openstreetmap-website

Author	SHA1	Message	Date
Tom Hughes	f02c753cc4	Use send_data for GPX traces intead of monkey patching send_file	2017-10-09 20:38:08 +01:00
Tom Hughes	8dae890a76	Fix rubocop warnings	2017-10-05 19:18:38 +01:00
Tom Hughes	6209a9be78	Drop geocoder.us from search engines Fixes #1633	2017-09-25 22:52:03 +01:00
Andy Allan	b4be5596f5	Rename xml processing methods with an update_ prefix They behave differently from the other from_xml methods on other models.	2017-08-30 11:40:54 +01:00
Andy Allan	c647aa3d4d	Refactor the from_xml methods to act on existing trace objects. Setting the new tags with the = operator takes care of removing the old ones, and is the same approach as taken by the tagstring= method. Fixes #1600	2017-08-18 10:09:50 +01:00
Tom Hughes	ebeea34670	Replace @user with @current_user This ensures that that we will find any more hidden references to @user that might be hanging around...	2017-07-27 19:44:14 +01:00
Tom Hughes	24fc94944b	Change user forms to use current user instead of @user	2017-07-27 19:40:20 +01:00
Tom Hughes	555a821c3e	Merge remote-tracking branch 'upstream/pull/1595'	2017-07-27 19:18:31 +01:00
Andy Allan	09ba878519	Convert @user to current_user	2017-07-27 10:31:31 +01:00
Andy Allan	c819bec8b7	Use a current_user helper for accessing the logged in user in all views.	2017-07-27 10:07:51 +01:00
Andy Allan	41000078b9	Convert remaining controller code to use current_user The `self.current_user` is important when assigning to the current user, to avoid creating a local variable called `current_user`	2017-07-27 10:07:51 +01:00
Tom Hughes	4874219ab8	Mark account suspended flash message as HTML safe Fixes #1590	2017-07-19 00:31:03 +01:00
Andy Allan	6f89da05d1	Use current_user to represent the currently logged in user. This is already used by the oauth plugin, and is a general rails convention.	2017-07-12 16:10:50 +01:00
Tom Hughes	fe1e28b4f4	Fix more parameter sanitisation issues and add tests	2017-06-29 20:52:57 +01:00
Tom Hughes	3763cbc7d4	Disable forgery protection for notes API methods Fixes #1571	2017-06-29 19:14:55 +01:00
Tom Hughes	117f0e8226	Sanitize parameters for various paged views	2017-06-29 10:55:53 +01:00
Tom Hughes	3893fd72a9	Fix some tests for changes in rails 5	2017-06-27 08:26:44 +01:00
Tom Hughes	81deb35331	Update to rails 5.0.4	2017-06-27 08:26:44 +01:00
Tom Hughes	ea9a4c2aa2	Convert XML document to a string when returning it Otherwise the Rak::ETag module will throw an exception when it tries to test if the response is empty.	2017-06-13 12:55:13 +01:00
Tom Hughes	18c8946556	Use explicit to_unsafe_h method when converting parameters to a hash	2017-06-05 22:44:15 +01:00
Tom Hughes	d85621c7ae	Replace deprecated ActiveModel::Errors get/set methods	2017-06-05 22:41:23 +01:00
Tom Hughes	d4df87c1e1	Replace deprecated env method with request.env	2017-06-05 22:38:27 +01:00
Tom Hughes	4248e10946	Use distinct instead of uniq which is deprecated	2017-06-04 22:52:41 +01:00
Tom Hughes	9dafeda080	Replace render :nothing with non-deprecated alternatives	2017-06-04 22:52:41 +01:00
Tom Hughes	339d8e46ff	Sanitise parameters used in URL generation	2017-06-04 20:24:53 +01:00
Tom Hughes	03a9df9288	Replace render :nothing with head	2017-06-04 20:24:53 +01:00
Tom Hughes	8412ed0bed	Replace deprecated Mime::XXX with Mime[:xxx]	2017-06-03 17:33:13 +01:00
Tom Hughes	2357118c46	Avoid using format as a URL parameter name This prevents rails confusing it with the builtin format parameter derived from the URL extension.	2017-06-03 12:08:35 +01:00
Tom Hughes	80d27a7fae	Sanitise parameters used in URL generation	2017-06-02 20:27:07 +01:00
Tom Hughes	ff97501ed0	Remove all use of the :text option to render It doesn't actually do what it says, as it sets the content type to text/html not text/plain so is just confusing and as a result has been deprecated in newer rails versions.	2017-06-02 19:12:05 +01:00
Tom Hughes	9b89d4eefe	Remove conditions from delete_all Passing conditions directory to delete_all is deprecated in rails 5.0 so use a separate where instead.	2017-06-02 16:33:48 +01:00
Tom Hughes	5b33f3f8e3	Fix rubocop warnings	2017-06-02 00:08:30 +01:00
Andy Allan	060230fb94	Ensure closed changesets appear in the feed, and update some misleading comments.	2017-06-01 15:43:51 +01:00
Tom Hughes	7c9229fbfc	Throw an exception if adding a note comment fails	2017-03-13 14:49:16 +00:00
Simon Poole	9606e440bc	Return maximum size of bounding box for note retrieval	2017-03-13 08:53:49 +01:00
Tom Hughes	5cdb835de3	Show offline/readonly messages as normal flash messages	2017-03-10 16:30:04 +00:00
Tom Hughes	33669daefb	Do more preloading in browse controller methods Fixes #1476	2017-03-07 09:10:24 +00:00
Tom Hughes	88d16deadd	Detect a timeout encapsulated in ActionView::Template::Error Fixes #1476	2017-03-06 17:50:09 +00:00
Han Chao	49a7921ec8	Use local api to export map.osm Closes #1282	2017-03-05 10:37:25 +00:00
Tom Hughes	c5ef6404f5	Improve the content security policy	2017-03-01 22:38:24 +00:00
Tom Hughes	428e7d6baa	Merge remote-tracking branch 'openstreetmap/pull/1467'	2017-02-26 22:22:48 +00:00
Simon Poole	12013f60a0	Externalize message about missing OAuth capabilities/permissions and make it less technical	2017-02-26 21:43:43 +01:00
Tom Hughes	40a8e5caf5	Add support for Content-Security-Policy Currently this is report only, and disabled unless a report URL has been set in the application configuration.	2017-02-26 19:48:13 +00:00
Tom Hughes	af72cb51e9	Fix rubocop warnings	2017-02-18 16:18:04 +00:00
Simon Poole	58c61c7962	Actually use user_block	2017-02-18 16:17:46 +01:00
Simon Poole	823f6b4d36	Add functionality to return a specific message for zero hour blocks	2017-02-18 13:53:21 +01:00
Tom Hughes	9fb382eaa9	Initialise locale before looking up user blocked error	2017-02-17 19:59:06 +00:00
Tom Hughes	e23541c20f	Allow a POST with no arguments to trace#edit to fetch the form	2017-02-13 10:09:43 +00:00
Tom Hughes	c439f957ae	Only add traces for POST requests	2017-02-09 21:07:44 +00:00
Tom Hughes	92fe7a8506	Only create diary entries for POST requests	2017-02-09 21:07:18 +00:00

1 2 3 4 5 ...

1530 commits