cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
11229 commits 4 branches 1 tag 499 MiB
Commit graph

2033 commits

Author SHA1 Message Date
Tom Hughes
b77406ff38 Use decoded strings when parsing XML responses from geocoders 
Fixes #1690
 2017-11-29 23:07:19 +00:00
Andy Allan
3276063fcf Remove column sorting 
It's not tested, not working, and so it can come later in a separate PR.
 2017-11-29 17:28:09 +00:00
Andy Allan
effb1b7f41 Merge branch 'master' into moderation 2017-11-29 12:18:39 +00:00
Tom Hughes
986779966b Extend form-action policies for Chrome 
It seems that unlike other browsers Chrome requires that if a form
submission redirects that the redirected URL also match the form-action
policy rather than just requiring the original URL to match.
 2017-11-25 12:04:02 +00:00
Tom Hughes
afa5d420d3 Allow iD to fetch gpx files from arbitrary locations 2017-11-24 08:38:51 +00:00
Tom Hughes
527ec293c2 Fix security policy for mapillary in iD 2017-11-24 01:09:27 +00:00
Tom Hughes
6a1a4a3f7d Fix remote editing security policy 2017-11-24 00:46:27 +00:00
Tom Hughes
2cd81daf34 Add security policy for remote control editing 2017-11-24 00:43:14 +00:00
Tom Hughes
4950ae3c1f Allow iD to connect to nominatim 2017-11-24 00:10:38 +00:00
Tom Hughes
bb116b85df Allow third party images in user content 2017-11-23 22:39:05 +00:00
Andy Allan
15b104f4ff Merge branch 'p' of https://github.com/jfirebaugh/openstreetmap-website into jfirebaugh-p 
Refs #139
 2017-11-22 10:47:18 +00:00
Tom Hughes
7ce94ad0ec Add openstreetcam.org to security policy for iD 2017-11-16 10:17:22 +00:00
Tom Hughes
b6b9d543ac Fix rubocop warnings 2017-10-29 19:43:02 +00:00
Tom Hughes
cea455d390 Update for ActionView::Template::Error change 2017-10-27 19:25:49 +01:00
Andy Allan
d581f17665 Avoid using or comparing explicit model ids 
The code is easier to read using higher-level concepts.
 2017-10-22 21:58:09 +01:00
Tom Hughes
f02c753cc4 Use send_data for GPX traces intead of monkey patching send_file 2017-10-09 20:38:08 +01:00
Tom Hughes
8dae890a76 Fix rubocop warnings 2017-10-05 19:18:38 +01:00
Tom Hughes
6209a9be78 Drop geocoder.us from search engines 
Fixes #1633
 2017-09-25 22:52:03 +01:00
Andy Allan
8cf16fe78b Create an IssueCommentsController for managing IssueComments 2017-09-13 16:19:16 +01:00
Andy Allan
7ffec2eb38 Rework the 'issues not found' notice slightly. 
Previously it would go into a redirect loop if there were no issues
in the database.
 2017-09-13 16:12:36 +01:00
Andy Allan
d7612f42d0 Refactor creating a new report to use a ReportsController 
It's really a report that the user is creating, the issue is created indirectly. Similar
refactoring will be required for issue comments.
 2017-09-06 18:06:21 +01:00
Andy Allan
b4be5596f5 Rename xml processing methods with an update_ prefix 
They behave differently from the other from_xml methods on other models.
 2017-08-30 11:40:54 +01:00
Andy Allan
c647aa3d4d Refactor the from_xml methods to act on existing trace objects. 
Setting the new tags with the = operator takes care of removing the
old ones, and is the same approach as taken by the tagstring= method.

Fixes #1600
 2017-08-18 10:09:50 +01:00
Andy Allan
3e4255eb2c Use current_user instead of @user. 2017-08-02 12:21:51 +01:00
Andy Allan
e31376e28d Merge branch 'master' into moderation 2017-08-02 12:12:57 +01:00
Tom Hughes
ebeea34670 Replace @user with @current_user 
This ensures that that we will find any more hidden references
to @user that might be hanging around...
 2017-07-27 19:44:14 +01:00
Tom Hughes
24fc94944b Change user forms to use current user instead of @user 2017-07-27 19:40:20 +01:00
Tom Hughes
555a821c3e Merge remote-tracking branch 'upstream/pull/1595' 2017-07-27 19:18:31 +01:00
Andy Allan
09ba878519 Convert @user to current_user 2017-07-27 10:31:31 +01:00
Andy Allan
c819bec8b7 Use a current_user helper for accessing the logged in user in all views. 2017-07-27 10:07:51 +01:00
Andy Allan
41000078b9 Convert remaining controller code to use current_user 
The `self.current_user` is important when assigning to the current user,
to avoid creating a local variable called `current_user`
 2017-07-27 10:07:51 +01:00
Tom Hughes
4874219ab8 Mark account suspended flash message as HTML safe 
Fixes #1590
 2017-07-19 00:31:03 +01:00
Andy Allan
6f89da05d1 Use current_user to represent the currently logged in user. 
This is already used by the oauth plugin, and is a general rails convention.
 2017-07-12 16:10:50 +01:00
Andy Allan
c1cdddf11f Use rails 5 version of redirect_back. 2017-07-12 13:57:09 +01:00
Andy Allan
9c1c696141 Remove indirection. 2017-07-12 13:42:39 +01:00
Andy Allan
506c0b5f0d Set the reported_user in a callback 
This avoids passing around the reported_user via forms. There was no
validation anywhere that the reported_user corresponded to the object
being reported. This approach removes those worries too.
 2017-07-12 13:36:48 +01:00
Andy Allan
65e1dbb4a6 Rubocop autofixes. 2017-07-12 11:49:23 +01:00
Andy Allan
99df5f6179 Rename association to reported_user, for clarity 2017-07-12 11:44:05 +01:00
Andy Allan
dbd88d893f Merge branch 'master' into moderation 2017-07-12 10:16:11 +01:00
Tom Hughes
fe1e28b4f4 Fix more parameter sanitisation issues and add tests 2017-06-29 20:52:57 +01:00
Tom Hughes
3763cbc7d4 Disable forgery protection for notes API methods 
Fixes #1571
 2017-06-29 19:14:55 +01:00
Tom Hughes
117f0e8226 Sanitize parameters for various paged views 2017-06-29 10:55:53 +01:00
Tom Hughes
3893fd72a9 Fix some tests for changes in rails 5 2017-06-27 08:26:44 +01:00
Tom Hughes
81deb35331 Update to rails 5.0.4 2017-06-27 08:26:44 +01:00
Tom Hughes
ea9a4c2aa2 Convert XML document to a string when returning it 
Otherwise the Rak::ETag module will throw an exception when it
tries to test if the response is empty.
 2017-06-13 12:55:13 +01:00
Tom Hughes
18c8946556 Use explicit to_unsafe_h method when converting parameters to a hash 2017-06-05 22:44:15 +01:00
Tom Hughes
d85621c7ae Replace deprecated ActiveModel::Errors get/set methods 2017-06-05 22:41:23 +01:00
Tom Hughes
d4df87c1e1 Replace deprecated env method with request.env 2017-06-05 22:38:27 +01:00
Tom Hughes
4248e10946 Use distinct instead of uniq which is deprecated 2017-06-04 22:52:41 +01:00
Tom Hughes
9dafeda080 Replace render :nothing with non-deprecated alternatives 2017-06-04 22:52:41 +01:00