Commit Graph

3002 Commits

Author SHA1 Message Date
Kolan Sh e5de5f43cc v3.1.0 merged 2012-04-05 13:22:02 +04:00
Jean-Philippe Lang 3183aa55ed Set user_id as a protected attribute (#922). 2012-04-04 14:21:41 +02:00
Jean-Philippe Lang 275163ead2 Prevent mass-assignment vulnerability when adding/updating a wiki (#922). 2012-04-04 14:21:41 +02:00
Jean-Philippe Lang fc5dfd5813 Prevent mass-assignment vulnerability when adding/updating a version (#922). 2012-04-04 14:21:41 +02:00
Jean-Philippe Lang a3f6b30e99 Prevent mass-assignment vulnerability when adding/updating a time entry (#922). 2012-04-04 14:21:41 +02:00
Jean-Philippe Lang 5de377c5ee Use safe_attributes= just like in #create. (#922) 2012-04-04 14:21:41 +02:00
Jean-Philippe Lang 305df19ab7 Prevent mass-assignment vulnerability when adding/updating a news (#922). 2012-04-04 14:21:40 +02:00
Jean-Philippe Lang c3ca5813d5 Prevent mass-assignment vulnerability when adding/updating a forum message (#922). 2012-04-04 14:21:40 +02:00
Jean-Philippe Lang 384890c5ad Prevent mass-assignment vulnerability when adding a project member (#922). 2012-04-04 14:21:40 +02:00
Jean-Philippe Lang e77cb6133d Prevent mass-assignment vulnerability when adding/updating an issue category (#922). 2012-04-04 14:21:39 +02:00
Jean-Philippe Lang 7505cb2ff0 Prevent mass-assignment vulnerability when adding/updating a document (#922). 2012-04-04 14:21:39 +02:00
Jean-Philippe Lang 2eeb4b13a6 Prevent mass-assignment vulnerability when adding a news comment (#922). 2012-04-04 14:21:39 +02:00
Felix Schäfer 0a7c6e6774 Correct handling of @Rational#to_s@ on ruby 1.9 #887
Contributed by Martin S
2012-04-04 09:36:58 +02:00
Felix Schäfer 6f064d3856 Activity: use default filter only on first request #861 2012-03-28 20:31:20 +02:00
Robert Mitwicki c6af5c7982 Correct error message on group name #873 2012-03-28 08:56:06 +02:00
Felix Schäfer e6ec8ab30c Remove length limits on some user fields #928 2012-03-25 09:40:56 +02:00
Kolan Sh 65b94d2014 Character encoding detection in attachments is now automatic 2012-03-24 23:39:46 +04:00
Andrew Smith 7b3280e5ad Replace tables that were using the 'width' attribute with inline styles (should be replaced with an ID/class). 2012-03-23 11:22:58 +01:00
Andrew Smith fd250726ce Remove some inline styling and some depreciated table cell attributes and replace them with proper class names. 2012-03-23 11:22:57 +01:00
Andrew Smith 1cfd20e7e7 Fix missing cells and incorrect close order 2012-03-23 11:22:57 +01:00
Andrew Smith b15e6d8305 Fix duplicated 'back_url' IDs
Various hidden input fields are used to hold a URL to send the user back
to the correct page after submitting a form, however, they all use the
same ID which isn't allowed in HTML. Passing in 'id' as nil stops the
'hidden_field_tag' from adding an ID attribute to the tag.
2012-03-23 11:22:57 +01:00
Andrew Smith 2a70e2704f HTML corrections 2012-03-23 11:22:57 +01:00
Andrew Smith 23a857bf75 Remove hard-coded div on issue page 2012-03-21 21:07:21 +01:00
Andrew Smith 1b7ddb3cd7 jQuery version of the issue context menu 2012-03-21 21:06:58 +01:00
Felix Schäfer 565aeabc79 Issue hierarchy on issue show view #906 2012-03-20 09:25:54 +01:00
Felix Schäfer efac256a6b Design fix
The lower would only show if you have the permission to see/add related issues
2012-03-17 15:31:26 +01:00
Felix Schäfer f01194856f Use the news description as event description #933 2012-03-17 13:55:36 +01:00
Felix Schäfer 20eed68421 [#739] Convert relative links to full links in textile
Textile doesn't "understand" :only_path => false and thus doesn't convert links of the form

<pre>"foo":/bar</pre>

to full URLs, this is done in a subsequent method akin to the wiki_lins and so on
2012-03-16 00:47:18 +01:00
Felix Schäfer 2c76240544 Fix edit issue notes permission #888 2012-03-05 18:13:59 +01:00
Holger Just 724bd48494 Remove unused code
Since Rails 2.3.11, protect_from_forgery exclusively calls
handle_unverified_request which defaults to resetting the session. The old
code to handle an invalid CSRF token is not used anymore and is thus
removed to un-confuse people.
2012-03-05 12:50:44 +01:00
Michaël Rigart cbcce70400 Fix requiring SCM classes in dev mode #828
Change require to require_dependency so SCM classes get loaded on each request in dev mode
2012-02-24 15:44:02 +01:00
Holger Just 0fd499afca Merge branch 'master' into unstable 2012-02-06 22:47:35 +01:00
Holger Just aa3ab990d0 [#593] Generate wiki content notifications in the JournalObserver
This will prevent the usage of the wrong wiki_content status.

The code is not overly pretty and deserves a thorough refactoring, but at
least it solves the problem at hand.
2012-02-06 22:44:44 +01:00
Holger Just 01fefe8d3b [#775] Don't create a new journal on parent message on reply 2012-01-31 16:02:56 +01:00
Holger Just fb595ec7f9 [#775] Don't create a new journal on Attachment#increment_download 2012-01-31 16:02:49 +01:00
Holger Just 3f99ee63ff Always display our custom 404 page 2012-01-30 21:28:57 +01:00
Holger Just 185edcd283 Fix trailing whitespace 2012-01-18 19:26:03 +01:00
Holger Just 19f2ccd496 Update copyright for 2012 2012-01-18 19:25:13 +01:00
Holger Just e85947c7d4 Merge branch 'master' into unstable 2012-01-18 19:18:27 +01:00
Holger Just 3c9e9764b0 [#807] Re-add details class to maintain backwarts-compatible lasses 2012-01-17 23:43:28 +01:00
Holger Just 3f325243ce Merge branch 'pulls/783/remove-new-issue-link-if-unauthorized' of https://github.com/finnlabs/chiliproject into unstable 2012-01-17 20:14:25 +01:00
Holger Just 323b5bebc8 [#774] Move gravatar of issue author into the author tag 2012-01-17 19:31:02 +01:00
Holger Just 91c04f335d [#807] Move gravatar into the journal div 2012-01-17 19:25:53 +01:00
Holger Just 637ca24aed Completely disable the Rails cache for tests
Settings extension to handle cache behaviour by Gregor Schmidt.
2012-01-16 15:54:05 +01:00
Holger Just a938d582b1 [#780] Clarify deprecation of Setting.clear_cache 2012-01-16 14:53:51 +01:00
Holger Just 33a8baf347 Merge branch 'pulls/780/setting-cache' of https://github.com/finnlabs/chiliproject into unstable 2012-01-16 14:50:34 +01:00
Holger Just d7ebffb7ad [#795] Generate error flash on Liquid syntax error 2012-01-16 14:10:45 +01:00
Holger Just 61a65d4624 [#827] Add status group in time entries report.
Patch provided by Jérôme BATAILLE.
Test from Jean-Philippe Lang.
2012-01-16 13:48:06 +01:00
Eric Davis 0407abbd56 Hide the More menu if there are no items to show 2012-01-12 15:00:23 -08:00
Eric Davis 4ce3b88473 Add a menu to view all projects since the main click event is blocked 2012-01-12 14:58:15 -08:00