From df62f58156c7f501f6916ecde900845a798fdf6e Mon Sep 17 00:00:00 2001 From: Maxwell Salzberg Date: Tue, 12 Jul 2011 18:15:56 -0700 Subject: [PATCH 1/7] fixed the safe_buffer issues --- Gemfile | 5 +- Gemfile.lock | 71 +++++++++++++---------- app/controllers/invitations_controller.rb | 1 + app/helpers/markdownify_helper.rb | 6 +- app/models/status_message.rb | 2 +- config/initializers/locale.rb | 10 ---- lib/diaspora/taggable.rb | 2 +- 7 files changed, 50 insertions(+), 47 deletions(-) diff --git a/Gemfile b/Gemfile index 623aca3a1..18c09345a 100644 --- a/Gemfile +++ b/Gemfile @@ -3,7 +3,7 @@ source 'http://rubygems.org' gem 'mysql2', '0.2.6' #gem 'pg' #gem 'sqlite3' -gem 'rails', '3.0.3' +gem 'rails', '3.0.9' gem 'foreigner', '0.9.1' gem 'activerecord-import' @@ -32,7 +32,8 @@ gem 'faraday' gem 'faraday-stack' #Views -gem 'haml', '3.0.25' +gem 'haml', '3.1.2' +gem 'sass', '3.1.4' gem 'will_paginate', '3.0.pre2' #Localization diff --git a/Gemfile.lock b/Gemfile.lock index 5c58dbded..a39dcb376 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -72,34 +72,41 @@ GEM Platform (0.4.0) SystemTimer (1.2.1) abstract (1.0.0) - actionmailer (3.0.3) - actionpack (= 3.0.3) - mail (~> 2.2.9) - actionpack (3.0.3) - activemodel (= 3.0.3) - activesupport (= 3.0.3) + actionmailer (3.0.9) + actionpack (= 3.0.9) + mail (~> 2.2.19) + actionpack (3.0.9) + activemodel (= 3.0.9) + activesupport (= 3.0.9) builder (~> 2.1.2) erubis (~> 2.6.6) - i18n (~> 0.4) + i18n (~> 0.5.0) rack (~> 1.2.1) - rack-mount (~> 0.6.13) - rack-test (~> 0.5.6) + rack-mount (~> 0.6.14) + rack-test (~> 0.5.7) tzinfo (~> 0.3.23) - activemodel (3.0.3) - activesupport (= 3.0.3) + activemodel (3.0.9) + activesupport (= 3.0.9) builder (~> 2.1.2) - i18n (~> 0.4) - activerecord (3.0.3) - activemodel (= 3.0.3) - activesupport (= 3.0.3) - arel (~> 2.0.2) + i18n (~> 0.5.0) + activerecord (3.0.9) + activemodel (= 3.0.9) + activesupport (= 3.0.9) + arel (~> 2.0.10) tzinfo (~> 0.3.23) +<<<<<<< HEAD activerecord-import (0.2.7) activerecord (~> 3.0.0) activeresource (3.0.3) activemodel (= 3.0.3) activesupport (= 3.0.3) activesupport (3.0.3) +======= + activeresource (3.0.9) + activemodel (= 3.0.9) + activesupport (= 3.0.9) + activesupport (3.0.9) +>>>>>>> fixed the safe_buffer issues addressable (2.2.4) archive-tar-minitar (0.5.2) arel (2.0.10) @@ -209,11 +216,11 @@ GEM gem_plugin (0.2.3) gherkin (2.3.10) json (>= 1.4.6) - haml (3.0.25) + haml (3.1.2) hashie (1.0.0) highline (1.6.2) http_connection (1.4.1) - i18n (0.6.0) + i18n (0.5.0) i18n-inflector (2.6.1) i18n (>= 0.4.1) i18n-inflector-rails (1.0.4) @@ -328,25 +335,27 @@ GEM ruby-openid (>= 2.1.8) rack-test (0.5.7) rack (>= 1.0) - rails (3.0.3) - actionmailer (= 3.0.3) - actionpack (= 3.0.3) - activerecord (= 3.0.3) - activeresource (= 3.0.3) - activesupport (= 3.0.3) + rails (3.0.9) + actionmailer (= 3.0.9) + actionpack (= 3.0.9) + activerecord (= 3.0.9) + activeresource (= 3.0.9) + activesupport (= 3.0.9) bundler (~> 1.0) - railties (= 3.0.3) + railties (= 3.0.9) rails-i18n (0.1.0) activesupport (~> 3) - railties (3.0.3) - actionpack (= 3.0.3) - activesupport (= 3.0.3) + railties (3.0.9) + actionpack (= 3.0.9) + activesupport (= 3.0.9) rake (>= 0.8.7) + rdoc (~> 3.4) thor (~> 0.14.4) rake (0.9.2) rash (0.3.0) hashie (~> 1.0.0) rcov (0.9.9) + rdoc (3.8) redis (2.2.0) redis-namespace (0.8.0) redis (< 3.0.0) @@ -396,6 +405,7 @@ GEM archive-tar-minitar (>= 0.5.2) rubyntlm (0.1.1) rubyzip (0.9.4) + sass (3.1.4) selenium-webdriver (0.2.2) childprocess (>= 0.1.9) ffi (>= 1.0.7) @@ -475,7 +485,7 @@ DEPENDENCIES fog (= 0.3.25) foreigner (= 0.9.1) fuubar - haml (= 3.0.25) + haml (= 3.1.2) http_accept_language! i18n-inflector-rails (~> 1.0) jammit (= 0.5.4) @@ -492,7 +502,7 @@ DEPENDENCIES oauth2-provider (= 0.0.16) ohai (= 0.5.8) omniauth (= 0.2.6) - rails (= 3.0.3) + rails (= 3.0.9) rails-i18n rcov resque (= 1.10.0) @@ -505,6 +515,7 @@ DEPENDENCIES rspec-rails (>= 2.0.0) ruby-debug ruby-debug19 + sass (= 3.1.4) selenium-webdriver (= 0.2.2) settingslogic (= 2.0.6) sod! diff --git a/app/controllers/invitations_controller.rb b/app/controllers/invitations_controller.rb index 39f4e891f..653d58660 100644 --- a/app/controllers/invitations_controller.rb +++ b/app/controllers/invitations_controller.rb @@ -55,6 +55,7 @@ class InvitationsController < Devise::InvitationsController user.accept_invitation!(params[:user]) user.seed_aspects rescue Exception => e #What exception is this trying to rescue? If it is ActiveRecord::NotFound, we should say so. + raise e user = nil record = e.record record.errors.delete(:person) diff --git a/app/helpers/markdownify_helper.rb b/app/helpers/markdownify_helper.rb index 21aa70a73..edf3c7f74 100644 --- a/app/helpers/markdownify_helper.rb +++ b/app/helpers/markdownify_helper.rb @@ -4,7 +4,7 @@ module MarkdownifyHelper def markdownify(message, options={}) - message = h(message).html_safe + message = h(message).to_str options[:newlines] = true if !options.has_key?(:newlines) options[:specialchars] = true if !options.has_key?(:specialchars) @@ -17,7 +17,7 @@ module MarkdownifyHelper message = process_specialchars(message) if options[:specialchars] message = process_newlines(message) if options[:newlines] - message + message.html_safe end def process_newlines(message) @@ -132,4 +132,4 @@ module MarkdownifyHelper end message end -end \ No newline at end of file +end diff --git a/app/models/status_message.rb b/app/models/status_message.rb index 3701d3066..f59f4fe06 100644 --- a/app/models/status_message.rb +++ b/app/models/status_message.rb @@ -47,7 +47,7 @@ class StatusMessage < Post def format_mentions(text, opts = {}) regex = /@\{([^;]+); ([^\}]+)\}/ - form_message = text.gsub(regex) do |matched_string| + form_message = text.to_str.gsub(regex) do |matched_string| people = self.mentioned_people person = people.detect{ |p| p.diaspora_handle == $~[2] unless p.nil? diff --git a/config/initializers/locale.rb b/config/initializers/locale.rb index 79a74a2ee..86ae3c07b 100644 --- a/config/initializers/locale.rb +++ b/config/initializers/locale.rb @@ -14,13 +14,3 @@ AVAILABLE_LANGUAGE_CODES.each do |c| I18n.fallbacks[c.to_sym] = [c.to_sym, DEFAULT_LANGUAGE.to_sym, :en] end end - -# Workaround for https://rails.lighthouseapp.com/projects/8994/tickets/5329-using-i18nwith_locale-in-actionmailer-raises-systemstackerror -module AbstractController - class I18nProxy - def initialize(i18n_config, lookup_context) - @i18n_config, @lookup_context = i18n_config, lookup_context - @i18n_config = @i18n_config.i18n_config if @i18n_config.respond_to?(:i18n_config) - end - end -end diff --git a/lib/diaspora/taggable.rb b/lib/diaspora/taggable.rb index 0c706a8eb..73f9d4b54 100644 --- a/lib/diaspora/taggable.rb +++ b/lib/diaspora/taggable.rb @@ -42,7 +42,7 @@ module Diaspora return text if opts[:plain_text] text = ERB::Util.h(text) unless opts[:no_escape] regex = /(^|\s)#(#{VALID_TAG_BODY})/ - form_message = text.gsub(regex) do |matched_string| + form_message = text.to_str.gsub(regex) do |matched_string| "#{$~[1]}##{$~[2]}" end form_message.html_safe From eee2225f04fedfbed6ca8081069108ce222c83d1 Mon Sep 17 00:00:00 2001 From: Maxwell Salzberg Date: Tue, 12 Jul 2011 19:25:57 -0700 Subject: [PATCH 2/7] rspec is green --- app/controllers/invitations_controller.rb | 1 - app/helpers/comments_helper.rb | 2 +- app/models/invitation.rb | 7 ++++++- app/models/user.rb | 2 +- spec/controllers/people_controller_spec.rb | 4 ++-- 5 files changed, 10 insertions(+), 6 deletions(-) diff --git a/app/controllers/invitations_controller.rb b/app/controllers/invitations_controller.rb index 653d58660..39f4e891f 100644 --- a/app/controllers/invitations_controller.rb +++ b/app/controllers/invitations_controller.rb @@ -55,7 +55,6 @@ class InvitationsController < Devise::InvitationsController user.accept_invitation!(params[:user]) user.seed_aspects rescue Exception => e #What exception is this trying to rescue? If it is ActiveRecord::NotFound, we should say so. - raise e user = nil record = e.record record.errors.delete(:person) diff --git a/app/helpers/comments_helper.rb b/app/helpers/comments_helper.rb index ef1a2bced..a8edd58ba 100644 --- a/app/helpers/comments_helper.rb +++ b/app/helpers/comments_helper.rb @@ -20,6 +20,6 @@ module CommentsHelper def new_comment_form(post_id, current_user) @form ||= controller.render_to_string( :partial => 'comments/new_comment', :locals => {:post_id => GSUB_THIS, :current_user => current_user}) - @form.gsub(GSUB_THIS, post_id.to_s) + @form.gsub(GSUB_THIS, post_id.to_s).html_safe end end diff --git a/app/models/invitation.rb b/app/models/invitation.rb index 078b18d56..e600f8a0a 100644 --- a/app/models/invitation.rb +++ b/app/models/invitation.rb @@ -1,6 +1,12 @@ # Copyright (c) 2010, Diaspora Inc. This file is # licensed under the Affero General Public License version 3 or later. See # the COPYRIGHT file. +# +class OpenSSL::PKey::RSA + def to_yaml + self.to_s + end +end class Invitation < ActiveRecord::Base @@ -26,7 +32,6 @@ class Invitation < ActiveRecord::Base raise "You already invited this person" end end - opts[:existing_user] = existing_user create_invitee(opts) end diff --git a/app/models/user.rb b/app/models/user.rb index d75b91f4d..008bfac03 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -343,7 +343,7 @@ class User < ActiveRecord::Base def self.generate_key key_size = (Rails.env == 'test' ? 512 : 4096) - OpenSSL::PKey::RSA::generate key_size + OpenSSL::PKey::RSA::generate(key_size) end def encryption_key diff --git a/spec/controllers/people_controller_spec.rb b/spec/controllers/people_controller_spec.rb index eadac9b60..7bb2b4d95 100644 --- a/spec/controllers/people_controller_spec.rb +++ b/spec/controllers/people_controller_spec.rb @@ -39,7 +39,7 @@ describe PeopleController do :profile => Factory.build(:profile, :first_name => "Eugene", :last_name => "w")) get :index, :q => "Eug" - assigns[:people].should =~ [@eugene, eugene2] + assigns[:people].map{|x| x.id}.should =~ [@eugene.id, eugene2.id] end it "excludes people that are not searchable" do @@ -55,7 +55,7 @@ describe PeopleController do :profile => Factory.build(:profile, :first_name => "Eugene", :last_name => "w", :searchable => false)) get :index, :q => "eugene@example.org" - assigns[:people].should =~ [eugene2] + assigns[:people][0].id.should == eugene2.id end it "does not redirect to person page if there is exactly one match" do From 0cc018dd6ba54d13cb7b815d287e64954a3aac4a Mon Sep 17 00:00:00 2001 From: Maxwell Salzberg Date: Tue, 12 Jul 2011 19:50:35 -0700 Subject: [PATCH 3/7] i think this works. there is some weird stuff in vannacontroller, but that might have always been there --- Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index a39dcb376..5c5195118 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -31,7 +31,7 @@ GIT GIT remote: git://github.com/diaspora/diaspora-client.git - revision: 7924e3cc576e54b5ade4014caea8b79e9f1d6343 + revision: 1421deef3df1f7fd9e04d13cc4c86e0d08747f1a specs: diaspora-client (0.0.0) activerecord From 9ac88a8c393ced332c14bd2c15e81be6d4dbd917 Mon Sep 17 00:00:00 2001 From: Maxwell Salzberg Date: Wed, 13 Jul 2011 13:46:16 -0700 Subject: [PATCH 4/7] update gemfile --- Gemfile.lock | 39 ++++++++++++++++----------------------- 1 file changed, 16 insertions(+), 23 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 5c5195118..50650d9f6 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -94,19 +94,12 @@ GEM activesupport (= 3.0.9) arel (~> 2.0.10) tzinfo (~> 0.3.23) -<<<<<<< HEAD activerecord-import (0.2.7) activerecord (~> 3.0.0) - activeresource (3.0.3) - activemodel (= 3.0.3) - activesupport (= 3.0.3) - activesupport (3.0.3) -======= activeresource (3.0.9) activemodel (= 3.0.9) activesupport (= 3.0.9) activesupport (3.0.9) ->>>>>>> fixed the safe_buffer issues addressable (2.2.4) archive-tar-minitar (0.5.2) arel (2.0.10) @@ -155,19 +148,19 @@ GEM closure-compiler (1.1.1) cloudfiles (1.4.10) mime-types (>= 1.16) - columnize (0.3.2) - configuration (1.2.0) + columnize (0.3.4) + configuration (1.3.1) crack (0.1.8) - cucumber (0.10.3) + cucumber (1.0.1) builder (>= 2.1.2) diff-lcs (>= 1.1.2) - gherkin (>= 2.3.8) + gherkin (~> 2.4.5) json (>= 1.4.6) term-ansicolor (>= 1.0.5) cucumber-rails (0.3.2) cucumber (>= 0.8.0) culerity (0.2.15) - daemons (1.1.3) + daemons (1.1.4) database_cleaner (0.6.0) devise (1.3.4) bcrypt-ruby (~> 2.1.2) @@ -190,9 +183,9 @@ GEM addressable (~> 2.2.4) multipart-post (~> 1.1.0) rack (< 2, >= 1.1.0) - faraday-stack (0.1.2) + faraday-stack (0.1.3) faraday (~> 0.6) - faraday_middleware (0.6.3) + faraday_middleware (0.6.5) faraday (~> 0.6.0) fastercsv (1.5.4) fastthread (1.0.7) @@ -208,13 +201,13 @@ GEM nokogiri (~> 1.4.3.1) ruby-hmac foreigner (0.9.1) - formatador (0.1.4) + formatador (0.1.5) fuubar (0.0.5) rspec (~> 2.0) rspec-instafail (~> 0.1.4) ruby-progressbar (~> 0.0.10) gem_plugin (0.2.3) - gherkin (2.3.10) + gherkin (2.4.5) json (>= 1.4.6) haml (3.1.2) hashie (1.0.0) @@ -274,7 +267,7 @@ GEM net-ssh (2.0.24) net-ssh-gateway (1.1.0) net-ssh (>= 1.99.1) - newrelic_rpm (3.0.1) + newrelic_rpm (3.1.0) nokogiri (1.4.3.1) oa-basic (0.2.6) oa-core (= 0.2.6) @@ -302,7 +295,7 @@ GEM oa-core (= 0.2.6) rack-openid (~> 1.3.1) ruby-openid-apps-discovery (~> 1.2.0) - oauth (0.4.4) + oauth (0.4.5) oauth2 (0.4.1) faraday (~> 0.6.1) multi_json (>= 0.0.5) @@ -323,7 +316,7 @@ GEM oa-more (= 0.2.6) oa-oauth (= 0.2.6) oa-openid (= 0.2.6) - open4 (1.0.1) + open4 (1.1.0) orm_adapter (0.0.5) polyglot (0.3.1) pyu-ruby-sasl (0.0.3.3) @@ -356,7 +349,7 @@ GEM hashie (~> 1.0.0) rcov (0.9.9) rdoc (3.8) - redis (2.2.0) + redis (2.2.1) redis-namespace (0.8.0) redis (< 3.0.0) resque (1.10.0) @@ -376,7 +369,7 @@ GEM rspec-core (2.6.0) rspec-expectations (2.6.0) diff-lcs (~> 1.1.2) - rspec-instafail (0.1.7) + rspec-instafail (0.1.8) rspec-mocks (2.6.0) rspec-rails (2.6.1) actionpack (~> 3.0) @@ -449,8 +442,8 @@ GEM addressable (>= 2.2.2) crack (>= 0.1.7) will_paginate (3.0.pre2) - xml-simple (1.0.16) - yard (0.7.1) + xml-simple (1.1.0) + yard (0.7.2) yui-compressor (0.9.6) POpen4 (>= 0.1.4) From 757c9169fc7583134c02845f90ec9a475a2043fc Mon Sep 17 00:00:00 2001 From: Maxwell Salzberg Date: Wed, 13 Jul 2011 14:18:34 -0700 Subject: [PATCH 5/7] updated gemfile --- app/controllers/vanna_controller.rb | 1 + app/views/status_messages/bookmarklet.html.haml | 6 ++---- spec/controllers/admins_controller_spec.rb | 5 +++++ 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/app/controllers/vanna_controller.rb b/app/controllers/vanna_controller.rb index f3997de7f..06852dc39 100644 --- a/app/controllers/vanna_controller.rb +++ b/app/controllers/vanna_controller.rb @@ -14,6 +14,7 @@ class VannaController < Vanna::Base include ActionController::Flash default_url_options[:host] = "localhost" include ActionController::MobileFu::InstanceMethods + include ActionController::RackDelegation helper_method :is_mobile_device? protect_from_forgery :except => :receive diff --git a/app/views/status_messages/bookmarklet.html.haml b/app/views/status_messages/bookmarklet.html.haml index e25248aa4..134d01303 100644 --- a/app/views/status_messages/bookmarklet.html.haml +++ b/app/views/status_messages/bookmarklet.html.haml @@ -32,9 +32,7 @@ #new_status_message_pane .span-15.last - #facebox_header - %h4 - =t('bookmarklet.post_something') - + %h4 + =t('bookmarklet.post_something') = render :partial => 'shared/publisher', :locals => { :aspect => :profile, :aspects_with_person => @aspects, :aspect_ids => @aspect_ids} diff --git a/spec/controllers/admins_controller_spec.rb b/spec/controllers/admins_controller_spec.rb index 5b744d9c5..6b30aa8bf 100644 --- a/spec/controllers/admins_controller_spec.rb +++ b/spec/controllers/admins_controller_spec.rb @@ -100,6 +100,11 @@ describe AdminsController do AppConfig[:admins] = [@user.username] end + it 'succeeds' do + get :admin_inviter, :identifier => 'bob@moms.com' + response.should be_ok + end + it 'invites a new user' do Invitation.should_receive(:create_invitee).with(:service => 'email', :identifier => 'bob@moms.com') get :admin_inviter, :identifier => 'bob@moms.com' From ad8ccbbeb9653fd2ab7b275c87fcd8dc63d952cb Mon Sep 17 00:00:00 2001 From: Maxwell Salzberg Date: Wed, 13 Jul 2011 15:09:18 -0700 Subject: [PATCH 6/7] added test for admin inviter --- spec/controllers/admins_controller_spec.rb | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/spec/controllers/admins_controller_spec.rb b/spec/controllers/admins_controller_spec.rb index 6b30aa8bf..5585f8898 100644 --- a/spec/controllers/admins_controller_spec.rb +++ b/spec/controllers/admins_controller_spec.rb @@ -102,9 +102,14 @@ describe AdminsController do it 'succeeds' do get :admin_inviter, :identifier => 'bob@moms.com' - response.should be_ok + response.should be_redirect end + it 'does not die if you do it twice' do + get :admin_inviter, :identifier => 'bob@moms.com' + get :admin_inviter, :identifier => 'bob@moms.com' + response.should be_redirect + end it 'invites a new user' do Invitation.should_receive(:create_invitee).with(:service => 'email', :identifier => 'bob@moms.com') get :admin_inviter, :identifier => 'bob@moms.com' From 09a43418efa771950b67f5b70f4d8a49ccaab0c3 Mon Sep 17 00:00:00 2001 From: Maxwell Salzberg Date: Wed, 13 Jul 2011 16:18:24 -0700 Subject: [PATCH 7/7] dont try to fix vanna max\! --- app/controllers/vanna_controller.rb | 1 - 1 file changed, 1 deletion(-) diff --git a/app/controllers/vanna_controller.rb b/app/controllers/vanna_controller.rb index 06852dc39..f3997de7f 100644 --- a/app/controllers/vanna_controller.rb +++ b/app/controllers/vanna_controller.rb @@ -14,7 +14,6 @@ class VannaController < Vanna::Base include ActionController::Flash default_url_options[:host] = "localhost" include ActionController::MobileFu::InstanceMethods - include ActionController::RackDelegation helper_method :is_mobile_device? protect_from_forgery :except => :receive