openstreetmap-website

Author	SHA1	Message	Date
Andy Allan	9f84c6f46e	Use user_path links. Fixes #1785	2018-03-21 11:33:45 +08:00
Andy Allan	b2ff9f3aad	Simplify redirect.	2018-03-09 15:56:56 +08:00
biswesh456	674589ce2c	Change test case	2018-03-03 20:20:52 +05:30
biswesh456	646dcb62fc	Allow admins and moderators to delete traces Fixes #1625	2018-02-24 20:36:12 +05:30
Andy Allan	549acfa918	Merge pull request #1732 from tomhughes/npemap Remove npemap as a source for UK postcodes	2018-02-23 10:23:22 +08:00
Tom Hughes	96cc9abd23	Use https when redirecting to the render server	2018-02-09 22:31:45 +00:00
Tom Hughes	2515c77276	Use configured protocol for URLs in diary feeds	2018-02-05 22:31:27 +00:00
Tom Hughes	5925039729	Remove npemap as a source for UK postcodes	2018-02-04 15:14:41 +00:00
Tom Hughes	673b58f96f	Merge remote-tracking branch 'upstream/pull/1704'	2018-02-04 15:09:40 +00:00
Tom Hughes	a83030dab7	Fix new rubocop warnings	2018-01-22 18:55:45 +00:00
Tom Hughes	9cf698322c	Merge remote-tracking branch 'upstream/pull/1707'	2018-01-13 10:35:42 +00:00
Tom Hughes	be86e4824f	Convert various URLs to https	2018-01-08 20:18:21 +00:00
Tom Hughes	af1397436f	Use https for nominatim	2018-01-08 10:50:44 +00:00
Tom Hughes	9340c46173	Remove dependencies on mapzen services	2018-01-02 18:45:20 +00:00
mmd-osm	e21c967fdd	Revoking administrator role on current user should fail Fixes #1697 Closes #1701	2017-12-19 17:31:34 +00:00
Guillaume RISCHARD	ca36cf2826	Remove support for soon discontinued josm remote https endpoint	2017-12-16 16:15:52 +01:00
mmd-osm	b2a3955d93	Allow (un)subscribing discussions also when changeset still open Fixes #1627	2017-12-16 13:32:04 +01:00
Tom Hughes	2c52c91b39	Make changeset#query preload users, tags and comments	2017-12-04 07:54:19 +00:00
Tom Hughes	fe2e215d14	Make the AMF getway_old call parse times as UTC Although it's not entirely clear how to interpret a timestamp from a client the production servers have effectively been parsing them as UTC because they run in the UTC time zone all year. Using Time.zone to do the parse forces it to happen in the rails time zone rather than the system time zone, which defaults to UTC as well. Fixes #1688	2017-12-01 19:24:26 +00:00
Tom Hughes	b77406ff38	Use decoded strings when parsing XML responses from geocoders Fixes #1690	2017-11-29 23:07:19 +00:00
Tom Hughes	986779966b	Extend form-action policies for Chrome It seems that unlike other browsers Chrome requires that if a form submission redirects that the redirected URL also match the form-action policy rather than just requiring the original URL to match.	2017-11-25 12:04:02 +00:00
Tom Hughes	afa5d420d3	Allow iD to fetch gpx files from arbitrary locations	2017-11-24 08:38:51 +00:00
Tom Hughes	527ec293c2	Fix security policy for mapillary in iD	2017-11-24 01:09:27 +00:00
Tom Hughes	6a1a4a3f7d	Fix remote editing security policy	2017-11-24 00:46:27 +00:00
Tom Hughes	2cd81daf34	Add security policy for remote control editing	2017-11-24 00:43:14 +00:00
Tom Hughes	4950ae3c1f	Allow iD to connect to nominatim	2017-11-24 00:10:38 +00:00
Tom Hughes	bb116b85df	Allow third party images in user content	2017-11-23 22:39:05 +00:00
Andy Allan	15b104f4ff	Merge branch 'p' of https://github.com/jfirebaugh/openstreetmap-website into jfirebaugh-p Refs #139	2017-11-22 10:47:18 +00:00
Tom Hughes	7ce94ad0ec	Add openstreetcam.org to security policy for iD	2017-11-16 10:17:22 +00:00
Tom Hughes	b6b9d543ac	Fix rubocop warnings	2017-10-29 19:43:02 +00:00
Tom Hughes	cea455d390	Update for ActionView::Template::Error change	2017-10-27 19:25:49 +01:00
Andy Allan	d581f17665	Avoid using or comparing explicit model ids The code is easier to read using higher-level concepts.	2017-10-22 21:58:09 +01:00
Tom Hughes	f02c753cc4	Use send_data for GPX traces intead of monkey patching send_file	2017-10-09 20:38:08 +01:00
Tom Hughes	8dae890a76	Fix rubocop warnings	2017-10-05 19:18:38 +01:00
Tom Hughes	6209a9be78	Drop geocoder.us from search engines Fixes #1633	2017-09-25 22:52:03 +01:00
Andy Allan	b4be5596f5	Rename xml processing methods with an update_ prefix They behave differently from the other from_xml methods on other models.	2017-08-30 11:40:54 +01:00
Andy Allan	c647aa3d4d	Refactor the from_xml methods to act on existing trace objects. Setting the new tags with the = operator takes care of removing the old ones, and is the same approach as taken by the tagstring= method. Fixes #1600	2017-08-18 10:09:50 +01:00
Tom Hughes	ebeea34670	Replace @user with @current_user This ensures that that we will find any more hidden references to @user that might be hanging around...	2017-07-27 19:44:14 +01:00
Tom Hughes	24fc94944b	Change user forms to use current user instead of @user	2017-07-27 19:40:20 +01:00
Tom Hughes	555a821c3e	Merge remote-tracking branch 'upstream/pull/1595'	2017-07-27 19:18:31 +01:00
Andy Allan	09ba878519	Convert @user to current_user	2017-07-27 10:31:31 +01:00
Andy Allan	c819bec8b7	Use a current_user helper for accessing the logged in user in all views.	2017-07-27 10:07:51 +01:00
Andy Allan	41000078b9	Convert remaining controller code to use current_user The `self.current_user` is important when assigning to the current user, to avoid creating a local variable called `current_user`	2017-07-27 10:07:51 +01:00
Tom Hughes	4874219ab8	Mark account suspended flash message as HTML safe Fixes #1590	2017-07-19 00:31:03 +01:00
Andy Allan	6f89da05d1	Use current_user to represent the currently logged in user. This is already used by the oauth plugin, and is a general rails convention.	2017-07-12 16:10:50 +01:00
Tom Hughes	fe1e28b4f4	Fix more parameter sanitisation issues and add tests	2017-06-29 20:52:57 +01:00
Tom Hughes	3763cbc7d4	Disable forgery protection for notes API methods Fixes #1571	2017-06-29 19:14:55 +01:00
Tom Hughes	117f0e8226	Sanitize parameters for various paged views	2017-06-29 10:55:53 +01:00
Tom Hughes	3893fd72a9	Fix some tests for changes in rails 5	2017-06-27 08:26:44 +01:00
Tom Hughes	81deb35331	Update to rails 5.0.4	2017-06-27 08:26:44 +01:00

1 2 3 4 5 ...

1563 commits