| Commit message (Collapse) | Author | Age | Lines |
|---|
| ... | |
| | |/ / / / / / / / / |
|
| | |\ \ \ \ \ \ \ \ \
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | | |
Conflicts:
locale/cy/app.po
|
| | |\ \ \ \ \ \ \ \ \ \ |
|
| | |/ / / / / / / / / /
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | | |
mySociety’s internal deployment system requires these to be
set in some capacity (even if the value is null).
|
| | | | | | | | | | | | |
|
| | | | | | | | | | | | |
|
| | | | | | | | | | | | |
|
| | |\ \ \ \ \ \ \ \ \ \ |
|
| | | | | | | | | | | | | |
|
| | | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | | |
Provide something that at least has a chance of existing and might get read
|
| | | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | | |
Defaults to 100 so use this in the example config
|
| | | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | | |
We default MTA_LOG_TYPE to exim so we can set the default log path too
|
| | | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | | |
We supply a default example for MAX_REQUESTS_PER_USER_PER_DAY so we
might as well set it as default and allow the user to tune if they
dislike the default.
|
| | | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | | |
We don't set this to true as a default so don't supply the non-default
to new installs.
|
| | | | | | | | | | | | | |
|
| | | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | | |
All our examples use the 'foi+' prefix so lets make this the default. If
people _really_ want no prefix, they can change the setting to ''. This
will probably cover the more general cases.
|
| | | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | | |
Also available at http://alaveteli.org/docs/customising/config
|
| | | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | | |
Default settings are taken from lib/configuration.rb if not set by the user.
|
| | | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | | |
Many items underneath are not administration settings
|
| | | | | | | | | | | | | |
|
| | |/ / / / / / / / / / |
|
| |\ \ \ \ \ \ \ \ \ \ \
| |_|_|_|_|_|_|_|_|_|/
|/| | | | | | | | | | |
|
| |/ / / / / / / / / /
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | | |
Breaks the mySociety internal deployment tooling.
|
| | |_|_|_|_|_|_|_|/
|/| | | | | | | |
| | | | | | | | |
| | | | | | | | | |
Provides fix for CVE-2014-7829.
|
| | | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
The original error `ActionView::Template::Error` that this spec was
written to represent (#1406) occurred under ruby 1.8 when the decoded
non-utf-8 string was used in the locale switcher on the 'not found'
error page to generate a url for the alternative locales.
Under Ruby >= 1.9, the error thrown in that situation is an `invalid
byte sequence in UTF-8` error, thrown in the same place - the locale
switcher. However, no error seems to be thrown when the same param is
used in a request in production.
The upgrade to Rails 3.2.20 causes `String.split` to be called on the
request path in `actionpack/lib/action_dispatch/middleware/static.rb` in
order to check for attempts to access files outside the `public`
directory. This means that under Ruby >= 1.9, an `invalid byte sequence
in UTF-8` error will be thrown there in running this spec.
I think a possible solution is to use the `rack-utf8_sanitizer` gem to
provide middleware to strip invalid utf-8 from request URIs and headers
before they're processed by Rails, but it's currently unclear whether
that would have any undesirable side-effects.
|
| | | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
Arbitrary file existence disclosure in Action Pack
|
| | | | | | | | | | |
|
| | | | | | | | | | |
|
| | | | | | | | | | |
|
| |\ \ \ \ \ \ \ \ \
| |_|_|_|_|_|_|/ /
|/| | | | | | | /
| | |_|_|_|_|_|/
| |/| | | | | | |
|
| |/ / / / / / /
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
After allowing only POST requests to signup in 316b1e:
> What I think will happen at least sometimes is that someone will enter
> information in the signup form, submit it via a post request, and end
> up on the URL /profile/signup, at which point they want to refresh and
> start again, at which point they hit the URL in the address bar to do
> so. Currently that would mean they get a 404. I wonder about adding
> another route match '/profile/sign_up' => 'user#signin', :as =>
> :signin, :via => :get to handle this case. That would mean that a get
> request to profile/signup renders the empty form.
>
> – https://github.com/mysociety/alaveteli/pull/1850#issuecomment-55387700
|
| | | | | | | | |
|
| | |_|_|_|_|/
|/| | | | | |
|
| | |_|_|_|/
|/| | | | |
|
| | | | | |
| | | | |
| | | | |
| | | | | |
Protects from mass-assignment exploit attempts
|
| |\ \ \ \ \
| |_|_|/ /
|/| | | /
| | |_|/
| |/| | |
|
| | | |/
| |/|
| | |
| | | |
Install script on AWS uses development mode by default
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| |/ / |
|
| |\ \ |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | |
| | |
| | |
| | | |
Requires Hash options
|
| | | | |
|
| | | | |
|
| | | | |
|
