cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
4066 commits 4 branches 1 tag 499 MiB
Commit graph

1136 commits

Author SHA1 Message Date
Tom Hughes
5db8031c23 Make sure all forms have the correct authenticity token 
A cached page may include forms, which will then have the wrong
authenticity token, so after the page has finished loading we fix
up those tokens using the one from the meta tags which will always
be correct as we never cache the layout.
 2011-11-25 09:41:15 +00:00
Tom Hughes
54a5d04782 Don't escape links in "flash required" message 2011-11-24 22:24:45 +00:00
Tom Hughes
db58aa801b Make sure the maximum scale is set when export is opened 2011-11-24 21:31:54 +00:00
Tom Hughes
2a09670389 Don't escape the license link 2011-11-24 21:21:17 +00:00
Tom Hughes
5718d455bc Don't escape the heading on a user block 2011-11-23 00:11:51 +00:00
Tom Hughes
0033fcbf12 Don't escape HTML in the message shown to anonymous users 2011-11-22 22:53:31 +00:00
Tom Hughes
be8164cf15 Generate correct URLs for changeset feeds 2011-11-19 12:42:37 +00:00
Tom Hughes
4ab734ee1b Fixed escaping in title 2011-11-17 11:03:27 +00:00
Tom Hughes
bca0d5873b Removed bogus characters from form_for 2011-11-17 11:02:42 +00:00
Tom Hughes
73b7ab344c Fix formatting of user list 2011-11-17 10:00:47 +00:00
Tom Hughes
c1db05321a Filter out the current way correctly 2011-11-17 09:53:21 +00:00
Tom Hughes
7b89dc6349 Make OAuth work again 2011-11-16 21:13:25 +00:00
Tom Hughes
8e52cac837 Always pass the session ID to the logout page 
The tricks we played before to only pass it via a POST while
keeping the visible URL clean don't work anymore.
 2011-11-16 11:25:37 +00:00
Tom Hughes
71f377ab8f Yet more raw markers 2011-11-16 09:55:36 +00:00
Tom Hughes
28579180e5 Add some more raw markers 2011-11-16 08:48:05 +00:00
Tom Hughes
d4853bdc29 Looks like @body is special somehow so use @text instead 2011-11-15 14:49:38 +00:00
Tom Hughes
1d6051d08b Make linkify preserve HTML safety 2011-11-15 09:46:33 +00:00
Tom Hughes
36a3dfe7cd Add a few missing raw markers 2011-11-15 09:20:04 +00:00
Peter Gray
95d899786a Refactor bounding box code 
Moved duplicated code into the BoundingBox class, and pass around
BoundingBox objects instead of lists of bounds.
 2011-11-14 09:42:57 +00:00
Tom Hughes
d70fd8ab1a Use HTML5 email and url field types where appropriate 2011-11-14 09:42:57 +00:00
Tom Hughes
281a3239e6 Mark terms as raw to avoid escaping HTML in them 2011-11-14 09:42:57 +00:00
Tom Hughes
546db82281 Preserve field values if the signup form fails validation 2011-11-14 09:42:56 +00:00
Tom Hughes
c55bcb1763 Mark openid prompt as raw so the image is not escaped 2011-11-14 09:42:56 +00:00
Tom Hughes
1f383dcbd7 Serve swfobject via the assets pipeline 2011-11-14 09:42:56 +00:00
Tom Hughes
607d23f6d6 Fixup some string escaping issues in the data browser 2011-11-14 09:42:55 +00:00
Tom Hughes
3f9fdb122c Mark the generated list of page links as raw 2011-11-14 09:42:55 +00:00
Tom Hughes
b63ce5d460 Mark some locale lookups as raw 2011-11-14 09:42:52 +00:00
Tom Hughes
5eb21cc2da Fix form_for arguments 2011-11-14 09:42:52 +00:00
Tom Hughes
8acdba8bdd Upgrade to rails 3.1.0 2011-11-14 09:42:52 +00:00
Tom Hughes
49a45b1c52 Fix escaping of unicode character in edit menu name 2011-11-14 09:42:50 +00:00
Tom Hughes
4ea63afd24 Update use of deprecated forms of form_for 2011-11-14 09:42:48 +00:00
Tom Hughes
35e60d4d7b Avoid empty content_for blocks as they trigger warnings 2011-11-14 09:42:45 +00:00
Tom Hughes
dc9b0e8c94 Rename notifier views to new style names 2011-11-14 09:42:45 +00:00
Tom Hughes
226c41be69 Update ActiveRecord queries to use arel 2011-11-14 09:42:44 +00:00
Tom Hughes
1a8d73c024 Use an observer to detect changes to the selected legale 2011-11-14 09:42:43 +00:00
Tom Hughes
7901815718 Use symbols consistently for names of content blocks 2011-11-14 09:42:43 +00:00
Tom Hughes
7d45c2fd3c Replace request.request_uri with request.fullpath 2011-11-14 09:42:42 +00:00
Tom Hughes
2bc44dfddc Use form_tag instead of building forms by hand 
In order for CSRF protection to work we need to use form_for or form_tag
to build all forms so that the authenticity token is added.
 2011-11-14 09:42:42 +00:00
Tom Hughes
ed54379218 Make helpers return text instead of appending to the output buffer 2011-11-14 09:42:42 +00:00
Tom Hughes
22594361d5 Mark some strings that shouldn't be escaped as raw 2011-11-14 09:42:41 +00:00
Tom Hughes
b25a468e3c Use <%= instead of <% for block helpers that use concat 2011-11-14 09:42:41 +00:00
Tom Hughes
7b37f4cb62 Use link_to and form_tag instead of link_to_remote and form_remote_tag 2011-11-14 09:42:40 +00:00
Tom Hughes
e1213a4651 Use Rails.xxx instead of RAILS_XXX 2011-11-14 09:42:40 +00:00
Tom Hughes
c9fa49c994 Update to rails 3 2011-11-14 09:42:40 +00:00
Tom Hughes
f2d205a59e Add a link to the OpenStreetMap Google+ page 2011-11-07 22:38:56 +00:00
Tom Hughes
afb4fedbd7 Bounds should be treated as floating point 2011-10-31 10:08:49 +00:00
Tom Hughes
bed2405973 Fix some XSS issues 2011-10-30 17:23:39 +00:00
Grant Slater
1a8b39a547 Add an inner div for the plugin as swfobject will replace it 2011-10-06 08:35:28 +01:00
Grant Slater
a333712ad7 Replace swfobject 1.5 with swfobject 2 2011-10-06 00:52:12 +01:00
Grant Slater
66588f6cf1 Flash 10 is now required 2011-10-01 10:48:27 +01:00