diff options
Diffstat (limited to 'config')
| -rw-r--r-- | config/general.yml-example | 5 | ||||
| -rw-r--r-- | config/initializers/fast_gettext.rb | 4 | ||||
| -rw-r--r-- | config/initializers/strip_nil_parameters_patch.rb | 51 | ||||
| -rw-r--r-- | config/test.yml | 2 |
4 files changed, 56 insertions, 6 deletions
diff --git a/config/general.yml-example b/config/general.yml-example index 5653f89bc..019eb7ada 100644 --- a/config/general.yml-example +++ b/config/general.yml-example @@ -157,8 +157,3 @@ VARNISH_HOST: localhost # Adding a value here will enable Google Analytics on all non-admin pages. GA_CODE: '' - -# We need to add the WDTK survey variables here, or else the deployment -# system will cry. -SURVEY_SECRET: '' -SURVEY_URL: '' diff --git a/config/initializers/fast_gettext.rb b/config/initializers/fast_gettext.rb index 9049fd8ed..721c49cd0 100644 --- a/config/initializers/fast_gettext.rb +++ b/config/initializers/fast_gettext.rb @@ -1,3 +1,7 @@ Encoding.default_external = 'UTF-8' if RUBY_VERSION.to_f >= 1.9 FastGettext.add_text_domain 'app', :path => File.join(Rails.root, 'locale'), :type => :po FastGettext.default_text_domain = 'app' + +I18n::Backend::Simple.send(:include, I18n::Backend::Fallbacks) + + diff --git a/config/initializers/strip_nil_parameters_patch.rb b/config/initializers/strip_nil_parameters_patch.rb new file mode 100644 index 000000000..35d0a28c5 --- /dev/null +++ b/config/initializers/strip_nil_parameters_patch.rb @@ -0,0 +1,51 @@ +# Stolen from https://raw.github.com/mysociety/fixmytransport/fa9b014eb2628c300693e055f129cb8959772082/config/initializers/strip_nil_parameters_patch.rb + +# Monkey patch for CVE-2012-2660 on Rails 2.3.14 + +# Strip [nil] from parameters hash +# based on a pull request from @sebbacon +# https://github.com/rails/rails/pull/6580 + +module ActionController + class Request < Rack::Request + protected + def deep_munge(hash) + hash.each_value do |v| + case v + when Array + v.grep(Hash) { |x| deep_munge(x) } + when Hash + deep_munge(v) + end + end + + keys = hash.keys.find_all { |k| hash[k] == [nil] } + keys.each { |k| hash[k] = nil } + hash + end + + private + + def normalize_parameters(value) + case value + when Hash + if value.has_key?(:tempfile) + upload = value[:tempfile] + upload.extend(UploadedFile) + upload.original_path = value[:filename] + upload.content_type = value[:type] + upload + else + h = {} + value.each { |k, v| h[k] = normalize_parameters(v) } + deep_munge(h.with_indifferent_access) + end + when Array + value.map { |e| normalize_parameters(e) } + else + value + end + end + + end +end diff --git a/config/test.yml b/config/test.yml index 460d7c6c1..6e34340ff 100644 --- a/config/test.yml +++ b/config/test.yml @@ -22,7 +22,7 @@ BLOG_FEED: 'http://www.mysociety.org/category/projects/whatdotheyknow/feed/' TWITTER_USERNAME: 'alaveteli_foi' # Locales we wish to support in this app, space-delimited -AVAILABLE_LOCALES: 'en es' +AVAILABLE_LOCALES: 'en es en_GB' DEFAULT_LOCALE: 'en' # if 'true', respect the user's choice of language in the browser |