Commit Graph

5474 Commits

Author SHA1 Message Date
Holger Just 8e417fd5c4 Fix XSS vulnerabilities in Rails (CVE-2012-3464, CVE-2012-3465) #1113 #1114 2013-01-06 20:32:53 +01:00
Holger Just 07e54eda9e SQL Injection Vulnerability in Ruby on Rails (CVE-2012-5664) #1195 2013-01-06 20:32:53 +01:00
Holger Just a93a3af895 Consider HEAD a readonly method in Redmine.pm #1134 2013-01-06 20:32:53 +01:00
Holger Just 5156fbbfc4 Make the WikiContentJournal class available during migration #1194 2013-01-06 20:32:53 +01:00
Felix Schäfer 4d4efa482e Use capybara < 2 as capybara 2 drops ruby 1.8 support 2013-01-02 16:36:49 +01:00
Holger Just c734c6506d Install Darcs 2.3 on Travis CI #1142
Our tests break on Darcs >=2.5 as Darcs changed the repository
format and the command API.
2013-01-02 16:16:39 +01:00
Toshi MARUYAMA e7ef06a926 add travis build status to README.rdoc 2012-12-09 18:24:13 +01:00
Felix Schäfer 0dfa793abc Add a CONTRIBUTING guide. #1192 2012-12-09 18:10:11 +01:00
C-Moreira ce5524ba4d Add localized translation for Time entry menu. #1118 2012-11-22 11:54:11 +01:00
Holger Just 003fc93b15 Make the commented configuration.yml.example more approachable #1144 2012-09-14 22:27:49 +02:00
Holger Just da4641442f Update package list before installing packages on Travis 2012-09-12 21:39:09 +02:00
Web Siduction 0e1a622a6a wiki-text monospaced 11px 2012-08-20 20:18:17 +02:00
Holger Just d63d2d2e81 Display sidebar queries outside of a project #1090 2012-08-20 18:48:28 +02:00
Holger Just 7a4b664577 Set default category_id instead of the object #1087
Rails 2.3 still has issues with synchronizing the association_id
and association attributes of an object. That means, if you set the
association with an object first and then just set the id afterwards, the object wins and the setting of the id gets lost.

This is not an issue in Rails >= 3.1 anymore.
2012-08-20 18:26:32 +02:00
Felix Schäfer d24d4ce6b6 Stick with a working version of mocha
mocha 0.12.2 is known not to work with test/unit:
https://github.com/freerange/mocha/issues/94

Pinning the version of mocha until this is resolved
2012-08-06 10:34:41 +02:00
jplang a2f8557f23 Correctly copy advanced workflow settings #904
Original commit message:
Fixed: Workflow copy does not copy advanced workflow settings

git-svn-id: svn://rubyforge.org/var/svn/redmine/trunk@6148 e93f8b46-1217-0410-a6f0-8f06a7374b81
2012-08-06 08:20:58 +02:00
Holger Just 19dd488298 Bump version to 3.3.0 2012-07-15 18:45:49 +02:00
Holger Just 12cedb1e91 Update Changelog for v3.3.0 2012-07-15 18:44:41 +02:00
Holger Just 27f24a78db Add copyright statement 2012-07-15 18:43:00 +02:00
Andrew Smith 4838c4ede8 Replace the progress bars with a copied jQuery version. Fixes #1056 2012-07-15 18:28:23 +02:00
Holger Just f2e4c71b27 Add gravatar no-op library.
This helps to not break on plugins having require "gravatar"
in their init.rb. This statement is not needed anymore in any
supported version of ChiliProject (or Redmine for that matter) and
should thus be removed from all plugins.
2012-07-15 17:48:43 +02:00
Andrew Smith ff94716791 Replace the JS calendar with a jQueryUI version. 2012-07-15 15:25:13 +02:00
Felix Schäfer cb9ac281d9 Add date_field and date_field_tag form helpers #817 2012-07-15 15:19:02 +02:00
Felix Schäfer a642a1fdc4 Bump net-ldap #1078 2012-07-14 21:16:16 +02:00
Holger Just f89c003847 Make list style for ul and ol elements more specific. #1075 2012-07-13 23:27:53 +02:00
Andrew Smith d6eb87508c Update jQuery/UI to 1.7.2/1.8.21. Fixes #1076 2012-07-11 14:41:56 +02:00
Romano Licker 1e96ac9e06 [#935] Setting improperly set up for default values
having a fixed call order resolves a problem where
'value=' was called before 'name=' resulting in no
serialization
2012-07-11 12:56:58 +02:00
Holger Just 9fde11f950 Load rake tasks from plugins in chiliproject_plugins #1074 2012-07-10 14:39:32 +02:00
Felix Schäfer d41c7f1e8c Fix migrating from Redmine 1.4 #1067
Contributed by Steffen Schüssler
2012-07-09 20:41:17 +02:00
Andrew Smith e3dc444b9c Losslessly recompress all the image files. Fixes #1070 2012-07-09 18:28:14 +02:00
Felix Schäfer 37385642fa Don't show the search field when it's not needed #979
Contributed by Harald Klimach
2012-07-09 18:11:04 +02:00
Felix Schäfer 12b2d3c182 Show the register link everywhere it's needed #979
Contributed by Harald Klimach
2012-07-09 18:06:32 +02:00
Andrew Smith 37c762b997 Force the hover colour so that even rows highlight. Fixes #1063 2012-07-06 20:06:03 +02:00
Holger Just 17793c87e3 Format date in user's prefered format by default 2012-07-02 21:10:55 +02:00
Holger Just eea550e639 Fix the Strainer patch to enforce a filter array
Up until now, the patch used to be a no-op. While the filters class
attribute was set correctly, the methods using it were not actually
overridden as they are only included above the existing methods in
the module chain.

This resulted in an arbitrary load order of filters on Ruby 1.8. As
such, our overridden standard filters might not have actually
overridden anything.

Still, the patch can be completely removed once we either require
Ruby 1.9 (as we have ordered ahshes by default then) or once
https://github.com/Shopify/liquid/pull/87 was merged and released
upstream.
2012-07-02 21:10:55 +02:00
Holger Just 760df0ae35 Define today variable for liquid #1055 2012-07-02 21:10:55 +02:00
Andrew Smith a4fbb15f6c Include a minimal Modernizr JS build. Fixes #1054 2012-07-02 20:28:00 +02:00
Andrew Smith 6fa46e5136 Set the users language on the HTML tag. Fixes #1051 2012-06-28 10:03:08 +02:00
Andrew Smith cf83e274d7 Change to an HTML5 doctype #1018 2012-06-26 22:19:37 +02:00
Jan Vlnas 29af3ec964 Correct engine tests to work on Ruby 1.9 #952 #944 2012-06-23 21:23:50 +02:00
Holger Just 6932070752 Require bundler 1.0.14 to use the rbx platform in Gemfile 2012-06-22 17:34:28 +02:00
Holger Just cd4efd2e0d Set $KCODE to UTF-8 on Ruby 1.8 to mimic Rails 3 behavior 2012-06-22 17:31:51 +02:00
Felix Schäfer 2f21522458 Enable project-specific css #1017 2012-06-21 10:28:44 +02:00
Holger Just d3d6a93a45 Fix failing tests for Ruby 1.9 #1046 2012-06-20 18:00:34 +02:00
Holger Just e4386f61da Add "me" to user custom fields filters #1046
Adapted from
28f9605fe2
by Jean-Philippe Lang
2012-06-20 16:07:09 +02:00
Holger Just 5c7a3a53c2 Bump version to 3.2.2 2012-06-13 10:26:48 +02:00
Holger Just 4d9060964f Update changelog for v3.2.2 2012-06-13 10:25:18 +02:00
Holger Just 16e266e7e5 Fix SQL injection via nested hashes in conditions. CVE-2012-2695 #1037 2012-06-13 10:12:10 +02:00
Holger Just d629209364 Fix SQL injection via nested hashes in conditions (CVE-2012-2694) #1036 2012-06-13 10:10:03 +02:00
Holger Just c9d141061d Bump version to v3.2.1 2012-06-10 20:36:34 +02:00