Compare commits
42 Commits
rmagick_by
...
master
Author | SHA1 | Date |
---|---|---|
Felix Schäfer | dfb77852cf | |
Holger Just | 93de0ba668 | |
Holger Just | fdc9c245ac | |
Holger Just | d7b23acea0 | |
Holger Just | f9babbbbc3 | |
Toshi MARUYAMA | 90a05668a0 | |
Holger Just | e4b814e167 | |
Felix Schäfer | 304155122d | |
Felix Schäfer | 1e2a029099 | |
Holger Just | 68e6d171b1 | |
Gregor Schmidt | d6e5c9e1fa | |
Holger Just | 63976e6522 | |
Holger Just | 31ad2ef6c3 | |
Holger Just | 595e60fb9c | |
Holger Just | 8b357a118d | |
Holger Just | 6d3dc6e619 | |
Holger Just | 0b567641bc | |
Holger Just | fd306095c6 | |
Holger Just | 430b6bb442 | |
Felix Schäfer | 3f9007b909 | |
Felix Schäfer | 6bef9c26ab | |
Felix Schäfer | 6744e23ed2 | |
Felix Schäfer | 065542c7d1 | |
Felix Schäfer | dc66e8f831 | |
Felix Schäfer | 6e30b3d3fc | |
Holger Just | 2854524ba9 | |
Holger Just | eb41df17d2 | |
Holger Just | 7f7a06706f | |
Holger Just | db3087b318 | |
Holger Just | d8536ced55 | |
Holger Just | 908391d54e | |
Holger Just | 93b2a1daf9 | |
Holger Just | c69a005353 | |
Holger Just | bf4ed9b37b | |
Holger Just | 90a94d75c3 | |
Holger Just | 080c5b63ca | |
Holger Just | 22204d588d | |
Holger Just | 59e2a2fdde | |
Holger Just | 221a2e73ce | |
Holger Just | e6e057d10d | |
Holger Just | d61ad01308 | |
Holger Just | 11e93ff36a |
42
.travis.yml
42
.travis.yml
|
@ -5,30 +5,48 @@ rvm:
|
||||||
- 1.9.3
|
- 1.9.3
|
||||||
- rbx-18mode
|
- rbx-18mode
|
||||||
env:
|
env:
|
||||||
- "RAILS_ENV=test DB=mysql BUNDLE_WITHOUT=rmagick:mysql2:postgres:sqlite"
|
- "TEST_SUITE=units RAILS_ENV=test DB=mysql BUNDLE_WITHOUT=rmagick:mysql2:postgres:sqlite"
|
||||||
- "RAILS_ENV=test DB=mysql2 BUNDLE_WITHOUT=rmagick:mysql:postgres:sqlite"
|
- "TEST_SUITE=units RAILS_ENV=test DB=mysql2 BUNDLE_WITHOUT=rmagick:mysql:postgres:sqlite"
|
||||||
- "RAILS_ENV=test DB=postgres BUNDLE_WITHOUT=rmagick:mysql:mysql2:sqlite"
|
- "TEST_SUITE=units RAILS_ENV=test DB=postgres BUNDLE_WITHOUT=rmagick:mysql:mysql2:sqlite"
|
||||||
- "RAILS_ENV=test DB=sqlite BUNDLE_WITHOUT=rmagick:mysql:mysql2:postgres"
|
- "TEST_SUITE=units RAILS_ENV=test DB=sqlite BUNDLE_WITHOUT=rmagick:mysql:mysql2:postgres"
|
||||||
|
- "TEST_SUITE=functionals RAILS_ENV=test DB=mysql BUNDLE_WITHOUT=rmagick:mysql2:postgres:sqlite"
|
||||||
|
- "TEST_SUITE=functionals RAILS_ENV=test DB=mysql2 BUNDLE_WITHOUT=rmagick:mysql:postgres:sqlite"
|
||||||
|
- "TEST_SUITE=functionals RAILS_ENV=test DB=postgres BUNDLE_WITHOUT=rmagick:mysql:mysql2:sqlite"
|
||||||
|
- "TEST_SUITE=functionals RAILS_ENV=test DB=sqlite BUNDLE_WITHOUT=rmagick:mysql:mysql2:postgres"
|
||||||
|
- "TEST_SUITE=integration RAILS_ENV=test DB=mysql BUNDLE_WITHOUT=rmagick:mysql2:postgres:sqlite"
|
||||||
|
- "TEST_SUITE=integration RAILS_ENV=test DB=mysql2 BUNDLE_WITHOUT=rmagick:mysql:postgres:sqlite"
|
||||||
|
- "TEST_SUITE=integration RAILS_ENV=test DB=postgres BUNDLE_WITHOUT=rmagick:mysql:mysql2:sqlite"
|
||||||
|
- "TEST_SUITE=integration RAILS_ENV=test DB=sqlite BUNDLE_WITHOUT=rmagick:mysql:mysql2:postgres"
|
||||||
matrix:
|
matrix:
|
||||||
exclude:
|
exclude:
|
||||||
- rvm: 1.9.2
|
- rvm: 1.9.2
|
||||||
env: "RAILS_ENV=test DB=mysql BUNDLE_WITHOUT=rmagick:mysql2:postgres:sqlite"
|
env: "TEST_SUITE=units RAILS_ENV=test DB=mysql BUNDLE_WITHOUT=rmagick:mysql2:postgres:sqlite"
|
||||||
|
- rvm: 1.9.2
|
||||||
|
env: "TEST_SUITE=functionals RAILS_ENV=test DB=mysql BUNDLE_WITHOUT=rmagick:mysql2:postgres:sqlite"
|
||||||
|
- rvm: 1.9.2
|
||||||
|
env: "TEST_SUITE=integration RAILS_ENV=test DB=mysql BUNDLE_WITHOUT=rmagick:mysql2:postgres:sqlite"
|
||||||
- rvm: 1.9.3
|
- rvm: 1.9.3
|
||||||
env: "RAILS_ENV=test DB=mysql BUNDLE_WITHOUT=rmagick:mysql2:postgres:sqlite"
|
env: "TEST_SUITE=units RAILS_ENV=test DB=mysql BUNDLE_WITHOUT=rmagick:mysql2:postgres:sqlite"
|
||||||
|
- rvm: 1.9.3
|
||||||
|
env: "TEST_SUITE=functionals RAILS_ENV=test DB=mysql BUNDLE_WITHOUT=rmagick:mysql2:postgres:sqlite"
|
||||||
|
- rvm: 1.9.3
|
||||||
|
env: "TEST_SUITE=integration RAILS_ENV=test DB=mysql BUNDLE_WITHOUT=rmagick:mysql2:postgres:sqlite"
|
||||||
- rvm: rbx-18mode
|
- rvm: rbx-18mode
|
||||||
env: "RAILS_ENV=test DB=mysql BUNDLE_WITHOUT=rmagick:mysql2:postgres:sqlite"
|
env: "TEST_SUITE=units RAILS_ENV=test DB=mysql BUNDLE_WITHOUT=rmagick:mysql2:postgres:sqlite"
|
||||||
|
- rvm: rbx-18mode
|
||||||
|
env: "TEST_SUITE=functionals RAILS_ENV=test DB=mysql BUNDLE_WITHOUT=rmagick:mysql2:postgres:sqlite"
|
||||||
|
- rvm: rbx-18mode
|
||||||
|
env: "TEST_SUITE=integration RAILS_ENV=test DB=mysql BUNDLE_WITHOUT=rmagick:mysql2:postgres:sqlite"
|
||||||
allow_failures:
|
allow_failures:
|
||||||
- rvm: rbx-18mode
|
- rvm: rbx-18mode
|
||||||
before_install:
|
before_install:
|
||||||
- "sudo apt-get update -qq"
|
- "sudo apt-get update -qq"
|
||||||
- "sudo apt-get --no-install-recommends install bzr cvs git mercurial subversion"
|
- "sudo apt-get --no-install-recommends install bzr cvs git mercurial subversion"
|
||||||
|
|
||||||
# Our tests don't work on Darcs >= 2.5, so we use Darcs 2.3 from Ubuntu Lucy
|
|
||||||
- "sudo apt-get --no-install-recommends install libc6 libcurl3-gnutls libgmp3c2 libncurses5 zlib1g"
|
|
||||||
- "wget http://de.archive.ubuntu.com/ubuntu/pool/main/libf/libffi/libffi5_3.0.9-1_i386.deb -O /tmp/libffi5_3.0.9-1_i386.deb; sudo dpkg -i /tmp/libffi5_3.0.9-1_i386.deb"
|
|
||||||
- "wget http://de.archive.ubuntu.com/ubuntu/pool/universe/d/darcs/darcs_2.3.0-3_i386.deb -O /tmp/darcs_2.3.0-3_i386.deb; sudo dpkg -i /tmp/darcs_2.3.0-3_i386.deb"
|
|
||||||
before_script:
|
before_script:
|
||||||
|
- "rvm rubygems 1.8.25" # Rubygems 2.0.x fails with Rails 2.3
|
||||||
- "rake ci:travis:prepare"
|
- "rake ci:travis:prepare"
|
||||||
|
- "rm -rf tmp/test/darcs_repository" # Don't test Darcs on Travis. It breaks there :(
|
||||||
|
script: "bundle exec rake test:$TEST_SUITE"
|
||||||
branches:
|
branches:
|
||||||
only:
|
only:
|
||||||
- unstable
|
- unstable
|
||||||
|
|
5
Gemfile
5
Gemfile
|
@ -1,8 +1,9 @@
|
||||||
# -*- coding: utf-8 -*-
|
# -*- coding: utf-8 -*-
|
||||||
source :rubygems
|
source "https://rubygems.org"
|
||||||
|
|
||||||
gem "rails", "2.3.14"
|
gem "rails", "2.3.18"
|
||||||
|
|
||||||
|
gem "json", "~> 1.7.7"
|
||||||
gem "coderay", "~> 1.0.0"
|
gem "coderay", "~> 1.0.0"
|
||||||
gem "i18n", "~> 0.4.2"
|
gem "i18n", "~> 0.4.2"
|
||||||
gem "rubytree", "~> 0.5.2", :require => 'tree'
|
gem "rubytree", "~> 0.5.2", :require => 'tree'
|
||||||
|
|
|
@ -37,7 +37,7 @@ class AccountController < ApplicationController
|
||||||
def lost_password
|
def lost_password
|
||||||
redirect_to(home_url) && return unless Setting.lost_password?
|
redirect_to(home_url) && return unless Setting.lost_password?
|
||||||
if params[:token]
|
if params[:token]
|
||||||
@token = Token.find_by_action_and_value("recovery", params[:token])
|
@token = Token.find_by_action_and_value("recovery", params[:token].to_s)
|
||||||
redirect_to(home_url) && return unless @token and !@token.expired?
|
redirect_to(home_url) && return unless @token and !@token.expired?
|
||||||
@user = @token.user
|
@user = @token.user
|
||||||
if request.post?
|
if request.post?
|
||||||
|
@ -53,7 +53,7 @@ class AccountController < ApplicationController
|
||||||
return
|
return
|
||||||
else
|
else
|
||||||
if request.post?
|
if request.post?
|
||||||
user = User.find_by_mail(params[:mail])
|
user = User.find_by_mail(params[:mail].to_s)
|
||||||
# user not found in db
|
# user not found in db
|
||||||
(flash.now[:error] = l(:notice_account_unknown_email); return) unless user
|
(flash.now[:error] = l(:notice_account_unknown_email); return) unless user
|
||||||
# user uses an external authentification
|
# user uses an external authentification
|
||||||
|
@ -109,7 +109,7 @@ class AccountController < ApplicationController
|
||||||
# Token based account activation
|
# Token based account activation
|
||||||
def activate
|
def activate
|
||||||
redirect_to(home_url) && return unless Setting.self_registration? && params[:token]
|
redirect_to(home_url) && return unless Setting.self_registration? && params[:token]
|
||||||
token = Token.find_by_action_and_value('register', params[:token])
|
token = Token.find_by_action_and_value('register', params[:token].to_s)
|
||||||
redirect_to(home_url) && return unless token and !token.expired?
|
redirect_to(home_url) && return unless token and !token.expired?
|
||||||
user = token.user
|
user = token.user
|
||||||
redirect_to(home_url) && return unless user.registered?
|
redirect_to(home_url) && return unless user.registered?
|
||||||
|
|
|
@ -54,7 +54,14 @@ class ApplicationController < ActionController::Base
|
||||||
|
|
||||||
# FIXME: This doesn't work with Rails >= 3.0 anymore
|
# FIXME: This doesn't work with Rails >= 3.0 anymore
|
||||||
# Possible workaround: https://github.com/rails/rails/issues/671#issuecomment-1780159
|
# Possible workaround: https://github.com/rails/rails/issues/671#issuecomment-1780159
|
||||||
rescue_from ActionController::RoutingError, :with => proc{render_404}
|
rescue_from ActionController::RoutingError, :with => proc{
|
||||||
|
# manually apply basic before_filters which aren't applied by default here
|
||||||
|
user_setup
|
||||||
|
check_if_login_required
|
||||||
|
set_localization
|
||||||
|
|
||||||
|
render_404
|
||||||
|
}
|
||||||
|
|
||||||
include Redmine::Search::Controller
|
include Redmine::Search::Controller
|
||||||
include Redmine::MenuManager::MenuController
|
include Redmine::MenuManager::MenuController
|
||||||
|
@ -82,11 +89,11 @@ class ApplicationController < ActionController::Base
|
||||||
user
|
user
|
||||||
elsif params[:format] == 'atom' && params[:key] && accept_key_auth_actions.include?(params[:action])
|
elsif params[:format] == 'atom' && params[:key] && accept_key_auth_actions.include?(params[:action])
|
||||||
# RSS key authentication does not start a session
|
# RSS key authentication does not start a session
|
||||||
User.find_by_rss_key(params[:key])
|
User.find_by_rss_key(params[:key].to_s)
|
||||||
elsif Setting.rest_api_enabled? && api_request?
|
elsif Setting.rest_api_enabled? && api_request?
|
||||||
if (key = api_key_from_request) && accept_key_auth_actions.include?(params[:action])
|
if (key = api_key_from_request) && accept_key_auth_actions.include?(params[:action])
|
||||||
# Use API key
|
# Use API key
|
||||||
User.find_by_api_key(key)
|
User.find_by_api_key(key.to_s)
|
||||||
else
|
else
|
||||||
# HTTP Basic, either username/password or API key/random
|
# HTTP Basic, either username/password or API key/random
|
||||||
authenticate_with_http_basic do |username, password|
|
authenticate_with_http_basic do |username, password|
|
||||||
|
|
|
@ -368,7 +368,7 @@ class Issue < ActiveRecord::Base
|
||||||
def attachment_removed(obj)
|
def attachment_removed(obj)
|
||||||
init_journal(User.current)
|
init_journal(User.current)
|
||||||
create_journal
|
create_journal
|
||||||
last_journal.update_attribute(:changes, {"attachments_" + obj.id.to_s => [obj.filename, nil]}.to_yaml)
|
last_journal.update_attribute(:changes, {"attachments_" + obj.id.to_s => [obj.filename, nil]})
|
||||||
end
|
end
|
||||||
|
|
||||||
# Return true if the issue is closed, otherwise false
|
# Return true if the issue is closed, otherwise false
|
||||||
|
|
|
@ -403,6 +403,8 @@ class User < Principal
|
||||||
when 'only_my_events'
|
when 'only_my_events'
|
||||||
if object.is_a?(Issue) && (object.author == self || object.assigned_to == self)
|
if object.is_a?(Issue) && (object.author == self || object.assigned_to == self)
|
||||||
true
|
true
|
||||||
|
elsif object.respond_to?(:watched_by?) && object.watched_by?(self) # Make it clear that we always want to be notified about things we watch in this case
|
||||||
|
true
|
||||||
else
|
else
|
||||||
false
|
false
|
||||||
end
|
end
|
||||||
|
|
|
@ -98,7 +98,7 @@ class WikiContent < ActiveRecord::Base
|
||||||
changes.delete("text")
|
changes.delete("text")
|
||||||
changes["data"] = hash[:text]
|
changes["data"] = hash[:text]
|
||||||
changes["compression"] = hash[:compression]
|
changes["compression"] = hash[:compression]
|
||||||
update_attribute(:changes, changes.to_yaml)
|
update_attribute(:changes, changes)
|
||||||
end
|
end
|
||||||
|
|
||||||
def text
|
def text
|
||||||
|
|
|
@ -19,6 +19,7 @@
|
||||||
<td class="buttons"><%= link_to l(:button_delete), group, :confirm => l(:text_are_you_sure), :method => :delete, :class => 'icon icon-del' %></td>
|
<td class="buttons"><%= link_to l(:button_delete), group, :confirm => l(:text_are_you_sure), :method => :delete, :class => 'icon icon-del' %></td>
|
||||||
</tr>
|
</tr>
|
||||||
<% end %>
|
<% end %>
|
||||||
|
</tbody>
|
||||||
</table>
|
</table>
|
||||||
<% else %>
|
<% else %>
|
||||||
<p class="nodata"><%= l(:label_no_data) %></p>
|
<p class="nodata"><%= l(:label_no_data) %></p>
|
||||||
|
|
|
@ -31,8 +31,8 @@
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="splitcontentright">
|
<div class="splitcontentright">
|
||||||
<p><%= f.date_field :start_date, :size => 10, :disabled => !@issue.leaf? %></p>
|
<p><%= f.date_field :start_date, :size => 10, :disabled => !@issue.leaf? %><%= calendar_for('issue_start_date') if @issue.leaf? %></p>
|
||||||
<p><%= f.date_field :due_date, :size => 10, :disabled => !@issue.leaf? %></p>
|
<p><%= f.date_field :due_date, :size => 10, :disabled => !@issue.leaf? %><%= calendar_for('issue_due_date') if @issue.leaf? %></p>
|
||||||
<p><%= f.text_field :estimated_hours, :size => 3, :disabled => !@issue.leaf? %> <%= l(:field_hours) %></p>
|
<p><%= f.text_field :estimated_hours, :size => 3, :disabled => !@issue.leaf? %> <%= l(:field_hours) %></p>
|
||||||
<% if @issue.leaf? && Issue.use_field_for_done_ratio? %>
|
<% if @issue.leaf? && Issue.use_field_for_done_ratio? %>
|
||||||
<p><%= f.select :done_ratio, ((0..10).to_a.collect {|r| ["#{r*10} %", r*10] }) %></p>
|
<p><%= f.select :done_ratio, ((0..10).to_a.collect {|r| ["#{r*10} %", r*10] }) %></p>
|
||||||
|
|
|
@ -21,9 +21,6 @@
|
||||||
# use RACK_ENV if we are running as a simple rack app
|
# use RACK_ENV if we are running as a simple rack app
|
||||||
ENV['RAILS_ENV'] ||= ENV['RACK_ENV'] if ENV['RACK_ENV']
|
ENV['RAILS_ENV'] ||= ENV['RACK_ENV'] if ENV['RACK_ENV']
|
||||||
|
|
||||||
# Specifies gem version of Rails to use when vendor/rails is not present
|
|
||||||
RAILS_GEM_VERSION = '2.3.14' unless defined? RAILS_GEM_VERSION
|
|
||||||
|
|
||||||
# this is replaced by config.encoding = "utf-8" in rails3
|
# this is replaced by config.encoding = "utf-8" in rails3
|
||||||
if RUBY_VERSION >= '1.9'
|
if RUBY_VERSION >= '1.9'
|
||||||
Encoding.default_external = 'UTF-8'
|
Encoding.default_external = 'UTF-8'
|
||||||
|
|
|
@ -12,11 +12,6 @@
|
||||||
# See doc/COPYRIGHT.rdoc for more details.
|
# See doc/COPYRIGHT.rdoc for more details.
|
||||||
#++
|
#++
|
||||||
|
|
||||||
# Patches active_support/core_ext/load_error.rb to support 1.9.3 LoadError message
|
|
||||||
if RUBY_VERSION >= '1.9.3'
|
|
||||||
MissingSourceFile::REGEXPS << [/^cannot load such file -- (.+)$/i, 1]
|
|
||||||
end
|
|
||||||
|
|
||||||
require 'active_record'
|
require 'active_record'
|
||||||
|
|
||||||
module ActiveRecord
|
module ActiveRecord
|
||||||
|
@ -162,278 +157,15 @@ module ActionController
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
# Backported fix for
|
|
||||||
# CVE-2012-2660
|
|
||||||
# https://groups.google.com/group/rubyonrails-security/browse_thread/thread/f1203e3376acec0f
|
|
||||||
#
|
|
||||||
# CVE-2012-2694
|
|
||||||
# https://groups.google.com/group/rubyonrails-security/browse_thread/thread/8c82d9df8b401c5e
|
|
||||||
#
|
|
||||||
# TODO: Remove this once we are on Rails >= 3.2.6
|
|
||||||
require 'action_controller/request'
|
|
||||||
class Request
|
|
||||||
protected
|
|
||||||
|
|
||||||
# Remove nils from the params hash
|
|
||||||
def deep_munge(hash)
|
|
||||||
keys = hash.keys.find_all { |k| hash[k] == [nil] }
|
|
||||||
keys.each { |k| hash[k] = nil }
|
|
||||||
|
|
||||||
hash.each_value do |v|
|
|
||||||
case v
|
|
||||||
when Array
|
|
||||||
v.grep(Hash) { |x| deep_munge(x) }
|
|
||||||
v.compact!
|
|
||||||
when Hash
|
|
||||||
deep_munge(v)
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
hash
|
|
||||||
end
|
|
||||||
|
|
||||||
def parse_query(qs)
|
|
||||||
deep_munge(super)
|
|
||||||
end
|
|
||||||
end
|
|
||||||
end
|
end
|
||||||
|
|
||||||
require 'active_record/base'
|
|
||||||
module ActiveRecord
|
|
||||||
class Base
|
|
||||||
class << self
|
|
||||||
# Backported fix for CVE-2012-2695
|
|
||||||
# https://groups.google.com/group/rubyonrails-security/browse_thread/thread/9782f44c4540cf59
|
|
||||||
# TODO: Remove this once we are on Rails >= 3.2.6
|
|
||||||
def sanitize_sql_hash_for_conditions(attrs, default_table_name = quoted_table_name, top_level = true)
|
|
||||||
attrs = expand_hash_conditions_for_aggregates(attrs)
|
|
||||||
|
|
||||||
conditions = attrs.map do |attr, value|
|
|
||||||
table_name = default_table_name
|
|
||||||
|
|
||||||
if not value.is_a?(Hash)
|
|
||||||
attr = attr.to_s
|
|
||||||
|
|
||||||
# Extract table name from qualified attribute names.
|
|
||||||
if attr.include?('.') and top_level
|
|
||||||
attr_table_name, attr = attr.split('.', 2)
|
|
||||||
attr_table_name = connection.quote_table_name(attr_table_name)
|
|
||||||
else
|
|
||||||
attr_table_name = table_name
|
|
||||||
end
|
|
||||||
|
|
||||||
attribute_condition("#{attr_table_name}.#{connection.quote_column_name(attr)}", value)
|
|
||||||
elsif top_level
|
|
||||||
sanitize_sql_hash_for_conditions(value, connection.quote_table_name(attr.to_s), false)
|
|
||||||
else
|
|
||||||
raise ActiveRecord::StatementInvalid
|
|
||||||
end
|
|
||||||
end.join(' AND ')
|
|
||||||
|
|
||||||
replace_bind_variables(conditions, expand_range_bind_variables(attrs.values))
|
|
||||||
end
|
|
||||||
alias_method :sanitize_sql_hash, :sanitize_sql_hash_for_conditions
|
|
||||||
|
|
||||||
# CVE-2012-5664
|
|
||||||
# https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/DCNTNp_qjFM
|
|
||||||
# TODO: remove once we are on Rails >= 3.2.10
|
|
||||||
def method_missing(method_id, *arguments, &block)
|
|
||||||
if match = DynamicFinderMatch.match(method_id)
|
|
||||||
attribute_names = match.attribute_names
|
|
||||||
super unless all_attributes_exists?(attribute_names)
|
|
||||||
if match.finder?
|
|
||||||
finder = match.finder
|
|
||||||
bang = match.bang?
|
|
||||||
# def self.find_by_login_and_activated(*args)
|
|
||||||
# options = args.extract_options!
|
|
||||||
# attributes = construct_attributes_from_arguments(
|
|
||||||
# [:login,:activated],
|
|
||||||
# args
|
|
||||||
# )
|
|
||||||
# finder_options = { :conditions => attributes }
|
|
||||||
# validate_find_options(options)
|
|
||||||
# set_readonly_option!(options)
|
|
||||||
#
|
|
||||||
# if options[:conditions]
|
|
||||||
# with_scope(:find => finder_options) do
|
|
||||||
# find(:first, options)
|
|
||||||
# end
|
|
||||||
# else
|
|
||||||
# find(:first, options.merge(finder_options))
|
|
||||||
# end
|
|
||||||
# end
|
|
||||||
self.class_eval <<-EOS, __FILE__, __LINE__ + 1
|
|
||||||
def self.#{method_id}(*args)
|
|
||||||
options = if args.length > #{attribute_names.size}
|
|
||||||
args.extract_options!
|
|
||||||
else
|
|
||||||
{}
|
|
||||||
end
|
|
||||||
attributes = construct_attributes_from_arguments(
|
|
||||||
[:#{attribute_names.join(',:')}],
|
|
||||||
args
|
|
||||||
)
|
|
||||||
finder_options = { :conditions => attributes }
|
|
||||||
validate_find_options(options)
|
|
||||||
set_readonly_option!(options)
|
|
||||||
|
|
||||||
#{'result = ' if bang}if options[:conditions]
|
|
||||||
with_scope(:find => finder_options) do
|
|
||||||
find(:#{finder}, options)
|
|
||||||
end
|
|
||||||
else
|
|
||||||
find(:#{finder}, options.merge(finder_options))
|
|
||||||
end
|
|
||||||
#{'result || raise(RecordNotFound, "Couldn\'t find #{name} with #{attributes.to_a.collect {|pair| "#{pair.first} = #{pair.second}"}.join(\', \')}")' if bang}
|
|
||||||
end
|
|
||||||
EOS
|
|
||||||
send(method_id, *arguments)
|
|
||||||
elsif match.instantiator?
|
|
||||||
instantiator = match.instantiator
|
|
||||||
# def self.find_or_create_by_user_id(*args)
|
|
||||||
# guard_protected_attributes = false
|
|
||||||
#
|
|
||||||
# if args[0].is_a?(Hash)
|
|
||||||
# guard_protected_attributes = true
|
|
||||||
# attributes = args[0].with_indifferent_access
|
|
||||||
# find_attributes = attributes.slice(*[:user_id])
|
|
||||||
# else
|
|
||||||
# find_attributes = attributes = construct_attributes_from_arguments([:user_id], args)
|
|
||||||
# end
|
|
||||||
#
|
|
||||||
# options = { :conditions => find_attributes }
|
|
||||||
# set_readonly_option!(options)
|
|
||||||
#
|
|
||||||
# record = find(:first, options)
|
|
||||||
#
|
|
||||||
# if record.nil?
|
|
||||||
# record = self.new { |r| r.send(:attributes=, attributes, guard_protected_attributes) }
|
|
||||||
# yield(record) if block_given?
|
|
||||||
# record.save
|
|
||||||
# record
|
|
||||||
# else
|
|
||||||
# record
|
|
||||||
# end
|
|
||||||
# end
|
|
||||||
self.class_eval <<-EOS, __FILE__, __LINE__ + 1
|
|
||||||
def self.#{method_id}(*args)
|
|
||||||
attributes = [:#{attribute_names.join(',:')}]
|
|
||||||
protected_attributes_for_create, unprotected_attributes_for_create = {}, {}
|
|
||||||
args.each_with_index do |arg, i|
|
|
||||||
if arg.is_a?(Hash)
|
|
||||||
protected_attributes_for_create = args[i].with_indifferent_access
|
|
||||||
else
|
|
||||||
unprotected_attributes_for_create[attributes[i]] = args[i]
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
find_attributes = (protected_attributes_for_create.merge(unprotected_attributes_for_create)).slice(*attributes)
|
|
||||||
|
|
||||||
options = { :conditions => find_attributes }
|
|
||||||
set_readonly_option!(options)
|
|
||||||
|
|
||||||
record = find(:first, options)
|
|
||||||
|
|
||||||
if record.nil?
|
|
||||||
record = self.new do |r|
|
|
||||||
r.send(:attributes=, protected_attributes_for_create, true) unless protected_attributes_for_create.empty?
|
|
||||||
r.send(:attributes=, unprotected_attributes_for_create, false) unless unprotected_attributes_for_create.empty?
|
|
||||||
end
|
|
||||||
#{'yield(record) if block_given?'}
|
|
||||||
#{'record.save' if instantiator == :create}
|
|
||||||
record
|
|
||||||
else
|
|
||||||
record
|
|
||||||
end
|
|
||||||
end
|
|
||||||
EOS
|
|
||||||
send(method_id, *arguments, &block)
|
|
||||||
end
|
|
||||||
elsif match = DynamicScopeMatch.match(method_id)
|
|
||||||
attribute_names = match.attribute_names
|
|
||||||
super unless all_attributes_exists?(attribute_names)
|
|
||||||
if match.scope?
|
|
||||||
self.class_eval <<-EOS, __FILE__, __LINE__ + 1
|
|
||||||
def self.#{method_id}(*args) # def self.scoped_by_user_name_and_password(*args)
|
|
||||||
options = args.extract_options! # options = args.extract_options!
|
|
||||||
attributes = construct_attributes_from_arguments( # attributes = construct_attributes_from_arguments(
|
|
||||||
[:#{attribute_names.join(',:')}], args # [:user_name, :password], args
|
|
||||||
) # )
|
|
||||||
#
|
|
||||||
scoped(:conditions => attributes) # scoped(:conditions => attributes)
|
|
||||||
end # end
|
|
||||||
EOS
|
|
||||||
send(method_id, *arguments)
|
|
||||||
end
|
|
||||||
else
|
|
||||||
super
|
|
||||||
end
|
|
||||||
end
|
|
||||||
end
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
# Backported fix for CVE-2012-3465
|
|
||||||
# https://groups.google.com/d/msg/rubyonrails-security/FgVEtBajcTY/tYLS1JJTu38J
|
|
||||||
# TODO: Remove this once we are on Rails >= 3.2.8
|
|
||||||
require 'action_view/helpers/sanitize_helper'
|
|
||||||
module ActionView::Helpers::SanitizeHelper
|
|
||||||
def strip_tags(html)
|
|
||||||
self.class.full_sanitizer.sanitize(html)
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
# Backported fix for CVE-2012-3464
|
|
||||||
# https://groups.google.com/d/msg/rubyonrails-security/kKGNeMrnmiY/r2yM7xy-G48J
|
|
||||||
# TODO: Remove this once we are on Rails >= 3.2.8
|
|
||||||
require 'active_support/core_ext/string/output_safety'
|
|
||||||
class ERB
|
|
||||||
module Util
|
|
||||||
HTML_ESCAPE["'"] = '''
|
|
||||||
|
|
||||||
if RUBY_VERSION >= '1.9'
|
|
||||||
# A utility method for escaping HTML tag characters.
|
|
||||||
# This method is also aliased as <tt>h</tt>.
|
|
||||||
#
|
|
||||||
# In your ERB templates, use this method to escape any unsafe content. For example:
|
|
||||||
# <%=h @person.name %>
|
|
||||||
#
|
|
||||||
# ==== Example:
|
|
||||||
# puts html_escape("is a > 0 & a < 10?")
|
|
||||||
# # => is a > 0 & a < 10?
|
|
||||||
def html_escape(s)
|
|
||||||
s = s.to_s
|
|
||||||
if s.html_safe?
|
|
||||||
s
|
|
||||||
else
|
|
||||||
s.gsub(/[&"'><]/, HTML_ESCAPE).html_safe
|
|
||||||
end
|
|
||||||
end
|
|
||||||
else
|
|
||||||
def html_escape(s) #:nodoc:
|
|
||||||
s = s.to_s
|
|
||||||
if s.html_safe?
|
|
||||||
s
|
|
||||||
else
|
|
||||||
s.gsub(/[&"'><]/n) { |special| HTML_ESCAPE[special] }.html_safe
|
|
||||||
end
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
# Aliasing twice issues a warning "discarding old...". Remove first to avoid it.
|
|
||||||
remove_method(:h)
|
|
||||||
alias h html_escape
|
|
||||||
|
|
||||||
module_function :h
|
|
||||||
|
|
||||||
singleton_class.send(:remove_method, :html_escape)
|
|
||||||
module_function :html_escape
|
|
||||||
end
|
|
||||||
end
|
|
||||||
require 'action_view/helpers/tag_helper'
|
require 'action_view/helpers/tag_helper'
|
||||||
module ActionView::Helpers::TagHelper
|
module ActionView::Helpers::TagHelper
|
||||||
def escape_once(html)
|
def escape_once(html)
|
||||||
ActiveSupport::Multibyte.clean(html.to_s).gsub(/[\"\'><]|&(?!([a-zA-Z]+|(#\d+));)/) { |special| ERB::Util::HTML_ESCAPE[special] }
|
ActiveSupport::Multibyte.clean(html.to_s).gsub(/[\"\'><]|&(?!([a-zA-Z]+|(#\d+));)/) { |special| ERB::Util::HTML_ESCAPE[special] }
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
# Workaround for CVE-2013-0333
|
||||||
|
# https://groups.google.com/forum/?fromgroups=#!msg/rubyonrails-security/1h2DR63ViGo/GOUVafeaF1IJ
|
||||||
|
ActiveSupport::JSON.backend = "JSONGem"
|
||||||
|
|
|
@ -50,7 +50,6 @@ class UpdateJournalsForActsAsJournalized < ActiveRecord::Migration
|
||||||
t.string :journalized_type, :limit => 30, :default => "", :null => false
|
t.string :journalized_type, :limit => 30, :default => "", :null => false
|
||||||
end
|
end
|
||||||
|
|
||||||
custom_field_names = CustomField.all.group_by(&:type)[IssueCustomField].collect(&:name)
|
|
||||||
Journal.all.each do |j|
|
Journal.all.each do |j|
|
||||||
# Can't used j.journalized.class.name because the model changes make it nil
|
# Can't used j.journalized.class.name because the model changes make it nil
|
||||||
j.update_attribute(:journalized_type, j.type.to_s.sub("Journal","")) if j.type.present?
|
j.update_attribute(:journalized_type, j.type.to_s.sub("Journal","")) if j.type.present?
|
||||||
|
|
|
@ -31,7 +31,7 @@ class AddChangesFromJournalDetailsForActsAsJournalized < ActiveRecord::Migration
|
||||||
changes["attachments_" + detail.prop_key.to_s] = [detail.old_value, detail.value]
|
changes["attachments_" + detail.prop_key.to_s] = [detail.old_value, detail.value]
|
||||||
end
|
end
|
||||||
begin
|
begin
|
||||||
journal.update_attribute(:changes, changes.to_yaml)
|
journal.update_attribute(:changes, changes)
|
||||||
rescue ActiveRecord::RecordInvalid => ex
|
rescue ActiveRecord::RecordInvalid => ex
|
||||||
puts "Error saving: #{journal.class.to_s}##{journal.id} - #{ex.message}"
|
puts "Error saving: #{journal.class.to_s}##{journal.id} - #{ex.message}"
|
||||||
end
|
end
|
||||||
|
|
|
@ -39,7 +39,7 @@ class MergeWikiVersionsWithJournals < ActiveRecord::Migration
|
||||||
changes = {}
|
changes = {}
|
||||||
changes["compression"] = wv.compression
|
changes["compression"] = wv.compression
|
||||||
changes["data"] = wv.data
|
changes["data"] = wv.data
|
||||||
journal.update_attribute(:changes, changes.to_yaml)
|
journal.update_attribute(:changes, changes)
|
||||||
journal.update_attribute(:version, wv.version)
|
journal.update_attribute(:version, wv.version)
|
||||||
end
|
end
|
||||||
# drop_table :wiki_content_versions
|
# drop_table :wiki_content_versions
|
||||||
|
|
|
@ -1,5 +1,31 @@
|
||||||
= ChiliProject Changelog
|
= ChiliProject Changelog
|
||||||
|
|
||||||
|
== 2013-03-19 v3.8.0
|
||||||
|
|
||||||
|
* Bug #1121: Date Picker Icons disappear when changing the Tracker
|
||||||
|
* Bug #1164: Error in "rake db:migrate:down VERSION=20100714111652"
|
||||||
|
* Bug #1248: Routing issue
|
||||||
|
* Security - Bug #1252: Update Rails to 2.3.18
|
||||||
|
|
||||||
|
== 2013-02-13 v3.7.0
|
||||||
|
|
||||||
|
* Security - Feature #1233: Bump rails to 2.3.17 to address [CVE-2013-0276]
|
||||||
|
* Security - Bug #1234: Potential vulnerability in token authentication when running on MySQL
|
||||||
|
* Bug #1235: Liquid's last filter errors out
|
||||||
|
|
||||||
|
== 2013-01-29 v3.6.0
|
||||||
|
|
||||||
|
* Bug #1216: "Only for things I watch or I'm involved in" sends notifications only for issues
|
||||||
|
* Security - Bug #1219: Vulnerability in JSON Parser in Ruby on Rails (CVE-2013-0333)
|
||||||
|
|
||||||
|
== 2013-01-16 v3.5.1
|
||||||
|
|
||||||
|
* Security - Bug #1208: Unsafe Query Generation Risk in Ruby on Rails (CVE-2013-0155)
|
||||||
|
|
||||||
|
== 2013-01-09 v3.5.0
|
||||||
|
|
||||||
|
* Security - Bug #1200: Multiple vulnerabilities in parameter parsing in Action Pack (CVE-2013-0156)
|
||||||
|
|
||||||
== 2013-01-06 v3.4.0
|
== 2013-01-06 v3.4.0
|
||||||
|
|
||||||
* Bug #904: Copy workflow doesn’t work on per-author / per-assigned modifier
|
* Bug #904: Copy workflow doesn’t work on per-author / per-assigned modifier
|
||||||
|
|
|
@ -59,7 +59,7 @@ module ChiliProject
|
||||||
# Example:
|
# Example:
|
||||||
# {{ product.images | last | to_img }}
|
# {{ product.images | last | to_img }}
|
||||||
def last(array, count=nil)
|
def last(array, count=nil)
|
||||||
array.last if count=nil? && array.respond_to?(:last)
|
return array.last if count.nil? && array.respond_to?(:last)
|
||||||
if array.respond_to?(:[])
|
if array.respond_to?(:[])
|
||||||
count.to_i > 0 ? array[(count.to_i * -1)..-1] : []
|
count.to_i > 0 ? array[(count.to_i * -1)..-1] : []
|
||||||
end
|
end
|
||||||
|
|
|
@ -18,7 +18,7 @@ module ChiliProject
|
||||||
module VERSION #:nodoc:
|
module VERSION #:nodoc:
|
||||||
|
|
||||||
MAJOR = 3
|
MAJOR = 3
|
||||||
MINOR = 4
|
MINOR = 8
|
||||||
PATCH = 0
|
PATCH = 0
|
||||||
TINY = PATCH # Redmine compat
|
TINY = PATCH # Redmine compat
|
||||||
|
|
||||||
|
|
|
@ -170,14 +170,14 @@ class ActiveSupport::TestCase
|
||||||
|
|
||||||
should "use the new value's name" do
|
should "use the new value's name" do
|
||||||
@detail = IssueJournal.generate(:version => 1, :journaled => Issue.last)
|
@detail = IssueJournal.generate(:version => 1, :journaled => Issue.last)
|
||||||
@detail.update_attribute(:changes, {prop_key => [@old_value.id, @new_value.id]}.to_yaml)
|
@detail.update_attribute(:changes, {prop_key => [@old_value.id, @new_value.id]})
|
||||||
|
|
||||||
assert_match @new_value.class.find(@new_value.id).name, @detail.render_detail(prop_key, true)
|
assert_match @new_value.class.find(@new_value.id).name, @detail.render_detail(prop_key, true)
|
||||||
end
|
end
|
||||||
|
|
||||||
should "use the old value's name" do
|
should "use the old value's name" do
|
||||||
@detail = IssueJournal.generate(:version => 1, :journaled => Issue.last)
|
@detail = IssueJournal.generate(:version => 1, :journaled => Issue.last)
|
||||||
@detail.update_attribute(:changes, {prop_key => [@old_value.id, @new_value.id]}.to_yaml)
|
@detail.update_attribute(:changes, {prop_key => [@old_value.id, @new_value.id]})
|
||||||
|
|
||||||
assert_match @old_value.class.find(@old_value.id).name, @detail.render_detail(prop_key, true)
|
assert_match @old_value.class.find(@old_value.id).name, @detail.render_detail(prop_key, true)
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in New Issue