Merge branch 'release/0.6.9' into develop

Conflicts: Gemfile.lock locale/cy/app.po
author: Louise Crow <louise.crow@gmail.com> 2013-01-15 16:13:05 +0000
committer: Louise Crow <louise.crow@gmail.com> 2013-01-15 16:13:05 +0000
commit: d86f0dd2f05ecf7a7c16e2245db0727f4b1b4505 (patch)
tree: b0c95160538950a3010aacd2ed02cfd9b5ea1a8a
parent: 843805e5d92eded943bd2a32b02ac967539245e8 (diff)
parent: 7cc8cae3a669fc5de91d6bc23812c265e8af4c93 (diff)
5 files changed, 52 insertions, 23 deletions
diff --git a/Gemfile b/Gemfile
index 3c31ba6a8..b2539ab29 100644
--- a/Gemfile
+++ b/Gemfile
@@ -7,7 +7,10 @@ if File.exist? "/etc/debian_version" and File.open("/etc/debian_version").read.s
 end
 source :rubygems
 
-gem 'rails', '2.3.15'
+# A fork of rails that is kept up to date with security patches
+git "git://github.com/mysociety/rails.git", :branch => "2-3-stable" do
+  gem 'rails'
+end
 gem 'pg'
 
 gem 'fast_gettext', '>= 0.6.0'
diff --git a/Gemfile.lock b/Gemfile.lock
index 3f584e1ce..a9ab14940 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -1,5 +1,7 @@
-GEM
-  remote: http://rubygems.org/
+GIT
+  remote: git://github.com/mysociety/rails.git
+  revision: 9e452eaf296d3732f8058ad31cf18e0b659f27a6
+  branch: 2-3-stable
   specs:
     actionmailer (2.3.15)
       actionpack (= 2.3.15)
@@ -11,6 +13,17 @@ GEM
     activeresource (2.3.15)
       activesupport (= 2.3.15)
     activesupport (2.3.15)
+    rails (2.3.15)
+      actionmailer (= 2.3.15)
+      actionpack (= 2.3.15)
+      activerecord (= 2.3.15)
+      activeresource (= 2.3.15)
+      activesupport (= 2.3.15)
+      rake (>= 0.8.3)
+
+GEM
+  remote: http://rubygems.org/
+  specs:
     annotate (2.4.0)
     archive-tar-minitar (0.5.2)
     bootstrap-sass (2.1.1.0)
@@ -77,13 +90,6 @@ GEM
     pg (0.13.2)
     polyglot (0.3.3)
     rack (1.1.4)
-    rails (2.3.15)
-      actionmailer (= 2.3.15)
-      actionpack (= 2.3.15)
-      activerecord (= 2.3.15)
-      activeresource (= 2.3.15)
-      activesupport (= 2.3.15)
-      rake (>= 0.8.3)
     rake (0.9.2.2)
     rbx-require-relative (0.0.9)
     rdoc (2.4.3)
@@ -165,7 +171,7 @@ DEPENDENCIES
   newrelic_rpm
   pg
   rack (~> 1.1.0)
-  rails (= 2.3.15)
+  rails!
   rake (= 0.9.2.2)
   rdoc (~> 2.4.3)
   recaptcha (~> 0.3.1)
diff --git a/config/environment.rb b/config/environment.rb
index b32eeeb01..21415dfd8 100644
--- a/config/environment.rb
+++ b/config/environment.rb
@@ -43,7 +43,7 @@ require File.join(File.dirname(__FILE__), '../lib/old_rubygems_patch')
 require 'configuration'
 
 # Application version
-ALAVETELI_VERSION = '0.6.8'
+ALAVETELI_VERSION = '0.6.9'
 
 Rails::Initializer.run do |config|
   # Load intial mySociety config
diff --git a/doc/CHANGES.md b/doc/CHANGES.md
index b74e46248..2c8692bb5 100644
--- a/doc/CHANGES.md
+++ b/doc/CHANGES.md
@@ -1,3 +1,22 @@
+# Version 0.6.9
+## Highlighted features
+* [Security] Fix for security issue where image files from HTML conversion on hidden/requester-only requests were accessible without authentication [issue #739](https://github.com/mysociety/alaveteli/issues/739).
+* [Security] Fix for issue where the zip file download function was available for logged-in users even on hidden/requester-only requests [issue #743](https://github.com/mysociety/alaveteli/issues/743)
+* [Security] Upgrades to Rails 2.3.15 to get fixes for Rails security flaws CVE-2012-5664 and CVE-2013-0156. In addition, switches to use Rails pulled from a clone in the mySociety github account, which has had the CVE-2013-0155 2.3 series patch applied to it.
+* Isolation of mail handling code in the MailHandler module in lib/mail_handler 
+* Tests run under Ruby 1.9.3 - *running the app under 1.9 not yet advised*. 
+* Routes without a locale part can be enabled for the default locale - see upgrade notes 
+* Fixes to support themed error pages, and allow responsive themes (Matthew Landauer, Brendan Molloy)
+* Migrations run under sqlite (Stefan Langenmaier)
+* Time zone fixes (Henare Degan)
+* Faster tests (Henare Degan)
+
+* [List of issues on github](https://github.com/mysociety/alaveteli/issues?milestone=25&state=closed)
+
+## Upgrade notes
+* Note the new config variable INCLUDE_DEFAULT_LOCALE_IN_URLS (if not set defaults to true, which should replicate existing behaviour)
+* Check out this version and run `rails-post-deploy` as usual. 
+
 # Version 0.6.8
 ## Highlighted features
 
diff --git a/locale/cy/app.po b/locale/cy/app.po
index 2ed1354a8..31a6445ee 100644
--- a/locale/cy/app.po
+++ b/locale/cy/app.po
@@ -4,13 +4,14 @@
 # 
 # Translators:
 #   <alex@alexskene.com>, 2011-2012.
+#   <graham.craig@gmail.com>, 2013.
 msgid ""
 msgstr ""
 "Project-Id-Version: alaveteli\n"
 "Report-Msgid-Bugs-To: http://github.com/sebbacon/alaveteli/issues\n"
 "POT-Creation-Date: 2012-12-18 10:11+0000\n"
-"PO-Revision-Date: 2012-12-18 10:14+0000\n"
-"Last-Translator: louisecrow <louise@mysociety.org>\n"
+"PO-Revision-Date: 2013-01-13 07:34+0000\n"
+"Last-Translator: baragouiner <graham.craig@gmail.com>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
@@ -34,7 +35,7 @@ msgid ""
 msgstr ""
 
 msgid " (you)"
-msgstr ""
+msgstr "(chi)"
 
 msgid " - view and make Freedom of Information requests"
 msgstr ""
@@ -106,10 +107,10 @@ msgid " made by "
 msgstr ""
 
 msgid " or "
-msgstr ""
+msgstr "neu"
 
 msgid " when you send this message."
-msgstr ""
+msgstr "pan chi'n anfon y neges hon"
 
 msgid ""
 "\"Hello! We have an  <a "
@@ -145,7 +146,7 @@ msgid "'Pollution levels over time for the River Tyne'"
 msgstr ""
 
 msgid "'{{link_to_authority}}', a public authority"
-msgstr ""
+msgstr "'{{link_to_authority}}', awdurdod cyhoeddus"
 
 msgid "'{{link_to_request}}', a request"
 msgstr ""
@@ -157,13 +158,13 @@ msgid ",\\n\\n\\n\\nYours,\\n\\n{{user_name}}"
 msgstr ""
 
 msgid "- or -"
-msgstr ""
+msgstr "- neu -"
 
 msgid "1. Select an authority"
-msgstr ""
+msgstr "1. Dewis awdurdod"
 
 msgid "2. Ask for Information"
-msgstr ""
+msgstr "2. Gofyn am wybodaeth"
 
 msgid "3. Now check your request"
 msgstr ""
@@ -194,7 +195,7 @@ msgid ""
 msgstr ""
 
 msgid "<a href=\"%s\">details</a>"
-msgstr ""
+msgstr "<a href=\"%s\">manylion</a>"
 
 msgid "<a href=\"%s\">what's that?</a>"
 msgstr ""
@@ -203,7 +204,7 @@ msgid ""
 "<p>All done! Thank you very much for your help.</p><p>There are <a "
 "href=\"{{helpus_url}}\">more things you can do</a> to help "
 "{{site_name}}.</p>"
-msgstr ""
+msgstr "<p>Wedi gorffen! Diolch yn fawr am eich help.</p><p>Mae <a href=\"{{helpus_url}}\">mwy o bethau i'w wneud</a>er mwyn helpu {{site_name}}.</p>"
 
 msgid ""
 "<p>Thank you! Here are some ideas on what to do next:</p>\\n            "
author	Louise Crow <louise.crow@gmail.com>	2013-01-15 16:13:05 +0000
committer	Louise Crow <louise.crow@gmail.com>	2013-01-15 16:13:05 +0000
commit	d86f0dd2f05ecf7a7c16e2245db0727f4b1b4505 (patch)
tree	b0c95160538950a3010aacd2ed02cfd9b5ea1a8a
parent	843805e5d92eded943bd2a32b02ac967539245e8 (diff)
parent	7cc8cae3a669fc5de91d6bc23812c265e8af4c93 (diff)