From b218a53bf78455252c2701815ee9ec4cf7ed58f0 Mon Sep 17 00:00:00 2001
From: danielvincent <danielgrippi@gmail.com>
Date: Tue, 19 Oct 2010 14:06:44 -0700
Subject: [PATCH 1/3] fancyboxes have title bars now, kind of.

---
 app/views/albums/_new_album.haml         | 18 ++++++++-------
 app/views/aspects/_new_aspect.haml       | 18 +++++++++------
 app/views/invitations/_new.haml          | 29 +++++++++++++-----------
 app/views/requests/_new_request.haml     | 28 ++++++++++++-----------
 public/stylesheets/sass/application.sass | 14 ++++++++++++
 5 files changed, 66 insertions(+), 41 deletions(-)

diff --git a/app/views/albums/_new_album.haml b/app/views/albums/_new_album.haml
index 07431d20c..d7bd2d997 100644
--- a/app/views/albums/_new_album.haml
+++ b/app/views/albums/_new_album.haml
@@ -2,12 +2,14 @@
 -#   licensed under the Affero General Public License version 3 or later.  See
 -#   the COPYRIGHT file.
 
-%h1=t('.add_a_new_album')
+.span-12.last
+  .modal_title_bar
+    %h4= t('.add_a_new_album')
 
-= form_for Album.new do |f|
-  = f.error_messages
-  %p
-    = f.label :name
-    = f.text_field :name
-    = f.hidden_field :to, :value => aspect
-  = f.submit t('.create'), :class => 'button'
+  = form_for Album.new do |f|
+    = f.error_messages
+    %p
+      = f.label :name
+      = f.text_field :name
+      = f.hidden_field :to, :value => aspect
+    = f.submit t('.create'), :class => 'button'
diff --git a/app/views/aspects/_new_aspect.haml b/app/views/aspects/_new_aspect.haml
index 151ab07d4..a3dec9d31 100644
--- a/app/views/aspects/_new_aspect.haml
+++ b/app/views/aspects/_new_aspect.haml
@@ -2,10 +2,14 @@
 -#   licensed under the Affero General Public License version 3 or later.  See
 -#   the COPYRIGHT file.
 
-%h1=t('.add_a_new_aspect')
-= form_for Aspect.new do |aspect|
-  = aspect.error_messages
-  %p
-    = aspect.label :name
-    = aspect.text_field :name
-    = aspect.submit t('.create'), :class => 'button'
+.span-12.last
+  .modal_title_bar
+    %h4= t('.add_a_new_aspect')
+
+  = form_for Aspect.new do |aspect|
+    = aspect.error_messages
+    %p
+      = aspect.label :name
+      = aspect.text_field :name
+      = aspect.submit t('.create'), :class => 'button'
+
diff --git a/app/views/invitations/_new.haml b/app/views/invitations/_new.haml
index 8c540092b..8619562a3 100644
--- a/app/views/invitations/_new.haml
+++ b/app/views/invitations/_new.haml
@@ -1,15 +1,18 @@
-%h2 Send invitation
-= form_for User.new, :url => invitation_path(User) do |invite|
-  %p
-    = invite.label :email
-    = invite.text_field :email
-  To
-  - unless @aspect.is_a? Aspect
-    = invite.select(:aspects, @aspects_dropdown_array)
-  - else 
-    = invite.select(:aspects, @aspects_dropdown_array, :selected => @aspect.id)
-  Message:
-  = invite.text_area :invite_messages
+.span-12.last
+  .modal_title_bar
+    %h4 Send invitation
 
-  %p= invite.submit "Send an invitation"
+  = form_for User.new, :url => invitation_path(User) do |invite|
+    %p
+      = invite.label :email
+      = invite.text_field :email
+    To
+    - unless @aspect.is_a? Aspect
+      = invite.select(:aspects, @aspects_dropdown_array)
+    - else 
+      = invite.select(:aspects, @aspects_dropdown_array, :selected => @aspect.id)
+    Message:
+    = invite.text_area :invite_messages
+
+    %p= invite.submit "Send an invitation"
 
diff --git a/app/views/requests/_new_request.haml b/app/views/requests/_new_request.haml
index 68ee5922e..4c12486b8 100644
--- a/app/views/requests/_new_request.haml
+++ b/app/views/requests/_new_request.haml
@@ -2,20 +2,22 @@
 -#   licensed under the Affero General Public License version 3 or later.  See
 -#   the COPYRIGHT file.
 
-%h1
-  =t('.add_a_new_friend_to')
-  %i= aspect.name
+.span-12.last
+  .modal_title_bar
+    %h4
+      =t('.add_a_new_friend_to')
+      %i= aspect.name
 
-= form_for Request.new do |fr_request|
-  = fr_request.error_messages
+  = form_for Request.new do |fr_request|
+    = fr_request.error_messages
 
-  =t('.enter_a_diaspora_username')
-  %br
-  %i= t '.your_diaspora_username_is', :diaspora_handle  => current_user.diaspora_handle
+    =t('.enter_a_diaspora_username')
+    %br
+    %i= t '.your_diaspora_username_is', :diaspora_handle  => current_user.diaspora_handle
 
-  %p
-    = fr_request.label :destination_url, t(".friends_username")
-    = fr_request.text_field :destination_url
-  = fr_request.hidden_field :aspect_id, :value => aspect.id
-  = fr_request.submit
+    %p
+      = fr_request.label :destination_url, t(".friends_username")
+      = fr_request.text_field :destination_url
+    = fr_request.hidden_field :aspect_id, :value => aspect.id
+    = fr_request.submit
 
diff --git a/public/stylesheets/sass/application.sass b/public/stylesheets/sass/application.sass
index 360d64967..bac5ca956 100644
--- a/public/stylesheets/sass/application.sass
+++ b/public/stylesheets/sass/application.sass
@@ -341,6 +341,7 @@ li.message
         :display block
         :height 100%
         :padding 2px 5px
+        :cursor default
 
         &:hover
           :background
@@ -1044,3 +1045,16 @@ header
 
   h2
     :display inline
+
+.modal_title_bar
+  :width 100%
+  :background
+    :color #333
+  :margin
+    :bottom 2em
+  h4
+    :color #fff
+    :padding 10px 20px
+    :font
+      :size small
+

From 8dbd61f167120881eec03ebd4ab5f368ae5d5ef9 Mon Sep 17 00:00:00 2001
From: Alec Leamas <leamas.alec@gmail.com>
Date: Tue, 19 Oct 2010 23:39:22 +0200
Subject: [PATCH 2/3] Point fix: error in diaspora-setup (x2) blocks build.

---
 pkg/fedora/diaspora-setup | 7 ++++---
 pkg/ubuntu/diaspora-setup | 7 ++++---
 2 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/pkg/fedora/diaspora-setup b/pkg/fedora/diaspora-setup
index a1df72fbc..0fa90dc9e 100755
--- a/pkg/fedora/diaspora-setup
+++ b/pkg/fedora/diaspora-setup
@@ -43,13 +43,14 @@ fi
 chmod 777 /var/lib/diaspora/uploads
 chown -R diaspora /var/log/diaspora
 
+hostname=$( awk '/pod_url:/ { print $2; exit }' <config/app_config.yml)
+
 if [ -n "$arg_hostname" ]; then
-    sed -i "/pod_url:/s/$hostname/$arg_hostname/g" config/app_config.yml &&
+    sed -i "/pod_url:/s|$hostname|$arg_hostname|g" config/app_config.yml &&
         echo "config/app_config.yml updated."
     exit 0
 fi
 
-hostname=$( awk '/pod_url:/ { print $2; exit }' <config/app_config.yml)
 while : ; do
     echo "Current hostname is \"$hostname\""
     echo -n "Enter new hostname [$hostname] :"
@@ -57,7 +58,7 @@ while : ; do
     echo -n "Use hostname \"$new_hostname\" as pod_url (Yes/No) [Yes]? :"
     read yesno garbage
     test "${yesno:0:1}" = 'y' -o "${yesno:0:1}" = 'Y' -o -z "$yesno" && {
-        sed -i "/pod_url:/s/$hostname/$new_hostname/g" config/app_config.yml &&
+        sed -i "/pod_url:/s|$hostname|$new_hostname|g" config/app_config.yml &&
             echo "config/app_config.yml updated."
         break
     }
diff --git a/pkg/ubuntu/diaspora-setup b/pkg/ubuntu/diaspora-setup
index 4b9207fd3..3f2c0266c 100755
--- a/pkg/ubuntu/diaspora-setup
+++ b/pkg/ubuntu/diaspora-setup
@@ -46,13 +46,14 @@ fi
 chmod 777 /var/lib/diaspora/uploads
 chown -R diaspora /var/log/diaspora
 
+hostname=$( awk '/pod_url:/ { print $2; exit }' <config/app_config.yml)
+
 if [ -n "$arg_hostname" ]; then
-    sed -i "/pod_url:/s/$hostname/$arg_hostname/g" config/app_config.yml &&
+    sed -i "/pod_url:/s|$hostname|$arg_hostname|g" config/app_config.yml &&
         echo "config/app_config.yml updated."
     exit 0
 fi
 
-hostname=$( awk '/pod_url:/ { print $2; exit }' <config/app_config.yml)
 while : ; do
     echo "Current hostname is \"$hostname\""
     echo -n "Enter new hostname [$hostname] :"
@@ -60,7 +61,7 @@ while : ; do
     echo -n "Use hostname \"$new_hostname\" as pod_url (Yes/No) [Yes]? :"
     read yesno garbage
     test "${yesno:0:1}" = 'y' -o "${yesno:0:1}" = 'Y' -o -z "$yesno" && {
-        sed -i "/pod_url:/s/$hostname/$new_hostname/g" config/app_config.yml &&
+        sed -i "/pod_url:/s|$hostname|$new_hostname|g" config/app_config.yml &&
             echo "config/app_config.yml updated."
         break
     }

From 4e9e7167836b9f838aa9e79084f86394cf27a187 Mon Sep 17 00:00:00 2001
From: ilya <ilya@laptop.(none)>
Date: Tue, 19 Oct 2010 15:42:40 -0700
Subject: [PATCH 3/3] another attack vector spec

---
 spec/models/user/attack_vectors_spec.rb | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/spec/models/user/attack_vectors_spec.rb b/spec/models/user/attack_vectors_spec.rb
index 625969bef..ebab7cf37 100644
--- a/spec/models/user/attack_vectors_spec.rb
+++ b/spec/models/user/attack_vectors_spec.rb
@@ -8,6 +8,8 @@ describe User do
 
   let(:user) { Factory(:user) }
   let(:aspect) { user.aspect(:name => 'heroes') }
+  
+  let(:bad_user) { Factory(:user)}
 
   let(:user2) { Factory(:user) }
   let(:aspect2) { user2.aspect(:name => 'losers') }
@@ -20,6 +22,26 @@ describe User do
     friend_users(user, aspect, user3, aspect3)
   end
 
+  context 'non-friend valid user' do
+    
+    it 'raises if receives post by non-friend' do
+      pending "need to that posts come from friends.... requests need special treatment(because the person may not be in the db)"
+      post_from_non_friend = bad_user.build_post( :status_message, :message => 'hi')
+      xml = bad_user.salmon(post_from_non_friend).xml_for(user.person)
+
+      post_from_non_friend.delete
+      bad_user.delete
+
+      post_count = Post.count
+      proc{ user.receive_salmon(xml) }.should raise_error /Not friends with that person/
+
+      user.raw_visible_posts.include?(post_from_non_friend).should be false
+
+      Post.count.should == post_count
+    end
+
+  end
+
   context 'malicious friend attack vector' do
     it 'overwrites messages with a different user' do 
       original_message = user2.post :status_message, :message => 'store this!', :to => aspect2.id