Merge branch 'master' into next

app/controllers/api_controller.rb

@@ -67,7 +67,7 @@ class ApiController < ApplicationController
           if gpx_file.identifiable?
             track << (XML::Node.new("name") << gpx_file.name)
             track << (XML::Node.new("desc") << gpx_file.description)
-            track << (XML::Node.new("url") << url_for(:controller => "trace", :action => "view", :display_name => gpx_file.user.display_name, :id => gpx_file.id))
+            track << (XML::Node.new("url") << url_for(:controller => "traces", :action => "view", :display_name => gpx_file.user.display_name, :id => gpx_file.id))
           end
         else
           # use the anonymous track segment if the user hasn't allowed

app/controllers/application_controller.rb

@@ -175,7 +175,7 @@ class ApplicationController < ActionController::Base
   end
 
   def authorize(realm = "Web Password", errormessage = "Couldn't authenticate you")
-    # make the @user object from any auth sources we have
+    # make the current_user object from any auth sources we have
     setup_user_auth
 
     # handle authenticate pass/fail
@@ -295,7 +295,8 @@ class ApplicationController < ActionController::Base
     end
   end
 
-  def preferred_languages
+  def preferred_languages(reset = false)
+    @preferred_languages = nil if reset
     @preferred_languages ||= if params[:locale]
                                Locale.list(params[:locale])
                              elsif current_user
@@ -307,13 +308,13 @@ class ApplicationController < ActionController::Base
 
   helper_method :preferred_languages
 
-  def set_locale
+  def set_locale(reset = false)
     if current_user && current_user.languages.empty? && !http_accept_language.user_preferred_languages.empty?
       current_user.languages = http_accept_language.user_preferred_languages
       current_user.save
     end
 
-    I18n.locale = Locale.available.preferred(preferred_languages)
+    I18n.locale = Locale.available.preferred(preferred_languages(reset))
 
     response.headers["Vary"] = "Accept-Language"
     response.headers["Content-Language"] = I18n.locale.to_s
@@ -377,9 +378,9 @@ class ApplicationController < ActionController::Base
   end
 
   ##
-  # ensure that there is a "this_user" instance variable
-  def lookup_this_user
-    render_unknown_user params[:display_name] unless @this_user = User.active.find_by(:display_name => params[:display_name])
+  # ensure that there is a "user" instance variable
+  def lookup_user
+    render_unknown_user params[:display_name] unless @user = User.active.find_by(:display_name => params[:display_name])
   end
 
   ##
@@ -409,10 +410,11 @@ class ApplicationController < ActionController::Base
 
   def map_layout
     append_content_security_policy_directives(
-      :child_src => %w[127.0.0.1:8111],
-      :connect_src => %w[nominatim.openstreetmap.org overpass-api.de router.project-osrm.org],
+      :child_src => %w[http://127.0.0.1:8111 https://127.0.0.1:8112],
+      :frame_src => %w[http://127.0.0.1:8111 https://127.0.0.1:8112],
+      :connect_src => %w[nominatim.openstreetmap.org overpass-api.de router.project-osrm.org graphhopper.com],
       :form_action => %w[render.openstreetmap.org],
-      :script_src => %w[graphhopper.com open.mapquestapi.com],
+      :script_src => %w[open.mapquestapi.com],
       :img_src => %w[developer.mapquest.com]
     )
 

app/controllers/browse_controller.rb

@@ -3,7 +3,7 @@ class BrowseController < ApplicationController
 
   before_action :authorize_web
   before_action :set_locale
-  before_action :except => [:query] { |c| c.check_database_readable(true) }
+  before_action(:except => [:query]) { |c| c.check_database_readable(true) }
   before_action :require_oauth
   around_action :web_timeout
 

app/controllers/diary_entry_controller.rb

@@ -4,7 +4,7 @@ class DiaryEntryController < ApplicationController
   before_action :authorize_web
   before_action :set_locale
   before_action :require_user, :only => [:new, :edit, :comment, :hide, :hidecomment, :subscribe, :unsubscribe]
-  before_action :lookup_this_user, :only => [:view, :comments]
+  before_action :lookup_user, :only => [:view, :comments]
   before_action :check_database_readable
   before_action :check_database_writable, :only => [:new, :edit, :comment, :hide, :hidecomment, :subscribe, :unsubscribe]
   before_action :require_administrator, :only => [:hide, :hidecomment]
@@ -101,11 +101,11 @@ class DiaryEntryController < ApplicationController
 
   def list
     if params[:display_name]
-      @this_user = User.active.find_by(:display_name => params[:display_name])
+      @user = User.active.find_by(:display_name => params[:display_name])
 
-      if @this_user
-        @title = t "diary_entry.list.user_title", :user => @this_user.display_name
-        @entries = @this_user.diary_entries
+      if @user
+        @title = t "diary_entry.list.user_title", :user => @user.display_name
+        @entries = @user.diary_entries
       else
         render_unknown_user params[:display_name]
         return
@@ -155,9 +155,9 @@ class DiaryEntryController < ApplicationController
 
       if user
         @entries = user.diary_entries
-        @title = I18n.t("diary_entry.feed.user.title", :user => user.display_name)
-        @description = I18n.t("diary_entry.feed.user.description", :user => user.display_name)
-        @link = "#{SERVER_PROTOCOL}://#{SERVER_URL}/user/#{user.display_name}/diary"
+        @title = t("diary_entry.feed.user.title", :user => user.display_name)
+        @description = t("diary_entry.feed.user.description", :user => user.display_name)
+        @link = url_for :controller => "diary_entry", :action => "list", :display_name => user.display_name, :host => SERVER_URL, :protocol => SERVER_PROTOCOL
       else
         head :not_found
         return
@@ -167,13 +167,13 @@ class DiaryEntryController < ApplicationController
 
       if params[:language]
         @entries = @entries.where(:language_code => params[:language])
-        @title = I18n.t("diary_entry.feed.language.title", :language_name => Language.find(params[:language]).english_name)
-        @description = I18n.t("diary_entry.feed.language.description", :language_name => Language.find(params[:language]).english_name)
-        @link = "#{SERVER_PROTOCOL}://#{SERVER_URL}/diary/#{params[:language]}"
+        @title = t("diary_entry.feed.language.title", :language_name => Language.find(params[:language]).english_name)
+        @description = t("diary_entry.feed.language.description", :language_name => Language.find(params[:language]).english_name)
+        @link = url_for :controller => "diary_entry", :action => "list", :language => params[:language], :host => SERVER_URL, :protocol => SERVER_PROTOCOL
       else
-        @title = I18n.t("diary_entry.feed.all.title")
-        @description = I18n.t("diary_entry.feed.all.description")
-        @link = "#{SERVER_PROTOCOL}://#{SERVER_URL}/diary"
+        @title = t("diary_entry.feed.all.title")
+        @description = t("diary_entry.feed.all.description")
+        @link = url_for :controller => "diary_entry", :action => "list", :host => SERVER_URL, :protocol => SERVER_PROTOCOL
       end
     end
 
@@ -181,7 +181,7 @@ class DiaryEntryController < ApplicationController
   end
 
   def view
-    @entry = @this_user.diary_entries.visible.where(:id => params[:id]).first
+    @entry = @user.diary_entries.visible.where(:id => params[:id]).first
     if @entry
       @title = t "diary_entry.view.title", :user => params[:display_name], :title => @entry.title
     else
@@ -205,7 +205,7 @@ class DiaryEntryController < ApplicationController
   def comments
     @comment_pages, @comments = paginate(:diary_comments,
                                          :conditions => {
-                                           :user_id => @this_user,
+                                           :user_id => @user,
                                            :visible => true
                                          },
                                          :order => "created_at DESC",

app/controllers/messages_controller.rb

@@ -1,13 +1,13 @@
-class MessageController < ApplicationController
+class MessagesController < ApplicationController
   layout "site"
 
   before_action :authorize_web
   before_action :set_locale
   before_action :require_user
-  before_action :lookup_this_user, :only => [:new]
+  before_action :lookup_user, :only => [:new]
   before_action :check_database_readable
-  before_action :check_database_writable, :only => [:new, :reply, :mark]
-  before_action :allow_thirdparty_images, :only => [:new, :read]
+  before_action :check_database_writable, :only => [:new, :reply, :mark, :destroy]
+  before_action :allow_thirdparty_images, :only => [:new, :show]
 
   # Allow the user to write a new message to another user. This action also
   # deals with the sending of that message to the other user when the user
@@ -16,23 +16,23 @@ class MessageController < ApplicationController
   def new
     if request.post?
       if current_user.sent_messages.where("sent_on >= ?", Time.now.getutc - 1.hour).count >= MAX_MESSAGES_PER_HOUR
-        flash[:error] = t "message.new.limit_exceeded"
+        flash[:error] = t ".limit_exceeded"
       else
         @message = Message.new(message_params)
-        @message.recipient = @this_user
+        @message.recipient = @user
         @message.sender = current_user
         @message.sent_on = Time.now.getutc
 
         if @message.save
-          flash[:notice] = t "message.new.message_sent"
+          flash[:notice] = t ".message_sent"
           Notifier.message_notification(@message).deliver_now
-          redirect_to :action => "inbox", :display_name => current_user.display_name
+          redirect_to :action => :inbox
         end
       end
     end
 
-    @message ||= Message.new(message_params.merge(:recipient => @this_user))
-    @title = t "message.new.title"
+    @message ||= Message.new(message_params.merge(:recipient => @user))
+    @title = t ".title"
   end
 
   # Allow the user to reply to another message.
@@ -52,47 +52,39 @@ class MessageController < ApplicationController
 
       render :action => "new"
     else
-      flash[:notice] = t "message.reply.wrong_user", :user => current_user.display_name
+      flash[:notice] = t ".wrong_user", :user => current_user.display_name
       redirect_to :controller => "user", :action => "login", :referer => request.fullpath
     end
   rescue ActiveRecord::RecordNotFound
-    @title = t "message.no_such_message.title"
+    @title = t "messages.no_such_message.title"
     render :action => "no_such_message", :status => :not_found
   end
 
   # Show a message
-  def read
-    @title = t "message.read.title"
-    @message = Message.find(params[:message_id])
+  def show
+    @title = t ".title"
+    @message = Message.find(params[:id])
 
     if @message.recipient == current_user || @message.sender == current_user
       @message.message_read = true if @message.recipient == current_user
       @message.save
     else
-      flash[:notice] = t "message.read.wrong_user", :user => current_user.display_name
+      flash[:notice] = t ".wrong_user", :user => current_user.display_name
       redirect_to :controller => "user", :action => "login", :referer => request.fullpath
     end
   rescue ActiveRecord::RecordNotFound
-    @title = t "message.no_such_message.title"
+    @title = t "messages.no_such_message.title"
     render :action => "no_such_message", :status => :not_found
   end
 
   # Display the list of messages that have been sent to the user.
   def inbox
-    @title = t "message.inbox.title"
-    if current_user && params[:display_name] == current_user.display_name
-    else
-      redirect_to :action => "inbox", :display_name => current_user.display_name
-    end
+    @title = t ".title"
   end
 
   # Display the list of messages that the user has sent to other users.
   def outbox
-    @title = t "message.outbox.title"
-    if current_user && params[:display_name] == current_user.display_name
-    else
-      redirect_to :action => "outbox", :display_name => current_user.display_name
-    end
+    @title = t ".title"
   end
 
   # Set the message as being read or unread.
@@ -100,37 +92,37 @@ class MessageController < ApplicationController
     @message = Message.where("to_user_id = ? OR from_user_id = ?", current_user.id, current_user.id).find(params[:message_id])
     if params[:mark] == "unread"
       message_read = false
-      notice = t "message.mark.as_unread"
+      notice = t ".as_unread"
     else
       message_read = true
-      notice = t "message.mark.as_read"
+      notice = t ".as_read"
     end
     @message.message_read = message_read
     if @message.save && !request.xhr?
       flash[:notice] = notice
-      redirect_to :action => "inbox", :display_name => current_user.display_name
+      redirect_to :action => :inbox
     end
   rescue ActiveRecord::RecordNotFound
-    @title = t "message.no_such_message.title"
+    @title = t "messages.no_such_message.title"
     render :action => "no_such_message", :status => :not_found
   end
 
-  # Delete the message.
-  def delete
+  # Destroy the message.
+  def destroy
     @message = Message.where("to_user_id = ? OR from_user_id = ?", current_user.id, current_user.id).find(params[:message_id])
     @message.from_user_visible = false if @message.sender == current_user
     @message.to_user_visible = false if @message.recipient == current_user
     if @message.save && !request.xhr?
-      flash[:notice] = t "message.delete.deleted"
+      flash[:notice] = t ".destroyed"
 
       if params[:referer]
         redirect_to params[:referer]
       else
-        redirect_to :action => "inbox", :display_name => current_user.display_name
+        redirect_to :action => :inbox
       end
     end
   rescue ActiveRecord::RecordNotFound
-    @title = t "message.no_such_message.title"
+    @title = t "messages.no_such_message.title"
     render :action => "no_such_message", :status => :not_found
   end
 

app/controllers/notes_controller.rb

@@ -278,14 +278,14 @@ class NotesController < ApplicationController
   # Display a list of notes by a specified user
   def mine
     if params[:display_name]
-      if @this_user = User.active.find_by(:display_name => params[:display_name])
+      if @user = User.active.find_by(:display_name => params[:display_name])
         @params = params.permit(:display_name)
-        @title = t "note.mine.title", :user => @this_user.display_name
-        @heading = t "note.mine.heading", :user => @this_user.display_name
-        @description = t "note.mine.subheading", :user => render_to_string(:partial => "user", :object => @this_user)
+        @title = t "notes.mine.title", :user => @user.display_name
+        @heading = t "notes.mine.heading", :user => @user.display_name
+        @description = t "notes.mine.subheading", :user => render_to_string(:partial => "user", :object => @user)
         @page = (params[:page] || 1).to_i
         @page_size = 10
-        @notes = @this_user.notes
+        @notes = @user.notes
         @notes = @notes.visible unless current_user && current_user.moderator?
         @notes = @notes.order("updated_at DESC, id").distinct.offset((@page - 1) * @page_size).limit(@page_size).preload(:comments => :author).to_a
       else

app/controllers/oauth_controller.rb

@@ -30,7 +30,7 @@ class OauthController < ApplicationController
     @token = current_user.oauth_tokens.find_by :token => params[:token]
     if @token
       @token.invalidate!
-      flash[:notice] = t("oauth.revoke.flash", :application => @token.client_application.name)
+      flash[:notice] = t(".flash", :application => @token.client_application.name)
     end
     redirect_to oauth_clients_url(:display_name => @token.user.display_name)
   end
@@ -38,10 +38,10 @@ class OauthController < ApplicationController
   protected
 
   def oauth1_authorize
-    append_content_security_policy_directives(:form_action => %w[*])
+    override_content_security_policy_directives(:form_action => []) if CSP_ENFORCE || defined?(CSP_REPORT_URL)
 
     if @token.invalidated?
-      @message = t "oauth.oauthorize_failure.invalid"
+      @message = t "oauth.authorize_failure.invalid"
       render :action => "authorize_failure"
     elsif request.post?
       if user_authorizes_token?
@@ -69,7 +69,7 @@ class OauthController < ApplicationController
         end
       else
         @token.invalidate!
-        @message = t("oauth.oauthorize_failure.denied", :app_name => @token.client_application.name)
+        @message = t("oauth.authorize_failure.denied", :app_name => @token.client_application.name)
         render :action => "authorize_failure"
       end
     end

app/controllers/redactions_controller.rb

@@ -25,7 +25,7 @@ class RedactionsController < ApplicationController
     # note that the description format will default to 'markdown'
 
     if @redaction.save
-      flash[:notice] = t("redaction.create.flash")
+      flash[:notice] = t(".flash")
       redirect_to @redaction
     else
       render :action => "new"
@@ -42,7 +42,7 @@ class RedactionsController < ApplicationController
     @redaction.description = params[:redaction][:description]
 
     if @redaction.save
-      flash[:notice] = t("redaction.update.flash")
+      flash[:notice] = t(".flash")
       redirect_to @redaction
     else
       render :action => "edit"
@@ -54,14 +54,14 @@ class RedactionsController < ApplicationController
        @redaction.old_ways.empty? &&
        @redaction.old_relations.empty?
       if @redaction.destroy
-        flash[:notice] = t("redaction.destroy.flash")
+        flash[:notice] = t(".flash")
         redirect_to :redactions
       else
-        flash[:error] = t("redaction.destroy.error")
+        flash[:error] = t(".error")
         redirect_to @redaction
       end
     else
-      flash[:error] = t("redaction.destroy.not_empty")
+      flash[:error] = t(".not_empty")
       redirect_to @redaction
     end
   end

app/controllers/site_controller.rb

@@ -120,7 +120,8 @@ class SiteController < ApplicationController
     append_content_security_policy_directives(
       :connect_src => %w[*],
       :img_src => %w[* blob:],
-      :script_src => %w[dev.virtualearth.net 'unsafe-eval']
+      :script_src => %w[dev.virtualearth.net *.wikipedia.org www.wikidata.org services.arcgisonline.com serviceslab.arcgisonline.com 'unsafe-eval'],
+      :style_src => %w['unsafe-inline']
     )
 
     render "id", :layout => false

app/controllers/traces_controller.rb

@@ -1,19 +1,19 @@
-class TraceController < ApplicationController
+class TracesController < ApplicationController
   layout "site", :except => :georss
 
   skip_before_action :verify_authenticity_token, :only => [:api_create, :api_read, :api_update, :api_delete, :api_data]
   before_action :authorize_web
   before_action :set_locale
-  before_action :require_user, :only => [:mine, :create, :edit, :delete]
+  before_action :require_user, :only => [:mine, :new, :create, :edit, :delete]
   before_action :authorize, :only => [:api_create, :api_read, :api_update, :api_delete, :api_data]
   before_action :check_database_readable, :except => [:api_read, :api_data]
-  before_action :check_database_writable, :only => [:create, :edit, :delete, :api_create, :api_update, :api_delete]
+  before_action :check_database_writable, :only => [:new, :create, :edit, :delete, :api_create, :api_update, :api_delete]
   before_action :check_api_readable, :only => [:api_read, :api_data]
   before_action :check_api_writable, :only => [:api_create, :api_update, :api_delete]
   before_action :require_allow_read_gpx, :only => [:api_read, :api_data]
   before_action :require_allow_write_gpx, :only => [:api_create, :api_update, :api_delete]
   before_action :offline_warning, :only => [:mine, :view]
-  before_action :offline_redirect, :only => [:create, :edit, :delete, :data, :api_create, :api_delete, :api_data]
+  before_action :offline_redirect, :only => [:new, :create, :edit, :delete, :data, :api_create, :api_delete, :api_data]
   around_action :api_call_handle_error, :only => [:api_create, :api_read, :api_update, :api_delete, :api_data]
 
   # Counts and selects pages of GPX traces for various criteria (by user, tags, public etc.).
@@ -31,14 +31,14 @@ class TraceController < ApplicationController
 
     # set title
     @title = if target_user.nil?
-               t "trace.list.public_traces"
+               t ".public_traces"
              elsif current_user && current_user == target_user
-               t "trace.list.my_traces"
+               t ".my_traces"
              else
-               t "trace.list.public_traces_from", :user => target_user.display_name
+               t ".public_traces_from", :user => target_user.display_name
              end
 
-    @title += t "trace.list.tagged_with", :tags => params[:tag] if params[:tag]
+    @title += t ".tagged_with", :tags => params[:tag] if params[:tag]
 
     # four main cases:
     # 1 - all traces, logged in = all public traces + all user's (i.e + all mine)
@@ -94,50 +94,50 @@ class TraceController < ApplicationController
 
     if @trace && @trace.visible? &&
        (@trace.public? || @trace.user == current_user)
-      @title = t "trace.view.title", :name => @trace.name
+      @title = t ".title", :name => @trace.name
     else
-      flash[:error] = t "trace.view.trace_not_found"
+      flash[:error] = t ".trace_not_found"
       redirect_to :action => "list"
     end
   rescue ActiveRecord::RecordNotFound
-    flash[:error] = t "trace.view.trace_not_found"
+    flash[:error] = t ".trace_not_found"
     redirect_to :action => "list"
   end
 
+  def new
+    @title = t ".upload_trace"
+    @trace = Trace.new(:visibility => default_visibility)
+  end
+
   def create
-    if request.post?
-      logger.info(params[:trace][:gpx_file].class.name)
+    logger.info(params[:trace][:gpx_file].class.name)
 
-      if params[:trace][:gpx_file].respond_to?(:read)
-        begin
-          do_create(params[:trace][:gpx_file], params[:trace][:tagstring],
-                    params[:trace][:description], params[:trace][:visibility])
-        rescue StandardError => ex
-          logger.debug ex
-        end
+    if params[:trace][:gpx_file].respond_to?(:read)
+      begin
+        do_create(params[:trace][:gpx_file], params[:trace][:tagstring],
+                  params[:trace][:description], params[:trace][:visibility])
+      rescue StandardError => ex
+        logger.debug ex
+      end
 
-        if @trace.id
-          flash[:notice] = t "trace.create.trace_uploaded"
+      if @trace.id
+        flash[:notice] = t ".trace_uploaded"
+        flash[:warning] = t ".traces_waiting", :count => current_user.traces.where(:inserted => false).count if current_user.traces.where(:inserted => false).count > 4
 
-          flash[:warning] = t "trace.trace_header.traces_waiting", :count => current_user.traces.where(:inserted => false).count if current_user.traces.where(:inserted => false).count > 4
-
-          redirect_to :action => :list, :display_name => current_user.display_name
-        end
-      else
-        @trace = Trace.new(:name => "Dummy",
-                           :tagstring => params[:trace][:tagstring],
-                           :description => params[:trace][:description],
-                           :visibility => params[:trace][:visibility],
-                           :inserted => false, :user => current_user,
-                           :timestamp => Time.now.getutc)
-        @trace.valid?
-        @trace.errors.add(:gpx_file, "can't be blank")
+        redirect_to :action => :list, :display_name => current_user.display_name
       end
     else
-      @trace = Trace.new(:visibility => default_visibility)
+      @trace = Trace.new(:name => "Dummy",
+                         :tagstring => params[:trace][:tagstring],
+                         :description => params[:trace][:description],
+                         :visibility => params[:trace][:visibility],
+                         :inserted => false, :user => current_user,
+                         :timestamp => Time.now.getutc)
+      @trace.valid?
+      @trace.errors.add(:gpx_file, "can't be blank")
+      @title = t ".upload_trace"
+      render :action => "new"
     end
-
-    @title = t "trace.create.upload_trace"
   end
 
   def data
@@ -168,7 +168,7 @@ class TraceController < ApplicationController
     elsif current_user.nil? || @trace.user != current_user
       head :forbidden
     else
-      @title = t "trace.edit.title", :name => @trace.name
+      @title = t ".title", :name => @trace.name
 
       if request.post? && params[:trace]
         @trace.description = params[:trace][:description]
@@ -191,7 +191,7 @@ class TraceController < ApplicationController
     else
       trace.visible = false
       trace.save
-      flash[:notice] = t "trace.delete.scheduled_for_deletion"
+      flash[:notice] = t ".scheduled_for_deletion"
       redirect_to :action => :list, :display_name => trace.user.display_name
     end
   rescue ActiveRecord::RecordNotFound
@@ -385,7 +385,7 @@ class TraceController < ApplicationController
   end
 
   def offline_warning
-    flash.now[:warning] = t "trace.offline_warning.message" if STATUS == :gpx_offline
+    flash.now[:warning] = t "traces.offline_warning.message" if STATUS == :gpx_offline
   end
 
   def offline_redirect

app/controllers/user_blocks_controller.rb

@@ -5,7 +5,7 @@ class UserBlocksController < ApplicationController
   before_action :set_locale
   before_action :require_user, :only => [:new, :create, :edit, :update, :revoke]
   before_action :require_moderator, :only => [:new, :create, :edit, :update, :revoke]
-  before_action :lookup_this_user, :only => [:new, :create, :blocks_on, :blocks_by]
+  before_action :lookup_user, :only => [:new, :create, :blocks_on, :blocks_by]
   before_action :lookup_user_block, :only => [:show, :edit, :update, :revoke]
   before_action :require_valid_params, :only => [:create, :update]
   before_action :check_database_readable
@@ -37,7 +37,7 @@ class UserBlocksController < ApplicationController
   def create
     if @valid_params
       @user_block = UserBlock.new(
-        :user => @this_user,
+        :user => @user,
         :creator => current_user,
         :reason => params[:user_block][:reason],
         :ends_at => Time.now.getutc + @block_period.hours,
@@ -45,7 +45,7 @@ class UserBlocksController < ApplicationController
       )
 
       if @user_block.save
-        flash[:notice] = t("user_block.create.flash", :name => @this_user.display_name)
+        flash[:notice] = t(".flash", :name => @user.display_name)
         redirect_to @user_block
       else
         render :action => "new"
@@ -58,14 +58,14 @@ class UserBlocksController < ApplicationController
   def update
     if @valid_params
       if @user_block.creator != current_user
-        flash[:error] = t("user_block.update.only_creator_can_edit")
+        flash[:error] = t(".only_creator_can_edit")
         redirect_to :action => "edit"
       elsif @user_block.update(
         :ends_at => Time.now.getutc + @block_period.hours,
         :reason => params[:user_block][:reason],
         :needs_view => params[:user_block][:needs_view]
       )
-        flash[:notice] = t("user_block.update.success")
+        flash[:notice] = t(".success")
         redirect_to(@user_block)
       else
         render :action => "edit"
@@ -80,7 +80,7 @@ class UserBlocksController < ApplicationController
   def revoke
     if params[:confirm]
       if @user_block.revoke! current_user
-        flash[:notice] = t "user_block.revoke.flash"
+        flash[:notice] = t ".flash"
         redirect_to(@user_block)
       end
     end
@@ -92,7 +92,7 @@ class UserBlocksController < ApplicationController
     @params = params.permit(:display_name)
     @user_blocks_pages, @user_blocks = paginate(:user_blocks,
                                                 :include => [:user, :creator, :revoker],
-                                                :conditions => { :user_id => @this_user.id },
+                                                :conditions => { :user_id => @user.id },
                                                 :order => "user_blocks.ends_at DESC",
                                                 :per_page => 20)
   end
@@ -103,7 +103,7 @@ class UserBlocksController < ApplicationController
     @params = params.permit(:display_name)
     @user_blocks_pages, @user_blocks = paginate(:user_blocks,
                                                 :include => [:user, :creator, :revoker],
-                                                :conditions => { :creator_id => @this_user.id },
+                                                :conditions => { :creator_id => @user.id },
                                                 :order => "user_blocks.ends_at DESC",
                                                 :per_page => 20)
   end
@@ -128,10 +128,10 @@ class UserBlocksController < ApplicationController
     @valid_params = false
 
     if !UserBlock::PERIODS.include?(@block_period)
-      flash[:error] = t("user_block.filter.block_period")
+      flash[:error] = t("user_blocks.filter.block_period")
 
     elsif @user_block && !@user_block.active?
-      flash[:error] = t("user_block.filter.block_expired")
+      flash[:error] = t("user_blocks.filter.block_expired")
 
     else
       @valid_params = true

app/controllers/user_controller.rb

@@ -118,7 +118,6 @@ class UserController < ApplicationController
   end
 
   def account
-    @title = t "user.account.title"
     @tokens = current_user.oauth_tokens.authorized
 
     if params[:user] && params[:user][:display_name] && params[:user][:description]
@@ -135,6 +134,7 @@ class UserController < ApplicationController
         current_user.errors.add(attribute, error)
       end
     end
+    @title = t "user.account.title"
   end
 
   def go_public
@@ -377,7 +377,7 @@ class UserController < ApplicationController
   end
 
   def api_read
-    if @this_user.visible?
+    if @user.visible?
       render :action => :api_read, :content_type => "text/xml"
     else
       head :gone
@@ -385,7 +385,7 @@ class UserController < ApplicationController
   end
 
   def api_details
-    @this_user = current_user
+    @user = current_user
     render :action => :api_read, :content_type => "text/xml"
   end
 
@@ -398,11 +398,11 @@ class UserController < ApplicationController
   end
 
   def view
-    @this_user = User.find_by(:display_name => params[:display_name])
+    @user = User.find_by(:display_name => params[:display_name])
 
-    if @this_user &&
-       (@this_user.visible? || (current_user && current_user.administrator?))
-      @title = @this_user.display_name
+    if @user &&
+       (@user.visible? || (current_user && current_user.administrator?))
+      @title = @user.display_name
     else
       render_unknown_user params[:display_name]
     end
@@ -462,15 +462,15 @@ class UserController < ApplicationController
   ##
   # sets a user's status
   def set_status
-    @this_user.status = params[:status]
-    @this_user.save
+    @user.status = params[:status]
+    @user.save
     redirect_to :action => "view", :display_name => params[:display_name]
   end
 
   ##
   # delete a user, marking them as deleted and removing personal data
   def delete
-    @this_user.delete
+    @user.delete
     redirect_to :action => "view", :display_name => params[:display_name]
   end
 
@@ -712,7 +712,7 @@ class UserController < ApplicationController
     end
 
     if user.save
-      set_locale
+      set_locale(true)
 
       if user.new_email.blank? || user.new_email == user.email
         flash.now[:notice] = t "user.account.flash update success"
@@ -761,17 +761,17 @@ class UserController < ApplicationController
   end
 
   ##
-  # ensure that there is a "this_user" instance variable
+  # ensure that there is a "user" instance variable
   def lookup_user_by_id
-    @this_user = User.find(params[:id])
+    @user = User.find(params[:id])
   end
 
   ##
-  # ensure that there is a "this_user" instance variable
+  # ensure that there is a "user" instance variable
   def lookup_user_by_name
-    @this_user = User.find_by(:display_name => params[:display_name])
+    @user = User.find_by(:display_name => params[:display_name])
   rescue ActiveRecord::RecordNotFound
-    redirect_to :action => "view", :display_name => params[:display_name] unless @this_user
+    redirect_to :action => "view", :display_name => params[:display_name] unless @user
   end
 
   ##

app/controllers/user_preferences_controller.rb

@@ -1,5 +1,5 @@
 # Update and read user preferences, which are arbitrayr key/val pairs
-class UserPreferenceController < ApplicationController
+class UserPreferencesController < ApplicationController
   skip_before_action :verify_authenticity_token
   before_action :authorize
   before_action :require_allow_read_prefs, :only => [:read_one, :read]

app/controllers/user_roles_controller.rb

@@ -3,25 +3,25 @@ class UserRolesController < ApplicationController
 
   before_action :authorize_web
   before_action :require_user
-  before_action :lookup_this_user
+  before_action :lookup_user
   before_action :require_administrator
   before_action :require_valid_role
   before_action :not_in_role, :only => [:grant]
   before_action :in_role, :only => [:revoke]
 
   def grant
-    @this_user.roles.create(:role => @role, :granter => current_user)
-    redirect_to user_path(@this_user)
+    @user.roles.create(:role => @role, :granter => current_user)
+    redirect_to user_path(@user)
   end
 
   def revoke
     # checks that administrator role is not revoked from current user
-    if current_user == @this_user && @role == "administrator"
+    if current_user == @user && @role == "administrator"
       flash[:error] = t("user_role.filter.not_revoke_admin_current_user")
     else
-      UserRole.where(:user_id => @this_user.id, :role => @role).delete_all
+      UserRole.where(:user_id => @user.id, :role => @role).delete_all
     end
-    redirect_to user_path(@this_user)
+    redirect_to user_path(@user)
   end
 
   private
@@ -32,7 +32,7 @@ class UserRolesController < ApplicationController
   def require_administrator
     unless current_user.administrator?
       flash[:error] = t "user_role.filter.not_an_administrator"
-      redirect_to user_path(@this_user)
+      redirect_to user_path(@user)
     end
   end
 
@@ -43,25 +43,25 @@ class UserRolesController < ApplicationController
     @role = params[:role]
     unless UserRole::ALL_ROLES.include?(@role)
       flash[:error] = t("user_role.filter.not_a_role", :role => @role)
-      redirect_to user_path(@this_user)
+      redirect_to user_path(@user)
     end
   end
 
   ##
   # checks that the user doesn't already have this role
   def not_in_role
-    if @this_user.has_role? @role
+    if @user.has_role? @role
       flash[:error] = t("user_role.filter.already_has_role", :role => @role)
-      redirect_to user_path(@this_user)
+      redirect_to user_path(@user)
     end
   end
 
   ##
   # checks that the user already has this role
   def in_role
-    unless @this_user.has_role? @role
+    unless @user.has_role? @role
       flash[:error] = t("user_role.filter.doesnt_have_role", :role => @role)
-      redirect_to user_path(@this_user)
+      redirect_to user_path(@user)
     end
   end
 end