diff --git a/Gemfile b/Gemfile
index f76c48612b75560d7ab9115d6f5d04940915075c..276e217abd7b1eafac7dee9227e57e588ce6c30d 100644
--- a/Gemfile
+++ b/Gemfile
@@ -3,11 +3,12 @@ source 'http://rubygems.org'
gem 'bundler', '> 1.1.0'
ruby '1.9.3' if ENV['HEROKU']
-gem 'rails', '3.1.4'
-gem 'rails_autolink'
+gem 'rails', '3.2.3'
+
gem 'foreman', '0.41'
gem 'whenever'
+gem 'rails_autolink'
gem 'thin', '~> 1.3.1', :require => false
# cross-origin resource sharing
@@ -21,7 +22,7 @@ gem 'jwt'
gem 'oauth2-provider', '0.0.19'
gem 'remotipart', '~> 1.0'
-gem 'omniauth', '1.0.1'
+gem 'omniauth', '1.0.3'
gem 'omniauth-facebook'
gem 'omniauth-tumblr'
gem 'omniauth-twitter'
@@ -112,8 +113,8 @@ gem 'gon'
# assets
group :assets do
- gem 'sass-rails', '3.1.4'
gem 'bootstrap-sass', '~> 2.0.2'
+ gem 'sass-rails', '3.2.5'
# Windows and OSX have an execjs compatible runtime built-in, Linux users should
# install Node.js or use 'therubyracer'.
@@ -186,8 +187,6 @@ group :development do
gem 'parallel_tests', :require => false
gem 'yard', :require => false
- # rails 3.2 goodness
- gem 'active_reload'
# for tracing AR object instantiation and memory usage per request
gem 'oink'
diff --git a/Gemfile.lock b/Gemfile.lock
index bcdfb804a3f105fa8c63725f8023cae714cb6466..00d21b963cf01f89f25c913a4329369f31e30d6c 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -15,9 +15,9 @@ GIT
GIT
remote: git://github.com/diaspora/diaspora-client.git
- revision: 99dd3728172834b01e2acae0604fe3865456d969
+ revision: 86bd398a60320e06d9b8f9c865955dfe2df851db
specs:
- diaspora-client (0.1.2)
+ diaspora-client (0.1.3.1)
activerecord
em-http-request
em-synchrony
@@ -29,10 +29,10 @@ GIT
GIT
remote: git://github.com/pivotal/jasmine-gem.git
- revision: c72e8d248d49a1ebe53f31a09ac511194ad4edf1
+ revision: 1e075fbf5a69812fcc914c453f002ecf5bed38ab
specs:
- jasmine (1.2.0.rc3)
- jasmine-core (>= 1.2.0.rc3)
+ jasmine (1.2.0)
+ jasmine-core (>= 1.2.0)
rack (~> 1.0)
rspec (>= 1.3.1)
selenium-webdriver (>= 0.1.3)
@@ -41,41 +41,39 @@ GEM
remote: http://rubygems.org/
specs:
SystemTimer (1.2.3)
- actionmailer (3.1.4)
- actionpack (= 3.1.4)
- mail (~> 2.3.0)
- actionpack (3.1.4)
- activemodel (= 3.1.4)
- activesupport (= 3.1.4)
+ actionmailer (3.2.3)
+ actionpack (= 3.2.3)
+ mail (~> 2.4.4)
+ actionpack (3.2.3)
+ activemodel (= 3.2.3)
+ activesupport (= 3.2.3)
builder (~> 3.0.0)
erubis (~> 2.7.0)
- i18n (~> 0.6)
- rack (~> 1.3.6)
- rack-cache (~> 1.1)
- rack-mount (~> 0.8.2)
+ journey (~> 1.0.1)
+ rack (~> 1.4.0)
+ rack-cache (~> 1.2)
rack-test (~> 0.6.1)
- sprockets (~> 2.0.3)
- active_reload (0.6.1)
- activemodel (3.1.4)
- activesupport (= 3.1.4)
+ sprockets (~> 2.1.2)
+ activemodel (3.2.3)
+ activesupport (= 3.2.3)
builder (~> 3.0.0)
- i18n (~> 0.6)
- activerecord (3.1.4)
- activemodel (= 3.1.4)
- activesupport (= 3.1.4)
- arel (~> 2.2.3)
+ activerecord (3.2.3)
+ activemodel (= 3.2.3)
+ activesupport (= 3.2.3)
+ arel (~> 3.0.2)
tzinfo (~> 0.3.29)
activerecord-import (0.2.9)
activerecord (~> 3.0)
activerecord (~> 3.0)
- activeresource (3.1.4)
- activemodel (= 3.1.4)
- activesupport (= 3.1.4)
- activesupport (3.1.4)
+ activeresource (3.2.3)
+ activemodel (= 3.2.3)
+ activesupport (= 3.2.3)
+ activesupport (3.2.3)
+ i18n (~> 0.6)
multi_json (~> 1.0)
acts-as-taggable-on (2.2.2)
rails (~> 3.0)
- acts_as_api (0.3.11)
+ acts_as_api (0.4)
activemodel (>= 3.0.0)
activesupport (>= 3.0.0)
rack (>= 1.1.0)
@@ -83,15 +81,15 @@ GEM
airbrake (3.0.9)
activesupport
builder
- arel (2.2.3)
- asset_sync (0.3.1)
+ arel (3.0.2)
+ asset_sync (0.4.1)
activemodel
fog
bbenezech-nested_form (0.0.6)
bcrypt-ruby (3.0.1)
bootstrap-sass (2.0.3)
builder (3.0.0)
- capistrano (2.9.0)
+ capistrano (2.12.0)
highline
net-scp (>= 1.0.0)
net-sftp (>= 2.0.0)
@@ -114,9 +112,9 @@ GEM
ffi (~> 1.0.6)
chronic (0.6.7)
client_side_validations (3.1.4)
- coffee-rails (3.1.1)
+ coffee-rails (3.2.2)
coffee-script (>= 2.2.0)
- railties (~> 3.1.0)
+ railties (~> 3.2.0)
coffee-script (2.2.0)
coffee-script-source
execjs
@@ -124,12 +122,11 @@ GEM
columnize (0.3.6)
cookiejar (0.3.0)
crack (0.3.1)
- cucumber (1.1.9)
+ cucumber (1.2.0)
builder (>= 2.1.2)
- diff-lcs (>= 1.1.2)
- gherkin (~> 2.9.0)
+ diff-lcs (>= 1.1.3)
+ gherkin (~> 2.10.0)
json (>= 1.4.6)
- term-ansicolor (>= 1.0.6)
cucumber-rails (1.3.0)
capybara (>= 1.1.2)
cucumber (>= 1.1.8)
@@ -154,13 +151,13 @@ GEM
em-socksify
eventmachine (>= 1.0.0.beta.4)
http_parser.rb (>= 0.5.3)
- em-socksify (0.1.0)
- eventmachine
+ em-socksify (0.2.0)
+ eventmachine (>= 1.0.0.beta.4)
em-synchrony (1.0.0)
eventmachine (>= 1.0.0.beta.1)
erubis (2.7.0)
eventmachine (1.0.0.beta.4)
- excon (0.13.2)
+ excon (0.13.4)
execjs (1.3.2)
multi_json (~> 1.0)
factory_girl (2.6.4)
@@ -190,7 +187,7 @@ GEM
net-ssh (>= 2.1.3)
nokogiri (~> 1.5.0)
ruby-hmac
- foreigner (1.1.5)
+ foreigner (1.1.6)
activerecord (>= 3.0.0)
foreman (0.41.0)
thor (>= 0.13.6)
@@ -200,37 +197,41 @@ GEM
rspec-instafail (~> 0.2.0)
ruby-progressbar (~> 0.0.10)
gem_plugin (0.2.3)
- gherkin (2.9.3)
+ gherkin (2.10.0)
json (>= 1.4.6)
gon (3.0.2)
actionpack (>= 2.3.0)
json
- guard (1.0.1)
+ guard (1.0.3)
ffi (>= 0.5.0)
- thor (~> 0.14.6)
- guard-cucumber (0.7.5)
- cucumber (>= 0.10)
+ thor (>= 0.14.6)
+ guard-cucumber (0.8.0)
+ cucumber (>= 1.2.0)
guard (>= 0.8.3)
- guard-rspec (0.7.0)
+ guard-rspec (0.7.2)
guard (>= 0.10.0)
- guard-spork (0.5.2)
+ guard-spork (0.8.0)
guard (>= 0.10.0)
spork (>= 0.8.4)
haml (3.1.5)
- handlebars_assets (0.4.1)
+ handlebars_assets (0.4.4)
execjs (>= 1.2.9)
sprockets (>= 2.0.3)
tilt
hashie (1.2.0)
- heroku (2.23.0)
+ heroku (2.25.0)
launchy (>= 0.3.2)
netrc (~> 0.7.1)
rest-client (~> 1.6.1)
rubyzip
- heroku_san (2.1.1)
+ heroku-api (0.1.6)
+ excon (~> 0.13.3)
+ heroku_san (3.0.0)
+ activesupport
heroku (>= 2)
+ heroku-api (>= 0.1.2)
rake
- highline (1.6.11)
+ highline (1.6.12)
hike (1.2.1)
hodel_3000_compliant_logger (0.1.0)
hpricot (0.8.6)
@@ -243,9 +244,10 @@ GEM
actionpack (~> 3.0)
i18n-inflector (~> 2.6)
railties (~> 3.0)
- jasmine-core (1.2.0.rc3)
- jquery-rails (1.0.19)
- railties (~> 3.0)
+ jasmine-core (1.2.0)
+ journey (1.0.3)
+ jquery-rails (2.0.2)
+ railties (>= 3.2.0, < 5.0)
thor (~> 0.14)
jquery-ui-rails (0.2.2)
jquery-rails
@@ -263,7 +265,7 @@ GEM
addressable
linecache (0.46)
rbx-require-relative (> 0.0.4)
- mail (2.3.3)
+ mail (2.4.4)
i18n (>= 0.4.0)
mime-types (~> 1.16)
treetop (~> 1.4.8)
@@ -273,7 +275,7 @@ GEM
mime-types (1.18)
mini_magick (3.4)
subexec (~> 0.2.1)
- mobile-fu (1.0.0)
+ mobile-fu (1.1.0)
rack-mobile-detect
rails
mock_redis (0.4.1)
@@ -293,9 +295,9 @@ GEM
net-ssh-gateway (1.1.0)
net-ssh (>= 1.99.1)
netrc (0.7.1)
- newrelic_rpm (3.3.2.1)
+ newrelic_rpm (3.3.4.1)
nokogiri (1.5.2)
- oauth (0.4.5)
+ oauth (0.4.6)
oauth2 (0.5.0)
faraday (>= 0.6.1, < 0.8)
multi_json (~> 1.0.0)
@@ -305,7 +307,7 @@ GEM
oink (0.9.3)
activerecord
hodel_3000_compliant_logger
- omniauth (1.0.1)
+ omniauth (1.0.3)
hashie (~> 1.2)
rack
omniauth-facebook (1.2.0)
@@ -318,24 +320,22 @@ GEM
omniauth (~> 1.0)
omniauth-tumblr (1.0)
omniauth-oauth (~> 1.0)
- omniauth-twitter (0.0.8)
+ omniauth-twitter (0.0.9)
omniauth-oauth (~> 1.0)
orm_adapter (0.0.7)
parallel (0.5.16)
- parallel_tests (0.7.2)
+ parallel_tests (0.8.1)
parallel
pg (0.13.2)
polyglot (0.3.3)
- rack (1.3.6)
+ rack (1.4.1)
rack-cache (1.2)
rack (>= 0.4)
- rack-cors (0.2.4)
+ rack-cors (0.2.6)
rack
rack-fiber_pool (0.9.2)
rack-mobile-detect (0.3.0)
rack
- rack-mount (0.8.3)
- rack (>= 1.0.0)
rack-piwik (0.1.2)
rack-pjax (0.5.9)
hpricot (~> 0.8.6)
@@ -347,14 +347,14 @@ GEM
rack
rack-test (0.6.1)
rack (>= 1.0)
- rails (3.1.4)
- actionmailer (= 3.1.4)
- actionpack (= 3.1.4)
- activerecord (= 3.1.4)
- activeresource (= 3.1.4)
- activesupport (= 3.1.4)
+ rails (3.2.3)
+ actionmailer (= 3.2.3)
+ actionpack (= 3.2.3)
+ activerecord (= 3.2.3)
+ activeresource (= 3.2.3)
+ activesupport (= 3.2.3)
bundler (~> 1.0)
- railties (= 3.1.4)
+ railties (= 3.2.3)
rails-i18n (0.6.3)
i18n (~> 0.5)
rails_admin (0.0.3)
@@ -370,16 +370,16 @@ GEM
rails (~> 3.1)
remotipart (~> 1.0)
sass-rails (~> 3.1)
- rails_autolink (1.0.6)
+ rails_autolink (1.0.7)
rails (~> 3.1)
- railties (3.1.4)
- actionpack (= 3.1.4)
- activesupport (= 3.1.4)
+ railties (3.2.3)
+ actionpack (= 3.2.3)
+ activesupport (= 3.2.3)
rack-ssl (~> 1.3.2)
rake (>= 0.8.7)
rdoc (~> 3.4)
thor (~> 0.14.6)
- raindrops (0.8.0)
+ raindrops (0.8.1)
rake (0.9.2.2)
rbx-require-relative (0.0.9)
rdoc (3.12)
@@ -398,7 +398,7 @@ GEM
resque (~> 1.0)
rest-client (1.6.7)
mime-types (>= 1.16)
- rpm_contrib (2.1.8)
+ rpm_contrib (2.1.9)
newrelic_rpm (>= 3.1.1)
newrelic_rpm (>= 3.1.1)
rspec (2.9.0)
@@ -425,31 +425,37 @@ GEM
ruby-progressbar (0.0.10)
rubyzip (0.9.8)
sass (3.1.18)
+<<<<<<< HEAD
sass-rails (3.1.4)
actionpack (~> 3.1.0)
railties (~> 3.1.0)
sass (>= 3.1.4)
sprockets (~> 2.0.0)
tilt (~> 1.3.2)
+=======
+ sass-rails (3.2.5)
+ railties (~> 3.2.0)
+ sass (>= 3.1.10)
+ tilt (~> 1.3)
+>>>>>>> upgrade to Rails 3.2.3
selenium-webdriver (2.22.0.rc1)
childprocess (>= 0.2.5)
ffi (~> 1.0)
libwebsocket (~> 0.1.3)
multi_json (~> 1.0)
rubyzip
- simple_oauth (0.1.5)
+ simple_oauth (0.1.8)
sinatra (1.3.2)
rack (~> 1.3, >= 1.3.6)
rack-protection (~> 1.2)
tilt (~> 1.3, >= 1.3.3)
spork (1.0.0rc2)
- sprockets (2.0.4)
+ sprockets (2.1.3)
hike (~> 1.2)
rack (~> 1.0)
tilt (~> 1.1, != 1.3.0)
- sqlite3 (1.3.5)
- subexec (0.2.1)
- term-ansicolor (1.0.7)
+ sqlite3 (1.3.6)
+ subexec (0.2.2)
thin (1.3.1)
daemons (>= 1.0.9)
eventmachine (>= 0.12.6)
@@ -477,7 +483,7 @@ GEM
raindrops (~> 0.7)
vegas (0.1.11)
rack (>= 1.0.0)
- warden (1.1.1)
+ warden (1.2.0)
rack (>= 1.0)
webmock (1.6.2)
addressable (>= 2.2.2)
@@ -488,14 +494,13 @@ GEM
will_paginate (3.0.3)
xpath (0.1.4)
nokogiri (~> 1.3)
- yard (0.7.5)
+ yard (0.8.1)
PLATFORMS
ruby
DEPENDENCIES
SystemTimer (= 1.2.3)
- active_reload
activerecord-import (~> 0.2.9)
acts-as-taggable-on (~> 2.2.2)
acts_as_api
@@ -551,7 +556,7 @@ DEPENDENCIES
nokogiri (= 1.5.2)
oauth2-provider (= 0.0.19)
oink
- omniauth (= 1.0.1)
+ omniauth (= 1.0.3)
omniauth-facebook
omniauth-tumblr
omniauth-twitter
@@ -561,7 +566,7 @@ DEPENDENCIES
rack-piwik
rack-rewrite (~> 1.2.1)
rack-ssl
- rails (= 3.1.4)
+ rails (= 3.2.3)
rails-i18n
rails_admin (~> 0.0.3)
rails_autolink
@@ -578,7 +583,7 @@ DEPENDENCIES
rspec-rails (~> 2.9.0)
ruby-debug
ruby-oembed (~> 0.8.7)
- sass-rails (= 3.1.4)
+ sass-rails (= 3.2.5)
selenium-webdriver (= 2.22.0.rc1)
settingslogic!
spork (~> 1.0rc2)
diff --git a/app/controllers/notifications_controller.rb b/app/controllers/notifications_controller.rb
index 7e0af864571ed17280f7f6d36670dd843f7e785c..cfdf2be95c347d8c9e0ad15701d2be92b4c10630 100644
--- a/app/controllers/notifications_controller.rb
+++ b/app/controllers/notifications_controller.rb
@@ -37,7 +37,7 @@ class NotificationsController < ApplicationController
pager.replace(result)
end
@notifications.each do |n|
- n[:note_html] = render_to_string( :partial => 'notify_popup_item', :locals => { :n => n } )
+ n.note_html = render_to_string( :partial => 'notify_popup_item', :locals => { :n => n } )
end
@group_days = @notifications.group_by{|note| I18n.l(note.created_at, :format => I18n.t('date.formats.fullmonth_day')) }
diff --git a/app/controllers/posts_controller.rb b/app/controllers/posts_controller.rb
index 761028768c84841b1d117f1cb11565f166df9501..2416e948b7c6913321744b7375d65ebdd3ae812a 100644
--- a/app/controllers/posts_controller.rb
+++ b/app/controllers/posts_controller.rb
@@ -77,9 +77,9 @@ class PostsController < ApplicationController
current_user.retract(@post)
respond_to do |format|
- format.js { render 'destroy' }
+ format.js { render 'destroy',:layout => false, :format => :js }
format.json { render :nothing => true, :status => 204 }
- format.all { redirect_to stream_path }
+ format.any { redirect_to stream_path }
end
end
diff --git a/app/models/notification.rb b/app/models/notification.rb
index d01313b8d9f0bff5d34fe7830fbb5138be928d41..a60d8cdb9745f11b873a6679f1a6130aabd6a6d7 100644
--- a/app/models/notification.rb
+++ b/app/models/notification.rb
@@ -8,6 +8,8 @@ class Notification < ActiveRecord::Base
has_many :actors, :class_name => 'Person', :through => :notification_actors, :source => :person
belongs_to :target, :polymorphic => true
+ attr_accessor :note_html
+
def self.for(recipient, opts={})
self.where(opts.merge!(:recipient_id => recipient.id)).order('updated_at desc')
end
@@ -33,6 +35,10 @@ class Notification < ActiveRecord::Base
end
end
+ def as_json(opts={})
+ super(opts.merge(:methods => :note_html))
+ end
+
def email_the_user(target, actor)
self.recipient.mail(self.mail_job, self.recipient_id, actor.id, target.id)
end
diff --git a/app/models/post.rb b/app/models/post.rb
index 6e24533a7f28d57a20c938131a15936898759ab6..6b64330ea554d71fb14c5d8020e804007470a70d 100644
--- a/app/models/post.rb
+++ b/app/models/post.rb
@@ -61,6 +61,7 @@ class Post < ActiveRecord::Base
self.class.name
end
+ def root; end
def raw_message; ""; end
def mentioned_people; []; end
def photos; []; end
diff --git a/app/views/admins/correlations.haml b/app/views/admins/correlations.haml
index fb24f42c4800242ac34638ddc19614ac54fd95bc..6d2bafbe92edae0de6c7e253702d690ab176a5b6 100644
--- a/app/views/admins/correlations.haml
+++ b/app/views/admins/correlations.haml
@@ -1,5 +1,5 @@
.span-24
- = render :partial => 'admins/admin_bar.haml'
+ = render :partial => 'admins/admin_bar'
%br
%br
diff --git a/app/views/admins/stats.html.haml b/app/views/admins/stats.html.haml
index 66a87413c86f32ec2e185f63d0a67fd0c2930ffb..9ef060a90820850e723d66acb9fb29bae66166ab 100644
--- a/app/views/admins/stats.html.haml
+++ b/app/views/admins/stats.html.haml
@@ -1,6 +1,6 @@
.span-24
- = render :partial => 'admins/admin_bar.haml'
+ = render :partial => 'admins/admin_bar'
%br
%br
diff --git a/app/views/admins/user_search.html.haml b/app/views/admins/user_search.html.haml
index 88ff6a80ee8106f0f4ef6fb6f42f3841ee03449c..a667cf7bbef3f1938d3b5ba57c047078b3f770e3 100644
--- a/app/views/admins/user_search.html.haml
+++ b/app/views/admins/user_search.html.haml
@@ -1,6 +1,6 @@
.span-24
- = render :partial => 'admins/admin_bar.haml'
+ = render :partial => 'admins/admin_bar'
.span-24.prepend-4
%h3
diff --git a/app/views/admins/weekly_user_stats.haml b/app/views/admins/weekly_user_stats.haml
index e93fdf0b029bf6fa60b69574b25f1b62a471cbbd..a73cdc9359ddfaf637ddb31574171ad34b9632cd 100644
--- a/app/views/admins/weekly_user_stats.haml
+++ b/app/views/admins/weekly_user_stats.haml
@@ -1,6 +1,6 @@
.span-24
- = render :partial => 'admins/admin_bar.haml'
+ = render :partial => 'admins/admin_bar'
%br
%br
diff --git a/app/views/home/show.mobile.haml b/app/views/home/show.mobile.haml
index a0624fcd4635afc221b77a237fd43e1f7760de7f..86b60f6a541f23d1edfcb84b403ceb66826e9eff 100644
--- a/app/views/home/show.mobile.haml
+++ b/app/views/home/show.mobile.haml
@@ -3,4 +3,4 @@
-# the COPYRIGHT file.
-=render :partial => 'home/show' rescue "put something in app/views/home/_show.html.haml"
+=render :partial => 'home/show' rescue "put something in app/views/home/_show.html"
diff --git a/app/views/publics/webfinger.erb b/app/views/publics/webfinger.erb
index fd7a3b466505329dcedec6f7b51600b3db0b5d13..59c5e015f9ef783beb8368de545ab3c0e7676f7c 100644
--- a/app/views/publics/webfinger.erb
+++ b/app/views/publics/webfinger.erb
@@ -9,5 +9,5 @@
<Link rel='http://webfinger.net/rel/profile-page' type='text/html' <%=person_href(@person, :absolute => true)%>/>
<Link rel="http://schemas.google.com/g/2010#updates-from" type="application/atom+xml" href="<%=@person.public_url%>.atom"/>
- <Link rel="diaspora-public-key" type = 'RSA' href="<%=Base64.encode64s(@person.exported_key)%>"/>
+ <Link rel="diaspora-public-key" type = 'RSA' href="<%=Base64.strict_encode64(@person.exported_key)%>"/>
</XRD>
diff --git a/config/environments/development.rb b/config/environments/development.rb
index 8a3809250bed02e5c1120a53fcb7e5d2f76ab48a..1a7a780cf18ae480c93013202fe4b3a9f007320b 100644
--- a/config/environments/development.rb
+++ b/config/environments/development.rb
@@ -29,7 +29,17 @@ Diaspora::Application.configure do
# Don't care if the mailer can't send
config.action_mailer.raise_delivery_errors = false
config.active_support.deprecation = [:stderr, :log]
+
+
+
+ # Raise exception on mass assignment protection for Active Record models
+ config.active_record.mass_assignment_sanitizer = :strict
+
+ # Log the query plan for queries taking more than this (works
+ # with SQLite, MySQL, and PostgreSQL)
+ config.active_record.auto_explain_threshold_in_seconds = 0.5
#config.threadsafe!
+
# Monkeypatch around the nasty "2.5MB exception page" issue, caused by very large environment vars
# This snippet via: http://stackoverflow.com/questions/3114993/exception-pages-in-development-mode-take-upwards-of-15-30-seconds-to-render-why
# Relevant Rails ticket: https://rails.lighthouseapp.com/projects/8994/tickets/5027-_request_and_responseerb-and-diagnosticserb-take-an-increasingly-long-time-to-render-in-development-with-multiple-show-tables-calls
@@ -39,7 +49,7 @@ Diaspora::Application.configure do
"<#{self.class.name} - tooooo long>"
end
end
- [ActionController::Base, ActionDispatch::RemoteIp::RemoteIpGetter, OmniAuth::Strategy, Warden::Proxy].each do |klazz|
+ [ActionController::Base, OmniAuth::Strategy, Warden::Proxy].each do |klazz|
klazz.send(:include, SmallInspect)
end
end
diff --git a/config/environments/test.rb b/config/environments/test.rb
index 0a01b0369f36d6cddd24ee2562b14510720a3882..612b0b6f5ef1113a211664e8012f3f7be45ec5c9 100644
--- a/config/environments/test.rb
+++ b/config/environments/test.rb
@@ -30,6 +30,9 @@ Diaspora::Application.configure do
config.action_mailer.delivery_method = :test
config.active_support.deprecation = :stderr
+ # config.active_record.mass_assignment_sanitizer = :strict
+
+
# Configure static asset server for tests with Cache-Control for performance
config.serve_static_assets = true
config.static_cache_control = "public, max-age=3600"
@@ -37,8 +40,6 @@ Diaspora::Application.configure do
config.assets.enabled = true
config.assets.debug = false
- # Allow pass debug_assets=true as a query parameter to load pages with unpackaged assets
- config.assets.allow_debugging = true
# fixes url helper issue in rspec
#config.threadsafe!
diff --git a/config/initializers/omniauth.rb b/config/initializers/omniauth.rb
index 084fbc4f82e1cdc2d6c9a24eeb4d7bebe52b0abb..d48c77d04a1610cf809b0ba160b1057187983679 100644
--- a/config/initializers/omniauth.rb
+++ b/config/initializers/omniauth.rb
@@ -2,16 +2,6 @@
# licensed under the Affero General Public License version 3 or later. See
# the COPYRIGHT file.
-require_dependency "rack/fixed_request"
-OmniAuth.config.full_host = lambda do |env|
- request_url = Rack::FixedRequest.new(env).url
- # Copied from OmniAuth::Strategy#full_host (omniauth-0.2.6)
- uri = URI.parse(request_url.gsub(/\?.*$/,''))
- uri.path = ''
- uri.query = nil
- uri.to_s
-end
-
Rails.application.config.middleware.use OmniAuth::Builder do
if SERVICES['twitter'] && SERVICES['twitter']['consumer_key'] && SERVICES['twitter']['consumer_secret']
provider :twitter, SERVICES['twitter']['consumer_key'], SERVICES['twitter']['consumer_secret']
diff --git a/lib/diaspora/encryptable.rb b/lib/diaspora/encryptable.rb
index 83ca2f54c925467a6967ebf9b6233b7da7d1ec04..b1db82c7afb3acbbbf339d1899257ce2334067af 100644
--- a/lib/diaspora/encryptable.rb
+++ b/lib/diaspora/encryptable.rb
@@ -26,7 +26,7 @@ module Diaspora
# @param [OpenSSL::PKey::RSA] key An RSA key
# @return [String] A Base64 encoded signature of #signable_string with key
def sign_with_key(key)
- sig = Base64.encode64s(key.sign( OpenSSL::Digest::SHA256.new, signable_string ))
+ sig = Base64.strict_encode64(key.sign( OpenSSL::Digest::SHA256.new, signable_string ))
log_hash = {:event => :sign_with_key, :status => :complete}
log_hash.merge(:model_id => self.id) if self.respond_to?(:persisted?)
Rails.logger.info(log_hash)
diff --git a/lib/encryptor.rb b/lib/encryptor.rb
index 165ab91f2970147cbecbd553a1bcb004055e6847..a81302b851c9805b725c63fd6db7c3a9c82ac999 100644
--- a/lib/encryptor.rb
+++ b/lib/encryptor.rb
@@ -9,14 +9,14 @@ module Encryptor
ciphertext = aes_encrypt(cleartext, aes_key)
encrypted_key = encrypt_aes_key aes_key
cipher_hash = {:aes_key => encrypted_key, :ciphertext => ciphertext}
- Base64.encode64s( cipher_hash.to_json )
+ Base64.strict_encode64( cipher_hash.to_json )
end
def gen_aes_key
cipher = OpenSSL::Cipher.new('AES-256-CBC')
key = cipher.random_key
iv = cipher.random_iv
- {'key' => Base64.encode64s(key), 'iv' => Base64.encode64s(iv)}
+ {'key' => Base64.strict_encode64(key), 'iv' => Base64.strict_encode64(iv)}
end
def aes_encrypt(txt, key)
@@ -27,11 +27,11 @@ module Encryptor
ciphertext = ''
ciphertext << cipher.update(txt)
ciphertext << cipher.final
- Base64.encode64s(ciphertext)
+ Base64.strict_encode64(ciphertext)
end
def encrypt_aes_key key
- Base64.encode64s(public_key.public_encrypt( key.to_json ))
+ Base64.strict_encode64(public_key.public_encrypt( key.to_json ))
end
end
diff --git a/lib/postzord/dispatcher.rb b/lib/postzord/dispatcher.rb
index 6726c39d2f5109b517db0aa799ba14049a2a1caa..4174196c2d8c4c82ffecb9944567d768cd200251 100644
--- a/lib/postzord/dispatcher.rb
+++ b/lib/postzord/dispatcher.rb
@@ -106,7 +106,7 @@ class Postzord::Dispatcher
def queue_remote_delivery_job(remote_people)
Resque.enqueue(Jobs::HttpMulti,
@sender.id,
- Base64.encode64s(@object.to_diaspora_xml),
+ Base64.strict_encode64(@object.to_diaspora_xml),
remote_people.map{|p| p.id},
self.class.to_s)
end
diff --git a/lib/rack/fixed_request.rb b/lib/rack/fixed_request.rb
deleted file mode 100644
index f1ceca3bd67883c714ee9274b2b10d85afe9d76d..0000000000000000000000000000000000000000
--- a/lib/rack/fixed_request.rb
+++ /dev/null
@@ -1,340 +0,0 @@
-# Copied and renamed from https://github.com/rack/rack/blob/1.3.4/lib/rack/request.rb
-require 'rack/utils'
-
-module Rack
- # Rack::Request provides a convenient interface to a Rack
- # environment. It is stateless, the environment +env+ passed to the
- # constructor will be directly modified.
- #
- # req = Rack::Request.new(env)
- # req.post?
- # req.params["data"]
- #
- # The environment hash passed will store a reference to the Request object
- # instantiated so that it will only instantiate if an instance of the Request
- # object doesn't already exist.
-
- class FixedRequest
- # The environment of the request.
- attr_reader :env
-
- def initialize(env)
- @env = env
- end
-
- def body; @env["rack.input"] end
- def script_name; @env["SCRIPT_NAME"].to_s end
- def path_info; @env["PATH_INFO"].to_s end
- def request_method; @env["REQUEST_METHOD"] end
- def query_string; @env["QUERY_STRING"].to_s end
- def content_length; @env['CONTENT_LENGTH'] end
-
- def content_type
- content_type = @env['CONTENT_TYPE']
- content_type.nil? || content_type.empty? ? nil : content_type
- end
-
- def session; @env['rack.session'] ||= {} end
- def session_options; @env['rack.session.options'] ||= {} end
- def logger; @env['rack.logger'] end
-
- # The media type (type/subtype) portion of the CONTENT_TYPE header
- # without any media type parameters. e.g., when CONTENT_TYPE is
- # "text/plain;charset=utf-8", the media-type is "text/plain".
- #
- # For more information on the use of media types in HTTP, see:
- # http://www.w3.org/Protocols/rfc2616/rfc2616-sec3.html#sec3.7
- def media_type
- content_type && content_type.split(/\s*[;,]\s*/, 2).first.downcase
- end
-
- # The media type parameters provided in CONTENT_TYPE as a Hash, or
- # an empty Hash if no CONTENT_TYPE or media-type parameters were
- # provided. e.g., when the CONTENT_TYPE is "text/plain;charset=utf-8",
- # this method responds with the following Hash:
- # { 'charset' => 'utf-8' }
- def media_type_params
- return {} if content_type.nil?
- Hash[*content_type.split(/\s*[;,]\s*/)[1..-1].
- collect { |s| s.split('=', 2) }.
- map { |k,v| [k.downcase, v] }.flatten]
- end
-
- # The character set of the request body if a "charset" media type
- # parameter was given, or nil if no "charset" was specified. Note
- # that, per RFC2616, text/* media types that specify no explicit
- # charset are to be considered ISO-8859-1.
- def content_charset
- media_type_params['charset']
- end
-
- def scheme
- if @env['HTTPS'] == 'on'
- 'https'
- elsif @env['HTTP_X_FORWARDED_SSL'] == 'on'
- 'https'
- elsif @env['HTTP_X_FORWARDED_PROTO']
- @env['HTTP_X_FORWARDED_PROTO'].split(',')[0]
- else
- @env["rack.url_scheme"]
- end
- end
-
- def ssl?
- scheme == 'https'
- end
-
- def host_with_port
- if forwarded = @env["HTTP_X_FORWARDED_HOST"]
- forwarded.split(/,\s?/).last
- else
- @env['HTTP_HOST'] || "#{@env['SERVER_NAME'] || @env['SERVER_ADDR']}:#{@env['SERVER_PORT']}"
- end
- end
-
- def port
- if port = host_with_port.split(/:/)[1]
- port.to_i
- elsif port = @env['HTTP_X_FORWARDED_PORT']
- port.to_i
- elsif ssl?
- 443
- elsif @env.has_key?("HTTP_X_FORWARDED_HOST")
- 80
- else
- @env["SERVER_PORT"].to_i
- end
- end
-
- def host
- # Remove port number.
- host_with_port.to_s.gsub(/:\d+\z/, '')
- end
-
- def script_name=(s); @env["SCRIPT_NAME"] = s.to_s end
- def path_info=(s); @env["PATH_INFO"] = s.to_s end
-
-
- # Checks the HTTP request method (or verb) to see if it was of type DELETE
- def delete?; request_method == "DELETE" end
-
- # Checks the HTTP request method (or verb) to see if it was of type GET
- def get?; request_method == "GET" end
-
- # Checks the HTTP request method (or verb) to see if it was of type HEAD
- def head?; request_method == "HEAD" end
-
- # Checks the HTTP request method (or verb) to see if it was of type OPTIONS
- def options?; request_method == "OPTIONS" end
-
- # Checks the HTTP request method (or verb) to see if it was of type PATCH
- def patch?; request_method == "PATCH" end
-
- # Checks the HTTP request method (or verb) to see if it was of type POST
- def post?; request_method == "POST" end
-
- # Checks the HTTP request method (or verb) to see if it was of type PUT
- def put?; request_method == "PUT" end
-
- # Checks the HTTP request method (or verb) to see if it was of type TRACE
- def trace?; request_method == "TRACE" end
-
-
- # The set of form-data media-types. Requests that do not indicate
- # one of the media types presents in this list will not be eligible
- # for form-data / param parsing.
- FORM_DATA_MEDIA_TYPES = [
- 'application/x-www-form-urlencoded',
- 'multipart/form-data'
- ]
-
- # The set of media-types. Requests that do not indicate
- # one of the media types presents in this list will not be eligible
- # for param parsing like soap attachments or generic multiparts
- PARSEABLE_DATA_MEDIA_TYPES = [
- 'multipart/related',
- 'multipart/mixed'
- ]
-
- # Determine whether the request body contains form-data by checking
- # the request Content-Type for one of the media-types:
- # "application/x-www-form-urlencoded" or "multipart/form-data". The
- # list of form-data media types can be modified through the
- # +FORM_DATA_MEDIA_TYPES+ array.
- #
- # A request body is also assumed to contain form-data when no
- # Content-Type header is provided and the request_method is POST.
- def form_data?
- type = media_type
- meth = env["rack.methodoverride.original_method"] || env['REQUEST_METHOD']
- (meth == 'POST' && type.nil?) || FORM_DATA_MEDIA_TYPES.include?(type)
- end
-
- # Determine whether the request body contains data by checking
- # the request media_type against registered parse-data media-types
- def parseable_data?
- PARSEABLE_DATA_MEDIA_TYPES.include?(media_type)
- end
-
- # Returns the data recieved in the query string.
- def GET
- if @env["rack.request.query_string"] == query_string
- @env["rack.request.query_hash"]
- else
- @env["rack.request.query_string"] = query_string
- @env["rack.request.query_hash"] = parse_query(query_string)
- end
- end
-
- # Returns the data recieved in the request body.
- #
- # This method support both application/x-www-form-urlencoded and
- # multipart/form-data.
- def POST
- if @env["rack.input"].nil?
- raise "Missing rack.input"
- elsif @env["rack.request.form_input"].eql? @env["rack.input"]
- @env["rack.request.form_hash"]
- elsif form_data? || parseable_data?
- @env["rack.request.form_input"] = @env["rack.input"]
- unless @env["rack.request.form_hash"] = parse_multipart(env)
- form_vars = @env["rack.input"].read
-
- # Fix for Safari Ajax postings that always append \0
- # form_vars.sub!(/\0\z/, '') # performance replacement:
- form_vars.slice!(-1) if form_vars[-1] == ?\0
-
- @env["rack.request.form_vars"] = form_vars
- @env["rack.request.form_hash"] = parse_query(form_vars)
-
- @env["rack.input"].rewind
- end
- @env["rack.request.form_hash"]
- else
- {}
- end
- end
-
- # The union of GET and POST data.
- def params
- @params ||= self.GET.merge(self.POST)
- rescue EOFError
- self.GET
- end
-
- # shortcut for request.params[key]
- def [](key)
- params[key.to_s]
- end
-
- # shortcut for request.params[key] = value
- def []=(key, value)
- params[key.to_s] = value
- end
-
- # like Hash#values_at
- def values_at(*keys)
- keys.map{|key| params[key] }
- end
-
- # the referer of the client
- def referer
- @env['HTTP_REFERER']
- end
- alias referrer referer
-
- def user_agent
- @env['HTTP_USER_AGENT']
- end
-
- def cookies
- hash = @env["rack.request.cookie_hash"] ||= {}
- string = @env["HTTP_COOKIE"]
-
- return hash if string == @env["rack.request.cookie_string"]
- hash.clear
-
- # According to RFC 2109:
- # If multiple cookies satisfy the criteria above, they are ordered in
- # the Cookie header such that those with more specific Path attributes
- # precede those with less specific. Ordering with respect to other
- # attributes (e.g., Domain) is unspecified.
- Utils.parse_query(string, ';,').each { |k,v| hash[k] = Array === v ? v.first : v }
- @env["rack.request.cookie_string"] = string
- hash
- rescue => error
- raise error.class, "cannot parse Cookie header: #{error.message}"
- end
-
- def xhr?
- @env["HTTP_X_REQUESTED_WITH"] == "XMLHttpRequest"
- end
-
- def base_url
- url = scheme + "://"
- url << host
-
- if scheme == "https" && port != 443 ||
- scheme == "http" && port != 80
- url << ":#{port}"
- end
-
- url
- end
-
- # Tries to return a remake of the original request URL as a string.
- def url
- base_url + fullpath
- end
-
- def path
- script_name + path_info
- end
-
- def fullpath
- query_string.empty? ? path : "#{path}?#{query_string}"
- end
-
- def accept_encoding
- @env["HTTP_ACCEPT_ENCODING"].to_s.split(/\s*,\s*/).map do |part|
- encoding, parameters = part.split(/\s*;\s*/, 2)
- quality = 1.0
- if parameters and /\Aq=([\d.]+)/ =~ parameters
- quality = $1.to_f
- end
- [encoding, quality]
- end
- end
-
- def trusted_proxy?(ip)
- ip =~ /^127\.0\.0\.1$|^(10|172\.(1[6-9]|2[0-9]|30|31)|192\.168)\.|^::1$|^fd[0-9a-f]{2}:.+|^localhost$/i
- end
-
- def ip
- remote_addrs = @env['REMOTE_ADDR'] ? @env['REMOTE_ADDR'].split(/[,\s]+/) : []
- remote_addrs.reject! { |addr| trusted_proxy?(addr) }
-
- return remote_addrs.first if remote_addrs.any?
-
- forwarded_ips = @env['HTTP_X_FORWARDED_FOR'] ? @env['HTTP_X_FORWARDED_FOR'].strip.split(/[,\s]+/) : []
-
- if client_ip = @env['HTTP_CLIENT_IP']
- # If forwarded_ips doesn't include the client_ip, it might be an
- # ip spoofing attempt, so we ignore HTTP_CLIENT_IP
- return client_ip if forwarded_ips.include?(client_ip)
- end
-
- return forwarded_ips.reject { |ip| trusted_proxy?(ip) }.last || @env["REMOTE_ADDR"]
- end
-
- protected
- def parse_query(qs)
- Utils.parse_nested_query(qs)
- end
-
- def parse_multipart(env)
- Rack::Multipart.parse_multipart(env)
- end
- end
-end
-
diff --git a/lib/salmon/salmon.rb b/lib/salmon/salmon.rb
index 3d09404d203ba89d5d63bc1d6f9b03a3901e948e..28b5e4286b83363f2b8e4a8e115bb351c2c59b45 100644
--- a/lib/salmon/salmon.rb
+++ b/lib/salmon/salmon.rb
@@ -10,7 +10,7 @@ module Base64
# Alphabet'' in RFC 4648.
# The alphabet uses '-' instead of '+' and '_' instead of '/'.
def urlsafe_encode64(bin)
- self.encode64s(bin).tr("+/", "-_")
+ self.strict_encode64(bin).tr("+/", "-_")
end
# Returns the Base64-decoded version of +str+.
diff --git a/spec/lib/diaspora/encryptable_spec.rb b/spec/lib/diaspora/encryptable_spec.rb
index dcf46cec70693c335a8ca3388b95343f6eae7088..eb62e5e90026babbfae854a6e1c8eeff4d05faa4 100644
--- a/spec/lib/diaspora/encryptable_spec.rb
+++ b/spec/lib/diaspora/encryptable_spec.rb
@@ -22,7 +22,7 @@ describe Diaspora::Encryptable do
end
it 'does not verify the fallback after rollout window' do
- sig = Base64.encode64s(bob.encryption_key.sign( "SHA", @comment.signable_string ))
+ sig = Base64.strict_encode64(bob.encryption_key.sign( "SHA", @comment.signable_string ))
@comment.verify_signature(sig, bob.person).should be_false
end
end