RMagic: bypass version test.

.travis.yml

@@ -5,48 +5,30 @@ rvm:
   - 1.9.3
   - rbx-18mode
 env:
-  - "TEST_SUITE=units       RAILS_ENV=test DB=mysql BUNDLE_WITHOUT=rmagick:mysql2:postgres:sqlite"
-  - "TEST_SUITE=units       RAILS_ENV=test DB=mysql2 BUNDLE_WITHOUT=rmagick:mysql:postgres:sqlite"
-  - "TEST_SUITE=units       RAILS_ENV=test DB=postgres BUNDLE_WITHOUT=rmagick:mysql:mysql2:sqlite"
-  - "TEST_SUITE=units       RAILS_ENV=test DB=sqlite BUNDLE_WITHOUT=rmagick:mysql:mysql2:postgres"
-  - "TEST_SUITE=functionals RAILS_ENV=test DB=mysql BUNDLE_WITHOUT=rmagick:mysql2:postgres:sqlite"
-  - "TEST_SUITE=functionals RAILS_ENV=test DB=mysql2 BUNDLE_WITHOUT=rmagick:mysql:postgres:sqlite"
-  - "TEST_SUITE=functionals RAILS_ENV=test DB=postgres BUNDLE_WITHOUT=rmagick:mysql:mysql2:sqlite"
-  - "TEST_SUITE=functionals RAILS_ENV=test DB=sqlite BUNDLE_WITHOUT=rmagick:mysql:mysql2:postgres"
-  - "TEST_SUITE=integration RAILS_ENV=test DB=mysql BUNDLE_WITHOUT=rmagick:mysql2:postgres:sqlite"
-  - "TEST_SUITE=integration RAILS_ENV=test DB=mysql2 BUNDLE_WITHOUT=rmagick:mysql:postgres:sqlite"
-  - "TEST_SUITE=integration RAILS_ENV=test DB=postgres BUNDLE_WITHOUT=rmagick:mysql:mysql2:sqlite"
-  - "TEST_SUITE=integration RAILS_ENV=test DB=sqlite BUNDLE_WITHOUT=rmagick:mysql:mysql2:postgres"
+  - "RAILS_ENV=test DB=mysql BUNDLE_WITHOUT=rmagick:mysql2:postgres:sqlite"
+  - "RAILS_ENV=test DB=mysql2 BUNDLE_WITHOUT=rmagick:mysql:postgres:sqlite"
+  - "RAILS_ENV=test DB=postgres BUNDLE_WITHOUT=rmagick:mysql:mysql2:sqlite"
+  - "RAILS_ENV=test DB=sqlite BUNDLE_WITHOUT=rmagick:mysql:mysql2:postgres"
 matrix:
   exclude:
     - rvm: 1.9.2
-      env: "TEST_SUITE=units       RAILS_ENV=test DB=mysql BUNDLE_WITHOUT=rmagick:mysql2:postgres:sqlite"
-    - rvm: 1.9.2
-      env: "TEST_SUITE=functionals RAILS_ENV=test DB=mysql BUNDLE_WITHOUT=rmagick:mysql2:postgres:sqlite"
-    - rvm: 1.9.2
-      env: "TEST_SUITE=integration RAILS_ENV=test DB=mysql BUNDLE_WITHOUT=rmagick:mysql2:postgres:sqlite"
+      env: "RAILS_ENV=test DB=mysql BUNDLE_WITHOUT=rmagick:mysql2:postgres:sqlite"
     - rvm: 1.9.3
-      env: "TEST_SUITE=units       RAILS_ENV=test DB=mysql BUNDLE_WITHOUT=rmagick:mysql2:postgres:sqlite"
-    - rvm: 1.9.3
-      env: "TEST_SUITE=functionals RAILS_ENV=test DB=mysql BUNDLE_WITHOUT=rmagick:mysql2:postgres:sqlite"
-    - rvm: 1.9.3
-      env: "TEST_SUITE=integration RAILS_ENV=test DB=mysql BUNDLE_WITHOUT=rmagick:mysql2:postgres:sqlite"
+      env: "RAILS_ENV=test DB=mysql BUNDLE_WITHOUT=rmagick:mysql2:postgres:sqlite"
     - rvm: rbx-18mode
-      env: "TEST_SUITE=units       RAILS_ENV=test DB=mysql BUNDLE_WITHOUT=rmagick:mysql2:postgres:sqlite"
-    - rvm: rbx-18mode
-      env: "TEST_SUITE=functionals RAILS_ENV=test DB=mysql BUNDLE_WITHOUT=rmagick:mysql2:postgres:sqlite"
-    - rvm: rbx-18mode
-      env: "TEST_SUITE=integration RAILS_ENV=test DB=mysql BUNDLE_WITHOUT=rmagick:mysql2:postgres:sqlite"
+      env: "RAILS_ENV=test DB=mysql BUNDLE_WITHOUT=rmagick:mysql2:postgres:sqlite"
   allow_failures:
     - rvm: rbx-18mode
 before_install:
   - "sudo apt-get update -qq"
   - "sudo apt-get --no-install-recommends install bzr cvs git mercurial subversion"
+
+  # Our tests don't work on Darcs >= 2.5, so we use Darcs 2.3 from Ubuntu Lucy
+  - "sudo apt-get --no-install-recommends install libc6 libcurl3-gnutls libgmp3c2 libncurses5 zlib1g"
+  - "wget http://de.archive.ubuntu.com/ubuntu/pool/main/libf/libffi/libffi5_3.0.9-1_i386.deb -O /tmp/libffi5_3.0.9-1_i386.deb; sudo dpkg -i /tmp/libffi5_3.0.9-1_i386.deb"
+  - "wget http://de.archive.ubuntu.com/ubuntu/pool/universe/d/darcs/darcs_2.3.0-3_i386.deb -O /tmp/darcs_2.3.0-3_i386.deb; sudo dpkg -i /tmp/darcs_2.3.0-3_i386.deb"
 before_script:
-  - "rvm rubygems 1.8.25" # Rubygems 2.0.x fails with Rails 2.3
   - "rake ci:travis:prepare"
-  - "rm -rf tmp/test/darcs_repository" # Don't test Darcs on Travis. It breaks there :(
-script: "bundle exec rake test:$TEST_SUITE"
 branches:
   only:
     - unstable

Gemfile

@@ -1,9 +1,8 @@
 # -*- coding: utf-8 -*-
-source "https://rubygems.org"
+source :rubygems
 
-gem "rails", "2.3.18"
+gem "rails", "2.3.14"
 
-gem "json", "~> 1.7.7"
 gem "coderay", "~> 1.0.0"
 gem "i18n", "~> 0.4.2"
 gem "rubytree", "~> 0.5.2", :require => 'tree'

app/controllers/account_controller.rb

@@ -37,7 +37,7 @@ class AccountController < ApplicationController
   def lost_password
     redirect_to(home_url) && return unless Setting.lost_password?
     if params[:token]
-      @token = Token.find_by_action_and_value("recovery", params[:token].to_s)
+      @token = Token.find_by_action_and_value("recovery", params[:token])
       redirect_to(home_url) && return unless @token and !@token.expired?
       @user = @token.user
       if request.post?
@@ -53,7 +53,7 @@ class AccountController < ApplicationController
       return
     else
       if request.post?
-        user = User.find_by_mail(params[:mail].to_s)
+        user = User.find_by_mail(params[:mail])
         # user not found in db
         (flash.now[:error] = l(:notice_account_unknown_email); return) unless user
         # user uses an external authentification
@@ -109,7 +109,7 @@ class AccountController < ApplicationController
   # Token based account activation
   def activate
     redirect_to(home_url) && return unless Setting.self_registration? && params[:token]
-    token = Token.find_by_action_and_value('register', params[:token].to_s)
+    token = Token.find_by_action_and_value('register', params[:token])
     redirect_to(home_url) && return unless token and !token.expired?
     user = token.user
     redirect_to(home_url) && return unless user.registered?

app/controllers/application_controller.rb

@@ -54,14 +54,7 @@ class ApplicationController < ActionController::Base
 
   # FIXME: This doesn't work with Rails >= 3.0 anymore
   # Possible workaround: https://github.com/rails/rails/issues/671#issuecomment-1780159
-  rescue_from ActionController::RoutingError, :with => proc{
-    # manually apply basic before_filters which aren't applied by default here
-    user_setup
-    check_if_login_required
-    set_localization
-
-    render_404
-  }
+  rescue_from ActionController::RoutingError, :with => proc{render_404}
 
   include Redmine::Search::Controller
   include Redmine::MenuManager::MenuController
@@ -89,11 +82,11 @@ class ApplicationController < ActionController::Base
       user
     elsif params[:format] == 'atom' && params[:key] && accept_key_auth_actions.include?(params[:action])
       # RSS key authentication does not start a session
-      User.find_by_rss_key(params[:key].to_s)
+      User.find_by_rss_key(params[:key])
     elsif Setting.rest_api_enabled? && api_request?
       if (key = api_key_from_request) && accept_key_auth_actions.include?(params[:action])
         # Use API key
-        User.find_by_api_key(key.to_s)
+        User.find_by_api_key(key)
       else
         # HTTP Basic, either username/password or API key/random
         authenticate_with_http_basic do |username, password|

app/models/issue.rb

@@ -368,7 +368,7 @@ class Issue < ActiveRecord::Base
   def attachment_removed(obj)
     init_journal(User.current)
     create_journal
-    last_journal.update_attribute(:changes, {"attachments_" + obj.id.to_s => [obj.filename, nil]})
+    last_journal.update_attribute(:changes, {"attachments_" + obj.id.to_s => [obj.filename, nil]}.to_yaml)
   end
 
   # Return true if the issue is closed, otherwise false

app/models/user.rb

@@ -403,8 +403,6 @@ class User < Principal
     when 'only_my_events'
       if object.is_a?(Issue) && (object.author == self || object.assigned_to == self)
         true
-      elsif object.respond_to?(:watched_by?) && object.watched_by?(self) # Make it clear that we always want to be notified about things we watch in this case
-        true
       else
         false
       end

app/models/wiki_content.rb

@@ -98,7 +98,7 @@ class WikiContent < ActiveRecord::Base
       changes.delete("text")
       changes["data"] = hash[:text]
       changes["compression"] = hash[:compression]
-      update_attribute(:changes, changes)
+      update_attribute(:changes, changes.to_yaml)
     end
 
     def text

app/views/groups/index.html.erb

@@ -19,7 +19,6 @@
     <td class="buttons"><%= link_to l(:button_delete), group, :confirm => l(:text_are_you_sure), :method => :delete, :class => 'icon icon-del' %></td>
   </tr>
 <% end %>
-  </tbody>
 </table>
 <% else %>
 <p class="nodata"><%= l(:label_no_data) %></p>

app/views/issues/_attributes.rhtml

@@ -31,8 +31,8 @@
 </div>
 
 <div class="splitcontentright">
-<p><%= f.date_field :start_date, :size => 10, :disabled => !@issue.leaf? %><%= calendar_for('issue_start_date') if @issue.leaf? %></p>
-<p><%= f.date_field :due_date, :size => 10, :disabled => !@issue.leaf? %><%= calendar_for('issue_due_date') if @issue.leaf? %></p>
+<p><%= f.date_field :start_date, :size => 10, :disabled => !@issue.leaf? %></p>
+<p><%= f.date_field :due_date, :size => 10, :disabled => !@issue.leaf? %></p>
 <p><%= f.text_field :estimated_hours, :size => 3, :disabled => !@issue.leaf? %> <%= l(:field_hours) %></p>
 <% if @issue.leaf? && Issue.use_field_for_done_ratio? %>
 <p><%= f.select :done_ratio, ((0..10).to_a.collect {|r| ["#{r*10} %", r*10] }) %></p>

config/environment.rb

@@ -21,6 +21,9 @@
 # use RACK_ENV if we are running as a simple rack app
 ENV['RAILS_ENV'] ||= ENV['RACK_ENV'] if ENV['RACK_ENV']
 
+# Specifies gem version of Rails to use when vendor/rails is not present
+RAILS_GEM_VERSION = '2.3.14' unless defined? RAILS_GEM_VERSION
+
 # this is replaced by config.encoding = "utf-8" in rails3
 if RUBY_VERSION >= '1.9'
   Encoding.default_external = 'UTF-8'

config/initializers/10-patches.rb

@@ -12,6 +12,11 @@
 # See doc/COPYRIGHT.rdoc for more details.
 #++
 
+# Patches active_support/core_ext/load_error.rb to support 1.9.3 LoadError message
+if RUBY_VERSION >= '1.9.3'
+  MissingSourceFile::REGEXPS << [/^cannot load such file -- (.+)$/i, 1]
+end
+
 require 'active_record'
 
 module ActiveRecord
@@ -157,15 +162,278 @@ module ActionController
       end
     end
   end
+
+  # Backported fix for
+  # CVE-2012-2660
+  # https://groups.google.com/group/rubyonrails-security/browse_thread/thread/f1203e3376acec0f
+  #
+  # CVE-2012-2694
+  # https://groups.google.com/group/rubyonrails-security/browse_thread/thread/8c82d9df8b401c5e
+  #
+  # TODO: Remove this once we are on Rails >= 3.2.6
+  require 'action_controller/request'
+  class Request
+    protected
+
+    # Remove nils from the params hash
+    def deep_munge(hash)
+      keys = hash.keys.find_all { |k| hash[k] == [nil] }
+      keys.each { |k| hash[k] = nil }
+
+      hash.each_value do |v|
+        case v
+        when Array
+          v.grep(Hash) { |x| deep_munge(x) }
+          v.compact!
+        when Hash
+          deep_munge(v)
+        end
+      end
+
+      hash
+    end
+
+    def parse_query(qs)
+      deep_munge(super)
+    end
+  end
 end
 
+require 'active_record/base'
+module ActiveRecord
+  class Base
+    class << self
+      # Backported fix for CVE-2012-2695
+      # https://groups.google.com/group/rubyonrails-security/browse_thread/thread/9782f44c4540cf59
+      # TODO: Remove this once we are on Rails >= 3.2.6
+      def sanitize_sql_hash_for_conditions(attrs, default_table_name = quoted_table_name, top_level = true)
+        attrs = expand_hash_conditions_for_aggregates(attrs)
+
+        conditions = attrs.map do |attr, value|
+          table_name = default_table_name
+
+          if not value.is_a?(Hash)
+            attr = attr.to_s
+
+            # Extract table name from qualified attribute names.
+            if attr.include?('.') and top_level
+              attr_table_name, attr = attr.split('.', 2)
+              attr_table_name = connection.quote_table_name(attr_table_name)
+            else
+              attr_table_name = table_name
+            end
+
+            attribute_condition("#{attr_table_name}.#{connection.quote_column_name(attr)}", value)
+          elsif top_level
+            sanitize_sql_hash_for_conditions(value, connection.quote_table_name(attr.to_s), false)
+          else
+            raise ActiveRecord::StatementInvalid
+          end
+        end.join(' AND ')
+
+        replace_bind_variables(conditions, expand_range_bind_variables(attrs.values))
+      end
+      alias_method :sanitize_sql_hash, :sanitize_sql_hash_for_conditions
+
+      # CVE-2012-5664
+      # https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/DCNTNp_qjFM
+      # TODO: remove once we are on Rails >= 3.2.10
+      def method_missing(method_id, *arguments, &block)
+        if match = DynamicFinderMatch.match(method_id)
+          attribute_names = match.attribute_names
+          super unless all_attributes_exists?(attribute_names)
+          if match.finder?
+            finder = match.finder
+            bang = match.bang?
+            # def self.find_by_login_and_activated(*args)
+            #   options = args.extract_options!
+            #   attributes = construct_attributes_from_arguments(
+            #     [:login,:activated],
+            #     args
+            #   )
+            #   finder_options = { :conditions => attributes }
+            #   validate_find_options(options)
+            #   set_readonly_option!(options)
+            #
+            #   if options[:conditions]
+            #     with_scope(:find => finder_options) do
+            #       find(:first, options)
+            #     end
+            #   else
+            #     find(:first, options.merge(finder_options))
+            #   end
+            # end
+            self.class_eval <<-EOS, __FILE__, __LINE__ + 1
+              def self.#{method_id}(*args)
+                options = if args.length > #{attribute_names.size}
+                            args.extract_options!
+                          else
+                            {}
+                          end
+                attributes = construct_attributes_from_arguments(
+                  [:#{attribute_names.join(',:')}],
+                  args
+                )
+                finder_options = { :conditions => attributes }
+                validate_find_options(options)
+                set_readonly_option!(options)
+
+                #{'result = ' if bang}if options[:conditions]
+                  with_scope(:find => finder_options) do
+                    find(:#{finder}, options)
+                  end
+                else
+                  find(:#{finder}, options.merge(finder_options))
+                end
+                #{'result || raise(RecordNotFound, "Couldn\'t find #{name} with #{attributes.to_a.collect {|pair| "#{pair.first} = #{pair.second}"}.join(\', \')}")' if bang}
+              end
+            EOS
+            send(method_id, *arguments)
+          elsif match.instantiator?
+            instantiator = match.instantiator
+            # def self.find_or_create_by_user_id(*args)
+            #   guard_protected_attributes = false
+            #
+            #   if args[0].is_a?(Hash)
+            #     guard_protected_attributes = true
+            #     attributes = args[0].with_indifferent_access
+            #     find_attributes = attributes.slice(*[:user_id])
+            #   else
+            #     find_attributes = attributes = construct_attributes_from_arguments([:user_id], args)
+            #   end
+            #
+            #   options = { :conditions => find_attributes }
+            #   set_readonly_option!(options)
+            #
+            #   record = find(:first, options)
+            #
+            #   if record.nil?
+            #     record = self.new { |r| r.send(:attributes=, attributes, guard_protected_attributes) }
+            #     yield(record) if block_given?
+            #     record.save
+            #     record
+            #   else
+            #     record
+            #   end
+            # end
+            self.class_eval <<-EOS, __FILE__, __LINE__ + 1
+              def self.#{method_id}(*args)
+                attributes = [:#{attribute_names.join(',:')}]
+                protected_attributes_for_create, unprotected_attributes_for_create = {}, {}
+                args.each_with_index do |arg, i|
+                  if arg.is_a?(Hash)
+                    protected_attributes_for_create = args[i].with_indifferent_access
+                  else
+                    unprotected_attributes_for_create[attributes[i]] = args[i]
+                  end
+                end
+
+                find_attributes = (protected_attributes_for_create.merge(unprotected_attributes_for_create)).slice(*attributes)
+
+                options = { :conditions => find_attributes }
+                set_readonly_option!(options)
+
+                record = find(:first, options)
+
+                if record.nil?
+                  record = self.new do |r|
+                    r.send(:attributes=, protected_attributes_for_create, true) unless protected_attributes_for_create.empty?
+                    r.send(:attributes=, unprotected_attributes_for_create, false) unless unprotected_attributes_for_create.empty?
+                  end
+                  #{'yield(record) if block_given?'}
+                  #{'record.save' if instantiator == :create}
+                  record
+                else
+                  record
+                end
+              end
+            EOS
+            send(method_id, *arguments, &block)
+          end
+        elsif match = DynamicScopeMatch.match(method_id)
+          attribute_names = match.attribute_names
+          super unless all_attributes_exists?(attribute_names)
+          if match.scope?
+            self.class_eval <<-EOS, __FILE__, __LINE__ + 1
+              def self.#{method_id}(*args)                        # def self.scoped_by_user_name_and_password(*args)
+                options = args.extract_options!                   #   options = args.extract_options!
+                attributes = construct_attributes_from_arguments( #   attributes = construct_attributes_from_arguments(
+                  [:#{attribute_names.join(',:')}], args          #     [:user_name, :password], args
+                )                                                 #   )
+                                                                  #
+                scoped(:conditions => attributes)                 #   scoped(:conditions => attributes)
+              end                                                 # end
+            EOS
+            send(method_id, *arguments)
+          end
+        else
+          super
+        end
+      end
+    end
+  end
+end
+
+# Backported fix for CVE-2012-3465
+# https://groups.google.com/d/msg/rubyonrails-security/FgVEtBajcTY/tYLS1JJTu38J
+# TODO: Remove this once we are on Rails >= 3.2.8
+require 'action_view/helpers/sanitize_helper'
+module ActionView::Helpers::SanitizeHelper
+  def strip_tags(html)
+    self.class.full_sanitizer.sanitize(html)
+  end
+end
+
+# Backported fix for CVE-2012-3464
+# https://groups.google.com/d/msg/rubyonrails-security/kKGNeMrnmiY/r2yM7xy-G48J
+# TODO: Remove this once we are on Rails >= 3.2.8
+require 'active_support/core_ext/string/output_safety'
+class ERB
+  module Util
+    HTML_ESCAPE["'"] = '&#39;'
+
+    if RUBY_VERSION >= '1.9'
+      # A utility method for escaping HTML tag characters.
+      # This method is also aliased as <tt>h</tt>.
+      #
+      # In your ERB templates, use this method to escape any unsafe content. For example:
+      # <%=h @person.name %>
+      #
+      # ==== Example:
+      # puts html_escape("is a > 0 & a < 10?")
+      # # => is a &gt; 0 &amp; a &lt; 10?
+      def html_escape(s)
+        s = s.to_s
+        if s.html_safe?
+          s
+        else
+          s.gsub(/[&"'><]/, HTML_ESCAPE).html_safe
+        end
+      end
+    else
+      def html_escape(s) #:nodoc:
+        s = s.to_s
+        if s.html_safe?
+          s
+        else
+          s.gsub(/[&"'><]/n) { |special| HTML_ESCAPE[special] }.html_safe
+        end
+      end
+    end
+
+    # Aliasing twice issues a warning "discarding old...". Remove first to avoid it.
+    remove_method(:h)
+    alias h html_escape
+
+    module_function :h
+
+    singleton_class.send(:remove_method, :html_escape)
+    module_function :html_escape
+  end
+end
 require 'action_view/helpers/tag_helper'
 module ActionView::Helpers::TagHelper
   def escape_once(html)
     ActiveSupport::Multibyte.clean(html.to_s).gsub(/[\"\'><]|&(?!([a-zA-Z]+|(#\d+));)/) { |special| ERB::Util::HTML_ESCAPE[special] }
   end
 end
-
-# Workaround for CVE-2013-0333
-# https://groups.google.com/forum/?fromgroups=#!msg/rubyonrails-security/1h2DR63ViGo/GOUVafeaF1IJ
-ActiveSupport::JSON.backend = "JSONGem"

db/migrate/20100714111652_update_journals_for_acts_as_journalized.rb

@@ -50,6 +50,7 @@ class UpdateJournalsForActsAsJournalized < ActiveRecord::Migration
       t.string :journalized_type, :limit => 30, :default => "", :null => false
     end
 
+    custom_field_names = CustomField.all.group_by(&:type)[IssueCustomField].collect(&:name)
     Journal.all.each do |j|
       # Can't used j.journalized.class.name because the model changes make it nil
       j.update_attribute(:journalized_type, j.type.to_s.sub("Journal","")) if j.type.present?

db/migrate/20100714111654_add_changes_from_journal_details_for_acts_as_journalized.rb

@@ -31,7 +31,7 @@ class AddChangesFromJournalDetailsForActsAsJournalized < ActiveRecord::Migration
           changes["attachments_" + detail.prop_key.to_s] = [detail.old_value, detail.value]
         end
         begin
-          journal.update_attribute(:changes, changes)
+          journal.update_attribute(:changes, changes.to_yaml)
         rescue ActiveRecord::RecordInvalid => ex
           puts "Error saving: #{journal.class.to_s}##{journal.id} - #{ex.message}"
         end

db/migrate/20100804112053_merge_wiki_versions_with_journals.rb

@@ -39,7 +39,7 @@ class MergeWikiVersionsWithJournals < ActiveRecord::Migration
       changes = {}
       changes["compression"] = wv.compression
       changes["data"] = wv.data
-      journal.update_attribute(:changes, changes)
+      journal.update_attribute(:changes, changes.to_yaml)
       journal.update_attribute(:version, wv.version)
     end
     # drop_table :wiki_content_versions

doc/CHANGELOG.rdoc

@@ -1,31 +1,5 @@
 = ChiliProject Changelog
 
-== 2013-03-19 v3.8.0
-
-* Bug #1121: Date Picker Icons disappear when changing the Tracker
-* Bug #1164: Error in "rake db:migrate:down VERSION=20100714111652"
-* Bug #1248: Routing issue
-* Security - Bug #1252: Update Rails to 2.3.18
-
-== 2013-02-13 v3.7.0
-
-* Security - Feature #1233: Bump rails to 2.3.17 to address [CVE-2013-0276]
-* Security - Bug #1234: Potential vulnerability in token authentication when running on MySQL
-* Bug #1235: Liquid's last filter errors out
-
-== 2013-01-29 v3.6.0
-
-* Bug #1216: "Only for things I watch or I'm involved in" sends notifications only for issues
-* Security - Bug #1219: Vulnerability in JSON Parser in Ruby on Rails (CVE-2013-0333)
-
-== 2013-01-16 v3.5.1
-
-* Security - Bug #1208: Unsafe Query Generation Risk in Ruby on Rails (CVE-2013-0155)
-
-== 2013-01-09 v3.5.0
-
-* Security - Bug #1200: Multiple vulnerabilities in parameter parsing in Action Pack (CVE-2013-0156)
-
 == 2013-01-06 v3.4.0
 
 * Bug #904: Copy workflow doesn’t work on per-author / per-assigned modifier

lib/chili_project/liquid/filters.rb

@@ -59,7 +59,7 @@ module ChiliProject
       # Example:
       #    {{ product.images | last | to_img }}
       def last(array, count=nil)
-        return array.last if count.nil? && array.respond_to?(:last)
+        array.last if count=nil? && array.respond_to?(:last)
         if array.respond_to?(:[])
           count.to_i > 0 ? array[(count.to_i * -1)..-1] : []
         end

lib/chili_project/version.rb

@@ -18,7 +18,7 @@ module ChiliProject
   module VERSION #:nodoc:
 
     MAJOR = 3
-    MINOR = 8
+    MINOR = 4
     PATCH = 0
     TINY  = PATCH # Redmine compat
 

lib/redmine.rb

@@ -26,6 +26,8 @@ require 'redmine/notifiable'
 require 'redmine/wiki_formatting'
 require 'redmine/scm/base'
 
+RMAGICK_BYPASS_VERSION_TEST = true
+
 begin
   require_library_or_gem 'RMagick' unless Object.const_defined?(:Magick)
 rescue LoadError

test/test_helper.rb

@@ -170,14 +170,14 @@ class ActiveSupport::TestCase
 
       should "use the new value's name" do
         @detail = IssueJournal.generate(:version => 1, :journaled => Issue.last)
-        @detail.update_attribute(:changes, {prop_key => [@old_value.id, @new_value.id]})
+        @detail.update_attribute(:changes, {prop_key => [@old_value.id, @new_value.id]}.to_yaml)
 
         assert_match @new_value.class.find(@new_value.id).name, @detail.render_detail(prop_key, true)
       end
 
       should "use the old value's name" do
         @detail = IssueJournal.generate(:version => 1, :journaled => Issue.last)
-        @detail.update_attribute(:changes, {prop_key => [@old_value.id, @new_value.id]})
+        @detail.update_attribute(:changes, {prop_key => [@old_value.id, @new_value.id]}.to_yaml)
 
         assert_match @old_value.class.find(@old_value.id).name, @detail.render_detail(prop_key, true)
       end