cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
8105 commits 4 branches 1 tag 499 MiB
Commit graph

1545 commits

Author SHA1 Message Date
Tom Hughes
fe2e215d14 Make the AMF getway_old call parse times as UTC 
Although it's not entirely clear how to interpret a timestamp from
a client the production servers have effectively been parsing them
as UTC because they run in the UTC time zone all year.

Using Time.zone to do the parse forces it to happen in the rails time
zone rather than the system time zone, which defaults to UTC as well.

Fixes #1688
 2017-12-01 19:24:26 +00:00
Tom Hughes
b77406ff38 Use decoded strings when parsing XML responses from geocoders 
Fixes #1690
 2017-11-29 23:07:19 +00:00
Tom Hughes
986779966b Extend form-action policies for Chrome 
It seems that unlike other browsers Chrome requires that if a form
submission redirects that the redirected URL also match the form-action
policy rather than just requiring the original URL to match.
 2017-11-25 12:04:02 +00:00
Tom Hughes
afa5d420d3 Allow iD to fetch gpx files from arbitrary locations 2017-11-24 08:38:51 +00:00
Tom Hughes
527ec293c2 Fix security policy for mapillary in iD 2017-11-24 01:09:27 +00:00
Tom Hughes
6a1a4a3f7d Fix remote editing security policy 2017-11-24 00:46:27 +00:00
Tom Hughes
2cd81daf34 Add security policy for remote control editing 2017-11-24 00:43:14 +00:00
Tom Hughes
4950ae3c1f Allow iD to connect to nominatim 2017-11-24 00:10:38 +00:00
Tom Hughes
bb116b85df Allow third party images in user content 2017-11-23 22:39:05 +00:00
Andy Allan
15b104f4ff Merge branch 'p' of https://github.com/jfirebaugh/openstreetmap-website into jfirebaugh-p 
Refs #139
 2017-11-22 10:47:18 +00:00
Tom Hughes
7ce94ad0ec Add openstreetcam.org to security policy for iD 2017-11-16 10:17:22 +00:00
Tom Hughes
b6b9d543ac Fix rubocop warnings 2017-10-29 19:43:02 +00:00
Tom Hughes
cea455d390 Update for ActionView::Template::Error change 2017-10-27 19:25:49 +01:00
Andy Allan
d581f17665 Avoid using or comparing explicit model ids 
The code is easier to read using higher-level concepts.
 2017-10-22 21:58:09 +01:00
Tom Hughes
f02c753cc4 Use send_data for GPX traces intead of monkey patching send_file 2017-10-09 20:38:08 +01:00
Tom Hughes
8dae890a76 Fix rubocop warnings 2017-10-05 19:18:38 +01:00
Tom Hughes
6209a9be78 Drop geocoder.us from search engines 
Fixes #1633
 2017-09-25 22:52:03 +01:00
Andy Allan
b4be5596f5 Rename xml processing methods with an update_ prefix 
They behave differently from the other from_xml methods on other models.
 2017-08-30 11:40:54 +01:00
Andy Allan
c647aa3d4d Refactor the from_xml methods to act on existing trace objects. 
Setting the new tags with the = operator takes care of removing the
old ones, and is the same approach as taken by the tagstring= method.

Fixes #1600
 2017-08-18 10:09:50 +01:00
Tom Hughes
ebeea34670 Replace @user with @current_user 
This ensures that that we will find any more hidden references
to @user that might be hanging around...
 2017-07-27 19:44:14 +01:00
Tom Hughes
24fc94944b Change user forms to use current user instead of @user 2017-07-27 19:40:20 +01:00
Tom Hughes
555a821c3e Merge remote-tracking branch 'upstream/pull/1595' 2017-07-27 19:18:31 +01:00
Andy Allan
09ba878519 Convert @user to current_user 2017-07-27 10:31:31 +01:00
Andy Allan
c819bec8b7 Use a current_user helper for accessing the logged in user in all views. 2017-07-27 10:07:51 +01:00
Andy Allan
41000078b9 Convert remaining controller code to use current_user 
The `self.current_user` is important when assigning to the current user,
to avoid creating a local variable called `current_user`
 2017-07-27 10:07:51 +01:00
Tom Hughes
4874219ab8 Mark account suspended flash message as HTML safe 
Fixes #1590
 2017-07-19 00:31:03 +01:00
Andy Allan
6f89da05d1 Use current_user to represent the currently logged in user. 
This is already used by the oauth plugin, and is a general rails convention.
 2017-07-12 16:10:50 +01:00
Tom Hughes
fe1e28b4f4 Fix more parameter sanitisation issues and add tests 2017-06-29 20:52:57 +01:00
Tom Hughes
3763cbc7d4 Disable forgery protection for notes API methods 
Fixes #1571
 2017-06-29 19:14:55 +01:00
Tom Hughes
117f0e8226 Sanitize parameters for various paged views 2017-06-29 10:55:53 +01:00
Tom Hughes
3893fd72a9 Fix some tests for changes in rails 5 2017-06-27 08:26:44 +01:00
Tom Hughes
81deb35331 Update to rails 5.0.4 2017-06-27 08:26:44 +01:00
Tom Hughes
ea9a4c2aa2 Convert XML document to a string when returning it 
Otherwise the Rak::ETag module will throw an exception when it
tries to test if the response is empty.
 2017-06-13 12:55:13 +01:00
Tom Hughes
18c8946556 Use explicit to_unsafe_h method when converting parameters to a hash 2017-06-05 22:44:15 +01:00
Tom Hughes
d85621c7ae Replace deprecated ActiveModel::Errors get/set methods 2017-06-05 22:41:23 +01:00
Tom Hughes
d4df87c1e1 Replace deprecated env method with request.env 2017-06-05 22:38:27 +01:00
Tom Hughes
4248e10946 Use distinct instead of uniq which is deprecated 2017-06-04 22:52:41 +01:00
Tom Hughes
9dafeda080 Replace render :nothing with non-deprecated alternatives 2017-06-04 22:52:41 +01:00
Tom Hughes
339d8e46ff Sanitise parameters used in URL generation 2017-06-04 20:24:53 +01:00
Tom Hughes
03a9df9288 Replace render :nothing with head 2017-06-04 20:24:53 +01:00
Tom Hughes
8412ed0bed Replace deprecated Mime::XXX with Mime[:xxx] 2017-06-03 17:33:13 +01:00
Tom Hughes
2357118c46 Avoid using format as a URL parameter name 
This prevents rails confusing it with the builtin format
parameter derived from the URL extension.
 2017-06-03 12:08:35 +01:00
Tom Hughes
80d27a7fae Sanitise parameters used in URL generation 2017-06-02 20:27:07 +01:00
Tom Hughes
ff97501ed0 Remove all use of the :text option to render 
It doesn't actually do what it says, as it sets the content type
to text/html not text/plain so is just confusing and as a result
has been deprecated in newer rails versions.
 2017-06-02 19:12:05 +01:00
Tom Hughes
9b89d4eefe Remove conditions from delete_all 
Passing conditions directory to delete_all is deprecated
in rails 5.0 so use a separate where instead.
 2017-06-02 16:33:48 +01:00
Tom Hughes
5b33f3f8e3 Fix rubocop warnings 2017-06-02 00:08:30 +01:00
Andy Allan
060230fb94 Ensure closed changesets appear in the feed, and update some misleading comments. 2017-06-01 15:43:51 +01:00
Tom Hughes
7c9229fbfc Throw an exception if adding a note comment fails 2017-03-13 14:49:16 +00:00
Simon Poole
9606e440bc Return maximum size of bounding box for note retrieval 2017-03-13 08:53:49 +01:00
Tom Hughes
5cdb835de3 Show offline/readonly messages as normal flash messages 2017-03-10 16:30:04 +00:00