archive/phabricator
1
0
Fork 0
Code Issues 1 Pull Requests Packages Projects Releases Wiki Activity
Files
a5f8846f472b36e637804fd43a293b6eeda49acb
phabricator/resources/sql/patches
History
epriestley a5f8846f47 Use a unique random key to identify queries, not a sequential ID 
Summary:
We save search information and then redirect to a "/search/<query_id>/" URI in
order to make search URIs short and bookmarkable, and save query data for
analysis/improvement of search results.

Currently, there's a vague object enumeration security issue with using
sequential IDs to identify searches, where non-admins can see searches other
users have performed. This isn't really too concerning but we lose nothing by
using random keys from a large ID space instead.

  - Drop 'authorPHID', which was unused anyway, so searches can not be
personally identified, even by admins.
  - Identify searches by random hash keys, not sequential IDs.
  - Map old queries' keys to their IDs so we don't break any existing bookmarked
URIs.

Test Plan: Ran several searches, got redirected to URIs with random hashes from
a large ID space rather than sequential integers.

Reviewers: arice, btrahan

Reviewed By: arice

CC: aran, epriestley

Differential Revision: https://secure.phabricator.com/D1587
2012-02-07 14:58:46 -08:00
..
000.project.sql
Task -> Project assocation, file uploads
2011-02-20 20:08:53 -08:00
001.maniphest_projects.sql
Fully-qualify this SQL patchfile.
2011-02-20 20:10:07 -08:00
002.oauth.sql
Github OAuth
2011-02-21 00:23:24 -08:00
003.more_oauth.sql
Store OAuth tokens and more OAuth account info.
2011-02-22 10:27:27 -08:00
004.daemonrepos.sql
Rough cut of repository tracking
2011-03-06 22:29:22 -08:00
005.workers.sql
Rough cut of Workers
2011-03-10 13:48:29 -08:00
006.repository.sql
durf durf sql
2011-03-15 20:51:53 +00:00
007.daemonlog.sql
Diffusion/phd/console improvements.
2011-03-15 13:38:14 -07:00
008.repoopt.sql
Fix various parsing bugs in Differential.
2011-03-19 14:42:17 -07:00
009.repo_summary.sql
Sorta need this file.
2011-03-20 17:55:31 -07:00
010.herald.sql
Allow databases to be created outside upgrade_schema scrpt.
2011-10-17 13:59:56 -07:00
011.badcommit.sql
Derp derp, apparentl neglected to save this file.
2011-03-26 23:59:29 -07:00
012.dropphidtype.sql
Removed "PHID Types" storage object and interface components
2011-03-31 14:01:13 -07:00
013.commitdetail.sql
More Diffusion junk.
2011-03-30 22:08:41 -07:00
014.shortcuts.sql
Restore "Shortcuts" feature to Diffusion.
2011-03-31 00:33:44 -07:00
015.preferences.sql
User preferences ported from tools
2011-03-31 13:44:20 -07:00
016.userrealnameindex.sql
Add basic detail-parser functionality.
2011-04-01 17:11:55 -07:00
017.sessionkeys.sql
Optimize session query for nontrivial number of user accounts.
2011-04-02 16:39:40 -07:00
018.owners.sql
Allow databases to be created outside upgrade_schema scrpt.
2011-10-17 13:59:56 -07:00
019.arcprojects.sql
Sync up UUIDs and create project configs.
2011-04-05 21:55:04 -07:00
020.pathcapital.sql
Fix field capitalization.
2011-04-05 22:30:10 -07:00
021.xhpastview.sql
Allow databases to be created outside upgrade_schema scrpt.
2011-10-17 13:59:56 -07:00
022.differentialcommit.sql
Close the loop on Diffusion commits posting back to Differential.
2011-04-07 21:59:42 -07:00
023.dxkeys.sql
Turns out MySQL tables need keys. Who knew?!
2011-04-09 22:19:10 -07:00
024.mlistkeys.sql
Properly support mailing lists, with actual testing!
2011-04-10 10:16:14 -07:00
025.commentopt.sql
Lint and unit star support.
2011-04-10 17:19:01 -07:00
026.diffpropkey.sql
Missing key for large datasizes.
2011-04-10 17:25:24 -07:00
027.metamtakeys.sql
Add some metamta keys.
2011-04-12 18:19:24 -07:00
028.systemagent.sql
Very basic system agent support.
2011-04-12 18:19:25 -07:00
029.cursors.sql
Avoid Timeline race condition
2011-04-14 10:12:10 -07:00
030.imagemacro.sql
Image macros for Phabricator!
2011-04-13 20:08:13 -07:00
031.workerrace.sql
Prevent a race in Phabricator workers
2011-04-14 12:09:56 -07:00
032.viewtime.sql
Differential Updates View
2011-04-28 14:40:41 -07:00
033.privtest.sql
Improve schema upgrade workflow for unprivileged users
2011-04-30 00:50:48 -07:00
034.savedheader.sql
Make X-Herald-Rules header sticky
2011-05-03 06:06:57 -07:00
035.proxyimage.sql
Restore image proxying to Remarkup
2011-05-03 18:49:06 -07:00
036.mailkey.sql
Support email replies in Phabricator
2011-05-05 14:58:57 -07:00
037.setuptest.sql
Add a "setup" mode which guides new users through application configuration
2011-05-10 15:12:30 -07:00
038.admin.sql
Admin and disabled flags for users
2011-05-12 11:17:50 -07:00
039.userlog.sql
Provide an activity log for login and administrative actions
2011-05-20 19:08:26 -07:00
040.transform.sql
Basic image thumbnailing
2011-05-27 09:33:33 -07:00
041.heraldrepetition.sql
herald: add the ability to execute a rule the first time only
2011-06-09 10:35:37 -07:00
042.commentmetadata.sql
Store metadata with Differential and Maniphest comments, and store added
2011-06-09 10:43:25 -07:00
043.pastebin.sql
Allow databases to be created outside upgrade_schema scrpt.
2011-10-17 13:59:56 -07:00
044.countdown.sql
Allow databases to be created outside upgrade_schema scrpt.
2011-10-17 13:59:56 -07:00
045.timezone.sql
Provide a default non-NULL timezone in the PhabricatorUser class
2011-06-20 13:13:51 -07:00
046.conduittoken.sql
Fix syntax clowning in patch 046.
2011-06-20 05:59:42 -07:00
047.projectstatus.sql
Project list and profile view modifications
2011-06-20 16:13:44 -03:00
048.relationshipkeys.sql
Properly scope some SQL.
2011-06-21 14:46:59 -07:00
049.projectowner.sql
Allow affiliations to carry project ownership information; transform profile
2011-06-28 06:40:41 -07:00
050.taskdenormal.sql
Allow Maniphest to scale to a massive size
2011-06-28 06:41:05 -07:00
051.projectfilter.sql
Allow Maniphest tasks to be filtered by Project
2011-06-29 21:56:47 -07:00
052.pastelanguage.sql
Add a syntax highlight dropdown, if pygments is enabled.
2011-07-04 12:23:43 -04:00
053.feed.sql
Allow databases to be created outside upgrade_schema scrpt.
2011-10-17 13:59:56 -07:00
054.subscribers.sql
Added subscriber view to Maniphest.
2011-07-07 14:08:52 -07:00
055.add_author_to_files.sql
Drag-drop file upload.
2011-07-08 15:20:57 -04:00
056.slowvote.sql
Allow databases to be created outside upgrade_schema scrpt.
2011-10-17 13:59:56 -07:00
057.parsecache.sql
Add Differential parse cache to the GC daemon
2011-07-08 17:31:25 -07:00
058.missingkeys.sql
Add missing keys to some tables
2011-07-09 10:55:15 -07:00
059.engines.php
Script to selectively convert MyISAM tables to InnoDB
2011-07-11 11:42:28 -07:00
060.phriction.sql
Minor, reduce slug column size to 128, see D1391.
2012-01-13 17:16:37 -08:00
061.phrictioncontent.sql
Basic edit/create workflow for Phriction
2011-07-11 14:47:33 -07:00
062.phrictionmenu.sql
Add Phriction to the main nav menu
2011-07-12 09:26:51 -07:00
063.pasteforks.sql
Store parents of forked pastes, and list child pastes if there are any.
2011-07-15 18:42:08 -04:00
064.subprojects.sql
Allow users to associate SSH Public Keys with their accounts
2011-07-23 09:15:20 -07:00
065.sshkeys.sql
Allow users to associate SSH Public Keys with their accounts
2011-07-23 09:15:20 -07:00
066.phrictioncontent.sql
Add a 'description' field to Phriction
2011-07-23 21:11:42 -07:00
067.preferences.sql
Move "Preferences" to "Settings"
2011-07-24 12:25:43 -07:00
068.maniphestauxiliarystorage.sql
Key Value Store for ManiphestTask
2011-07-25 19:11:55 -07:00
069.heraldxscript.sql
Improve GC performance for Herald Transcripts
2011-07-28 18:50:54 -07:00
070.differentialaux.sql
Add basic auxiliary field storage for Differential
2011-08-14 10:04:21 -07:00
071.contentsource.sql
Track content sources (email, web, conduit, mobile) for replies
2011-08-30 11:08:27 -07:00
072.blamerevert.sql
Remove blameRevision and revertPlan from the DifferentialRevision schema
2011-09-04 16:19:12 -07:00
073.reposymbols.sql
Add storage for repository symbol tracking
2011-09-13 08:49:44 -07:00
074.affectedpath.sql
Build an "affected path" index when attaching diffs to revisions
2011-09-15 07:45:14 -07:00
075.revisionhash.sql
Add a relation table for Revisions to local commit hashes
2011-09-26 15:02:37 -07:00
076.indexedlanguages.sql
Tie all the pieces for symbol cross-references together
2011-10-09 17:58:17 -07:00
077.originalemail.sql
Allow bugs@ addresses to blanket-accept tasks
2011-10-20 14:26:19 -07:00
078.nametoken.sql
Add a name token table so on-demand typeaheads can match last names
2011-10-23 14:25:26 -07:00
079.nametokenindex.php
Add a name token table so on-demand typeaheads can match last names
2011-10-23 14:25:26 -07:00
080.filekeys.sql
Use a proper entropy source to generate file keys
2011-10-23 14:42:23 -07:00
081.filekeys.php
Use a proper entropy source to generate file keys
2011-10-23 14:42:23 -07:00
082.xactionkey.sql
Add a missing key to the ManiphestTransaction table
2011-10-23 14:43:03 -07:00
083.dxviewtime.sql
Remove "Updated" view from Differential
2011-12-07 06:55:03 -08:00
084.pasteauthorkey.sql
Paste - upgrade scheme to support queries by authorPHID
2011-12-14 19:48:47 -08:00
085.packagecommitrelationship.sql
Add Related Commits for Owners
2011-12-14 22:48:57 -08:00
086.formeraffil.sql
Remove "Former" project members
2011-12-16 17:46:02 -08:00
087.phrictiondelete.sql
Allow Phriction documents to be deleted
2011-12-17 11:45:25 -08:00
088.audit.sql
Issue CREATE DATABASE before ALTER TABLE in patch 88
2011-12-27 17:50:23 -08:00
089.projectwiki.sql
Provide wiki pages for projects
2011-12-20 14:03:12 -08:00
090.forceuniqueprojectnames.php
Provide wiki pages for projects
2011-12-20 14:03:12 -08:00
091.uniqueslugkey.sql
Provide wiki pages for projects
2011-12-20 14:03:12 -08:00
092.dropgithubnotification.sql
Remove support for GitHub post-receive notifications
2011-12-24 09:00:08 -08:00
093.gitremotes.php
Make tracked git repositories use an implicit 'origin' remote
2011-12-29 08:35:32 -08:00
094.phrictioncolumn.sql
Minor, reduce slug column size to 128, see D1391.
2012-01-13 17:16:37 -08:00
095.directory.sql
Delete /xhprof/ from directory, mark /mail/ as Admin Only
2012-01-15 20:27:55 -08:00
096.filename.sql
Change fileName to filename
2012-01-17 10:50:14 -08:00
097.heraldruletypes.sql
Created personal vs. global herald rule distingtion
2012-01-19 11:21:49 -08:00
098.heraldruletypemigration.php
Created personal vs. global herald rule distingtion
2012-01-19 11:21:49 -08:00
099.drydock.sql
Drydock Rough Cut
2012-01-19 21:12:57 -08:00
100.projectxaction.sql
Add transaction-oriented editing to projects
2012-01-24 09:44:35 -08:00
101.heraldruleapplied.sql
Remove massive "rule applied" query
2012-01-24 19:29:54 -08:00
102.heraldcleanup.php
Write fewer "applied" rows and clean up excess historical rows
2012-01-25 11:53:39 -08:00
103.heraldedithistory.sql
Add basic edit history to herald rules
2012-01-30 11:52:44 -08:00
104.searchkey.sql
Use a unique random key to identify queries, not a sequential ID
2012-02-07 14:58:46 -08:00