23 Apr 2012 20:11:02 -0700]	32882	orbital	127.0.0.1	epriestley789	PhabricatorLoginValidateController	-	/login/validate/	http://local.aphront.com:8080/login/	200	29793
  [Mon, 23 Apr 2012 20:11:02 -0700]	32881	orbital	127.0.0.1	epriestley789	PhabricatorDirectoryMainController	-	/	http://local.aphront.com:8080/login/	200	91638
Reviewers: jungejason, btrahan, vrana
Reviewed By: btrahan
CC: aran
Differential Revision: https://secure.phabricator.com/D2310
											
										 
											2012-04-25 07:24:08 -07:00
										 |  |  | 
 | 
					
						
							|  |  |  | if ($access_log) { | 
					
						
							|  |  |  |   $access_log->setData( | 
					
						
							|  |  |  |     array( | 
					
						
							|  |  |  |       'U' => (string)$request->getRequestURI()->getPath(), | 
					
						
							|  |  |  |       'C' => get_class($controller), | 
					
						
							|  |  |  |     )); | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2012-06-06 08:15:42 -07:00
										 |  |  | // If execution throws an exception and then trying to render that exception
 | 
					
						
							|  |  |  | // throws another exception, we want to show the original exception, as it is
 | 
					
						
							|  |  |  | // likely the root cause of the rendering exception.
 | 
					
						
							|  |  |  | $original_exception = null; | 
					
						
							| 
									
										
										
										
											2011-01-16 13:51:39 -08:00
										 |  |  | try { | 
					
						
							| 
									
										
										
										
											2011-03-07 19:29:51 -08:00
										 |  |  |   $response = $controller->willBeginExecution(); | 
					
						
							| 
									
										
											  
											
												Allow Phabricator to write an access log using PhutilDeferredLog
Summary: Provide a configurable access log.
Test Plan:
Got a sensible-looking log including logged-in, logged-out, conduit, 404, etc:
  [Mon, 23 Apr 2012 20:08:12 -0700]	32599	orbital	-	epriestley	DifferentialCommentPreviewController	-	/differential/comment/preview/42/	http://local.aphront.com:8080/D42	200	65406
  [Mon, 23 Apr 2012 20:08:12 -0700]	32881	orbital	-	epriestley	DifferentialChangesetViewController	-	/differential/changeset/	http://local.aphront.com:8080/D42	200	72669
  [Mon, 23 Apr 2012 20:08:39 -0700]	32882	orbital	127.0.0.1	epriestley	DifferentialRevisionListController	-	/differential/	http://local.aphront.com:8080/D42	200	106444
  [Mon, 23 Apr 2012 20:08:54 -0700]	32867	orbital	127.0.0.1	epriestley	DifferentialRevisionListController	-	/differential/	http://local.aphront.com:8080/differential/	200	112229
  [Mon, 23 Apr 2012 20:09:05 -0700]	32530	orbital	127.0.0.1	epriestley	PhabricatorDirectoryMainController	-	/	http://local.aphront.com:8080/differential/	200	141350
  [Mon, 23 Apr 2012 20:09:10 -0700]	32598	orbital	127.0.0.1	epriestley	PhabricatorDirectoryCategoryViewController	-	/directory/6/	http://local.aphront.com:8080/	200	43474
  [Mon, 23 Apr 2012 20:09:12 -0700]	32880	orbital	127.0.0.1	epriestley	PhabricatorConduitConsoleController	-	/conduit/	http://local.aphront.com:8080/directory/6/	200	139340
  [Mon, 23 Apr 2012 20:09:15 -0700]	32868	orbital	127.0.0.1	epriestley	PhabricatorConduitAPIController	arcanist.projectinfo	/api/arcanist.projectinfo	http://local.aphront.com:8080/conduit/	200	128774
  [Mon, 23 Apr 2012 20:10:04 -0700]	32599	orbital	127.0.0.1	epriestley	Phabricator404Controller	-	/asdbmabdmbsm	-	404	38782
  [Mon, 23 Apr 2012 20:10:04 -0700]	32881	orbital	127.0.0.1	-	CelerityResourceController	-	/res/c9a43002/rsrc/css/aphront/request-failure-view.css	http://local.aphront.com:8080/asdbmabdmbsm	200	25160
  [Mon, 23 Apr 2012 20:10:57 -0700]	32882	orbital	127.0.0.1	epriestley	PhabricatorLogoutController	-	/logout/	http://local.aphront.com:8080/asdbmabdmbsm	200	40810
  [Mon, 23 Apr 2012 20:10:57 -0700]	32867	orbital	127.0.0.1	-	PhabricatorLoginController	-	/login/	http://local.aphront.com:8080/asdbmabdmbsm	200	42526
  [Mon, 23 Apr 2012 20:10:59 -0700]	32919	orbital	127.0.0.1	-	PhabricatorLoginController	-	/login/	http://local.aphront.com:8080/asdbmabdmbsm	200	49052
  [Mon, 23 Apr 2012 20:10:59 -0700]	32880	orbital	127.0.0.1	-	CelerityResourceController	-	/res/c80156c4/rsrc/js/application/core/behavior-dark-console.js	http://local.aphront.com:8080/login/	200	33166
  [Mon, 23 Apr 2012 20:10:59 -0700]	32868	orbital	127.0.0.1	-	CelerityResourceController	-	/res/4965d970/rsrc/css/aphront/dark-console.css	http://local.aphront.com:8080/login/	200	38078
  [Mon, 23 Apr 2012 20:10:59 -0700]	32599	orbital	127.0.0.1	-	CelerityResourceController	-	/res/pkg/8a5de8a3/javelin.pkg.js	http://local.aphront.com:8080/login/	200	40534
  [Mon, 23 Apr 2012 20:10:59 -0700]	32882	orbital	127.0.0.1	-	CelerityResourceController	-	/res/pkg/9c4e265b/core.pkg.css	http://local.aphront.com:8080/login/	200	41262
  [Mon, 23 Apr 2012 20:10:59 -0700]	32881	orbital	127.0.0.1	-	CelerityResourceController	-	/res/pkg/0c96375e/core.pkg.js	http://local.aphront.com:8080/login/	200	43720
  [Mon, 23 Apr 2012 20:10:59 -0700]	32921	orbital	127.0.0.1	-	CelerityResourceController	-	/res/caa86a45/rsrc/js/javelin/core/init.js	http://local.aphront.com:8080/login/	200	47566
  [Mon, 23 Apr 2012 20:10:59 -0700]	32867	orbital	127.0.0.1	-	CelerityResourceController	-	/res/f46289e9/rsrc/js/application/core/behavior-error-log.js	http://local.aphront.com:8080/login/	200	29328
  [Mon, 23 Apr 2012 20:10:59 -0700]	32919	orbital	127.0.0.1	-	CelerityResourceController	-	/res/7e62ff40/rsrc/image/phabricator_logo.png	http://local.aphront.com:8080/login/	200	25583
  [Mon, 23 Apr 2012 20:10:59 -0700]	32880	orbital	127.0.0.1	-	CelerityResourceController	-	/res/8c6200d3/rsrc/image/sprite.png	http://local.aphront.com:8080/login/	200	29829
  [Mon, 23 Apr 2012 20:11:01 -0700]	32868	orbital	127.0.0.1	-	PhabricatorOAuthLoginController	-	/oauth/facebook/login/  http://local.aphront.com:8080/login/	200	855931
  [Mon, 23 Apr 2012 20:11:02 -0700]	32882	orbital	127.0.0.1	epriestley789	PhabricatorLoginValidateController	-	/login/validate/	http://local.aphront.com:8080/login/	200	29793
  [Mon, 23 Apr 2012 20:11:02 -0700]	32881	orbital	127.0.0.1	epriestley789	PhabricatorDirectoryMainController	-	/	http://local.aphront.com:8080/login/	200	91638
Reviewers: jungejason, btrahan, vrana
Reviewed By: btrahan
CC: aran
Differential Revision: https://secure.phabricator.com/D2310
											
										 
											2012-04-25 07:24:08 -07:00
										 |  |  | 
 | 
					
						
							|  |  |  |   if ($access_log) { | 
					
						
							|  |  |  |     if ($request->getUser() && $request->getUser()->getPHID()) { | 
					
						
							|  |  |  |       $access_log->setData( | 
					
						
							|  |  |  |         array( | 
					
						
							|  |  |  |           'u' => $request->getUser()->getUserName(), | 
					
						
							|  |  |  |         )); | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  |   } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-03-07 19:29:51 -08:00
										 |  |  |   if (!$response) { | 
					
						
							|  |  |  |     $controller->willProcessRequest($uri_data); | 
					
						
							|  |  |  |     $response = $controller->processRequest(); | 
					
						
							|  |  |  |   } | 
					
						
							| 
									
										
										
										
											2011-01-26 13:21:12 -08:00
										 |  |  | } catch (AphrontRedirectException $ex) { | 
					
						
							|  |  |  |   $response = id(new AphrontRedirectResponse()) | 
					
						
							|  |  |  |     ->setURI($ex->getURI()); | 
					
						
							| 
									
										
										
										
											2011-01-16 13:51:39 -08:00
										 |  |  | } catch (Exception $ex) { | 
					
						
							| 
									
										
										
										
											2012-06-06 08:15:42 -07:00
										 |  |  |   $original_exception = $ex; | 
					
						
							| 
									
										
										
										
											2011-01-16 13:51:39 -08:00
										 |  |  |   $response = $application->handleException($ex); | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-07-16 07:49:04 -07:00
										 |  |  | try { | 
					
						
							|  |  |  |   $response = $application->willSendResponse($response); | 
					
						
							|  |  |  |   $response->setRequest($request); | 
					
						
							|  |  |  |   $response_string = $response->buildResponseString(); | 
					
						
							|  |  |  | } catch (Exception $ex) { | 
					
						
							| 
									
										
											  
											
												Create AphrontWriteGuard, a backup mechanism for CSRF validation
Summary:
Provide a catchall mechanism to find unprotected writes.
  - Depends on D758.
  - Similar to WriteOnHTTPGet stuff from Facebook's stack.
  - Since we have a small number of storage mechanisms and highly structured
read/write pathways, we can explicitly answer the question "is this page
performing a write?".
  - Never allow writes without CSRF checks.
  - This will probably break some things. That's fine: they're CSRF
vulnerabilities or weird edge cases that we can fix. But don't push to Facebook
for a few days unless you're prepared to deal with this.
  - **>>> MEGADERP: All Conduit write APIs are currently vulnerable to CSRF!
<<<**
Test Plan:
  - Ran some scripts that perform writes (scripts/search indexers), no issues.
  - Performed normal CSRF submits.
  - Added writes to an un-CSRF'd page, got an exception.
  - Executed conduit methods.
  - Did login/logout (this works because the logged-out user validates the
logged-out csrf "token").
  - Did OAuth login.
  - Did OAuth registration.
Reviewers: pedram, andrewjcg, erling, jungejason, tuomaspelkonen, aran,
codeblock
Commenters: pedram
CC: aran, epriestley, pedram
Differential Revision: 777
											
										 
											2011-08-03 11:49:27 -07:00
										 |  |  |   $write_guard->dispose(); | 
					
						
							| 
									
										
											  
											
												Allow Phabricator to write an access log using PhutilDeferredLog
Summary: Provide a configurable access log.
Test Plan:
Got a sensible-looking log including logged-in, logged-out, conduit, 404, etc:
  [Mon, 23 Apr 2012 20:08:12 -0700]	32599	orbital	-	epriestley	DifferentialCommentPreviewController	-	/differential/comment/preview/42/	http://local.aphront.com:8080/D42	200	65406
  [Mon, 23 Apr 2012 20:08:12 -0700]	32881	orbital	-	epriestley	DifferentialChangesetViewController	-	/differential/changeset/	http://local.aphront.com:8080/D42	200	72669
  [Mon, 23 Apr 2012 20:08:39 -0700]	32882	orbital	127.0.0.1	epriestley	DifferentialRevisionListController	-	/differential/	http://local.aphront.com:8080/D42	200	106444
  [Mon, 23 Apr 2012 20:08:54 -0700]	32867	orbital	127.0.0.1	epriestley	DifferentialRevisionListController	-	/differential/	http://local.aphront.com:8080/differential/	200	112229
  [Mon, 23 Apr 2012 20:09:05 -0700]	32530	orbital	127.0.0.1	epriestley	PhabricatorDirectoryMainController	-	/	http://local.aphront.com:8080/differential/	200	141350
  [Mon, 23 Apr 2012 20:09:10 -0700]	32598	orbital	127.0.0.1	epriestley	PhabricatorDirectoryCategoryViewController	-	/directory/6/	http://local.aphront.com:8080/	200	43474
  [Mon, 23 Apr 2012 20:09:12 -0700]	32880	orbital	127.0.0.1	epriestley	PhabricatorConduitConsoleController	-	/conduit/	http://local.aphront.com:8080/directory/6/	200	139340
  [Mon, 23 Apr 2012 20:09:15 -0700]	32868	orbital	127.0.0.1	epriestley	PhabricatorConduitAPIController	arcanist.projectinfo	/api/arcanist.projectinfo	http://local.aphront.com:8080/conduit/	200	128774
  [Mon, 23 Apr 2012 20:10:04 -0700]	32599	orbital	127.0.0.1	epriestley	Phabricator404Controller	-	/asdbmabdmbsm	-	404	38782
  [Mon, 23 Apr 2012 20:10:04 -0700]	32881	orbital	127.0.0.1	-	CelerityResourceController	-	/res/c9a43002/rsrc/css/aphront/request-failure-view.css	http://local.aphront.com:8080/asdbmabdmbsm	200	25160
  [Mon, 23 Apr 2012 20:10:57 -0700]	32882	orbital	127.0.0.1	epriestley	PhabricatorLogoutController	-	/logout/	http://local.aphront.com:8080/asdbmabdmbsm	200	40810
  [Mon, 23 Apr 2012 20:10:57 -0700]	32867	orbital	127.0.0.1	-	PhabricatorLoginController	-	/login/	http://local.aphront.com:8080/asdbmabdmbsm	200	42526
  [Mon, 23 Apr 2012 20:10:59 -0700]	32919	orbital	127.0.0.1	-	PhabricatorLoginController	-	/login/	http://local.aphront.com:8080/asdbmabdmbsm	200	49052
  [Mon, 23 Apr 2012 20:10:59 -0700]	32880	orbital	127.0.0.1	-	CelerityResourceController	-	/res/c80156c4/rsrc/js/application/core/behavior-dark-console.js	http://local.aphront.com:8080/login/	200	33166
  [Mon, 23 Apr 2012 20:10:59 -0700]	32868	orbital	127.0.0.1	-	CelerityResourceController	-	/res/4965d970/rsrc/css/aphront/dark-console.css	http://local.aphront.com:8080/login/	200	38078
  [Mon, 23 Apr 2012 20:10:59 -0700]	32599	orbital	127.0.0.1	-	CelerityResourceController	-	/res/pkg/8a5de8a3/javelin.pkg.js	http://local.aphront.com:8080/login/	200	40534
  [Mon, 23 Apr 2012 20:10:59 -0700]	32882	orbital	127.0.0.1	-	CelerityResourceController	-	/res/pkg/9c4e265b/core.pkg.css	http://local.aphront.com:8080/login/	200	41262
  [Mon, 23 Apr 2012 20:10:59 -0700]	32881	orbital	127.0.0.1	-	CelerityResourceController	-	/res/pkg/0c96375e/core.pkg.js	http://local.aphront.com:8080/login/	200	43720
  [Mon, 23 Apr 2012 20:10:59 -0700]	32921	orbital	127.0.0.1	-	CelerityResourceController	-	/res/caa86a45/rsrc/js/javelin/core/init.js	http://local.aphront.com:8080/login/	200	47566
  [Mon, 23 Apr 2012 20:10:59 -0700]	32867	orbital	127.0.0.1	-	CelerityResourceController	-	/res/f46289e9/rsrc/js/application/core/behavior-error-log.js	http://local.aphront.com:8080/login/	200	29328
  [Mon, 23 Apr 2012 20:10:59 -0700]	32919	orbital	127.0.0.1	-	CelerityResourceController	-	/res/7e62ff40/rsrc/image/phabricator_logo.png	http://local.aphront.com:8080/login/	200	25583
  [Mon, 23 Apr 2012 20:10:59 -0700]	32880	orbital	127.0.0.1	-	CelerityResourceController	-	/res/8c6200d3/rsrc/image/sprite.png	http://local.aphront.com:8080/login/	200	29829
  [Mon, 23 Apr 2012 20:11:01 -0700]	32868	orbital	127.0.0.1	-	PhabricatorOAuthLoginController	-	/oauth/facebook/login/  http://local.aphront.com:8080/login/	200	855931
  [Mon, 23 Apr 2012 20:11:02 -0700]	32882	orbital	127.0.0.1	epriestley789	PhabricatorLoginValidateController	-	/login/validate/	http://local.aphront.com:8080/login/	200	29793
  [Mon, 23 Apr 2012 20:11:02 -0700]	32881	orbital	127.0.0.1	epriestley789	PhabricatorDirectoryMainController	-	/	http://local.aphront.com:8080/login/	200	91638
Reviewers: jungejason, btrahan, vrana
Reviewed By: btrahan
CC: aran
Differential Revision: https://secure.phabricator.com/D2310
											
										 
											2012-04-25 07:24:08 -07:00
										 |  |  |   if ($access_log) { | 
					
						
							|  |  |  |     $access_log->write(); | 
					
						
							|  |  |  |   } | 
					
						
							| 
									
										
										
										
											2012-06-06 08:15:42 -07:00
										 |  |  |   if ($original_exception) { | 
					
						
							|  |  |  |     $ex = new PhutilAggregateException( | 
					
						
							|  |  |  |       "Multiple exceptions during processing and rendering.", | 
					
						
							|  |  |  |       array( | 
					
						
							|  |  |  |         $original_exception, | 
					
						
							|  |  |  |         $ex, | 
					
						
							|  |  |  |       )); | 
					
						
							|  |  |  |   } | 
					
						
							| 
									
										
										
										
											2011-07-16 07:49:04 -07:00
										 |  |  |   phabricator_fatal('[Rendering Exception] '.$ex->getMessage()); | 
					
						
							|  |  |  | } | 
					
						
							| 
									
										
										
										
											2011-01-30 08:44:28 -08:00
										 |  |  | 
 | 
					
						
							| 
									
										
											  
											
												Create AphrontWriteGuard, a backup mechanism for CSRF validation
Summary:
Provide a catchall mechanism to find unprotected writes.
  - Depends on D758.
  - Similar to WriteOnHTTPGet stuff from Facebook's stack.
  - Since we have a small number of storage mechanisms and highly structured
read/write pathways, we can explicitly answer the question "is this page
performing a write?".
  - Never allow writes without CSRF checks.
  - This will probably break some things. That's fine: they're CSRF
vulnerabilities or weird edge cases that we can fix. But don't push to Facebook
for a few days unless you're prepared to deal with this.
  - **>>> MEGADERP: All Conduit write APIs are currently vulnerable to CSRF!
<<<**
Test Plan:
  - Ran some scripts that perform writes (scripts/search indexers), no issues.
  - Performed normal CSRF submits.
  - Added writes to an un-CSRF'd page, got an exception.
  - Executed conduit methods.
  - Did login/logout (this works because the logged-out user validates the
logged-out csrf "token").
  - Did OAuth login.
  - Did OAuth registration.
Reviewers: pedram, andrewjcg, erling, jungejason, tuomaspelkonen, aran,
codeblock
Commenters: pedram
CC: aran, epriestley, pedram
Differential Revision: 777
											
										 
											2011-08-03 11:49:27 -07:00
										 |  |  | $write_guard->dispose(); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2012-02-14 14:51:51 -08:00
										 |  |  | // TODO: Share the $sink->writeResponse() pathway here?
 | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2012-02-06 09:59:34 -08:00
										 |  |  | $sink = new AphrontPHPHTTPSink(); | 
					
						
							|  |  |  | $sink->writeHTTPStatus($response->getHTTPResponseCode()); | 
					
						
							| 
									
										
										
										
											2011-01-30 08:44:28 -08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-01-16 13:51:39 -08:00
										 |  |  | $headers = $response->getCacheHeaders(); | 
					
						
							|  |  |  | $headers = array_merge($headers, $response->getHeaders()); | 
					
						
							| 
									
										
										
										
											2011-02-02 13:48:52 -08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2012-02-06 09:59:34 -08:00
										 |  |  | $sink->writeHeaders($headers); | 
					
						
							| 
									
										
										
										
											2011-04-05 12:24:21 -07:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-02-24 14:52:57 -08:00
										 |  |  | // TODO: This shouldn't be possible in a production-configured environment.
 | 
					
						
							| 
									
										
										
										
											2011-02-02 13:48:52 -08:00
										 |  |  | if (isset($_REQUEST['__profile__']) && | 
					
						
							|  |  |  |     ($_REQUEST['__profile__'] == 'all')) { | 
					
						
							|  |  |  |   $profile = DarkConsoleXHProfPluginAPI::stopProfiler(); | 
					
						
							| 
									
										
										
										
											2011-02-02 22:38:42 -08:00
										 |  |  |   $profile = | 
					
						
							| 
									
										
										
										
											2011-02-02 16:14:23 -08:00
										 |  |  |     '<div style="text-align: center; background: #ff00ff; padding: 1em;
 | 
					
						
							|  |  |  |                  font-size: 24px; font-weight: bold;">'.
 | 
					
						
							|  |  |  |       '<a href="/xhprof/profile/'.$profile.'/">'. | 
					
						
							|  |  |  |         '>>> View Profile <<<'. | 
					
						
							|  |  |  |       '</a>'. | 
					
						
							|  |  |  |     '</div>'; | 
					
						
							| 
									
										
										
										
											2011-02-02 13:48:52 -08:00
										 |  |  |   if (strpos($response_string, '<body>') !== false) { | 
					
						
							|  |  |  |     $response_string = str_replace( | 
					
						
							|  |  |  |       '<body>', | 
					
						
							|  |  |  |       '<body>'.$profile, | 
					
						
							|  |  |  |       $response_string); | 
					
						
							| 
									
										
										
										
											2011-02-02 16:14:23 -08:00
										 |  |  |   } else { | 
					
						
							| 
									
										
										
										
											2012-02-06 09:59:34 -08:00
										 |  |  |     $sink->writeData($profile); | 
					
						
							| 
									
										
										
										
											2011-02-02 13:48:52 -08:00
										 |  |  |   } | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2012-02-06 09:59:34 -08:00
										 |  |  | $sink->writeData($response_string); | 
					
						
							| 
									
										
										
										
											2011-01-16 13:51:39 -08:00
										 |  |  | 
 | 
					
						
							| 
									
										
											  
											
												Allow Phabricator to write an access log using PhutilDeferredLog
Summary: Provide a configurable access log.
Test Plan:
Got a sensible-looking log including logged-in, logged-out, conduit, 404, etc:
  [Mon, 23 Apr 2012 20:08:12 -0700]	32599	orbital	-	epriestley	DifferentialCommentPreviewController	-	/differential/comment/preview/42/	http://local.aphront.com:8080/D42	200	65406
  [Mon, 23 Apr 2012 20:08:12 -0700]	32881	orbital	-	epriestley	DifferentialChangesetViewController	-	/differential/changeset/	http://local.aphront.com:8080/D42	200	72669
  [Mon, 23 Apr 2012 20:08:39 -0700]	32882	orbital	127.0.0.1	epriestley	DifferentialRevisionListController	-	/differential/	http://local.aphront.com:8080/D42	200	106444
  [Mon, 23 Apr 2012 20:08:54 -0700]	32867	orbital	127.0.0.1	epriestley	DifferentialRevisionListController	-	/differential/	http://local.aphront.com:8080/differential/	200	112229
  [Mon, 23 Apr 2012 20:09:05 -0700]	32530	orbital	127.0.0.1	epriestley	PhabricatorDirectoryMainController	-	/	http://local.aphront.com:8080/differential/	200	141350
  [Mon, 23 Apr 2012 20:09:10 -0700]	32598	orbital	127.0.0.1	epriestley	PhabricatorDirectoryCategoryViewController	-	/directory/6/	http://local.aphront.com:8080/	200	43474
  [Mon, 23 Apr 2012 20:09:12 -0700]	32880	orbital	127.0.0.1	epriestley	PhabricatorConduitConsoleController	-	/conduit/	http://local.aphront.com:8080/directory/6/	200	139340
  [Mon, 23 Apr 2012 20:09:15 -0700]	32868	orbital	127.0.0.1	epriestley	PhabricatorConduitAPIController	arcanist.projectinfo	/api/arcanist.projectinfo	http://local.aphront.com:8080/conduit/	200	128774
  [Mon, 23 Apr 2012 20:10:04 -0700]	32599	orbital	127.0.0.1	epriestley	Phabricator404Controller	-	/asdbmabdmbsm	-	404	38782
  [Mon, 23 Apr 2012 20:10:04 -0700]	32881	orbital	127.0.0.1	-	CelerityResourceController	-	/res/c9a43002/rsrc/css/aphront/request-failure-view.css	http://local.aphront.com:8080/asdbmabdmbsm	200	25160
  [Mon, 23 Apr 2012 20:10:57 -0700]	32882	orbital	127.0.0.1	epriestley	PhabricatorLogoutController	-	/logout/	http://local.aphront.com:8080/asdbmabdmbsm	200	40810
  [Mon, 23 Apr 2012 20:10:57 -0700]	32867	orbital	127.0.0.1	-	PhabricatorLoginController	-	/login/	http://local.aphront.com:8080/asdbmabdmbsm	200	42526
  [Mon, 23 Apr 2012 20:10:59 -0700]	32919	orbital	127.0.0.1	-	PhabricatorLoginController	-	/login/	http://local.aphront.com:8080/asdbmabdmbsm	200	49052
  [Mon, 23 Apr 2012 20:10:59 -0700]	32880	orbital	127.0.0.1	-	CelerityResourceController	-	/res/c80156c4/rsrc/js/application/core/behavior-dark-console.js	http://local.aphront.com:8080/login/	200	33166
  [Mon, 23 Apr 2012 20:10:59 -0700]	32868	orbital	127.0.0.1	-	CelerityResourceController	-	/res/4965d970/rsrc/css/aphront/dark-console.css	http://local.aphront.com:8080/login/	200	38078
  [Mon, 23 Apr 2012 20:10:59 -0700]	32599	orbital	127.0.0.1	-	CelerityResourceController	-	/res/pkg/8a5de8a3/javelin.pkg.js	http://local.aphront.com:8080/login/	200	40534
  [Mon, 23 Apr 2012 20:10:59 -0700]	32882	orbital	127.0.0.1	-	CelerityResourceController	-	/res/pkg/9c4e265b/core.pkg.css	http://local.aphront.com:8080/login/	200	41262
  [Mon, 23 Apr 2012 20:10:59 -0700]	32881	orbital	127.0.0.1	-	CelerityResourceController	-	/res/pkg/0c96375e/core.pkg.js	http://local.aphront.com:8080/login/	200	43720
  [Mon, 23 Apr 2012 20:10:59 -0700]	32921	orbital	127.0.0.1	-	CelerityResourceController	-	/res/caa86a45/rsrc/js/javelin/core/init.js	http://local.aphront.com:8080/login/	200	47566
  [Mon, 23 Apr 2012 20:10:59 -0700]	32867	orbital	127.0.0.1	-	CelerityResourceController	-	/res/f46289e9/rsrc/js/application/core/behavior-error-log.js	http://local.aphront.com:8080/login/	200	29328
  [Mon, 23 Apr 2012 20:10:59 -0700]	32919	orbital	127.0.0.1	-	CelerityResourceController	-	/res/7e62ff40/rsrc/image/phabricator_logo.png	http://local.aphront.com:8080/login/	200	25583
  [Mon, 23 Apr 2012 20:10:59 -0700]	32880	orbital	127.0.0.1	-	CelerityResourceController	-	/res/8c6200d3/rsrc/image/sprite.png	http://local.aphront.com:8080/login/	200	29829
  [Mon, 23 Apr 2012 20:11:01 -0700]	32868	orbital	127.0.0.1	-	PhabricatorOAuthLoginController	-	/oauth/facebook/login/  http://local.aphront.com:8080/login/	200	855931
  [Mon, 23 Apr 2012 20:11:02 -0700]	32882	orbital	127.0.0.1	epriestley789	PhabricatorLoginValidateController	-	/login/validate/	http://local.aphront.com:8080/login/	200	29793
  [Mon, 23 Apr 2012 20:11:02 -0700]	32881	orbital	127.0.0.1	epriestley789	PhabricatorDirectoryMainController	-	/	http://local.aphront.com:8080/login/	200	91638
Reviewers: jungejason, btrahan, vrana
Reviewed By: btrahan
CC: aran
Differential Revision: https://secure.phabricator.com/D2310
											
										 
											2012-04-25 07:24:08 -07:00
										 |  |  | if ($access_log) { | 
					
						
							|  |  |  |   $access_log->setData( | 
					
						
							|  |  |  |     array( | 
					
						
							|  |  |  |       'c' => $response->getHTTPResponseCode(), | 
					
						
							|  |  |  |       'T' => (int)(1000000 * (microtime(true) - $__start__)), | 
					
						
							|  |  |  |     )); | 
					
						
							|  |  |  |   $access_log->write(); | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-01-16 13:51:39 -08:00
										 |  |  | /** | 
					
						
							|  |  |  |  * @group aphront | 
					
						
							|  |  |  |  */ | 
					
						
							|  |  |  | function setup_aphront_basics() { | 
					
						
							|  |  |  |   $aphront_root   = dirname(dirname(__FILE__)); | 
					
						
							|  |  |  |   $libraries_root = dirname($aphront_root); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-02-25 18:58:37 -08:00
										 |  |  |   $root = null; | 
					
						
							|  |  |  |   if (!empty($_SERVER['PHUTIL_LIBRARY_ROOT'])) { | 
					
						
							|  |  |  |     $root = $_SERVER['PHUTIL_LIBRARY_ROOT']; | 
					
						
							|  |  |  |   } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2012-04-05 23:50:55 -07:00
										 |  |  |   ini_set( | 
					
						
							|  |  |  |     'include_path', | 
					
						
							|  |  |  |     $libraries_root.PATH_SEPARATOR.ini_get('include_path')); | 
					
						
							| 
									
										
										
										
											2011-02-25 18:58:37 -08:00
										 |  |  |   @include_once $root.'libphutil/src/__phutil_library_init__.php'; | 
					
						
							| 
									
										
										
										
											2011-01-16 13:51:39 -08:00
										 |  |  |   if (!@constant('__LIBPHUTIL__')) { | 
					
						
							| 
									
										
										
										
											2012-03-12 17:06:18 -07:00
										 |  |  |     echo "ERROR: Unable to load libphutil. Put libphutil/ next to ". | 
					
						
							|  |  |  |          "phabricator/, or update your PHP 'include_path' to include ". | 
					
						
							|  |  |  |          "the parent directory of libphutil/.\n"; | 
					
						
							| 
									
										
										
										
											2011-01-16 13:51:39 -08:00
										 |  |  |     exit(1); | 
					
						
							|  |  |  |   } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-02-24 14:52:57 -08:00
										 |  |  |   // Load Phabricator itself using the absolute path, so we never end up doing
 | 
					
						
							|  |  |  |   // anything surprising (loading index.php and libraries from different
 | 
					
						
							|  |  |  |   // directories).
 | 
					
						
							| 
									
										
										
										
											2011-01-16 13:51:39 -08:00
										 |  |  |   phutil_load_library($aphront_root.'/src'); | 
					
						
							| 
									
										
										
										
											2011-02-24 14:52:57 -08:00
										 |  |  |   phutil_load_library('arcanist/src'); | 
					
						
							| 
									
										
										
										
											2011-07-16 07:49:04 -07:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-01-16 13:51:39 -08:00
										 |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-02-24 14:52:57 -08:00
										 |  |  | function phabricator_fatal_config_error($msg) { | 
					
						
							| 
									
										
										
										
											2011-07-16 07:49:04 -07:00
										 |  |  |   phabricator_fatal("CONFIG ERROR: ".$msg."\n"); | 
					
						
							| 
									
										
										
										
											2012-01-10 16:42:00 -08:00
										 |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | function phabricator_detect_bad_base_uri() { | 
					
						
							|  |  |  |   $conf = PhabricatorEnv::getEnvConfig('phabricator.base-uri'); | 
					
						
							|  |  |  |   $uri = new PhutilURI($conf); | 
					
						
							|  |  |  |   switch ($uri->getProtocol()) { | 
					
						
							|  |  |  |     case 'http': | 
					
						
							|  |  |  |     case 'https': | 
					
						
							|  |  |  |       break; | 
					
						
							|  |  |  |     default: | 
					
						
							| 
									
										
										
										
											2012-03-08 12:46:29 -08:00
										 |  |  |       return phabricator_fatal_config_error( | 
					
						
							| 
									
										
										
										
											2012-01-10 16:42:00 -08:00
										 |  |  |         "'phabricator.base-uri' is set to '{$conf}', which is invalid. ". | 
					
						
							|  |  |  |         "The URI must start with 'http://' or 'https://'."); | 
					
						
							|  |  |  |   } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |   if (strpos($uri->getDomain(), '.') === false) { | 
					
						
							|  |  |  |     phabricator_fatal_config_error( | 
					
						
							|  |  |  |       "'phabricator.base-uri' is set to '{$conf}', which is invalid. The URI ". | 
					
						
							|  |  |  |       "must contain a dot ('.'), like 'http://example.com/', not just ". | 
					
						
							|  |  |  |       "'http://example/'. Some web browsers will not set cookies on domains ". | 
					
						
							| 
									
										
										
										
											2012-01-11 17:47:32 -08:00
										 |  |  |       "with no TLD, and Phabricator requires cookies for login. ". | 
					
						
							|  |  |  |       "If you are using localhost, create an entry in the hosts file like ". | 
					
						
							|  |  |  |       "'127.0.0.1 example.com', and access the localhost with ". | 
					
						
							|  |  |  |       "'http://example.com/'."); | 
					
						
							| 
									
										
										
										
											2012-01-10 16:42:00 -08:00
										 |  |  |   } | 
					
						
							| 
									
										
										
										
											2011-02-24 14:52:57 -08:00
										 |  |  | } | 
					
						
							| 
									
										
										
											
												Detect obviously erroneous "memory_limit" configurations
Summary: See comment. ALSO: THIS DIFF IS AMAZING.
Test Plan: Changed my memory limit to something absurd, got yelled at.
Reviewed By: mroch
Reviewers: colmdoyle, jungejason, aran, tuomaspelkonen, codeblock, tomo, mroch,
hsb
CC: aran, mroch, epriestley
Differential Revision: 657
											
										 
											2011-07-12 15:42:14 -07:00
										 |  |  | 
 | 
					
						
							|  |  |  | function phabricator_detect_insane_memory_limit() { | 
					
						
							|  |  |  |   $memory_limit = ini_get('memory_limit'); | 
					
						
							|  |  |  |   $char_limit   = 12; | 
					
						
							|  |  |  |   if (strlen($memory_limit) <= $char_limit) { | 
					
						
							|  |  |  |     return; | 
					
						
							|  |  |  |   } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |   // colmdoyle ran into an issue on an Ubuntu box with Suhosin where his
 | 
					
						
							|  |  |  |   // 'memory_limit' was set to:
 | 
					
						
							|  |  |  |   //
 | 
					
						
							|  |  |  |   //   3232323232323232323232323232323232323232323232323232323232323232M
 | 
					
						
							|  |  |  |   //
 | 
					
						
							|  |  |  |   // Not a typo. A wizard did it.
 | 
					
						
							|  |  |  |   //
 | 
					
						
							|  |  |  |   // Anyway, with this 'memory_limit', the machine would immediately fatal
 | 
					
						
							|  |  |  |   // when executing the ini_set() later. I wasn't able to reproduce this on my
 | 
					
						
							|  |  |  |   // EC2 Ubuntu + Suhosin box, but verified that it caused the problem on his
 | 
					
						
							|  |  |  |   // machine and that setting it to a more sensible value fixed it. Since I
 | 
					
						
							|  |  |  |   // have no idea how to actually trigger the issue, we look for a coarse
 | 
					
						
							|  |  |  |   // approximation of it (a memory_limit setting more than 12 characters in
 | 
					
						
							|  |  |  |   // length).
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |   phabricator_fatal_config_error( | 
					
						
							|  |  |  |     "Your PHP 'memory_limit' is set to something ridiculous ". | 
					
						
							|  |  |  |     "(\"{$memory_limit}\"). Set it to a more reasonable value (it must be no ". | 
					
						
							|  |  |  |     "more than {$char_limit} characters long)."); | 
					
						
							|  |  |  | } | 
					
						
							| 
									
										
										
										
											2011-07-16 07:49:04 -07:00
										 |  |  | 
 | 
					
						
							|  |  |  | function phabricator_shutdown() { | 
					
						
							|  |  |  |   $event = error_get_last(); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |   if (!$event) { | 
					
						
							|  |  |  |     return; | 
					
						
							|  |  |  |   } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-09-02 17:20:14 -07:00
										 |  |  |   if ($event['type'] != E_ERROR && $event['type'] != E_PARSE) { | 
					
						
							| 
									
										
										
										
											2011-07-16 07:49:04 -07:00
										 |  |  |     return; | 
					
						
							|  |  |  |   } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |   $msg = ">>> UNRECOVERABLE FATAL ERROR <<<\n\n"; | 
					
						
							|  |  |  |   if ($event) { | 
					
						
							|  |  |  |     // Even though we should be emitting this as text-plain, escape things just
 | 
					
						
							|  |  |  |     // to be sure since we can't really be sure what the program state is when
 | 
					
						
							|  |  |  |     // we get here.
 | 
					
						
							|  |  |  |     $msg .= phutil_escape_html($event['message'])."\n\n"; | 
					
						
							|  |  |  |     $msg .= phutil_escape_html($event['file'].':'.$event['line']); | 
					
						
							|  |  |  |   } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |   // flip dem tables
 | 
					
						
							|  |  |  |   $msg .= "\n\n\n"; | 
					
						
							|  |  |  |   $msg .= "\xe2\x94\xbb\xe2\x94\x81\xe2\x94\xbb\x20\xef\xb8\xb5\x20\xc2\xaf". | 
					
						
							|  |  |  |           "\x5c\x5f\x28\xe3\x83\x84\x29\x5f\x2f\xc2\xaf\x20\xef\xb8\xb5\x20". | 
					
						
							|  |  |  |           "\xe2\x94\xbb\xe2\x94\x81\xe2\x94\xbb"; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |   phabricator_fatal($msg); | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | function phabricator_fatal($msg) { | 
					
						
							| 
									
										
										
										
											2012-05-05 11:28:30 -07:00
										 |  |  | 
 | 
					
						
							|  |  |  |   global $access_log; | 
					
						
							|  |  |  |   if ($access_log) { | 
					
						
							|  |  |  |     $access_log->setData( | 
					
						
							|  |  |  |       array( | 
					
						
							|  |  |  |         'c' => 500, | 
					
						
							|  |  |  |       )); | 
					
						
							|  |  |  |     $access_log->write(); | 
					
						
							| 
									
										
											  
											
												Allow Phabricator to write an access log using PhutilDeferredLog
Summary: Provide a configurable access log.
Test Plan:
Got a sensible-looking log including logged-in, logged-out, conduit, 404, etc:
  [Mon, 23 Apr 2012 20:08:12 -0700]	32599	orbital	-	epriestley	DifferentialCommentPreviewController	-	/differential/comment/preview/42/	http://local.aphront.com:8080/D42	200	65406
  [Mon, 23 Apr 2012 20:08:12 -0700]	32881	orbital	-	epriestley	DifferentialChangesetViewController	-	/differential/changeset/	http://local.aphront.com:8080/D42	200	72669
  [Mon, 23 Apr 2012 20:08:39 -0700]	32882	orbital	127.0.0.1	epriestley	DifferentialRevisionListController	-	/differential/	http://local.aphront.com:8080/D42	200	106444
  [Mon, 23 Apr 2012 20:08:54 -0700]	32867	orbital	127.0.0.1	epriestley	DifferentialRevisionListController	-	/differential/	http://local.aphront.com:8080/differential/	200	112229
  [Mon, 23 Apr 2012 20:09:05 -0700]	32530	orbital	127.0.0.1	epriestley	PhabricatorDirectoryMainController	-	/	http://local.aphront.com:8080/differential/	200	141350
  [Mon, 23 Apr 2012 20:09:10 -0700]	32598	orbital	127.0.0.1	epriestley	PhabricatorDirectoryCategoryViewController	-	/directory/6/	http://local.aphront.com:8080/	200	43474
  [Mon, 23 Apr 2012 20:09:12 -0700]	32880	orbital	127.0.0.1	epriestley	PhabricatorConduitConsoleController	-	/conduit/	http://local.aphront.com:8080/directory/6/	200	139340
  [Mon, 23 Apr 2012 20:09:15 -0700]	32868	orbital	127.0.0.1	epriestley	PhabricatorConduitAPIController	arcanist.projectinfo	/api/arcanist.projectinfo	http://local.aphront.com:8080/conduit/	200	128774
  [Mon, 23 Apr 2012 20:10:04 -0700]	32599	orbital	127.0.0.1	epriestley	Phabricator404Controller	-	/asdbmabdmbsm	-	404	38782
  [Mon, 23 Apr 2012 20:10:04 -0700]	32881	orbital	127.0.0.1	-	CelerityResourceController	-	/res/c9a43002/rsrc/css/aphront/request-failure-view.css	http://local.aphront.com:8080/asdbmabdmbsm	200	25160
  [Mon, 23 Apr 2012 20:10:57 -0700]	32882	orbital	127.0.0.1	epriestley	PhabricatorLogoutController	-	/logout/	http://local.aphront.com:8080/asdbmabdmbsm	200	40810
  [Mon, 23 Apr 2012 20:10:57 -0700]	32867	orbital	127.0.0.1	-	PhabricatorLoginController	-	/login/	http://local.aphront.com:8080/asdbmabdmbsm	200	42526
  [Mon, 23 Apr 2012 20:10:59 -0700]	32919	orbital	127.0.0.1	-	PhabricatorLoginController	-	/login/	http://local.aphront.com:8080/asdbmabdmbsm	200	49052
  [Mon, 23 Apr 2012 20:10:59 -0700]	32880	orbital	127.0.0.1	-	CelerityResourceController	-	/res/c80156c4/rsrc/js/application/core/behavior-dark-console.js	http://local.aphront.com:8080/login/	200	33166
  [Mon, 23 Apr 2012 20:10:59 -0700]	32868	orbital	127.0.0.1	-	CelerityResourceController	-	/res/4965d970/rsrc/css/aphront/dark-console.css	http://local.aphront.com:8080/login/	200	38078
  [Mon, 23 Apr 2012 20:10:59 -0700]	32599	orbital	127.0.0.1	-	CelerityResourceController	-	/res/pkg/8a5de8a3/javelin.pkg.js	http://local.aphront.com:8080/login/	200	40534
  [Mon, 23 Apr 2012 20:10:59 -0700]	32882	orbital	127.0.0.1	-	CelerityResourceController	-	/res/pkg/9c4e265b/core.pkg.css	http://local.aphront.com:8080/login/	200	41262
  [Mon, 23 Apr 2012 20:10:59 -0700]	32881	orbital	127.0.0.1	-	CelerityResourceController	-	/res/pkg/0c96375e/core.pkg.js	http://local.aphront.com:8080/login/	200	43720
  [Mon, 23 Apr 2012 20:10:59 -0700]	32921	orbital	127.0.0.1	-	CelerityResourceController	-	/res/caa86a45/rsrc/js/javelin/core/init.js	http://local.aphront.com:8080/login/	200	47566
  [Mon, 23 Apr 2012 20:10:59 -0700]	32867	orbital	127.0.0.1	-	CelerityResourceController	-	/res/f46289e9/rsrc/js/application/core/behavior-error-log.js	http://local.aphront.com:8080/login/	200	29328
  [Mon, 23 Apr 2012 20:10:59 -0700]	32919	orbital	127.0.0.1	-	CelerityResourceController	-	/res/7e62ff40/rsrc/image/phabricator_logo.png	http://local.aphront.com:8080/login/	200	25583
  [Mon, 23 Apr 2012 20:10:59 -0700]	32880	orbital	127.0.0.1	-	CelerityResourceController	-	/res/8c6200d3/rsrc/image/sprite.png	http://local.aphront.com:8080/login/	200	29829
  [Mon, 23 Apr 2012 20:11:01 -0700]	32868	orbital	127.0.0.1	-	PhabricatorOAuthLoginController	-	/oauth/facebook/login/  http://local.aphront.com:8080/login/	200	855931
  [Mon, 23 Apr 2012 20:11:02 -0700]	32882	orbital	127.0.0.1	epriestley789	PhabricatorLoginValidateController	-	/login/validate/	http://local.aphront.com:8080/login/	200	29793
  [Mon, 23 Apr 2012 20:11:02 -0700]	32881	orbital	127.0.0.1	epriestley789	PhabricatorDirectoryMainController	-	/	http://local.aphront.com:8080/login/	200	91638
Reviewers: jungejason, btrahan, vrana
Reviewed By: btrahan
CC: aran
Differential Revision: https://secure.phabricator.com/D2310
											
										 
											2012-04-25 07:24:08 -07:00
										 |  |  |   } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-07-16 07:49:04 -07:00
										 |  |  |   header( | 
					
						
							|  |  |  |     'Content-Type: text/plain; charset=utf-8', | 
					
						
							|  |  |  |     $replace = true, | 
					
						
							|  |  |  |     $http_error = 500); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |   error_log($msg); | 
					
						
							|  |  |  |   echo $msg; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |   exit(1); | 
					
						
							|  |  |  | } | 
					
						
							| 
									
										
											  
											
												Allow Phabricator to write an access log using PhutilDeferredLog
Summary: Provide a configurable access log.
Test Plan:
Got a sensible-looking log including logged-in, logged-out, conduit, 404, etc:
  [Mon, 23 Apr 2012 20:08:12 -0700]	32599	orbital	-	epriestley	DifferentialCommentPreviewController	-	/differential/comment/preview/42/	http://local.aphront.com:8080/D42	200	65406
  [Mon, 23 Apr 2012 20:08:12 -0700]	32881	orbital	-	epriestley	DifferentialChangesetViewController	-	/differential/changeset/	http://local.aphront.com:8080/D42	200	72669
  [Mon, 23 Apr 2012 20:08:39 -0700]	32882	orbital	127.0.0.1	epriestley	DifferentialRevisionListController	-	/differential/	http://local.aphront.com:8080/D42	200	106444
  [Mon, 23 Apr 2012 20:08:54 -0700]	32867	orbital	127.0.0.1	epriestley	DifferentialRevisionListController	-	/differential/	http://local.aphront.com:8080/differential/	200	112229
  [Mon, 23 Apr 2012 20:09:05 -0700]	32530	orbital	127.0.0.1	epriestley	PhabricatorDirectoryMainController	-	/	http://local.aphront.com:8080/differential/	200	141350
  [Mon, 23 Apr 2012 20:09:10 -0700]	32598	orbital	127.0.0.1	epriestley	PhabricatorDirectoryCategoryViewController	-	/directory/6/	http://local.aphront.com:8080/	200	43474
  [Mon, 23 Apr 2012 20:09:12 -0700]	32880	orbital	127.0.0.1	epriestley	PhabricatorConduitConsoleController	-	/conduit/	http://local.aphront.com:8080/directory/6/	200	139340
  [Mon, 23 Apr 2012 20:09:15 -0700]	32868	orbital	127.0.0.1	epriestley	PhabricatorConduitAPIController	arcanist.projectinfo	/api/arcanist.projectinfo	http://local.aphront.com:8080/conduit/	200	128774
  [Mon, 23 Apr 2012 20:10:04 -0700]	32599	orbital	127.0.0.1	epriestley	Phabricator404Controller	-	/asdbmabdmbsm	-	404	38782
  [Mon, 23 Apr 2012 20:10:04 -0700]	32881	orbital	127.0.0.1	-	CelerityResourceController	-	/res/c9a43002/rsrc/css/aphront/request-failure-view.css	http://local.aphront.com:8080/asdbmabdmbsm	200	25160
  [Mon, 23 Apr 2012 20:10:57 -0700]	32882	orbital	127.0.0.1	epriestley	PhabricatorLogoutController	-	/logout/	http://local.aphront.com:8080/asdbmabdmbsm	200	40810
  [Mon, 23 Apr 2012 20:10:57 -0700]	32867	orbital	127.0.0.1	-	PhabricatorLoginController	-	/login/	http://local.aphront.com:8080/asdbmabdmbsm	200	42526
  [Mon, 23 Apr 2012 20:10:59 -0700]	32919	orbital	127.0.0.1	-	PhabricatorLoginController	-	/login/	http://local.aphront.com:8080/asdbmabdmbsm	200	49052
  [Mon, 23 Apr 2012 20:10:59 -0700]	32880	orbital	127.0.0.1	-	CelerityResourceController	-	/res/c80156c4/rsrc/js/application/core/behavior-dark-console.js	http://local.aphront.com:8080/login/	200	33166
  [Mon, 23 Apr 2012 20:10:59 -0700]	32868	orbital	127.0.0.1	-	CelerityResourceController	-	/res/4965d970/rsrc/css/aphront/dark-console.css	http://local.aphront.com:8080/login/	200	38078
  [Mon, 23 Apr 2012 20:10:59 -0700]	32599	orbital	127.0.0.1	-	CelerityResourceController	-	/res/pkg/8a5de8a3/javelin.pkg.js	http://local.aphront.com:8080/login/	200	40534
  [Mon, 23 Apr 2012 20:10:59 -0700]	32882	orbital	127.0.0.1	-	CelerityResourceController	-	/res/pkg/9c4e265b/core.pkg.css	http://local.aphront.com:8080/login/	200	41262
  [Mon, 23 Apr 2012 20:10:59 -0700]	32881	orbital	127.0.0.1	-	CelerityResourceController	-	/res/pkg/0c96375e/core.pkg.js	http://local.aphront.com:8080/login/	200	43720
  [Mon, 23 Apr 2012 20:10:59 -0700]	32921	orbital	127.0.0.1	-	CelerityResourceController	-	/res/caa86a45/rsrc/js/javelin/core/init.js	http://local.aphront.com:8080/login/	200	47566
  [Mon, 23 Apr 2012 20:10:59 -0700]	32867	orbital	127.0.0.1	-	CelerityResourceController	-	/res/f46289e9/rsrc/js/application/core/behavior-error-log.js	http://local.aphront.com:8080/login/	200	29328
  [Mon, 23 Apr 2012 20:10:59 -0700]	32919	orbital	127.0.0.1	-	CelerityResourceController	-	/res/7e62ff40/rsrc/image/phabricator_logo.png	http://local.aphront.com:8080/login/	200	25583
  [Mon, 23 Apr 2012 20:10:59 -0700]	32880	orbital	127.0.0.1	-	CelerityResourceController	-	/res/8c6200d3/rsrc/image/sprite.png	http://local.aphront.com:8080/login/	200	29829
  [Mon, 23 Apr 2012 20:11:01 -0700]	32868	orbital	127.0.0.1	-	PhabricatorOAuthLoginController	-	/oauth/facebook/login/  http://local.aphront.com:8080/login/	200	855931
  [Mon, 23 Apr 2012 20:11:02 -0700]	32882	orbital	127.0.0.1	epriestley789	PhabricatorLoginValidateController	-	/login/validate/	http://local.aphront.com:8080/login/	200	29793
  [Mon, 23 Apr 2012 20:11:02 -0700]	32881	orbital	127.0.0.1	epriestley789	PhabricatorDirectoryMainController	-	/	http://local.aphront.com:8080/login/	200	91638
Reviewers: jungejason, btrahan, vrana
Reviewed By: btrahan
CC: aran
Differential Revision: https://secure.phabricator.com/D2310
											
										 
											2012-04-25 07:24:08 -07:00
										 |  |  | 
 |