diff options
Diffstat (limited to 'config/initializers')
| -rw-r--r-- | config/initializers/fast_gettext.rb | 5 | ||||
| -rw-r--r-- | config/initializers/session_store.rb | 2 | ||||
| -rw-r--r-- | config/initializers/strip_nil_parameters_patch.rb | 51 | ||||
| -rw-r--r-- | config/initializers/theme_loader.rb | 14 |
4 files changed, 71 insertions, 1 deletions
diff --git a/config/initializers/fast_gettext.rb b/config/initializers/fast_gettext.rb index 63cf6b50d..721c49cd0 100644 --- a/config/initializers/fast_gettext.rb +++ b/config/initializers/fast_gettext.rb @@ -1,2 +1,7 @@ +Encoding.default_external = 'UTF-8' if RUBY_VERSION.to_f >= 1.9 FastGettext.add_text_domain 'app', :path => File.join(Rails.root, 'locale'), :type => :po FastGettext.default_text_domain = 'app' + +I18n::Backend::Simple.send(:include, I18n::Backend::Fallbacks) + + diff --git a/config/initializers/session_store.rb b/config/initializers/session_store.rb index 9ef2dddc1..bf40e99c1 100644 --- a/config/initializers/session_store.rb +++ b/config/initializers/session_store.rb @@ -12,6 +12,6 @@ ActionController::Base.session = { ActionController::Base.session_store = :cookie_store # Insert a bit of middleware code to prevent uneeded cookie setting. -require "#{RAILS_ROOT}/lib/whatdotheyknow/strip_empty_sessions" +require "#{Rails.root}/lib/whatdotheyknow/strip_empty_sessions" ActionController::Dispatcher.middleware.insert_before ActionController::Base.session_store, WhatDoTheyKnow::StripEmptySessions, :key => '_wdtk_cookie_session', :path => "/", :httponly => true diff --git a/config/initializers/strip_nil_parameters_patch.rb b/config/initializers/strip_nil_parameters_patch.rb new file mode 100644 index 000000000..35d0a28c5 --- /dev/null +++ b/config/initializers/strip_nil_parameters_patch.rb @@ -0,0 +1,51 @@ +# Stolen from https://raw.github.com/mysociety/fixmytransport/fa9b014eb2628c300693e055f129cb8959772082/config/initializers/strip_nil_parameters_patch.rb + +# Monkey patch for CVE-2012-2660 on Rails 2.3.14 + +# Strip [nil] from parameters hash +# based on a pull request from @sebbacon +# https://github.com/rails/rails/pull/6580 + +module ActionController + class Request < Rack::Request + protected + def deep_munge(hash) + hash.each_value do |v| + case v + when Array + v.grep(Hash) { |x| deep_munge(x) } + when Hash + deep_munge(v) + end + end + + keys = hash.keys.find_all { |k| hash[k] == [nil] } + keys.each { |k| hash[k] = nil } + hash + end + + private + + def normalize_parameters(value) + case value + when Hash + if value.has_key?(:tempfile) + upload = value[:tempfile] + upload.extend(UploadedFile) + upload.original_path = value[:filename] + upload.content_type = value[:type] + upload + else + h = {} + value.each { |k, v| h[k] = normalize_parameters(v) } + deep_munge(h.with_indifferent_access) + end + when Array + value.map { |e| normalize_parameters(e) } + else + value + end + end + + end +end diff --git a/config/initializers/theme_loader.rb b/config/initializers/theme_loader.rb new file mode 100644 index 000000000..8908dc07e --- /dev/null +++ b/config/initializers/theme_loader.rb @@ -0,0 +1,14 @@ +# This is a global array of route extensions. Alaveteli modules may add to it. +# It is used by our config/routes.rb to decide which route extension files to load. +$alaveteli_route_extensions = [] + +theme_urls = MySociety::Config.get("THEME_URLS", []) +if ENV["RAILS_ENV"] != "test" # Don't let the themes interfere with Alaveteli specs + for url in theme_urls.reverse + theme_name = url.sub(/.*\/(.*).git/, "\\1") + theme_main_include = File.expand_path "../../../vendor/plugins/#{theme_name}/lib/alavetelitheme.rb", __FILE__ + if File.exists? theme_main_include + require theme_main_include + end + end +end |