Since flash objects can only be String, Hash or Array (notably excluding SafeBuffers), then this approach is necessary to render complex html in a safe manner.
Each local can be treated as an (unsafe) string, and therefore escaped normally when rendered into the template. The template (and translation strings) can
contain html since they are no longer stored in the flash as a plain string.
Fixes#3215
- introduce bootstrap tabs to switch the views
- introduce `content_for :heading_class` to remove the padding below the bootstrap tabs
- update the rss-image to use a svg, adopted from https://icons.getbootstrap.com/icons/rss/ (without the outer border)
- move rss- and new-button away from the view-switching actions
- the `@tag` logic was broken. introduce new link to remove the tag-filter; the tabs keep the filter once given; use params[:tag] directly in the view
- use `&.` syntax nil-safety so we can remove `@display_name`
When the user wants to enable an external authenticator we need
to redirect to omniauth but that now needs to be a POST so use a
redirect that preserves the POST method.
Fixes#3114
This adapts to two changes in place handling by Nominatim:
* Place links that are computed by Nominatim are now found in
extratags['linked_places']. Keep the check for extratags['place']
as this may contain an explicitly mapped place label.
* Use address rank for guessing the admin level. This gets normalised
by Nominatim with respect to country-specific use of admin_level.
Also adds additional labels for admin levels, so that we now have
complete coverage for all levels that are in use in OSM.
It doesn't make a huge difference, since rails caches all the results
of the queries generated by point.trace lookups, but at least it cuts
down on the logs.
We can avoid using `html_safe` in various circumstances, through alternative approaches like i18n keys ending in `_html` or using `safe_join` to avoid converting via unsafe string types.
The `_html` keys approach only work for ActionView helper version of `t`, not the base `I18n.t` method.
It's a convention in rails to name your mailers with a Mailer suffix, and is also common to name the class after the recipient (e.g. User, Admin). So UserMailer seems a reasonable choice.
As we don't have any way to actually find the active sessions for
an account we instead store a fingerprint in the session, and refuse
to use any session with a different fingerprint.
