Skip to content
Projects
Groups
Snippets
Help
Loading...
Sign in
Toggle navigation
O
OHR Support
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
97
Issues
97
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
Wiki
Wiki
image/svg+xml
Discourse
Discourse
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Commits
Issue Boards
Open sidebar
Projects
OHR Support
Commits
88f909c9
Commit
88f909c9
authored
Mar 24, 2013
by
Francisco Juan
Browse files
Options
Browse Files
Download
Plain Diff
Update chiliproject to version 'v2.11.0'
parents
075edb2c
2f84fa09
Hide whitespace changes
Inline
Side-by-side
Showing
16 changed files
with
44 additions
and
80 deletions
+44
-80
Gemfile
Gemfile
+2
-1
account_controller.rb
app/controllers/account_controller.rb
+3
-3
application_controller.rb
app/controllers/application_controller.rb
+2
-2
issue.rb
app/models/issue.rb
+1
-1
wiki_content.rb
app/models/wiki_content.rb
+1
-1
environment.rb
config/environment.rb
+0
-3
10-patches.rb
config/initializers/10-patches.rb
+4
-47
20100714111654_add_changes_from_journal_details_for_acts_as_journalized.rb
...d_changes_from_journal_details_for_acts_as_journalized.rb
+1
-1
20100804112053_merge_wiki_versions_with_journals.rb
...grate/20100804112053_merge_wiki_versions_with_journals.rb
+1
-1
CHANGELOG.rdoc
doc/CHANGELOG.rdoc
+9
-0
version.rb
lib/chili_project/version.rb
+1
-1
activities_controller_test.rb
test/functional/activities_controller_test.rb
+4
-4
issues_controller_test.rb
test/functional/issues_controller_test.rb
+9
-9
test_helper.rb
test/test_helper.rb
+2
-2
application_helper_test.rb
test/unit/helpers/application_helper_test.rb
+1
-1
mailer_test.rb
test/unit/mailer_test.rb
+3
-3
No files found.
Gemfile
View file @
88f909c9
source
:rubygems
gem
"
rails
"
,
"2.3.1
6
"
gem
"
rails
"
,
"2.3.1
8
"
gem
"
json
"
,
"~> 1.7.7"
gem
"
coderay
"
,
"~> 0.9.7"
gem
"
i18n
"
,
"~> 0.4.2"
gem
"
rubytree
"
,
"~> 0.5.2"
,
:require
=>
'tree'
...
...
app/controllers/account_controller.rb
View file @
88f909c9
...
...
@@ -37,7 +37,7 @@ class AccountController < ApplicationController
def
lost_password
redirect_to
(
home_url
)
&&
return
unless
Setting
.
lost_password?
if
params
[
:token
]
@token
=
Token
.
find_by_action_and_value
(
"recovery"
,
params
[
:token
])
@token
=
Token
.
find_by_action_and_value
(
"recovery"
,
params
[
:token
]
.
to_s
)
redirect_to
(
home_url
)
&&
return
unless
@token
and
!
@token
.
expired?
@user
=
@token
.
user
if
request
.
post?
...
...
@@ -53,7 +53,7 @@ class AccountController < ApplicationController
return
else
if
request
.
post?
user
=
User
.
find_by_mail
(
params
[
:mail
])
user
=
User
.
find_by_mail
(
params
[
:mail
]
.
to_s
)
# user not found in db
(
flash
.
now
[
:error
]
=
l
(
:notice_account_unknown_email
);
return
)
unless
user
# user uses an external authentification
...
...
@@ -109,7 +109,7 @@ class AccountController < ApplicationController
# Token based account activation
def
activate
redirect_to
(
home_url
)
&&
return
unless
Setting
.
self_registration?
&&
params
[
:token
]
token
=
Token
.
find_by_action_and_value
(
'register'
,
params
[
:token
])
token
=
Token
.
find_by_action_and_value
(
'register'
,
params
[
:token
]
.
to_s
)
redirect_to
(
home_url
)
&&
return
unless
token
and
!
token
.
expired?
user
=
token
.
user
redirect_to
(
home_url
)
&&
return
unless
user
.
registered?
...
...
app/controllers/application_controller.rb
View file @
88f909c9
...
...
@@ -94,11 +94,11 @@ class ApplicationController < ActionController::Base
user
elsif
params
[
:format
]
==
'atom'
&&
params
[
:key
]
&&
accept_key_auth_actions
.
include?
(
params
[
:action
])
# RSS key authentication does not start a session
User
.
find_by_rss_key
(
params
[
:key
])
User
.
find_by_rss_key
(
params
[
:key
]
.
to_s
)
elsif
Setting
.
rest_api_enabled?
&&
api_request?
if
(
key
=
api_key_from_request
)
&&
accept_key_auth_actions
.
include?
(
params
[
:action
])
# Use API key
User
.
find_by_api_key
(
key
)
User
.
find_by_api_key
(
key
.
to_s
)
else
# HTTP Basic, either username/password or API key/random
authenticate_with_http_basic
do
|
username
,
password
|
...
...
app/models/issue.rb
View file @
88f909c9
...
...
@@ -364,7 +364,7 @@ class Issue < ActiveRecord::Base
def
attachment_removed
(
obj
)
init_journal
(
User
.
current
)
create_journal
last_journal
.
update_attribute
(
:changes
,
{
"attachments_"
+
obj
.
id
.
to_s
=>
[
obj
.
filename
,
nil
]}
.
to_yaml
)
last_journal
.
update_attribute
(
:changes
,
{
"attachments_"
+
obj
.
id
.
to_s
=>
[
obj
.
filename
,
nil
]})
end
# Return true if the issue is closed, otherwise false
...
...
app/models/wiki_content.rb
View file @
88f909c9
...
...
@@ -98,7 +98,7 @@ class WikiContent < ActiveRecord::Base
changes
.
delete
(
"text"
)
changes
[
"data"
]
=
hash
[
:text
]
changes
[
"compression"
]
=
hash
[
:compression
]
update_attribute
(
:changes
,
changes
.
to_yaml
)
update_attribute
(
:changes
,
changes
)
end
def
text
...
...
config/environment.rb
View file @
88f909c9
...
...
@@ -21,9 +21,6 @@
# use RACK_ENV if we are running as a simple rack app
ENV
[
'RAILS_ENV'
]
||=
ENV
[
'RACK_ENV'
]
if
ENV
[
'RACK_ENV'
]
# Specifies gem version of Rails to use when vendor/rails is not present
RAILS_GEM_VERSION
=
'2.3.16'
unless
defined?
RAILS_GEM_VERSION
if
RUBY_VERSION
>=
'1.9'
Encoding
.
default_external
=
'UTF-8'
Encoding
.
default_internal
=
'UTF-8'
...
...
config/initializers/10-patches.rb
View file @
88f909c9
...
...
@@ -112,56 +112,13 @@ module ActionController
end
end
# Backported fix for CVE-2012-3464
# https://groups.google.com/d/msg/rubyonrails-security/kKGNeMrnmiY/r2yM7xy-G48J
# TODO: Remove this once we are on Rails >= 3.2.8
require
'active_support/core_ext/string/output_safety'
class
ERB
module
Util
HTML_ESCAPE
[
"'"
]
=
'''
if
RUBY_VERSION
>=
'1.9'
# A utility method for escaping HTML tag characters.
# This method is also aliased as <tt>h</tt>.
#
# In your ERB templates, use this method to escape any unsafe content. For example:
# <%=h @person.name %>
#
# ==== Example:
# puts html_escape("is a > 0 & a < 10?")
# # => is a > 0 & a < 10?
def
html_escape
(
s
)
s
=
s
.
to_s
if
s
.
html_safe?
s
else
s
.
gsub
(
/[&"'><]/
,
HTML_ESCAPE
).
html_safe
end
end
else
def
html_escape
(
s
)
#:nodoc:
s
=
s
.
to_s
if
s
.
html_safe?
s
else
s
.
gsub
(
/[&"'><]/n
)
{
|
special
|
HTML_ESCAPE
[
special
]
}.
html_safe
end
end
end
# Aliasing twice issues a warning "discarding old...". Remove first to avoid it.
remove_method
(
:h
)
alias
h
html_escape
module_function
:h
singleton_class
.
send
(
:remove_method
,
:html_escape
)
module_function
:html_escape
end
end
require
'action_view/helpers/tag_helper'
module
ActionView::Helpers::TagHelper
def
escape_once
(
html
)
ActiveSupport
::
Multibyte
.
clean
(
html
.
to_s
).
gsub
(
/[\"\'><]|&(?!([a-zA-Z]+|(#\d+));)/
)
{
|
special
|
ERB
::
Util
::
HTML_ESCAPE
[
special
]
}
end
end
# Workaround for CVE-2013-0333
# https://groups.google.com/forum/?fromgroups=#!msg/rubyonrails-security/1h2DR63ViGo/GOUVafeaF1IJ
ActiveSupport
::
JSON
.
backend
=
"JSONGem"
db/migrate/20100714111654_add_changes_from_journal_details_for_acts_as_journalized.rb
View file @
88f909c9
...
...
@@ -31,7 +31,7 @@ class AddChangesFromJournalDetailsForActsAsJournalized < ActiveRecord::Migration
changes
[
"attachments_"
+
detail
.
prop_key
.
to_s
]
=
[
detail
.
old_value
,
detail
.
value
]
end
begin
journal
.
update_attribute
(
:changes
,
changes
.
to_yaml
)
journal
.
update_attribute
(
:changes
,
changes
)
rescue
ActiveRecord
::
RecordInvalid
=>
ex
puts
"Error saving:
#{
journal
.
class
.
to_s
}
#
#{
journal
.
id
}
-
#{
ex
.
message
}
"
end
...
...
db/migrate/20100804112053_merge_wiki_versions_with_journals.rb
View file @
88f909c9
...
...
@@ -37,7 +37,7 @@ class MergeWikiVersionsWithJournals < ActiveRecord::Migration
changes
=
{}
changes
[
"compression"
]
=
wv
.
compression
changes
[
"data"
]
=
wv
.
data
journal
.
update_attribute
(
:changes
,
changes
.
to_yaml
)
journal
.
update_attribute
(
:changes
,
changes
)
journal
.
update_attribute
(
:version
,
wv
.
version
)
end
# drop_table :wiki_content_versions
...
...
doc/CHANGELOG.rdoc
View file @
88f909c9
= ChiliProject changelog
== 2013-02-13 2.11.0
* Security - Feature #1252: Update Rails to 2.3.18
== 2013-02-13 2.10.0
* Security - Feature #1233: Bump rails to 2.3.17 to address [CVE-2013-0276]
* Security - Bug #1234: Potential vulnerability in token authentication when running on MySQL
== 2013-01-29 v2.9.0
* Security - Bug #1219: Vulnerability in JSON Parser in Ruby on Rails (CVE-2013-0333)
...
...
lib/chili_project/version.rb
View file @
88f909c9
...
...
@@ -18,7 +18,7 @@ module ChiliProject
module
VERSION
#:nodoc:
MAJOR
=
2
MINOR
=
9
MINOR
=
11
PATCH
=
0
TINY
=
PATCH
# Redmine compat
...
...
test/functional/activities_controller_test.rb
View file @
88f909c9
...
...
@@ -29,7 +29,7 @@ class ActivitiesControllerTest < ActionController::TestCase
:child
=>
{
:tag
=>
"dt"
,
:attributes
=>
{
:class
=>
/issue/
},
:child
=>
{
:tag
=>
"a"
,
:content
=>
/(
#{
IssueStatus
.
find
(
2
).
name
}
)/
,
:content
=>
/(
#{
ERB
::
Util
.
h
IssueStatus
.
find
(
2
).
name
}
)/
,
}
}
}
...
...
@@ -47,7 +47,7 @@ class ActivitiesControllerTest < ActionController::TestCase
:child
=>
{
:tag
=>
"dt"
,
:attributes
=>
{
:class
=>
/issue/
},
:child
=>
{
:tag
=>
"a"
,
:content
=>
/
#{
Issue
.
find
(
1
).
subject
}
/
,
:content
=>
/
#{
ERB
::
Util
.
h
Issue
.
find
(
1
).
subject
}
/
,
}
}
}
...
...
@@ -65,7 +65,7 @@ class ActivitiesControllerTest < ActionController::TestCase
:child
=>
{
:tag
=>
"dt"
,
:attributes
=>
{
:class
=>
/issue/
},
:child
=>
{
:tag
=>
"a"
,
:content
=>
/
#{
Issue
.
find
(
1
).
subject
}
/
,
:content
=>
/
#{
ERB
::
Util
.
h
Issue
.
find
(
1
).
subject
}
/
,
}
}
}
...
...
@@ -83,7 +83,7 @@ class ActivitiesControllerTest < ActionController::TestCase
:child
=>
{
:tag
=>
"dt"
,
:attributes
=>
{
:class
=>
/issue/
},
:child
=>
{
:tag
=>
"a"
,
:content
=>
/
#{
Issue
.
find
(
1
).
subject
}
/
,
:content
=>
/
#{
ERB
::
Util
.
h
Issue
.
find
(
1
).
subject
}
/
,
}
}
}
...
...
test/functional/issues_controller_test.rb
View file @
88f909c9
...
...
@@ -56,7 +56,7 @@ class IssuesControllerTest < ActionController::TestCase
assert_template
'index.rhtml'
assert_not_nil
assigns
(
:issues
)
assert_nil
assigns
(
:project
)
assert_tag
:tag
=>
'a'
,
:content
=>
/Can
'
t print recipes/
assert_tag
:tag
=>
'a'
,
:content
=>
/Can
'
t print recipes/
assert_tag
:tag
=>
'a'
,
:content
=>
/Subproject issue/
# private projects hidden
assert_no_tag
:tag
=>
'a'
,
:content
=>
/Issue of a private subproject/
...
...
@@ -72,7 +72,7 @@ class IssuesControllerTest < ActionController::TestCase
assert_template
'index.rhtml'
assert_not_nil
assigns
(
:issues
)
assert_nil
assigns
(
:project
)
assert_no_tag
:tag
=>
'a'
,
:content
=>
/Can
'
t print recipes/
assert_no_tag
:tag
=>
'a'
,
:content
=>
/Can
'
t print recipes/
assert_tag
:tag
=>
'a'
,
:content
=>
/Subproject issue/
end
...
...
@@ -83,7 +83,7 @@ class IssuesControllerTest < ActionController::TestCase
assert_template
'index.rhtml'
assert_not_nil
assigns
(
:issues
)
assert_nil
assigns
(
:project
)
assert_no_tag
:tag
=>
'a'
,
:content
=>
/Can
'
t print recipes/
assert_no_tag
:tag
=>
'a'
,
:content
=>
/Can
'
t print recipes/
assert_tag
:tag
=>
'a'
,
:content
=>
/Subproject issue/
end
...
...
@@ -93,7 +93,7 @@ class IssuesControllerTest < ActionController::TestCase
assert_response
:success
assert_template
'index.rhtml'
assert_not_nil
assigns
(
:issues
)
assert_tag
:tag
=>
'a'
,
:content
=>
/Can
'
t print recipes/
assert_tag
:tag
=>
'a'
,
:content
=>
/Can
'
t print recipes/
assert_no_tag
:tag
=>
'a'
,
:content
=>
/Subproject issue/
end
...
...
@@ -103,7 +103,7 @@ class IssuesControllerTest < ActionController::TestCase
assert_response
:success
assert_template
'index.rhtml'
assert_not_nil
assigns
(
:issues
)
assert_tag
:tag
=>
'a'
,
:content
=>
/Can
'
t print recipes/
assert_tag
:tag
=>
'a'
,
:content
=>
/Can
'
t print recipes/
assert_tag
:tag
=>
'a'
,
:content
=>
/Subproject issue/
assert_no_tag
:tag
=>
'a'
,
:content
=>
/Issue of a private subproject/
end
...
...
@@ -115,7 +115,7 @@ class IssuesControllerTest < ActionController::TestCase
assert_response
:success
assert_template
'index.rhtml'
assert_not_nil
assigns
(
:issues
)
assert_tag
:tag
=>
'a'
,
:content
=>
/Can
'
t print recipes/
assert_tag
:tag
=>
'a'
,
:content
=>
/Can
'
t print recipes/
assert_tag
:tag
=>
'a'
,
:content
=>
/Subproject issue/
assert_tag
:tag
=>
'a'
,
:content
=>
/Issue of a private subproject/
end
...
...
@@ -1049,7 +1049,7 @@ class IssuesControllerTest < ActionController::TestCase
assert_response
:success
assert_template
'edit'
assert_error_tag
:descendant
=>
{
:content
=>
/Activity can
'
t be blank/
}
assert_error_tag
:descendant
=>
{
:content
=>
/Activity can
'
t be blank/
}
assert_tag
:textarea
,
:attributes
=>
{
:name
=>
'notes'
},
:content
=>
notes
assert_tag
:input
,
:attributes
=>
{
:name
=>
'time_entry[hours]'
,
:value
=>
"2z"
}
end
...
...
@@ -1067,8 +1067,8 @@ class IssuesControllerTest < ActionController::TestCase
assert_response
:success
assert_template
'edit'
assert_error_tag
:descendant
=>
{
:content
=>
/Activity can
'
t be blank/
}
assert_error_tag
:descendant
=>
{
:content
=>
/Hours can
'
t be blank/
}
assert_error_tag
:descendant
=>
{
:content
=>
/Activity can
'
t be blank/
}
assert_error_tag
:descendant
=>
{
:content
=>
/Hours can
'
t be blank/
}
assert_tag
:textarea
,
:attributes
=>
{
:name
=>
'notes'
},
:content
=>
notes
assert_tag
:input
,
:attributes
=>
{
:name
=>
'time_entry[comments]'
,
:value
=>
"this is my comment"
}
end
...
...
test/test_helper.rb
View file @
88f909c9
...
...
@@ -168,14 +168,14 @@ class ActiveSupport::TestCase
should
"use the new value's name"
do
@detail
=
IssueJournal
.
generate
(
:version
=>
1
,
:journaled
=>
Issue
.
last
)
@detail
.
update_attribute
(
:changes
,
{
prop_key
=>
[
@old_value
.
id
,
@new_value
.
id
]}
.
to_yaml
)
@detail
.
update_attribute
(
:changes
,
{
prop_key
=>
[
@old_value
.
id
,
@new_value
.
id
]})
assert_match
@new_value
.
class
.
find
(
@new_value
.
id
).
name
,
@detail
.
render_detail
(
prop_key
,
true
)
end
should
"use the old value's name"
do
@detail
=
IssueJournal
.
generate
(
:version
=>
1
,
:journaled
=>
Issue
.
last
)
@detail
.
update_attribute
(
:changes
,
{
prop_key
=>
[
@old_value
.
id
,
@new_value
.
id
]}
.
to_yaml
)
@detail
.
update_attribute
(
:changes
,
{
prop_key
=>
[
@old_value
.
id
,
@new_value
.
id
]})
assert_match
@old_value
.
class
.
find
(
@old_value
.
id
).
name
,
@detail
.
render_detail
(
prop_key
,
true
)
end
...
...
test/unit/helpers/application_helper_test.rb
View file @
88f909c9
...
...
@@ -441,7 +441,7 @@ RAW
expected
=
<<-
EXPECTED
<p><a href="/projects/ecookbook/wiki/CookBook_documentation" class="wiki-page">CookBook documentation</a></p>
<p><a href="/issues/1" class="issue status-1 priority-1" title="Can
'
t print recipes (New)">#1</a></p>
<p><a href="/issues/1" class="issue status-1 priority-1" title="Can
'
t print recipes (New)">#1</a></p>
<pre>
[[CookBook documentation]]
...
...
test/unit/mailer_test.rb
View file @
88f909c9
...
...
@@ -37,7 +37,7 @@ class MailerTest < ActiveSupport::TestCase
assert_select_email
do
# link to the main ticket
assert_select
"a[href=?]"
,
"https://mydomain.foo/issues/1"
,
:text
=>
"Bug #1: Can
'
t print recipes"
assert_select
"a[href=?]"
,
"https://mydomain.foo/issues/1"
,
:text
=>
"Bug #1: Can
'
t print recipes"
# link to a referenced ticket
assert_select
"a[href=?][title=?]"
,
"https://mydomain.foo/issues/2"
,
"Add ingredients categories (Assigned)"
,
:text
=>
"#2"
# link to a changeset
...
...
@@ -59,7 +59,7 @@ class MailerTest < ActiveSupport::TestCase
assert_select_email
do
# link to the main ticket
assert_select
"a[href=?]"
,
"http://mydomain.foo/rdm/issues/1"
,
:text
=>
"Bug #1: Can
'
t print recipes"
assert_select
"a[href=?]"
,
"http://mydomain.foo/rdm/issues/1"
,
:text
=>
"Bug #1: Can
'
t print recipes"
# link to a referenced ticket
assert_select
"a[href=?][title=?]"
,
"http://mydomain.foo/rdm/issues/2"
,
"Add ingredients categories (Assigned)"
,
:text
=>
"#2"
# link to a changeset
...
...
@@ -84,7 +84,7 @@ class MailerTest < ActiveSupport::TestCase
assert_select_email
do
# link to the main ticket
assert_select
"a[href=?]"
,
"http://mydomain.foo/rdm/issues/1"
,
:text
=>
"Bug #1: Can
'
t print recipes"
assert_select
"a[href=?]"
,
"http://mydomain.foo/rdm/issues/1"
,
:text
=>
"Bug #1: Can
'
t print recipes"
# link to a referenced ticket
assert_select
"a[href=?][title=?]"
,
"http://mydomain.foo/rdm/issues/2"
,
"Add ingredients categories (Assigned)"
,
:text
=>
"#2"
# link to a changeset
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment