From 07a8fa8bb6cd1ae643c15436ca83826ee7e570a5 Mon Sep 17 00:00:00 2001 From: Daniel Vincent Grippi Date: Thu, 16 Sep 2010 08:32:19 -0700 Subject: [PATCH 1/5] fixed xss bug in comment view partial. --- app/views/comments/_comment.html.haml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/views/comments/_comment.html.haml b/app/views/comments/_comment.html.haml index 6b6c1dab5..56252c83d 100644 --- a/app/views/comments/_comment.html.haml +++ b/app/views/comments/_comment.html.haml @@ -7,6 +7,6 @@ = person_image_tag(post.person) %span.from = link_to post.person.real_name, post.person - = auto_link post.text + = auto_link sanitize post.text %div.time = "#{time_ago_in_words(post.updated_at)} ago" From 649839567da1ddebf4651423721be519d8e6b40f Mon Sep 17 00:00:00 2001 From: maxwell Date: Thu, 16 Sep 2010 11:47:34 -0700 Subject: [PATCH 2/5] MS added pagination to the search page --- app/controllers/albums_controller.rb | 3 ++- app/controllers/people_controller.rb | 4 +++- app/views/people/index.html.haml | 1 + public/stylesheets/sessions.css | 3 +++ 4 files changed, 9 insertions(+), 2 deletions(-) diff --git a/app/controllers/albums_controller.rb b/app/controllers/albums_controller.rb index f4d797a46..5a75616d1 100644 --- a/app/controllers/albums_controller.rb +++ b/app/controllers/albums_controller.rb @@ -9,7 +9,8 @@ class AlbumsController < ApplicationController respond_to :json, :only => [:index, :show] def index - @albums = current_user.albums_by_aspect(@aspect).paginate + @albums = current_user.albums_by_aspect(@aspect).paginate :page => params[:page], :per_page => 9, :order => 'created_at DESC' + @aspect = :all respond_with @albums, :aspect => @aspect end diff --git a/app/controllers/people_controller.rb b/app/controllers/people_controller.rb index 78b0803c0..d85c67691 100644 --- a/app/controllers/people_controller.rb +++ b/app/controllers/people_controller.rb @@ -11,7 +11,9 @@ class PeopleController < ApplicationController def index @aspects_dropdown_array = current_user.aspects.collect{|x| [x.to_s, x.id]} - @people = Person.search params[:q] + @aspect = :all + @people = Person.search(params[:q]).paginate :page => params[:page], :per_page => 25, :order => 'created_at DESC' + respond_with @people end diff --git a/app/views/people/index.html.haml b/app/views/people/index.html.haml index 57bd5b560..c18ec5d0a 100644 --- a/app/views/people/index.html.haml +++ b/app/views/people/index.html.haml @@ -48,3 +48,4 @@ = f.select(:aspect_id, @aspects_dropdown_array) = f.hidden_field :destination_url, :value => person.diaspora_handle = f.submit "add friend" + = will_paginate @people diff --git a/public/stylesheets/sessions.css b/public/stylesheets/sessions.css index 3a59e54af..2b5199d25 100644 --- a/public/stylesheets/sessions.css +++ b/public/stylesheets/sessions.css @@ -11,8 +11,11 @@ #flash_alert { z-index: 100; top: 32px; + position: absolute; color: black; width: 400px; + margin: 0 0 0 -200px; + left: 50%; text-align: center; font-size: 14px; padding: 3px 0; } From e18b8f06984129268a2d4371b10d48ab4245df98 Mon Sep 17 00:00:00 2001 From: Hylke Bons Date: Thu, 16 Sep 2010 17:36:09 +0800 Subject: [PATCH 3/5] fix typo in COPYRIGHT --- COPYRIGHT | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/COPYRIGHT b/COPYRIGHT index 243dd1066..c1e5ed876 100644 --- a/COPYRIGHT +++ b/COPYRIGHT @@ -1 +1 @@ -Diaspora is copyright Diaspora Inc., 2010, and files herein are licensed under the Affero General Public License version 3, the text of which can be found in GNU-AGPL-3.0, unless otherwise noted. Components of Diaspora, including Rails, JQuery, and Devise, are licensed under the MIT/X11 license. Blueprint-CSS is licensed under a modified version of the MIT/X11 license. All unmodified files from these and other sources retain their original copyright and license notices: see the relevand individual files. Attribution information for Diaspora is contained in the AUTHORS file. +Diaspora is copyright Diaspora Inc., 2010, and files herein are licensed under the Affero General Public License version 3, the text of which can be found in GNU-AGPL-3.0, unless otherwise noted. Components of Diaspora, including Rails, JQuery, and Devise, are licensed under the MIT/X11 license. Blueprint-CSS is licensed under a modified version of the MIT/X11 license. All unmodified files from these and other sources retain their original copyright and license notices: see the relevant individual files. Attribution information for Diaspora is contained in the AUTHORS file. From cd9639cf297abe10283514f0889e283c55d78826 Mon Sep 17 00:00:00 2001 From: Michael Nutt Date: Thu, 16 Sep 2010 15:07:39 +0800 Subject: [PATCH 4/5] websocket js should honor app socket port configuration --- app/views/js/_websocket_js.haml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/views/js/_websocket_js.haml b/app/views/js/_websocket_js.haml index 483621625..33af68cce 100644 --- a/app/views/js/_websocket_js.haml +++ b/app/views/js/_websocket_js.haml @@ -9,7 +9,7 @@ $(document).ready(function(){ function debug(str){ $("#debug").append("

" + str); }; - ws = new WebSocket("ws://#{request.host}:8080/#{CGI::escape(current_user.id.to_s)}"); + ws = new WebSocket("ws://#{request.host}:#{APP_CONFIG[:socket_port]}/#{CGI::escape(current_user.id.to_s)}"); //Attach onmessage to websocket ws.onmessage = function(evt) { From 588de2f6a958eb90bf5d046806e9303b14c29baf Mon Sep 17 00:00:00 2001 From: danielvincent Date: Thu, 16 Sep 2010 12:14:16 -0700 Subject: [PATCH 5/5] added link to exploits@joindiaspora.com --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 5252f5670..cadceb2c0 100644 --- a/README.md +++ b/README.md @@ -206,6 +206,8 @@ Ongoing discussion: More general info and updates about the project can be found on our [blog](http://joindiaspora.com), [twitter](http://twitter.com/joindiaspora). Also, be sure to join the official [mailing list](http://http://eepurl.com/Vebk). +If you wish to contact us privately about any exploits in Diaspora you may find, you can email [exploits@joindiaspora.com](mailto:exploits@joindiaspora.com). + ## License Copyright 2010 Diaspora Inc.