| Commit message (Collapse) | Author | Age | Lines | |
|---|---|---|---|---|
| * | Comment out spec which sends an invalid utf-8 param.0.19.0.9hotfix/0.19.0.9 | Louise Crow | 2014-10-31 | -6/+9 | 
| | | | | | | | | | | | | | | | | | | | | | | | | The original error `ActionView::Template::Error` that this spec was written to represent (#1406) occurred under ruby 1.8 when the decoded non-utf-8 string was used in the locale switcher on the 'not found' error page to generate a url for the alternative locales. Under Ruby >= 1.9, the error thrown in that situation is an `invalid byte sequence in UTF-8` error, thrown in the same place - the locale switcher. However, no error seems to be thrown when the same param is used in a request in production. The upgrade to Rails 3.2.20 causes `String.split` to be called on the request path in `actionpack/lib/action_dispatch/middleware/static.rb` in order to check for attempts to access files outside the `public` directory. This means that under Ruby >= 1.9, an `invalid byte sequence in UTF-8` error will be thrown there in running this spec. I think a possible solution is to use the `rack-utf8_sanitizer` gem to provide middleware to strip invalid utf-8 from request URIs and headers before they're processed by Rails, but it's currently unclear whether that would have any undesirable side-effects. | |||
| * | Upgrade to Rails 3.2.20 - fixes CVE-2014-7818 | Louise Crow | 2014-10-31 | -26/+26 | 
| | | | | | Arbitrary file existence disclosure in Action Pack | |||
| * | Results of running 'bundle update rails' | Louise Crow | 2014-10-31 | -3/+3 | 
| | | ||||
| * | Latest translations from Transifex0.19.0.8hotfix/0.19.0.8 | Louise Crow | 2014-10-27 | -12/+3876 | 
| | | ||||
| * | Latest translations from transifex.0.19.0.7hotfix/0.19.0.7 | Louise Crow | 2014-10-24 | -433/+435 | 
| | | ||||
| * | Merge branch 'hotfix/0.19.0.6'0.19.0.6 | Gareth Rees | 2014-09-24 | -1/+2 | 
| |\ | ||||
| | * | Redirect GET signup to signinhotfix/0.19.0.6 | Gareth Rees | 2014-09-24 | -1/+2 | 
| |/ | | | | | | | | | | | | | | | After allowing only POST requests to signup in 316b1e: > What I think will happen at least sometimes is that someone will enter > information in the signup form, submit it via a post request, and end > up on the URL /profile/signup, at which point they want to refresh and > start again, at which point they hit the URL in the address bar to do > so. Currently that would mean they get a 404. I wonder about adding > another route match '/profile/sign_up' => 'user#signin', :as => > :signin, :via => :get to handle this case. That would mean that a get > request to profile/signup renders the empty form. > > – https://github.com/mysociety/alaveteli/pull/1850#issuecomment-55387700 | |||
| * | Remove translation of interpolated variable.0.19.0.5 | Louise Crow | 2014-09-22 | -10/+10 | 
| | | ||||
| * | Update from Spanish file | Louise Crow | 2014-09-22 | -80/+85 | 
| | | ||||
| * | Latest translations from Transifex0.19.0.4hotfix/0.19.0.4 | Louise Crow | 2014-09-22 | -289/+4423 | 
| | | ||||
| * | Whitelist UserController#signup params0.19.0.3hotfix/0.19.0.3 | Gareth Rees | 2014-09-09 | -1/+15 | 
| | | | | | Protects from mass-assignment exploit attempts | |||
| * | Merge branch 'hotfix/0.19.0.2'0.19.0.2 | Gareth Rees | 2014-09-05 | -2/+4 | 
| |\ | ||||
| | * | Allow RAILS_ENV to be set in sysvinit-thinhotfix/0.19.1hotfix/0.19.0.2 | Gareth Rees | 2014-08-29 | -2/+4 | 
| | | | | | | | | | Install script on AWS uses development mode by default | |||
| * | | Add integration spec.0.19.0.1hotfix/0.19.0.1 | Louise Crow | 2014-09-01 | -0/+31 | 
| | | | ||||
| * | | Return a list of all cache directories for the request | Louise Crow | 2014-09-01 | -8/+18 | 
| | | | ||||
| * | | Use request dirs method. | Louise Crow | 2014-09-01 | -2/+1 | 
| | | | ||||
| * | | Use path relative to Rails root. | Louise Crow | 2014-09-01 | -1/+1 | 
| | | | ||||
| * | | Move method to model to make it more testable, add spec. | Louise Crow | 2014-09-01 | -8/+20 | 
| |/ | ||||
| * | Merge remote-tracking branch 'origin/release/0.19'0.19 | Gareth Rees | 2014-08-28 | -3432/+4064 | 
| |\ | ||||
| | * | Fix translation bug in variable interpolationrelease/0.19 | Louise Crow | 2014-08-28 | -3/+3 | 
| | | | ||||
| | * | Update translations | Gareth Rees | 2014-08-26 | -208/+208 | 
| | | | ||||
| | * | Update translations | Gareth Rees | 2014-08-26 | -6/+6 | 
| | | | ||||
| | * | Add note about HighlightHelper#excerpt backport | Gareth Rees | 2014-08-26 | -0/+10 | 
| | | | | | | | | | Requires Hash options | |||
| | * | Update ALAVETELI_VERSION | Gareth Rees | 2014-08-26 | -1/+1 | 
| | | | ||||
| | * | note commonlib update in changelog | Gareth Rees | 2014-08-26 | -0/+2 | 
| | | | ||||
| | * | Update translations | Gareth Rees | 2014-08-26 | -378/+399 | 
| | | | ||||
| | * | Clarify RESPONSIVE_STYLING setting | Gareth Rees | 2014-08-22 | -1/+3 | 
| | | | ||||
| | * | Update changelog version number | Gareth Rees | 2014-08-22 | -1/+1 | 
| | | | ||||
| | * | 0.19 Release Notes | Gareth Rees | 2014-08-22 | -0/+50 | 
| | | | ||||
| | * | Merge branch 'add-installability-badge' into rails-3-develop | Louise Crow | 2014-08-22 | -0/+1 | 
| | |\ | ||||
| | | * | Add badge pointing to our installability standards. | Louise Crow | 2014-08-07 | -0/+1 | 
| | | | | ||||
| | * | | Merge branch 'issues/1647-cap-thin-support' into rails-3-develop | Louise Crow | 2014-08-22 | -7/+11 | 
| | |\ \ | ||||
| | | * | | Fix typo | Louise Crow | 2014-08-22 | -1/+1 | 
| | | | | | ||||
| | | * | | fixup! Use service for stop, start, restart | Louise Crow | 2014-08-21 | -2/+2 | 
| | | | | | ||||
| | | * | | Use service for stop, start, restart | Louise Crow | 2014-08-21 | -7/+11 | 
| | | | | | ||||
| | * | | | Merge branch 'remove-glibc-patch' into rails-3-develop | Louise Crow | 2014-08-22 | -7/+1 | 
| | |\ \ \ | ||||
| | | * | | | Remove glibc patch | Louise Crow | 2014-08-21 | -7/+1 | 
| | |/ / / | | | | | | | | | | | | | Should now be patched in squeeze..thought patched in 2.11.3-1, actually patched in 2.11.3-4 http://metadata.ftp-master.debian.org/changelogs//main/e/eglibc/eglibc_2.11.3-4_changelog | |||
| | * | | | Merge branch 'issues/1505-nav-browse-requests' into rails-3-develop | Gareth Rees | 2014-08-21 | -85/+87 | 
| | |\ \ \ | | |/ / | |/| | | ||||
| | | * | | Use existing "View Requests" key for "Browse Requests" | Gareth Rees | 2014-08-21 | -82/+82 | 
| | | | | | | | | | | | | | | | | | Also for "View and search requests" --> "Browse and search requests" | |||
| | | * | | Reword View Requests to Browse Requests in nav | Gareth Rees | 2014-08-21 | -3/+5 | 
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | User testing highlighted that it was easy to mistake "View Requests" for a Facebook-style wall rather than the list of all requests. [1] [1] https://github.com/mysociety/alaveteli/issues/1505 | |||
| | * | | | Clean up fuzzy translations. | Louise Crow | 2014-08-21 | -6/+3 | 
| | | | | | ||||
| | * | | | Merge branch 'consistent-init-script-names' into rails-3-develop | Louise Crow | 2014-08-21 | -6/+6 | 
| | |\ \ \ | ||||
| | | * | | | fixup! Have install script use same init script names as manual install docs. | Louise Crow | 2014-08-21 | -2/+2 | 
| | | | | | | ||||
| | | * | | | fixup! Have install script use same init script names as manual install docs. | Louise Crow | 2014-08-21 | -1/+1 | 
| | | | | | | ||||
| | | * | | | Have install script use same init script names as manual install docs. | Louise Crow | 2014-08-21 | -4/+4 | 
| | | | | | | ||||
| | | * | | | Use init script names that match examples in documentation at alaveteli.org | Louise Crow | 2014-08-21 | -2/+2 | 
| | | | | | | ||||
| | * | | | | Merge branch 'rails-3-develop' of ↵ | Louise Crow | 2014-08-21 | -806/+945 | 
| | |\ \ \ \ | | | |/ / | | |/| | | | | | | | ssh://git.mysociety.org/data/git/public/alaveteli into rails-3-develop | |||
| | | * | | | Merge branch 'issues/1181-destroy-external-request' into rails-3-develop | Gareth Rees | 2014-08-21 | -1/+8 | 
| | | |\ \ \ | ||||
| | | | * | | | Interpolate rather than String#+ | Gareth Rees | 2014-08-18 | -1/+1 | 
| | | | | | | | | | | | | | | | | | | | https://github.com/bbatsov/ruby-style-guide#concat-strings | |||
| | | | * | | | Use different flash for fully_destroy external InfoRequest | Gareth Rees | 2014-08-18 | -1/+8 | 
| | | | |/ / | | | | | | | | | | | | | | | | Uses a different flash message to avoid trying to fetch a non existent user record | |||
