aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeLines
* Sanitize the blog contents0.7.0.9hotfix/0.7.0.9Louise Crow2014-12-22-2/+2
|
* Sanitize the contents of HTML attachments before displayLouise Crow2014-12-22-0/+7
|
* Fix unvalidated redirectsGareth Rees2014-12-22-3/+3
|
* Don't allow script execution from the cache directoryLouise Crow2014-12-22-0/+6
|
* Whitelist user controller signup params0.7.0.8hotfix/0.7.0.8Louise Crow2014-09-09-1/+16
|
* Fix caching of non-default locale cached attachments0.7.0.7hotfix/0.7.0.7Louise Crow2014-09-04-10/+36
|
* Fix a security vulnerability: eval used in quoting display name0.7.0.6Mark Longair2013-06-17-1/+1
| | | | | This use of eval allows arbitrary remote code execution on parsing of a maliciously formed email.
* Merge remote-tracking branch 'origin/hotfix/0.7.0.3' into hotfix/0.7.0.6Mark Longair2013-06-17-27/+27
|\ | | | | | | | | 0.7.0.3 was missed out from 0.7.0.4, but looks as if it should have been included, so merge into the 0.7.0.6 release.
| * Mark the public body notes as html safe.hotfix/0.7.0.3Louise Crow2013-02-17-27/+27
| |
* | Merge branch 'hotfix/0.7.0.5'Louise Crow2013-03-18-20/+20
|\ \
| * | Upgrade to Rails 2.3.18 to get fixes for CVE-2013-1855, CVE-2013-1856, ↵hotfix/0.7.0.5Louise Crow2013-03-18-20/+20
|/ / | | | | | | CVE-2013-1857.
* | Merge branch 'hotfix/0.7.0.4'Louise Crow2013-03-14-1951/+1977
|\ \ | |/ |/|
| * Latest translations from transifex.hotfix/0.7.0.4Louise Crow2013-03-14-1951/+1977
|/
* Merge branch 'hotfix/0.7.0.2'0.7.0.2Louise Crow2013-02-16-5/+5
|\
| * Don't escape public body notes as html.hotfix/0.7.0.2Louise Crow2013-02-16-5/+5
|/
* Merge branch 'hotfix/0.7.0.1'0.7.0.1Louise Crow2013-02-15-0/+35
|\
| * Handle the case where the subject is not setLouise Crow2013-02-15-2/+2
| |
| * Fix for #808. SafeBuffer and ActionMailer::Quoting.quoted_printable don't ↵Louise Crow2013-02-15-0/+35
|/ | | | play well together, so convert all subject lines to strings before passing them off to actionmailer.
* Merge branch 'release/0.7'0.7.00.7Louise Crow2013-02-14-53971/+12794
|\
| * Silence printing of Erubis version number to stdout - can result in bounces ↵Louise Crow2013-02-14-1/+7
| | | | | | | | to incoming mail depending on your mail config.
| * Rename spec file so that it's picked up by rake spec.Louise Crow2013-02-14-0/+0
| |
| * Bump Alaveteli version number.release/0.7Louise Crow2013-02-14-1/+1
| |
| * Latest translations from transifex.Louise Crow2013-02-14-377/+380
| |
| * Remove memcached config for test environment, not using interlock anymore.Louise Crow2013-02-14-2/+0
| |
| * Missing Gemfile.lock from 55eb8c0Louise Crow2013-02-11-17/+17
| |
| * Upgrade JSON gem to get fix for CVE-2013-0269. Update to latest Rails 2-3 ↵Louise Crow2013-02-11-5/+5
| | | | | | | | series - has fixes for CVE-2013-0277, CVE-2013-0276, although alaveteli does not use attr_protected or serialize.
| * Merge remote-tracking branch ↵Louise Crow2013-02-11-3/+4
| |\ | | | | | | | | | 'openaustralia_github/various_xss_escaping_fixes' into release/0.7
| | * Don't escape link html on foi email display pageMatthew Landauer2013-02-11-2/+2
| | |
| | * Don't escape links that are automatically added in user biosMatthew Landauer2013-02-11-1/+2
| | |
| * | Add full stop.Louise Crow2013-02-11-1/+1
| | |
| * | Adding some initial change notes.Louise Crow2013-02-08-21/+34
| |/
| * Restore old trailing whitespace so no need for any change to translation files.Louise Crow2013-02-08-2/+2
| |
| * Latest translations from transifexLouise Crow2013-02-08-236/+3478
| |
| * Convert .po files to a standard msgmerge format - --no-wrap --sort-output ↵Louise Crow2013-02-08-19190/+8816
| | | | | | | | --no-location.
| * Simple task for converting .po files to a standard msgmerge format.Louise Crow2013-02-08-3/+12
| |
| * Use helper method which handles external requests without user accounts when ↵Louise Crow2013-02-08-5/+5
| | | | | | | | displaying lists of info request events on a user's wall.
| * Mark constructed URL strings which have been escaped as safe, so that they ↵Louise Crow2013-02-08-4/+5
| | | | | | | | aren't escaped when shown in flash notices.
| * Mark popup banner as html_safeLouise Crow2013-02-08-1/+1
| |
| * Mark flash string with markup in it as html safe.Louise Crow2013-02-08-1/+1
| |
| * Use raw on text with markup in it.Louise Crow2013-02-08-3/+3
| |
| * Mark flash with markup in it as html safe.Louise Crow2013-02-08-1/+1
| |
| * Merge remote-tracking branch 'openaustralia_github/more_escaping_fixes' into ↵Louise Crow2013-02-07-6/+6
| |\ | | | | | | | | | develop
| | * Fix escaping of raw email display in admin interfaceMatthew Landauer2013-02-07-1/+1
| | |
| | * Fix calendar picker on request search pageMatthew Landauer2013-02-07-5/+5
| | |
| * | Merge remote-tracking branch ↵Louise Crow2013-02-07-1/+0
| |\ \ | | |/ | |/| | | | 'openaustralia_github/email_fix_on_contact_page' into develop
| | * Fix email link on contact page after escaping changesMatthew Landauer2013-02-07-1/+0
| | |
| * | Rescue an invalid character exception when handling what appears to be badly ↵Louise Crow2013-02-06-1/+1
| | | | | | | | | | | | encoded data.
| * | Merge remote-tracking branch ↵Louise Crow2013-02-01-13/+8
| |\ \ | | | | | | | | | | | | 'openaustralia_github/backport_timezone_spec_rails_3_fix' into develop
| | * | read_attribute does timezone conversion in rails 3. So using ↵Matthew Landauer2013-01-25-13/+8
| | | | | | | | | | | | | | | | attributes_before_type_cast instead
| * | | Merge remote-tracking branch ↵Louise Crow2013-02-01-7/+7
| |\ \ \ | | | | | | | | | | | | | | | 'openaustralia_github/use_url_helpers_in_redirect_tests' into develop
generated by cgit v1.2.3 (git 2.25.1) at 2025-09-03 15:23:25 +0000