aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeLines
* Handle non-UTF8 encoding in ruby 1.9 and aboveadd-widget-hotfixedLouise Crow2015-06-25-5/+56
|
* Use BASH_SOURCE to return the script path.Louise Crow2015-06-23-2/+2
| | | | | It is reliable in the case where the script is sourced from another script.
* Remove debug lineLouise Crow2015-06-04-1/+0
|
* Make sure spelling corrections are encoded as UTF-8Louise Crow2015-06-04-1/+108
|
* Fix encoding issue with searching for macronsCaleb2015-06-04-35/+48
| | | | Correct indentation to be consistent
* Address#to_s changes the input passed to it - dup before calling.Louise Crow2015-06-04-3/+165
| | | | Otherwise UTF-8 encoded strings will be returned as ASCII-8BIT.
* Handle unparsed email contents as binary.Louise Crow2015-06-04-29/+62
| | | | | | | | | | | I think I was wrong in a83b379fd2d676172855825d0592937b234371e2 in assuming that all email gets properly encoded for transfer. Looking at the mail gem load method https://github.com/mikel/mail/blob/b159e0a542962fdd5e292a48cfffa560d7cf412e/lib/mail/mail.rb#L175a, it reads raw email content from a file in binary mode. So this commit makes both reading and writing the raw_email a binary mode operation and adds a data_as_text method for displaying the data in the admin interface that coerces it to valid utf-8.
* Use a relative path in call to pdftohtml.Louise Crow2015-06-04-2/+2
| | | | | | | | pdftohtml will use the file path as the basis for generating the image links in the generated HTML, so we want them to be relative, not absolute. Ruby 1.9 tempfile.path will generate an absolute path when given the current directory as the tmpdir, whilst 2.0 and 1.8 will use a relative one.
* Force the encoding of values returned from YAML.Louise Crow2015-05-08-3/+27
| | | | | | | | | This is a workaround for an issue where YAML in ruby 1.8 tags UTF-8 heavy strings as binary, resulting in them being retrieved under 1.9 as ASCII-8BIT which can't be concatenated with UTF-8. Described as "Deep deep YAML oddness" in https://www.zendesk.com/blog/upgrade-the-road-to-1-9/.
* Make the namespace for memcached dependent on ruby version.Louise Crow2015-05-08-1/+2
| | | | Items cached in 1.8 can't safely be retrieved in 1.9
* Set binary mode to false in call to pdftohtmlLouise Crow2015-05-07-4/+16
| | | | | We want the HTML to be encoding in the default encoding so that it can be combined with other strings.
* Sanitize the blog contentsLouise Crow2014-12-22-3/+15
|
* Sanitize the contents of HTML attachments before displayLouise Crow2014-12-22-0/+39
|
* Fix unvalidated redirectsGareth Rees2014-12-22-3/+3
|
* Don't comment out example configurationGareth Rees2014-12-22-6/+16
| | | | Breaks the mySociety internal deployment tooling.
* Show "votes" along with tracks in widgetJody McIntyre2014-11-17-1/+1
|
* Add controller for non-logged in "voting"Jody McIntyre2014-11-17-6/+23
|
* Send widget_vote cookie when user not logged inJody McIntyre2014-11-17-0/+4
|
* Add model to track "votes" for a requestJody McIntyre2014-11-17-0/+19
|
* Don't open the request in the widget iframeJody McIntyre2014-11-17-1/+1
|
* Center count textJody McIntyre2014-11-17-0/+2
|
* Add link to widgetJody McIntyre2014-11-17-1/+5
|
* Add widget for info requestsJody McIntyre2014-11-17-0/+212
|
* Upgrade to Rails 3.2.210.19.0.10hotfix/0.19.0.10Louise Crow2014-11-17-26/+26
| | | | Provides fix for CVE-2014-7829.
* Comment out spec which sends an invalid utf-8 param.0.19.0.9hotfix/0.19.0.9Louise Crow2014-10-31-6/+9
| | | | | | | | | | | | | | | | | | | | | | | The original error `ActionView::Template::Error` that this spec was written to represent (#1406) occurred under ruby 1.8 when the decoded non-utf-8 string was used in the locale switcher on the 'not found' error page to generate a url for the alternative locales. Under Ruby >= 1.9, the error thrown in that situation is an `invalid byte sequence in UTF-8` error, thrown in the same place - the locale switcher. However, no error seems to be thrown when the same param is used in a request in production. The upgrade to Rails 3.2.20 causes `String.split` to be called on the request path in `actionpack/lib/action_dispatch/middleware/static.rb` in order to check for attempts to access files outside the `public` directory. This means that under Ruby >= 1.9, an `invalid byte sequence in UTF-8` error will be thrown there in running this spec. I think a possible solution is to use the `rack-utf8_sanitizer` gem to provide middleware to strip invalid utf-8 from request URIs and headers before they're processed by Rails, but it's currently unclear whether that would have any undesirable side-effects.
* Upgrade to Rails 3.2.20 - fixes CVE-2014-7818Louise Crow2014-10-31-26/+26
| | | | Arbitrary file existence disclosure in Action Pack
* Results of running 'bundle update rails'Louise Crow2014-10-31-3/+3
|
* Latest translations from Transifex0.19.0.8hotfix/0.19.0.8Louise Crow2014-10-27-12/+3876
|
* Latest translations from transifex.0.19.0.7hotfix/0.19.0.7Louise Crow2014-10-24-433/+435
|
* Merge branch 'hotfix/0.19.0.6'0.19.0.6Gareth Rees2014-09-24-1/+2
|\
| * Redirect GET signup to signinhotfix/0.19.0.6Gareth Rees2014-09-24-1/+2
|/ | | | | | | | | | | | | | | After allowing only POST requests to signup in 316b1e: > What I think will happen at least sometimes is that someone will enter > information in the signup form, submit it via a post request, and end > up on the URL /profile/signup, at which point they want to refresh and > start again, at which point they hit the URL in the address bar to do > so. Currently that would mean they get a 404. I wonder about adding > another route match '/profile/sign_up' => 'user#signin', :as => > :signin, :via => :get to handle this case. That would mean that a get > request to profile/signup renders the empty form. > > – https://github.com/mysociety/alaveteli/pull/1850#issuecomment-55387700
* Remove translation of interpolated variable.0.19.0.5Louise Crow2014-09-22-10/+10
|
* Update from Spanish fileLouise Crow2014-09-22-80/+85
|
* Latest translations from Transifex0.19.0.4hotfix/0.19.0.4Louise Crow2014-09-22-289/+4423
|
* Whitelist UserController#signup params0.19.0.3hotfix/0.19.0.3Gareth Rees2014-09-09-1/+15
| | | | Protects from mass-assignment exploit attempts
* Merge branch 'hotfix/0.19.0.2'0.19.0.2Gareth Rees2014-09-05-2/+4
|\
| * Allow RAILS_ENV to be set in sysvinit-thinhotfix/0.19.1hotfix/0.19.0.2Gareth Rees2014-08-29-2/+4
| | | | | | | | Install script on AWS uses development mode by default
* | Add integration spec.0.19.0.1hotfix/0.19.0.1Louise Crow2014-09-01-0/+31
| |
* | Return a list of all cache directories for the requestLouise Crow2014-09-01-8/+18
| |
* | Use request dirs method.Louise Crow2014-09-01-2/+1
| |
* | Use path relative to Rails root.Louise Crow2014-09-01-1/+1
| |
* | Move method to model to make it more testable, add spec.Louise Crow2014-09-01-8/+20
|/
* Merge remote-tracking branch 'origin/release/0.19'0.19Gareth Rees2014-08-28-3432/+4064
|\
| * Fix translation bug in variable interpolationrelease/0.19Louise Crow2014-08-28-3/+3
| |
| * Update translationsGareth Rees2014-08-26-208/+208
| |
| * Update translationsGareth Rees2014-08-26-6/+6
| |
| * Add note about HighlightHelper#excerpt backportGareth Rees2014-08-26-0/+10
| | | | | | | | Requires Hash options
| * Update ALAVETELI_VERSIONGareth Rees2014-08-26-1/+1
| |
| * note commonlib update in changelogGareth Rees2014-08-26-0/+2
| |
| * Update translationsGareth Rees2014-08-26-378/+399
| |
generated by cgit v1.2.3 (git 2.25.1) at 2025-09-01 21:28:59 +0000