nocebo/diaspora
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
12709 commits 4 branches 0 tags 121 MiB
Commit graph

1048 commits

Author SHA1 Message Date
Jonne Haß
7134513b28 Fix XSS vulnerabilities caused by not escaping a users name fields when loading it from JSON. #3948 
From a quick look at the for us available databases this was not actually used in the wild.
 2013-02-01 22:20:31 +01:00
Jonne Haß
63f2d335a4 Merge branch 'notifications_count' of git://github.com/movilla/diaspora into develop 2012-11-11 15:00:46 +01:00
movilla
554fe40235 Web mobile notificacions count dont change to unread-read when click in link post 2012-11-11 14:45:07 +01:00
movilla
10aea3ebce add test :unread => true 2012-11-10 23:23:08 +01:00
Braulio Martinez
ab3a7d991c Remove ugly whitespaces 2012-11-07 23:16:25 -02:00
Braulio Martinez
3260bada38 Remove posts#new action from Rails and related tests 2012-11-07 23:14:35 -02:00
Gonzalo
e1756b5b3f Privatize non-action controller methods 2012-10-14 19:32:53 -02:00
Gonzalo
78953fe2bf Move ApplicationController specs to application_controllers_spec 2012-10-14 19:32:53 -02:00
Gonzalo
83809c924a Refactor MessagesController 2012-10-13 17:10:52 -02:00
Fabián Rodríguez
82082005ba redirect users back on registration failure 2012-10-11 19:47:04 -02:00
Florian Staudacher
8678c14735 Merge pull request #3589 from MrZYX/refactor_config 
New configuration system, details: see changelog
 2012-09-30 13:07:40 -07:00
Marek Lewandowski
125e45cdba Force user to authenticate instead of raising error 2012-09-29 16:57:34 +02:00
Jonne Haß
2a4db54db9 New configuration system 
* Throw away old system
* Add new system
* Add new example files
* Replace all calls
* add the most important docs
* Add Specs
* rename disable_ssl_requirement to require_ssl
* cloudfiles isn't used/called in our code
* since community_spotlight.list is only used as enable flag replace it with such one and remove all legacy and irelevant codepaths around it
* die if session secret is unset and on heroku
* First basic infrastructure for version information
 2012-09-26 20:19:37 +02:00
Jonne Haß
4bada36bf1 do not redirect admin to his profile upon sign in 2012-09-14 15:01:19 +02:00
Jonne Haß
58d1448085 update factory girl 2012-09-12 13:24:23 +02:00
Jonne Haß
ab0ad630df strip last beta leftovers and fix syntax errors, travis is kinda down, lets hope nothing breaks while I sleep 2012-09-12 05:48:12 +02:00
Jonne Haß
088446e86e bump rspec-rails, remove deprecated rspec syntax 2012-09-11 00:46:36 +02:00
Jonne Haß
81442f0f2a Erb::Util.h now escapes ' which it didn't before 
this is what 3.2.8 actually fixes to prevent XSS iirc
We're including the raw message in the atom feed so
we should test for it
 2012-09-06 21:12:49 +02:00
Florian Staudacher
99c6b8bf45 don't test for actually deleted likes, 
instead check whether the `retract` method was called, everything
else should be tested there.
 2012-09-05 23:48:23 +02:00
Maxwell Salzberg
e0408e6fae dont auto beta flag anyone 2012-08-20 10:39:14 -07:00
Florian Staudacher
c7f66ee647 add specs for #3464 2012-07-25 15:22:53 +02:00
Florian Staudacher
1809897aa2 should fix the mobile toggle for the case: desktop --to--> mobile #3299 
also, (possibly) fix tablet issue #3421, + tests
 2012-07-04 01:47:55 +02:00
Steven Hancock
a8de3a5a3f Rails.root and File.join cleanup 
- `Rails.root` is a `Pathname`, so let's use `Rails.root.join`
- Clean up most of the remaining `File.join`s
 2012-06-11 03:13:20 -07:00
Florian Staudacher
8ca39f5936 show a "post is not public" message when visitor is not logged in 
and tries to access a show page of a non-public post
 2012-06-07 22:16:37 +02:00
Maxwell Salzberg
1da029a22f this stopped working because there is a new way to render views by default in spec_helper.rb 2012-06-04 12:49:24 -07:00
Maxwell Salzberg
304c33f19e explicitly render_views in publics controller 2012-06-04 12:49:24 -07:00
danielgrippi
3e09d4ed14 Revert "don't seed beta users with default aspects" 
This reverts commit 946f78b025.
 2012-05-24 11:42:52 -07:00
danielgrippi
946f78b025 don't seed beta users with default aspects 2012-05-24 11:37:34 -07:00
Dan Hansen
cf847d61ba bug mash #5 
fix NoMethodError on InvitationsController
 2012-05-23 13:05:01 -07:00
Maxwell Salzberg
471ce309ea kill your darlings; remove diaspora_client with fire 2012-05-17 14:55:53 -07:00
Maxwell Salzberg
b124d3e5a1 Revert "update factory girl" new version does not support 1.8.7 :( 
This reverts commit c52342b7cb.
 2012-05-16 17:43:56 -07:00
Maxwell Salzberg
c52342b7cb update factory girl 2012-05-16 17:17:14 -07:00
Maxwell Salzberg
06f389231a kill services users with fire. we need this feature, but we need to just start from scratch because this is redonkalonk 2012-05-14 16:25:19 -07:00
Dennis Collinson
f6e3c1b88b seperate interactions from posts 
Lazily load post interactions on show page
hella refactorz
 2012-05-12 17:41:58 -07:00
Dennis Collinson
efa79a4ad7 Refactor Post Presenter 
and comment presenter
 2012-05-10 12:24:21 -07:00
Maxwell Salzberg
eaedfc9827 create a new publisher using the new composer. only for beta users 2012-05-09 16:55:33 -07:00
danielgrippi
0ec364e44c DG MS; popup on services, inlined in the composer 2012-05-08 18:09:33 -07:00
Dennis Collinson
d1d99d5dd4 Jamie Cai DC refactor isOwnProfile, fix tests 2012-05-07 17:53:37 -07:00
Dennis Collinson
1c135b61fd Jamie Cai DC message in profile when user has no posts 2012-05-07 15:56:30 -07:00
Maxwell Salzberg
7d0f79c29b fix pg rspec 2012-05-07 15:43:53 -07:00
danielgrippi
01d5c0473a DG MS; don't redirect to legacy getting started if you're a beta user 2012-05-07 12:05:36 -07:00
danielgrippi
92230383a7 added controller test; put wallpaper into separate wallpaper/ directory 2012-05-06 12:35:11 -07:00
Dennis Collinson
bd6a9cfe00 next and previous now return post as json 
clean up controller
 2012-05-05 16:41:16 -07:00
Maxwell Salzberg
e79d78302e when a user is invited from a beta user, they are also beta 2012-05-04 17:38:08 -07:00
Maxwell Salzberg
273470e6ed include url in all twitter posts 
also fix a homecontroller spec
 2012-05-03 20:07:56 -07:00
danielgrippi
1b6c33aff5 show a user's full profile info if she's on her own page. duh. 2012-04-28 17:41:22 -07:00
danielgrippi
d5f511c325 hitting profiles.json publically displays only public stuff; if you're connected to a user, it shows that user's complete profile response 2012-04-28 17:05:25 -07:00
danielgrippi
bbd4ee5738 correctly redirect for beta and admin users (profile vs stream homepages) 2012-04-28 15:09:02 -07:00
Maxwell Salzberg
592a3f99b5 Role system to replace the yml admins and community spotlight. we can 
also now add a beta role
 2012-04-27 16:14:43 -07:00
Maxwell Salzberg
2b3bc5a0f0 fix profile json birthday response with some tests. 2012-04-26 16:00:23 -07:00