nocebo/diaspora
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
14376 commits 4 branches 0 tags 121 MiB
Commit graph

14376 commits

This branch
This branch
All branches
Author SHA1 Message Date
Jonne Haß
ecb1b80e24 Render flash message content with .text 
.html does not escape any html input in these, leading to XSS
attack vectors.

Thanks to A Kai (@sixhundredns) for reporting the related issues.
 2014-05-24 16:08:32 +02:00
Jonne Haß
d36589e05b Remove hack from exporter 
I couldn't reproduce what the comment states anymore, so I just removed
it. This fixes a minor issue where html wouldn't be escaped in the
export.

Thanks to A Kai (@sixhundredns) for reporting.
 2014-05-24 15:27:13 +02:00
Jonne Haß
a216f267a0 Merge pull request #4965 from marienfressinaud/develop 
Remove duplicate checkbox in Settings
 2014-05-23 07:54:38 +02:00
Marien Fressinaud
fa2de8c195 Remove duplicate checkbox in Settings 
Fix issue #4964
 2014-05-22 22:39:09 +02:00
Florian Staudacher
693ded8298 unset any stream that might be left over from earlier specs 2014-05-20 20:52:25 +02:00
Florian Staudacher
46e3c5a870 add 'loginAs' to bookmarklet spec 2014-05-18 23:37:59 +02:00
Jonne Haß
bdaa32e70d updated 83 locale files [ci skip] 2014-05-17 11:52:31 +02:00
Jonne Haß
9e2c914a1b Merge pull request #4961 from Zauberstuhl/report_feature_issue_4959 
Do not try to render post/comment report which does not exist
 2014-05-16 16:10:06 +02:00
Lukas Matt
8170ef8363 Validate on report that post or comment does exist 2014-05-16 09:48:14 -04:00
Lukas Matt
6d6ebd297e Do not try to render posts/comments which are not present 
refs diaspora/diaspora#4959
 2014-05-16 09:48:14 -04:00
Jason Robinson
01381ddf25 Merge pull request #4957 from MrZYX/4956_deleted_reshare 
Use absolute_root more consistently in Reshare
 2014-05-16 10:00:31 +03:00
Jonne Haß
63c44d9f6b Merge pull request #4781 from Zauberstuhl/report_feature 
It is now possible to report posts and comments
 2014-05-15 19:53:44 +02:00
Lukas Matt
3d9fceb479 DB fix to work with existing entries 
* added temp. default values for user_id and item_type
* changed model validation for item_type
 2014-05-15 07:23:44 -04:00
Lukas Matt
462a7116de Fixed possible XSS; escape comment text in report helper 2014-05-15 07:23:44 -04:00
Lukas Matt
7ef802127e Added confirm-dialog to report-delete-button 
* changed button description
* replaced links with buttons
 2014-05-15 07:23:44 -04:00
Lukas Matt
e4adb7e11b Ignore user report associations 2014-05-15 07:23:44 -04:00
Lukas Matt
693986bba0 Fixed report icon in single post view 2014-05-15 07:23:44 -04:00
Lukas Matt
cfc95b01f7 Revoke drop of non-existing table 2014-05-15 07:23:44 -04:00
Lukas Matt
6ff2141503 If you're able to remove the comment you shouldn't be able to report it 2014-05-15 07:23:44 -04:00
Lukas Matt
23d0890bdc Fixed and cleaned comment template/stylesheet 
fixed:
* comment-report-icon will not be displayed when post author is current user
* if you hover a comment all report icons will be displayed
 2014-05-15 07:23:44 -04:00
Lukas Matt
218845d5b4 Changed and renamed database columns 
* changed user_id type to integer
* renamed post_id to item_id
* renamed post_type to item_type
 2014-05-15 07:23:44 -04:00
Lukas Matt
8ae89a443b Replaced fake post/comment with existing one 
That fixed the correct validation whether a post/comment is gone
after the report was marked as deleted
 2014-05-15 07:23:43 -04:00
Lukas Matt
9d3af93c7d Removed unicode from entypo css file 2014-05-15 07:23:43 -04:00
Lukas Matt
e667a785ed Assert that valid post/comment are gone 2014-05-15 07:23:43 -04:00
Lukas Matt
f6eba7966d Added destroy_reported_item to report model spec 2014-05-15 07:23:43 -04:00
Lukas Matt
6f65ef8437 Using save for report model 
Instead of checking the status code I am using success and
error callbacks from model-save. In that case we have to return
json in the controller for signaling that the request was sucessfully.
 2014-05-15 07:23:43 -04:00
Lukas Matt
1a4ab274a3 Changed report spec 
* Removed ActiveRecord tests (that is handled in the controller spec)
* Added Mailer tests
* Added validation tests
 2014-05-15 07:23:43 -04:00
Lukas Matt
435f659467 Added report model spec 2014-05-15 07:23:43 -04:00
Lukas Matt
8b8a232b17 Added diaspora copyright 2014-05-15 07:23:43 -04:00
Lukas Matt
ed9cd81504 Fixed put request for Report controller 2014-05-15 07:23:43 -04:00
Lukas Matt
011db282b7 Removed local variable in ReportMailer 2014-05-15 07:23:43 -04:00
Lukas Matt
045ced0518 Joined if statements and removed duplicated code 2014-05-15 07:23:43 -04:00
Lukas Matt
512d96bda6 Display validation errors to user 2014-05-15 07:23:43 -04:00
Lukas Matt
6309e1a4ee Cleaned and optimized report model 2014-05-15 07:23:43 -04:00
Lukas Matt
0fae1137fa Using unless instead of 'if !' 2014-05-15 07:23:43 -04:00
Lukas Matt
1a0c9f5983 Make report-type translatable 2014-05-15 07:23:43 -04:00
Lukas Matt
6f21ccda06 Using case instead of equal 2014-05-15 07:23:43 -04:00
Lukas Matt
26d0c81dae Added the ability to disable report-email-notification 
Podmin can see a extra checkbox in Settings > Account
for disabling report-email-notification
 2014-05-15 07:23:43 -04:00
Lukas Matt
719edcd1a7 Added missing action in report controller 2014-05-15 07:23:43 -04:00
Lukas Matt
2e36f8d375 Diaspora review part 1 
* join the conditions of the inner ifs
* add a uniqueness constraint to the model
* differentiate between author is a local or a remote user
* simplify controller/mailer functions
 2014-05-15 07:23:43 -04:00
Lukas Matt
ed96ddac98 Display status when the user send a report 2014-05-15 07:23:43 -04:00
Lukas Matt
d23f4a66da Cleaned javascript report view 2014-05-15 07:23:43 -04:00
Lukas Matt
1748d3b940 It is now possible to report comments 
* Renamed PostReport to Report
* Added report button to SPV
* Updated rspec

refs diaspora/diaspora#4732
refs diaspora/diaspora#4710
refs diaspora/diaspora#4711
refs diaspora/diaspora#4517
 2014-05-15 07:23:43 -04:00
Jonne Haß
8a599e1c1d Use absolute_root more consistently in Reshare 
Closes #4956
 2014-05-14 22:41:24 +02:00
Florian Staudacher
ee6212c635 Merge pull request #4953 from oliverbarnes/4792-quick-fix-user-deletion 
Add account_deleter.rb to load_libraries initializer - Fix #4792
 2014-05-08 23:16:51 +02:00
Oliver Azevedo Barnes
aec0c700b3 Add account_deleter.rb to load_libraries initializer 2014-05-07 14:36:18 -05:00
Jonne Haß
dcf275442d Update Rails to 3.2.18 
This Rails release closes a security issue but we're not affected by it.
See CVE-2014-0130 for further details.
 2014-05-06 19:10:15 +02:00
Florian Staudacher
95efbfa9c9 add changelog for #4932 [ci skip] 2014-05-06 14:06:50 +02:00
Jason Robinson
62b5fea526 Merge pull request #4932 from Raven24/fix-bookmarklet 
port bookmarklet to Backbone.js, use gon for params
 2014-05-01 13:29:36 +03:00
Florian Staudacher
9da3bc347b disable publisher after successfully posting in standalone mode 2014-04-25 19:51:45 +02:00