Update to rails 4.0.0

Gemfile

@@ -1,8 +1,7 @@
-# Gem source to use
 source 'http://rubygems.org'
 
 # Require rails
-gem 'rails', '3.2.12'
+gem 'rails', '4.0.0'
 
 # Require things which have moved to gems in ruby 1.9
 gem 'bigdecimal', "~> 1.1.0", :platforms => :ruby_19
@@ -10,29 +9,48 @@ gem 'bigdecimal', "~> 1.1.0", :platforms => :ruby_19
 # Require things which have moved to gems in ruby 2.0
 gem 'psych', :platforms => :ruby_20
 
-# Require the postgres database driver
+# Use postgres as the database
 gem 'pg'
 
-# Load jquery support
+# Use SCSS for stylesheets
+gem 'sass-rails', '~> 4.0.0'
+
+# Use Uglifier as compressor for JavaScript assets
+gem 'uglifier', '>= 1.3.0'
+
+# Use CoffeeScript for .js.coffee assets and views
+gem 'coffee-rails', '~> 4.0.0'
+
+# See https://github.com/sstephenson/execjs#readme for more supported runtimes
+# gem 'therubyracer', platforms: :ruby
+
+# Use jquery as the JavaScript library
 gem 'jquery-rails'
 
-# Load R2 for RTL conversion
+# Build JSON APIs with ease. Read more: https://github.com/rails/jbuilder
+# gem 'jbuilder', '~> 1.2'
+gem 'jsonify-rails'
+
+# Use R2 for RTL conversion
 gem 'r2'
 
+# Use ejs for javascript templates
+gem 'ejs'
+
 # Load rails plugins
 gem 'rails-i18n', ">= 0.6.3"
 gem 'dynamic_form'
 gem 'rinku', '>= 1.2.2', :require => 'rails_rinku'
-gem 'oauth-plugin', '>= 0.4.1', :require => 'oauth-plugin'
+gem 'openstreetmap-oauth-plugin', '>= 0.4.1.1', :require => 'oauth-plugin'
 gem 'open_id_authentication', '>= 1.1.0'
 gem 'validates_email_format_of', '>= 1.5.1'
-gem 'composite_primary_keys', '>= 5.0.10'
+gem 'composite_primary_keys', '>= 6.0.0'
 gem 'http_accept_language', '>= 1.0.2'
 gem 'paperclip', '~> 2.0'
 gem 'deadlock_retry', '>= 1.2.0'
-gem 'i18n-js', '>= 3.0.0.rc2'
+gem 'openstreetmap-i18n-js', '>= 3.0.0.rc5.2', :require => 'i18n-js'
 gem 'rack-cors'
-gem 'jsonify-rails'
+gem 'actionpack-page_caching'
 
 # We need ruby-openid 2.2.0 or later for ruby 1.9 support
 gem 'ruby-openid', '>= 2.2.0'
@@ -69,12 +87,3 @@ group :test do
   gem 'timecop'
   gem 'minitest', '~> 4.7.0', :platforms => [:ruby_19, :ruby_20]
 end
-
-# Gems needed for compiling assets
-group :assets do
-  gem 'sass-rails', '~> 3.2.3'
-  gem 'coffee-rails', '~> 3.2.1'
-  gem 'uglifier', '>= 1.0.3'
-  gem 'therubyracer', '~> 0.10.2'
-  gem 'ejs'
-end

Gemfile.lock

@@ -2,71 +2,67 @@ GEM
   remote: http://rubygems.org/
   specs:
     SystemTimer (1.2.3)
-    actionmailer (3.2.12)
-      actionpack (= 3.2.12)
-      mail (~> 2.4.4)
-    actionpack (3.2.12)
-      activemodel (= 3.2.12)
-      activesupport (= 3.2.12)
-      builder (~> 3.0.0)
+    actionmailer (4.0.0)
+      actionpack (= 4.0.0)
+      mail (~> 2.5.3)
+    actionpack (4.0.0)
+      activesupport (= 4.0.0)
+      builder (~> 3.1.0)
       erubis (~> 2.7.0)
-      journey (~> 1.0.4)
-      rack (~> 1.4.5)
-      rack-cache (~> 1.2)
-      rack-test (~> 0.6.1)
-      sprockets (~> 2.2.1)
-    activemodel (3.2.12)
-      activesupport (= 3.2.12)
-      builder (~> 3.0.0)
-    activerecord (3.2.12)
-      activemodel (= 3.2.12)
-      activesupport (= 3.2.12)
-      arel (~> 3.0.2)
-      tzinfo (~> 0.3.29)
-    activeresource (3.2.12)
-      activemodel (= 3.2.12)
-      activesupport (= 3.2.12)
-    activesupport (3.2.12)
-      i18n (~> 0.6)
-      multi_json (~> 1.0)
-    arel (3.0.2)
+      rack (~> 1.5.2)
+      rack-test (~> 0.6.2)
+    actionpack-page_caching (1.0.0)
+      actionpack (>= 4.0.0.beta, < 5.0)
+    activemodel (4.0.0)
+      activesupport (= 4.0.0)
+      builder (~> 3.1.0)
+    activerecord (4.0.0)
+      activemodel (= 4.0.0)
+      activerecord-deprecated_finders (~> 1.0.2)
+      activesupport (= 4.0.0)
+      arel (~> 4.0.0)
+    activerecord-deprecated_finders (1.0.3)
+    activesupport (4.0.0)
+      i18n (~> 0.6, >= 0.6.4)
+      minitest (~> 4.2)
+      multi_json (~> 1.3)
+      thread_safe (~> 0.1)
+      tzinfo (~> 0.3.37)
+    arel (4.0.0)
+    atomic (1.1.13)
     bigdecimal (1.1.0)
-    builder (3.0.4)
+    builder (3.1.4)
     climate_control (0.0.3)
       activesupport (>= 3.0)
     cocaine (0.5.1)
       climate_control (>= 0.0.3, < 1.0)
-    coffee-rails (3.2.2)
+    coffee-rails (4.0.0)
       coffee-script (>= 2.2.0)
-      railties (~> 3.2.0)
+      railties (>= 4.0.0.beta, < 5.0)
     coffee-script (2.2.0)
       coffee-script-source
       execjs
-    coffee-script-source (1.6.2)
-    composite_primary_keys (5.0.13)
-      activerecord (~> 3.2.0, >= 3.2.9)
+    coffee-script-source (1.6.3)
+    composite_primary_keys (6.0.0)
+      activerecord (>= 4.0.0)
     deadlock_retry (1.2.0)
     dynamic_form (1.1.4)
     ejs (1.1.1)
     erubis (2.7.0)
     execjs (1.4.0)
       multi_json (~> 1.0)
-    faraday (0.8.7)
-      multipart-post (~> 1.1)
+    faraday (0.8.8)
+      multipart-post (~> 1.2.0)
     hike (1.2.3)
     htmlentities (4.3.1)
     http_accept_language (1.0.2)
     httpauth (0.2.0)
-    httpclient (2.3.3)
-    i18n (0.6.4)
-    i18n-js (3.0.0.rc5)
-      i18n
+    httpclient (2.3.4.1)
+    i18n (0.6.5)
     iconv (0.1)
-    journey (1.0.4)
-    jquery-rails (3.0.1)
+    jquery-rails (3.0.4)
       railties (>= 3.0, < 5.0)
       thor (>= 0.14, < 2.0)
-    json (1.8.0)
     jsonify (0.3.1)
       multi_json (~> 1.0)
     jsonify-rails (0.3.2)
@@ -74,27 +70,20 @@ GEM
       jsonify (< 0.4.0)
     jwt (0.1.8)
       multi_json (>= 1.5)
-    libv8 (3.3.10.4)
-    libxml-ruby (2.6.0)
-    mail (2.4.4)
-      i18n (>= 0.4.0)
+    libxml-ruby (2.7.0)
+    mail (2.5.4)
       mime-types (~> 1.16)
       treetop (~> 1.4.8)
-    memcached (1.6.1)
-    mime-types (1.23)
-    mini_portile (0.5.0)
+    memcached (1.7.0)
+    mime-types (1.24)
+    mini_portile (0.5.1)
     minitest (4.7.5)
-    multi_json (1.7.7)
-    multi_xml (0.5.4)
+    multi_json (1.7.9)
+    multi_xml (0.5.5)
     multipart-post (1.2.0)
     nokogiri (1.6.0)
       mini_portile (~> 0.5.0)
     oauth (0.4.7)
-    oauth-plugin (0.4.1)
-      multi_json
-      oauth (~> 0.4.4)
-      oauth2 (>= 0.5.0)
-      rack
     oauth2 (0.9.2)
       faraday (~> 0.8)
       httpauth (~> 0.2)
@@ -104,72 +93,75 @@ GEM
       rack (~> 1.2)
     open_id_authentication (1.1.0)
       rack-openid (~> 1.3)
+    openstreetmap-i18n-js (3.0.0.rc5.2)
+      i18n
+    openstreetmap-oauth-plugin (0.4.1.2)
+      multi_json
+      oauth (~> 0.4.4)
+      oauth2 (>= 0.5.0)
+      rack
     paperclip (2.8.0)
       activerecord (>= 2.3.0)
       activesupport (>= 2.3.2)
       cocaine (>= 0.0.2)
       mime-types
-    pg (0.15.1)
+    pg (0.16.0)
     polyglot (0.3.3)
     psych (2.0.0)
-    r2 (0.2.1)
-    rack (1.4.5)
-    rack-cache (1.2)
-      rack (>= 0.4)
+    r2 (0.2.2)
+    rack (1.5.2)
     rack-cors (0.2.8)
       rack
     rack-openid (1.3.1)
       rack (>= 1.1.0)
       ruby-openid (>= 2.1.8)
-    rack-ssl (1.3.3)
-      rack
     rack-test (0.6.2)
       rack (>= 1.0)
-    rails (3.2.12)
-      actionmailer (= 3.2.12)
-      actionpack (= 3.2.12)
-      activerecord (= 3.2.12)
-      activeresource (= 3.2.12)
-      activesupport (= 3.2.12)
-      bundler (~> 1.0)
-      railties (= 3.2.12)
-    rails-i18n (0.7.3)
+    rails (4.0.0)
+      actionmailer (= 4.0.0)
+      actionpack (= 4.0.0)
+      activerecord (= 4.0.0)
+      activesupport (= 4.0.0)
+      bundler (>= 1.3.0, < 2.0)
+      railties (= 4.0.0)
+      sprockets-rails (~> 2.0.0)
+    rails-i18n (0.7.4)
       i18n (~> 0.5)
-    railties (3.2.12)
-      actionpack (= 3.2.12)
-      activesupport (= 3.2.12)
-      rack-ssl (~> 1.3.2)
+    railties (4.0.0)
+      actionpack (= 4.0.0)
+      activesupport (= 4.0.0)
       rake (>= 0.8.7)
-      rdoc (~> 3.4)
-      thor (>= 0.14.6, < 2.0)
+      thor (>= 0.18.1, < 2.0)
     rake (10.1.0)
-    rdoc (3.12.2)
-      json (~> 1.4)
-    redcarpet (2.3.0)
+    redcarpet (3.0.0)
     rinku (1.7.3)
     ruby-openid (2.2.3)
-    sanitize (2.0.4)
-      nokogiri (~> 1.6.0)
-    sass (3.2.9)
-    sass-rails (3.2.6)
-      railties (~> 3.2.0)
+    sanitize (2.0.6)
+      nokogiri (>= 1.4.4)
+    sass (3.2.10)
+    sass-rails (4.0.0)
+      railties (>= 4.0.0.beta, < 5.0)
       sass (>= 3.1.10)
-      tilt (~> 1.3)
-    sprockets (2.2.2)
+      sprockets-rails (~> 2.0.0)
+    sprockets (2.10.0)
       hike (~> 1.2)
       multi_json (~> 1.0)
       rack (~> 1.0)
       tilt (~> 1.1, != 1.3.0)
-    therubyracer (0.10.2)
-      libv8 (~> 3.3.10)
+    sprockets-rails (2.0.0)
+      actionpack (>= 3.0)
+      activesupport (>= 3.0)
+      sprockets (~> 2.8)
     thor (0.18.1)
+    thread_safe (0.1.2)
+      atomic
     tilt (1.4.1)
-    timecop (0.6.1)
+    timecop (0.6.3)
     treetop (1.4.14)
       polyglot
       polyglot (>= 0.3.1)
     tzinfo (0.3.37)
-    uglifier (2.1.1)
+    uglifier (2.1.2)
       execjs (>= 0.3.0)
       multi_json (~> 1.0, >= 1.0.2)
     validates_email_format_of (1.5.3)
@@ -180,38 +172,38 @@ PLATFORMS
 
 DEPENDENCIES
   SystemTimer (>= 1.1.3)
+  actionpack-page_caching
   bigdecimal (~> 1.1.0)
-  coffee-rails (~> 3.2.1)
-  composite_primary_keys (>= 5.0.10)
+  coffee-rails (~> 4.0.0)
+  composite_primary_keys (>= 6.0.0)
   deadlock_retry (>= 1.2.0)
   dynamic_form
   ejs
   htmlentities
   http_accept_language (>= 1.0.2)
   httpclient
-  i18n-js (>= 3.0.0.rc2)
   iconv (= 0.1)
   jquery-rails
   jsonify-rails
   libxml-ruby (>= 2.0.5)
   memcached (>= 1.4.1)
   minitest (~> 4.7.0)
-  oauth-plugin (>= 0.4.1)
   open_id_authentication (>= 1.1.0)
+  openstreetmap-i18n-js (>= 3.0.0.rc5.2)
+  openstreetmap-oauth-plugin (>= 0.4.1.1)
   paperclip (~> 2.0)
   pg
   psych
   r2
   rack-cors
-  rails (= 3.2.12)
+  rails (= 4.0.0)
   rails-i18n (>= 0.6.3)
   redcarpet
   rinku (>= 1.2.2)
   ruby-openid (>= 2.2.0)
   sanitize
-  sass-rails (~> 3.2.3)
-  therubyracer (~> 0.10.2)
+  sass-rails (~> 4.0.0)
   timecop
-  uglifier (>= 1.0.3)
+  uglifier (>= 1.3.0)
   validates_email_format_of (>= 1.5.1)
   vendorer

app/assets/javascripts/leaflet.extend.js.erb

@@ -155,7 +155,7 @@ L.extend(L.Map.prototype, {
   }
 });
 
-L.Icon.Default.imagePath = <%= "#{asset_prefix}/images".to_json %>;
+L.Icon.Default.imagePath = <%= "#{assets_prefix}/images".to_json %>;
 
 L.Hash.prototype.parseHash = OSM.parseHash;
 L.Hash.prototype.formatHash = OSM.formatHash;

config/application.rb

@@ -12,12 +12,9 @@ else
 require 'rails/all'
 end
 
-if defined?(Bundler)
-  # If you precompile assets before deploying to production, use this line
-  Bundler.require(*Rails.groups(:assets => %w(development test)))
-  # If you want your assets lazily compiled in production, use this line
-  # Bundler.require(:default, :assets, Rails.env)
-end
+# Require the gems listed in Gemfile, including any gems
+# you've limited to :test, :development, or :production.
+Bundler.require(:default, Rails.env)
 
 module OpenStreetMap
   class Application < Rails::Application
@@ -25,13 +22,6 @@ module OpenStreetMap
     # Application configuration should go into files in config/initializers
     # -- all .rb files in that directory are automatically loaded.
 
-    # Custom directories with classes and modules you want to be autoloadable.
-    config.autoload_paths += %W(#{config.root}/lib)
-
-    # Only load the plugins named here, in the order given (default is alphabetical).
-    # :all can be used as a placeholder for all plugins not explicitly named.
-    # config.plugins = [ :exception_notification, :ssl_requirement, :all ]
-
     # Set Time.zone default to the specified zone and make Active Record auto-convert to this zone.
     # Run "rake -D time" for a list of tasks for finding time zone names. Default is UTC.
     # config.time_zone = 'Central Time (US & Canada)'
@@ -40,12 +30,12 @@ module OpenStreetMap
     # config.i18n.load_path += Dir[Rails.root.join('my', 'locales', '*.{rb,yml}').to_s]
     # config.i18n.default_locale = :de
 
+    # Custom directories with classes and modules you want to be autoloadable.
+    config.autoload_paths += %W(#{config.root}/lib)
+
     # Configure the default encoding used in templates for Ruby 1.9.
     config.encoding = "utf-8"
 
-    # Configure sensitive parameters which will be filtered from the log file.
-    config.filter_parameters += [:password, :pass_crypt, :pass_crypt_confirmation]
-
     # Use SQL instead of Active Record's schema dumper when creating the database.
     # This is necessary if your schema can't be completely dumped by the schema dumper,
     # like if you have constraints or database-specific column types
@@ -53,14 +43,6 @@ module OpenStreetMap
       config.active_record.schema_format = :sql
     end
 
-    # Enforce whitelist mode for mass assignment.
-    # This will create an empty whitelist of attributes available for mass-assignment for all models
-    # in your app. As such, your models will need to explicitly whitelist or blacklist accessible
-    # parameters by using an attr_accessible or attr_protected declaration.
-    unless STATUS == :database_offline
-      config.active_record.whitelist_attributes = true
-    end
-
     # Enable the asset pipeline
     config.assets.enabled = true
 

config/environments/development.rb

@@ -1,41 +1,29 @@
 OpenStreetMap::Application.configure do
-  # Settings specified here will take precedence over those in config/application.rb
+  # Settings specified here will take precedence over those in config/application.rb.
 
   # In the development environment your application's code is reloaded on
   # every request. This slows down response time but is perfect for development
   # since you don't have to restart the web server when you make code changes.
   config.cache_classes = false
 
-  # Log error messages when you accidentally call methods on nil.
-  config.whiny_nils = true
+  # Do not eager load code on boot.
+  config.eager_load = false
 
-  # Show full error reports and disable caching
+  # Show full error reports and disable caching.
   config.consider_all_requests_local       = true
   config.action_controller.perform_caching = false
 
-  # Don't care if the mailer can't send
+  # Don't care if the mailer can't send.
   config.action_mailer.raise_delivery_errors = false
 
-  # Print deprecation notices to the Rails logger
+  # Print deprecation notices to the Rails logger.
   config.active_support.deprecation = :log
 
-  # Only use best-standards-support built into browsers
-  config.action_dispatch.best_standards_support = :builtin
+  # Raise an error on page load if there are pending migrations
+  config.active_record.migration_error = :page_load
 
-  # Raise exception on mass assignment protection for Active Record models
-  unless STATUS == :database_offline
-    config.active_record.mass_assignment_sanitizer = :strict
-  end
-
-  # Log the query plan for queries taking more than this (works
-  # with SQLite, MySQL, and PostgreSQL)
-  unless STATUS == :database_offline
-    config.active_record.auto_explain_threshold_in_seconds = 0.5
-  end
-
-  # Do not compress assets
-  config.assets.compress = false
-
-  # Expands the lines which load the assets
+  # Debug mode disables concatenation and preprocessing of assets.
+  # This option may cause significant delays in view rendering with a large
+  # number of complex assets.
   config.assets.debug = true
 end

config/environments/production.rb

@@ -1,61 +1,71 @@
 OpenStreetMap::Application.configure do
-  # Settings specified here will take precedence over those in config/application.rb
+  # Settings specified here will take precedence over those in config/application.rb.
 
-  # Code is not reloaded between requests
+  # Code is not reloaded between requests.
   config.cache_classes = true
 
-  # Full error reports are disabled and caching is turned on
+  # Eager load code on boot. This eager loads most of Rails and
+  # your application in memory, allowing both thread web servers
+  # and those relying on copy on write to perform better.
+  # Rake tasks automatically ignore this option for performance.
+  config.eager_load = true
+
+  # Full error reports are disabled and caching is turned on.
   config.consider_all_requests_local       = false
   config.action_controller.perform_caching = true
 
-  # Disable rack caching
-  config.action_dispatch.rack_cache = false
+  # Enable Rack::Cache to put a simple HTTP cache in front of your application
+  # Add `rack-cache` to your Gemfile before enabling this.
+  # For large-scale production use, consider using a caching reverse proxy like nginx, varnish or squid.
+  # config.action_dispatch.rack_cache = true
 
-  # Disable Rails's static asset server (Apache or nginx will already do this)
+  # Disable Rails's static asset server (Apache or nginx will already do this).
   config.serve_static_assets = false
 
-  # Compress JavaScripts and CSS
-  config.assets.compress = true
+  # Compress JavaScripts and CSS.
+  config.assets.js_compressor = :uglifier
+  # config.assets.css_compressor = :sass
 
-  # Don't fallback to assets pipeline if a precompiled asset is missed
+  # Do not fallback to assets pipeline if a precompiled asset is missed.
   config.assets.compile = false
 
-  # Generate digests for assets URLs
+  # Generate digests for assets URLs.
   config.assets.digest = true
 
-  # Defaults to Rails.root.join("public/assets")
-  # config.assets.manifest = YOUR_PATH
+  # Version of your assets, change this if you want to expire all your assets.
+  config.assets.version = '1.0'
 
-  # Specifies the header that your server uses for sending files
+  # Specifies the header that your server uses for sending files.
   # config.action_dispatch.x_sendfile_header = "X-Sendfile" # for apache
   # config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for nginx
 
   # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
   # config.force_ssl = true
 
-  # See everything in the log (default is :info)
-  # config.log_level = :debug
+  # Set to :debug to see everything in the log.
+  config.log_level = :info
 
-  # Prepend all log lines with the following tags
+  # Prepend all log lines with the following tags.
   # config.log_tags = [ :subdomain, :uuid ]
 
-  # Use a different log path in production
+  # Use a different log path in production.
   if defined?(LOG_PATH)
     config.paths["log"] = LOG_PATH
   end
 
-  # Use a different logger for distributed setups
+  # Use a different logger for distributed setups.
   # config.logger = ActiveSupport::TaggedLogging.new(SyslogLogger.new)
 
-  # Use a different cache store in production
+  # Use a different cache store in production.
   if defined?(MEMCACHE_SERVERS)
     config.cache_store = :mem_cache_store, MemCache.new(:namespace => "rails:cache", :no_block => true, :buffer_requests => true, :noreply => true)
   end
 
-  # Enable serving of images, stylesheets, and JavaScripts from an asset server
+  # Enable serving of images, stylesheets, and JavaScripts from an asset server.
   # config.action_controller.asset_host = "http://assets.example.com"
 
-  # Precompile additional assets (application.js, application.css, and all non-JS/CSS are already added)
+  # Precompile additional assets.
+  # application.js, application.css, and all non-JS/CSS in app/assets folder are already added.
   config.assets.precompile += %w( index.js edit.js browse.js changeset.js welcome.js )
   config.assets.precompile += %w( user.js diary_entry.js pngfix.js swfobject.js )
   config.assets.precompile += %w( large-ltr.css small-ltr.css print-ltr.css )
@@ -64,20 +74,20 @@ OpenStreetMap::Application.configure do
   config.assets.precompile += %w( embed.js embed.css )
   config.assets.precompile += %w( iD.js iD.css )
 
-  # Disable delivery errors, bad email addresses will be ignored
+  # Ignore bad email addresses and do not raise email delivery errors.
+  # Set this to true and configure the email server for immediate delivery to raise delivery errors.
   # config.action_mailer.raise_delivery_errors = false
 
-  # Enable threaded mode
-  # config.threadsafe!
-
   # Enable locale fallbacks for I18n (makes lookups for any locale fall back to
-  # the I18n.default_locale when a translation can not be found)
+  # the I18n.default_locale when a translation can not be found).
   config.i18n.fallbacks = true
 
-  # Send deprecation notices to registered listeners
+  # Send deprecation notices to registered listeners.
   config.active_support.deprecation = :notify
 
-  # Log the query plan for queries taking more than this (works
-  # with SQLite, MySQL, and PostgreSQL)
-  # config.active_record.auto_explain_threshold_in_seconds = 0.5
+  # Disable automatic flushing of the log to improve performance.
+  # config.autoflush_log = false
+
+  # Use default logging formatter so that PID and timestamp are not suppressed.
+  config.log_formatter = ::Logger::Formatter.new
 end

config/environments/test.rb

@@ -1,5 +1,5 @@
 OpenStreetMap::Application.configure do
-  # Settings specified here will take precedence over those in config/application.rb
+  # Settings specified here will take precedence over those in config/application.rb.
 
   # The test environment is used exclusively to run your application's
   # test suite. You never need to work with it otherwise. Remember that
@@ -7,31 +7,30 @@ OpenStreetMap::Application.configure do
   # and recreated between test runs. Don't rely on the data there!
   config.cache_classes = true
 
-  # Configure static asset server for tests with Cache-Control for performance
-  config.serve_static_assets = true
+  # Do not eager load code on boot. This avoids loading your whole application
+  # just for the purpose of running a single test. If you are using a tool that
+  # preloads Rails for running tests, you may have to set it to true.
+  config.eager_load = false
+
+  # Configure static asset server for tests with Cache-Control for performance.
+  config.serve_static_assets  = true
   config.static_cache_control = "public, max-age=3600"
 
-  # Log error messages when you accidentally call methods on nil
-  config.whiny_nils = true
-
-  # Show full error reports and disable caching
+  # Show full error reports and disable caching.
   config.consider_all_requests_local       = true
   config.action_controller.perform_caching = false
 
-  # Raise exceptions instead of rendering exception templates
+  # Raise exceptions instead of rendering exception templates.
   config.action_dispatch.show_exceptions = false
 
-  # Disable request forgery protection in test environment
-  config.action_controller.allow_forgery_protection    = false
+  # Disable request forgery protection in test environment.
+  config.action_controller.allow_forgery_protection = false
 
   # Tell Action Mailer not to deliver emails to the real world.
   # The :test delivery method accumulates sent emails in the
   # ActionMailer::Base.deliveries array.
   config.action_mailer.delivery_method = :test
 
-  # Raise exception on mass assignment protection for Active Record models
-  config.active_record.mass_assignment_sanitizer = :strict
-
-  # Print deprecation notices to the stderr
+  # Print deprecation notices to the stderr.
   config.active_support.deprecation = :stderr
 end

config/initializers/buffered_logger.rb

@@ -1,14 +0,0 @@
-# Hack BufferedLogger to add timestamps to messages
-module ActiveSupport
-  class BufferedLogger
-    alias_method :old_add, :add
-
-    def add(severity, message = nil, progname = nil, &block)
-      return if self.level > severity
-      message = (message || (block && block.call) || progname).to_s
-      time = Time.now
-      message = "[%s.%06d #%d] %s" % [time.strftime("%Y-%m-%d %H:%M:%S"), time.usec, $$, message.sub(/^\n+/, "")]
-      old_add(severity, message)
-    end
-  end
-end

config/initializers/filter_parameter_logging.rb

@@ -0,0 +1,4 @@
+# Be sure to restart your server when you modify this file.
+
+# Configure sensitive parameters which will be filtered from the log file.
+Rails.application.config.filter_parameters += [:password, :pass_crypt, :pass_crypt_confirmation]

config/initializers/inflections.rb

@@ -1,15 +1,16 @@
 # Be sure to restart your server when you modify this file.
 
-# Add new inflection rules using the following format
-# (all these examples are active by default):
-# ActiveSupport::Inflector.inflections do |inflect|
+# Add new inflection rules using the following format. Inflections
+# are locale specific, and you may define rules for as many different
+# locales as you wish. All of these examples are active by default:
+# ActiveSupport::Inflector.inflections(:en) do |inflect|
 #   inflect.plural /^(ox)$/i, '\1en'
 #   inflect.singular /^(ox)en/i, '\1'
 #   inflect.irregular 'person', 'people'
 #   inflect.uncountable %w( fish sheep )
 # end
-#
+
 # These inflection rules are supported but not enabled by default:
-# ActiveSupport::Inflector.inflections do |inflect|
+# ActiveSupport::Inflector.inflections(:en) do |inflect|
 #   inflect.acronym 'RESTful'
 # end

config/initializers/paperclip.rb

@@ -1,7 +1,6 @@
 module Paperclip
   class AssetUrlGenerator < UrlGenerator
-    include Sprockets::Helpers::IsolatedHelper
-    include Sprockets::Helpers::RailsHelper
+    include Sprockets::Rails::Helper
 
     def for(style_name, options)
       url = super(style_name, options)

config/initializers/secret_token.rb

@@ -0,0 +1,12 @@
+# Be sure to restart your server when you modify this file.
+
+# Your secret key is used for verifying the integrity of signed cookies.
+# If you change this key, all old signed cookies will become invalid!
+
+# Make sure the secret is at least 30 characters and all random,
+# no regular words or you'll be exposed to dictionary attacks.
+# You can use `rake secret` to generate a secure secret key.
+
+# Make sure your secret_key_base is kept private
+# if you're sharing your code publicly.
+OpenStreetMap::Application.config.secret_key_base = '8be565e2e25831d88231f4bcfd83dfc3ab33957c4f33bb3cff7a279f7820ec4d0c1111f246bb347c68859c0b46b4e591be9179a53a5a7165a9936000d6d2be41'

config/initializers/wrap_parameters.rb

@@ -1,14 +1,14 @@
 # Be sure to restart your server when you modify this file.
-#
+
 # This file contains settings for ActionController::ParamsWrapper which
 # is enabled by default.
 
 # Enable parameter wrapping for JSON. You can disable this by setting :format to an empty array.
 ActiveSupport.on_load(:action_controller) do
-  wrap_parameters :format => [:json]
+  wrap_parameters format: [:json] if respond_to?(:wrap_parameters)
 end
 
-# Disable root element in JSON by default.
-ActiveSupport.on_load(:active_record) do
-  self.include_root_in_json = false
-end
+# To enable root element in JSON for ActiveRecord objects.
+# ActiveSupport.on_load(:active_record) do
+#  self.include_root_in_json = true
+# end

config/routes.rb

@@ -155,7 +155,7 @@ OpenStreetMap::Application.routes.draw do
   match '/go/:code' => 'site#permalink', :via => :get, :code => /[a-zA-Z0-9_@~]+[=-]*/
 
   # rich text preview
-  match '/preview/:format' => 'site#preview', :as => :preview
+  match '/preview/:format' => 'site#preview', :via => :post, :as => :preview
 
   # traces
   match '/user/:display_name/traces/tag/:tag/page/:page' => 'trace#list', :via => :get
@@ -244,12 +244,12 @@ OpenStreetMap::Application.routes.draw do
   scope "/user/:display_name" do
     resources :oauth_clients
   end
-  match '/oauth/revoke' => 'oauth#revoke'
-  match '/oauth/authorize' => 'oauth#authorize', :as => :authorize
-  match '/oauth/token' => 'oauth#token', :as => :token
-  match '/oauth/request_token' => 'oauth#request_token', :as => :request_token
-  match '/oauth/access_token' => 'oauth#access_token', :as => :access_token
-  match '/oauth/test_request' => 'oauth#test_request', :as => :test_request
+  match '/oauth/revoke' => 'oauth#revoke', :via => :post
+  match '/oauth/authorize' => 'oauth#authorize', :via => :post, :as => :authorize
+  match '/oauth/token' => 'oauth#token', :via => :get, :as => :token
+  match '/oauth/request_token' => 'oauth#request_token', :via => :get, :as => :request_token
+  match '/oauth/access_token' => 'oauth#access_token', :via => :get, :as => :access_token
+  match '/oauth/test_request' => 'oauth#test_request', :via => :get, :as => :test_request
 
   # roles and banning pages
   match '/user/:display_name/role/:role/grant' => 'user_roles#grant', :via => :post, :as => "grant_role"

test/functional/diary_entry_controller_test.rb

@@ -201,7 +201,7 @@ class DiaryEntryControllerTest < ActionController::TestCase
       assert_select "body", :count => 1 do
         assert_select "div.wrapper", :count => 1 do
           assert_select "div.content-heading", :count => 1 do
-            assert_select "h2", :text => /#{entry.user.display_name}&#x27;s diary/, :count => 1
+            assert_select "h2", :text => /#{entry.user.display_name}&#39;s diary/, :count => 1
           end
           assert_select "div#content", :count => 1 do
             assert_select "div.post_heading", :text => /#{new_title}/, :count => 1
@@ -230,7 +230,7 @@ class DiaryEntryControllerTest < ActionController::TestCase
       assert_select "body", :count => 1 do
         assert_select "div.wrapper", :count => 1 do
           assert_select "div.content-heading", :count => 1 do
-            assert_select "h2", :text => /#{users(:normal_user).display_name}&#x27;s diary/, :count => 1
+            assert_select "h2", :text => /#{users(:normal_user).display_name}&#39;s diary/, :count => 1
           end
           assert_select "div#content", :count => 1 do
             assert_select "div.post_heading", :text => /#{new_title}/, :count => 1

test/functional/site_controller_test.rb

@@ -59,7 +59,7 @@ class SiteControllerTest < ActionController::TestCase
       { :controller => "site", :action => "permalink", :code => "shortcode" }
     )
     assert_routing(
-      { :path => "/preview/formatname", :method => :get },
+      { :path => "/preview/formatname", :method => :post },
       { :controller => "site", :action => "preview", :format => "formatname" }
     )
     assert_routing(