aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeLines
* Upgrade to Rails 3.2.210.19.0.10hotfix/0.19.0.10Louise Crow2014-11-17-26/+26
| | | | Provides fix for CVE-2014-7829.
* Comment out spec which sends an invalid utf-8 param.0.19.0.9hotfix/0.19.0.9Louise Crow2014-10-31-6/+9
| | | | | | | | | | | | | | | | | | | | | | | The original error `ActionView::Template::Error` that this spec was written to represent (#1406) occurred under ruby 1.8 when the decoded non-utf-8 string was used in the locale switcher on the 'not found' error page to generate a url for the alternative locales. Under Ruby >= 1.9, the error thrown in that situation is an `invalid byte sequence in UTF-8` error, thrown in the same place - the locale switcher. However, no error seems to be thrown when the same param is used in a request in production. The upgrade to Rails 3.2.20 causes `String.split` to be called on the request path in `actionpack/lib/action_dispatch/middleware/static.rb` in order to check for attempts to access files outside the `public` directory. This means that under Ruby >= 1.9, an `invalid byte sequence in UTF-8` error will be thrown there in running this spec. I think a possible solution is to use the `rack-utf8_sanitizer` gem to provide middleware to strip invalid utf-8 from request URIs and headers before they're processed by Rails, but it's currently unclear whether that would have any undesirable side-effects.
* Upgrade to Rails 3.2.20 - fixes CVE-2014-7818Louise Crow2014-10-31-26/+26
| | | | Arbitrary file existence disclosure in Action Pack
* Results of running 'bundle update rails'Louise Crow2014-10-31-3/+3
|
* Latest translations from Transifex0.19.0.8hotfix/0.19.0.8Louise Crow2014-10-27-12/+3876
|
* Latest translations from transifex.0.19.0.7hotfix/0.19.0.7Louise Crow2014-10-24-433/+435
|
* Merge branch 'hotfix/0.19.0.6'0.19.0.6Gareth Rees2014-09-24-1/+2
|\
| * Redirect GET signup to signinhotfix/0.19.0.6Gareth Rees2014-09-24-1/+2
|/ | | | | | | | | | | | | | | After allowing only POST requests to signup in 316b1e: > What I think will happen at least sometimes is that someone will enter > information in the signup form, submit it via a post request, and end > up on the URL /profile/signup, at which point they want to refresh and > start again, at which point they hit the URL in the address bar to do > so. Currently that would mean they get a 404. I wonder about adding > another route match '/profile/sign_up' => 'user#signin', :as => > :signin, :via => :get to handle this case. That would mean that a get > request to profile/signup renders the empty form. > > – https://github.com/mysociety/alaveteli/pull/1850#issuecomment-55387700
* Remove translation of interpolated variable.0.19.0.5Louise Crow2014-09-22-10/+10
|
* Update from Spanish fileLouise Crow2014-09-22-80/+85
|
* Latest translations from Transifex0.19.0.4hotfix/0.19.0.4Louise Crow2014-09-22-289/+4423
|
* Whitelist UserController#signup params0.19.0.3hotfix/0.19.0.3Gareth Rees2014-09-09-1/+15
| | | | Protects from mass-assignment exploit attempts
* Merge branch 'hotfix/0.19.0.2'0.19.0.2Gareth Rees2014-09-05-2/+4
|\
| * Allow RAILS_ENV to be set in sysvinit-thinhotfix/0.19.1hotfix/0.19.0.2Gareth Rees2014-08-29-2/+4
| | | | | | | | Install script on AWS uses development mode by default
* | Add integration spec.0.19.0.1hotfix/0.19.0.1Louise Crow2014-09-01-0/+31
| |
* | Return a list of all cache directories for the requestLouise Crow2014-09-01-8/+18
| |
* | Use request dirs method.Louise Crow2014-09-01-2/+1
| |
* | Use path relative to Rails root.Louise Crow2014-09-01-1/+1
| |
* | Move method to model to make it more testable, add spec.Louise Crow2014-09-01-8/+20
|/
* Merge remote-tracking branch 'origin/release/0.19'0.19Gareth Rees2014-08-28-3432/+4064
|\
| * Fix translation bug in variable interpolationrelease/0.19Louise Crow2014-08-28-3/+3
| |
| * Update translationsGareth Rees2014-08-26-208/+208
| |
| * Update translationsGareth Rees2014-08-26-6/+6
| |
| * Add note about HighlightHelper#excerpt backportGareth Rees2014-08-26-0/+10
| | | | | | | | Requires Hash options
| * Update ALAVETELI_VERSIONGareth Rees2014-08-26-1/+1
| |
| * note commonlib update in changelogGareth Rees2014-08-26-0/+2
| |
| * Update translationsGareth Rees2014-08-26-378/+399
| |
| * Clarify RESPONSIVE_STYLING settingGareth Rees2014-08-22-1/+3
| |
| * Update changelog version numberGareth Rees2014-08-22-1/+1
| |
| * 0.19 Release NotesGareth Rees2014-08-22-0/+50
| |
| * Merge branch 'add-installability-badge' into rails-3-developLouise Crow2014-08-22-0/+1
| |\
| | * Add badge pointing to our installability standards.Louise Crow2014-08-07-0/+1
| | |
| * | Merge branch 'issues/1647-cap-thin-support' into rails-3-developLouise Crow2014-08-22-7/+11
| |\ \
| | * | Fix typoLouise Crow2014-08-22-1/+1
| | | |
| | * | fixup! Use service for stop, start, restartLouise Crow2014-08-21-2/+2
| | | |
| | * | Use service for stop, start, restartLouise Crow2014-08-21-7/+11
| | | |
| * | | Merge branch 'remove-glibc-patch' into rails-3-developLouise Crow2014-08-22-7/+1
| |\ \ \
| | * | | Remove glibc patchLouise Crow2014-08-21-7/+1
| |/ / / | | | | | | | | | | | | Should now be patched in squeeze..thought patched in 2.11.3-1, actually patched in 2.11.3-4 http://metadata.ftp-master.debian.org/changelogs//main/e/eglibc/eglibc_2.11.3-4_changelog
| * | | Merge branch 'issues/1505-nav-browse-requests' into rails-3-developGareth Rees2014-08-21-85/+87
| |\ \ \ | | |/ / | |/| |
| | * | Use existing "View Requests" key for "Browse Requests"Gareth Rees2014-08-21-82/+82
| | | | | | | | | | | | | | | | Also for "View and search requests" --> "Browse and search requests"
| | * | Reword View Requests to Browse Requests in navGareth Rees2014-08-21-3/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | User testing highlighted that it was easy to mistake "View Requests" for a Facebook-style wall rather than the list of all requests. [1] [1] https://github.com/mysociety/alaveteli/issues/1505
| * | | Clean up fuzzy translations.Louise Crow2014-08-21-6/+3
| | | |
| * | | Merge branch 'consistent-init-script-names' into rails-3-developLouise Crow2014-08-21-6/+6
| |\ \ \
| | * | | fixup! Have install script use same init script names as manual install docs.Louise Crow2014-08-21-2/+2
| | | | |
| | * | | fixup! Have install script use same init script names as manual install docs.Louise Crow2014-08-21-1/+1
| | | | |
| | * | | Have install script use same init script names as manual install docs.Louise Crow2014-08-21-4/+4
| | | | |
| | * | | Use init script names that match examples in documentation at alaveteli.orgLouise Crow2014-08-21-2/+2
| | | | |
| * | | | Merge branch 'rails-3-develop' of ↵Louise Crow2014-08-21-806/+945
| |\ \ \ \ | | | |/ / | | |/| | | | | | | ssh://git.mysociety.org/data/git/public/alaveteli into rails-3-develop
| | * | | Merge branch 'issues/1181-destroy-external-request' into rails-3-developGareth Rees2014-08-21-1/+8
| | |\ \ \
| | | * | | Interpolate rather than String#+Gareth Rees2014-08-18-1/+1
| | | | | | | | | | | | | | | | | | https://github.com/bbatsov/ruby-style-guide#concat-strings
generated by cgit v1.2.3 (git 2.25.1) at 2025-09-14 07:42:58 +0000