cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
10172 commits 4 branches 1 tag 499 MiB
Commit graph

1950 commits

Author SHA1 Message Date
Andy Allan
c1cdddf11f Use rails 5 version of redirect_back. 2017-07-12 13:57:09 +01:00
Andy Allan
9c1c696141 Remove indirection. 2017-07-12 13:42:39 +01:00
Andy Allan
506c0b5f0d Set the reported_user in a callback 
This avoids passing around the reported_user via forms. There was no
validation anywhere that the reported_user corresponded to the object
being reported. This approach removes those worries too.
 2017-07-12 13:36:48 +01:00
Andy Allan
65e1dbb4a6 Rubocop autofixes. 2017-07-12 11:49:23 +01:00
Andy Allan
99df5f6179 Rename association to reported_user, for clarity 2017-07-12 11:44:05 +01:00
Andy Allan
dbd88d893f Merge branch 'master' into moderation 2017-07-12 10:16:11 +01:00
Tom Hughes
fe1e28b4f4 Fix more parameter sanitisation issues and add tests 2017-06-29 20:52:57 +01:00
Tom Hughes
3763cbc7d4 Disable forgery protection for notes API methods 
Fixes #1571
 2017-06-29 19:14:55 +01:00
Tom Hughes
117f0e8226 Sanitize parameters for various paged views 2017-06-29 10:55:53 +01:00
Tom Hughes
3893fd72a9 Fix some tests for changes in rails 5 2017-06-27 08:26:44 +01:00
Tom Hughes
81deb35331 Update to rails 5.0.4 2017-06-27 08:26:44 +01:00
Tom Hughes
ea9a4c2aa2 Convert XML document to a string when returning it 
Otherwise the Rak::ETag module will throw an exception when it
tries to test if the response is empty.
 2017-06-13 12:55:13 +01:00
Tom Hughes
18c8946556 Use explicit to_unsafe_h method when converting parameters to a hash 2017-06-05 22:44:15 +01:00
Tom Hughes
d85621c7ae Replace deprecated ActiveModel::Errors get/set methods 2017-06-05 22:41:23 +01:00
Tom Hughes
d4df87c1e1 Replace deprecated env method with request.env 2017-06-05 22:38:27 +01:00
Tom Hughes
4248e10946 Use distinct instead of uniq which is deprecated 2017-06-04 22:52:41 +01:00
Tom Hughes
9dafeda080 Replace render :nothing with non-deprecated alternatives 2017-06-04 22:52:41 +01:00
Tom Hughes
339d8e46ff Sanitise parameters used in URL generation 2017-06-04 20:24:53 +01:00
Tom Hughes
03a9df9288 Replace render :nothing with head 2017-06-04 20:24:53 +01:00
Tom Hughes
8412ed0bed Replace deprecated Mime::XXX with Mime[:xxx] 2017-06-03 17:33:13 +01:00
Tom Hughes
2357118c46 Avoid using format as a URL parameter name 
This prevents rails confusing it with the builtin format
parameter derived from the URL extension.
 2017-06-03 12:08:35 +01:00
Tom Hughes
80d27a7fae Sanitise parameters used in URL generation 2017-06-02 20:27:07 +01:00
Tom Hughes
ff97501ed0 Remove all use of the :text option to render 
It doesn't actually do what it says, as it sets the content type
to text/html not text/plain so is just confusing and as a result
has been deprecated in newer rails versions.
 2017-06-02 19:12:05 +01:00
Tom Hughes
9b89d4eefe Remove conditions from delete_all 
Passing conditions directory to delete_all is deprecated
in rails 5.0 so use a separate where instead.
 2017-06-02 16:33:48 +01:00
Tom Hughes
5b33f3f8e3 Fix rubocop warnings 2017-06-02 00:08:30 +01:00
Andy Allan
060230fb94 Ensure closed changesets appear in the feed, and update some misleading comments. 2017-06-01 15:43:51 +01:00
Tom Hughes
7c9229fbfc Throw an exception if adding a note comment fails 2017-03-13 14:49:16 +00:00
Simon Poole
9606e440bc Return maximum size of bounding box for note retrieval 2017-03-13 08:53:49 +01:00
Tom Hughes
5cdb835de3 Show offline/readonly messages as normal flash messages 2017-03-10 16:30:04 +00:00
Tom Hughes
33669daefb Do more preloading in browse controller methods 
Fixes #1476
 2017-03-07 09:10:24 +00:00
Tom Hughes
88d16deadd Detect a timeout encapsulated in ActionView::Template::Error 
Fixes #1476
 2017-03-06 17:50:09 +00:00
Han Chao
49a7921ec8 Use local api to export map.osm 
Closes #1282
 2017-03-05 10:37:25 +00:00
Tom Hughes
c5ef6404f5 Improve the content security policy 2017-03-01 22:38:24 +00:00
Tom Hughes
428e7d6baa Merge remote-tracking branch 'openstreetmap/pull/1467' 2017-02-26 22:22:48 +00:00
Simon Poole
12013f60a0 Externalize message about missing OAuth capabilities/permissions and make it less technical 2017-02-26 21:43:43 +01:00
Tom Hughes
40a8e5caf5 Add support for Content-Security-Policy 
Currently this is report only, and disabled unless a report URL has
been set in the application configuration.
 2017-02-26 19:48:13 +00:00
Tom Hughes
af72cb51e9 Fix rubocop warnings 2017-02-18 16:18:04 +00:00
Simon Poole
58c61c7962 Actually use user_block 2017-02-18 16:17:46 +01:00
Simon Poole
823f6b4d36 Add functionality to return a specific message for zero hour blocks 2017-02-18 13:53:21 +01:00
Tom Hughes
9fb382eaa9 Initialise locale before looking up user blocked error 2017-02-17 19:59:06 +00:00
Tom Hughes
e23541c20f Allow a POST with no arguments to trace#edit to fetch the form 2017-02-13 10:09:43 +00:00
Tom Hughes
c439f957ae Only add traces for POST requests 2017-02-09 21:07:44 +00:00
Tom Hughes
92fe7a8506 Only create diary entries for POST requests 2017-02-09 21:07:18 +00:00
Tom Hughes
afa82bd2b1 Render message properly on error 2017-02-09 20:20:55 +00:00
Tom Hughes
4709d90594 Only send messages for POST requests 2017-02-09 19:37:48 +00:00
Tom Hughes
94ab5c3635 Make TraceController#list sort by id instead of timestamp 
The effect is much the same but id is guaranteed to give a stable
sort if two traces have the same timestamp.
 2017-02-05 16:18:56 +00:00
Tom Hughes
c8671c137a Update rubocop 2017-02-05 11:12:37 +00:00
Tom Hughes
96c91757fc Don't try and look up traces until the user is logged in 
Fixes #1411
 2017-01-11 21:11:37 +00:00
Tom Hughes
777b19c775 Make export action send TOTP cookie 2017-01-02 22:51:18 +00:00
Tom Hughes
9a82ae069a Remove dot prefix from cookie domain 2017-01-02 21:33:58 +00:00