Merge branch 'master' into staging

Conflicts: .travis.yml app/controllers/my_profile/tasks_controller.rb app/helpers/application_helper.rb app/views/profile_editor/_pending_tasks.html.erb app/views/tasks/processed.html.erb test/functional/tasks_controller_test.rb

Merge branch 'master' into staging
Conflicts: .travis.yml app/controllers/my_profile/tasks_controller.rb app/helpers/application_helper.rb app/views/profile_editor/_pending_tasks.html.erb app/views/tasks/processed.html.erb test/functional/tasks_controller_test.rb
Victor Costa
2 parents 45a508d7 9fb3ad5a
Showing 292 changed files with 1077 additions and 1016 deletions Show diff stats
.gitlab-ci.yml
.travis.yml
README.rails.md
app/controllers/my_profile/cms_controller.rb
app/controllers/my_profile/profile_editor_controller.rb
app/controllers/my_profile/tasks_controller.rb
app/helpers/action_tracker_helper.rb
app/helpers/application_helper.rb
app/helpers/block_helper.rb
app/helpers/blog_helper.rb
app/helpers/box_organizer_helper.rb
app/helpers/boxes_helper.rb
app/helpers/buttons_helper.rb
app/helpers/catalog_helper.rb
app/helpers/content_viewer_helper.rb
app/helpers/display_helper.rb
app/helpers/events_helper.rb
app/helpers/forms_helper.rb
app/helpers/forum_helper.rb
app/helpers/language_helper.rb
@@ -30,14 +30,47 @@ integration:
   script: bundle exec rake test:integration
   stage: all-tests
  
-cucumber:
-  script: bundle exec rake cucumber
+cucumber-1:
+  script: SLICE=1/2 bundle exec rake cucumber
+  stage: all-tests
+cucumber-2:
+  script: SLICE=2/2 bundle exec rake cucumber
   stage: all-tests
  
-selenium:
-  script: bundle exec rake selenium
+selenium-1:
+  script: SLICE=1/6 bundle exec rake selenium
+  stage: all-tests
+selenium-2:
+  script: SLICE=2/6 bundle exec rake selenium
+  stage: all-tests
+selenium-3:
+  script: SLICE=3/6 bundle exec rake selenium
+  stage: all-tests
+selenium-4:
+  script: SLICE=4/6 bundle exec rake selenium
+  stage: all-tests
+selenium-5:
+  script: SLICE=5/6 bundle exec rake selenium
+  stage: all-tests
+selenium-6:
+  script: SLICE=6/6 bundle exec rake selenium
   stage: all-tests
  
-plugins:
-  script: bundle exec rake test:noosfero_plugins
+# NOOSFERO_BUNDLE_OPTS=install makes migrations fails
+# probably because of rubygems-integration
+plugins-1:
+  script: SLICE=1/5 bundle exec rake test:noosfero_plugins
   stage: all-tests
+plugins-2:
+  script: SLICE=2/5 bundle exec rake test:noosfero_plugins
+  stage: all-tests
+plugins-3:
+  script: SLICE=3/5 bundle exec rake test:noosfero_plugins
+  stage: all-tests
+plugins-4:
+  script: SLICE=4/5 bundle exec rake test:noosfero_plugins
+  stage: all-tests
+plugins-5:
+  script: SLICE=5/5 bundle exec rake test:noosfero_plugins
+  stage: all-tests
+
@@ -61,11 +61,11 @@ env:
   - SLICE=2/4 TASK=selenium
   - SLICE=3/4 TASK=selenium
   - SLICE=4/4 TASK=selenium
-  - SLICE=1/5 TASK=test:noosfero_plugins BUNDLE_OPTS=install
-  - SLICE=2/5 TASK=test:noosfero_plugins BUNDLE_OPTS=install
-  - SLICE=3/5 TASK=test:noosfero_plugins BUNDLE_OPTS=install
-  - SLICE=4/5 TASK=test:noosfero_plugins BUNDLE_OPTS=install
-  - SLICE=5/5 TASK=test:noosfero_plugins BUNDLE_OPTS=install
+  - SLICE=1/5 TASK=test:noosfero_plugins NOOSFERO_BUNDLE_OPTS=install
+  - SLICE=2/5 TASK=test:noosfero_plugins NOOSFERO_BUNDLE_OPTS=install
+  - SLICE=3/5 TASK=test:noosfero_plugins NOOSFERO_BUNDLE_OPTS=install
+  - SLICE=4/5 TASK=test:noosfero_plugins NOOSFERO_BUNDLE_OPTS=install
+  - SLICE=5/5 TASK=test:noosfero_plugins NOOSFERO_BUNDLE_OPTS=install
  
 script:
   - ./script/ci
@@ -99,7 +99,7 @@ Description of contents
   Holds controllers that should be named like weblog_controller.rb for automated URL mapping. All controllers should descend from `ActionController::Base`.
  
 * `app/models`
-  Holds models that should be named like post.rb. Most models will descend from `ActiveRecord::Base`.
+  Holds models that should be named like post.rb. Most models will descend from `ApplicationRecord`.
  
 * `app/views`
   Holds the template files for the view that should be named like `weblog/index.rhtml` for the `WeblogController#index` action. All views use eRuby syntax. This directory can also be used to keep stylesheets, images, and so on that can be symlinked to public.
@@ -108,7 +108,7 @@ class CmsController &lt; MyProfileController
   end
  
   def new
-    # FIXME this method should share some logic wirh edit !!!
+    # FIXME this method should share some logic with edit !!!
  
     @success_back_to = params[:success_back_to]
     # user must choose an article type first
@@ -365,7 +365,7 @@ class CmsController &lt; MyProfileController
   def search
     query = params[:q]
     results = find_by_contents(:uploaded_files, profile, profile.files.published, query)[:results]
-    render :text => article_list_to_json(results), :content_type => 'application/json'
+    render :text => article_list_to_json(results).html_safe, :content_type => 'application/json'
   end
  
   def search_article_privacy_exceptions
@@ -32,6 +32,7 @@ class ProfileEditorController &lt; MyProfileController
         Image.transaction do
           begin
             @plugins.dispatch(:profile_editor_transaction_extras)
+            # TODO: This is unsafe! Add sanitizer
             @profile_data.update!(params[:profile_data])
             redirect_to :action => 'index', :profile => profile.identifier
           rescue Exception => ex
@@ -162,34 +162,25 @@ class TasksController &lt; MyProfileController
  
   protected
  
-  def filter_by_closed_date(filter, tasks)
-    filter[:closed_from] = Date.parse(filter[:closed_from]) unless filter[:closed_from].blank?
-    filter[:closed_until] = Date.parse(filter[:closed_until]) unless filter[:closed_until].blank?
-
-    tasks = tasks.where('tasks.end_date >= ?', filter[:closed_from].beginning_of_day) unless filter[:closed_from].blank?
-    tasks = tasks.where('tasks.end_date <= ?', filter[:closed_until].end_of_day) unless filter[:closed_until].blank?
-    tasks
-  end
+  def filter_tasks(filter, tasks)
+    tasks = tasks.eager_load(:requestor, :closed_by)
+    tasks = tasks.of(filter[:type].presence)
+    tasks = tasks.where(:status => filter[:status]) unless filter[:status].blank?
  
-  def filter_by_creation_date(filter, tasks)
     filter[:created_from] = Date.parse(filter[:created_from]) unless filter[:created_from].blank?
     filter[:created_until] = Date.parse(filter[:created_until]) unless filter[:created_until].blank?
+    filter[:closed_from] = Date.parse(filter[:closed_from]) unless filter[:closed_from].blank?
+    filter[:closed_until] = Date.parse(filter[:closed_until]) unless filter[:closed_until].blank?
  
-    tasks = tasks.where('tasks.created_at >= ?', filter[:created_from].beginning_of_day) unless filter[:created_from].blank?
-    tasks = tasks.where('tasks.created_at <= ?', filter[:created_until].end_of_day) unless filter[:created_until].blank?
-    tasks
-  end
+    tasks = tasks.from_creation_date filter[:created_from] unless filter[:created_from].blank?
+    tasks = tasks.until_creation_date filter[:created_until] unless filter[:created_until].blank?
  
-  def filter_tasks(filter, tasks)
-    tasks = tasks.eager_load(:requestor, :closed_by)
-    tasks = tasks.of(filter[:type].presence)
-    tasks = tasks.where(:status => filter[:status]) unless filter[:status].blank?
-    tasks = filter_by_creation_date(filter, tasks)
-    tasks = filter_by_closed_date(filter, tasks)
+    tasks = tasks.from_closed_date filter[:closed_from] unless filter[:closed_from].blank?
+    tasks = tasks.until_closed_date filter[:closed_until] unless filter[:closed_until].blank?
  
-    tasks = tasks.like('profiles.name', filter[:requestor]) unless filter[:requestor].blank?
-    tasks = tasks.like('closed_bies_tasks.name', filter[:closed_by]) unless filter[:closed_by].blank?
-    tasks = tasks.like('tasks.data', filter[:text]) unless filter[:text].blank?
+    tasks = tasks.where('profiles.name LIKE ?', filter[:requestor]) unless filter[:requestor].blank?
+    tasks = tasks.where('closed_bies_tasks.name LIKE ?', filter[:closed_by]) unless filter[:closed_by].blank?
+    tasks = tasks.where('tasks.data LIKE ?', "%#{filter[:text]}%") unless filter[:text].blank?
     tasks
   end
  
@@ -5,22 +5,22 @@ module ActionTrackerHelper
   end
  
   def new_friendship_description ta
-    n_('has made 1 new friend:<br />%{name}', 'has made %{num} new friends:<br />%{name}', ta.get_friend_name.size) % {
+    n_('has made 1 new friend:<br />%{name}', 'has made %{num} new friends:<br />%{name}', ta.get_friend_name.size).html_safe % {
       num: ta.get_friend_name.size,
-      name: ta.collect_group_with_index(:friend_name) do |n,i|
+      name: safe_join(ta.collect_group_with_index(:friend_name) do |n,i|
         link_to image_tag(ta.get_friend_profile_custom_icon[i] || default_or_themed_icon("/images/icons-app/person-icon.png")),
                 ta.get_friend_url[i], title: n
-      end.join
+      end)
     }
   end
  
   def join_community_description ta
-    n_('has joined 1 community:<br />%{name}', 'has joined %{num} communities:<br />%{name}', ta.get_resource_name.size) % {
+    n_('has joined 1 community:<br />%{name}'.html_safe, 'has joined %{num} communities:<br />%{name}'.html_safe, ta.get_resource_name.size) % {
       num: ta.get_resource_name.size,
       name: ta.collect_group_with_index(:resource_name) do |n,i|
-        link_to image_tag(ta.get_resource_profile_custom_icon[i] || default_or_themed_icon("/images/icons-app/community-icon.png")),
+       link = link_to image_tag(ta.get_resource_profile_custom_icon[i] || default_or_themed_icon("/images/icons-app/community-icon.png")),
                 ta.get_resource_url[i], title: n
-      end.join
+      end.join.html_safe
     }
   end
  
@@ -101,7 +101,6 @@ module ApplicationHelper
   #
   # TODO: implement correcly the 'Help' button click
   def help(content = nil, link_name = nil, options = {}, &block)
-
     link_name ||= _('Help')
  
     @help_message_id ||= 1
@@ -124,7 +123,7 @@ module ApplicationHelper
     button = link_to_function(content_tag('span', link_name), "Element.show('#{help_id}')", options )
     close_button = content_tag("div", link_to_function(_("Close"), "Element.hide('#{help_id}')", :class => 'close_help_button'))
  
-    text = content_tag('div', button + content_tag('div', content_tag('div', content) + close_button, :class => 'help_message', :id => help_id, :style => 'display: none;'), :class => 'help_box')
+    text = content_tag('div', button + content_tag('div', content_tag('div', content.html_safe) + close_button, :class => 'help_message', :id => help_id, :style => 'display: none;'), :class => 'help_box')
  
     unless block.nil?
       concat(text)
@@ -364,8 +363,8 @@ module ApplicationHelper
   def popover_menu(title,menu_title,links,html_options={})
     html_options[:class] = "" unless html_options[:class]
     html_options[:class] << " menu-submenu-trigger"
-    html_options[:onclick] = "toggleSubmenu(this, '#{menu_title}', #{CGI::escapeHTML(links.to_json)}); return false"
  
+    html_options[:onclick] = "toggleSubmenu(this, '#{menu_title}', #{CGI::escapeHTML(links.to_json)}); return false".html_safe
     link_to(content_tag(:span, title), '#', html_options)
   end
  
@@ -475,9 +474,9 @@ module ApplicationHelper
       map(&:role)
     names = []
     roles.each do |role|
-      names << content_tag('span', role.name, :style => "color: #{role_color(role, resource.environment.id)}")
+      names << content_tag('span', role.name, :style => "color: #{role_color(role, resource.environment.id)}").html_safe
     end
-    names.join(', ')
+    safe_join(names, ', ')
   end
  
   def role_color(role, env_id)
@@ -913,7 +912,8 @@ module ApplicationHelper
   end
  
   def admin_link
-    user.is_admin?(environment) ? link_to('<i class="icon-menu-admin"></i><strong>' + _('Administration') + '</strong>', environment.admin_url, :title => _("Configure the environment"), :class => 'admin-link') : ''
+    admin_icon = '<i class="icon-menu-admin"></i><strong>' + _('Administration') + '</strong>'
+    user.is_admin?(environment) ? link_to(admin_icon.html_safe, environment.admin_url, :title => _("Configure the environment"), :class => 'admin-link') : ''
   end
  
   def usermenu_logged_in
@@ -922,23 +922,39 @@ module ApplicationHelper
     if count > 0
       pending_tasks_count = link_to("<i class=\"icon-menu-tasks\"></i><span class=\"task-count\">#{count}</span>", user.tasks_url, :id => 'pending-tasks-count', :title => _("Manage your pending tasks"))
     end
+    user_identifier = "<i style='background-image:url(#{user.profile_custom_icon(gravatar_default)})'></i><strong>#{user.identifier}</strong>"
+    welcome_link = link_to(user_identifier.html_safe, user.public_profile_url, :id => "homepage-link", :title => _('Go to your homepage'))
+    welcome_span = _("<span class='welcome'>Welcome,</span> %s") % welcome_link.html_safe
+    ctrl_panel_icon = '<i class="icon-menu-ctrl-panel"></i>'
+    ctrl_panel_section = '<strong>' + ctrl_panel_icon + _('Control panel') + '</strong>'
+    ctrl_panel_link = link_to(ctrl_panel_section.html_safe, user.admin_url, :class => 'ctrl-panel', :title => _("Configure your personal account and content"))
+    logout_icon = '<i class="icon-menu-logout"></i><strong>' + _('Logout') + '</strong>'
+    logout_link = link_to(logout_icon.html_safe, { :controller => 'account', :action => 'logout'} , :id => "logout", :title => _("Leave the system"))
+    join_result = safe_join(
+      [welcome_span.html_safe, render_environment_features(:usermenu).html_safe, admin_link.html_safe,
+        manage_enterprises.html_safe, manage_communities.html_safe, ctrl_panel_link.html_safe,
+        pending_tasks_count.html_safe, logout_link.html_safe], "")
+    join_result
+  end
  
-    (_("<span class='welcome'>Welcome,</span> %s") % link_to("<i style='background-image:url(#{user.profile_custom_icon(gravatar_default)})'></i><strong>#{user.identifier}</strong>", user.url, :id => "homepage-link", :title => _('Go to your homepage'))) +
-    render_environment_features(:usermenu) +
-    admin_link +
-    manage_enterprises +
-    manage_communities +
-    link_to('<i class="icon-menu-ctrl-panel"></i><strong>' + _('Control panel') + '</strong>', user.admin_url, :class => 'ctrl-panel', :title => _("Configure your personal account and content")) +
-    pending_tasks_count +
-    link_to('<i class="icon-menu-logout"></i><strong>' + _('Logout') + '</strong>', { :controller => 'account', :action => 'logout'} , :id => "logout", :title => _("Leave the system"))
+  def usermenu_notlogged_in
+    login_str = '<i class="icon-menu-login"></i><strong>' + _('Login') + '</strong>'
+    ret = _("<span class='login'>%s</span>") % modal_inline_link_to(login_str.html_safe, login_url, '#inlineLoginBox', :id => 'link_login')
+    return ret.html_safe
   end
  
+  def usermenu_signup
+    signup_str = '<strong>' + _('Sign up') + '</strong>'
+    ret = _("<span class='or'>or</span> <span class='signup'>%s</span>") % link_to(signup_str.html_safe, :controller => 'account', :action => 'signup')
+    return ret.html_safe
+
+  end
   def limited_text_area(object_name, method, limit, text_area_id, options = {})
-    content_tag(:div, [
+    content_tag(:div, safe_join([
       text_area(object_name, method, { :id => text_area_id, :onkeyup => "limited_text_area('#{text_area_id}', #{limit})" }.merge(options)),
       content_tag(:p, content_tag(:span, limit) + ' ' + _(' characters left'), :id => text_area_id + '_left'),
       content_tag(:p, _('Limit of characters reached'), :id => text_area_id + '_limit', :style => 'display: none')
-    ].join, :class => 'limited-text-area')
+    ]), :class => 'limited-text-area')
   end
  
   def expandable_text_area(object_name, method, text_area_id, options = {})
@@ -1034,8 +1050,8 @@ module ApplicationHelper
   end
  
   def render_tabs(tabs)
-    titles = tabs.inject(''){ |result, tab| result << content_tag(:li, link_to(tab[:title], '#'+tab[:id]), :class => 'tab') }
-    contents = tabs.inject(''){ |result, tab| result << content_tag(:div, tab[:content], :id => tab[:id]) }
+    titles = tabs.inject(''.html_safe){ |result, tab| result << content_tag(:li, link_to(tab[:title], '#'+tab[:id]), :class => 'tab') }
+    contents = tabs.inject(''.html_safe){ |result, tab| result << content_tag(:div, tab[:content], :id => tab[:id]) }
  
     content_tag(:div, content_tag(:ul, titles) + raw(contents), :class => 'ui-tabs')
   end
@@ -1053,7 +1069,7 @@ module ApplicationHelper
   def expirable_link_to(expired, content, url, options = {})
     if expired
       options[:class] = (options[:class] || '') + ' disabled'
-      content_tag('a', '&nbsp;'+content_tag('span', content), options)
+      content_tag('a', '&nbsp;'.html_safe+content_tag('span', content), options)
     else
       if options[:modal]
         options.delete(:modal)
@@ -1082,29 +1098,18 @@ module ApplicationHelper
   def template_options(kind, field_name)
     templates = environment.send(kind).templates
     return '' if templates.count == 0
-    if templates.count == 1
-      if templates.first.custom_fields == {}
-        return hidden_field_tag("#{field_name}[template_id]", templates.first.id)
-      else
-        custom_fields = ""
-        templates.first.custom_fields.each { |field, value|
-          custom_fields += content_tag('div', content_tag('label', value[:title].capitalize, :class => 'formlabel') +
-                             content_tag('div', text_field_tag( "profile_data[custom_fields][#{field}][title]", ''), :class => 'formfield type-text'), :class => "formfieldline" ) if value[:signup] == 'on'
-        }
-        content_tag('div', custom_fields)
-      end
-    else
-      radios = templates.map do |template|
-        content_tag('li', labelled_radio_button(link_to(template.name, template.url, :target => '_blank'), "#{field_name}[template_id]", template.id, environment.is_default_template?(template), :onchange => 'show_fields_for_template(this);'))
-      end.join("\n")
-
-      content_tag('div', content_tag('label', _('Profile organization'), :for => 'template-options', :class => 'formlabel') +
-        content_tag('p', _('Your profile will be created according to the selected template. Click on the options to view them.'), :style => 'margin: 5px 15px;padding: 0px 10px;') +
-        content_tag('ul', radios, :style => 'list-style: none; padding-left: 20px; margin-top: 0.5em;'),
-        :id => 'template-options',
-        :style => 'margin-top: 1em'
-      )
-    end
+    return hidden_field_tag("#{field_name}[template_id]", templates.first.id) if templates.count == 1
+
+    radios = templates.map do |template|
+      content_tag('li', labelled_radio_button(link_to(template.name, template.url, :target => '_blank'), "#{field_name}[template_id]", template.id, environment.is_default_template?(template)))
+    end.join("\n").html_safe
+
+    content_tag('div', content_tag('label', _('Profile organization'), :for => 'template-options', :class => 'formlabel') +
+      content_tag('p', _('Your profile will be created according to the selected template. Click on the options to view them.'), :style => 'margin: 5px 15px;padding: 0px 10px;') +
+      content_tag('ul', radios, :style => 'list-style: none; padding-left: 20px; margin-top: 0.5em;'),
+      :id => 'template-options',
+      :style => 'margin-top: 1em'
+    )
   end
  
   def expirable_content_reference(content, action, text, url, options = {})
@@ -1137,7 +1142,7 @@ module ApplicationHelper
     content_tag(:div, :class => 'errorExplanation', :id => 'errorExplanation') do
       content_tag(:h2, _('Errors while saving')) +
       content_tag(:ul) do
-        errors.map { |err| content_tag(:li, err) }.join
+        safe_join(errors.map { |err| content_tag(:li, err) })
       end
     end
   end
@@ -1247,6 +1252,7 @@ module ApplicationHelper
       :href=>"#",
       :title=>_("Exit full screen mode")
     })
+    content.html_safe
   end
  
 end
@@ -3,13 +3,13 @@ module BlockHelper
   def block_title(title, subtitle=nil)
     block_header = block_heading title
     block_header += block_heading(subtitle, 'h4') if subtitle
-    content_tag 'div', block_header, :class => 'block-header'
+    content_tag('div', block_header, :class => 'block-header').html_safe
   end
  
   def block_heading(title, heading='h3')
     tag_class = 'block-' + (heading == 'h3' ? 'title' : 'subtitle')
     tag_class += ' empty' if title.empty?
-    content_tag heading, content_tag('span', h(title)), :class => tag_class
+    content_tag heading, content_tag('span', h(title)), :class => tag_class.html_safe
   end
  
   def highlights_block_config_image_fields(block, image={}, row_number=nil)
@@ -41,12 +41,12 @@ module BlogHelper
       css_add << position
       content << (content_tag 'div', id: "post-#{art.id}", class: css_add do
         content_tag 'div', class: position + '-inner blog-post-inner' do
-          display_post(art, conf[:format]).html_safe +
-          '<br style="clear:both"/>'.html_safe
+          display_post(art, conf[:format])  +
+          '<br style="clear:both"/>'
         end
-      end)
+      end).html_safe
     }
-    content.join("\n<hr class='sep-posts'/>\n") + (pagination or '')
+    safe_join(content, "\n<hr class='sep-posts'/>\n") + (pagination or '').html_safe
   end
  
   def display_post(article, format = 'full')
@@ -61,7 +61,8 @@ module BlogHelper
       else
         '<div class="post-pic" style="background-image:url('+img+')"></div>'
       end
-    end.to_s + title + html
+    end.to_s.html_safe +
+    title.html_safe + html
   end
  
   def display_compact_format(article)
@@ -38,7 +38,7 @@ module BoxOrganizerHelper
     content_tag(:ul,
       images_path.map do |preview|
 	content_tag(:li, image_tag(preview, height: '240', alt: ''))
-      end.join("\n")
+      end.join("\n").html_safe
     )
   end
  
@@ -44,7 +44,7 @@ module BoxesHelper
  
   def display_boxes(holder, main_content)
     boxes = holder.boxes.with_position.first(boxes_limit(holder))
-    content = boxes.reverse.map { |item| display_box(item, main_content) }.join("\n")
+    content = safe_join(boxes.reverse.map { |item| display_box(item, main_content) }, "\n")
     content = main_content if (content.blank?)
  
     content_tag('div', content, :class => 'boxes', :id => 'boxes' )
@@ -54,7 +54,7 @@ module BoxesHelper
     if holder.respond_to?(element)
       content_tag('div', holder.send(element), options)
     else
-      ''
+      ''.html_safe
     end
   end
  
@@ -70,9 +70,10 @@ module BoxesHelper
  
   def display_box_content(box, main_content)
     context = { :article => @page, :request_path => request.path, :locale => locale, :params => request.params, :user => user, :controller => controller }
-    box_decorator.select_blocks(box, box.blocks.includes(:box), context).map do |item|
+    blocks = box_decorator.select_blocks(box, box.blocks.includes(:box), context).map do |item|
       display_block item, main_content
-    end.join("\n") + box_decorator.block_target(box)
+    end
+    safe_join(blocks, "\n") + box_decorator.block_target(box)
   end
  
   def select_blocks box, arr, context
@@ -136,17 +137,18 @@ module BoxesHelper
  
     result = filter_html(result, block)
  
-    content_tag('div',
-      box_decorator.block_target(block.box, block) +
-        content_tag('div',
-         content_tag('div',
-           content_tag('div',
-             result + footer_content + box_decorator.block_edit_buttons(block),
-             :class => 'block-inner-2'),
-           :class => 'block-inner-1'),
-       options),
-    :class => 'block-outer') +
-    box_decorator.block_handle(block)
+    join_result = safe_join([result, footer_content, box_decorator.block_edit_buttons(block)])
+    content_tag_inner_1 = content_tag('div', join_result, :class => 'block-inner-2')
+
+    content_tag_inner_2 = content_tag('div', content_tag_inner_1, :class => 'block-inner-1')
+    content_tag_inner_3 = content_tag('div', content_tag_inner_2, options)
+    content_tag_inner_4 = box_decorator.block_target(block.box, block) + content_tag_inner_3
+    c = content_tag('div', content_tag_inner_4, :class => 'block-outer')
+    box_decorator_result = box_decorator.block_handle(block)
+    result_final = safe_join([c, box_decorator_result], "")
+
+
+    return result_final
   end
  
   def wrap_main_content(content)
@@ -156,17 +158,17 @@ module BoxesHelper
   def extract_block_content(content)
     case content
     when Hash
-      content_tag('iframe', '', :src => url_for(content))
+      content_tag('iframe', ''.html_safe, :src => url_for(content))
     when String
       if content.split("\n").size == 1 and content =~ /^https?:\/\//
-        content_tag('iframe', '', :src => content)
+        content_tag('iframe', ''.html_safe, :src => content)
       else
         content
       end
     when Proc
       self.instance_eval(&content)
     when NilClass
-      ''
+      ''.html_safe
     else
       raise "Unsupported content for block (#{content.class})"
     end
@@ -175,14 +177,14 @@ module BoxesHelper
   module DontMoveBlocks
     # does nothing
     def self.block_target(box, block = nil)
-      ''
+      ''.html_safe
     end
     # does nothing
     def self.block_handle(block)
-      ''
+      ''.html_safe
     end
     def self.block_edit_buttons(block)
-      ''
+      ''.html_safe
     end
     def self.select_blocks box, arr, context
       arr = arr.select{ |block| block.visible? context }
@@ -229,9 +231,9 @@ module BoxesHelper
   # makes the given block draggable so it can be moved away.
   def block_handle(block)
     return "" unless movable?(block)
-    icon = "<div><div>#{display_icon(block.class)}</div><span>#{_(block.class.pretty_name)}</span></div>"
+    icon = "<div><div>#{display_icon(block.class)}</div><span>#{_(block.class.pretty_name)}</span></div>".html_safe
     block_draggable("block-#{block.id}",
-                    :helper => "function() {return cloneDraggableBlock($(this), '#{icon}')}")
+                    :helper => "function() {return cloneDraggableBlock($(this), '#{icon}')}".html_safe)
   end
  
   def block_draggable(element_id, options={})
@@ -302,7 +304,7 @@ module BoxesHelper
       buttons << modal_inline_icon(:embed, _('Embed code'), {}, "#embed-code-box-#{block.id}") << html
     end
  
-    content_tag('div', buttons.join("\n") + tag('br', :style => 'clear: left'), :class => 'button-bar')
+    content_tag('div', buttons.join("\n").html_safe + tag('br', :style => 'clear: left'), :class => 'button-bar')
   end
  
   def current_blocks
@@ -15,9 +15,9 @@ module ButtonsHelper
     end
     the_title = html_options[:title] || label
     if html_options[:disabled]
-      content_tag('a', '&nbsp;'+content_tag('span', label), html_options.merge(:class => the_class, :title => the_title))
+      content_tag('a', '&nbsp;'.html_safe+content_tag('span', label), html_options.merge(:class => the_class, :title => the_title))
     else
-      link_to('&nbsp;'+content_tag('span', label), url, html_options.merge(:class => the_class, :title => the_title))
+      link_to('&nbsp;'.html_safe+content_tag('span', label), url, html_options.merge(:class => the_class, :title => the_title))
     end
   end
  
@@ -19,18 +19,18 @@ module CatalogHelper
     ancestors = category.ancestors.map { |c| link_to(c.name, {:controller => :catalog, :action => 'index', :level => c.id}) }.reverse
     current_level = content_tag('strong', category.name)
     all_items = [start] + ancestors + [current_level]
-    content_tag('div', all_items.join(' &rarr; '), :id => 'breadcrumb')
+    content_tag('div', safe_join(all_items, ' &rarr; '), :id => 'breadcrumb')
   end
  
   def category_link(category)
     count = profile.products.from_category(category).count
     name = truncate(category.name, :length => 22 - count.to_s.size)
     link = link_to(name, {:controller => 'catalog', :action => 'index', :level => category.id}, :title => category.name)
-    content_tag('div', "#{link} <span class=\"count\">#{count}</span>") if count > 0
+    content_tag('div', "#{link} <span class=\"count\">#{count}</span>".html_safe) if count > 0
   end
  
   def category_with_sub_list(category)
-    content_tag 'li', "#{category_link(category)}\n#{sub_category_list(category)}"
+    content_tag 'li', "#{category_link(category)}\n#{sub_category_list(category)}".html_safe
   end
  
   def sub_category_list(category)
@@ -39,7 +39,7 @@ module CatalogHelper
       cat_link = category_link sub_category
       sub_categories << content_tag('li', cat_link) unless cat_link.nil?
     end
-    content_tag('ul', sub_categories.join) if sub_categories.size > 0
+    content_tag('ul', sub_categories.join.html_safe) if sub_categories.size > 0
   end
  
 end
@@ -7,7 +7,8 @@ module ContentViewerHelper
   def display_number_of_comments(n)
     base_str = "<span class='comment-count hide'>#{n}</span>"
     amount_str = n == 0 ? _('no comments yet') : (n == 1 ? _('One comment') : _('%s comments') % n)
-    base_str + "<span class='comment-count-write-out'>#{amount_str}</span>"
+    base_str += "<span class='comment-count-write-out'>#{amount_str}</span>"
+    base_str.html_safe
   end
  
   def number_of_comments(article)
@@ -19,11 +20,11 @@ module ContentViewerHelper
     title = content_tag('h1', h(title), :class => 'title')
     if article.belongs_to_blog? || article.belongs_to_forum?
       unless args[:no_link]
-        title = content_tag('h1', link_to(article.name, article.url), :class => 'title')
+        title = content_tag('h1', link_to(article.name, url_for(article.url)), :class => 'title')
       end
       comments = ''
       unless args[:no_comments] || !article.accept_comments
-        comments = (" - %s") % link_to_comments(article)
+        comments = (" - %s").html_safe % link_to_comments(article)
       end
       date_format = show_with_right_format_date article
       title << content_tag('span',
@@ -53,18 +53,19 @@ module DisplayHelper
   end
  
   def txt2html(txt)
-    txt.strip.
+    ret = txt.strip.
       gsub( /\s*\n\s*\n\s*/, "\r<p/>\r" ).
       gsub( /\s*\n\s*/, "\n<br/>\n" ).
       gsub( /\r/, "\n" ).
       gsub( /(^|\s)(www\.[^\s]+|https?:\/\/[^\s]+)/ ) do
         pre_char, href = $1, $2
         href = 'http://'+href  if ! href.match /^https?:/
-        content = href.gsub(/^https?:\/\//, '').scan(/.{1,4}/).join('&#x200B;')
+        content = safe_join(href.gsub(/^https?:\/\//, '').scan(/.{1,4}/), '&#x200B;'.html_safe)
         pre_char +
         content_tag(:a, content, :href => href, :target => '_blank',
-                    :rel => 'nofolow', :onclick => "return confirm('%s')" %
+                    :rel => 'nofolow', :onclick => "return confirm('%s')".html_safe %
                       _('Are you sure you want to visit this web site?'))
       end
+      ret.html_safe
   end
 end
 module EventsHelper
  
   include DatesHelper
+  include ActionView::Helpers::OutputSafetyHelper
+
   def list_events(date, events)
     title = _('Events for %s') % show_date_month(date)
+    user_events = events.select { |item| item.display_to?(user) }
+    events_for_month = safe_join(user_events.map {|item| display_event_in_listing(item)}, '')
     content_tag('h2', title) +
     content_tag('div',
       (events.any? ?
-        content_tag('table', events.select { |item| item.display_to?(user) }.map {|item| display_event_in_listing(item)}.join('')) :
-        content_tag('em', _('No events for this month'), :class => 'no-events')
+        content_tag('table', events_for_month) :
+          content_tag('em', _('No events for this month'), :class => 'no-events')
       ), :id => 'agenda-items'
     )
   end
@@ -101,7 +101,7 @@ module FormsHelper
  
   def required_fields_message
     content_tag('p', content_tag('span',
-      _("The <label class='pseudoformlabel'>highlighted</label> fields are mandatory."),
+      _("The <label class='pseudoformlabel'>highlighted</label> fields are mandatory.").html_safe,
       :class => 'required-field'
     ))
   end
@@ -112,10 +112,11 @@ module FormsHelper
     options_for_select = container.inject([]) do |options, element|
       text, value = option_text_and_value(element)
       selected_attribute = ' selected="selected"' if option_value_selected?(value, selected)
-      options << %(<option title="#{html_escape(text.to_s)}" value="#{html_escape(value.to_s)}"#{selected_attribute}>#{html_escape(text.to_s)}</option>)
+      opt = %(<option title="#{html_escape(text.to_s)}" value="#{html_escape(value.to_s)}"#{selected_attribute}>#{html_escape(text.to_s)}</option>)
+      options << opt.html_safe
     end
  
-    options_for_select.join("\n")
+    safe_join(options_for_select, "\n")
   end
  
   def balanced_table(items, per_row=3)
@@ -248,8 +249,8 @@ module FormsHelper
   def date_range_field(from_name, to_name, from_value, to_value, datepicker_options = {}, html_options = {})
     from_id = html_options[:from_id] || 'datepicker-from-date'
     to_id = html_options[:to_id] || 'datepicker-to-date'
-    return _('From') +' '+ date_field(from_name, from_value, datepicker_options, html_options.merge({:id => from_id})) +
-    ' ' + _('until') +' '+ date_field(to_name, to_value, datepicker_options, html_options.merge({:id => to_id}))
+    return (_('From') +' '+ date_field(from_name, from_value, datepicker_options, html_options.merge({:id => from_id})) +
+    ' ' + _('until') +' '+ date_field(to_name, to_value, datepicker_options, html_options.merge({:id => to_id}))).html_safe
   end
  
   def select_folder(label_text, field_id, collection, default_value=nil, html_options = {}, js_options = {})
@@ -35,7 +35,7 @@ module ForumHelper
                              :id => "post-#{art.id}"
                             )
     }
-    content_tag('table', content.join) + (pagination or '')
+    content_tag('table', safe_join(content, "")) + (pagination or '').html_safe
   end
  
   def last_topic_update(article)
@@ -40,7 +40,7 @@ module LanguageHelper
         else
           link_to(name, params.merge(:lang => code), :rel => 'nofollow')
         end
-      end.join(separator)
+      end.join(separator).html_safe
       content_tag('div', languages, :id => 'language-chooser', :help => _('The language you choose here is the language used for options, buttons, etc. It does not affect the language of the content created by other users.'))
     end
   end
@@ -40,7 +40,8 @@ module LayoutHelper
  
     output += templete_javascript_ng.to_s
  
-    output
+    # This output should be safe!
+    output.html_safe
   end
  
   def noosfero_stylesheets
@@ -64,7 +65,9 @@ module LayoutHelper
       output << stylesheet_link_tag(global_css_pub)
     end
     output << stylesheet_link_tag(theme_stylesheet_path)
-    output.join "\n"
+
+    # This output should be safe!
+    output.join("\n").html_safe
   end
  
   def noosfero_layout_features
@@ -38,10 +38,11 @@ module ManageProductsHelper
   end
  
   def options_for_select_categories(categories, selected = nil)
-    categories.sort_by{|cat| cat.name.transliterate}.map do |category|
-      selected_attribute = selected.nil? ? '' : (category == selected ? "selected='selected'" : '')
-      "<option value='#{category.id}' title='#{category.name}' #{selected_attribute}>#{category.name + (category.leaf? ? '': ' &raquo;')}</option>"
-    end.join("\n")
+    safe_join(categories.sort_by{ |cat|
+      cat.name.transliterate}.map do |category|
+        selected_attribute = selected.nil? ? '' : (category == selected ? "selected='selected'" : '')
+          "<option value='#{category.id}' title='#{category.name}' #{selected_attribute}>#{category.name + (category.leaf? ? '': ' &raquo;')}</option>".html_safe
+    end, "\n")
   end
  
   def build_selects_for_ancestors(ancestors, current_category)
@@ -76,10 +77,13 @@ module ManageProductsHelper
  
   def categories_container(categories_selection_html, hierarchy_html = '')
     content_tag 'div',
-      render('categories_autocomplete') +
-      hidden_field_tag('selected_category_id') +
-      content_tag('div', hierarchy_html, :id => 'hierarchy_navigation') +
-      content_tag('div', categories_selection_html, :id => 'categories_container_wrapper'),
+      safe_join(
+        [
+          render('categories_autocomplete'),
+          hidden_field_tag('selected_category_id'),
+          content_tag('div', hierarchy_html, :id => 'hierarchy_navigation'),
+          content_tag('div', categories_selection_html, :id => 'categories_container_wrapper')
+        ], ''),
     :id => 'categories-container'
   end
  
@@ -129,7 +129,11 @@ module ProfileEditorHelper
     else
       domains = environment.domains
     end
-    labelled_form_field(_('Preferred domain name:'), select(object, :preferred_domain_id, domains.map {|item| [item.name, item.id]}, :prompt => '&lt;' + _('Select domain') + '&gt;'))
+    select_domain_prompt = '&lt;'.html_safe + _('Select domain').html_safe + '&gt;'.html_safe
+    select_field = select(object, :preferred_domain_id, domains.map {
+      |item| [item.name, item.id]}, :prompt => select_domain_prompt.html_safe)
+
+    labelled_form_field(_('Preferred domain name:'), select_field)
   end
  
   def control_panel(&block)
@@ -131,7 +131,7 @@ module ProfileImageHelper
     links = links_for_balloon(profile)
     content_tag('div', content_tag(tag,
                                    (environment.enabled?(:show_balloon_with_profile_links_when_clicked) ?
-                                   popover_menu(_('Profile links'),profile.short_name,links,{:class => trigger_class, :url => url}) : "") +
+                                   popover_menu(_('Profile links'),profile.short_name,links,{:class => trigger_class, :url => url}) : "").html_safe +
     link_to(
       content_tag( 'span', profile_image( profile, size ), :class => img_class ) +
       content_tag( 'span', h(name), :class => ( profile.class == Person ? 'fn' : 'org' ) ) +
@@ -139,7 +139,7 @@ module ProfileImageHelper
       profile.url,
       :class => 'profile_link url',
       :help => _('Click on this icon to go to the <b>%s</b>\'s home page') % profile.name,
-      :title => profile.name ),
+      :title => profile.name ).html_safe,
       :class => 'vcard'), :class => 'common-profile-list-block')
   end
 end
@@ -124,10 +124,10 @@ module SearchHelper
   def filters(asset)
     return if !asset
     klass = asset_class(asset)
-    content_tag('div', klass::SEARCH_FILTERS.map do |name, options|
+    content_tag('div', safe_join(klass::SEARCH_FILTERS.map do |name, options|
       default = klass.respond_to?("default_search_#{name}") ? klass.send("default_search_#{name}".to_s) : nil
       select_filter(name, options, default)
-    end.join("\n"), :id => 'search-filters')
+    end, "\n"), :id => 'search-filters')
   end
  
   def assets_menu(selected)
@@ -137,11 +137,11 @@ module SearchHelper
     #     menu.
     assets.delete(:events)
     content_tag('ul',
-      assets.map do |asset|
+      safe_join(assets.map do |asset|
         options = {}
         options.merge!(:class => 'selected') if selected.to_s == asset.to_s
         content_tag('li', asset_link(asset), options)
-      end.join("\n"),
+      end, "\n"),
     :id => 'assets-menu')
   end
  
@@ -58,7 +58,7 @@ module TagsHelper
  
       if options[:show_count]
         display_count = options[:show_count] ? "<small><sup>(#{count})</sup></small>" : ""
-        link_to tag + display_count, destination, :style => style
+        link_to (tag + display_count).html_safe, destination, :style => style
       else
         link_to h(tag) , destination, :style => style,
           :title => n_( 'one item', '%d items', count ) % count
@@ -7,7 +7,7 @@ module TinymceHelper
     output += javascript_include_tag 'tinymce/js/tinymce/jquery.tinymce.min.js'
     output += javascript_include_tag 'tinymce.js'
     output += include_macro_js_files.to_s
-    output
+    output.html_safe
   end
  
   def tinymce_init_js options = {}
@@ -37,7 +37,7 @@ module TinymceHelper
     #cleanup non tinymce options
     options = options.except :mode
  
-    "noosfero.tinymce.init(#{options.to_json})"
+    "noosfero.tinymce.init(#{options.to_json})".html_safe
   end
  
   def menubar mode
 require_dependency 'mailing_job'
  
-class Mailing < ActiveRecord::Base
+class Mailing < ApplicationRecord
  
   acts_as_having_settings :field => :data
  
-class AbuseReport < ActiveRecord::Base
+class AbuseReport < ApplicationRecord
  
   attr_accessible :content, :reason
  
-class ActionTrackerNotification < ActiveRecord::Base
+class ActionTrackerNotification < ApplicationRecord
  
   belongs_to :profile
   belongs_to :action_tracker, :class_name => 'ActionTracker::Record', :foreign_key => 'action_tracker_id'
@@ -0,0 +1,64 @@
+class ApplicationRecord < ActiveRecord::Base
+
+  self.abstract_class = true
+
+  def self.postgresql?
+    self.connection.adapter_name == 'PostgreSQL'
+  end
+
+  # an ActionView instance for rendering views on models
+  def self.action_view
+    @action_view ||= begin
+      view_paths = ::ActionController::Base.view_paths
+      action_view = ::ActionView::Base.new view_paths
+      # for using Noosfero helpers inside render calls
+      action_view.extend ::ApplicationHelper
+      action_view
+    end
+  end
+
+  # default value needed for the above ActionView
+  def to_partial_path
+    self.class.name.underscore
+  end
+
+  alias :meta_cache_key :cache_key
+  def cache_key
+    key = [Noosfero::VERSION, meta_cache_key]
+    key.unshift(ApplicationRecord.connection.schema_search_path) if ApplicationRecord.postgresql?
+    key.join('/')
+  end
+
+  def self.like_search(query, options={})
+    if defined?(self::SEARCHABLE_FIELDS) || options[:fields].present?
+      fields_per_table = {}
+      fields_per_table[table_name] = (options[:fields].present? ? options[:fields] : self::SEARCHABLE_FIELDS.keys.map(&:to_s)) & column_names
+
+      if options[:joins].present?
+        join_asset = options[:joins].to_s.classify.constantize
+        if defined?(join_asset::SEARCHABLE_FIELDS) || options[:fields].present?
+          fields_per_table[join_asset.table_name] = (options[:fields].present? ? options[:fields] : join_asset::SEARCHABLE_FIELDS.keys.map(&:to_s)) & join_asset.column_names
+        end
+      end
+
+      query = query.downcase.strip
+      fields_per_table.delete_if { |table,fields| fields.blank? }
+      conditions = fields_per_table.map do |table,fields|
+        fields.map do |field|
+          "lower(#{table}.#{field}) LIKE '%#{query}%'"
+        end.join(' OR ')
+      end.join(' OR ')
+
+      if options[:joins].present?
+        joins(options[:joins]).where(conditions)
+      else
+        where(conditions)
+      end
+
+    else
+      raise "No searchable fields defined for #{self.name}"
+    end
+  end
+
+end
+
@@ -86,7 +86,7 @@ class ApproveArticle &lt; Task
  
   def information
     if article
-      {:message => _('%{requestor} wants to publish the article: %{linked_subject}.')}
+      {:message => _('%{requestor} wants to publish the article: %{linked_subject}.').html_safe}
     else
       {:message => _("The article was removed.")}
     end
  
-class Article < ActiveRecord::Base
+class Article < ApplicationRecord
  
   include SanitizeHelper
  
-class ArticleCategorization < ActiveRecord::Base
+class ArticleCategorization < ApplicationRecord
   self.table_name = :articles_categories
  
   belongs_to :article
-class ArticleFollower < ActiveRecord::Base
+class ArticleFollower < ApplicationRecord
  
   attr_accessible :article_id, :person_id, :since
   belongs_to :article, :counter_cache => :followers_count
-class Block < ActiveRecord::Base
+class Block < ApplicationRecord
  
   attr_accessible :title, :subtitle, :display, :limit, :box_id, :posts_per_page,
                   :visualization_format, :language, :display_user,
-class Box < ActiveRecord::Base
+class Box < ApplicationRecord
  
   acts_as_list scope: -> box { where owner_id: box.owner_id, owner_type: box.owner_type }
  
-class Category < ActiveRecord::Base
+class Category < ApplicationRecord
  
   attr_accessible :name, :parent_id, :display_color, :display_in_menu, :image_builder, :environment, :parent
  
-class Certifier < ActiveRecord::Base
+class Certifier < ApplicationRecord
  
   attr_accessible :name, :environment
  
-class ChatMessage < ActiveRecord::Base
+class ChatMessage < ApplicationRecord
+
   attr_accessible :body, :from, :to
  
   belongs_to :to, :class_name => 'Profile'
-class Comment < ActiveRecord::Base
+class Comment < ApplicationRecord
  
   SEARCHABLE_FIELDS = {
     :title => {:label => _('Title'), :weight => 10},
-class ContactList < ActiveRecord::Base
+class ContactList < ApplicationRecord
  
   serialize :list, Array
  
@@ -60,9 +60,9 @@ class CreateCommunity &lt; Task
  
   def information
     if description.blank?
-      { :message => _('%{requestor} wants to create community %{subject} with no description.') }
+      { :message => _('%{requestor} wants to create community %{subject} with no description.').html_safe }
     else
-      { :message => _('%{requestor} wants to create community %{subject} with this description:<p><em>%{description}</em></p>'),
+      { :message => _('%{requestor} wants to create community %{subject} with this description:<p><em>%{description}</em></p>').html_safe,
         :variables => {:description => description} }
     end
   end
@@ -163,7 +163,7 @@ class CreateEnterprise &lt; Task
   end
  
   def information
-    {:message => _('%{requestor} wants to create enterprise %{subject}.')}
+    {:message => _('%{requestor} wants to create enterprise %{subject}.').html_safe}
   end
  
   def task_created_message
-class CustomField < ActiveRecord::Base
+class CustomField < ApplicationRecord
+
   attr_accessible :name, :default_value, :format, :extras, :customized_type, :active, :required, :signup, :environment, :moderation_task
   serialize :customized_type
   serialize :extras
-class CustomFieldValue < ActiveRecord::Base
+class CustomFieldValue < ApplicationRecord
+
   belongs_to :custom_field
   belongs_to :customized, :polymorphic => true
   attr_accessible :value, :public, :customized, :custom_field, :customized_type
@@ -17,7 +17,7 @@ class DocItem
       else
         match
       end
-    end
+    end.html_safe
   end
  
   private
 require 'noosfero/multi_tenancy'
  
-class Domain < ActiveRecord::Base
+class Domain < ApplicationRecord
  
   attr_accessible :name, :owner, :is_default
  
-class EmailTemplate < ActiveRecord::Base
+class EmailTemplate < ApplicationRecord
  
   belongs_to :owner, :polymorphic => true
  
 # A Environment is like a website to be hosted in the platform. It may
 # contain multiple Profile's and can be identified by several different
 # domains.
-class Environment < ActiveRecord::Base
+class Environment < ApplicationRecord
  
   attr_accessible :name, :is_default, :signup_welcome_text_subject,
                   :signup_welcome_text_body, :terms_of_use,
@@ -731,7 +731,7 @@ class Environment &lt; ActiveRecord::Base
     url << (Noosfero.url_options.key?(:host) ? Noosfero.url_options[:host] : default_hostname)
     url << ':' << Noosfero.url_options[:port].to_s if Noosfero.url_options.key?(:port)
     url << Noosfero.root('')
-    url
+    url.html_safe
   end
  
   def to_s
-class ExternalFeed < ActiveRecord::Base
+class ExternalFeed < ApplicationRecord
  
   belongs_to :blog
   validates_presence_of :blog_id
-class FavoriteEnterprisePerson < ActiveRecord::Base
+class FavoriteEnterprisePerson < ApplicationRecord
  
   attr_accessible :person, :enterprise
  
-class Friendship < ActiveRecord::Base
+class Friendship < ApplicationRecord
   track_actions :new_friendship, :after_create, :keep_params => ["friend.name", "friend.url", "friend.profile_custom_icon"], :custom_user => :person
  
   extend CacheCounterHelper
-class Image < ActiveRecord::Base
+class Image < ApplicationRecord
  
   attr_accessible :uploaded_data, :label, :remove_image
   attr_accessor :remove_image
-class Input < ActiveRecord::Base
+class Input < ApplicationRecord
  
   attr_accessible :product, :product_id, :product_category, :product_category_id,
     :amount_used, :unit_id, :price_per_unit, :relevant_to_price, :is_from_solidarity_economy
@@ -13,7 +13,7 @@ class InviteFriend &lt; Invitation
   end
  
   def information
-    {:message => _('%{requestor} wants to be your friend.')}
+    {:message => _('%{requestor} wants to be your friend.').html_safe}
   end
  
   def accept_details
@@ -25,7 +25,7 @@ class InviteFriend &lt; Invitation
   end
  
   def target_notification_description
-    _('%{requestor} wants to be your friend.') % {:requestor => requestor.name}
+    (_('%{requestor} wants to be your friend.') % {:requestor => requestor.name}).html_safe
   end
  
   def permission
@@ -25,7 +25,7 @@ class InviteMember &lt; Invitation
   end
  
   def information
-    {:message => _('%{requestor} invited you to join %{linked_subject}.')}
+    {:message => _('%{requestor} invited you to join %{linked_subject}.').html_safe}
   end
  
   def url
@@ -37,7 +37,7 @@ class InviteMember &lt; Invitation
   end
  
   def target_notification_description
-    _('%{requestor} invited you to join %{community}.') % {:requestor => requestor.name, :community => community.name}
+    (_('%{requestor} invited you to join %{community}.') % {:requestor => requestor.name, :community => community.name}).html_safe
   end
  
   def target_notification_message
-class License < ActiveRecord::Base
+class License < ApplicationRecord
  
   attr_accessible :name, :url
  
-class MailingSent < ActiveRecord::Base
+class MailingSent < ApplicationRecord
+
   attr_accessible :person
   belongs_to :mailing
   belongs_to :person
-class NationalRegion < ActiveRecord::Base
+class NationalRegion < ApplicationRecord
  
   SEARCHABLE_FIELDS = {
     :name => {:label => _('Name'), :weight => 1},
-class NationalRegionType < ActiveRecord::Base
+class NationalRegionType < ApplicationRecord
   COUNTRY = 1
   STATE   = 2
   CITY    = 3
@@ -341,7 +341,7 @@ class Person &lt; Profile
     environment ||= self.environment
     role_assignments.includes([:role, :resource]).select { |ra| ra.resource == environment }.map{|ra|ra.role.permissions}.any? do |ps|
       ps.any? do |p|
-        ActiveRecord::Base::PERMISSIONS['Environment'].keys.include?(p)
+        ApplicationRecord::PERMISSIONS['Environment'].keys.include?(p)
       end
     end
   end
-class PriceDetail < ActiveRecord::Base
+class PriceDetail < ApplicationRecord
  
   attr_accessible :price, :production_cost_id
  
-class Product < ActiveRecord::Base
+class Product < ApplicationRecord
  
   SEARCHABLE_FIELDS = {
     :name => {:label => _('Name'), :weight => 10},
-class ProductQualifier < ActiveRecord::Base
+class ProductQualifier < ApplicationRecord
  
   attr_accessible :qualifier, :product, :certifier
  
-class ProductionCost < ActiveRecord::Base
+class ProductionCost < ApplicationRecord
  
   attr_accessible :name, :owner
  
 # A Profile is the representation and web-presence of an individual or an
 # organization. Every Profile is attached to its Environment of origin,
 # which by default is the one returned by Environment:default.
-class Profile < ActiveRecord::Base
+class Profile < ApplicationRecord
  
   attr_accessible :name, :identifier, :public_profile, :nickname, :custom_footer, :custom_header, :address, :zip_code, :contact_phone, :image_builder, :description, :closed, :template_id, :environment, :lat, :lng, :is_template, :fields_privacy, :preferred_domain_id, :category_ids, :country, :city, :state, :national_region_code, :email, :contact_email, :redirect_l10n, :notification_time,
     :redirection_after_login, :custom_url_redirection,
@@ -675,7 +675,7 @@ class Profile &lt; ActiveRecord::Base
     url << url_options[:host]
     url << ':' << url_options[:port].to_s if url_options.key?(:port)
     url << Noosfero.root('')
-    url
+    url.html_safe
   end
  
 private :generate_url, :url_options
-class ProfileActivity < ActiveRecord::Base
+class ProfileActivity < ApplicationRecord
  
   self.record_timestamps = false
  
-class ProfileCategorization < ActiveRecord::Base
+class ProfileCategorization < ApplicationRecord
   self.table_name = :categories_profiles
   belongs_to :profile
   belongs_to :category
-class ProfileSuggestion < ActiveRecord::Base
+class ProfileSuggestion < ApplicationRecord
+
   belongs_to :person
   belongs_to :suggestion, :class_name => 'Profile', :foreign_key => :suggestion_id
  
-class Qualifier < ActiveRecord::Base
+class Qualifier < ApplicationRecord
  
   attr_accessible :name, :environment
  
-class QualifierCertifier < ActiveRecord::Base
+class QualifierCertifier < ApplicationRecord
   belongs_to :qualifier
   belongs_to :certifier
  
-class ReportedImage < ActiveRecord::Base
+class ReportedImage < ApplicationRecord
   belongs_to :abuse_report
  
   validates_presence_of :abuse_report
-class Scrap < ActiveRecord::Base
+class Scrap < ApplicationRecord
  
   include SanitizeHelper
  
-class SearchTerm < ActiveRecord::Base
+class SearchTerm < ApplicationRecord
   validates_presence_of :term, :context
   validates_uniqueness_of :term, :scope => [:context_id, :context_type, :asset]
  
@@ -25,7 +25,7 @@ class SearchTerm &lt; ActiveRecord::Base
   # Therefore the score is 97. Them we sum every score to get the total score
   # for a search term.
   def self.occurrences_scores
-    Hash[*ActiveRecord::Base.connection.execute(
+    Hash[*ApplicationRecord.connection.execute(
       joins(:occurrences).
       select("search_terms.id, sum(#{SearchTermOccurrence::EXPIRATION_TIME.to_i} - extract(epoch from (now() - search_term_occurrences.created_at))) as value").
       where("search_term_occurrences.created_at > ?", DateTime.now - SearchTermOccurrence::EXPIRATION_TIME).
-class SearchTermOccurrence < ActiveRecord::Base
+class SearchTermOccurrence < ApplicationRecord
  
   belongs_to :search_term
   validates_presence_of :search_term
@@ -65,7 +65,7 @@ class SuggestArticle &lt; Task
  
   def information
     variables = requestor.blank? ? {:requestor => sender} : {}
-    { :message => _('%{requestor} suggested the publication of the article: %{subject}.'),
+    { :message => _('%{requestor} suggested the publication of the article: %{subject}.').html_safe,
       :variables => variables }
   end
  
@@ -78,7 +78,7 @@ class SuggestArticle &lt; Task
   end
  
   def target_notification_description
-    _('%{requestor} suggested the publication of the article: %{article}.') %
+    _('%{requestor} suggested the publication of the article: %{article}.').html_safe %
     {:requestor => sender, :article => article_name}
   end
  
-class SuggestionConnection < ActiveRecord::Base
+class SuggestionConnection < ApplicationRecord
+
   attr_accessible :suggestion, :suggestion_id, :connection_type, :connection_id
  
   belongs_to :suggestion, :class_name => 'ProfileSuggestion', :foreign_key => 'suggestion_id'
@@ -9,7 +9,7 @@
 # This class has a +data+ field of type <tt>text</tt>, where you can store any
 # type of data (as serialized Ruby objects) you need for your subclass (which
 # will need to declare <ttserialize</tt> itself).
-class Task < ActiveRecord::Base
+class Task < ApplicationRecord
  
   acts_as_having_settings :field => :data
   acts_as_ordered_taggable
@@ -347,6 +347,21 @@ class Task &lt; ActiveRecord::Base
     where [environment_condition, profile_condition].compact.join(' OR ')
   }
  
+  scope :from_closed_date, -> closed_from {
+    where('tasks.end_date >= ?', closed_from.beginning_of_day) unless closed_from.blank?
+  }
+
+  scope :until_closed_date, -> closed_until {
+    where('tasks.end_date <= ?', closed_until.end_of_day) unless closed_until.blank?
+  }
+
+  scope :from_creation_date, -> created_from {
+    where('tasks.created_at >= ?', created_from.beginning_of_day) unless created_from.blank?
+  }
+
+  scope :until_creation_date, -> created_until {
+    where('tasks.created_at <= ?', created_until.end_of_day) unless created_until.blank?
+  }
  
   def self.pending_types_for(profile)
     Task.to(profile).pending.select('distinct type').map { |t| [t.class.name, t.title] }
-class Thumbnail < ActiveRecord::Base
+class Thumbnail < ApplicationRecord
  
   attr_accessible :uploaded_data
   # mass assigned by attachment_fu
-class Unit < ActiveRecord::Base
+class Unit < ApplicationRecord
  
   acts_as_list scope: -> unit { where environment_id: unit.environment_id }
  
@@ -4,7 +4,7 @@ require &#39;securerandom&#39;
  
 # User models the system users, and is generated by the acts_as_authenticated
 # Rails generator.
-class User < ActiveRecord::Base
+class User < ApplicationRecord
  
   attr_accessible :login, :email, :password, :password_confirmation, :activated_at
  
-class ValidationInfo < ActiveRecord::Base
+class ValidationInfo < ApplicationRecord
  
   attr_accessible :validation_methodology, :restrictions, :organization
  
@@ -107,7 +107,7 @@
     <%= render :partial => 'profile_editor/person_form', :locals => {:f => f} %>
   <% end %>
  
-  <%= @plugins.dispatch(:signup_extra_contents).collect { |content| instance_eval(&content) }.join("") %>
+  <%= safe_join(@plugins.dispatch(:signup_extra_contents).collect { |content| instance_eval(&content) }, "") %>
  
   <% unless @terms_of_use.blank? %>
     <div id='terms-of-use-box' class='formfieldline'>
@@ -14,7 +14,7 @@
 <div id="enterprise-activation-create-user-form" style="display: none">
   <h3><%= _('Personal signup form') %></h3>
   <%= render :partial => 'signup_form', :locals => { :hidden_atention => true } %>
-  <p><%= message = _('<b>Warning</b>: this form is for your personal information, not of your enterprise. So you will have a personal account that can manage your enterprise.') %></p>
+  <p><%= message = _('<b>Warning</b>: this form is for your personal information, not of your enterprise. So you will have a personal account that can manage your enterprise.').html_safe %></p>
 </div>
  
 <div id="enterprise-activation-login-form" style="display: none">
 <h1><%= _("Invalid change password code") %></h1>
  
 <p>
-<%= _('The code you are using for password change is not valid. Please try to request password change using the <a href="%s">"I forgot my password"</a> functionality.') % url_for(:action => 'forgot_password') %>
+<%= _('The code you are using for password change is not valid. Please try to request password change using the <a href="%s">"I forgot my password"</a> functionality.') % url_for(:action => 'forgot_password').html_safe %>
 </p>
@@ -20,7 +20,7 @@
        </label>
      </div>
  
-     <%= @plugins.dispatch(:login_extra_contents).collect { |content| instance_exec(&content) }.join("") %>
+     <%= safe_join(@plugins.dispatch(:login_extra_contents).collect { |content| instance_exec(&content) }, "") %>
  
      <% button_bar do %>
        <%= submit_button( 'login', _('Log in') )%>
@@ -15,7 +15,7 @@
  
       <%= f.password_field :password %>
  
-      <%= @plugins.dispatch(:login_extra_contents).collect { |content| instance_eval(&content) }.join("") %>
+      <%= safe_join(@plugins.dispatch(:login_extra_contents).collect { |content| instance_eval(&content) }, "") %>
  
       <% button_bar do %>
         <%= submit_button( 'login', _('Log in') )%>
@@ -5,5 +5,5 @@
 </p>
  
 <p>
-<%= _("You can <a href='%s'>login</a> now.") % url_for(:action => 'login') %>
+<%= _("You can <a href='%s'>login</a> now.").html_safe % url_for(:action => 'login') %>
 </p>
@@ -6,7 +6,7 @@
       <%= content_tag('li', content_tag('strong', "#{year.to_i} (#{count})")) %>
       <ul class='<%= year.to_i %>-archive'>
         <% block.blog.total_number_of_posts(:by_month, year).each do |month, count| %>
-          <%= content_tag('li', link_to("#{month_name(month.to_i)} (#{count})", block.blog.url.merge(year: year.to_i, month: month.to_i))) %>
+          <%= content_tag('li', link_to("#{month_name(month.to_i)} (#{count})", url_for(block.blog.url.merge(year: year.to_i, month: month.to_i)).html_safe)) %>
         <% end %>
       </ul>
     <% end %>
@@ -8,7 +8,7 @@
       <%= block.sanitize_link(link_to(link[:name], block.expand_address(link[:address]),
                 :target => link[:target],
                 :class => (link[:icon] ? "icon-#{link[:icon]}" : ''),
-                :title => link[:title])) %>
+                :title => link[:title])).html_safe %>
     </li>
   <% end %>
 </ul>
@@ -3,7 +3,7 @@
     <h2><%= _('Logged in as %s') % user.identifier %></h2>
     <ul>
       <li><%= _('User since %s/%s') % [user.created_at.month, user.created_at.year] %></li>
-      <li><%= link_to _('Homepage'), user.public_profile_url %></li>
+      <li><%= link_to _('Homepage'), url_for(user.public_profile_url) %></li>
     </ul>
     <div class="user-actions">
       <%= button(:'menu-logout',  _('Logout'), :controller => 'account', :action => 'logout') %>
@@ -10,8 +10,8 @@
   <% if list.empty? %>
     <div class='common-profile-list-block-none'><%= _('None') %></div>
   <% else %>
-    <ul><%= list %></ul>
+    <ul><%= list.html_safe %></ul>
   <% end %>
 </div>
- 
+
 <br style='clear:both'/>
@@ -9,7 +9,8 @@
     first_text = articles[articles.find_index{|a| a.kind_of? TextArticle}||-1]
     selected = @block.article || first_text
   %>
-  <%= select_tag(
+  <%= 
+    select_tag(
     'block[article_id]',
     options_for_select_with_title(articles.map {|item| [item.path, item.id]}, selected.id),
     :onchange => 'this.changedTo(this.value)'
@@ -35,7 +35,7 @@
           <% else %>
             <div class="no-image"><%= _('No image') %></div>
           <% end %>
-          <div class="catalog-item-extras"><%= extra_content.join("\n") %></div>
+          <div class="catalog-item-extras"><%= safe_join(extra_content, "\n") %></div>
         </li>
  
         <li class="product-link"><%= link_to_product product %></li>
@@ -35,7 +35,7 @@
 <div id="article-formitem">
   <%= labelled_form_field( _('Address'),
         content_tag('code',
-          url_for(@article.url).gsub(/#{@article.slug}$/, '') +
+          url_for(@article.url).gsub(/#{@article.slug}$/, '').html_safe +
           text_field(:article, :slug, :onchange => "warn_value_change()", :size => 25)
         ) +
         content_tag('div',
@@ -14,7 +14,7 @@
     <p><%= _('Numbered lists:') %></p>
     <pre># <%= _('first item') %>
 # <%= _('second item') %></pre>
-    <p><%= h(_('For code, use HTML tags <pre> and <code>, and indent the code inside them:')) %>
+    <p><%= h(_('For code, use HTML tags <pre> and <code>, and indent the code inside them:').html_safe) %>
     </p>
     <pre>
 &lt;pre&gt;
@@ -23,7 +23,7 @@
 &lt;/code&gt;
 &lt;/pre&gt;
 </pre>
-    <p><%= _('See also a more complete <a href="%s">Textile Reference</a>.') % 'http://redcloth.org/hobix.com/textile/' %></p>
+    <p><%= _('See also a more complete <a href="%s">Textile Reference</a>.').html_safe % 'http://redcloth.org/hobix.com/textile/' %></p>
   </div>
 </div>
  
@@ -39,7 +39,7 @@
  
   <script>
     jQuery('#article_tag_list').inputosaurus({
-      autoCompleteSource: <%= "'/myprofile/#{profile.identifier}/cms/search_tags'," %>
+      autoCompleteSource: <%= "'/myprofile/#{profile.identifier}/cms/search_tags',".html_safe %>
       activateFinalResult : true
     })
   </script>
@@ -5,7 +5,7 @@
 <ul class="article-types">
   <% for type in @article_types %>
     <% action = type[:class].name == 'UploadedFile' ? {:action => 'upload_files'} : {:action => 'new', :type => type[:class].name} %>
-    <%= content_tag('a', :href => url_for(action.merge(:parent_id => @parent_id, :back_to => @back_to))) do %>
+    <%= content_tag('a', :href => url_for(action.merge(:parent_id => @parent_id, :back_to => @back_to)).html_safe) do %>
       <li class="<%= icon_for_new_article(type[:class]) %>" onmouseover="javascript: jQuery(this).addClass('mouseover')" onmouseout="jQuery(this).removeClass('mouseover')">
         <strong><%= type[:short_description] %></strong>
         <div class='description'><%= type[:description] %></div>
@@ -17,11 +17,11 @@
 <h3><%= _("Select the files you want to upload (max size %s):") % UploadedFile.max_size.to_humanreadable %></h3>
 <h4><%= _('Documents, Images, Videos, Audio') %></h4>
  
-<h5><%= _('Uploading files to %s') % content_tag('code', @target) %></h5>
+<h5><%= (_('Uploading files to %s') % content_tag('code', @target)).html_safe%></h5>
  
 <%= form_for('uploaded_file', :url => { :action => 'upload_files' }, :html => {:multipart => true}) do |f| %>
  
-  <%= @plugins.dispatch(:upload_files_extra_fields, params[:parent_id]).collect { |content| instance_exec(&content) }.join("") %>
+  <%= safe_join(@plugins.dispatch(:upload_files_extra_fields, params[:parent_id]).collect { |content| instance_exec(&content) }, "") %>
  
   <%= render :partial => 'upload_file_form', :locals => { :size => '45'} %>
  
@@ -17,7 +17,7 @@
 <% button_bar(:style => 'margin-bottom: 1em;') do %>
   <% parent_id = ((@article && @article.allow_children?) ? @article : nil) %>
  
-  <%= modal_button('new', _('New content'), :action => 'new', :parent_id => parent_id, :cms => true) %>
+  <%= modal_button('new', _('New content'), url_for({:action => 'new', :parent_id => parent_id, :cms => true}).html_safe) %>
   <%= button(:back, _('Back to control panel'), :controller => 'profile_editor', :action => "index") %>
 <% end %>
  
@@ -26,7 +26,7 @@
     <strong><%= _('Current folder: ') %></strong>
     <%= link_to profile.identifier, :action => 'index' %>
     <% @article.hierarchy.each do |item| %>
-      <%= " / " + ((item == @article) ? item.name.html_safe : link_to(item.slug, :id => item.id).html_safe) %>
+      <%= " / ".html_safe + ((item == @article) ? item.name.html_safe : link_to(item.slug, :id => item.id).html_safe) %>
     <% end %>
   </div>
 <% end %>
@@ -45,9 +45,9 @@
     <tr>
       <td>
         <% if @article.parent %>
-          <%= link_to '.. (' + _('parent folder') + ')', {:action => 'view', :id => @article.parent.id}, :class => 'icon-parent-folder' %>
+          <%= link_to '.. ('.html_safe + _('parent folder') + ')', {:action => 'view', :id => @article.parent.id}, :class => 'icon-parent-folder' %>
         <% else %>
-          <%= link_to '.. (' + _('parent folder') + ')', {:action => 'index'}, :class => 'icon-parent-folder' %>
+          <%= link_to '.. ('.html_safe + _('parent folder') + ')', {:action => 'index'}, :class => 'icon-parent-folder' %>
         <% end %>
       </td>
       <td><%= Folder.short_description %></td>
@@ -43,7 +43,7 @@
         <p/>
         <%= txt2html sanitize(comment.body) %>
       </div>
-      <%= @plugins.dispatch(:comment_extra_contents, local_assigns).collect { |content| instance_exec(&content) }.join("") %>
+      <%= safe_join(@plugins.dispatch(:comment_extra_contents, local_assigns).collect { |content| instance_exec(&content) }, "") %>
     </div>
  
     <div class="comment_reply post_comment_box closed" id="comment_reply_to_<%= comment.id %>">
@@ -85,7 +85,7 @@ function check_captcha(button, confirm_action) {
   <%= hidden_field_tag(:view, params[:view])%>
   <%= f.hidden_field(:reply_of_id) %>
  
-  <%= @plugins.dispatch(:comment_form_extra_contents, local_assigns.merge(:comment => @comment)).collect { |content| instance_exec(&content) }.join("") %>
+  <%= safe_join(@plugins.dispatch(:comment_form_extra_contents, local_assigns.merge(:comment => @comment)).collect { |content| instance_exec(&content) }, "") %>
  
   <% button_bar do %>
     <%= submit_button('add', _('Post comment'), :onclick => "if(check_captcha(this)) { save_comment(this) } else { check_captcha(this, save_comment)};return false;") %>
@@ -26,7 +26,7 @@
         <% content = _('Add translation') %>
         <% parent_id = (@page.folder? ? @page : (@page.parent.nil? ? nil : @page.parent)) %>
         <% url = profile.admin_url.merge(:controller => 'cms', :action => 'new', :parent_id => parent_id, :type => @page.type, :article => { :translation_of_id => @page.native_translation.id })%>
-        <%= expirable_button @page, :locale, content, url %>
+        <%= expirable_button @page, :locale, content, url_for(url).html_safe %>
       <% end %>
  
       <% if !@page.archived? %>
@@ -67,7 +67,7 @@
       <div class="blog-cover"><%= image_tag(@page.image.public_filename())%></div>
     <% end %>
     <%= button_without_text(:feed, _('RSS feed'), @page.feed.url, :class => 'blog-feed-link') if @page.has_posts? && @page.feed %>
-    <%= @plugins.dispatch(:article_header_extra_contents, @page).collect { |content| instance_exec(&content) }.join("") %>
+    <%= safe_join(@plugins.dispatch(:article_header_extra_contents, @page).collect { |content| instance_exec(&content) }) %>
     <% if @page.archived? %>
       <%= render :partial => 'cms/archived_warning', :locals => {:article => @page} %>
     <% end %>
@@ -7,7 +7,7 @@
   </span>
 <% unless @no_comments %>
   <span class="comments">
-    <%= (" - %s") % link_to_comments(@page)%>
+    <%= (" - %s").html_safe % link_to_comments(@page) %>
   </span>
 <% end %>
  
@@ -35,7 +35,7 @@
       </div>
     <% end %>
     <div class="event-content">
-      <%= event.body %>
+      <%= raw event.body %>
     </div>
   <% end %>
 </div>
@@ -2,9 +2,9 @@
 <%= button(:back, _('Back to the versions'), {:action => 'article_versions'}) %>
 </div>
  
-<h1><%= _('Changes on "%s"') % @page.title %></h1>
+<h1><%= _('Changes on "%s"').html_safe % @page.title %></h1>
  
-<p> <%= _('Changes from %s &rarr; %s') % [show_time(@v1.updated_at), show_time(@v2.updated_at)] %> </p>
+<p> <%= _('Changes from %s &rarr; %s').html_safe % [show_time(@v1.updated_at), show_time(@v2.updated_at)] %> </p>
  
 <% diffContent = Diffy::Diff.new(@v1.body, @v2.body, :context => 1) %>
 <% if diffContent.to_s(:text).blank? %>
@@ -12,5 +12,5 @@
     <%= _('These versions range have no differences.')%>
   </p>
 <% else %>
-  <%= diffContent.to_s(:html) %>
+  <%= diffContent.to_s(:html).html_safe %>
 <% end %>
@@ -45,24 +45,24 @@
 <% if ! @page.categories.empty? %>
 <div id="article-cat">
   <h4><%= _('Categories') %></h4>
-    <%= @page.categories.map {|item| link_to_category(item, false) }.join(", ") %>
+    <%= safe_join(@page.categories.map {|item| link_to_category(item, false) }, ", ") %>
 </div>
 <% end %>
  
 <% if !@page.tags.empty? %>
   <div id="article-tags">
-    <%= _("This article's tags:") %>
-    <%= @page.tags.map { |t| link_to(t, :controller => 'profile', :profile => @profile.identifier, :action => 'tags', :id => t.name ) }.join("\n") %>
+    <%= _("This article's tags:").html_safe %>
+    <%= safe_join(@page.tags.map { |t| link_to(t, :controller => 'profile', :profile => @profile.identifier, :action => 'tags', :id => t.name ) }, "\n") %>
   </div>
 <% end %>
  
 <%= display_source_info(@page) %>
  
-<%= @plugins.dispatch(:article_extra_contents, @page).collect { |content| instance_exec(&content) }.join("") %>
+<%= safe_join(@plugins.dispatch(:article_extra_contents, @page).collect { |content| instance_exec(&content) }, "") %>
  
 <% if @page.accept_comments? || @comments_count > 0 %>
   <div class="comments" id="comments_list">
-    <h3 <%= 'class="no-comments-yet"' if @comments_count == 0 %>>
+    <h3 <%= 'class="no-comments-yet"'.html_safe if @comments_count == 0 %>>
       <%= display_number_of_comments(@comments_count) %>
     </h3>
  
@@ -5,5 +5,5 @@
       <li><%= link_to text, link, :target => '_blank' %></li>
     <% end %>
   </ul>
-  <%= @toc.text %>
+  <%= raw @toc.text %>
 </div>
@@ -5,7 +5,7 @@
 <p>
 <%=  _('Here you can enable or disable several features of your environment. Each feature represents some funcionality that your environment can use if you enable it.
  
-Check all the features you want to enable for your environment, uncheck all the ones you don\'t want, and use the <em>"Save changes" button</em> to confirm your changes.') %>
+Check all the features you want to enable for your environment, uncheck all the ones you don\'t want, and use the <em>"Save changes" button</em> to confirm your changes.').html_safe %>
 </p>
  
 <%= labelled_form_for(:environment, :url => {:action => 'update'}) do |f| %>
@@ -7,7 +7,7 @@
           <div class='highlighted-news-item post-<%= index + 1 %>-inner'>
             <h2><%= link_to(h(highlighted.title), highlighted.url, :class => 'post-title') %></h2>
             <span class="post-date"><%= show_date(highlighted.published_at, true) %> </span>
-            <div class='headline'><%= highlighted.lead %></div>
+            <div class='headline'><%= raw highlighted.lead %></div>
             <p class='highlighted-news-read-more'>
               <%= link_to(_('Read more'), highlighted.url) %>
             </p>
@@ -49,7 +49,7 @@
     <% end %>
   <% end %>
 <% else %>
-  <%= environment.description %>
+  <%= environment.description.html_safe %>
 <% end %>
  
 <% if environment.enabled?('search_in_home') %>
@@ -3,12 +3,12 @@
  
 <%= form_tag do %>
  
-  <%= [
+  <%= safe_join([
         radio_button_tag(:import_from, "manual", @import_from == "manual", :onclick => 'hide_invite_friend_login_password()') + content_tag('label', _('Manually (empty field)'), :for => "import_from_manual"),
         radio_button_tag(:import_from, "gmail", @import_from == "gmail", :onclick => 'show_invite_friend_login_password(this.value)') + content_tag('label', 'Gmail', :for => 'import_from_gmail'),
         radio_button_tag(:import_from, "yahoo", @import_from == "yahoo", :onclick => 'show_invite_friend_login_password(this.value)') + content_tag('label', 'Yahoo', :for => "import_from_yahoo"),
         radio_button_tag(:import_from, "hotmail", @import_from == "hotmail", :onclick => 'show_invite_friend_login_password(this.value)') + content_tag('label', 'Hotmail', :for => "import_from_hotmail")
-      ].join("\n<br/>\n") %>
+      ], "\n<br/>\n".html_safe) %>
  
   <script type="text/javascript">
     function hide_invite_friend_login_password() {
@@ -7,22 +7,23 @@
     </span>
   <% else %>
     <span class='not-logged-in'>
-      <%= _("<span class='login'>%s</span>") % modal_inline_link_to('<i class="icon-menu-login"></i><strong>' + _('Login') + '</strong>', login_url, '#inlineLoginBox', :id => 'link_login') %>
-      <%= @plugins.dispatch(:alternative_authentication_link).collect { |content| instance_exec(&content) }.join("") %>
+      <%= usermenu_notlogged_in %>
+      <% @plugins.dispatch(:alternative_authentication_link).collect do |content|%>
+         <%= instance_exec(&content) %> 
+      <%end%>
  
-    <div id='inlineLoginBox' style='display: none;'>
-      <%= render :file => 'account/login', :locals => { :is_popin => true } %>
-    </div>
+      <div id='inlineLoginBox' style='display: none;'>
+        <%= render :file => 'account/login', :locals => { :is_popin => true } %>
+      </div>
  
-    <% unless @plugins.dispatch(:allow_user_registration).include?(false) %>
-      <%= _("<span class='or'>or</span> <span class='signup'>%s</span>") % link_to('<strong>' + _('Sign up') + '</strong>', :controller => 'account', :action => 'signup')%>
-    <% end %>
-
-  </span>
+      <% unless @plugins.dispatch(:allow_user_registration).include?(false) %>
+        <%= usermenu_signup %>
+      <% end %>
+    </span>
   <% end %>
   <form action="/search/articles" id="top-search" class="search_form clean" method="get">
     <input name="query" size="15" title="<%=_('Search...')%>" onfocus="this.form.className='focused';" onblur="this.form.className=''" />
-    <div><%=_('Press <strong>Enter</strong> to send the search query.')%></div>
+    <div><%=_('Press <strong>Enter</strong> to send the search query.').html_safe%></div>
     <%= javascript_tag 'jQuery("#user form input").hint();' %>
   </form>
 </div><!-- end id="user" -->
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="<%= html_language %>" lang="<%= html_language %>" class="<%= h html_tag_classes %>">
   <head>
-    <title><%= h page_title %></title>
+    <title><%= h page_title.html_safe %></title>
     <%= yield(:feeds) %>
     <!--<meta http-equiv="refresh" content="1"/>-->
     <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
@@ -20,24 +20,33 @@
     <%# Add custom tags/styles/etc via content_for %>
     <%= yield :head %>
     <%=
-      @plugins.dispatch(:head_ending).map do |content|
-        if content.respond_to?(:call) then instance_exec(&content).to_s.html_safe else content.to_s.html_safe end
-      end.join("\n")
+      str = (@plugins.dispatch(:head_ending).map do |content|
+              if content.respond_to?(:call) then 
+                instance_exec(&content).to_s
+              else 
+                content.to_s
+              end
+            end)
+      safe_join(str, "\n")
     %>
  
     <script type="text/javascript">
-      DEFAULT_LOADING_MESSAGE = <%="'#{ _('loading...') }'" %>;
-      noosfero.profile = <%= (@profile.identifier if @profile).to_json %>
+      DEFAULT_LOADING_MESSAGE = <%="'#{ _('loading...') }'".html_safe %>;
+      noosfero.profile = <%= (@profile.identifier if @profile).to_json.html_safe %>
     </script>
  
   </head>
   <body class="<%= h body_classes %>">
     <a href="#content" id="link-go-content"><span><%= _("Go to the content") %></span></a>
-
     <%=
-      @plugins.dispatch(:body_beginning).map do |content|
-        if content.respond_to?(:call) then instance_exec(&content).to_s.html_safe else content.to_s.html_safe end
-      end.join("\n")
+      str = (@plugins.dispatch(:body_beginning).map do |content|
+              if content.respond_to?(:call) then 
+                instance_exec(&content).to_s
+              else 
+                content.to_s 
+              end
+            end)
+      safe_join(str, "\n")
     %>
     <div id="global-header">
       <%= global_header %>
@@ -75,9 +84,14 @@
     <%= noosfero_layout_features %>
     <%= addthis_javascript %>
     <%=
-      @plugins.dispatch(:body_ending).map do |content|
-        if content.respond_to?(:call) then instance_exec(&content).html_safe else content.html_safe end
-      end.join("\n")
+      str = (@plugins.dispatch(:body_ending).map do |content|
+              if content.respond_to?(:call) then 
+                instance_exec(&content)
+              else 
+                content
+              end
+            end)
+      safe_join(str, "\n")
     %>
  
   </body>
@@ -16,7 +16,7 @@
   <% if profile.user.enable_email %>
     <h2><%= ('E-mail address') %></h2>
     <ul>
-      <%= profile.email_addresses.map{|i| content_tag('li', i)}.join("\n") %>
+      <%= safe_join(profile.email_addresses.map{|i| content_tag('li', i)}, "\n") %>
     </ul>
     <h2><%= _('Configuration') %></h2>
     <ul>
@@ -31,7 +31,7 @@
   <% else %>
  
     <h2><%= _("Enable e-Mail account below:") %></h2>
-    <ul><%= profile.email_addresses.map{|i| content_tag('li', i)}.join("\n") %></ul>
+    <ul><%= safe_join(profile.email_addresses.map{|i| content_tag('li', i)}, "\n") %></ul>
     <blockquote><%= _("You'll be able to access a webmail from your user menu.") %></blockquote>
     <% button_bar do %>
       <%= button(:ok, _('Enable e-Mail'), { :action => 'enable' }, :method => 'post') %>
@@ -4,7 +4,7 @@
     <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
   </head>
   <body style="margin: 0">
-    <%= word_wrap(@message) %>
+    <%= raw word_wrap(@message) %>
     <p>
       --<br/>
       <%= @signature_message %><br/>
@@ -14,7 +14,7 @@
     </div>
     <div id='product-extra-content'>
       <% extra_content = @plugins.dispatch(:product_info_extras, @product).collect { |content| instance_exec(&content) } %>
-      <%= extra_content.join("\n") %>
+      <%= safe_join(extra_content, "\n") %>
     </div>
     <div id='product-info'>
       <%= render :partial => 'manage_products/display_info' %>
@@ -34,13 +34,13 @@
   <div style='margin-bottom: 0.5em' id='community-join-before'>
     <%= radio_button 'community', 'closed', 'true', :style => 'float: left' %>
     <div style='margin-left: 30px'>
-      <%= _('<strong>Before</strong> joining this group (a moderator has to accept the member in pending request before member can access the intranet and/or the website).') %>
+      <%= _('<strong>Before</strong> joining this group (a moderator has to accept the member in pending request before member can access the intranet and/or the website).').html_safe %>
     </div>
   </div>
   <div id='community-join-after'>
     <%= radio_button 'community', 'closed', 'false', :style => 'float: left' %>
     <div style='margin-left: 30px'>
-      <%= _('<strong>After</strong> joining this group (a moderator can always desactivate access for users later).') %>
+      <%= _('<strong>After</strong> joining this group (a moderator can always desactivate access for users later).').html_safe %>
     </div>
   </div>
  
@@ -2,7 +2,7 @@
  
 <%= _("You have %d pending task(s).") % @tasks.size %>
  
-<%= @tasks.map{|i| " * #{i.description}"}.join("\n") %>
+<%= safe_join(@tasks.map{|i| " * #{i.description}"}, "\n") %>
  
 <%= _("Click in address below to process task(s):") %>
  
@@ -11,7 +11,7 @@
 <% pending_tasks = @person.pending_tasks_for_organization(organization) %>
 <%= _("%s has %d pending task(s).") % [organization.name, pending_tasks.size] %>
  
-<%= pending_tasks.map{|i| " * #{i.information}"}.join("\n") %>
+<%= safe_join(pending_tasks.map{|i| " * #{i.information}"}, "\n") %>
  
 <%= _("Click in address below to process task(s):") %>
  
@@ -20,6 +20,6 @@
   <%= pagination_links @tagged, :param_name => 'npage' %>
  
   <div>
-    <%= link_to _('See content tagged with "%s" in the entire site') % escaped_tag, :controller => 'search', :action => 'tag', :tag => @tag %>
+    <%= link_to (_('See content tagged with "%s" in the entire site') % escaped_tag).html_safe, :controller => 'search', :action => 'tag', :tag => @tag %>
   </div>
 <% end %>
@@ -5,7 +5,7 @@
 <% else %>
   <% unless profile.description.blank? %>
     <div class='public-profile-description'>
-      <%= profile.description %>
+      <%= raw profile.description %>
     </div>
   <% end %>
   <div id='public-profile-search'>
@@ -34,13 +34,13 @@
   <div style='margin-bottom: 0.5em'>
     <%= radio_button 'profile_data', 'closed', 'true', :style => 'float: left' %>
     <div style='margin-left: 30px'>
-      <%= _('<strong>Before</strong> joining this group (a moderator has to accept the member in pending request before member can access the intranet and/or the website).') %>
+      <%= _('<strong>Before</strong> joining this group (a moderator has to accept the member in pending request before member can access the intranet and/or the website).').html_safe %>
     </div>
   </div>
   <div>
     <%= radio_button 'profile_data', 'closed', 'false', :style => 'float: left' %>
     <div style='margin-left: 30px'>
-      <%= _('<strong>After</strong> joining this group (a moderator can always desactivate access for users later).') %>
+      <%= _('<strong>After</strong> joining this group (a moderator can always desactivate access for users later).').html_safe %>
     </div>
   </div>
   <br>
@@ -52,13 +52,13 @@
 <div style='margin-bottom: 0.5em'>
   <%= radio_button 'profile_data', 'moderated_articles', 'true', :style => 'float: left' %>
   <div style='margin-left: 30px'>
-    <%= _('<strong>Before</strong> being published in this group (a moderator has to accept the article in pending request before the article be listed as a article of this group).') %>
+    <%= _('<strong>Before</strong> being published in this group (a moderator has to accept the article in pending request before the article be listed as a article of this group).').html_safe %>
   </div>
 </div>
 <div>
   <%= radio_button 'profile_data', 'moderated_articles', 'false', :style => 'float: left' %>
   <div style='margin-left: 30px'>
-    <%= _('<strong>After</strong> being published in this group (a moderator can always remove publicated articles later).') %>
+    <%= _('<strong>After</strong> being published in this group (a moderator can always remove publicated articles later).').html_safe %>
   </div>
 </div>
  
@@ -4,7 +4,7 @@
  
   <%= required f.text_field(:name) %>
  
-  <%= @plugins.dispatch(:profile_info_extra_contents).collect { |content| instance_exec(&content) }.join("") %>
+  <%= safe_join(@plugins.dispatch(:profile_info_extra_contents).collect { |content| instance_exec(&content) }, "") %>
  
 <% if @environment.enabled?('enable_organization_url_change') %>
   <script type="text/javascript">
@@ -41,7 +41,7 @@
     <div id="profile-identifier-formitem">
       <%= required labelled_form_field( _('Address'),
             content_tag('code',
-              url_for(profile.url).gsub(/#{profile.identifier}$/, '') +
+              url_for(profile.url).gsub(/#{profile.identifier}$/, '').html_safe +
               text_field(:profile_data, :identifier, :onchange => "warn_value_change()", :size => 25)
             ) +
             content_tag('div',
@@ -4,7 +4,7 @@
   <div class='pending-tasks'>
     <h2><%= _('You have pending requests') %></h2>
     <ul>
-      <%= @pending_tasks.take(10).map {|task| content_tag('li', task_information(task))}.join %>
+      <%= safe_join(@pending_tasks.map {|task| content_tag('li', task_information(task))}) %>
     </ul>
     <%= button(:todo, _('Process requests'), :controller => 'tasks', :action => 'index') %>
   </div>
@@ -16,7 +16,7 @@
     </div>
   </div>
  
-  <%= @plugins.dispatch(:profile_info_extra_contents).collect { |content| instance_exec(&content) }.join("") %>
+  <%= safe_join(@plugins.dispatch(:profile_info_extra_contents).collect { |content| instance_exec(&content) }, "") %>
  
   <div class="formfieldline">
     <%= label_tag("private_token", _("Private Token")) %>
@@ -26,20 +26,20 @@
  
   <% if profile.person? %>
     <div>
-      <%= labelled_radio_button _('Public &mdash; show my contents to all internet users'), 'profile_data[public_profile]', true, @profile.public_profile? %>
+      <%= labelled_radio_button _('Public &mdash; show my contents to all internet users').html_safe, 'profile_data[public_profile]', true, @profile.public_profile? %>
     </div>
     <div>
-      <%= labelled_radio_button _('Private &mdash; show my contents only to friends'), 'profile_data[public_profile]', false, !@profile.public_profile? %>
+      <%= labelled_radio_button _('Private &mdash; show my contents only to friends').html_safe, 'profile_data[public_profile]', false, !@profile.public_profile? %>
     </div>
   <% else %>
     <div>
-      <%= labelled_check_box _("Secret &mdash; hide the community and all its contents for non members and other people can't join this community unless they are invited to."), 'profile_data[secret]', true, profile.secret, :class => "profile-secret-box" %>
+      <%= labelled_check_box _("Secret &mdash; hide the community and all its contents for non members and other people can't join this community unless they are invited to.").html_safe, 'profile_data[secret]', true, profile.secret, :class => "profile-secret-box" %>
     </div>
     <div>
-      <%= labelled_radio_button _('Public &mdash; show content of this group to all internet users'), 'profile_data[public_profile]', true, @profile.public_profile?, :class => "public-community-button" %>
+      <%= labelled_radio_button _('Public &mdash; show content of this group to all internet users').html_safe, 'profile_data[public_profile]', true, @profile.public_profile?, :class => "public-community-button" %>
     </div>
     <div>
-      <%= labelled_radio_button _('Private &mdash; show content of this group only to members'), 'profile_data[public_profile]', false, !@profile.public_profile?, :class => "private-community-button" %>
+      <%= labelled_radio_button _('Private &mdash; show content of this group only to members').html_safe, 'profile_data[public_profile]', false, !@profile.public_profile?, :class => "private-community-button" %>
     </div>
   <% end %>
  
@@ -60,9 +60,9 @@
   )%>
  
   <%=
-    @plugins.dispatch(:profile_editor_extras).map do |content|
+    safe_join(@plugins.dispatch(:profile_editor_extras).map do |content|
       content.kind_of?(Proc) ? self.instance_exec(&content) : content
-    end.join("\n")
+    end, "\n")
   %>
  
   <%= select_categories(:profile_data, _('Select the categories of your interest'), 2) %>
@@ -7,7 +7,7 @@
  
         <p><%= _('Roles:') %> </p>
         <% @data[:roles].each do |r| %>
-          <%= labelled_check_box(r.name, 'filters[roles][]', r.id, @filters[:roles].include?(r.id.to_s), :add_hidden => false) %><br/>
+          <%= raw labelled_check_box(r.name, 'filters[roles][]', r.id, @filters[:roles].include?(r.id.to_s), :add_hidden => false) %><br/>
         <% end %>
         <p>
           <%= submit_button(:search, _('Search')) %>
@@ -9,7 +9,7 @@
   <% permissions.each do |key| %>
   <div class="permissions <%= key.downcase %>">
     <h4><%= _('%s Permissions:' % key) %></h4>
-    <% ActiveRecord::Base::PERMISSIONS[key].keys.each do |p| %>
+    <% ApplicationRecord::PERMISSIONS[key].keys.each do |p| %>
       <%= check_box_tag("role[permissions][]", p, role.has_permission?(p), { :id => p }) %>
       <%= content_tag(:label, permission_name(p), { :for => p }) %><br/>
     <% end %>
@@ -9,7 +9,7 @@
   <% permissions.each do |key| %>
   <div class="permissions <%= key.downcase %>">
     <h4><%= _('%s Permissions:' % key) %></h4>
-    <% ActiveRecord::Base::PERMISSIONS[key].keys.each do |p| %>
+    <% ApplicationRecord::PERMISSIONS[key].keys.each do |p| %>
       <%= check_box_tag("role[permissions][]", p, role.has_permission?(p), { :id => p }) %>
       <%= content_tag(:label, permission_name(p), { :for => p }) %><br/>
     <% end %>
@@ -2,7 +2,7 @@
  
 <div class="search-article-author-changes">
   <% if article.last_changed_by and article.last_changed_by != article.profile %>
-    <span><%= _('Updated by %{name} at %{date}') % {:name => link_to(article.last_changed_by.name, article.last_changed_by.url),
+    <span><%= _('Updated by %{name} at %{date}').html_safe % {:name => link_to(article.last_changed_by.name, article.last_changed_by.url),
       :date => show_date(article.updated_at) } %></span>
   <% else %>
     <span><%= _('Last update: %s.') % show_date(article.updated_at) %></span>
 <% extra_content = @plugins.dispatch(:asset_product_extras, product).collect { |content| instance_exec(&content) } %>
-<% extra_properties = @plugins.dispatch(:asset_product_properties, product)%>
+<% extra_properties = @plugins.dispatch(:asset_product_properties, product) %>
  
 <li class="search-product-item <%= 'highlighted' if product.highlighted? %>">
  
@@ -77,9 +77,9 @@
  
   <div style="clear: both"></div>
  
-  <%= extra_content.join('\n') %>
+  <%= safe_join(extra_content, '\n') %>
   <% extra_properties.each do |property| %>
-    <div><%= property[:name] + ': ' + instance_exec(&property[:content]) %></div>
+    <div><%= ''.html_safe + property[:name] + ': ' + instance_exec(&property[:content]) %></div>
   <% end %>
  
 </li>
 <h2>
-  <%= _('Tagged with "%s"') % content_tag('code', @tag) %>
+  <%= _('Tagged with "%s"').html_safe % content_tag('code', @tag) %>
 </h2>
  
 <% button_bar do %>
@@ -6,9 +6,9 @@
       </div>
       <span class='profile-details'>
         <strong><%= group.name %></strong><br/>
-        <%= _('Role: %s') % rolename_for(profile, group) + '<br/>' if profile.role_assignments.find_by(resource_id: group.id) %>
+        <%= raw _('Role: %s') % rolename_for(profile, group) + '<br/>' if profile.role_assignments.find_by(resource_id: group.id) %>
         <%= _('Type: %s') % _(group.class.identification) %> <br/>
-        <%= _('Description: %s') % group.description  + '<br/>' if group.community? %>
+        <%= raw _('Description: %s') % group.description  + '<br/>' if group.community? %>
         <%= _('Members: %s') % group.members_count.to_s %> <br/>
         <%= _('Created at: %s') % show_date(group.created_at) unless group.enterprise? %> <br/>
         <% button_bar do %>
 <%= content = _("Roles:")+"<br />"
 roles = Profile::Roles.organization_member_roles(task.target.environment.id) + profile.custom_roles
 roles.each do |role|
-  content += labelled_check_box(role.name, "tasks[#{task.id}][task][roles][]", role.id, false)+"<br />"
+  content += labelled_check_box(role.name, "tasks[#{task.id}][task][roles][]", role.id, false) + "<br />".html_safe
 end
-content_tag('p', content, :class => 'member-classify-suggestion')
+content_tag('p', content.html_safe, :class => 'member-classify-suggestion').html_safe
 %>
@@ -3,7 +3,7 @@
   if icon_info[:type] == :profile_image
     icon = profile_image(icon_info[:profile], :minor)
   elsif icon_info[:type] == :defined_image
-    icon = "<img src='#{icon_info[:src]}' alt='#{icon_info[:name]}' />"
+    icon = "<img src='#{icon_info[:src]}' alt='#{icon_info[:name]}' />".html_safe
   end
  
   if icon_info[:url]
@@ -3,7 +3,7 @@
 <ul>
   <% @tasks.each do |task| %>
     <li>
-      <strong><%= task.respond_to?(:title) ? link_to( task.title, :action => 'ticket_details', :id => task.id) : task.information %></strong><br/>
+      <strong><%= task.respond_to?(:title) ? link_to( task.title, :action => 'ticket_details', :id => task.id).html_safe : task.information %></strong><br/>
       <small>
         <%= _('Created:') + ' ' + show_date(task.created_at) %>
         &nbsp; &#151; &nbsp;
@@ -6,23 +6,25 @@
 <div class="task-processed-filter">
 <%
   type_collection = [[nil, _('All')]] + @task_types
+  type_collection.map!{|first,last| [last,first]}
 %>
   <%= form_tag '#', :method => 'get' do %>
     <%= field_set_tag _('Filter'), :class => 'filter_fields' do %>
       <div>
-        <%= labelled_select(_('Type of task')+': ', 'filter[type]', :first, :last, @filter[:type],  type_collection, {:id => 'filter-type'}) %>
-        <%= labelled_select(_('Status:'), 'filter[status]', :last, :first, @filter[:status], [[_('Any'), nil], [_(Task::Status.names[Task::Status::CANCELLED]), 2], [_(Task::Status.names[Task::Status::FINISHED]), 3] ]) %>
+        <%= labelled_form_field(_('Type of task')+': ', select_tag('filter[type]', options_for_select(type_collection, @filter[:type]), {:id => 'filter-type'})) %>
+        <%= labelled_form_field(_('Status')+': ', select_tag('filter[status]', options_for_select([[_('Any'), nil], [_(Task::Status.names[Task::Status::CANCELLED]), 2], [_(Task::Status.names[Task::Status::FINISHED]), 3] ], @filter[:status]))) %>
       </div>
  
       <div>
-        <%= labelled_text_field(_('Text Filter:'), 'filter[text]', @filter[:text]) %>
+        <%= labelled_form_field(_('Text Filter:'), text_field_tag('filter[text]', @filter[:text])) %>
       </div>
  
       <div>
-        <%= labelled_text_field(_('Requestor:'), 'filter[requestor]', @filter[:requestor]) %>
-        <%= labelled_text_field(_('Closed by:'), 'filter[closed_by]', @filter[:closed_by]) %>
+        <%= labelled_form_field(_('Requestor:'), text_field_tag('filter[requestor]', @filter[:requestor])) %>
+        <%= labelled_form_field(_('Closed by:'), text_field_tag('filter[closed_by]', @filter[:closed_by])) %>
       </div>
-
+      <%= labelled_form_field(_('Creation date'), date_range_field('filter[created_from]', 'filter[created_until]', @filter[:created_from], @filter[:created_until], { :change_month => true, :change_year => true, :date_format => 'yy-mm-dd' }, { :size => 14, :from_id => 'filter_created_from', :to_id => 'filter_created_until' })) %>
+      <%= labelled_form_field(_('Processed date'), date_range_field('filter[closed_from]', 'filter[closed_until]', @filter[:closed_from], @filter[:closed_until], { :change_month => true, :change_year => true, :date_format => 'yy-mm-dd' }, { :size => 14, :from_id => 'filter_closed_from', :to_id => 'filter_closed_until' })) %>
  
       <div class="actions">
         <%= submit_button(:search, _('Search')) %>
@@ -28,22 +28,22 @@ test:
           bundle exec rake test:api
           bundle exec rake test:functionals
           SLICE=1/4 bundle exec rake selenium
-          SLICE=1/4 BUNDLE_OPTS=install bundle exec rake test:noosfero_plugins
+          SLICE=1/4 NOOSFERO_BUNDLE_OPTS=install bundle exec rake test:noosfero_plugins
           ;;
         1)
           bundle exec rake test:integration
           SLICE=2/4 bundle exec rake selenium
-          SLICE=2/4 BUNDLE_OPTS=install bundle exec rake test:noosfero_plugins
+          SLICE=2/4 NOOSFERO_BUNDLE_OPTS=install bundle exec rake test:noosfero_plugins
           ;;
         2)
           bundle exec rake test:units
           SLICE=3/4 bundle exec rake selenium
-          SLICE=3/4 BUNDLE_OPTS=install bundle exec rake test:noosfero_plugins
+          SLICE=3/4 NOOSFERO_BUNDLE_OPTS=install bundle exec rake test:noosfero_plugins
           ;;
         3)
           bundle exec rake cucumber
           SLICE=4/4 bundle exec rake selenium
-          SLICE=4/4 BUNDLE_OPTS=install bundle exec rake test:noosfero_plugins
+          SLICE=4/4 NOOSFERO_BUNDLE_OPTS=install bundle exec rake test:noosfero_plugins
           ;;
         esac
       :
@@ -14,4 +14,5 @@ module ActiveRecordExtension
     end
   end
 end
-ActiveRecord::Base.send(:include, ActiveRecordExtension)
+
+ApplicationRecord.send :include, ActiveRecordExtension
@@ -1,10 +0,0 @@
-#From: https://github.com/coletivoEITA/noosfero-ecosol/blob/57908cde4fe65dfe22298a8a7f6db5dba1e7cc75/config/initializers/html_safe.rb
-
-# Disable Rails html autoescaping. This is due to noosfero using too much helpers/models to output html.
-# It it would change too much code and make it hard to maintain.
-# FIXME THIS IS SO WRONG
-class Object
-  def html_safe?
-    true
-  end
-end
 class DestroyOrganizationAndPersonInfos < ActiveRecord::Migration
   def self.up
     Person.find_each do |i|
-      info = ActiveRecord::Base.connection.select_one("select * from person_infos where person_id = #{i.id}")
+      info = ApplicationRecord.connection.select_one("select * from person_infos where person_id = #{i.id}")
       i.name = info["name"] unless info["name"].nil?
       i.address = info["address"] unless info["address"].nil?
       [ "photo", "contact_information", "birth_date", "sex", "city", "state", "country" ].each do |field|
@@ -12,7 +12,7 @@ class DestroyOrganizationAndPersonInfos &lt; ActiveRecord::Migration
     drop_table :person_infos
  
     Organization.find_each do |i|
-      info = ActiveRecord::Base.connection.select_one("select * from organization_infos where organization_id = #{i.id}")
+      info = ApplicationRecord.connection.select_one("select * from organization_infos where organization_id = #{i.id}")
       [ "contact_person", "contact_email", "acronym", "foundation_year", "legal_form", "economic_activity", "management_information", "validated" ].each do |field|
         i.send("#{field}=", info[field])
       end
@@ -29,7 +29,7 @@ class AddBirthDateToPerson &lt; ActiveRecord::Migration
     end
   end
  
-  class Person < ActiveRecord::Base
+  class Person < ApplicationRecord
     self.table_name = 'profiles'
     serialize :data, Hash
   end
-class Role < ActiveRecord::Base; end
-class RoleWithEnvironment < ActiveRecord::Base
+class Role < ApplicationRecord
+class RoleWithEnvironment < ApplicationRecord
   self.table_name = 'roles'
   belongs_to :environment
 end
-class RoleAssignment < ActiveRecord::Base
+class RoleAssignment < ApplicationRecord
   belongs_to :accessor, :polymorphic => true
   belongs_to :resource, :polymorphic => true
 end
@@ -2,7 +2,7 @@ class MoveTitleToNameFromBlogs &lt; ActiveRecord::Migration
   def self.up
     select_all("select id, setting from articles where type = 'Blog' and name != 'Blog'").each do |blog|
       title = YAML.load(blog['setting'])[:title]
-      assignments = ActiveRecord::Base.sanitize_sql_for_assignment(:name => title)
+      assignments = ApplicationRecord.sanitize_sql_for_assignment(:name => title)
       update("update articles set %s where id = %d" % [assignments, blog['id']] )
     end
   end
@@ -3,7 +3,7 @@ class AddIsImageToArticles &lt; ActiveRecord::Migration
      add_column :articles, :is_image, :boolean, :default => false
      add_column :article_versions, :is_image, :boolean, :default => false
  
-     execute ActiveRecord::Base.sanitize_sql(["update articles set is_image = ? where articles.content_type like 'image/%'", true])
+     execute ApplicationRecord.sanitize_sql(["update articles set is_image = ? where articles.content_type like 'image/%'", true])
   end
  
   def self.down
@@ -10,7 +10,7 @@ class ConvertFoldersToGalleries &lt; ActiveRecord::Migration
     select_all("select id, setting from articles where type = 'Gallery'").each do |folder|
       settings = YAML.load(folder['setting'] || {}.to_yaml)
       settings[:view_as] = 'image_gallery'
-      assignments = ActiveRecord::Base.sanitize_sql_for_assignment(:setting => settings.to_yaml)
+      assignments = ApplicationRecord.sanitize_sql_for_assignment(:setting => settings.to_yaml)
       update("update articles set %s, type = 'Folder' where id = %d" % [assignments, folder['id']])
     end
   end
@@ -3,7 +3,7 @@ class RemovePublishedArticles &lt; ActiveRecord::Migration
     select_all("SELECT * from articles WHERE type = 'PublishedArticle'").each do |published|
       reference = select_one('select * from articles where id = %d' % published['reference_article_id'])
       if reference
-        execute(ActiveRecord::Base.sanitize_sql(["UPDATE articles SET type = ?, abstract = ?, body = ? WHERE articles.id  = ?", reference['type'], reference['abstract'], reference['body'], published['id']]))
+        execute(ApplicationRecord.sanitize_sql(["UPDATE articles SET type = ?, abstract = ?, body = ? WHERE articles.id  = ?", reference['type'], reference['abstract'], reference['body'], published['id']]))
       else
         execute("DELETE from articles where articles.id  = #{published['id']}")
       end
@@ -11,7 +11,7 @@ class AddLanguageAndTranslationOfIdToArticle &lt; ActiveRecord::Migration
     select_all("select id, setting from articles where type = 'Blog'").each do |blog|
       settings = YAML.load(blog['setting'] || {}.to_yaml)
       settings[:display_posts_in_current_language] = true
-      assignments = ActiveRecord::Base.sanitize_sql_for_assignment(:setting => settings.to_yaml)
+      assignments = ApplicationRecord.sanitize_sql_for_assignment(:setting => settings.to_yaml)
       update("update articles set %s where id = %d" % [assignments, blog['id']])
     end
  
@@ -15,7 +15,7 @@ class RenameImagesPathOnTrackedActions &lt; ActiveRecord::Migration
       end
       params[param_name] = paths
  
-      execute(ActiveRecord::Base.sanitize_sql(["UPDATE action_tracker SET params = ? WHERE id  = ?", params.to_yaml, tracker['id']]))
+      execute(ApplicationRecord.sanitize_sql(["UPDATE action_tracker SET params = ? WHERE id  = ?", params.to_yaml, tracker['id']]))
     end
   end
  
@@ -12,9 +12,9 @@ class MoveDataSerializedHashToSettingFieldForArticles &lt; ActiveRecord::Migration
       end
       if body.kind_of?(Hash)
         settings = article.setting.merge(body)
-        body = ActiveRecord::Base.sanitize_sql_for_assignment(:body => settings[:description])
+        body = ApplicationRecord.sanitize_sql_for_assignment(:body => settings[:description])
         update("UPDATE articles set %s WHERE id = %d" % [body, article.id])
-        setting = ActiveRecord::Base.sanitize_sql_for_assignment(:setting => settings.to_yaml)
+        setting = ApplicationRecord.sanitize_sql_for_assignment(:setting => settings.to_yaml)
         update("UPDATE articles set %s WHERE id = %d" % [setting, article.id])
       end
     end
@@ -11,9 +11,9 @@ class MoveDataSerializedHashToSettingFieldForEvents &lt; ActiveRecord::Migration
       end
       if body.kind_of?(Hash)
         settings = article.setting.merge(body)
-        body = ActiveRecord::Base.sanitize_sql_for_assignment(:body => settings[:description])
+        body = ApplicationRecord.sanitize_sql_for_assignment(:body => settings[:description])
         update("UPDATE articles set %s WHERE id = %d" % [body, article.id])
-        setting = ActiveRecord::Base.sanitize_sql_for_assignment(:setting => settings.to_yaml)
+        setting = ApplicationRecord.sanitize_sql_for_assignment(:setting => settings.to_yaml)
         update("UPDATE articles set %s WHERE id = %d" % [setting, article.id])
       end
     end
@@ -2,7 +2,7 @@
 # from the migration fall on a loop and breaks the migration. Both them are
 # related to alias_method_chain, probably there is a problem with this kind of
 # alias on the migration level.
-class Article < ActiveRecord::Base
+class Article < ApplicationRecord
   def sanitize_tag_list
   end
 end
@@ -2,7 +2,7 @@ class AddActivatedAtToUsers &lt; ActiveRecord::Migration
   def self.up
     add_column :users, :activation_code, :string, :limit => 40
     add_column :users, :activated_at, :datetime
-    if ActiveRecord::Base.connection.adapter_name == 'SQLite'
+    if ApplicationRecord.connection.adapter_name == 'SQLite'
       execute "update users set activated_at = datetime();"
     else
       execute "update users set activated_at = now();"
 class FixYamlEncoding < ActiveRecord::Migration
   def self.up
-    ActiveRecord::Base.transaction do
+    ApplicationRecord.transaction do
       fix_encoding(Environment, 'settings')
       fix_encoding(Profile, 'data')
       fix_encoding(Product, 'data')
 class CreateProfileActivity < ActiveRecord::Migration
   def up
-    ActiveRecord::Base.transaction do
+    ApplicationRecord.transaction do
       create_table :profile_activities do |t|
         t.integer :profile_id
         t.integer :activity_id
 class ActivitiesCounterCacheJob
  
   def perform
-    person_activities_counts = ActiveRecord::Base.connection.execute("SELECT profiles.id, count(action_tracker.id) as count FROM profiles LEFT OUTER JOIN action_tracker ON profiles.id = action_tracker.user_id WHERE (action_tracker.created_at >= #{ActiveRecord::Base.connection.quote(ActionTracker::Record::RECENT_DELAY.days.ago.to_s(:db))}) AND ( (profiles.type = 'Person' ) ) GROUP BY profiles.id;")
-    organization_activities_counts = ActiveRecord::Base.connection.execute("SELECT profiles.id, count(action_tracker.id) as count FROM profiles LEFT OUTER JOIN action_tracker ON profiles.id = action_tracker.target_id WHERE (action_tracker.created_at >= #{ActiveRecord::Base.connection.quote(ActionTracker::Record::RECENT_DELAY.days.ago.to_s(:db))}) AND ( (profiles.type = 'Community' OR profiles.type = 'Enterprise' OR profiles.type = 'Organization' ) ) GROUP BY profiles.id;")
+    person_activities_counts = ApplicationRecord.connection.execute("SELECT profiles.id, count(action_tracker.id) as count FROM profiles LEFT OUTER JOIN action_tracker ON profiles.id = action_tracker.user_id WHERE (action_tracker.created_at >= #{ApplicationRecord.connection.quote(ActionTracker::Record::RECENT_DELAY.days.ago.to_s(:db))}) AND ( (profiles.type = 'Person' ) ) GROUP BY profiles.id;")
+    organization_activities_counts = ApplicationRecord.connection.execute("SELECT profiles.id, count(action_tracker.id) as count FROM profiles LEFT OUTER JOIN action_tracker ON profiles.id = action_tracker.target_id WHERE (action_tracker.created_at >= #{ApplicationRecord.connection.quote(ActionTracker::Record::RECENT_DELAY.days.ago.to_s(:db))}) AND ( (profiles.type = 'Community' OR profiles.type = 'Enterprise' OR profiles.type = 'Organization' ) ) GROUP BY profiles.id;")
     activities_counts = person_activities_counts.entries + organization_activities_counts.entries
     activities_counts.each do |count|
-      update_sql = ActiveRecord::Base.__send__(:sanitize_sql, ["UPDATE profiles SET activities_count=? WHERE profiles.id=?;", count['count'].to_i, count['id'] ], '')
-      ActiveRecord::Base.connection.execute(update_sql)
+      update_sql = ApplicationRecord.__send__(:sanitize_sql, ["UPDATE profiles SET activities_count=? WHERE profiles.id=?;", count['count'].to_i, count['id'] ], '')
+      ApplicationRecord.connection.execute(update_sql)
     end
     Delayed::Job.enqueue(ActivitiesCounterCacheJob.new, {:priority => -3, :run_at => 1.day.from_now})
   end
@@ -122,4 +122,4 @@ module Customizable
   end
 end
  
-ActiveRecord::Base.send(:include, Customizable)
+ApplicationRecord.send :include, Customizable
@@ -33,7 +33,7 @@ module ActsAsFileSystem
   module ClassMethods
  
     def build_ancestry(parent_id = nil, ancestry = '')
-      ActiveRecord::Base.transaction do
+      ApplicationRecord.transaction do
         self.base_class.where(parent_id: parent_id).each do |node|
           node.update_column :ancestry, ancestry
  
@@ -263,5 +263,5 @@ module ActsAsFileSystem
   end
 end
  
-ActiveRecord::Base.extend ActsAsFileSystem::ActsMethods
+ApplicationRecord.extend ActsAsFileSystem::ActsMethods
  
@@ -35,4 +35,4 @@ module ActsAsHavingBoxes
  
 end
  
-ActiveRecord::Base.extend(ActsAsHavingBoxes::ClassMethods)
+ApplicationRecord.extend ActsAsHavingBoxes::ClassMethods
@@ -23,4 +23,5 @@ module ActsAsHavingImage
  
 end
  
-ActiveRecord::Base.extend(ActsAsHavingImage::ClassMethods)
+ApplicationRecord.extend ActsAsHavingImage::ClassMethods
+
@@ -47,4 +47,5 @@ module ActsAsHavingPosts
  
 end
  
-ActiveRecord::Base.extend(ActsAsHavingPosts::ClassMethods)
+ApplicationRecord.extend ActsAsHavingPosts::ClassMethods
+
@@ -87,4 +87,5 @@ module ActsAsHavingSettings
  
 end
  
-ActiveRecord::Base.send(:extend, ActsAsHavingSettings::ClassMethods)
+ApplicationRecord.extend ActsAsHavingSettings::ClassMethods
+
@@ -55,4 +55,4 @@ module CodeNumbering
   end
 end
  
-ActiveRecord::Base.extend CodeNumbering::ClassMethods
+ApplicationRecord.extend CodeNumbering::ClassMethods
@@ -52,4 +52,5 @@ module DelayedAttachmentFu
   end
 end
  
-ActiveRecord::Base.send(:extend, DelayedAttachmentFu::ClassMethods)
+ApplicationRecord.extend DelayedAttachmentFu::ClassMethods
+
 require 'noosfero/core_ext/string'
 require 'noosfero/core_ext/integer'
-require 'noosfero/core_ext/active_record'
+require 'noosfero/core_ext/active_record/calculations'
 require 'noosfero/core_ext/active_record/reflection'
  
@@ -1,74 +0,0 @@
-require 'active_record'
-
-class ActiveRecord::Base
-
-  def self.postgresql?
-    ActiveRecord::Base.connection.adapter_name == 'PostgreSQL'
-  end
-
-  # an ActionView instance for rendering views on models
-  def self.action_view
-    @action_view ||= begin
-      view_paths = ::ActionController::Base.view_paths
-      action_view = ::ActionView::Base.new view_paths
-      # for using Noosfero helpers inside render calls
-      action_view.extend ::ApplicationHelper
-      action_view
-    end
-  end
-
-  # default value needed for the above ActionView
-  def to_partial_path
-    self.class.name.underscore
-  end
-
-  alias :meta_cache_key :cache_key
-  def cache_key
-    key = [Noosfero::VERSION, meta_cache_key]
-    key.unshift(ActiveRecord::Base.connection.schema_search_path) if ActiveRecord::Base.postgresql?
-    key.join('/')
-  end
-
-  def self.like_search(query, options={})
-    if defined?(self::SEARCHABLE_FIELDS) || options[:fields].present?
-      fields_per_table = {}
-      fields_per_table[table_name] = (options[:fields].present? ? options[:fields] : self::SEARCHABLE_FIELDS.keys.map(&:to_s)) & column_names
-
-      if options[:joins].present?
-        join_asset = options[:joins].to_s.classify.constantize
-        if defined?(join_asset::SEARCHABLE_FIELDS) || options[:fields].present?
-          fields_per_table[join_asset.table_name] = (options[:fields].present? ? options[:fields] : join_asset::SEARCHABLE_FIELDS.keys.map(&:to_s)) & join_asset.column_names
-        end
-      end
-
-      query = query.downcase.strip
-      fields_per_table.delete_if { |table,fields| fields.blank? }
-      conditions = fields_per_table.map do |table,fields|
-        fields.map do |field|
-          "lower(#{table}.#{field}) LIKE '%#{query}%'"
-        end.join(' OR ')
-      end.join(' OR ')
-
-      if options[:joins].present?
-        joins(options[:joins]).where(conditions)
-      else
-        where(conditions)
-      end
-
-    else
-      raise "No searchable fields defined for #{self.name}"
-    end
-  end
-
-end
-
-ActiveRecord::Calculations.class_eval do
-  def count_with_distinct column_name=self.primary_key
-    if column_name
-      distinct.count_without_distinct column_name
-    else
-      count_without_distinct
-    end
-  end
-  alias_method_chain :count, :distinct
-end
@@ -0,0 +1,10 @@
+ActiveRecord::Calculations.class_eval do
+  def count_with_distinct column_name=self.primary_key
+    if column_name
+      distinct.count_without_distinct column_name
+    else
+      count_without_distinct
+    end
+  end
+  alias_method_chain :count, :distinct
+end
@@ -12,12 +12,12 @@ module Noosfero
     def self.db_by_host=(host)
       if host != @db_by_host
         @db_by_host = host
-        ActiveRecord::Base.connection.schema_search_path = self.mapping[host]
+        ApplicationRecord.connection.schema_search_path = self.mapping[host]
       end
     end
  
     def self.setup!(host)
-      if Noosfero::MultiTenancy.on? and ActiveRecord::Base.postgresql?
+      if Noosfero::MultiTenancy.on? and ApplicationRecord.postgresql?
         Noosfero::MultiTenancy.db_by_host = host
       end
     end
@@ -661,7 +661,7 @@ class Noosfero::Plugin
   end
  
   # -> Perform extra transactions related to profile in profile editor
-  # returns = true in success or raise and exception if it could not update the data
+  # returns = true in success or raise an exception if it could not update the data
   def profile_editor_transaction_extras
     nil
   end
@@ -7,11 +7,11 @@ GC.respond_to?(:copy_on_write_friendly=) and
   GC.copy_on_write_friendly = true
  
 before_fork do |server, worker|
-  ActiveRecord::Base.connection.disconnect! if defined?(ActiveRecord::Base)
+  ApplicationRecord.connection.disconnect! if defined?(ApplicationRecord)
 end
  
 after_fork do |server, worker|
-  ActiveRecord::Base.establish_connection if defined?(ActiveRecord::Base)
+  ApplicationRecord.establish_connection if defined?(ApplicationRecord)
 end
  
 # load local configuration file, if it exists
@@ -9,11 +9,12 @@ module PostgresqlAttachmentFu
   module InstanceMethods
     def full_filename(thumbnail = nil)
       file_system_path = (thumbnail ? thumbnail_class : self).attachment_options[:path_prefix].to_s
-      file_system_path = File.join(file_system_path, ActiveRecord::Base.connection.schema_search_path) if ActiveRecord::Base.postgresql? and Noosfero::MultiTenancy.on?
+      file_system_path = File.join(file_system_path, ApplicationRecord.connection.schema_search_path) if ApplicationRecord.postgresql? and Noosfero::MultiTenancy.on?
       Rails.root.join(file_system_path, *partitioned_path(thumbnail_name_for(thumbnail))).to_s
     end
   end
  
 end
  
-ActiveRecord::Base.send(:extend, PostgresqlAttachmentFu::ClassMethods)
+ApplicationRecord.extend PostgresqlAttachmentFu::ClassMethods
+
@@ -69,4 +69,5 @@ module SplitDatetime
 end
  
 Class.extend SplitDatetime::SplitMethods
-ActiveRecord::Base.extend SplitDatetime::SplitMethods
+ApplicationRecord.extend SplitDatetime::SplitMethods
+
-if ActiveRecord::Base.connection.adapter_name.downcase == 'sqlite'
+if ApplicationRecord.connection.adapter_name.downcase == 'sqlite'
  
-  database = ActiveRecord::Base.connection.raw_connection
+  database = ApplicationRecord.connection.raw_connection
  
   database.create_function('pow', 2, 1) do |func, base, exponent|
     func.set_result(base.to_f ** exponent.to_f)
   end
-  
+
   database.create_function('sqrt', 1, 1) do |func, value|
     func.set_result(Math.sqrt(value))
   end
@@ -18,8 +18,8 @@ if ActiveRecord::Base.connection.adapter_name.downcase == &#39;sqlite&#39;
     func.set_result(
       radius.to_f * Math.acos(
 	[1,
-        Math.cos(lat1.to_f) * Math.cos(long1.to_f) * Math.cos(lat2.to_f) * Math.cos(long2.to_f) + 
-         Math.cos(lat1.to_f) * Math.sin(long1.to_f) * Math.cos(lat2.to_f) * Math.sin(long2.to_f) + 
+        Math.cos(lat1.to_f) * Math.cos(long1.to_f) * Math.cos(lat2.to_f) * Math.cos(long2.to_f) +
+         Math.cos(lat1.to_f) * Math.sin(long1.to_f) * Math.cos(lat2.to_f) * Math.sin(long2.to_f) +
          Math.sin(lat1.to_f) * Math.sin(lat2.to_f)
         ].min
       )
@@ -115,7 +115,7 @@ end
  
 desc 'Removes emails from database'
 task 'restore:remove_emails' => :environment do
-  connection = ActiveRecord::Base.connection
+  connection = ApplicationRecord.connection
   [
     "UPDATE users SET email = concat('user', id, '@localhost.localdomain')",
     "UPDATE environments SET contact_email = concat('environment', id, '@localhost.localdomain')",
 namespace :multitenancy do
  
   task :create => :environment do
-    db_envs = ActiveRecord::Base.configurations.keys.select{ |k| k.match(/_development$|_production$|_test$/) }
+    db_envs = ApplicationRecord.configurations.keys.select{ |k| k.match(/_development$|_production$|_test$/) }
     cd Rails.root.join('config', 'environments'), :verbose => true
     file_envs = Dir.glob "{*_development.rb,*_production.rb,*_test.rb}"
     (db_envs.map{ |e| e + '.rb' } - file_envs).each { |env| ln_s env.split('_').last, env }
   end
  
   task :remove => :environment do
-    db_envs = ActiveRecord::Base.configurations.keys.select{ |k| k.match(/_development$|_production$|_test$/) }
+    db_envs = ApplicationRecord.configurations.keys.select{ |k| k.match(/_development$|_production$|_test$/) }
     cd Rails.root.join('config', 'environments'), :verbose => true
     file_envs = Dir.glob "{*_development.rb,*_production.rb,*_test.rb}"
     (file_envs - db_envs.map{ |e| e + '.rb' }).each { |env| safe_unlink env }
@@ -19,7 +19,7 @@ end
 namespace :db do
  
   task :migrate_other_environments => :environment do
-    envs = ActiveRecord::Base.configurations.keys.select{ |k| k.match(/_#{Rails.env}$/) }
+    envs = ApplicationRecord.configurations.keys.select{ |k| k.match(/_#{Rails.env}$/) }
     envs.each do |e|
       puts "*** Migrating #{e}" if Rake.application.options.trace
       system "rake db:migrate RAILS_ENV=#{e} SCHEMA=/dev/null"
@@ -9,7 +9,7 @@ $broken_plugins = %w[
 @all_plugins = Dir.glob('plugins/*').map { |f| File.basename(f) } - ['template']
 @all_plugins.sort!
  
-@all_tasks = [:units, :functionals, :integration, :cucumber, :selenium]
+@all_tasks = [:units, :api, :functionals, :integration, :cucumber, :selenium]
  
 def enabled_plugins
   Dir.glob('{baseplugins,config/plugins}/*').map { |f| File.basename(f) } - ['README']
@@ -25,7 +25,7 @@ def enable_plugins(plugins)
   plugins = Array(plugins)
   command = ['./script/noosfero-plugins', '-q', 'enable', *plugins]
   puts plugins.join(' ')
-  system *command
+  Bundler.clean_system *command
 end
  
 def disable_plugins(plugins = '*')
@@ -87,6 +87,8 @@ def task2folder(task)
   result = case task.to_sym
   when :units
     :unit
+  when :api
+    :api
   when :functionals
     :functional
   when :integration
@@ -10,4 +10,4 @@ module UploadSanitizer
   end
 end
  
-ActiveRecord::Base.send(:include, UploadSanitizer)
+ApplicationRecord.send :include, UploadSanitizer
-class AnalyticsPlugin::PageView < ActiveRecord::Base
+class AnalyticsPlugin::PageView < ApplicationRecord
  
   serialize :data
  
-class AnalyticsPlugin::Visit < ActiveRecord::Base
+class AnalyticsPlugin::Visit < ApplicationRecord
  
   attr_accessible *self.column_names
   attr_accessible :profile
@@ -49,7 +49,7 @@ class BreadcrumbsPlugin::ContentBreadcrumbsBlock &lt; Block
  
   def content(args={})
     block = self
-    proc do
+    ret = (proc do
       trail = block.trail(@page, @profile, params)
       if !trail.empty?
         separator = content_tag('span', ' > ', :class => 'separator')
@@ -63,11 +63,12 @@ class BreadcrumbsPlugin::ContentBreadcrumbsBlock &lt; Block
           breadcrumb << content_tag('div', section_name, :class => 'section-name')
         end
  
-        breadcrumb
+        breadcrumb.html_safe
       else
         ''
       end
-    end
+    end)
+    ret
   end
  
   def cacheable?
-class CommentClassificationPlugin::CommentLabelUser < ActiveRecord::Base
+class CommentClassificationPlugin::CommentLabelUser < ApplicationRecord
   self.table_name = :comment_classification_plugin_comment_label_user
  
   belongs_to :profile
-class CommentClassificationPlugin::CommentStatusUser < ActiveRecord::Base
+class CommentClassificationPlugin::CommentStatusUser < ApplicationRecord
   self.table_name = :comment_classification_plugin_comment_status_user
  
   belongs_to :profile
-class CommentClassificationPlugin::Label < ActiveRecord::Base
+class CommentClassificationPlugin::Label < ApplicationRecord
  
   belongs_to :owner, :polymorphic => true
  
-class CommentClassificationPlugin::Status < ActiveRecord::Base
+class CommentClassificationPlugin::Status < ApplicationRecord
  
   belongs_to :owner, :polymorphic => true
  
@@ -23,7 +23,7 @@
       <%= link_to(
             content_tag('span','',:class => 'community-block-button icon-arrow'),
             '#',
-            :onclick => "toggleSubmenu(this,'',#{CGI::escapeHTML(links.to_json)}); return false;",
+            :onclick => "toggleSubmenu(this,'',#{CGI::escapeHTML(links.to_json)}); return false;".html_safe,
             :class => 'simplemenu-trigger') %>
  
       <% end %>
@@ -86,15 +86,16 @@ class ContextContentPlugin::ContextContentBlock &lt; Block
  
   def content(args={})
     block = self
-    proc do
+    ret = proc do
       contents = block.contents(@page)
       parent_title = block.parent_title(contents)
-      if !contents.blank?
+      if contents.present?
         render(:file => 'blocks/context_content', :locals => {:block => block, :contents => contents, :parent_title => parent_title})
       else
         ''
       end
     end
+    ret
   end
  
   def cacheable?
 class AssociateFieldsToAlternatives < ActiveRecord::Migration
-  class CustomFormsPlugin::Field < ActiveRecord::Base
+  class CustomFormsPlugin::Field < ApplicationRecord
     self.table_name = :custom_forms_plugin_fields
     has_many :alternatives, :class_name => 'CustomFormsPlugin::Alternative'
     serialize :choices, Hash
-class CustomFormsPlugin::Alternative < ActiveRecord::Base
+class CustomFormsPlugin::Alternative < ApplicationRecord
   self.table_name = :custom_forms_plugin_alternatives
  
   validates_presence_of :label
-class CustomFormsPlugin::Answer < ActiveRecord::Base
+class CustomFormsPlugin::Answer < ApplicationRecord
   self.table_name = :custom_forms_plugin_answers
   belongs_to :field, :class_name => 'CustomFormsPlugin::Field'
   belongs_to :submission, :class_name => 'CustomFormsPlugin::Submission'
-class CustomFormsPlugin::Field < ActiveRecord::Base
+class CustomFormsPlugin::Field < ApplicationRecord
   self.table_name = :custom_forms_plugin_fields
  
   validates_presence_of :name
-class CustomFormsPlugin::Form < ActiveRecord::Base
+class CustomFormsPlugin::Form < ApplicationRecord
  
   belongs_to :profile
  
-class CustomFormsPlugin::Submission < ActiveRecord::Base
+class CustomFormsPlugin::Submission < ApplicationRecord
  
   belongs_to :form, :class_name => 'CustomFormsPlugin::Form'
   belongs_to :profile
@@ -7,21 +7,21 @@ msgid &quot;&quot;
 msgstr ""
 "Project-Id-Version: 1.3~rc2-1-ga15645d\n"
 "POT-Creation-Date: 2015-10-30 16:35-0300\n"
-"PO-Revision-Date: 2015-03-09 09:51+0200\n"
-"Last-Translator: Michal Čihař <michal@cihar.com>\n"
+"PO-Revision-Date: 2016-04-22 22:31+0000\n"
+"Last-Translator: Iryna Pruitt <jdpruitt2807@prodigy.net>\n"
 "Language-Team: Russian <https://hosted.weblate.org/projects/noosfero/plugin-"
 "custom-forms/ru/>\n"
 "Language: ru\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
-"Plural-Forms: nplurals=3; plural=n%10==1 && n%100!=11 ? 0 : n%10>=2 && n"
-"%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2;\n"
-"X-Generator: Weblate 2.3-dev\n"
+"Plural-Forms: nplurals=3; plural=n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<="
+"4 && (n%100<10 || n%100>=20) ? 1 : 2;\n"
+"X-Generator: Weblate 2.6-dev\n"
  
 #: plugins/custom_forms/lib/custom_forms_plugin/form.rb:67
 msgid "Invalid string format of access."
-msgstr ""
+msgstr "Недействительный формат строки доступа."
  
 #: plugins/custom_forms/lib/custom_forms_plugin/form.rb:71
 #: plugins/custom_forms/lib/custom_forms_plugin/form.rb:76
@@ -31,11 +31,11 @@ msgstr &quot;Со следующими файлами возникли проблем
  
 #: plugins/custom_forms/lib/custom_forms_plugin/form.rb:81
 msgid "Invalid type format of access."
-msgstr ""
+msgstr "Недействительный тип формата доступа."
  
 #: plugins/custom_forms/lib/custom_forms_plugin/form.rb:87
 msgid "The time range selected is invalid."
-msgstr ""
+msgstr "Диапазон времени выбран неверно."
  
 #: plugins/custom_forms/lib/custom_forms_plugin/membership_survey.rb:20
 #, fuzzy
@@ -76,11 +76,11 @@ msgstr &quot;Пользовательский заголовок&quot;
  
 #: plugins/custom_forms/lib/custom_forms_plugin/helper.rb:24
 msgid "Always"
-msgstr ""
+msgstr "Всегда"
  
 #: plugins/custom_forms/lib/custom_forms_plugin/helper.rb:28
 msgid "Until %s"
-msgstr ""
+msgstr "До %"
  
 #: plugins/custom_forms/lib/custom_forms_plugin/helper.rb:30
 #, fuzzy
@@ -94,16 +94,15 @@ msgstr &quot;Выбрать...&quot;
  
 #: plugins/custom_forms/lib/custom_forms_plugin/helper.rb:61
 msgid "Text field"
-msgstr ""
+msgstr "Поле текста"
  
 #: plugins/custom_forms/lib/custom_forms_plugin/helper.rb:62
-#, fuzzy
 msgid "Select field"
-msgstr "Выбрать папки"
+msgstr "Выбрать поле"
  
 #: plugins/custom_forms/lib/custom_forms_plugin/helper.rb:102
 msgid "Hold down Ctrl to select options"
-msgstr ""
+msgstr "Держать нажатой клавишу Ctrl для выбора опций"
  
 #: plugins/custom_forms/lib/custom_forms_plugin/admission_survey.rb:9
 #, fuzzy
@@ -111,9 +110,8 @@ msgid &quot;Admission survey&quot;
 msgstr "Участники: %s"
  
 #: plugins/custom_forms/lib/custom_forms_plugin/admission_survey.rb:13
-#, fuzzy
 msgid "%{requestor} wants you to fill in some information before joining."
-msgstr "%s хочет быть вашим другом"
+msgstr "%s хочет чтоб вы внесли информацию, прежде чем присоединиться."
  
 #: plugins/custom_forms/lib/custom_forms_plugin/admission_survey.rb:17
 #, fuzzy
@@ -6,9 +6,9 @@
 <% if @submission.id.nil? %>
   <% if @form.expired? %>
     <% if @form.will_open? %>
-      <h2><%= _('Sorry, you can\'t fill this form yet') %></h2>
+      <h2><%= _('Sorry, you can\'t fill this form yet').html_safe %></h2>
     <% else %>
-      <h2><%= _('Sorry, you can\'t fill this form anymore') %></h2>
+      <h2><%= _('Sorry, you can\'t fill this form anymore').html_safe %></h2>
     <% end %>
   <% end %>
  
 class CreateDeliveryPluginTables < ActiveRecord::Migration
   def self.up
     # check if distribution plugin already moved tables
-    return if ActiveRecord::Base.connection.table_exists? :delivery_plugin_methods
+    return if ApplicationRecord.connection.table_exists? :delivery_plugin_methods
  
     create_table :delivery_plugin_methods do |t|
       t.integer  :profile_id
-class DeliveryPlugin::Method < ActiveRecord::Base
+class DeliveryPlugin::Method < ApplicationRecord
  
   Types = ['pickup', 'deliver']
  
-class DeliveryPlugin::Option < ActiveRecord::Base
+class DeliveryPlugin::Option < ApplicationRecord
  
   belongs_to :delivery_method, :class_name => 'DeliveryPlugin::Method'
   belongs_to :owner, :polymorphic => true
@@ -177,9 +177,9 @@ class DisplayContentBlock &lt; Block
  
           content_sections += read_more_section if !read_more_section.blank?
 #raise sections.inspect
-          content_tag('li', content_sections)
+          content_tag('li', content_sections.html_safe)
         end
-      }.join(" "))
+      }.join(" ").html_safe)
     end
   end
  
-class DrivenSignupPlugin::Auth < ActiveRecord::Base
+class DrivenSignupPlugin::Auth < ApplicationRecord
  
   attr_accessible :name, :token
  
-class EnvironmentNotificationsUser < ActiveRecord::Base
+class EnvironmentNotificationsUser < ApplicationRecord
   self.table_name = "environment_notifications_users"
  
   belongs_to :user
-class EnvironmentNotificationPlugin::EnvironmentNotification < ActiveRecord::Base
+class EnvironmentNotificationPlugin::EnvironmentNotification < ApplicationRecord
  
   self.table_name = "environment_notifications"
  
@@ -3,11 +3,11 @@
   ev_days_tag = ''
   if event.duration > 1
     ev_days_tag = content_tag('time',
-      n_('Duration: 1 day', 'Duration: %s days', event.duration) % "<b>#{event.duration}</b>",
+      n_('Duration: 1 day', 'Duration: %s days', event.duration).html_safe % "<b>#{event.duration}</b>".html_safe,
       :itemprop => 'endDate',
       :datetime => show_date(event.end_date) + 'T00:00',
       :class => 'duration',
-      :title => show_date(event.start_date) + ' &mdash; ' + time_left_str
+      :title => (show_date(event.start_date) + ' &mdash; ' + time_left_str).html_safe
     )
   end
  
@@ -16,7 +16,7 @@
   img_class = img.blank? ? 'no-img' : 'has-img'
 %>
 <%=
-  link_to([
+  link_to(safe_join([
       content_tag('time',
         block.date_to_html(event.start_date),
         :itemprop => 'startDate',
@@ -33,7 +33,7 @@
                   :itemtype => 'http://schema.org/Place',
                   :itemprop => :location),
       content_tag('span', time_left_str, :class => 'days-left ' + time_class)
-    ].join("\n"),
+    ], "\n"),
     (event.link.blank? ? event.url : event.link),
     :class => 'ev-days-' + event.duration.to_s,
     :itemprop => :url
-class FbAppPlugin::PageTab < ActiveRecord::Base
+class FbAppPlugin::PageTab < ApplicationRecord
  
   # FIXME: rename table to match model
   self.table_name = :fb_app_plugin_page_tab_configs
-class FooPlugin::Bar < ActiveRecord::Base
+class FooPlugin::Bar < ApplicationRecord
  
 end
-class AcademicInfo < ActiveRecord::Base
+class AcademicInfo < ApplicationRecord
  
   belongs_to :person
  
-class MarkCommentAsReadPlugin::ReadComments < ActiveRecord::Base
+class MarkCommentAsReadPlugin::ReadComments < ApplicationRecord
   self.table_name = 'mark_comment_as_read_plugin'
   belongs_to :comment
   belongs_to :person
@@ -55,7 +55,7 @@ class MetadataPlugin::Base &lt; Noosfero::Plugin
           end
         end
       end
-      r.join
+      safe_join(r)
     end
   end
  
@@ -71,6 +71,6 @@ end
  
 ActiveSupport.run_load_hooks :metadata_plugin, MetadataPlugin
 ActiveSupport.on_load :active_record do
-  ActiveRecord::Base.extend MetadataPlugin::Specs::ClassMethods
+  ApplicationRecord.extend MetadataPlugin::Specs::ClassMethods
 end
  
 require 'csv'
  
-class NewsletterPlugin::Newsletter < ActiveRecord::Base
+class NewsletterPlugin::Newsletter < ApplicationRecord
  
   belongs_to :environment
   belongs_to :person
@@ -110,11 +110,11 @@ class NewsletterPlugin::Newsletter &lt; ActiveRecord::Base
   include DatesHelper
  
   def message_to_public_link
-    content_tag(:p, _("If you can't view this email, %s.") % link_to(_('click here'), '{mailing_url}'), :id => 'newsletter-public-link')
+    content_tag(:p, (_("If you can't view this email, %s.") % link_to(_('click here'), '{mailing_url}')).html_safe, :id => 'newsletter-public-link').html_safe
   end
  
   def message_to_unsubscribe
-    content_tag(:div, _("This is an automatically generated email, please do not reply. If you do not wish to receive future newsletter emails, %s.") % link_to(_("cancel your subscription here"), self.unsubscribe_url, :style => CSS['public-link']), :style => CSS['newsletter-unsubscribe'], :id => 'newsletter-unsubscribe')
+    content_tag(:div, _("This is an automatically generated email, please do not reply. If you do not wish to receive future newsletter emails, %s.").html_safe % link_to(_("cancel your subscription here"), self.unsubscribe_url, :style => CSS['public-link']), :style => CSS['newsletter-unsubscribe'], :id => 'newsletter-unsubscribe').html_safe
   end
  
   def read_more(link_address)
@@ -130,13 +130,13 @@ class NewsletterPlugin::Newsletter &lt; ActiveRecord::Base
   end
  
   def body(data = {})
-    content_tag(:div, content_tag(:div, message_to_public_link, :style => CSS['newsletter-public-link'])+content_tag(:table,(self.image.nil? ? '' : content_tag(:tr, content_tag(:th, tag(:img, :src => "#{self.environment.top_url}#{self.image.public_filename}", :style => CSS['header-image']),:colspan => 2),:style => CSS['newsletter-header']))+self.posts(data).map do |post|
+    content_tag(:div, content_tag(:div, message_to_public_link, :style => CSS['newsletter-public-link']).html_safe+content_tag(:table,(self.image.nil? ? '' : content_tag(:tr, content_tag(:th, tag(:img, :src => "#{self.environment.top_url}#{self.image.public_filename}", :style => CSS['header-image']),:colspan => 2),:style => CSS['newsletter-header'])).html_safe+self.posts(data).map do |post|
         if post.image
           post_with_image(post)
         else
           post_without_image(post)
         end
-      end.join()+content_tag(:tr, content_tag(:td, self.footer, :colspan => 2)),:style => CSS['breakingnews'])+content_tag(:div,message_to_unsubscribe, :style => CSS['newsletter-unsubscribe']),:style => CSS['breakingnews-wrap'])
+      end.join().html_safe+content_tag(:tr, content_tag(:td, self.footer, :colspan => 2)),:style => CSS['breakingnews']).html_safe+content_tag(:div,message_to_unsubscribe, :style => CSS['newsletter-unsubscribe']),:style => CSS['breakingnews-wrap']).html_safe
   end
  
   def default_subject
-class OauthClientPlugin::Auth < ActiveRecord::Base
+class OauthClientPlugin::Auth < ApplicationRecord
  
   attr_accessible :profile, :provider, :enabled,
     :access_token, :expires_in, :oauth_data
-class OauthClientPlugin::Provider < ActiveRecord::Base
+class OauthClientPlugin::Provider < ApplicationRecord
  
   belongs_to :environment
  
-class OpenGraphPlugin::Track < ActiveRecord::Base
+class OpenGraphPlugin::Track < ApplicationRecord
  
   class_attribute :context
   self.context = :open_graph
 class CreateOrdersPluginTables < ActiveRecord::Migration
   def self.up
     # check if distribution plugin already moved tables
-    return if ActiveRecord::Base.connection.table_exists? :orders_plugin_orders
+    return if ApplicationRecord.connection.table_exists? :orders_plugin_orders
  
     create_table :orders_plugin_orders do |t|
       t.integer  :profile_id
@@ -55,4 +55,4 @@ module CodeNumbering
   end
 end
  
-ActiveRecord::Base.extend CodeNumbering::ClassMethods
+ApplicationRecord.extend CodeNumbering::ClassMethods
@@ -56,7 +56,7 @@ module SerializedSyncedData
         source = self.send field
         if block_given?
           data = SerializedSyncedData.prepare_data instance_exec(source, &block)
-        elsif source.is_a? ActiveRecord::Base
+        elsif source.is_a? ApplicationRecord
           data = SerializedSyncedData.prepare_data source.attributes
         elsif source.is_a? Array
           data = source.map{ |source| SerializedSyncedData.prepare_data source.attributes }
-class OrdersPlugin::Item < ActiveRecord::Base
+class OrdersPlugin::Item < ApplicationRecord
  
   attr_accessible :order, :sale, :purchase,
     :product, :product_id,
-class OrdersPlugin::Order < ActiveRecord::Base
+class OrdersPlugin::Order < ApplicationRecord
  
   # if abstract_class is true then it will trigger https://github.com/rails/rails/issues/20871
   #self.abstract_class = true
@@ -2,7 +2,7 @@ class CreateOrdersCyclePluginTables &lt; ActiveRecord::Migration
  
   def change
     # check if distribution plugin already moved the table
-    return if ActiveRecord::Base.connection.table_exists? :orders_cycle_plugin_cycles
+    return if ApplicationRecord.connection.table_exists? :orders_cycle_plugin_cycles
  
     create_table :orders_cycle_plugin_cycle_orders do |t|
       t.integer  :cycle_id
-class OrdersCyclePlugin::Cycle < ActiveRecord::Base
+class OrdersCyclePlugin::Cycle < ApplicationRecord
  
   attr_accessible :profile, :status, :name, :description, :opening_message
  
@@ -233,7 +233,7 @@ class OrdersCyclePlugin::Cycle &lt; ActiveRecord::Base
  
   def add_products
     return if self.products.count > 0
-    ActiveRecord::Base.transaction do
+    ApplicationRecord.transaction do
       self.profile.products.supplied.unarchived.available.find_each batch_size: 20 do |product|
         self.add_product product
       end
-class OrdersCyclePlugin::CycleOrder < ActiveRecord::Base
+class OrdersCyclePlugin::CycleOrder < ApplicationRecord
  
   belongs_to :cycle, class_name: 'OrdersCyclePlugin::Cycle'
   belongs_to :sale, class_name: 'OrdersCyclePlugin::Sale', foreign_key: :sale_id, dependent: :destroy
-class OrdersCyclePlugin::CycleProduct < ActiveRecord::Base
+class OrdersCyclePlugin::CycleProduct < ApplicationRecord
  
   self.table_name = :orders_cycle_plugin_cycle_products
  
@@ -34,7 +34,7 @@ class OrdersCyclePlugin::Sale &lt; OrdersPlugin::Sale
   end
  
   def add_purchases_items
-    ActiveRecord::Base.transaction do
+    ApplicationRecord.transaction do
       self.items.each do |item|
         next unless supplier_product = item.product.supplier_product
         next unless supplier = supplier_product.profile
@@ -54,7 +54,7 @@ class OrdersCyclePlugin::Sale &lt; OrdersPlugin::Sale
   end
  
   def remove_purchases_items
-    ActiveRecord::Base.transaction do
+    ApplicationRecord.transaction do
       self.items.each do |item|
         next unless supplier_product = item.product.supplier_product
         next unless purchase = supplier_product.orders_cycles_purchases.for_cycle(self.cycle).first
-class OrganizationRating < ActiveRecord::Base
+class OrganizationRating < ApplicationRecord
   belongs_to :person
   belongs_to :organization
   belongs_to :comment
-class OrganizationRatingsConfig < ActiveRecord::Base
+class OrganizationRatingsConfig < ApplicationRecord
  
   belongs_to :environment
  
@@ -1,17 +0,0 @@
-require_dependency 'active_record'
-
-class ActiveRecord::Base
-  def self.pg_search_plugin_search(query)
-    filtered_query = query.gsub(/[\|\(\)\\\/\s\[\]'"*%&!:]/,' ').split.map{|w| w += ":*"}.join('|')
-    if defined?(self::SEARCHABLE_FIELDS)
-      where("to_tsvector('simple', #{pg_search_plugin_fields}) @@ to_tsquery('#{filtered_query}')").
-        order("ts_rank(to_tsvector('simple', #{pg_search_plugin_fields}), to_tsquery('#{filtered_query}')) DESC")
-    else
-      raise "No searchable fields defined for #{self.name}"
-    end
-  end
-
-  def self.pg_search_plugin_fields
-    self::SEARCHABLE_FIELDS.keys.map(&:to_s).sort.map {|f| "coalesce(#{table_name}.#{f}, '')"}.join(" || ' ' || ")
-  end
-end
@@ -0,0 +1,19 @@
+require_dependency 'application_record'
+
+class ApplicationRecord
+
+  def self.pg_search_plugin_search(query)
+    filtered_query = query.gsub(/[\|\(\)\\\/\s\[\]'"*%&!:]/,' ').split.map{|w| w += ":*"}.join('|')
+    if defined?(self::SEARCHABLE_FIELDS)
+      where("to_tsvector('simple', #{pg_search_plugin_fields}) @@ to_tsquery('#{filtered_query}')").
+        order("ts_rank(to_tsvector('simple', #{pg_search_plugin_fields}), to_tsquery('#{filtered_query}')) DESC")
+    else
+      raise "No searchable fields defined for #{self.name}"
+    end
+  end
+
+  def self.pg_search_plugin_fields
+    self::SEARCHABLE_FIELDS.keys.map(&:to_s).sort.map {|f| "coalesce(#{table_name}.#{f}, '')"}.join(" || ' ' || ")
+  end
+
+end
@@ -15,7 +15,7 @@
             <%= show_date(headline.published_at) %>
           </div>
           <div class='tags'>
-            <%= headline.tags.map { |t| link_to(t, :controller => 'profile', :profile => member.identifier, :action => 'tags', :id => t.name ) }.join("\n") %>
+            <%= safe_join(headline.tags.map { |t| link_to(t, :controller => 'profile', :profile => member.identifier, :action => 'tags', :id => t.name ) }, "\n") %>
           </div>
         </div>
       </div>
-class PushNotificationPlugin::DeviceToken < ActiveRecord::Base
+class PushNotificationPlugin::DeviceToken < ApplicationRecord
   belongs_to :user
   attr_accessible :token, :device_name, :user
  
-class PushNotificationPlugin::NotificationSettings < ActiveRecord::Base
+class PushNotificationPlugin::NotificationSettings < ApplicationRecord
  
   NOTIFICATIONS= {
     "add_friend" => 0x1,
-class PushNotificationPlugin::NotificationSubscription < ActiveRecord::Base
+class PushNotificationPlugin::NotificationSubscription < ApplicationRecord
+
   belongs_to :environment
   attr_accessible :subscribers, :notification, :environment
  
@@ -0,0 +1,178 @@
+require_relative '../../../../test/api/test_helper'
+
+class PushNotificationApiTest < ActiveSupport::TestCase
+
+  def setup
+    login_api
+    environment = Environment.default
+    environment.enable_plugin(PushNotificationPlugin)
+  end
+
+  should 'list all my device tokens' do
+    logged_user = @user
+    token1 = PushNotificationPlugin::DeviceToken.create!(:token => "firsttoken", device_name: "my device", :user => logged_user)
+    token2 = PushNotificationPlugin::DeviceToken.create!(:token => "secondtoken", device_name: "my device", :user => logged_user)
+
+    get "/api/v1/push_notification_plugin/device_tokens?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equivalent [token1.token, token2.token], json
+  end
+
+  should 'not list other people device tokens' do
+    user = User.create!(:login => 'outro', :email => 'outro@example.com', :password => 'outro', :password_confirmation => 'outro', :environment => Environment.default)
+    user.activate
+    PushNotificationPlugin::DeviceToken.create!(:token => "firsttoken", device_name: "my device", :user => user)
+    get "/api/v1/push_notification_plugin/device_tokens?#{params.merge(:target_id => user.id).to_query}"
+    assert_equal 401, last_response.status
+  end
+
+  should 'admin see other user\'s device tokens' do
+    logged_user = @user
+    Environment.default.add_admin(logged_user.person)
+    logged_user.reload
+
+    user = User.create!(:login => 'outro', :email => 'outro@example.com', :password => 'outro', :password_confirmation => 'outro', :environment => Environment.default)
+    user.activate
+
+    token1 = PushNotificationPlugin::DeviceToken.create!(:token => "firsttoken", device_name: "my device", :user => user)
+
+    get "/api/v1/push_notification_plugin/device_tokens?#{params.merge(:target_id => user.id).to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equivalent [token1.token], json
+  end
+
+#------------------------------------------------------------------------------------------------------
+
+  should 'add my device token' do
+    params.merge!(:device_name => "my_device", :token => "token1")
+    post "/api/v1/push_notification_plugin/device_tokens?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equivalent ["token1"], json["user"]["device_tokens"]
+  end
+
+  should 'not add device tokens for other people' do
+    user = User.create!(:login => 'outro', :email => 'outro@example.com', :password => 'outro', :password_confirmation => 'outro', :environment => Environment.default)
+    user.activate
+    params.merge!(:device_name => "my_device", :token => "tokenX", :target_id => user.id)
+    post "/api/v1/push_notification_plugin/device_tokens?#{params.to_query}"
+    assert_equal 401, last_response.status
+  end
+
+  should 'admin add device tokens for other users' do
+    logged_user = @user
+    Environment.default.add_admin(logged_user.person)
+    logged_user.reload
+
+    user = User.create!(:login => 'outro', :email => 'outro@example.com', :password => 'outro', :password_confirmation => 'outro', :environment => Environment.default)
+    user.activate
+
+    params.merge!(:device_name => "my_device", :token=> "tokenY", :target_id => user.id)
+    post "/api/v1/push_notification_plugin/device_tokens?#{params.to_query}"
+
+    json = JSON.parse(last_response.body)
+    assert_equivalent ["tokenY"], json["user"]["device_tokens"]
+  end
+
+#------------------------------------------------------------------------------------------------------
+
+  should 'delete my device tokens' do
+    logged_user = @user
+    PushNotificationPlugin::DeviceToken.create!(:token => "firsttoken", device_name: "my device", :user => logged_user)
+    PushNotificationPlugin::DeviceToken.create!(:token => "secondtoken", device_name: "my device", :user => logged_user)
+
+    params.merge!(:token => "secondtoken")
+    delete "/api/v1/push_notification_plugin/device_tokens?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equivalent ["firsttoken"], json["user"]["device_tokens"]
+  end
+
+  should 'not delete device tokens for other people' do
+    user = User.create!(:login => 'outro', :email => 'outro@example.com', :password => 'outro', :password_confirmation => 'outro', :environment => Environment.default)
+    user.activate
+
+    PushNotificationPlugin::DeviceToken.create!(:token => "secondtoken", device_name: "my device", :user => user)
+    user.reload
+
+    params.merge!(:token => "secondtoken", :target_id => user.id)
+    delete "/api/v1/push_notification_plugin/device_tokens?#{params.to_query}"
+    assert_equal 401, last_response.status
+    assert_equivalent user.device_token_list, ["secondtoken"]
+  end
+
+  should 'admin delete device tokens for other users' do
+    logged_user = @user
+    Environment.default.add_admin(logged_user.person)
+    logged_user.reload
+
+    user = User.create!(:login => 'outro', :email => 'outro@example.com', :password => 'outro', :password_confirmation => 'outro', :environment => Environment.default)
+    user.activate
+
+    PushNotificationPlugin::DeviceToken.create!(:token => "firsttoken", device_name: "my device", :user => user)
+    PushNotificationPlugin::DeviceToken.create!(:token => "secondtoken", device_name: "my device", :user => user)
+    user.reload
+
+    params.merge!(:token=> "secondtoken", :target_id => user.id)
+    delete "/api/v1/push_notification_plugin/device_tokens?#{params.to_query}"
+
+    json = JSON.parse(last_response.body)
+    assert_equivalent ["firsttoken"], json["user"]["device_tokens"]
+  end
+
+#--------------------------------------------------------------------------------------------------------------------------------------------
+
+  should 'list all notifications disabled by default for new users' do
+    get "/api/v1/push_notification_plugin/notification_settings?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    json["user"]["notification_settings"].each_pair do |notification, status|
+      refute status
+    end
+  end
+
+  should 'list device tokens notification options' do
+    logged_user = @user
+    logged_user.notification_settings.activate_notification "new_comment"
+    logged_user.save!
+
+    get "/api/v1/push_notification_plugin/notification_settings?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal true, json["user"]["notification_settings"]["new_comment"]
+		assert_equal false, json["user"]["notification_settings"]["add_friend"]
+  end
+
+  should 'get possible notifications' do
+    get "/api/v1/push_notification_plugin/possible_notifications?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equivalent PushNotificationPlugin::NotificationSettings::NOTIFICATIONS.keys, json["possible_notifications"]
+  end
+
+  should 'change device tokens notification options' do
+    logged_user = @user
+    params.merge!("new_comment"=> "true")
+
+    post "/api/v1/push_notification_plugin/notification_settings?#{params.to_query}"
+		logged_user.reload
+    json = JSON.parse(last_response.body)
+    assert_equal true, json["user"]["notification_settings"]["new_comment"]
+		assert_equal true, logged_user.notification_settings.hash_flags["new_comment"]
+	end
+
+  should 'get active notifications list' do
+    logged_user = @user
+    logged_user.notification_settings.activate_notification "new_comment"
+    logged_user.save!
+
+    get "/api/v1/push_notification_plugin/active_notifications?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+		assert_equivalent ["new_comment"], json
+  end
+
+  should 'get inactive notifications list' do
+    logged_user = @user
+    logged_user.notification_settings.activate_notification "new_comment"
+    logged_user.save
+
+    get "/api/v1/push_notification_plugin/inactive_notifications?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equivalent (PushNotificationPlugin::NotificationSettings::NOTIFICATIONS.keys-["new_comment"]), json
+  end
+end
@@ -1,178 +0,0 @@
-require_relative '../../../../test/unit/api/test_helper'
-
-class PushNotificationApiTest < ActiveSupport::TestCase
-
-  def setup
-    login_api
-    environment = Environment.default
-    environment.enable_plugin(PushNotificationPlugin)
-  end
-
-  should 'list all my device tokens' do
-    logged_user = @user
-    token1 = PushNotificationPlugin::DeviceToken.create!(:token => "firsttoken", device_name: "my device", :user => logged_user)
-    token2 = PushNotificationPlugin::DeviceToken.create!(:token => "secondtoken", device_name: "my device", :user => logged_user)
-
-    get "/api/v1/push_notification_plugin/device_tokens?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert_equivalent [token1.token, token2.token], json
-  end
-
-  should 'not list other people device tokens' do
-    user = User.create!(:login => 'outro', :email => 'outro@example.com', :password => 'outro', :password_confirmation => 'outro', :environment => Environment.default)
-    user.activate
-    PushNotificationPlugin::DeviceToken.create!(:token => "firsttoken", device_name: "my device", :user => user)
-    get "/api/v1/push_notification_plugin/device_tokens?#{params.merge(:target_id => user.id).to_query}"
-    assert_equal 401, last_response.status
-  end
-
-  should 'admin see other user\'s device tokens' do
-    logged_user = @user
-    Environment.default.add_admin(logged_user.person)
-    logged_user.reload
-
-    user = User.create!(:login => 'outro', :email => 'outro@example.com', :password => 'outro', :password_confirmation => 'outro', :environment => Environment.default)
-    user.activate
-
-    token1 = PushNotificationPlugin::DeviceToken.create!(:token => "firsttoken", device_name: "my device", :user => user)
-
-    get "/api/v1/push_notification_plugin/device_tokens?#{params.merge(:target_id => user.id).to_query}"
-    json = JSON.parse(last_response.body)
-    assert_equivalent [token1.token], json
-  end
-
-#------------------------------------------------------------------------------------------------------
-
-  should 'add my device token' do
-    params.merge!(:device_name => "my_device", :token => "token1")
-    post "/api/v1/push_notification_plugin/device_tokens?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert_equivalent ["token1"], json["user"]["device_tokens"]
-  end
-
-  should 'not add device tokens for other people' do
-    user = User.create!(:login => 'outro', :email => 'outro@example.com', :password => 'outro', :password_confirmation => 'outro', :environment => Environment.default)
-    user.activate
-    params.merge!(:device_name => "my_device", :token => "tokenX", :target_id => user.id)
-    post "/api/v1/push_notification_plugin/device_tokens?#{params.to_query}"
-    assert_equal 401, last_response.status
-  end
-
-  should 'admin add device tokens for other users' do
-    logged_user = @user
-    Environment.default.add_admin(logged_user.person)
-    logged_user.reload
-
-    user = User.create!(:login => 'outro', :email => 'outro@example.com', :password => 'outro', :password_confirmation => 'outro', :environment => Environment.default)
-    user.activate
-
-    params.merge!(:device_name => "my_device", :token=> "tokenY", :target_id => user.id)
-    post "/api/v1/push_notification_plugin/device_tokens?#{params.to_query}"
-
-    json = JSON.parse(last_response.body)
-    assert_equivalent ["tokenY"], json["user"]["device_tokens"]
-  end
-
-#------------------------------------------------------------------------------------------------------
-
-  should 'delete my device tokens' do
-    logged_user = @user
-    PushNotificationPlugin::DeviceToken.create!(:token => "firsttoken", device_name: "my device", :user => logged_user)
-    PushNotificationPlugin::DeviceToken.create!(:token => "secondtoken", device_name: "my device", :user => logged_user)
-
-    params.merge!(:token => "secondtoken")
-    delete "/api/v1/push_notification_plugin/device_tokens?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert_equivalent ["firsttoken"], json["user"]["device_tokens"]
-  end
-
-  should 'not delete device tokens for other people' do
-    user = User.create!(:login => 'outro', :email => 'outro@example.com', :password => 'outro', :password_confirmation => 'outro', :environment => Environment.default)
-    user.activate
-
-    PushNotificationPlugin::DeviceToken.create!(:token => "secondtoken", device_name: "my device", :user => user)
-    user.reload
-
-    params.merge!(:token => "secondtoken", :target_id => user.id)
-    delete "/api/v1/push_notification_plugin/device_tokens?#{params.to_query}"
-    assert_equal 401, last_response.status
-    assert_equivalent user.device_token_list, ["secondtoken"]
-  end
-
-  should 'admin delete device tokens for other users' do
-    logged_user = @user
-    Environment.default.add_admin(logged_user.person)
-    logged_user.reload
-
-    user = User.create!(:login => 'outro', :email => 'outro@example.com', :password => 'outro', :password_confirmation => 'outro', :environment => Environment.default)
-    user.activate
-
-    PushNotificationPlugin::DeviceToken.create!(:token => "firsttoken", device_name: "my device", :user => user)
-    PushNotificationPlugin::DeviceToken.create!(:token => "secondtoken", device_name: "my device", :user => user)
-    user.reload
-
-    params.merge!(:token=> "secondtoken", :target_id => user.id)
-    delete "/api/v1/push_notification_plugin/device_tokens?#{params.to_query}"
-
-    json = JSON.parse(last_response.body)
-    assert_equivalent ["firsttoken"], json["user"]["device_tokens"]
-  end
-
-#--------------------------------------------------------------------------------------------------------------------------------------------
-
-  should 'list all notifications disabled by default for new users' do
-    get "/api/v1/push_notification_plugin/notification_settings?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    json["user"]["notification_settings"].each_pair do |notification, status|
-      refute status
-    end
-  end
-
-  should 'list device tokens notification options' do
-    logged_user = @user
-    logged_user.notification_settings.activate_notification "new_comment"
-    logged_user.save!
-
-    get "/api/v1/push_notification_plugin/notification_settings?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert_equal true, json["user"]["notification_settings"]["new_comment"]
-		assert_equal false, json["user"]["notification_settings"]["add_friend"]
-  end
-
-  should 'get possible notifications' do
-    get "/api/v1/push_notification_plugin/possible_notifications?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert_equivalent PushNotificationPlugin::NotificationSettings::NOTIFICATIONS.keys, json["possible_notifications"]
-  end
-
-  should 'change device tokens notification options' do
-    logged_user = @user
-    params.merge!("new_comment"=> "true")
-
-    post "/api/v1/push_notification_plugin/notification_settings?#{params.to_query}"
-		logged_user.reload
-    json = JSON.parse(last_response.body)
-    assert_equal true, json["user"]["notification_settings"]["new_comment"]
-		assert_equal true, logged_user.notification_settings.hash_flags["new_comment"]
-	end
-
-  should 'get active notifications list' do
-    logged_user = @user
-    logged_user.notification_settings.activate_notification "new_comment"
-    logged_user.save!
-
-    get "/api/v1/push_notification_plugin/active_notifications?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-		assert_equivalent ["new_comment"], json
-  end
-
-  should 'get inactive notifications list' do
-    logged_user = @user
-    logged_user.notification_settings.activate_notification "new_comment"
-    logged_user.save
-
-    get "/api/v1/push_notification_plugin/inactive_notifications?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert_equivalent (PushNotificationPlugin::NotificationSettings::NOTIFICATIONS.keys-["new_comment"]), json
-  end
-end
@@ -83,7 +83,7 @@ class RelevantContentPlugin::RelevantContentBlock &lt; Block
         end
       end
     end
-    return content
+    return content.html_safe
   end
  
   def timeout
@@ -17,7 +17,7 @@ class RequireAuthToCommentPlugin &lt; Noosfero::Plugin
   end
  
   def profile_editor_extras
-    expanded_template('profile-editor-extras.html.erb')
+    expanded_template('profile-editor-extras.html.erb').html_safe
   end
  
   def stylesheet?
 OrdersPlugin.send :remove_const, :Item if defined? OrdersPlugin::Item
 OrdersPlugin.send :remove_const, :Order if defined? OrdersPlugin::Order
  
-class ShoppingCartPlugin::PurchaseOrder < ActiveRecord::Base
+class ShoppingCartPlugin::PurchaseOrder < ApplicationRecord
   acts_as_having_settings field: :data
  
   module Status
@@ -16,10 +16,10 @@ class Profile
   has_many :orders, class_name: 'OrdersPlugin::Order'
 end
  
-class OrdersPlugin::Item < ActiveRecord::Base
+class OrdersPlugin::Item < ApplicationRecord
   belongs_to :order, class_name: 'OrdersPlugin::Order'
 end
-class OrdersPlugin::Order < ActiveRecord::Base
+class OrdersPlugin::Order < ApplicationRecord
   has_many :items, class_name: 'OrdersPlugin::Item', foreign_key: :order_id
  
   extend CodeNumbering::ClassMethods
@@ -7,17 +7,17 @@ msgid &quot;&quot;
 msgstr ""
 "Project-Id-Version: 1.3~rc2-1-ga15645d\n"
 "POT-Creation-Date: 2015-10-30 16:34-0300\n"
-"PO-Revision-Date: 2015-02-23 11:36+0200\n"
-"Last-Translator: Michal Čihař <michal@cihar.com>\n"
+"PO-Revision-Date: 2016-04-21 01:21+0000\n"
+"Last-Translator: Iryna Pruitt <jdpruitt2807@prodigy.net>\n"
 "Language-Team: Russian <https://hosted.weblate.org/projects/noosfero/plugin-"
 "shopping-cart/ru/>\n"
 "Language: ru\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
-"Plural-Forms: nplurals=3; plural=n%10==1 && n%100!=11 ? 0 : n%10>=2 && n"
-"%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2;\n"
-"X-Generator: Weblate 2.3-dev\n"
+"Plural-Forms: nplurals=3; plural=n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<="
+"4 && (n%100<10 || n%100>=20) ? 1 : 2;\n"
+"X-Generator: Weblate 2.6-dev\n"
  
 #: plugins/shopping_cart/lib/shopping_cart_plugin.rb:10
 #, fuzzy
@@ -30,9 +30,8 @@ msgid &quot;Shopping basket&quot;
 msgstr "Учебный статус"
  
 #: plugins/shopping_cart/lib/shopping_cart_plugin/cart_helper.rb:11
-#, fuzzy
 msgid "Add to basket"
-msgstr "Добавить контакт"
+msgstr "Добавить в корзину"
  
 #: plugins/shopping_cart/lib/shopping_cart_plugin/mailer.rb:20
 #, fuzzy
@@ -48,20 +47,19 @@ msgid &quot;&quot;
 "Your order has been sent successfully! You will receive a confirmation e-"
 "mail shortly."
 msgstr ""
+"Ваш заказ был успешно отправлен! Вы получите подтверждение через минуту."
  
 #: plugins/shopping_cart/controllers/shopping_cart_plugin_controller.rb:158
-#, fuzzy
 msgid "Basket displayed."
-msgstr "Не отображать"
+msgstr "Изображение корзины"
  
 #: plugins/shopping_cart/controllers/shopping_cart_plugin_controller.rb:177
 msgid "Basket hidden."
-msgstr ""
+msgstr "Спрятать корзину"
  
 #: plugins/shopping_cart/controllers/shopping_cart_plugin_controller.rb:200
-#, fuzzy
 msgid "Delivery option updated."
-msgstr "Уничтожить профиль"
+msgstr "Способы отправки обновлены."
  
 #: plugins/shopping_cart/controllers/shopping_cart_plugin_controller.rb:218
 msgid ""
@@ -70,9 +68,8 @@ msgid &quot;&quot;
 msgstr ""
  
 #: plugins/shopping_cart/controllers/shopping_cart_plugin_controller.rb:232
-#, fuzzy
 msgid "There is no basket."
-msgstr "Нет категорий"
+msgstr "Нет корзины."
  
 #: plugins/shopping_cart/controllers/shopping_cart_plugin_controller.rb:248
 #, fuzzy
@@ -86,7 +83,7 @@ msgstr &quot;Компания не может быть активирована&quot;
  
 #: plugins/shopping_cart/controllers/shopping_cart_plugin_controller.rb:276
 msgid "Invalid quantity."
-msgstr ""
+msgstr "Недействительное количество."
  
 #: plugins/shopping_cart/controllers/shopping_cart_plugin_controller.rb:364
 #, fuzzy
@@ -94,14 +91,12 @@ msgid &quot;Undefined product&quot;
 msgstr "Продукт без категории"
  
 #: plugins/shopping_cart/controllers/shopping_cart_plugin_controller.rb:366
-#, fuzzy
 msgid "Wrong product id"
-msgstr "Нет продукта"
+msgstr "Неправильная категория товара"
  
 #: plugins/shopping_cart/views/shopping_cart_plugin_myprofile/edit.html.erb:1
-#, fuzzy
 msgid "Basket options"
-msgstr "Еще опции"
+msgstr "Опции корзины"
  
 #: plugins/shopping_cart/views/shopping_cart_plugin_myprofile/edit.html.erb:7
 #, fuzzy
@@ -109,86 +104,75 @@ msgid &quot;Enable shopping basket&quot;
 msgstr "Учебный статус"
  
 #: plugins/shopping_cart/views/shopping_cart_plugin_myprofile/edit.html.erb:13
-#, fuzzy
 msgid "Deliveries or pickups"
-msgstr "Уничтожить профиль"
+msgstr "Доставка или получение на месте"
  
 #: plugins/shopping_cart/views/public/_cart.html.erb:6
 #: plugins/shopping_cart/views/public/_cart.html.erb:19
 #: plugins/shopping_cart/views/shopping_cart_plugin/buy.html.erb:3
-#, fuzzy
 msgid "Shopping checkout"
-msgstr "Учебный статус"
+msgstr "Оформление и оплата заказа"
  
 #: plugins/shopping_cart/views/public/_cart.html.erb:8
-#, fuzzy
 msgid "Basket is empty"
-msgstr "Не отображать"
+msgstr "Корзина пуста"
  
 #: plugins/shopping_cart/views/public/_cart.html.erb:14
 msgid "Basket"
-msgstr ""
+msgstr "Корзина"
  
 #: plugins/shopping_cart/views/public/_cart.html.erb:16
-#, fuzzy
 msgid "Clean basket"
-msgstr "Открыть чат"
+msgstr "Чистая корзина"
  
 #: plugins/shopping_cart/views/public/_cart.html.erb:20
 #: plugins/shopping_cart/views/shopping_cart_plugin/_items.html.erb:42
-#, fuzzy
 msgid "Total:"
-msgstr "Получатель:"
+msgstr "Всего:"
  
 #: plugins/shopping_cart/views/public/_cart.html.erb:23
-#, fuzzy
 msgid "Show basket"
-msgstr "Учебный статус"
+msgstr "Показать корзину"
  
 #: plugins/shopping_cart/views/public/_cart.html.erb:24
-#, fuzzy
 msgid "Hide basket"
-msgstr "Спрятать"
+msgstr "Спрятать корзину"
  
 #: plugins/shopping_cart/views/public/_cart.html.erb:44
 msgid "Ups... I had a problem to load the basket list."
-msgstr ""
+msgstr "Ой... Проблема с загрузкой списка корзины."
  
 #: plugins/shopping_cart/views/public/_cart.html.erb:46
-#, fuzzy
 msgid "Did you want to reload this page?"
-msgstr "Хотите присоединиться к группе?"
+msgstr "Хотите перезагрузить эту страницу?"
  
 #: plugins/shopping_cart/views/public/_cart.html.erb:49
 msgid "Sorry, you can't have more then 100 kinds of items on this basket."
-msgstr ""
+msgstr "Извините, но в корзине не может быть более 100 товаров."
  
 #: plugins/shopping_cart/views/public/_cart.html.erb:51
 msgid "Oops, you must wait your last request to finish first!"
 msgstr ""
  
 #: plugins/shopping_cart/views/public/_cart.html.erb:52
-#, fuzzy
 msgid "Are you sure you want to remove this item?"
-msgstr "Вы уверены что хотите удалить этот элемент?"
+msgstr "Вы уверены, что хотите удалить этот товар?"
  
 #: plugins/shopping_cart/views/public/_cart.html.erb:53
-#, fuzzy
 msgid "Are you sure you want to clean your basket?"
-msgstr "Вы уверены что хотите выйти?"
+msgstr "Вы уверены, что хотите удалить все из корзины?"
  
 #: plugins/shopping_cart/views/public/_cart.html.erb:54
 msgid "repeat order"
-msgstr ""
+msgstr "Повторить заказ"
  
 #: plugins/shopping_cart/views/shopping_cart_plugin/_items.html.erb:7
-#, fuzzy
 msgid "Item name"
-msgstr "Имя файла"
+msgstr "Название товара"
  
 #: plugins/shopping_cart/views/shopping_cart_plugin/_items.html.erb:13
 msgid "Price"
-msgstr ""
+msgstr "Цена"
  
 #: plugins/shopping_cart/views/shopping_cart_plugin/mailer/customer_notification.html.erb:7
 #: plugins/shopping_cart/views/shopping_cart_plugin/mailer/supplier_notification.html.erb:7
@@ -207,45 +191,40 @@ msgid &quot;&quot;
 msgstr ""
  
 #: plugins/shopping_cart/views/shopping_cart_plugin/mailer/customer_notification.html.erb:12
-#, fuzzy
 msgid "If you have any doubts about your order, write to us at: %s."
-msgstr "У вас еще нет контактов"
+msgstr "Если у вас есть какие-либо сомнения в вашем заказе, свяжитесь с нами:%."
  
 #: plugins/shopping_cart/views/shopping_cart_plugin/mailer/customer_notification.html.erb:13
 msgid "Review below the informations of your order:"
-msgstr ""
+msgstr "Проверьте ваш заказ:"
  
 #: plugins/shopping_cart/views/shopping_cart_plugin/mailer/customer_notification.html.erb:19
 #: plugins/shopping_cart/views/shopping_cart_plugin/mailer/supplier_notification.html.erb:17
-#, fuzzy
 msgid "Phone number"
-msgstr "один участник"
+msgstr "Номер телефона"
  
 #: plugins/shopping_cart/views/shopping_cart_plugin/mailer/customer_notification.html.erb:22
 #: plugins/shopping_cart/views/shopping_cart_plugin/buy.html.erb:22
 msgid "Payment's method"
-msgstr ""
+msgstr "Метод оплаты"
  
 #: plugins/shopping_cart/views/shopping_cart_plugin/mailer/customer_notification.html.erb:24
 #: plugins/shopping_cart/views/shopping_cart_plugin/mailer/supplier_notification.html.erb:22
 #: plugins/shopping_cart/views/shopping_cart_plugin/buy.html.erb:26
-#, fuzzy
 msgid "shopping_cart|Change"
-msgstr "Учебный статус"
+msgstr "Покупательская корзина|Изменения"
  
 #: plugins/shopping_cart/views/shopping_cart_plugin/mailer/customer_notification.html.erb:28
-#, fuzzy
 msgid "Delivery or pickup"
-msgstr "Уничтожить профиль"
+msgstr "Доставка или получение на месте"
  
 #: plugins/shopping_cart/views/shopping_cart_plugin/mailer/customer_notification.html.erb:63
 msgid "Here are the products you bought:"
-msgstr ""
+msgstr "Вот купленный вами товар:"
  
 #: plugins/shopping_cart/views/shopping_cart_plugin/mailer/customer_notification.html.erb:67
-#, fuzzy
 msgid "Thanks for buying with us!"
-msgstr "Спасибо за регистрацию!"
+msgstr "Спасибо за вашу покупку!"
  
 #: plugins/shopping_cart/views/shopping_cart_plugin/mailer/customer_notification.html.erb:70
 #: plugins/shopping_cart/views/shopping_cart_plugin/mailer/supplier_notification.html.erb:61
@@ -259,28 +238,29 @@ msgstr &quot;Это републикация \&quot;%s\&quot;, от %s.&quot;
  
 #: plugins/shopping_cart/views/shopping_cart_plugin/mailer/supplier_notification.html.erb:11
 msgid "Below follows the customer informations:"
-msgstr ""
+msgstr "Ниже изображена информация покупателя:"
  
 #: plugins/shopping_cart/views/shopping_cart_plugin/mailer/supplier_notification.html.erb:20
 #: plugins/shopping_cart/views/shopping_cart_plugin/buy.html.erb:25
 msgid "Payment"
-msgstr ""
+msgstr "Оплата"
  
 #: plugins/shopping_cart/views/shopping_cart_plugin/mailer/supplier_notification.html.erb:55
 msgid "And here are the items bought by this customer:"
-msgstr ""
+msgstr "Вот товары, купленные этим покупателем:"
  
 #: plugins/shopping_cart/views/shopping_cart_plugin/mailer/supplier_notification.html.erb:59
 msgid "If there are any problems with this email contact the admin of %s."
 msgstr ""
+"Если есть проблемы с этим электронным сообщением, свяжитесь с администрацией."
  
 #: plugins/shopping_cart/views/shopping_cart_plugin/buy.html.erb:4
 msgid "haven't finished yet: back to shopping"
-msgstr ""
+msgstr "еще не закончил: назад к покупкам"
  
 #: plugins/shopping_cart/views/shopping_cart_plugin/buy.html.erb:12
 msgid "Personal identification"
-msgstr ""
+msgstr "Личная идентификация"
  
 #: plugins/shopping_cart/views/shopping_cart_plugin/buy.html.erb:15
 msgid "Name"
@@ -293,16 +273,15 @@ msgstr &quot;E-Mail&quot;
  
 #: plugins/shopping_cart/views/shopping_cart_plugin/buy.html.erb:17
 msgid "Contact phone"
-msgstr ""
+msgstr "Контактный телефон"
  
 #: plugins/shopping_cart/views/shopping_cart_plugin/buy.html.erb:32
-#, fuzzy
 msgid "Delivery or pickup method"
-msgstr "Уничтожить профиль"
+msgstr "Доставка или получение на месте"
  
 #: plugins/shopping_cart/views/shopping_cart_plugin/buy.html.erb:40
 msgid "Your Order"
-msgstr ""
+msgstr "Ваш заказ"
  
 #: plugins/shopping_cart/views/shopping_cart_plugin/buy.html.erb:47
 #, fuzzy
@@ -6,11 +6,11 @@
 <script>
   jQuery( document ).ready(function( $ ) {
     <% actions.each_with_index do |action, index| %>
-      <%= "siteTourPlugin.add('#{j action[:group_name]}', '#{j action[:selector]}', '#{j parse_tour_description(action[:description])}', #{index + 1});" %>
+      <%= raw "siteTourPlugin.add('#{j action[:group_name]}', '#{j action[:selector]}', '#{j parse_tour_description(action[:description])}', #{index + 1});" %>
     <% end %>
  
     <% (group_triggers||[]).each do |group| %>
-      <%= "siteTourPlugin.addGroupTrigger('#{j group[:group_name]}', '#{j group[:selector]}', '#{j group[:event]}');" %>
+      <%= "siteTourPlugin.addGroupTrigger('#{j group[:group_name]}', '#{j group[:selector]}', '#{j group[:event]}');".html_safe %>
     <% end %>
  
     siteTourPlugin.setOption('nextLabel', '<%= _('Next') %>');
 SnifferPlugin.send :remove_const, :Opportunity if defined? SnifferPlugin::Opportunity
  
-class SnifferPlugin::Profile < ActiveRecord::Base
+class SnifferPlugin::Profile < ApplicationRecord
   belongs_to :profile
 end
-class SnifferPlugin::Opportunity < ActiveRecord::Base
+class SnifferPlugin::Opportunity < ApplicationRecord
   belongs_to :sniffer_profile, class_name: 'SnifferPlugin::Profile', foreign_key: :profile_id
 end
  
-class SnifferPlugin::Opportunity < ActiveRecord::Base
+class SnifferPlugin::Opportunity < ApplicationRecord
  
   self.table_name = :sniffer_plugin_opportunities
  
@@ -46,8 +46,8 @@
   var currentProfile = <%= filter_visible_attr_profile(profile).to_json %>;
   sniffer.search.map.load({
     "zoom": <%= GoogleMaps.initial_zoom.to_json %>,
-    "balloonUrl": <%= url_for(:controller => :sniffer_plugin_myprofile, :action => :map_balloon, :id => "_id_", :escape => false).to_json %>,
-    "myBalloonUrl": <%= url_for(:controller => :sniffer_plugin_myprofile, :action => :my_map_balloon, :escape => false).to_json %>,
+    "balloonUrl": <%= raw url_for(:controller => :sniffer_plugin_myprofile, :action => :map_balloon, :id => "_id_", :escape => false).to_json %>,
+    "myBalloonUrl": <%= raw url_for(:controller => :sniffer_plugin_myprofile, :action => :my_map_balloon, :escape => false).to_json %>,
     "profiles": <%=
       @profiles_data.map do |id, profile_data|
         data = filter_visible_attr_profile(profile_data[:profile])
@@ -55,7 +55,7 @@
         data[:suppliersProducts] = filter_visible_attr_suppliers_products(profile_data[:suppliers_products])
         data[:icon] = profile_data[:profile][:icon]
         data
-      end.to_json
+      end.to_json.html_safe
     %>
   });
 </script>
@@ -191,32 +191,5 @@ module ActsAsFaceted
  
 end
  
-ActiveRecord::Base.extend ActsAsFaceted::ActsMethods
-
-# from https://github.com/rubyworks/facets/blob/master/lib/core/facets/enumerable/graph.rb
-module Enumerable
-  def graph(&yld)
-    if yld
-      h = {}
-      each do |*kv|
-        r = yld[*kv]
-        case r
-        when Hash
-          nk, nv = *r.to_a[0]
-        when Range
-          nk, nv = r.first, r.last
-        else
-          nk, nv = *r
-        end
-        h[nk] = nv
-      end
-      h
-    else
-      Enumerator.new(self,:graph)
-    end
-  end
-
-  # Alias for #graph, which stands for "map hash".
-  alias_method :mash, :graph
-end
+ApplicationRecord.extend ActsAsFaceted::ActsMethods
  
@@ -35,7 +35,7 @@ module ActsAsSearchable
     module FindByContents
  
       def schema_name
-        (Noosfero::MultiTenancy.on? and ActiveRecord::Base.postgresql?) ? ActiveRecord::Base.connection.schema_search_path : ''
+        (Noosfero::MultiTenancy.on? and ApplicationRecord.postgresql?) ? ApplicationRecord.connection.schema_search_path : ''
       end
  
       def find_by_contents(query, pg_options = {}, options = {}, db_options = {})
@@ -84,4 +84,5 @@ module ActsAsSearchable
   end
 end
  
-ActiveRecord::Base.send(:extend, ActsAsSearchable::ClassMethods)
+ApplicationRecord.extend ActsAsSearchable::ClassMethods
+
@@ -2,11 +2,11 @@ require_relative &#39;../test_helper&#39;
 require "#{File.dirname(__FILE__)}/../../lib/acts_as_faceted"
  
  
-class TestModel < ActiveRecord::Base
+class TestModel < ApplicationRecord
   def self.f_type_proc(klass)
-    klass.constantize 
+    klass.constantize
     h = {
-      'UploadedFile' => "Uploaded File", 
+      'UploadedFile' => "Uploaded File",
       'TextArticle' => "Text",
       'Folder' => "Folder",
       'Event' => "Event",
@@ -92,7 +92,7 @@ class ActsAsFacetedTest &lt; ActiveSupport::TestCase
     assert_equivalent [["[* TO NOW-1YEARS/DAY]", "Older than one year", 10], ["[NOW-1YEARS TO NOW/DAY]", "Last year", 19]], r
   end
  
-  should 'return facet hash in map_facets_for' do 
+  should 'return facet hash in map_facets_for' do
     r = TestModel.map_facets_for(Environment.default)
     assert r.count, 2
  
@@ -147,7 +147,7 @@ class ActsAsFacetedTest &lt; ActiveSupport::TestCase
     facets = TestModel.map_facets_for(Environment.default)
     facet = facets.select{ |f| f[:id] == 'f_type' }.first
     facet_data = TestModel.map_facet_results facet, @facet_params, @facets, @all_facets, {}
-    sorted = TestModel.facet_result_sort(facet, facet_data, :alphabetically) 
+    sorted = TestModel.facet_result_sort(facet, facet_data, :alphabetically)
     assert_equal sorted,
       [["Folder", "Folder", 3], ["Gallery", "Gallery", 1], ["TextArticle", 'Text', 15], ["UploadedFile", "Uploaded File", 6]]
   end
@@ -156,7 +156,7 @@ class ActsAsFacetedTest &lt; ActiveSupport::TestCase
     facets = TestModel.map_facets_for(Environment.default)
     facet = facets.select{ |f| f[:id] == 'f_type' }.first
     facet_data = TestModel.map_facet_results facet, @facet_params, @facets, @all_facets, {}
-    sorted = TestModel.facet_result_sort(facet, facet_data, :count) 
+    sorted = TestModel.facet_result_sort(facet, facet_data, :count)
     assert_equal sorted,
       [["TextArticle", "Text", 15], ["UploadedFile", "Uploaded File", 6], ["Folder", "Folder", 3], ["Gallery", "Gallery", 1]]
   end
@@ -23,7 +23,7 @@ class ActsAsSearchableTest &lt; ActiveSupport::TestCase
   should 'not be searchable when disabled' do
 		# suppress warning about already initialized constant
 		silent { ActsAsSearchable::ClassMethods::ACTS_AS_SEARCHABLE_ENABLED = false }
-		
+
     @test_model.expects(:acts_as_solr).never
 		@test_model.acts_as_searchable
   end
-class DynamicAttribute < ActiveRecord::Base
+class DynamicAttribute < ApplicationRecord
   belongs_to :dynamicable, :polymorphic => true
 end
-class SpaminatorPlugin::Report < ActiveRecord::Base
+class SpaminatorPlugin::Report < ApplicationRecord
  
   serialize :failed, Hash
  
-class StoaPlugin::UspAlunoTurmaGrad < ActiveRecord::Base
+class StoaPlugin::UspAlunoTurmaGrad < ApplicationRecord
  
   establish_connection(:stoa)
  
-class StoaPlugin::UspUser < ActiveRecord::Base
+class StoaPlugin::UspUser < ApplicationRecord
  
   establish_connection(:stoa)
   self.table_name = 'pessoa'
@@ -6,7 +6,7 @@ class AccountControllerTest &lt; ActionController::TestCase
   SALT=YAML::load(File.open(StoaPlugin.root_path + 'config.yml'))['salt']
  
   @db = Tempfile.new('stoa-test')
-  configs = ActiveRecord::Base.configurations['stoa'] = {:adapter => 'sqlite3', :database => @db.path}
+  ActiveRecord::Base.configurations['stoa'] = {:adapter => 'sqlite3', :database => @db.path}
   ActiveRecord::Base.establish_connection(:stoa)
   ActiveRecord::Schema.verbose = false
   ActiveRecord::Schema.create_table "pessoa" do |t|
@@ -13,7 +13,7 @@ class StoaPluginProfileEditorControllerTest &lt; ActionController::TestCase
     login_as(@person.identifier)
     Environment.default.enable_plugin(StoaPlugin.name)
     db = Tempfile.new('stoa-test')
-    ActiveRecord::Base.configurations['stoa'] = {:adapter => 'sqlite3', :database => db.path}
+    ApplicationRecord.configurations['stoa'] = {:adapter => 'sqlite3', :database => db.path}
   end
  
   attr_accessor :person
@@ -9,7 +9,7 @@ class StoaPluginControllerTest &lt; ActionController::TestCase
     @controller = StoaPluginController.new
     @request    = ActionController::TestRequest.new
     @response   = ActionController::TestResponse.new
-    ActiveRecord::Base.configurations['stoa'] = {:adapter => 'sqlite3', :database => ':memory:', :verbosity => 'quiet'}
+    ApplicationRecord.configurations['stoa'] = {:adapter => 'sqlite3', :database => ':memory:', :verbosity => 'quiet'}
     env = Environment.default
     env.enable_plugin(StoaPlugin.name)
     env.enable('skip_new_user_email_confirmation')
@@ -5,7 +5,7 @@ class StoaPlugin::UspUserTest &lt; ActiveSupport::TestCase
   SALT=YAML::load(File.open(StoaPlugin.root_path + 'config.yml'))['salt']
  
   @db = Tempfile.new('stoa-test')
-  configs = ActiveRecord::Base.configurations['stoa'] = {:adapter => 'sqlite3', :database => @db.path}
+  ActiveRecord::Base.configurations['stoa'] = {:adapter => 'sqlite3', :database => @db.path}
   ActiveRecord::Base.establish_connection(:stoa)
   ActiveRecord::Schema.verbose = false
   ActiveRecord::Schema.create_table "pessoa" do |t|
@@ -14,6 +14,7 @@ class StoaPlugin::UspUserTest &lt; ActiveSupport::TestCase
     t.date     "dtanas"
   end
   ActiveRecord::Base.establish_connection(:test)
+  StoaPlugin::UspUser.reset_column_information
  
   def setup
     StoaPlugin::UspUser.create({:codpes => 123456, :cpf => Digest::MD5.hexdigest(SALT+'12345678'), :birth_date => '1970-01-30'}, :without_protection => true)
-class SubOrganizationsPlugin::ApprovePaternityRelation < ActiveRecord::Base
+class SubOrganizationsPlugin::ApprovePaternityRelation < ApplicationRecord
  
   belongs_to :task
   belongs_to :parent, :polymorphic => true
-class SubOrganizationsPlugin::Relation < ActiveRecord::Base
+class SubOrganizationsPlugin::Relation < ApplicationRecord
  
   belongs_to :parent, :polymorphic => true
   belongs_to :child, :polymorphic => true
 class CreateSuppliersPluginTables < ActiveRecord::Migration
   def self.up
     # check if distribution plugin already moved the table
-    return if ActiveRecord::Base.connection.table_exists? :suppliers_plugin_suppliers
+    return if ApplicationRecord.connection.table_exists? :suppliers_plugin_suppliers
  
     create_table :suppliers_plugin_suppliers do |t|
       t.integer  :profile_id
 class CreateSuppliersPluginSourceProduct < ActiveRecord::Migration
   def self.up
     # check if distribution plugin already moved the table
-    return if ActiveRecord::Base.connection.table_exists? "suppliers_plugin_source_products"
+    return if ApplicationRecord.connection.table_exists? "suppliers_plugin_source_products"
  
     create_table :suppliers_plugin_source_products do |t|
       t.integer  "from_product_id"
-class SuppliersPlugin::Supplier < ActiveRecord::Base
+class SuppliersPlugin::Supplier < ApplicationRecord
 end
  
 class AddActiveToSuppliersPluginSupplier < ActiveRecord::Migration
@@ -126,4 +126,4 @@ module DefaultDelegate
  
 end
  
-ActiveRecord::Base.extend DefaultDelegate::ClassMethods
+ApplicationRecord.extend DefaultDelegate::ClassMethods
-class SuppliersPlugin::SourceProduct < ActiveRecord::Base
+class SuppliersPlugin::SourceProduct < ApplicationRecord
  
   attr_accessible :from_product, :to_product, :quantity
  
-class SuppliersPlugin::Supplier < ActiveRecord::Base
+class SuppliersPlugin::Supplier < ApplicationRecord
  
   attr_accessor :distribute_products_on_create, :dont_destroy_dummy, :identifier_from_name
  
-class ToleranceTimePlugin::Publication < ActiveRecord::Base
+class ToleranceTimePlugin::Publication < ApplicationRecord
  
   belongs_to :target, :polymorphic => true
   validates_presence_of :target_id, :target_type
-class ToleranceTimePlugin::Tolerance < ActiveRecord::Base
+class ToleranceTimePlugin::Tolerance < ApplicationRecord
  
   belongs_to :profile
   validates_presence_of :profile_id
-class VolunteersPlugin::Assignment < ActiveRecord::Base
+class VolunteersPlugin::Assignment < ApplicationRecord
  
   attr_accessible :profile_id
  
-class VolunteersPlugin::Period < ActiveRecord::Base
+class VolunteersPlugin::Period < ApplicationRecord
  
   attr_accessible :name
   attr_accessible :start, :end
@@ -7,17 +7,17 @@ msgid &quot;&quot;
 msgstr ""
 "Project-Id-Version: 1.3~rc2-8-g01ea9f7\n"
 "POT-Creation-Date: 2015-11-04 12:36-0300\n"
-"PO-Revision-Date: 2014-12-12 14:23+0200\n"
-"Last-Translator: Michal Čihař <michal@cihar.com>\n"
-"Language-Team: Russian <https://hosted.weblate.org/projects/noosfero/"
-"noosfero/ru/>\n"
+"PO-Revision-Date: 2016-04-21 01:15+0000\n"
+"Last-Translator: Iryna Pruitt <jdpruitt2807@prodigy.net>\n"
+"Language-Team: Russian "
+"<https://hosted.weblate.org/projects/noosfero/noosfero/ru/>\n"
 "Language: ru\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
-"Plural-Forms: nplurals=3; plural=n%10==1 && n%100!=11 ? 0 : n%10>=2 && n"
-"%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2;\n"
-"X-Generator: Weblate 2.2-dev\n"
+"Plural-Forms: nplurals=3; plural=n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<="
+"4 && (n%100<10 || n%100>=20) ? 1 : 2;\n"
+"X-Generator: Weblate 2.6-dev\n"
  
 #: app/models/approve_comment.rb:17
 #, fuzzy
@@ -9948,7 +9948,7 @@ msgstr &quot;Список продуктов и услуг&quot;
  
 #: app/views/manage_products/index.html.erb:6
 msgid "Price"
-msgstr "цена"
+msgstr "Цена"
  
 #: app/views/manage_products/index.html.erb:11
 msgid "(no product registered yet)"
@@ -3,7 +3,7 @@
     <%= link_to _('Manual'), '/doc', id: "link-to-doc", class: 'icon-help' %>
   </div><!-- end id="footer-links" -->
   <div id="copyright">
-    <p><%= _('This social network uses <a href="http://noosfero.org/">Noosfero</a>, developed by %s and licensed under the <a href="http://www.gnu.org/licenses/agpl.html">GNU Affero General Public License</a> version 3 or any later version.') % link_to('Colivre', 'http://colivre.coop.br/') %></p>
+    <p><%= (_('This social network uses <a href="http://noosfero.org/">Noosfero</a>, developed by %s and licensed under the <a href="http://www.gnu.org/licenses/agpl.html">GNU Affero General Public License</a> version 3 or any later version.') % link_to('Colivre', 'http://colivre.coop.br/')).html_safe %></p>
   </div><!-- end id="copyright" -->
   <%= language_chooser(environment) %>
 </div>
 <div id="footer-content">
-  <p><%= _('This site uses <a href="http://noosfero.org/">Noosfero</a>, developed by %s and licensed under the <a href="http://www.gnu.org/licenses/agpl.html">GNU Affero General Public License</a> version 3 or any later version.') % link_to('Colivre', 'http://colivre.coop.br/') %></p>
+  <p><%= _('This site uses <a href="http://noosfero.org/">Noosfero</a>, developed by %s and licensed under the <a href="http://www.gnu.org/licenses/agpl.html">GNU Affero General Public License</a> version 3 or any later version.') % link_to('Colivre', 'http://colivre.coop.br/').html_safe %></p>
 </div>
@@ -82,3 +82,47 @@ div.pending-tasks {
 .task_responsible {
   text-align: right;
 }
+
+.task-processed li {
+  background-color: rgb(240, 240, 240);
+  border-radius: 8px;
+  margin: 10px 0;
+  list-style-type: none;
+  padding: 12px;
+}
+
+.task-processed .task.status-3 {
+  background-color: rgb(205, 252, 218);
+}
+
+.task-processed .task.status-2 {
+  background-color: rgb(255, 203, 203);
+}
+
+.task-processed ul {
+  padding: 0;
+}
+
+.task-processed .task-list .task .title {
+  border-bottom: 1px solid rgba(0, 0, 0, 0.1);
+  font-weight: bold;
+  color: rgb(44, 44, 44);
+}
+
+.task-processed .task .status {
+  float: right;
+  color: rgb(156, 156, 156);
+  font-weight: bold;
+}
+
+.task-processed .task .dates {
+  font-size: 11px;
+}
+
+.task-processed .task .closed-by {
+  font-size: 11px;
+}
+
+.task-processed .task .label {
+  font-weight: bold
+}
@@ -79,7 +79,7 @@ run(){
  
 _install(){
   # export so that recursive enables for dependencies inherit this option too
-  export BUNDLE_OPTS='install'
+  export NOOSFERO_BUNDLE_OPTS='install'
   _enable "$1"
 }
  
@@ -119,8 +119,8 @@ _enable(){
       if [ -e $source/Gemfile ]; then
         gemfile=$(mktemp --tmpdir=.)
         cat $NOOSFERO_DIR/Gemfile $source/Gemfile > $gemfile
-        if [ -z "$BUNDLE_OPTS" ]; then BUNDLE_OPTS="--local"; fi
-        if ! RUBYOPT='' BUNDLE_GEMFILE="$gemfile" bundle $BUNDLE_OPTS --quiet; then
+        if [ -z "$NOOSFERO_BUNDLE_OPTS" ]; then NOOSFERO_BUNDLE_OPTS="--local"; fi
+        if ! RUBYOPT='' BUNDLE_GEMFILE="$gemfile" bundle $NOOSFERO_BUNDLE_OPTS --quiet; then
           dependencies_ok=false
         else
           mv "$gemfile".lock Gemfile.lock
@@ -689,7 +689,7 @@ class AccountControllerTest &lt; ActionController::TestCase
   should 'merge user data with extra stuff from plugins' do
     class Plugin1 < Noosfero::Plugin
       def user_data_extras
-        {:foo => 'bar'}
+        {:foo => 'bar'.html_safe }
       end
     end
  
@@ -787,12 +787,12 @@ class AccountControllerTest &lt; ActionController::TestCase
   should 'add extra content on signup forms from plugins' do
     class Plugin1 < Noosfero::Plugin
       def signup_extra_contents
-        proc {"<strong>Plugin1 text</strong>"}
+        proc {"<strong>Plugin1 text</strong>".html_safe}
       end
     end
     class Plugin2 < Noosfero::Plugin
       def signup_extra_contents
-        proc {"<strong>Plugin2 text</strong>"}
+        proc {"<strong>Plugin2 text</strong>".html_safe}
       end
     end
     Noosfero::Plugin.stubs(:all).returns([Plugin1.name, Plugin2.name])
@@ -909,12 +909,12 @@ class AccountControllerTest &lt; ActionController::TestCase
   should 'add extra content on login form from plugins' do
     class Plugin1 < Noosfero::Plugin
       def login_extra_contents
-        proc {"<strong>Plugin1 text</strong>"}
+        proc {"<strong>Plugin1 text</strong>".html_safe}
       end
     end
     class Plugin2 < Noosfero::Plugin
       def login_extra_contents
-        proc {"<strong>Plugin2 text</strong>"}
+        proc {"<strong>Plugin2 text</strong>".html_safe}
       end
     end
     Noosfero::Plugin.stubs(:all).returns([Plugin1.name, Plugin2.name])
@@ -375,7 +375,7 @@ class ApplicationControllerTest &lt; ActionController::TestCase
   should 'include javascripts supplied by plugins' do
     class Plugin1 < Noosfero::Plugin
       def js_files
-        ['js1.js']
+        ['js1.js'.html_safe]
       end
     end
  
@@ -384,7 +384,7 @@ class ApplicationControllerTest &lt; ActionController::TestCase
  
     class Plugin2 < Noosfero::Plugin
       def js_files
-        ['js2.js', 'js3.js']
+        ['js2.js'.html_safe, 'js3.js'.html_safe]
       end
     end
  
@@ -409,12 +409,12 @@ class ApplicationControllerTest &lt; ActionController::TestCase
   should 'include content in the beginning of body supplied by plugins regardless it is a block or html code' do
     class TestBodyBeginning1Plugin < Noosfero::Plugin
       def body_beginning
-        lambda {"<span id='plugin1'>This is [[plugin1]] speaking!</span>"}
+        lambda {"<span id='plugin1'>This is [[plugin1]] speaking!</span>".html_safe}
       end
     end
     class TestBodyBeginning2Plugin < Noosfero::Plugin
       def body_beginning
-        "<span id='plugin2'>This is Plugin2 speaking!</span>"
+        "<span id='plugin2'>This is Plugin2 speaking!</span>".html_safe
       end
     end
  
@@ -432,12 +432,12 @@ class ApplicationControllerTest &lt; ActionController::TestCase
  
     class TestHeadEnding1Plugin < Noosfero::Plugin
       def head_ending
-        lambda {"<script>alert('This is [[plugin1]] speaking!')</script>"}
+        lambda {"<script>alert('This is [[plugin1]] speaking!')</script>".html_safe}
       end
     end
     class TestHeadEnding2Plugin < Noosfero::Plugin
       def head_ending
-        "<style>This is Plugin2 speaking!</style>"
+        "<style>This is Plugin2 speaking!</style>".html_safe
       end
     end
  
@@ -71,13 +71,13 @@ class CatalogControllerTest &lt; ActionController::TestCase
   should 'include extra content supplied by plugins on catalog item extras' do
     class Plugin1 < Noosfero::Plugin
       def catalog_item_extras(product)
-        proc {"<span id='plugin1'>This is Plugin1 speaking!</span>"}
+        proc {"<span id='plugin1'>This is Plugin1 speaking!</span>".html_safe}
       end
     end
  
     class Plugin2 < Noosfero::Plugin
       def catalog_item_extras(product)
-        proc {"<span id='plugin2'>This is Plugin2 speaking!</span>"}
+        proc {"<span id='plugin2'>This is Plugin2 speaking!</span>".html_safe}
       end
     end
     Noosfero::Plugin.stubs(:all).returns([Plugin1.name, Plugin2.name])
@@ -191,13 +191,13 @@ class EnterpriseRegistrationControllerTest &lt; ActionController::TestCase
   should 'include hidden fields supplied by plugins on enterprise registration' do
     class Plugin1 < Noosfero::Plugin
       def enterprise_registration_hidden_fields
-        {'plugin1' => 'Plugin 1'}
+        {'plugin1' => 'Plugin 1'.html_safe}
       end
     end
  
     class Plugin2 < Noosfero::Plugin
       def enterprise_registration_hidden_fields
-        {'plugin2' => 'Plugin 2'}
+        {'plugin2' => 'Plugin 2'.html_safe}
       end
     end
     Noosfero::Plugin.stubs(:all).returns([Plugin1.name, Plugin2.name])
@@ -13,7 +13,7 @@ class EventsControllerTest &lt; ActionController::TestCase
  
     get :events, :profile => profile.identifier
  
-    today = DateTime.now.strftime("%B %d, %Y")
+    today = DateTime.now.strftime("%B %d, %Y").html_safe
     assert_tag :tag => 'div', :attributes => {:id => "agenda-items"},
       :descendant => {:tag => 'h3', :content => "Events for #{today}"},
       :descendant => {:tag => 'tr', :content => "Joao Birthday"},
@@ -43,7 +43,7 @@ class FriendsControllerTest &lt; ActionController::TestCase
  
   should 'display find people button' do
     get :index, :profile => 'testuser'
-    assert_tag :tag => 'a', :content => 'Find people', :attributes => { :href => '/search/assets?asset=people' }
+    assert_tag :tag => 'a', :content => 'Find people', :attributes => { :href => '/search/assets?asset=people'.html_safe }
   end
  
   should 'not display invite friends button if any plugin tells not to' do
@@ -88,12 +88,12 @@ class HomeControllerTest &lt; ActionController::TestCase
   should 'provide a link to make the user authentication' do
     class Plugin1 < Noosfero::Plugin
       def alternative_authentication_link
-        proc {"<a href='plugin1'>Plugin1 link</a>"}
+        proc {"<a href='plugin1'>Plugin1 link</a>".html_safe}
       end
     end
     class Plugin2 < Noosfero::Plugin
       def alternative_authentication_link
-        proc {"<a href='plugin2'>Plugin2 link</a>"}
+        proc {"<a href='plugin2'>Plugin2 link</a>".html_safe}
       end
     end
     Noosfero::Plugin.stubs(:all).returns([Plugin1.name, Plugin2.name])
@@ -168,7 +168,7 @@ class HomeControllerTest &lt; ActionController::TestCase
   should 'plugins add class to the <html>' do
     class Plugin1 < Noosfero::Plugin
       def html_tag_classes
-        lambda { ['t1', 't2'] }
+        lambda { ['t1'.html_safe, 't2'.html_safe] }
       end
     end
  
@@ -429,12 +429,12 @@ class ManageProductsControllerTest &lt; ActionController::TestCase
   should 'include extra content supplied by plugins on products info extras' do
     class TestProductInfoExtras1Plugin < Noosfero::Plugin
       def product_info_extras(p)
-        proc {"<span id='plugin1'>This is Plugin1 speaking!</span>"}
+        proc {"<span id='plugin1'>This is Plugin1 speaking!</span>".html_safe}
       end
     end
     class TestProductInfoExtras2Plugin < Noosfero::Plugin
       def product_info_extras(p)
-        proc { "<span id='plugin2'>This is Plugin2 speaking!</span>" }
+        proc { "<span id='plugin2'>This is Plugin2 speaking!</span>".html_safe }
       end
     end
  
@@ -125,7 +125,7 @@ class ProfileControllerTest &lt; ActionController::TestCase
     @profile.articles.create!(:name => 'testarticle', :tag_list => 'tag1')
     get :content_tagged, :profile => @profile.identifier, :id => 'tag1'
  
-    assert_tag :tag => 'a', :attributes => { :href => '/tag/tag1' }, :content => 'See content tagged with "tag1" in the entire site'
+    assert_tag :tag => 'a', :attributes => { :href => '/tag/tag1' }, :content => 'See content tagged with "tag1" in the entire site'.html_safe
   end
  
   should 'show a link to own control panel' do
@@ -512,7 +512,7 @@ class ProfileControllerTest &lt; ActionController::TestCase
   should 'show description of orgarnization' do
     login_as(@profile.identifier)
     ent = fast_create(Enterprise)
-    ent.description = 'Enterprise\'s description'
+    ent.description = "<span>Enterprise's description</span>"
     ent.save
     get :index, :profile => ent.identifier
     assert_tag :tag => 'div', :attributes => { :class => 'public-profile-description' }, :content => /Enterprise\'s description/
@@ -1236,13 +1236,13 @@ class ProfileControllerTest &lt; ActionController::TestCase
   should 'display plugins tabs' do
     class Plugin1 < Noosfero::Plugin
       def profile_tabs
-        {:title => 'Plugin1 tab', :id => 'plugin1_tab', :content => proc { 'Content from plugin1.' }}
+        {:title => 'Plugin1 tab', :id => 'plugin1_tab', :content => proc { 'Content from plugin1.'.html_safe }}
       end
     end
  
     class Plugin2 < Noosfero::Plugin
       def profile_tabs
-        {:title => 'Plugin2 tab', :id => 'plugin2_tab', :content => proc { 'Content from plugin2.' }}
+        {:title => 'Plugin2 tab', :id => 'plugin2_tab', :content => proc { 'Content from plugin2.'.html_safe }}
       end
     end
     Noosfero::Plugin.stubs(:all).returns([Plugin1.to_s, Plugin2.to_s])
@@ -1002,7 +1002,7 @@ class ProfileEditorControllerTest &lt; ActionController::TestCase
   should 'add extra content provided by plugins on edit' do
     class TestProfileEditPlugin < Noosfero::Plugin
       def profile_editor_extras
-        "<input id='field_added_by_plugin' value='value_of_field_added_by_plugin'/>"
+        "<input id='field_added_by_plugin' value='value_of_field_added_by_plugin'/>".html_safe
       end
     end
     Noosfero::Plugin.stubs(:all).returns([TestProfileEditPlugin.to_s])
@@ -1018,7 +1018,7 @@ class ProfileEditorControllerTest &lt; ActionController::TestCase
     class TestProfileEditPlugin < Noosfero::Plugin
       def profile_editor_extras
         lambda do
-          render :text => "<input id='field_added_by_plugin' value='value_of_field_added_by_plugin'/>"
+          (render :text => "<input id='field_added_by_plugin' value='value_of_field_added_by_plugin'/>".html_safe).html_safe
         end
       end
     end
@@ -1043,12 +1043,12 @@ class ProfileEditorControllerTest &lt; ActionController::TestCase
   should 'add extra content on person info from plugins' do
     class Plugin1 < Noosfero::Plugin
       def profile_info_extra_contents
-        proc {"<strong>Plugin1 text</strong>"}
+        proc {"<strong>Plugin1 text</strong>".html_safe}
       end
     end
     class Plugin2 < Noosfero::Plugin
       def profile_info_extra_contents
-        proc {"<strong>Plugin2 text</strong>"}
+        proc {"<strong>Plugin2 text</strong>".html_safe}
       end
     end
     Noosfero::Plugin.stubs(:all).returns([Plugin1.to_s, Plugin2.to_s])
@@ -1065,12 +1065,12 @@ class ProfileEditorControllerTest &lt; ActionController::TestCase
   should 'add extra content on organization info from plugins' do
     class Plugin1 < Noosfero::Plugin
       def profile_info_extra_contents
-        proc {"<strong>Plugin1 text</strong>"}
+        proc {"<strong>Plugin1 text</strong>".html_safe}
       end
     end
     class Plugin2 < Noosfero::Plugin
       def profile_info_extra_contents
-        proc {"<strong>Plugin2 text</strong>"}
+        proc {"<strong>Plugin2 text</strong>".html_safe}
       end
     end
     Noosfero::Plugin.stubs(:all).returns([Plugin1.to_s, Plugin2.to_s])
@@ -80,7 +80,7 @@ class RoleControllerTest &lt; ActionController::TestCase
     role = Role.create!(:name => 'environment_role', :key => 'environment_role', :environment => Environment.default)
     get :edit, :id => role.id
     ['Environment', 'Profile'].each do |key|
-      ActiveRecord::Base::PERMISSIONS[key].each do |permission, value|
+      ApplicationRecord::PERMISSIONS[key].each do |permission, value|
         assert_select ".permissions.#{key.downcase} input##{permission}"
       end
     end
@@ -89,7 +89,7 @@ class RoleControllerTest &lt; ActionController::TestCase
   should 'display permissions only for profile when editing a profile role' do
     role = Role.create!(:name => 'profile_role', :key => 'profile_role', :environment => Environment.default)
     get :edit, :id => role.id
-    ActiveRecord::Base::PERMISSIONS['Profile'].each do |permission, value|
+    ApplicationRecord::PERMISSIONS['Profile'].each do |permission, value|
       assert_select "input##{permission}"
     end
     assert_select ".permissions.environment", false
@@ -150,13 +150,13 @@ class SearchControllerTest &lt; ActionController::TestCase
   should 'include extra content supplied by plugins on product asset' do
     class Plugin1 < Noosfero::Plugin
       def asset_product_extras(product)
-        proc {"<span id='plugin1'>This is Plugin1 speaking!</span>"}
+        proc {"<span id='plugin1'>This is Plugin1 speaking!</span>".html_safe}
       end
     end
  
     class Plugin2 < Noosfero::Plugin
       def asset_product_extras(product)
-        proc {"<span id='plugin2'>This is Plugin2 speaking!</span>"}
+        proc {"<span id='plugin2'>This is Plugin2 speaking!</span>".html_safe}
       end
     end
     Noosfero::Plugin.stubs(:all).returns([Plugin1.to_s, Plugin2.to_s])
@@ -75,6 +75,7 @@ class TasksControllerTest &lt; ActionController::TestCase
  
     assert_response :success
     assert_template 'processed'
+    assert !assigns(:tasks).nil?
     assert_kind_of ActiveRecord::Relation, assigns(:tasks)
   end
  
@@ -761,32 +762,6 @@ class TasksControllerTest &lt; ActionController::TestCase
     assert_not_includes task_one.tags_from(nil), 'test'
   end
  
-  should 'filter processed tasks by all filters' do
-    requestor = fast_create(Person)
-    closed_by = fast_create(Person)
-    class AnotherTask < Task; end
-
-    created_date = DateTime.now
-    processed_date = DateTime.now
-
-    task_params = {:status => Task::Status::FINISHED, :requestor => requestor, :target => profile, :created_at => created_date, :end_date => processed_date, :closed_by => closed_by, :data => {:field => 'some data field'}}
-
-    task = create(AnotherTask, task_params)
-    create(Task, task_params)
-    create(AnotherTask, task_params.clone.merge(:status => Task::Status::CANCELLED))
-    create(AnotherTask, task_params.clone.merge(:created_at => created_date - 1.day))
-    create(AnotherTask, task_params.clone.merge(:created_at => created_date + 1.day))
-    create(AnotherTask, task_params.clone.merge(:end_date => processed_date - 1.day))
-    create(AnotherTask, task_params.clone.merge(:end_date => processed_date + 1.day))
-    create(AnotherTask, task_params.clone.merge(:requestor => fast_create(Person, :name => 'another-requestor')))
-    create(AnotherTask, task_params.clone.merge(:closed_by => fast_create(Person, :name => 'another-closer')))
-    create(AnotherTask, task_params.clone.merge(:data => {:field => 'other data field'}))
-
-    get :processed, :filter => {:type => AnotherTask, :status => Task::Status::FINISHED, :created_from => created_date, :created_until => created_date, :closed_from => processed_date, :closed_until => processed_date, :requestor => requestor.name, :closed_by => closed_by.name, :text => 'some data field'}
-    assert_response :success
-    assert_equal [task], assigns(:tasks)
-  end
-
   should 'list custom field details in moderation user tasks when moderation_tasks is true' do
     person_custom_field = CustomField.create(:name => "great_field", :format=>"string", :default_value => "value for person", :customized_type=>"Person", :active => true, :environment => Environment.default, :moderation_task => true, :required => true)
     p1 = create_user("great_person").person
@@ -847,4 +822,30 @@ class TasksControllerTest &lt; ActionController::TestCase
     assert_equal [email_template], assigns(:rejection_email_templates)
   end
  
+  should 'filter processed tasks by all filters' do
+    requestor = fast_create(Person)
+    closed_by = fast_create(Person)
+    class AnotherTask < Task; end
+
+    created_date = DateTime.now
+    processed_date = DateTime.now
+
+    task_params = {:status => Task::Status::FINISHED, :requestor => requestor, :target => profile, :created_at => created_date, :end_date => processed_date, :closed_by => closed_by, :data => {:field => 'some data field'}}
+
+    task = create(AnotherTask, task_params)
+    create(Task, task_params)
+    create(AnotherTask, task_params.clone.merge(:status => Task::Status::CANCELLED))
+    create(AnotherTask, task_params.clone.merge(:created_at => created_date - 1.day))
+    create(AnotherTask, task_params.clone.merge(:created_at => created_date + 1.day))
+    create(AnotherTask, task_params.clone.merge(:end_date => processed_date - 1.day))
+    create(AnotherTask, task_params.clone.merge(:end_date => processed_date + 1.day))
+    create(AnotherTask, task_params.clone.merge(:requestor => fast_create(Person, :name => 'another-requestor')))
+    create(AnotherTask, task_params.clone.merge(:closed_by => fast_create(Person, :name => 'another-closer')))
+    create(AnotherTask, task_params.clone.merge(:data => {:field => "other data field"}))
+
+    get :processed, :filter => {:type => AnotherTask, :status => Task::Status::FINISHED, :created_from => created_date, :created_until => created_date, :closed_from => processed_date, :closed_until => processed_date, :requestor => requestor.name, :closed_by => closed_by.name, :text => "some data field"}
+    assert_response :success
+    assert_equal [task], assigns(:tasks)
+  end
+
 end
@@ -29,12 +29,12 @@ class MultiTenancyTest &lt; ActionDispatch::IntegrationTest
     user = create_user
     session_obj = create(Session, user_id: user.id, session_id: 'some_id', data: {})
     person_identifier = user.person.identifier
-    
+
     Noosfero::MultiTenancy.setup!('schema1.com')
     host! 'schema2.com'
     cookies[:_noosfero_session] = session_obj.session_id
     assert_nothing_raised { get "/myprofile/#{person_identifier}" }
-    assert_equal 'public', ActiveRecord::Base.connection.schema_search_path
+    assert_equal 'public', ApplicationRecord.connection.schema_search_path
   end
  
 end
 require File.expand_path(File.dirname(__FILE__) +  "/../../../app/models/environment")
  
-class Environment < ActiveRecord::Base
+class Environment < ApplicationRecord
   def self.available_features
     {
     'feature1' => 'Enable Feature 1',
@@ -22,7 +22,7 @@ class TestController &lt; ApplicationController
   end
  
   def help_textile_with_string
-    render :inline => '<%= help_textile "*my_bold_help_message*" %>'
+    render :inline => '<%= help_textile "*my_bold_help_message*".html_safe %>'
   end
  
   def help_textile_with_block
@@ -5,9 +5,9 @@ module Noosfero::Factory
     attrs[:slug] = attrs[:name].to_slug if attrs[:name].present? && attrs[:slug].blank? && defaults[:slug].present?
     data = defaults_for(name.to_s.gsub('::','')).merge(attrs)
     klass = name.to_s.camelize.constantize
-    if klass.superclass != ActiveRecord::Base
-      data[:type] = klass.to_s
-    end
+
+    data[:type] = klass.to_s if klass.column_names.include? 'type'
+
     if options[:timestamps]
       fast_insert_with_timestamps(klass, data)
     else
@@ -129,7 +129,7 @@ module Noosfero::Factory
  
   def fast_insert(klass, data)
     names = data.keys
-    values = names.map {|k| ActiveRecord::Base.send(:sanitize_sql_array, ['?', data[k]]) }
+    values = names.map {|k| ApplicationRecord.send(:sanitize_sql_array, ['?', data[k]]) }
     sql = 'insert into %s(%s) values (%s)' % [klass.table_name, names.join(','), values.join(',')]
     klass.connection.execute(sql)
     klass.order(:id).last
@@ -187,14 +187,14 @@ class ActiveSupport::TestCase
   end
  
   def uses_postgresql(schema_name = 'test_schema')
-    adapter = ActiveRecord::Base.connection.class
+    adapter = ApplicationRecord.connection.class
     adapter.any_instance.stubs(:adapter_name).returns('PostgreSQL')
     adapter.any_instance.stubs(:schema_search_path).returns(schema_name)
     Noosfero::MultiTenancy.stubs(:on?).returns(true)
   end
  
   def uses_sqlite
-    adapter = ActiveRecord::Base.connection.class
+    adapter = ApplicationRecord.connection.class
     adapter.any_instance.stubs(:adapter_name).returns('SQLite')
     Noosfero::MultiTenancy.stubs(:on?).returns(false)
   end
@@ -43,7 +43,8 @@ class BlogHelperTest &lt; ActionView::TestCase
       "<#{tag}#{options.map{|k,v| " #{k}=\"#{[v].flatten.join(' ')}\""}.join}>#{content}</#{tag}>"
     end
  
-    html = Nokogiri::HTML list_posts(blog.posts)
+    html = Nokogiri::HTML list_posts(blog.posts).html_safe
+
     assert_select html, "div#post-#{newer_post.id}.blog-post.position-1.first.odd-post" +
                         " > div.odd-post-inner.blog-post-inner > .title", 'Last post'
     assert_select html, "div#post-#{hidden_post.id}.blog-post.position-2.not-published.even-post" +
@@ -22,7 +22,7 @@ class GeoRefTest &lt; ActiveSupport::TestCase
     @acme = Enterprise.create! environment: env, identifier: 'acme', name: 'ACME',
         city: 'Salvador', state: 'Bahia', country: 'BR', lat: -12.9, lng: -38.5
     def sql_dist_to(ll)
-      ActiveRecord::Base.connection.execute(
+      ApplicationRecord.connection.execute(
         "SELECT #{Noosfero::GeoRef.sql_dist ll[0], ll[1]} as dist" +
         " FROM profiles WHERE id = #{@acme.id};"
       ).first['dist'].to_f.round
@@ -36,7 +36,7 @@ class MultiTenancyTest &lt; ActiveSupport::TestCase
  
   def test_set_schema_by_host
     Noosfero::MultiTenancy.expects(:mapping).returns({ 'host' => 'schema' })
-    adapter = ActiveRecord::Base.connection.class
+    adapter = ApplicationRecord.connection.class
     adapter.any_instance.expects(:schema_search_path=).with('schema').returns(true)
     assert Noosfero::MultiTenancy.db_by_host = 'host'
   end
@@ -43,13 +43,13 @@ class PluginManagerTest &lt; ActiveSupport::TestCase
  
     class Plugin1 < Noosfero::Plugin
       def random_event
-        'Plugin 1 action.'
+        'Plugin 1 action.'.html_safe
       end
     end
  
     class Plugin2 < Noosfero::Plugin
       def random_event
-        'Plugin 2 action.'
+        'Plugin 2 action.'.html_safe
       end
     end
     Noosfero::Plugin.stubs(:all).returns(['PluginManagerTest::Plugin1', 'PluginManagerTest::Plugin2'])
@@ -70,19 +70,19 @@ class PluginManagerTest &lt; ActiveSupport::TestCase
  
     class Plugin1 < Noosfero::Plugin
       def random_event
-        'Plugin 1 action.'
+        'Plugin 1 action.'.html_safe
       end
     end
  
     class Plugin2 < Noosfero::Plugin
       def random_event
-        'Plugin 2 action.'
+        'Plugin 2 action.'.html_safe
       end
     end
  
     class Plugin3 < Noosfero::Plugin
       def random_event
-        'Plugin 3 action.'
+        'Plugin 3 action.'.html_safe
       end
     end
     Noosfero::Plugin.stubs(:all).returns(['PluginManagerTest::Plugin1', 'PluginManagerTest::Plugin2', 'PluginManagerTest::Plugin3'])
@@ -2,6 +2,8 @@ require_relative &quot;../test_helper&quot;
  
 class RecentDocumentsBlockTest < ActiveSupport::TestCase
  
+  include ActionView::Helpers::OutputSafetyHelper
+
   def setup
     @articles = []
     @profile = create_user('testinguser').person
@@ -1,34 +0,0 @@
-require_relative "../test_helper"
-
-# if this test is run without SQLite (e.g. with mysql or postgres), the tests
-# will just pass. The idea is to test our local extensions to SQLite.
-class SQliteExtensionTest < ActiveSupport::TestCase
-
-  if ActiveRecord::Base.connection.adapter_name =~ /^sqlite$/i
-
-    should 'have power function' do
-      assert_in_delta 8.0, ActiveRecord::Base.connection.execute('select pow(2.0, 3.0) as result').first['result'], 0.0001
-    end
-
-    should 'have radians function' do
-      assert_in_delta Math::PI/2, ActiveRecord::Base.connection.execute('select radians(90) as rad').first['rad'], 0.0001
-    end
-
-    should 'have square root function' do
-      assert_in_delta 1.4142, ActiveRecord::Base.connection.execute('select sqrt(2) as sqrt').first['sqrt'], 0.0001
-    end
-
-    should 'have a distance function' do
-      args = [32.918593, -96.958444, 32.951613, -96.958444].map{|l|l * Math::PI/180}
-      assert_in_delta 2.28402, ActiveRecord::Base.connection.execute("select spheric_distance(#{args.inspect[1..-2]}, 3963.19) as dist").first['dist'], 0.0001
-    end
-
-  else
-
-    should 'just pass (not using SQLite)' do
-      assert true
-    end
-
-  end
-
-end
...	...	@@ -30,14 +30,47 @@ integration:
30	30	script: bundle exec rake test:integration
31	31	stage: all-tests
32	32
33		-cucumber:
34		- script: bundle exec rake cucumber
	33	+cucumber-1:
	34	+ script: SLICE=1/2 bundle exec rake cucumber
	35	+ stage: all-tests
	36	+cucumber-2:
	37	+ script: SLICE=2/2 bundle exec rake cucumber
35	38	stage: all-tests
36	39
37		-selenium:
38		- script: bundle exec rake selenium
	40	+selenium-1:
	41	+ script: SLICE=1/6 bundle exec rake selenium
	42	+ stage: all-tests
	43	+selenium-2:
	44	+ script: SLICE=2/6 bundle exec rake selenium
	45	+ stage: all-tests
	46	+selenium-3:
	47	+ script: SLICE=3/6 bundle exec rake selenium
	48	+ stage: all-tests
	49	+selenium-4:
	50	+ script: SLICE=4/6 bundle exec rake selenium
	51	+ stage: all-tests
	52	+selenium-5:
	53	+ script: SLICE=5/6 bundle exec rake selenium
	54	+ stage: all-tests
	55	+selenium-6:
	56	+ script: SLICE=6/6 bundle exec rake selenium
39	57	stage: all-tests
40	58
41		-plugins:
42		- script: bundle exec rake test:noosfero_plugins
	59	+# NOOSFERO_BUNDLE_OPTS=install makes migrations fails
	60	+# probably because of rubygems-integration
	61	+plugins-1:
	62	+ script: SLICE=1/5 bundle exec rake test:noosfero_plugins
43	63	stage: all-tests
	64	+plugins-2:
	65	+ script: SLICE=2/5 bundle exec rake test:noosfero_plugins
	66	+ stage: all-tests
	67	+plugins-3:
	68	+ script: SLICE=3/5 bundle exec rake test:noosfero_plugins
	69	+ stage: all-tests
	70	+plugins-4:
	71	+ script: SLICE=4/5 bundle exec rake test:noosfero_plugins
	72	+ stage: all-tests
	73	+plugins-5:
	74	+ script: SLICE=5/5 bundle exec rake test:noosfero_plugins
	75	+ stage: all-tests
	76	+
...	...
...	...	@@ -61,11 +61,11 @@ env:
61	61	- SLICE=2/4 TASK=selenium
62	62	- SLICE=3/4 TASK=selenium
63	63	- SLICE=4/4 TASK=selenium
64		- - SLICE=1/5 TASK=test:noosfero_plugins BUNDLE_OPTS=install
65		- - SLICE=2/5 TASK=test:noosfero_plugins BUNDLE_OPTS=install
66		- - SLICE=3/5 TASK=test:noosfero_plugins BUNDLE_OPTS=install
67		- - SLICE=4/5 TASK=test:noosfero_plugins BUNDLE_OPTS=install
68		- - SLICE=5/5 TASK=test:noosfero_plugins BUNDLE_OPTS=install
	64	+ - SLICE=1/5 TASK=test:noosfero_plugins NOOSFERO_BUNDLE_OPTS=install
	65	+ - SLICE=2/5 TASK=test:noosfero_plugins NOOSFERO_BUNDLE_OPTS=install
	66	+ - SLICE=3/5 TASK=test:noosfero_plugins NOOSFERO_BUNDLE_OPTS=install
	67	+ - SLICE=4/5 TASK=test:noosfero_plugins NOOSFERO_BUNDLE_OPTS=install
	68	+ - SLICE=5/5 TASK=test:noosfero_plugins NOOSFERO_BUNDLE_OPTS=install
69	69
70	70	script:
71	71	- ./script/ci
...	...
...	...	@@ -99,7 +99,7 @@ Description of contents
99	99	Holds controllers that should be named like weblog_controller.rb for automated URL mapping. All controllers should descend from `ActionController::Base`.
100	100
101	101	* `app/models`
102		- Holds models that should be named like post.rb. Most models will descend from `ActiveRecord::Base`.
	102	+ Holds models that should be named like post.rb. Most models will descend from `ApplicationRecord`.
103	103
104	104	* `app/views`
105	105	Holds the template files for the view that should be named like `weblog/index.rhtml` for the `WeblogController#index` action. All views use eRuby syntax. This directory can also be used to keep stylesheets, images, and so on that can be symlinked to public.
...	...
...	...	@@ -108,7 +108,7 @@ class CmsController < MyProfileController
108	108	end
109	109
110	110	def new
111		- # FIXME this method should share some logic wirh edit !!!
	111	+ # FIXME this method should share some logic with edit !!!
112	112
113	113	@success_back_to = params[:success_back_to]
114	114	# user must choose an article type first
...	...	@@ -365,7 +365,7 @@ class CmsController < MyProfileController
365	365	def search
366	366	query = params[:q]
367	367	results = find_by_contents(:uploaded_files, profile, profile.files.published, query)[:results]
368		- render :text => article_list_to_json(results), :content_type => 'application/json'
	368	+ render :text => article_list_to_json(results).html_safe, :content_type => 'application/json'
369	369	end
370	370
371	371	def search_article_privacy_exceptions
...	...
...	...	@@ -32,6 +32,7 @@ class ProfileEditorController < MyProfileController
32	32	Image.transaction do
33	33	begin
34	34	@plugins.dispatch(:profile_editor_transaction_extras)
	35	+ # TODO: This is unsafe! Add sanitizer
35	36	@profile_data.update!(params[:profile_data])
36	37	redirect_to :action => 'index', :profile => profile.identifier
37	38	rescue Exception => ex
...	...
...	...	@@ -162,34 +162,25 @@ class TasksController < MyProfileController
162	162
163	163	protected
164	164
165		- def filter_by_closed_date(filter, tasks)
166		- filter[:closed_from] = Date.parse(filter[:closed_from]) unless filter[:closed_from].blank?
167		- filter[:closed_until] = Date.parse(filter[:closed_until]) unless filter[:closed_until].blank?
168		-
169		- tasks = tasks.where('tasks.end_date >= ?', filter[:closed_from].beginning_of_day) unless filter[:closed_from].blank?
170		- tasks = tasks.where('tasks.end_date <= ?', filter[:closed_until].end_of_day) unless filter[:closed_until].blank?
171		- tasks
172		- end
	165	+ def filter_tasks(filter, tasks)
	166	+ tasks = tasks.eager_load(:requestor, :closed_by)
	167	+ tasks = tasks.of(filter[:type].presence)
	168	+ tasks = tasks.where(:status => filter[:status]) unless filter[:status].blank?
173	169
174		- def filter_by_creation_date(filter, tasks)
175	170	filter[:created_from] = Date.parse(filter[:created_from]) unless filter[:created_from].blank?
176	171	filter[:created_until] = Date.parse(filter[:created_until]) unless filter[:created_until].blank?
	172	+ filter[:closed_from] = Date.parse(filter[:closed_from]) unless filter[:closed_from].blank?
	173	+ filter[:closed_until] = Date.parse(filter[:closed_until]) unless filter[:closed_until].blank?
177	174
178		- tasks = tasks.where('tasks.created_at >= ?', filter[:created_from].beginning_of_day) unless filter[:created_from].blank?
179		- tasks = tasks.where('tasks.created_at <= ?', filter[:created_until].end_of_day) unless filter[:created_until].blank?
180		- tasks
181		- end
	175	+ tasks = tasks.from_creation_date filter[:created_from] unless filter[:created_from].blank?
	176	+ tasks = tasks.until_creation_date filter[:created_until] unless filter[:created_until].blank?
182	177
183		- def filter_tasks(filter, tasks)
184		- tasks = tasks.eager_load(:requestor, :closed_by)
185		- tasks = tasks.of(filter[:type].presence)
186		- tasks = tasks.where(:status => filter[:status]) unless filter[:status].blank?
187		- tasks = filter_by_creation_date(filter, tasks)
188		- tasks = filter_by_closed_date(filter, tasks)
	178	+ tasks = tasks.from_closed_date filter[:closed_from] unless filter[:closed_from].blank?
	179	+ tasks = tasks.until_closed_date filter[:closed_until] unless filter[:closed_until].blank?
189	180
190		- tasks = tasks.like('profiles.name', filter[:requestor]) unless filter[:requestor].blank?
191		- tasks = tasks.like('closed_bies_tasks.name', filter[:closed_by]) unless filter[:closed_by].blank?
192		- tasks = tasks.like('tasks.data', filter[:text]) unless filter[:text].blank?
	181	+ tasks = tasks.where('profiles.name LIKE ?', filter[:requestor]) unless filter[:requestor].blank?
	182	+ tasks = tasks.where('closed_bies_tasks.name LIKE ?', filter[:closed_by]) unless filter[:closed_by].blank?
	183	+ tasks = tasks.where('tasks.data LIKE ?', "%#{filter[:text]}%") unless filter[:text].blank?
193	184	tasks
194	185	end
195	186
...	...
...	...	@@ -5,22 +5,22 @@ module ActionTrackerHelper
5	5	end
6	6
7	7	def new_friendship_description ta
8		- n_('has made 1 new friend:<br />%{name}', 'has made %{num} new friends:<br />%{name}', ta.get_friend_name.size) % {
	8	+ n_('has made 1 new friend:<br />%{name}', 'has made %{num} new friends:<br />%{name}', ta.get_friend_name.size).html_safe % {
9	9	num: ta.get_friend_name.size,
10		- name: ta.collect_group_with_index(:friend_name) do \|n,i\|
	10	+ name: safe_join(ta.collect_group_with_index(:friend_name) do \|n,i\|
11	11	link_to image_tag(ta.get_friend_profile_custom_icon[i] \|\| default_or_themed_icon("/images/icons-app/person-icon.png")),
12	12	ta.get_friend_url[i], title: n
13		- end.join
	13	+ end)
14	14	}
15	15	end
16	16
17	17	def join_community_description ta
18		- n_('has joined 1 community:<br />%{name}', 'has joined %{num} communities:<br />%{name}', ta.get_resource_name.size) % {
	18	+ n_('has joined 1 community:<br />%{name}'.html_safe, 'has joined %{num} communities:<br />%{name}'.html_safe, ta.get_resource_name.size) % {
19	19	num: ta.get_resource_name.size,
20	20	name: ta.collect_group_with_index(:resource_name) do \|n,i\|
21		- link_to image_tag(ta.get_resource_profile_custom_icon[i] \|\| default_or_themed_icon("/images/icons-app/community-icon.png")),
	21	+ link = link_to image_tag(ta.get_resource_profile_custom_icon[i] \|\| default_or_themed_icon("/images/icons-app/community-icon.png")),
22	22	ta.get_resource_url[i], title: n
23		- end.join
	23	+ end.join.html_safe
24	24	}
25	25	end
26	26
...	...
...	...	@@ -101,7 +101,6 @@ module ApplicationHelper
101	101	#
102	102	# TODO: implement correcly the 'Help' button click
103	103	def help(content = nil, link_name = nil, options = {}, &block)
104		-
105	104	link_name \|\|= _('Help')
106	105
107	106	@help_message_id \|\|= 1
...	...	@@ -124,7 +123,7 @@ module ApplicationHelper
124	123	button = link_to_function(content_tag('span', link_name), "Element.show('#{help_id}')", options )
125	124	close_button = content_tag("div", link_to_function(_("Close"), "Element.hide('#{help_id}')", :class => 'close_help_button'))
126	125
127		- text = content_tag('div', button + content_tag('div', content_tag('div', content) + close_button, :class => 'help_message', :id => help_id, :style => 'display: none;'), :class => 'help_box')
	126	+ text = content_tag('div', button + content_tag('div', content_tag('div', content.html_safe) + close_button, :class => 'help_message', :id => help_id, :style => 'display: none;'), :class => 'help_box')
128	127
129	128	unless block.nil?
130	129	concat(text)
...	...	@@ -364,8 +363,8 @@ module ApplicationHelper
364	363	def popover_menu(title,menu_title,links,html_options={})
365	364	html_options[:class] = "" unless html_options[:class]
366	365	html_options[:class] << " menu-submenu-trigger"
367		- html_options[:onclick] = "toggleSubmenu(this, '#{menu_title}', #{CGI::escapeHTML(links.to_json)}); return false"
368	366
	367	+ html_options[:onclick] = "toggleSubmenu(this, '#{menu_title}', #{CGI::escapeHTML(links.to_json)}); return false".html_safe
369	368	link_to(content_tag(:span, title), '#', html_options)
370	369	end
371	370
...	...	@@ -475,9 +474,9 @@ module ApplicationHelper
475	474	map(&:role)
476	475	names = []
477	476	roles.each do \|role\|
478		- names << content_tag('span', role.name, :style => "color: #{role_color(role, resource.environment.id)}")
	477	+ names << content_tag('span', role.name, :style => "color: #{role_color(role, resource.environment.id)}").html_safe
479	478	end
480		- names.join(', ')
	479	+ safe_join(names, ', ')
481	480	end
482	481
483	482	def role_color(role, env_id)
...	...	@@ -913,7 +912,8 @@ module ApplicationHelper
913	912	end
914	913
915	914	def admin_link
916		- user.is_admin?(environment) ? link_to('<i class="icon-menu-admin"></i><strong>' + _('Administration') + '</strong>', environment.admin_url, :title => _("Configure the environment"), :class => 'admin-link') : ''
	915	+ admin_icon = '<i class="icon-menu-admin"></i><strong>' + _('Administration') + '</strong>'
	916	+ user.is_admin?(environment) ? link_to(admin_icon.html_safe, environment.admin_url, :title => _("Configure the environment"), :class => 'admin-link') : ''
917	917	end
918	918
919	919	def usermenu_logged_in
...	...	@@ -922,23 +922,39 @@ module ApplicationHelper
922	922	if count > 0
923	923	pending_tasks_count = link_to("<i class=\"icon-menu-tasks\"></i><span class=\"task-count\">#{count}</span>", user.tasks_url, :id => 'pending-tasks-count', :title => _("Manage your pending tasks"))
924	924	end
	925	+ user_identifier = "<i style='background-image:url(#{user.profile_custom_icon(gravatar_default)})'></i><strong>#{user.identifier}</strong>"
	926	+ welcome_link = link_to(user_identifier.html_safe, user.public_profile_url, :id => "homepage-link", :title => _('Go to your homepage'))
	927	+ welcome_span = _("<span class='welcome'>Welcome,</span> %s") % welcome_link.html_safe
	928	+ ctrl_panel_icon = '<i class="icon-menu-ctrl-panel"></i>'
	929	+ ctrl_panel_section = '<strong>' + ctrl_panel_icon + _('Control panel') + '</strong>'
	930	+ ctrl_panel_link = link_to(ctrl_panel_section.html_safe, user.admin_url, :class => 'ctrl-panel', :title => _("Configure your personal account and content"))
	931	+ logout_icon = '<i class="icon-menu-logout"></i><strong>' + _('Logout') + '</strong>'
	932	+ logout_link = link_to(logout_icon.html_safe, { :controller => 'account', :action => 'logout'} , :id => "logout", :title => _("Leave the system"))
	933	+ join_result = safe_join(
	934	+ [welcome_span.html_safe, render_environment_features(:usermenu).html_safe, admin_link.html_safe,
	935	+ manage_enterprises.html_safe, manage_communities.html_safe, ctrl_panel_link.html_safe,
	936	+ pending_tasks_count.html_safe, logout_link.html_safe], "")
	937	+ join_result
	938	+ end
925	939
926		- (_("<span class='welcome'>Welcome,</span> %s") % link_to("<i style='background-image:url(#{user.profile_custom_icon(gravatar_default)})'></i><strong>#{user.identifier}</strong>", user.url, :id => "homepage-link", :title => _('Go to your homepage'))) +
927		- render_environment_features(:usermenu) +
928		- admin_link +
929		- manage_enterprises +
930		- manage_communities +
931		- link_to('<i class="icon-menu-ctrl-panel"></i><strong>' + _('Control panel') + '</strong>', user.admin_url, :class => 'ctrl-panel', :title => _("Configure your personal account and content")) +
932		- pending_tasks_count +
933		- link_to('<i class="icon-menu-logout"></i><strong>' + _('Logout') + '</strong>', { :controller => 'account', :action => 'logout'} , :id => "logout", :title => _("Leave the system"))
	940	+ def usermenu_notlogged_in
	941	+ login_str = '<i class="icon-menu-login"></i><strong>' + _('Login') + '</strong>'
	942	+ ret = _("<span class='login'>%s</span>") % modal_inline_link_to(login_str.html_safe, login_url, '#inlineLoginBox', :id => 'link_login')
	943	+ return ret.html_safe
934	944	end
935	945
	946	+ def usermenu_signup
	947	+ signup_str = '<strong>' + _('Sign up') + '</strong>'
	948	+ ret = _("<span class='or'>or</span> <span class='signup'>%s</span>") % link_to(signup_str.html_safe, :controller => 'account', :action => 'signup')
	949	+ return ret.html_safe
	950	+
	951	+ end
936	952	def limited_text_area(object_name, method, limit, text_area_id, options = {})
937		- content_tag(:div, [
	953	+ content_tag(:div, safe_join([
938	954	text_area(object_name, method, { :id => text_area_id, :onkeyup => "limited_text_area('#{text_area_id}', #{limit})" }.merge(options)),
939	955	content_tag(:p, content_tag(:span, limit) + ' ' + _(' characters left'), :id => text_area_id + '_left'),
940	956	content_tag(:p, _('Limit of characters reached'), :id => text_area_id + '_limit', :style => 'display: none')
941		- ].join, :class => 'limited-text-area')
	957	+ ]), :class => 'limited-text-area')
942	958	end
943	959
944	960	def expandable_text_area(object_name, method, text_area_id, options = {})
...	...	@@ -1034,8 +1050,8 @@ module ApplicationHelper
1034	1050	end
1035	1051
1036	1052	def render_tabs(tabs)
1037		- titles = tabs.inject(''){ \|result, tab\| result << content_tag(:li, link_to(tab[:title], '#'+tab[:id]), :class => 'tab') }
1038		- contents = tabs.inject(''){ \|result, tab\| result << content_tag(:div, tab[:content], :id => tab[:id]) }
	1053	+ titles = tabs.inject(''.html_safe){ \|result, tab\| result << content_tag(:li, link_to(tab[:title], '#'+tab[:id]), :class => 'tab') }
	1054	+ contents = tabs.inject(''.html_safe){ \|result, tab\| result << content_tag(:div, tab[:content], :id => tab[:id]) }
1039	1055
1040	1056	content_tag(:div, content_tag(:ul, titles) + raw(contents), :class => 'ui-tabs')
1041	1057	end
...	...	@@ -1053,7 +1069,7 @@ module ApplicationHelper
1053	1069	def expirable_link_to(expired, content, url, options = {})
1054	1070	if expired
1055	1071	options[:class] = (options[:class] \|\| '') + ' disabled'
1056		- content_tag('a', ' '+content_tag('span', content), options)
	1072	+ content_tag('a', ' '.html_safe+content_tag('span', content), options)
1057	1073	else
1058	1074	if options[:modal]
1059	1075	options.delete(:modal)
...	...	@@ -1082,29 +1098,18 @@ module ApplicationHelper
1082	1098	def template_options(kind, field_name)
1083	1099	templates = environment.send(kind).templates
1084	1100	return '' if templates.count == 0
1085		- if templates.count == 1
1086		- if templates.first.custom_fields == {}
1087		- return hidden_field_tag("#{field_name}[template_id]", templates.first.id)
1088		- else
1089		- custom_fields = ""
1090		- templates.first.custom_fields.each { \|field, value\|
1091		- custom_fields += content_tag('div', content_tag('label', value[:title].capitalize, :class => 'formlabel') +
1092		- content_tag('div', text_field_tag( "profile_data[custom_fields][#{field}][title]", ''), :class => 'formfield type-text'), :class => "formfieldline" ) if value[:signup] == 'on'
1093		- }
1094		- content_tag('div', custom_fields)
1095		- end
1096		- else
1097		- radios = templates.map do \|template\|
1098		- content_tag('li', labelled_radio_button(link_to(template.name, template.url, :target => '_blank'), "#{field_name}[template_id]", template.id, environment.is_default_template?(template), :onchange => 'show_fields_for_template(this);'))
1099		- end.join("\n")
1100		-
1101		- content_tag('div', content_tag('label', _('Profile organization'), :for => 'template-options', :class => 'formlabel') +
1102		- content_tag('p', _('Your profile will be created according to the selected template. Click on the options to view them.'), :style => 'margin: 5px 15px;padding: 0px 10px;') +
1103		- content_tag('ul', radios, :style => 'list-style: none; padding-left: 20px; margin-top: 0.5em;'),
1104		- :id => 'template-options',
1105		- :style => 'margin-top: 1em'
1106		- )
1107		- end
	1101	+ return hidden_field_tag("#{field_name}[template_id]", templates.first.id) if templates.count == 1
	1102	+
	1103	+ radios = templates.map do \|template\|
	1104	+ content_tag('li', labelled_radio_button(link_to(template.name, template.url, :target => '_blank'), "#{field_name}[template_id]", template.id, environment.is_default_template?(template)))
	1105	+ end.join("\n").html_safe
	1106	+
	1107	+ content_tag('div', content_tag('label', _('Profile organization'), :for => 'template-options', :class => 'formlabel') +
	1108	+ content_tag('p', _('Your profile will be created according to the selected template. Click on the options to view them.'), :style => 'margin: 5px 15px;padding: 0px 10px;') +
	1109	+ content_tag('ul', radios, :style => 'list-style: none; padding-left: 20px; margin-top: 0.5em;'),
	1110	+ :id => 'template-options',
	1111	+ :style => 'margin-top: 1em'
	1112	+ )
1108	1113	end
1109	1114
1110	1115	def expirable_content_reference(content, action, text, url, options = {})
...	...	@@ -1137,7 +1142,7 @@ module ApplicationHelper
1137	1142	content_tag(:div, :class => 'errorExplanation', :id => 'errorExplanation') do
1138	1143	content_tag(:h2, _('Errors while saving')) +
1139	1144	content_tag(:ul) do
1140		- errors.map { \|err\| content_tag(:li, err) }.join
	1145	+ safe_join(errors.map { \|err\| content_tag(:li, err) })
1141	1146	end
1142	1147	end
1143	1148	end
...	...	@@ -1247,6 +1252,7 @@ module ApplicationHelper
1247	1252	:href=>"#",
1248	1253	:title=>_("Exit full screen mode")
1249	1254	})
	1255	+ content.html_safe
1250	1256	end
1251	1257
1252	1258	end
...	...
...	...	@@ -3,13 +3,13 @@ module BlockHelper
3	3	def block_title(title, subtitle=nil)
4	4	block_header = block_heading title
5	5	block_header += block_heading(subtitle, 'h4') if subtitle
6		- content_tag 'div', block_header, :class => 'block-header'
	6	+ content_tag('div', block_header, :class => 'block-header').html_safe
7	7	end
8	8
9	9	def block_heading(title, heading='h3')
10	10	tag_class = 'block-' + (heading == 'h3' ? 'title' : 'subtitle')
11	11	tag_class += ' empty' if title.empty?
12		- content_tag heading, content_tag('span', h(title)), :class => tag_class
	12	+ content_tag heading, content_tag('span', h(title)), :class => tag_class.html_safe
13	13	end
14	14
15	15	def highlights_block_config_image_fields(block, image={}, row_number=nil)
...	...
...	...	@@ -41,12 +41,12 @@ module BlogHelper
41	41	css_add << position
42	42	content << (content_tag 'div', id: "post-#{art.id}", class: css_add do
43	43	content_tag 'div', class: position + '-inner blog-post-inner' do
44		- display_post(art, conf[:format]).html_safe +
45		- '<br style="clear:both"/>'.html_safe
	44	+ display_post(art, conf[:format]) +
	45	+ '<br style="clear:both"/>'
46	46	end
47		- end)
	47	+ end).html_safe
48	48	}
49		- content.join("\n<hr class='sep-posts'/>\n") + (pagination or '')
	49	+ safe_join(content, "\n<hr class='sep-posts'/>\n") + (pagination or '').html_safe
50	50	end
51	51
52	52	def display_post(article, format = 'full')
...	...	@@ -61,7 +61,8 @@ module BlogHelper
61	61	else
62	62	'<div class="post-pic" style="background-image:url('+img+')"></div>'
63	63	end
64		- end.to_s + title + html
	64	+ end.to_s.html_safe +
	65	+ title.html_safe + html
65	66	end
66	67
67	68	def display_compact_format(article)
...	...