Merge branch 'master' into staging

Conflicts: .travis.yml app/controllers/my_profile/tasks_controller.rb app/helpers/application_helper.rb app/views/profile_editor/_pending_tasks.html.erb app/views/tasks/processed.html.erb test/functional/tasks_controller_test.rb

Merge branch 'master' into staging
Conflicts: .travis.yml app/controllers/my_profile/tasks_controller.rb app/helpers/application_helper.rb app/views/profile_editor/_pending_tasks.html.erb app/views/tasks/processed.html.erb test/functional/tasks_controller_test.rb
Victor Costa
2 parents 45a508d7 9fb3ad5a
Showing 292 changed files with 1077 additions and 1016 deletions Show diff stats
.gitlab-ci.yml
.travis.yml
README.rails.md
app/controllers/my_profile/cms_controller.rb
app/controllers/my_profile/profile_editor_controller.rb
app/controllers/my_profile/tasks_controller.rb
app/helpers/action_tracker_helper.rb
app/helpers/application_helper.rb
app/helpers/block_helper.rb
app/helpers/blog_helper.rb
app/helpers/box_organizer_helper.rb
app/helpers/boxes_helper.rb
app/helpers/buttons_helper.rb
app/helpers/catalog_helper.rb
app/helpers/content_viewer_helper.rb
app/helpers/display_helper.rb
app/helpers/events_helper.rb
app/helpers/forms_helper.rb
app/helpers/forum_helper.rb
app/helpers/language_helper.rb
@@ -30,14 +30,47 @@ integration:
   script: bundle exec rake test:integration
   stage: all-tests
-cucumber:
-  script: bundle exec rake cucumber
+cucumber-1:
+  script: SLICE=1/2 bundle exec rake cucumber
+  stage: all-tests
+cucumber-2:
+  script: SLICE=2/2 bundle exec rake cucumber
   stage: all-tests
-selenium:
-  script: bundle exec rake selenium
+selenium-1:
+  script: SLICE=1/6 bundle exec rake selenium
+  stage: all-tests
+selenium-2:
+  script: SLICE=2/6 bundle exec rake selenium
+  stage: all-tests
+selenium-3:
+  script: SLICE=3/6 bundle exec rake selenium
+  stage: all-tests
+selenium-4:
+  script: SLICE=4/6 bundle exec rake selenium
+  stage: all-tests
+selenium-5:
+  script: SLICE=5/6 bundle exec rake selenium
+  stage: all-tests
+selenium-6:
+  script: SLICE=6/6 bundle exec rake selenium
   stage: all-tests
-plugins:
-  script: bundle exec rake test:noosfero_plugins
+# NOOSFERO_BUNDLE_OPTS=install makes migrations fails
+# probably because of rubygems-integration
+plugins-1:
+  script: SLICE=1/5 bundle exec rake test:noosfero_plugins
   stage: all-tests
+plugins-2:
+  script: SLICE=2/5 bundle exec rake test:noosfero_plugins
+  stage: all-tests
+plugins-3:
+  script: SLICE=3/5 bundle exec rake test:noosfero_plugins
+  stage: all-tests
+plugins-4:
+  script: SLICE=4/5 bundle exec rake test:noosfero_plugins
+  stage: all-tests
+plugins-5:
+  script: SLICE=5/5 bundle exec rake test:noosfero_plugins
+  stage: all-tests
+
@@ -61,11 +61,11 @@ env:
   - SLICE=2/4 TASK=selenium
   - SLICE=3/4 TASK=selenium
   - SLICE=4/4 TASK=selenium
-  - SLICE=1/5 TASK=test:noosfero_plugins BUNDLE_OPTS=install
-  - SLICE=2/5 TASK=test:noosfero_plugins BUNDLE_OPTS=install
-  - SLICE=3/5 TASK=test:noosfero_plugins BUNDLE_OPTS=install
-  - SLICE=4/5 TASK=test:noosfero_plugins BUNDLE_OPTS=install
-  - SLICE=5/5 TASK=test:noosfero_plugins BUNDLE_OPTS=install
+  - SLICE=1/5 TASK=test:noosfero_plugins NOOSFERO_BUNDLE_OPTS=install
+  - SLICE=2/5 TASK=test:noosfero_plugins NOOSFERO_BUNDLE_OPTS=install
+  - SLICE=3/5 TASK=test:noosfero_plugins NOOSFERO_BUNDLE_OPTS=install
+  - SLICE=4/5 TASK=test:noosfero_plugins NOOSFERO_BUNDLE_OPTS=install
+  - SLICE=5/5 TASK=test:noosfero_plugins NOOSFERO_BUNDLE_OPTS=install
 script:
   - ./script/ci
@@ -99,7 +99,7 @@ Description of contents
   Holds controllers that should be named like weblog_controller.rb for automated URL mapping. All controllers should descend from `ActionController::Base`.
 * `app/models`
-  Holds models that should be named like post.rb. Most models will descend from `ActiveRecord::Base`.
+  Holds models that should be named like post.rb. Most models will descend from `ApplicationRecord`.
 * `app/views`
   Holds the template files for the view that should be named like `weblog/index.rhtml` for the `WeblogController#index` action. All views use eRuby syntax. This directory can also be used to keep stylesheets, images, and so on that can be symlinked to public.
@@ -108,7 +108,7 @@ class CmsController &lt; MyProfileController
   end
   def new
-    # FIXME this method should share some logic wirh edit !!!
+    # FIXME this method should share some logic with edit !!!
     @success_back_to = params[:success_back_to]
     # user must choose an article type first
@@ -365,7 +365,7 @@ class CmsController &lt; MyProfileController
   def search
     query = params[:q]
     results = find_by_contents(:uploaded_files, profile, profile.files.published, query)[:results]
-    render :text => article_list_to_json(results), :content_type => 'application/json'
+    render :text => article_list_to_json(results).html_safe, :content_type => 'application/json'
   end
   def search_article_privacy_exceptions
@@ -32,6 +32,7 @@ class ProfileEditorController &lt; MyProfileController
         Image.transaction do
           begin
             @plugins.dispatch(:profile_editor_transaction_extras)
+            # TODO: This is unsafe! Add sanitizer
             @profile_data.update!(params[:profile_data])
             redirect_to :action => 'index', :profile => profile.identifier
           rescue Exception => ex
@@ -162,34 +162,25 @@ class TasksController &lt; MyProfileController
   protected
-  def filter_by_closed_date(filter, tasks)
-    filter[:closed_from] = Date.parse(filter[:closed_from]) unless filter[:closed_from].blank?
-    filter[:closed_until] = Date.parse(filter[:closed_until]) unless filter[:closed_until].blank?
-
-    tasks = tasks.where('tasks.end_date >= ?', filter[:closed_from].beginning_of_day) unless filter[:closed_from].blank?
-    tasks = tasks.where('tasks.end_date <= ?', filter[:closed_until].end_of_day) unless filter[:closed_until].blank?
-    tasks
-  end
+  def filter_tasks(filter, tasks)
+    tasks = tasks.eager_load(:requestor, :closed_by)
+    tasks = tasks.of(filter[:type].presence)
+    tasks = tasks.where(:status => filter[:status]) unless filter[:status].blank?
-  def filter_by_creation_date(filter, tasks)
     filter[:created_from] = Date.parse(filter[:created_from]) unless filter[:created_from].blank?
     filter[:created_until] = Date.parse(filter[:created_until]) unless filter[:created_until].blank?
+    filter[:closed_from] = Date.parse(filter[:closed_from]) unless filter[:closed_from].blank?
+    filter[:closed_until] = Date.parse(filter[:closed_until]) unless filter[:closed_until].blank?
-    tasks = tasks.where('tasks.created_at >= ?', filter[:created_from].beginning_of_day) unless filter[:created_from].blank?
-    tasks = tasks.where('tasks.created_at <= ?', filter[:created_until].end_of_day) unless filter[:created_until].blank?
-    tasks
-  end
+    tasks = tasks.from_creation_date filter[:created_from] unless filter[:created_from].blank?
+    tasks = tasks.until_creation_date filter[:created_until] unless filter[:created_until].blank?
-  def filter_tasks(filter, tasks)
-    tasks = tasks.eager_load(:requestor, :closed_by)
-    tasks = tasks.of(filter[:type].presence)
-    tasks = tasks.where(:status => filter[:status]) unless filter[:status].blank?
-    tasks = filter_by_creation_date(filter, tasks)
-    tasks = filter_by_closed_date(filter, tasks)
+    tasks = tasks.from_closed_date filter[:closed_from] unless filter[:closed_from].blank?
+    tasks = tasks.until_closed_date filter[:closed_until] unless filter[:closed_until].blank?
-    tasks = tasks.like('profiles.name', filter[:requestor]) unless filter[:requestor].blank?
-    tasks = tasks.like('closed_bies_tasks.name', filter[:closed_by]) unless filter[:closed_by].blank?
-    tasks = tasks.like('tasks.data', filter[:text]) unless filter[:text].blank?
+    tasks = tasks.where('profiles.name LIKE ?', filter[:requestor]) unless filter[:requestor].blank?
+    tasks = tasks.where('closed_bies_tasks.name LIKE ?', filter[:closed_by]) unless filter[:closed_by].blank?
+    tasks = tasks.where('tasks.data LIKE ?', "%#{filter[:text]}%") unless filter[:text].blank?
     tasks
   end
@@ -5,22 +5,22 @@ module ActionTrackerHelper
   end
   def new_friendship_description ta
-    n_('has made 1 new friend:<br />%{name}', 'has made %{num} new friends:<br />%{name}', ta.get_friend_name.size) % {
+    n_('has made 1 new friend:<br />%{name}', 'has made %{num} new friends:<br />%{name}', ta.get_friend_name.size).html_safe % {
       num: ta.get_friend_name.size,
-      name: ta.collect_group_with_index(:friend_name) do |n,i|
+      name: safe_join(ta.collect_group_with_index(:friend_name) do |n,i|
         link_to image_tag(ta.get_friend_profile_custom_icon[i] || default_or_themed_icon("/images/icons-app/person-icon.png")),
                 ta.get_friend_url[i], title: n
-      end.join
+      end)
     }
   end
   def join_community_description ta
-    n_('has joined 1 community:<br />%{name}', 'has joined %{num} communities:<br />%{name}', ta.get_resource_name.size) % {
+    n_('has joined 1 community:<br />%{name}'.html_safe, 'has joined %{num} communities:<br />%{name}'.html_safe, ta.get_resource_name.size) % {
       num: ta.get_resource_name.size,
       name: ta.collect_group_with_index(:resource_name) do |n,i|
-        link_to image_tag(ta.get_resource_profile_custom_icon[i] || default_or_themed_icon("/images/icons-app/community-icon.png")),
+       link = link_to image_tag(ta.get_resource_profile_custom_icon[i] || default_or_themed_icon("/images/icons-app/community-icon.png")),
                 ta.get_resource_url[i], title: n
-      end.join
+      end.join.html_safe
     }
   end
@@ -101,7 +101,6 @@ module ApplicationHelper
   #
   # TODO: implement correcly the 'Help' button click
   def help(content = nil, link_name = nil, options = {}, &block)
-
     link_name ||= _('Help')
     @help_message_id ||= 1
@@ -124,7 +123,7 @@ module ApplicationHelper
     button = link_to_function(content_tag('span', link_name), "Element.show('#{help_id}')", options )
     close_button = content_tag("div", link_to_function(_("Close"), "Element.hide('#{help_id}')", :class => 'close_help_button'))
-    text = content_tag('div', button + content_tag('div', content_tag('div', content) + close_button, :class => 'help_message', :id => help_id, :style => 'display: none;'), :class => 'help_box')
+    text = content_tag('div', button + content_tag('div', content_tag('div', content.html_safe) + close_button, :class => 'help_message', :id => help_id, :style => 'display: none;'), :class => 'help_box')
     unless block.nil?
       concat(text)
@@ -364,8 +363,8 @@ module ApplicationHelper
   def popover_menu(title,menu_title,links,html_options={})
     html_options[:class] = "" unless html_options[:class]
     html_options[:class] << " menu-submenu-trigger"
-    html_options[:onclick] = "toggleSubmenu(this, '#{menu_title}', #{CGI::escapeHTML(links.to_json)}); return false"
+    html_options[:onclick] = "toggleSubmenu(this, '#{menu_title}', #{CGI::escapeHTML(links.to_json)}); return false".html_safe
     link_to(content_tag(:span, title), '#', html_options)
   end
@@ -475,9 +474,9 @@ module ApplicationHelper
       map(&:role)
     names = []
     roles.each do |role|
-      names << content_tag('span', role.name, :style => "color: #{role_color(role, resource.environment.id)}")
+      names << content_tag('span', role.name, :style => "color: #{role_color(role, resource.environment.id)}").html_safe
     end
-    names.join(', ')
+    safe_join(names, ', ')
   end
   def role_color(role, env_id)
@@ -913,7 +912,8 @@ module ApplicationHelper
   end
   def admin_link
-    user.is_admin?(environment) ? link_to('<i class="icon-menu-admin"></i><strong>' + _('Administration') + '</strong>', environment.admin_url, :title => _("Configure the environment"), :class => 'admin-link') : ''
+    admin_icon = '<i class="icon-menu-admin"></i><strong>' + _('Administration') + '</strong>'
+    user.is_admin?(environment) ? link_to(admin_icon.html_safe, environment.admin_url, :title => _("Configure the environment"), :class => 'admin-link') : ''
   end
   def usermenu_logged_in
@@ -922,23 +922,39 @@ module ApplicationHelper
     if count > 0
       pending_tasks_count = link_to("<i class=\"icon-menu-tasks\"></i><span class=\"task-count\">#{count}</span>", user.tasks_url, :id => 'pending-tasks-count', :title => _("Manage your pending tasks"))
     end
+    user_identifier = "<i style='background-image:url(#{user.profile_custom_icon(gravatar_default)})'></i><strong>#{user.identifier}</strong>"
+    welcome_link = link_to(user_identifier.html_safe, user.public_profile_url, :id => "homepage-link", :title => _('Go to your homepage'))
+    welcome_span = _("<span class='welcome'>Welcome,</span> %s") % welcome_link.html_safe
+    ctrl_panel_icon = '<i class="icon-menu-ctrl-panel"></i>'
+    ctrl_panel_section = '<strong>' + ctrl_panel_icon + _('Control panel') + '</strong>'
+    ctrl_panel_link = link_to(ctrl_panel_section.html_safe, user.admin_url, :class => 'ctrl-panel', :title => _("Configure your personal account and content"))
+    logout_icon = '<i class="icon-menu-logout"></i><strong>' + _('Logout') + '</strong>'
+    logout_link = link_to(logout_icon.html_safe, { :controller => 'account', :action => 'logout'} , :id => "logout", :title => _("Leave the system"))
+    join_result = safe_join(
+      [welcome_span.html_safe, render_environment_features(:usermenu).html_safe, admin_link.html_safe,
+        manage_enterprises.html_safe, manage_communities.html_safe, ctrl_panel_link.html_safe,
+        pending_tasks_count.html_safe, logout_link.html_safe], "")
+    join_result
+  end
-    (_("<span class='welcome'>Welcome,</span> %s") % link_to("<i style='background-image:url(#{user.profile_custom_icon(gravatar_default)})'></i><strong>#{user.identifier}</strong>", user.url, :id => "homepage-link", :title => _('Go to your homepage'))) +
-    render_environment_features(:usermenu) +
-    admin_link +
-    manage_enterprises +
-    manage_communities +
-    link_to('<i class="icon-menu-ctrl-panel"></i><strong>' + _('Control panel') + '</strong>', user.admin_url, :class => 'ctrl-panel', :title => _("Configure your personal account and content")) +
-    pending_tasks_count +
-    link_to('<i class="icon-menu-logout"></i><strong>' + _('Logout') + '</strong>', { :controller => 'account', :action => 'logout'} , :id => "logout", :title => _("Leave the system"))
+  def usermenu_notlogged_in
+    login_str = '<i class="icon-menu-login"></i><strong>' + _('Login') + '</strong>'
+    ret = _("<span class='login'>%s</span>") % modal_inline_link_to(login_str.html_safe, login_url, '#inlineLoginBox', :id => 'link_login')
+    return ret.html_safe
   end
+  def usermenu_signup
+    signup_str = '<strong>' + _('Sign up') + '</strong>'
+    ret = _("<span class='or'>or</span> <span class='signup'>%s</span>") % link_to(signup_str.html_safe, :controller => 'account', :action => 'signup')
+    return ret.html_safe
+
+  end
   def limited_text_area(object_name, method, limit, text_area_id, options = {})
-    content_tag(:div, [
+    content_tag(:div, safe_join([
       text_area(object_name, method, { :id => text_area_id, :onkeyup => "limited_text_area('#{text_area_id}', #{limit})" }.merge(options)),
       content_tag(:p, content_tag(:span, limit) + ' ' + _(' characters left'), :id => text_area_id + '_left'),
       content_tag(:p, _('Limit of characters reached'), :id => text_area_id + '_limit', :style => 'display: none')
-    ].join, :class => 'limited-text-area')
+    ]), :class => 'limited-text-area')
   end
   def expandable_text_area(object_name, method, text_area_id, options = {})
@@ -1034,8 +1050,8 @@ module ApplicationHelper
   end
   def render_tabs(tabs)
-    titles = tabs.inject(''){ |result, tab| result << content_tag(:li, link_to(tab[:title], '#'+tab[:id]), :class => 'tab') }
-    contents = tabs.inject(''){ |result, tab| result << content_tag(:div, tab[:content], :id => tab[:id]) }
+    titles = tabs.inject(''.html_safe){ |result, tab| result << content_tag(:li, link_to(tab[:title], '#'+tab[:id]), :class => 'tab') }
+    contents = tabs.inject(''.html_safe){ |result, tab| result << content_tag(:div, tab[:content], :id => tab[:id]) }
     content_tag(:div, content_tag(:ul, titles) + raw(contents), :class => 'ui-tabs')
   end
@@ -1053,7 +1069,7 @@ module ApplicationHelper
   def expirable_link_to(expired, content, url, options = {})
     if expired
       options[:class] = (options[:class] || '') + ' disabled'
-      content_tag('a', '&nbsp;'+content_tag('span', content), options)
+      content_tag('a', '&nbsp;'.html_safe+content_tag('span', content), options)
     else
       if options[:modal]
         options.delete(:modal)
@@ -1082,29 +1098,18 @@ module ApplicationHelper
   def template_options(kind, field_name)
     templates = environment.send(kind).templates
     return '' if templates.count == 0
-    if templates.count == 1
-      if templates.first.custom_fields == {}
-        return hidden_field_tag("#{field_name}[template_id]", templates.first.id)
-      else
-        custom_fields = ""
-        templates.first.custom_fields.each { |field, value|
-          custom_fields += content_tag('div', content_tag('label', value[:title].capitalize, :class => 'formlabel') +
-                             content_tag('div', text_field_tag( "profile_data[custom_fields][#{field}][title]", ''), :class => 'formfield type-text'), :class => "formfieldline" ) if value[:signup] == 'on'
-        }
-        content_tag('div', custom_fields)
-      end
-    else
-      radios = templates.map do |template|
-        content_tag('li', labelled_radio_button(link_to(template.name, template.url, :target => '_blank'), "#{field_name}[template_id]", template.id, environment.is_default_template?(template), :onchange => 'show_fields_for_template(this);'))
-      end.join("\n")
-
-      content_tag('div', content_tag('label', _('Profile organization'), :for => 'template-options', :class => 'formlabel') +
-        content_tag('p', _('Your profile will be created according to the selected template. Click on the options to view them.'), :style => 'margin: 5px 15px;padding: 0px 10px;') +
-        content_tag('ul', radios, :style => 'list-style: none; padding-left: 20px; margin-top: 0.5em;'),
-        :id => 'template-options',
-        :style => 'margin-top: 1em'
-      )
-    end
+    return hidden_field_tag("#{field_name}[template_id]", templates.first.id) if templates.count == 1
+
+    radios = templates.map do |template|
+      content_tag('li', labelled_radio_button(link_to(template.name, template.url, :target => '_blank'), "#{field_name}[template_id]", template.id, environment.is_default_template?(template)))
+    end.join("\n").html_safe
+
+    content_tag('div', content_tag('label', _('Profile organization'), :for => 'template-options', :class => 'formlabel') +
+      content_tag('p', _('Your profile will be created according to the selected template. Click on the options to view them.'), :style => 'margin: 5px 15px;padding: 0px 10px;') +
+      content_tag('ul', radios, :style => 'list-style: none; padding-left: 20px; margin-top: 0.5em;'),
+      :id => 'template-options',
+      :style => 'margin-top: 1em'
+    )
   end
   def expirable_content_reference(content, action, text, url, options = {})
@@ -1137,7 +1142,7 @@ module ApplicationHelper
     content_tag(:div, :class => 'errorExplanation', :id => 'errorExplanation') do
       content_tag(:h2, _('Errors while saving')) +
       content_tag(:ul) do
-        errors.map { |err| content_tag(:li, err) }.join
+        safe_join(errors.map { |err| content_tag(:li, err) })
       end
     end
   end
@@ -1247,6 +1252,7 @@ module ApplicationHelper
       :href=>"#",
       :title=>_("Exit full screen mode")
     })
+    content.html_safe
   end
 end
@@ -3,13 +3,13 @@ module BlockHelper
   def block_title(title, subtitle=nil)
     block_header = block_heading title
     block_header += block_heading(subtitle, 'h4') if subtitle
-    content_tag 'div', block_header, :class => 'block-header'
+    content_tag('div', block_header, :class => 'block-header').html_safe
   end
   def block_heading(title, heading='h3')
     tag_class = 'block-' + (heading == 'h3' ? 'title' : 'subtitle')
     tag_class += ' empty' if title.empty?
-    content_tag heading, content_tag('span', h(title)), :class => tag_class
+    content_tag heading, content_tag('span', h(title)), :class => tag_class.html_safe
   end
   def highlights_block_config_image_fields(block, image={}, row_number=nil)
@@ -41,12 +41,12 @@ module BlogHelper
       css_add << position
       content << (content_tag 'div', id: "post-#{art.id}", class: css_add do
         content_tag 'div', class: position + '-inner blog-post-inner' do
-          display_post(art, conf[:format]).html_safe +
-          '<br style="clear:both"/>'.html_safe
+          display_post(art, conf[:format])  +
+          '<br style="clear:both"/>'
         end
-      end)
+      end).html_safe
     }
-    content.join("\n<hr class='sep-posts'/>\n") + (pagination or '')
+    safe_join(content, "\n<hr class='sep-posts'/>\n") + (pagination or '').html_safe
   end
   def display_post(article, format = 'full')
@@ -61,7 +61,8 @@ module BlogHelper
       else
         '<div class="post-pic" style="background-image:url('+img+')"></div>'
       end
-    end.to_s + title + html
+    end.to_s.html_safe +
+    title.html_safe + html
   end
   def display_compact_format(article)
@@ -38,7 +38,7 @@ module BoxOrganizerHelper
     content_tag(:ul,
       images_path.map do |preview|
 	content_tag(:li, image_tag(preview, height: '240', alt: ''))
-      end.join("\n")
+      end.join("\n").html_safe
     )
   end
@@ -44,7 +44,7 @@ module BoxesHelper
   def display_boxes(holder, main_content)
     boxes = holder.boxes.with_position.first(boxes_limit(holder))
-    content = boxes.reverse.map { |item| display_box(item, main_content) }.join("\n")
+    content = safe_join(boxes.reverse.map { |item| display_box(item, main_content) }, "\n")
     content = main_content if (content.blank?)
     content_tag('div', content, :class => 'boxes', :id => 'boxes' )
@@ -54,7 +54,7 @@ module BoxesHelper
     if holder.respond_to?(element)
       content_tag('div', holder.send(element), options)
     else
-      ''
+      ''.html_safe
     end
   end
@@ -70,9 +70,10 @@ module BoxesHelper
   def display_box_content(box, main_content)
     context = { :article => @page, :request_path => request.path, :locale => locale, :params => request.params, :user => user, :controller => controller }
-    box_decorator.select_blocks(box, box.blocks.includes(:box), context).map do |item|
+    blocks = box_decorator.select_blocks(box, box.blocks.includes(:box), context).map do |item|
       display_block item, main_content
-    end.join("\n") + box_decorator.block_target(box)
+    end
+    safe_join(blocks, "\n") + box_decorator.block_target(box)
   end
   def select_blocks box, arr, context
@@ -136,17 +137,18 @@ module BoxesHelper
     result = filter_html(result, block)
-    content_tag('div',
-      box_decorator.block_target(block.box, block) +
-        content_tag('div',
-         content_tag('div',
-           content_tag('div',
-             result + footer_content + box_decorator.block_edit_buttons(block),
-             :class => 'block-inner-2'),
-           :class => 'block-inner-1'),
-       options),
-    :class => 'block-outer') +
-    box_decorator.block_handle(block)
+    join_result = safe_join([result, footer_content, box_decorator.block_edit_buttons(block)])
+    content_tag_inner_1 = content_tag('div', join_result, :class => 'block-inner-2')
+
+    content_tag_inner_2 = content_tag('div', content_tag_inner_1, :class => 'block-inner-1')
+    content_tag_inner_3 = content_tag('div', content_tag_inner_2, options)
+    content_tag_inner_4 = box_decorator.block_target(block.box, block) + content_tag_inner_3
+    c = content_tag('div', content_tag_inner_4, :class => 'block-outer')
+    box_decorator_result = box_decorator.block_handle(block)
+    result_final = safe_join([c, box_decorator_result], "")
+
+
+    return result_final
   end
   def wrap_main_content(content)
@@ -156,17 +158,17 @@ module BoxesHelper
   def extract_block_content(content)
     case content
     when Hash
-      content_tag('iframe', '', :src => url_for(content))
+      content_tag('iframe', ''.html_safe, :src => url_for(content))
     when String
       if content.split("\n").size == 1 and content =~ /^https?:\/\//
-        content_tag('iframe', '', :src => content)
+        content_tag('iframe', ''.html_safe, :src => content)
       else
         content
       end
     when Proc
       self.instance_eval(&content)
     when NilClass
-      ''
+      ''.html_safe
     else
       raise "Unsupported content for block (#{content.class})"
     end
@@ -175,14 +177,14 @@ module BoxesHelper
   module DontMoveBlocks
     # does nothing
     def self.block_target(box, block = nil)
-      ''
+      ''.html_safe
     end
     # does nothing
     def self.block_handle(block)
-      ''
+      ''.html_safe
     end
     def self.block_edit_buttons(block)
-      ''
+      ''.html_safe
     end
     def self.select_blocks box, arr, context
       arr = arr.select{ |block| block.visible? context }
@@ -229,9 +231,9 @@ module BoxesHelper
   # makes the given block draggable so it can be moved away.
   def block_handle(block)
     return "" unless movable?(block)
-    icon = "<div><div>#{display_icon(block.class)}</div><span>#{_(block.class.pretty_name)}</span></div>"
+    icon = "<div><div>#{display_icon(block.class)}</div><span>#{_(block.class.pretty_name)}</span></div>".html_safe
     block_draggable("block-#{block.id}",
-                    :helper => "function() {return cloneDraggableBlock($(this), '#{icon}')}")
+                    :helper => "function() {return cloneDraggableBlock($(this), '#{icon}')}".html_safe)
   end
   def block_draggable(element_id, options={})
@@ -302,7 +304,7 @@ module BoxesHelper
       buttons << modal_inline_icon(:embed, _('Embed code'), {}, "#embed-code-box-#{block.id}") << html
     end
-    content_tag('div', buttons.join("\n") + tag('br', :style => 'clear: left'), :class => 'button-bar')
+    content_tag('div', buttons.join("\n").html_safe + tag('br', :style => 'clear: left'), :class => 'button-bar')
   end
   def current_blocks
@@ -15,9 +15,9 @@ module ButtonsHelper
     end
     the_title = html_options[:title] || label
     if html_options[:disabled]
-      content_tag('a', '&nbsp;'+content_tag('span', label), html_options.merge(:class => the_class, :title => the_title))
+      content_tag('a', '&nbsp;'.html_safe+content_tag('span', label), html_options.merge(:class => the_class, :title => the_title))
     else
-      link_to('&nbsp;'+content_tag('span', label), url, html_options.merge(:class => the_class, :title => the_title))
+      link_to('&nbsp;'.html_safe+content_tag('span', label), url, html_options.merge(:class => the_class, :title => the_title))
     end
   end
@@ -19,18 +19,18 @@ module CatalogHelper
     ancestors = category.ancestors.map { |c| link_to(c.name, {:controller => :catalog, :action => 'index', :level => c.id}) }.reverse
     current_level = content_tag('strong', category.name)
     all_items = [start] + ancestors + [current_level]
-    content_tag('div', all_items.join(' &rarr; '), :id => 'breadcrumb')
+    content_tag('div', safe_join(all_items, ' &rarr; '), :id => 'breadcrumb')
   end
   def category_link(category)
     count = profile.products.from_category(category).count
     name = truncate(category.name, :length => 22 - count.to_s.size)
     link = link_to(name, {:controller => 'catalog', :action => 'index', :level => category.id}, :title => category.name)
-    content_tag('div', "#{link} <span class=\"count\">#{count}</span>") if count > 0
+    content_tag('div', "#{link} <span class=\"count\">#{count}</span>".html_safe) if count > 0
   end
   def category_with_sub_list(category)
-    content_tag 'li', "#{category_link(category)}\n#{sub_category_list(category)}"
+    content_tag 'li', "#{category_link(category)}\n#{sub_category_list(category)}".html_safe
   end
   def sub_category_list(category)
@@ -39,7 +39,7 @@ module CatalogHelper
       cat_link = category_link sub_category
       sub_categories << content_tag('li', cat_link) unless cat_link.nil?
     end
-    content_tag('ul', sub_categories.join) if sub_categories.size > 0
+    content_tag('ul', sub_categories.join.html_safe) if sub_categories.size > 0
   end
 end
@@ -7,7 +7,8 @@ module ContentViewerHelper
   def display_number_of_comments(n)
     base_str = "<span class='comment-count hide'>#{n}</span>"
     amount_str = n == 0 ? _('no comments yet') : (n == 1 ? _('One comment') : _('%s comments') % n)
-    base_str + "<span class='comment-count-write-out'>#{amount_str}</span>"
+    base_str += "<span class='comment-count-write-out'>#{amount_str}</span>"
+    base_str.html_safe
   end
   def number_of_comments(article)
@@ -19,11 +20,11 @@ module ContentViewerHelper
     title = content_tag('h1', h(title), :class => 'title')
     if article.belongs_to_blog? || article.belongs_to_forum?
       unless args[:no_link]
-        title = content_tag('h1', link_to(article.name, article.url), :class => 'title')
+        title = content_tag('h1', link_to(article.name, url_for(article.url)), :class => 'title')
       end
       comments = ''
       unless args[:no_comments] || !article.accept_comments
-        comments = (" - %s") % link_to_comments(article)
+        comments = (" - %s").html_safe % link_to_comments(article)
       end
       date_format = show_with_right_format_date article
       title << content_tag('span',
@@ -53,18 +53,19 @@ module DisplayHelper
   end
   def txt2html(txt)
-    txt.strip.
+    ret = txt.strip.
       gsub( /\s*\n\s*\n\s*/, "\r<p/>\r" ).
       gsub( /\s*\n\s*/, "\n<br/>\n" ).
       gsub( /\r/, "\n" ).
       gsub( /(^|\s)(www\.[^\s]+|https?:\/\/[^\s]+)/ ) do
         pre_char, href = $1, $2
         href = 'http://'+href  if ! href.match /^https?:/
-        content = href.gsub(/^https?:\/\//, '').scan(/.{1,4}/).join('&#x200B;')
+        content = safe_join(href.gsub(/^https?:\/\//, '').scan(/.{1,4}/), '&#x200B;'.html_safe)
         pre_char +
         content_tag(:a, content, :href => href, :target => '_blank',
-                    :rel => 'nofolow', :onclick => "return confirm('%s')" %
+                    :rel => 'nofolow', :onclick => "return confirm('%s')".html_safe %
                       _('Are you sure you want to visit this web site?'))
       end
+      ret.html_safe
   end
 end
 module EventsHelper
   include DatesHelper
+  include ActionView::Helpers::OutputSafetyHelper
+
   def list_events(date, events)
     title = _('Events for %s') % show_date_month(date)
+    user_events = events.select { |item| item.display_to?(user) }
+    events_for_month = safe_join(user_events.map {|item| display_event_in_listing(item)}, '')
     content_tag('h2', title) +
     content_tag('div',
       (events.any? ?
-        content_tag('table', events.select { |item| item.display_to?(user) }.map {|item| display_event_in_listing(item)}.join('')) :
-        content_tag('em', _('No events for this month'), :class => 'no-events')
+        content_tag('table', events_for_month) :
+          content_tag('em', _('No events for this month'), :class => 'no-events')
       ), :id => 'agenda-items'
     )
   end
@@ -101,7 +101,7 @@ module FormsHelper
   def required_fields_message
     content_tag('p', content_tag('span',
-      _("The <label class='pseudoformlabel'>highlighted</label> fields are mandatory."),
+      _("The <label class='pseudoformlabel'>highlighted</label> fields are mandatory.").html_safe,
       :class => 'required-field'
     ))
   end
@@ -112,10 +112,11 @@ module FormsHelper
     options_for_select = container.inject([]) do |options, element|
       text, value = option_text_and_value(element)
       selected_attribute = ' selected="selected"' if option_value_selected?(value, selected)
-      options << %(<option title="#{html_escape(text.to_s)}" value="#{html_escape(value.to_s)}"#{selected_attribute}>#{html_escape(text.to_s)}</option>)
+      opt = %(<option title="#{html_escape(text.to_s)}" value="#{html_escape(value.to_s)}"#{selected_attribute}>#{html_escape(text.to_s)}</option>)
+      options << opt.html_safe
     end
-    options_for_select.join("\n")
+    safe_join(options_for_select, "\n")
   end
   def balanced_table(items, per_row=3)
@@ -248,8 +249,8 @@ module FormsHelper
   def date_range_field(from_name, to_name, from_value, to_value, datepicker_options = {}, html_options = {})
     from_id = html_options[:from_id] || 'datepicker-from-date'
     to_id = html_options[:to_id] || 'datepicker-to-date'
-    return _('From') +' '+ date_field(from_name, from_value, datepicker_options, html_options.merge({:id => from_id})) +
-    ' ' + _('until') +' '+ date_field(to_name, to_value, datepicker_options, html_options.merge({:id => to_id}))
+    return (_('From') +' '+ date_field(from_name, from_value, datepicker_options, html_options.merge({:id => from_id})) +
+    ' ' + _('until') +' '+ date_field(to_name, to_value, datepicker_options, html_options.merge({:id => to_id}))).html_safe
   end
   def select_folder(label_text, field_id, collection, default_value=nil, html_options = {}, js_options = {})
@@ -35,7 +35,7 @@ module ForumHelper
                              :id => "post-#{art.id}"
                             )
     }
-    content_tag('table', content.join) + (pagination or '')
+    content_tag('table', safe_join(content, "")) + (pagination or '').html_safe
   end
   def last_topic_update(article)
@@ -40,7 +40,7 @@ module LanguageHelper
         else
           link_to(name, params.merge(:lang => code), :rel => 'nofollow')
         end
-      end.join(separator)
+      end.join(separator).html_safe
       content_tag('div', languages, :id => 'language-chooser', :help => _('The language you choose here is the language used for options, buttons, etc. It does not affect the language of the content created by other users.'))
     end
   end
@@ -40,7 +40,8 @@ module LayoutHelper
     output += templete_javascript_ng.to_s
-    output
+    # This output should be safe!
+    output.html_safe
   end
   def noosfero_stylesheets
@@ -64,7 +65,9 @@ module LayoutHelper
       output << stylesheet_link_tag(global_css_pub)
     end
     output << stylesheet_link_tag(theme_stylesheet_path)
-    output.join "\n"
+
+    # This output should be safe!
+    output.join("\n").html_safe
   end
   def noosfero_layout_features
@@ -38,10 +38,11 @@ module ManageProductsHelper
   end
   def options_for_select_categories(categories, selected = nil)
-    categories.sort_by{|cat| cat.name.transliterate}.map do |category|
-      selected_attribute = selected.nil? ? '' : (category == selected ? "selected='selected'" : '')
-      "<option value='#{category.id}' title='#{category.name}' #{selected_attribute}>#{category.name + (category.leaf? ? '': ' &raquo;')}</option>"
-    end.join("\n")
+    safe_join(categories.sort_by{ |cat|
+      cat.name.transliterate}.map do |category|
+        selected_attribute = selected.nil? ? '' : (category == selected ? "selected='selected'" : '')
+          "<option value='#{category.id}' title='#{category.name}' #{selected_attribute}>#{category.name + (category.leaf? ? '': ' &raquo;')}</option>".html_safe
+    end, "\n")
   end
   def build_selects_for_ancestors(ancestors, current_category)
@@ -76,10 +77,13 @@ module ManageProductsHelper
   def categories_container(categories_selection_html, hierarchy_html = '')
     content_tag 'div',
-      render('categories_autocomplete') +
-      hidden_field_tag('selected_category_id') +
-      content_tag('div', hierarchy_html, :id => 'hierarchy_navigation') +
-      content_tag('div', categories_selection_html, :id => 'categories_container_wrapper'),
+      safe_join(
+        [
+          render('categories_autocomplete'),
+          hidden_field_tag('selected_category_id'),
+          content_tag('div', hierarchy_html, :id => 'hierarchy_navigation'),
+          content_tag('div', categories_selection_html, :id => 'categories_container_wrapper')
+        ], ''),
     :id => 'categories-container'
   end
@@ -129,7 +129,11 @@ module ProfileEditorHelper
     else
       domains = environment.domains
     end
-    labelled_form_field(_('Preferred domain name:'), select(object, :preferred_domain_id, domains.map {|item| [item.name, item.id]}, :prompt => '&lt;' + _('Select domain') + '&gt;'))
+    select_domain_prompt = '&lt;'.html_safe + _('Select domain').html_safe + '&gt;'.html_safe
+    select_field = select(object, :preferred_domain_id, domains.map {
+      |item| [item.name, item.id]}, :prompt => select_domain_prompt.html_safe)
+
+    labelled_form_field(_('Preferred domain name:'), select_field)
   end
   def control_panel(&block)
@@ -131,7 +131,7 @@ module ProfileImageHelper
     links = links_for_balloon(profile)
     content_tag('div', content_tag(tag,
                                    (environment.enabled?(:show_balloon_with_profile_links_when_clicked) ?
-                                   popover_menu(_('Profile links'),profile.short_name,links,{:class => trigger_class, :url => url}) : "") +
+                                   popover_menu(_('Profile links'),profile.short_name,links,{:class => trigger_class, :url => url}) : "").html_safe +
     link_to(
       content_tag( 'span', profile_image( profile, size ), :class => img_class ) +
       content_tag( 'span', h(name), :class => ( profile.class == Person ? 'fn' : 'org' ) ) +
@@ -139,7 +139,7 @@ module ProfileImageHelper
       profile.url,
       :class => 'profile_link url',
       :help => _('Click on this icon to go to the <b>%s</b>\'s home page') % profile.name,
-      :title => profile.name ),
+      :title => profile.name ).html_safe,
       :class => 'vcard'), :class => 'common-profile-list-block')
   end
 end
@@ -124,10 +124,10 @@ module SearchHelper
   def filters(asset)
     return if !asset
     klass = asset_class(asset)
-    content_tag('div', klass::SEARCH_FILTERS.map do |name, options|
+    content_tag('div', safe_join(klass::SEARCH_FILTERS.map do |name, options|
       default = klass.respond_to?("default_search_#{name}") ? klass.send("default_search_#{name}".to_s) : nil
       select_filter(name, options, default)
-    end.join("\n"), :id => 'search-filters')
+    end, "\n"), :id => 'search-filters')
   end
   def assets_menu(selected)
@@ -137,11 +137,11 @@ module SearchHelper
     #     menu.
     assets.delete(:events)
     content_tag('ul',
-      assets.map do |asset|
+      safe_join(assets.map do |asset|
         options = {}
         options.merge!(:class => 'selected') if selected.to_s == asset.to_s
         content_tag('li', asset_link(asset), options)
-      end.join("\n"),
+      end, "\n"),
     :id => 'assets-menu')
   end
@@ -58,7 +58,7 @@ module TagsHelper
       if options[:show_count]
         display_count = options[:show_count] ? "<small><sup>(#{count})</sup></small>" : ""
-        link_to tag + display_count, destination, :style => style
+        link_to (tag + display_count).html_safe, destination, :style => style
       else
         link_to h(tag) , destination, :style => style,
           :title => n_( 'one item', '%d items', count ) % count
@@ -7,7 +7,7 @@ module TinymceHelper
     output += javascript_include_tag 'tinymce/js/tinymce/jquery.tinymce.min.js'
     output += javascript_include_tag 'tinymce.js'
     output += include_macro_js_files.to_s
-    output
+    output.html_safe
   end
   def tinymce_init_js options = {}
@@ -37,7 +37,7 @@ module TinymceHelper
     #cleanup non tinymce options
     options = options.except :mode
-    "noosfero.tinymce.init(#{options.to_json})"
+    "noosfero.tinymce.init(#{options.to_json})".html_safe
   end
   def menubar mode
 require_dependency 'mailing_job'
-class Mailing < ActiveRecord::Base
+class Mailing < ApplicationRecord
   acts_as_having_settings :field => :data
-class AbuseReport < ActiveRecord::Base
+class AbuseReport < ApplicationRecord
   attr_accessible :content, :reason
-class ActionTrackerNotification < ActiveRecord::Base
+class ActionTrackerNotification < ApplicationRecord
   belongs_to :profile
   belongs_to :action_tracker, :class_name => 'ActionTracker::Record', :foreign_key => 'action_tracker_id'
@@ -0,0 +1,64 @@
+class ApplicationRecord < ActiveRecord::Base
+
+  self.abstract_class = true
+
+  def self.postgresql?
+    self.connection.adapter_name == 'PostgreSQL'
+  end
+
+  # an ActionView instance for rendering views on models
+  def self.action_view
+    @action_view ||= begin
+      view_paths = ::ActionController::Base.view_paths
+      action_view = ::ActionView::Base.new view_paths
+      # for using Noosfero helpers inside render calls
+      action_view.extend ::ApplicationHelper
+      action_view
+    end
+  end
+
+  # default value needed for the above ActionView
+  def to_partial_path
+    self.class.name.underscore
+  end
+
+  alias :meta_cache_key :cache_key
+  def cache_key
+    key = [Noosfero::VERSION, meta_cache_key]
+    key.unshift(ApplicationRecord.connection.schema_search_path) if ApplicationRecord.postgresql?
+    key.join('/')
+  end
+
+  def self.like_search(query, options={})
+    if defined?(self::SEARCHABLE_FIELDS) || options[:fields].present?
+      fields_per_table = {}
+      fields_per_table[table_name] = (options[:fields].present? ? options[:fields] : self::SEARCHABLE_FIELDS.keys.map(&:to_s)) & column_names
+
+      if options[:joins].present?
+        join_asset = options[:joins].to_s.classify.constantize
+        if defined?(join_asset::SEARCHABLE_FIELDS) || options[:fields].present?
+          fields_per_table[join_asset.table_name] = (options[:fields].present? ? options[:fields] : join_asset::SEARCHABLE_FIELDS.keys.map(&:to_s)) & join_asset.column_names
+        end
+      end
+
+      query = query.downcase.strip
+      fields_per_table.delete_if { |table,fields| fields.blank? }
+      conditions = fields_per_table.map do |table,fields|
+        fields.map do |field|
+          "lower(#{table}.#{field}) LIKE '%#{query}%'"
+        end.join(' OR ')
+      end.join(' OR ')
+
+      if options[:joins].present?
+        joins(options[:joins]).where(conditions)
+      else
+        where(conditions)
+      end
+
+    else
+      raise "No searchable fields defined for #{self.name}"
+    end
+  end
+
+end
+
@@ -86,7 +86,7 @@ class ApproveArticle &lt; Task
   def information
     if article
-      {:message => _('%{requestor} wants to publish the article: %{linked_subject}.')}
+      {:message => _('%{requestor} wants to publish the article: %{linked_subject}.').html_safe}
     else
       {:message => _("The article was removed.")}
     end
-class Article < ActiveRecord::Base
+class Article < ApplicationRecord
   include SanitizeHelper
-class ArticleCategorization < ActiveRecord::Base
+class ArticleCategorization < ApplicationRecord
   self.table_name = :articles_categories
   belongs_to :article
-class ArticleFollower < ActiveRecord::Base
+class ArticleFollower < ApplicationRecord
   attr_accessible :article_id, :person_id, :since
   belongs_to :article, :counter_cache => :followers_count
-class Block < ActiveRecord::Base
+class Block < ApplicationRecord
   attr_accessible :title, :subtitle, :display, :limit, :box_id, :posts_per_page,
                   :visualization_format, :language, :display_user,
-class Box < ActiveRecord::Base
+class Box < ApplicationRecord
   acts_as_list scope: -> box { where owner_id: box.owner_id, owner_type: box.owner_type }
-class Category < ActiveRecord::Base
+class Category < ApplicationRecord
   attr_accessible :name, :parent_id, :display_color, :display_in_menu, :image_builder, :environment, :parent
-class Certifier < ActiveRecord::Base
+class Certifier < ApplicationRecord
   attr_accessible :name, :environment
-class ChatMessage < ActiveRecord::Base
+class ChatMessage < ApplicationRecord
+
   attr_accessible :body, :from, :to
   belongs_to :to, :class_name => 'Profile'
-class Comment < ActiveRecord::Base
+class Comment < ApplicationRecord
   SEARCHABLE_FIELDS = {
     :title => {:label => _('Title'), :weight => 10},
-class ContactList < ActiveRecord::Base
+class ContactList < ApplicationRecord
   serialize :list, Array
@@ -60,9 +60,9 @@ class CreateCommunity &lt; Task
   def information
     if description.blank?
-      { :message => _('%{requestor} wants to create community %{subject} with no description.') }
+      { :message => _('%{requestor} wants to create community %{subject} with no description.').html_safe }
     else
-      { :message => _('%{requestor} wants to create community %{subject} with this description:<p><em>%{description}</em></p>'),
+      { :message => _('%{requestor} wants to create community %{subject} with this description:<p><em>%{description}</em></p>').html_safe,
         :variables => {:description => description} }
     end
   end
@@ -163,7 +163,7 @@ class CreateEnterprise &lt; Task
   end
   def information
-    {:message => _('%{requestor} wants to create enterprise %{subject}.')}
+    {:message => _('%{requestor} wants to create enterprise %{subject}.').html_safe}
   end
   def task_created_message
-class CustomField < ActiveRecord::Base
+class CustomField < ApplicationRecord
+
   attr_accessible :name, :default_value, :format, :extras, :customized_type, :active, :required, :signup, :environment, :moderation_task
   serialize :customized_type
   serialize :extras
-class CustomFieldValue < ActiveRecord::Base
+class CustomFieldValue < ApplicationRecord
+
   belongs_to :custom_field
   belongs_to :customized, :polymorphic => true
   attr_accessible :value, :public, :customized, :custom_field, :customized_type
@@ -17,7 +17,7 @@ class DocItem
       else
         match
       end
-    end
+    end.html_safe
   end
   private
 require 'noosfero/multi_tenancy'
-class Domain < ActiveRecord::Base
+class Domain < ApplicationRecord
   attr_accessible :name, :owner, :is_default
-class EmailTemplate < ActiveRecord::Base
+class EmailTemplate < ApplicationRecord
   belongs_to :owner, :polymorphic => true
 # A Environment is like a website to be hosted in the platform. It may
 # contain multiple Profile's and can be identified by several different
 # domains.
-class Environment < ActiveRecord::Base
+class Environment < ApplicationRecord
   attr_accessible :name, :is_default, :signup_welcome_text_subject,
                   :signup_welcome_text_body, :terms_of_use,
@@ -731,7 +731,7 @@ class Environment &lt; ActiveRecord::Base
     url << (Noosfero.url_options.key?(:host) ? Noosfero.url_options[:host] : default_hostname)
     url << ':' << Noosfero.url_options[:port].to_s if Noosfero.url_options.key?(:port)
     url << Noosfero.root('')
-    url
+    url.html_safe
   end
   def to_s
-class ExternalFeed < ActiveRecord::Base
+class ExternalFeed < ApplicationRecord
   belongs_to :blog
   validates_presence_of :blog_id
-class FavoriteEnterprisePerson < ActiveRecord::Base
+class FavoriteEnterprisePerson < ApplicationRecord
   attr_accessible :person, :enterprise
-class Friendship < ActiveRecord::Base
+class Friendship < ApplicationRecord
   track_actions :new_friendship, :after_create, :keep_params => ["friend.name", "friend.url", "friend.profile_custom_icon"], :custom_user => :person
   extend CacheCounterHelper
-class Image < ActiveRecord::Base
+class Image < ApplicationRecord
   attr_accessible :uploaded_data, :label, :remove_image
   attr_accessor :remove_image
-class Input < ActiveRecord::Base
+class Input < ApplicationRecord
   attr_accessible :product, :product_id, :product_category, :product_category_id,
     :amount_used, :unit_id, :price_per_unit, :relevant_to_price, :is_from_solidarity_economy
@@ -13,7 +13,7 @@ class InviteFriend &lt; Invitation
   end
   def information
-    {:message => _('%{requestor} wants to be your friend.')}
+    {:message => _('%{requestor} wants to be your friend.').html_safe}
   end
   def accept_details
@@ -25,7 +25,7 @@ class InviteFriend &lt; Invitation
   end
   def target_notification_description
-    _('%{requestor} wants to be your friend.') % {:requestor => requestor.name}
+    (_('%{requestor} wants to be your friend.') % {:requestor => requestor.name}).html_safe
   end
   def permission
@@ -25,7 +25,7 @@ class InviteMember &lt; Invitation
   end
   def information
-    {:message => _('%{requestor} invited you to join %{linked_subject}.')}
+    {:message => _('%{requestor} invited you to join %{linked_subject}.').html_safe}
   end
   def url
@@ -37,7 +37,7 @@ class InviteMember &lt; Invitation
   end
   def target_notification_description
-    _('%{requestor} invited you to join %{community}.') % {:requestor => requestor.name, :community => community.name}
+    (_('%{requestor} invited you to join %{community}.') % {:requestor => requestor.name, :community => community.name}).html_safe
   end
   def target_notification_message
-class License < ActiveRecord::Base
+class License < ApplicationRecord
   attr_accessible :name, :url
-class MailingSent < ActiveRecord::Base
+class MailingSent < ApplicationRecord
+
   attr_accessible :person
   belongs_to :mailing
   belongs_to :person
-class NationalRegion < ActiveRecord::Base
+class NationalRegion < ApplicationRecord
   SEARCHABLE_FIELDS = {
     :name => {:label => _('Name'), :weight => 1},
-class NationalRegionType < ActiveRecord::Base
+class NationalRegionType < ApplicationRecord
   COUNTRY = 1
   STATE   = 2
   CITY    = 3
@@ -341,7 +341,7 @@ class Person &lt; Profile
     environment ||= self.environment
     role_assignments.includes([:role, :resource]).select { |ra| ra.resource == environment }.map{|ra|ra.role.permissions}.any? do |ps|
       ps.any? do |p|
-        ActiveRecord::Base::PERMISSIONS['Environment'].keys.include?(p)
+        ApplicationRecord::PERMISSIONS['Environment'].keys.include?(p)
       end
     end
   end
-class PriceDetail < ActiveRecord::Base
+class PriceDetail < ApplicationRecord
   attr_accessible :price, :production_cost_id
-class Product < ActiveRecord::Base
+class Product < ApplicationRecord
   SEARCHABLE_FIELDS = {
     :name => {:label => _('Name'), :weight => 10},
-class ProductQualifier < ActiveRecord::Base
+class ProductQualifier < ApplicationRecord
   attr_accessible :qualifier, :product, :certifier
-class ProductionCost < ActiveRecord::Base
+class ProductionCost < ApplicationRecord
   attr_accessible :name, :owner
 # A Profile is the representation and web-presence of an individual or an
 # organization. Every Profile is attached to its Environment of origin,
 # which by default is the one returned by Environment:default.
-class Profile < ActiveRecord::Base
+class Profile < ApplicationRecord
   attr_accessible :name, :identifier, :public_profile, :nickname, :custom_footer, :custom_header, :address, :zip_code, :contact_phone, :image_builder, :description, :closed, :template_id, :environment, :lat, :lng, :is_template, :fields_privacy, :preferred_domain_id, :category_ids, :country, :city, :state, :national_region_code, :email, :contact_email, :redirect_l10n, :notification_time,
     :redirection_after_login, :custom_url_redirection,
@@ -675,7 +675,7 @@ class Profile &lt; ActiveRecord::Base
     url << url_options[:host]
     url << ':' << url_options[:port].to_s if url_options.key?(:port)
     url << Noosfero.root('')
-    url
+    url.html_safe
   end
 private :generate_url, :url_options
-class ProfileActivity < ActiveRecord::Base
+class ProfileActivity < ApplicationRecord
   self.record_timestamps = false
-class ProfileCategorization < ActiveRecord::Base
+class ProfileCategorization < ApplicationRecord
   self.table_name = :categories_profiles
   belongs_to :profile
   belongs_to :category
-class ProfileSuggestion < ActiveRecord::Base
+class ProfileSuggestion < ApplicationRecord
+
   belongs_to :person
   belongs_to :suggestion, :class_name => 'Profile', :foreign_key => :suggestion_id
-class Qualifier < ActiveRecord::Base
+class Qualifier < ApplicationRecord
   attr_accessible :name, :environment
-class QualifierCertifier < ActiveRecord::Base
+class QualifierCertifier < ApplicationRecord
   belongs_to :qualifier
   belongs_to :certifier
-class ReportedImage < ActiveRecord::Base
+class ReportedImage < ApplicationRecord
   belongs_to :abuse_report
   validates_presence_of :abuse_report
-class Scrap < ActiveRecord::Base
+class Scrap < ApplicationRecord
   include SanitizeHelper
-class SearchTerm < ActiveRecord::Base
+class SearchTerm < ApplicationRecord
   validates_presence_of :term, :context
   validates_uniqueness_of :term, :scope => [:context_id, :context_type, :asset]
@@ -25,7 +25,7 @@ class SearchTerm &lt; ActiveRecord::Base
   # Therefore the score is 97. Them we sum every score to get the total score
   # for a search term.
   def self.occurrences_scores
-    Hash[*ActiveRecord::Base.connection.execute(
+    Hash[*ApplicationRecord.connection.execute(
       joins(:occurrences).
       select("search_terms.id, sum(#{SearchTermOccurrence::EXPIRATION_TIME.to_i} - extract(epoch from (now() - search_term_occurrences.created_at))) as value").
       where("search_term_occurrences.created_at > ?", DateTime.now - SearchTermOccurrence::EXPIRATION_TIME).
-class SearchTermOccurrence < ActiveRecord::Base
+class SearchTermOccurrence < ApplicationRecord
   belongs_to :search_term
   validates_presence_of :search_term
@@ -65,7 +65,7 @@ class SuggestArticle &lt; Task
   def information
     variables = requestor.blank? ? {:requestor => sender} : {}
-    { :message => _('%{requestor} suggested the publication of the article: %{subject}.'),
+    { :message => _('%{requestor} suggested the publication of the article: %{subject}.').html_safe,
       :variables => variables }
   end
@@ -78,7 +78,7 @@ class SuggestArticle &lt; Task
   end
   def target_notification_description
-    _('%{requestor} suggested the publication of the article: %{article}.') %
+    _('%{requestor} suggested the publication of the article: %{article}.').html_safe %
     {:requestor => sender, :article => article_name}
   end
-class SuggestionConnection < ActiveRecord::Base
+class SuggestionConnection < ApplicationRecord
+
   attr_accessible :suggestion, :suggestion_id, :connection_type, :connection_id
   belongs_to :suggestion, :class_name => 'ProfileSuggestion', :foreign_key => 'suggestion_id'
@@ -9,7 +9,7 @@
 # This class has a +data+ field of type <tt>text</tt>, where you can store any
 # type of data (as serialized Ruby objects) you need for your subclass (which
 # will need to declare <ttserialize</tt> itself).
-class Task < ActiveRecord::Base
+class Task < ApplicationRecord
   acts_as_having_settings :field => :data
   acts_as_ordered_taggable
@@ -347,6 +347,21 @@ class Task &lt; ActiveRecord::Base
     where [environment_condition, profile_condition].compact.join(' OR ')
   }
+  scope :from_closed_date, -> closed_from {
+    where('tasks.end_date >= ?', closed_from.beginning_of_day) unless closed_from.blank?
+  }
+
+  scope :until_closed_date, -> closed_until {
+    where('tasks.end_date <= ?', closed_until.end_of_day) unless closed_until.blank?
+  }
+
+  scope :from_creation_date, -> created_from {
+    where('tasks.created_at >= ?', created_from.beginning_of_day) unless created_from.blank?
+  }
+
+  scope :until_creation_date, -> created_until {
+    where('tasks.created_at <= ?', created_until.end_of_day) unless created_until.blank?
+  }
   def self.pending_types_for(profile)
     Task.to(profile).pending.select('distinct type').map { |t| [t.class.name, t.title] }
-class Thumbnail < ActiveRecord::Base
+class Thumbnail < ApplicationRecord
   attr_accessible :uploaded_data
   # mass assigned by attachment_fu
-class Unit < ActiveRecord::Base
+class Unit < ApplicationRecord
   acts_as_list scope: -> unit { where environment_id: unit.environment_id }
@@ -4,7 +4,7 @@ require &#39;securerandom&#39;
 # User models the system users, and is generated by the acts_as_authenticated
 # Rails generator.
-class User < ActiveRecord::Base
+class User < ApplicationRecord
   attr_accessible :login, :email, :password, :password_confirmation, :activated_at
-class ValidationInfo < ActiveRecord::Base
+class ValidationInfo < ApplicationRecord
   attr_accessible :validation_methodology, :restrictions, :organization
@@ -107,7 +107,7 @@
     <%= render :partial => 'profile_editor/person_form', :locals => {:f => f} %>
   <% end %>
-  <%= @plugins.dispatch(:signup_extra_contents).collect { |content| instance_eval(&content) }.join("") %>
+  <%= safe_join(@plugins.dispatch(:signup_extra_contents).collect { |content| instance_eval(&content) }, "") %>
   <% unless @terms_of_use.blank? %>
     <div id='terms-of-use-box' class='formfieldline'>
@@ -14,7 +14,7 @@
 <div id="enterprise-activation-create-user-form" style="display: none">
   <h3><%= _('Personal signup form') %></h3>
   <%= render :partial => 'signup_form', :locals => { :hidden_atention => true } %>
-  <p><%= message = _('<b>Warning</b>: this form is for your personal information, not of your enterprise. So you will have a personal account that can manage your enterprise.') %></p>
+  <p><%= message = _('<b>Warning</b>: this form is for your personal information, not of your enterprise. So you will have a personal account that can manage your enterprise.').html_safe %></p>
 </div>
 <div id="enterprise-activation-login-form" style="display: none">
 <h1><%= _("Invalid change password code") %></h1>
 <p>
-<%= _('The code you are using for password change is not valid. Please try to request password change using the <a href="%s">"I forgot my password"</a> functionality.') % url_for(:action => 'forgot_password') %>
+<%= _('The code you are using for password change is not valid. Please try to request password change using the <a href="%s">"I forgot my password"</a> functionality.') % url_for(:action => 'forgot_password').html_safe %>
 </p>
@@ -20,7 +20,7 @@
        </label>
      </div>
-     <%= @plugins.dispatch(:login_extra_contents).collect { |content| instance_exec(&content) }.join("") %>
+     <%= safe_join(@plugins.dispatch(:login_extra_contents).collect { |content| instance_exec(&content) }, "") %>
      <% button_bar do %>
        <%= submit_button( 'login', _('Log in') )%>
@@ -15,7 +15,7 @@
       <%= f.password_field :password %>
-      <%= @plugins.dispatch(:login_extra_contents).collect { |content| instance_eval(&content) }.join("") %>
+      <%= safe_join(@plugins.dispatch(:login_extra_contents).collect { |content| instance_eval(&content) }, "") %>
       <% button_bar do %>
         <%= submit_button( 'login', _('Log in') )%>
@@ -5,5 +5,5 @@
 </p>
 <p>
-<%= _("You can <a href='%s'>login</a> now.") % url_for(:action => 'login') %>
+<%= _("You can <a href='%s'>login</a> now.").html_safe % url_for(:action => 'login') %>
 </p>
@@ -6,7 +6,7 @@
       <%= content_tag('li', content_tag('strong', "#{year.to_i} (#{count})")) %>
       <ul class='<%= year.to_i %>-archive'>
         <% block.blog.total_number_of_posts(:by_month, year).each do |month, count| %>
-          <%= content_tag('li', link_to("#{month_name(month.to_i)} (#{count})", block.blog.url.merge(year: year.to_i, month: month.to_i))) %>
+          <%= content_tag('li', link_to("#{month_name(month.to_i)} (#{count})", url_for(block.blog.url.merge(year: year.to_i, month: month.to_i)).html_safe)) %>
         <% end %>
       </ul>
     <% end %>
@@ -8,7 +8,7 @@
       <%= block.sanitize_link(link_to(link[:name], block.expand_address(link[:address]),
                 :target => link[:target],
                 :class => (link[:icon] ? "icon-#{link[:icon]}" : ''),
-                :title => link[:title])) %>
+                :title => link[:title])).html_safe %>
     </li>
   <% end %>
 </ul>
@@ -3,7 +3,7 @@
     <h2><%= _('Logged in as %s') % user.identifier %></h2>
     <ul>
       <li><%= _('User since %s/%s') % [user.created_at.month, user.created_at.year] %></li>
-      <li><%= link_to _('Homepage'), user.public_profile_url %></li>
+      <li><%= link_to _('Homepage'), url_for(user.public_profile_url) %></li>
     </ul>
     <div class="user-actions">
       <%= button(:'menu-logout',  _('Logout'), :controller => 'account', :action => 'logout') %>
@@ -10,8 +10,8 @@
   <% if list.empty? %>
     <div class='common-profile-list-block-none'><%= _('None') %></div>
   <% else %>
-    <ul><%= list %></ul>
+    <ul><%= list.html_safe %></ul>
   <% end %>
 </div>
- 
+
 <br style='clear:both'/>
@@ -9,7 +9,8 @@
     first_text = articles[articles.find_index{|a| a.kind_of? TextArticle}||-1]
     selected = @block.article || first_text
   %>
-  <%= select_tag(
+  <%= 
+    select_tag(
     'block[article_id]',
     options_for_select_with_title(articles.map {|item| [item.path, item.id]}, selected.id),
     :onchange => 'this.changedTo(this.value)'
@@ -35,7 +35,7 @@
           <% else %>
             <div class="no-image"><%= _('No image') %></div>
           <% end %>
-          <div class="catalog-item-extras"><%= extra_content.join("\n") %></div>
+          <div class="catalog-item-extras"><%= safe_join(extra_content, "\n") %></div>
         </li>
         <li class="product-link"><%= link_to_product product %></li>
@@ -35,7 +35,7 @@
 <div id="article-formitem">
   <%= labelled_form_field( _('Address'),
         content_tag('code',
-          url_for(@article.url).gsub(/#{@article.slug}$/, '') +
+          url_for(@article.url).gsub(/#{@article.slug}$/, '').html_safe +
           text_field(:article, :slug, :onchange => "warn_value_change()", :size => 25)
         ) +
         content_tag('div',
@@ -14,7 +14,7 @@
     <p><%= _('Numbered lists:') %></p>
     <pre># <%= _('first item') %>
 # <%= _('second item') %></pre>
-    <p><%= h(_('For code, use HTML tags <pre> and <code>, and indent the code inside them:')) %>
+    <p><%= h(_('For code, use HTML tags <pre> and <code>, and indent the code inside them:').html_safe) %>
     </p>
     <pre>
 &lt;pre&gt;
@@ -23,7 +23,7 @@
 &lt;/code&gt;
 &lt;/pre&gt;
 </pre>
-    <p><%= _('See also a more complete <a href="%s">Textile Reference</a>.') % 'http://redcloth.org/hobix.com/textile/' %></p>
+    <p><%= _('See also a more complete <a href="%s">Textile Reference</a>.').html_safe % 'http://redcloth.org/hobix.com/textile/' %></p>
   </div>
 </div>
@@ -39,7 +39,7 @@
   <script>
     jQuery('#article_tag_list').inputosaurus({
-      autoCompleteSource: <%= "'/myprofile/#{profile.identifier}/cms/search_tags'," %>
+      autoCompleteSource: <%= "'/myprofile/#{profile.identifier}/cms/search_tags',".html_safe %>
       activateFinalResult : true
     })
   </script>
@@ -5,7 +5,7 @@
 <ul class="article-types">
   <% for type in @article_types %>
     <% action = type[:class].name == 'UploadedFile' ? {:action => 'upload_files'} : {:action => 'new', :type => type[:class].name} %>
-    <%= content_tag('a', :href => url_for(action.merge(:parent_id => @parent_id, :back_to => @back_to))) do %>
+    <%= content_tag('a', :href => url_for(action.merge(:parent_id => @parent_id, :back_to => @back_to)).html_safe) do %>
       <li class="<%= icon_for_new_article(type[:class]) %>" onmouseover="javascript: jQuery(this).addClass('mouseover')" onmouseout="jQuery(this).removeClass('mouseover')">
         <strong><%= type[:short_description] %></strong>
         <div class='description'><%= type[:description] %></div>
@@ -17,11 +17,11 @@
 <h3><%= _("Select the files you want to upload (max size %s):") % UploadedFile.max_size.to_humanreadable %></h3>
 <h4><%= _('Documents, Images, Videos, Audio') %></h4>
-<h5><%= _('Uploading files to %s') % content_tag('code', @target) %></h5>
+<h5><%= (_('Uploading files to %s') % content_tag('code', @target)).html_safe%></h5>
 <%= form_for('uploaded_file', :url => { :action => 'upload_files' }, :html => {:multipart => true}) do |f| %>
-  <%= @plugins.dispatch(:upload_files_extra_fields, params[:parent_id]).collect { |content| instance_exec(&content) }.join("") %>
+  <%= safe_join(@plugins.dispatch(:upload_files_extra_fields, params[:parent_id]).collect { |content| instance_exec(&content) }, "") %>
   <%= render :partial => 'upload_file_form', :locals => { :size => '45'} %>
@@ -17,7 +17,7 @@
 <% button_bar(:style => 'margin-bottom: 1em;') do %>
   <% parent_id = ((@article && @article.allow_children?) ? @article : nil) %>
-  <%= modal_button('new', _('New content'), :action => 'new', :parent_id => parent_id, :cms => true) %>
+  <%= modal_button('new', _('New content'), url_for({:action => 'new', :parent_id => parent_id, :cms => true}).html_safe) %>
   <%= button(:back, _('Back to control panel'), :controller => 'profile_editor', :action => "index") %>
 <% end %>
@@ -26,7 +26,7 @@
     <strong><%= _('Current folder: ') %></strong>
     <%= link_to profile.identifier, :action => 'index' %>
     <% @article.hierarchy.each do |item| %>
-      <%= " / " + ((item == @article) ? item.name.html_safe : link_to(item.slug, :id => item.id).html_safe) %>
+      <%= " / ".html_safe + ((item == @article) ? item.name.html_safe : link_to(item.slug, :id => item.id).html_safe) %>
     <% end %>
   </div>
 <% end %>
@@ -45,9 +45,9 @@
     <tr>
       <td>
         <% if @article.parent %>
-          <%= link_to '.. (' + _('parent folder') + ')', {:action => 'view', :id => @article.parent.id}, :class => 'icon-parent-folder' %>
+          <%= link_to '.. ('.html_safe + _('parent folder') + ')', {:action => 'view', :id => @article.parent.id}, :class => 'icon-parent-folder' %>
         <% else %>
-          <%= link_to '.. (' + _('parent folder') + ')', {:action => 'index'}, :class => 'icon-parent-folder' %>
+          <%= link_to '.. ('.html_safe + _('parent folder') + ')', {:action => 'index'}, :class => 'icon-parent-folder' %>
         <% end %>
       </td>
       <td><%= Folder.short_description %></td>
@@ -43,7 +43,7 @@
         <p/>
         <%= txt2html sanitize(comment.body) %>
       </div>
-      <%= @plugins.dispatch(:comment_extra_contents, local_assigns).collect { |content| instance_exec(&content) }.join("") %>
+      <%= safe_join(@plugins.dispatch(:comment_extra_contents, local_assigns).collect { |content| instance_exec(&content) }, "") %>
     </div>
     <div class="comment_reply post_comment_box closed" id="comment_reply_to_<%= comment.id %>">
@@ -85,7 +85,7 @@ function check_captcha(button, confirm_action) {
   <%= hidden_field_tag(:view, params[:view])%>
   <%= f.hidden_field(:reply_of_id) %>
-  <%= @plugins.dispatch(:comment_form_extra_contents, local_assigns.merge(:comment => @comment)).collect { |content| instance_exec(&content) }.join("") %>
+  <%= safe_join(@plugins.dispatch(:comment_form_extra_contents, local_assigns.merge(:comment => @comment)).collect { |content| instance_exec(&content) }, "") %>
   <% button_bar do %>
     <%= submit_button('add', _('Post comment'), :onclick => "if(check_captcha(this)) { save_comment(this) } else { check_captcha(this, save_comment)};return false;") %>
@@ -26,7 +26,7 @@
         <% content = _('Add translation') %>
         <% parent_id = (@page.folder? ? @page : (@page.parent.nil? ? nil : @page.parent)) %>
         <% url = profile.admin_url.merge(:controller => 'cms', :action => 'new', :parent_id => parent_id, :type => @page.type, :article => { :translation_of_id => @page.native_translation.id })%>
-        <%= expirable_button @page, :locale, content, url %>
+        <%= expirable_button @page, :locale, content, url_for(url).html_safe %>
       <% end %>
       <% if !@page.archived? %>
@@ -67,7 +67,7 @@
       <div class="blog-cover"><%= image_tag(@page.image.public_filename())%></div>
     <% end %>
     <%= button_without_text(:feed, _('RSS feed'), @page.feed.url, :class => 'blog-feed-link') if @page.has_posts? && @page.feed %>
-    <%= @plugins.dispatch(:article_header_extra_contents, @page).collect { |content| instance_exec(&content) }.join("") %>
+    <%= safe_join(@plugins.dispatch(:article_header_extra_contents, @page).collect { |content| instance_exec(&content) }) %>
     <% if @page.archived? %>
       <%= render :partial => 'cms/archived_warning', :locals => {:article => @page} %>
     <% end %>
@@ -7,7 +7,7 @@
   </span>
 <% unless @no_comments %>
   <span class="comments">
-    <%= (" - %s") % link_to_comments(@page)%>
+    <%= (" - %s").html_safe % link_to_comments(@page) %>
   </span>
 <% end %>
@@ -35,7 +35,7 @@
       </div>
     <% end %>
     <div class="event-content">
-      <%= event.body %>
+      <%= raw event.body %>
     </div>
   <% end %>
 </div>
@@ -2,9 +2,9 @@
 <%= button(:back, _('Back to the versions'), {:action => 'article_versions'}) %>
 </div>
-<h1><%= _('Changes on "%s"') % @page.title %></h1>
+<h1><%= _('Changes on "%s"').html_safe % @page.title %></h1>
-<p> <%= _('Changes from %s &rarr; %s') % [show_time(@v1.updated_at), show_time(@v2.updated_at)] %> </p>
+<p> <%= _('Changes from %s &rarr; %s').html_safe % [show_time(@v1.updated_at), show_time(@v2.updated_at)] %> </p>
 <% diffContent = Diffy::Diff.new(@v1.body, @v2.body, :context => 1) %>
 <% if diffContent.to_s(:text).blank? %>
@@ -12,5 +12,5 @@
     <%= _('These versions range have no differences.')%>
   </p>
 <% else %>
-  <%= diffContent.to_s(:html) %>
+  <%= diffContent.to_s(:html).html_safe %>
 <% end %>
@@ -45,24 +45,24 @@
 <% if ! @page.categories.empty? %>
 <div id="article-cat">
   <h4><%= _('Categories') %></h4>
-    <%= @page.categories.map {|item| link_to_category(item, false) }.join(", ") %>
+    <%= safe_join(@page.categories.map {|item| link_to_category(item, false) }, ", ") %>
 </div>
 <% end %>
 <% if !@page.tags.empty? %>
   <div id="article-tags">
-    <%= _("This article's tags:") %>
-    <%= @page.tags.map { |t| link_to(t, :controller => 'profile', :profile => @profile.identifier, :action => 'tags', :id => t.name ) }.join("\n") %>
+    <%= _("This article's tags:").html_safe %>
+    <%= safe_join(@page.tags.map { |t| link_to(t, :controller => 'profile', :profile => @profile.identifier, :action => 'tags', :id => t.name ) }, "\n") %>
   </div>
 <% end %>
 <%= display_source_info(@page) %>
-<%= @plugins.dispatch(:article_extra_contents, @page).collect { |content| instance_exec(&content) }.join("") %>
+<%= safe_join(@plugins.dispatch(:article_extra_contents, @page).collect { |content| instance_exec(&content) }, "") %>
 <% if @page.accept_comments? || @comments_count > 0 %>
   <div class="comments" id="comments_list">
-    <h3 <%= 'class="no-comments-yet"' if @comments_count == 0 %>>
+    <h3 <%= 'class="no-comments-yet"'.html_safe if @comments_count == 0 %>>
       <%= display_number_of_comments(@comments_count) %>
     </h3>
@@ -5,5 +5,5 @@
       <li><%= link_to text, link, :target => '_blank' %></li>
     <% end %>
   </ul>
-  <%= @toc.text %>
+  <%= raw @toc.text %>
 </div>
@@ -5,7 +5,7 @@
 <p>
 <%=  _('Here you can enable or disable several features of your environment. Each feature represents some funcionality that your environment can use if you enable it.
-Check all the features you want to enable for your environment, uncheck all the ones you don\'t want, and use the <em>"Save changes" button</em> to confirm your changes.') %>
+Check all the features you want to enable for your environment, uncheck all the ones you don\'t want, and use the <em>"Save changes" button</em> to confirm your changes.').html_safe %>
 </p>
 <%= labelled_form_for(:environment, :url => {:action => 'update'}) do |f| %>
@@ -7,7 +7,7 @@
           <div class='highlighted-news-item post-<%= index + 1 %>-inner'>
             <h2><%= link_to(h(highlighted.title), highlighted.url, :class => 'post-title') %></h2>
             <span class="post-date"><%= show_date(highlighted.published_at, true) %> </span>
-            <div class='headline'><%= highlighted.lead %></div>
+            <div class='headline'><%= raw highlighted.lead %></div>
             <p class='highlighted-news-read-more'>
               <%= link_to(_('Read more'), highlighted.url) %>
             </p>
@@ -49,7 +49,7 @@
     <% end %>
   <% end %>
 <% else %>
-  <%= environment.description %>
+  <%= environment.description.html_safe %>
 <% end %>
 <% if environment.enabled?('search_in_home') %>
@@ -3,12 +3,12 @@
 <%= form_tag do %>
-  <%= [
+  <%= safe_join([
         radio_button_tag(:import_from, "manual", @import_from == "manual", :onclick => 'hide_invite_friend_login_password()') + content_tag('label', _('Manually (empty field)'), :for => "import_from_manual"),
         radio_button_tag(:import_from, "gmail", @import_from == "gmail", :onclick => 'show_invite_friend_login_password(this.value)') + content_tag('label', 'Gmail', :for => 'import_from_gmail'),
         radio_button_tag(:import_from, "yahoo", @import_from == "yahoo", :onclick => 'show_invite_friend_login_password(this.value)') + content_tag('label', 'Yahoo', :for => "import_from_yahoo"),
         radio_button_tag(:import_from, "hotmail", @import_from == "hotmail", :onclick => 'show_invite_friend_login_password(this.value)') + content_tag('label', 'Hotmail', :for => "import_from_hotmail")
-      ].join("\n<br/>\n") %>
+      ], "\n<br/>\n".html_safe) %>
   <script type="text/javascript">
     function hide_invite_friend_login_password() {
@@ -7,22 +7,23 @@
     </span>
   <% else %>
     <span class='not-logged-in'>
-      <%= _("<span class='login'>%s</span>") % modal_inline_link_to('<i class="icon-menu-login"></i><strong>' + _('Login') + '</strong>', login_url, '#inlineLoginBox', :id => 'link_login') %>
-      <%= @plugins.dispatch(:alternative_authentication_link).collect { |content| instance_exec(&content) }.join("") %>
+      <%= usermenu_notlogged_in %>
+      <% @plugins.dispatch(:alternative_authentication_link).collect do |content|%>
+         <%= instance_exec(&content) %> 
+      <%end%>
-    <div id='inlineLoginBox' style='display: none;'>
-      <%= render :file => 'account/login', :locals => { :is_popin => true } %>
-    </div>
+      <div id='inlineLoginBox' style='display: none;'>
+        <%= render :file => 'account/login', :locals => { :is_popin => true } %>
+      </div>
-    <% unless @plugins.dispatch(:allow_user_registration).include?(false) %>
-      <%= _("<span class='or'>or</span> <span class='signup'>%s</span>") % link_to('<strong>' + _('Sign up') + '</strong>', :controller => 'account', :action => 'signup')%>
-    <% end %>
-
-  </span>
+      <% unless @plugins.dispatch(:allow_user_registration).include?(false) %>
+        <%= usermenu_signup %>
+      <% end %>
+    </span>
   <% end %>
   <form action="/search/articles" id="top-search" class="search_form clean" method="get">
     <input name="query" size="15" title="<%=_('Search...')%>" onfocus="this.form.className='focused';" onblur="this.form.className=''" />
-    <div><%=_('Press <strong>Enter</strong> to send the search query.')%></div>
+    <div><%=_('Press <strong>Enter</strong> to send the search query.').html_safe%></div>
     <%= javascript_tag 'jQuery("#user form input").hint();' %>
   </form>
 </div><!-- end id="user" -->
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="<%= html_language %>" lang="<%= html_language %>" class="<%= h html_tag_classes %>">
   <head>
-    <title><%= h page_title %></title>
+    <title><%= h page_title.html_safe %></title>
     <%= yield(:feeds) %>
     <!--<meta http-equiv="refresh" content="1"/>-->
     <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
@@ -20,24 +20,33 @@
     <%# Add custom tags/styles/etc via content_for %>
     <%= yield :head %>
     <%=
-      @plugins.dispatch(:head_ending).map do |content|
-        if content.respond_to?(:call) then instance_exec(&content).to_s.html_safe else content.to_s.html_safe end
-      end.join("\n")
+      str = (@plugins.dispatch(:head_ending).map do |content|
+              if content.respond_to?(:call) then 
+                instance_exec(&content).to_s
+              else 
+                content.to_s
+              end
+            end)
+      safe_join(str, "\n")
     %>
     <script type="text/javascript">
-      DEFAULT_LOADING_MESSAGE = <%="'#{ _('loading...') }'" %>;
-      noosfero.profile = <%= (@profile.identifier if @profile).to_json %>
+      DEFAULT_LOADING_MESSAGE = <%="'#{ _('loading...') }'".html_safe %>;
+      noosfero.profile = <%= (@profile.identifier if @profile).to_json.html_safe %>
     </script>
   </head>
   <body class="<%= h body_classes %>">
     <a href="#content" id="link-go-content"><span><%= _("Go to the content") %></span></a>
-
     <%=
-      @plugins.dispatch(:body_beginning).map do |content|
-        if content.respond_to?(:call) then instance_exec(&content).to_s.html_safe else content.to_s.html_safe end
-      end.join("\n")
+      str = (@plugins.dispatch(:body_beginning).map do |content|
+              if content.respond_to?(:call) then 
+                instance_exec(&content).to_s
+              else 
+                content.to_s 
+              end
+            end)
+      safe_join(str, "\n")
     %>
     <div id="global-header">
       <%= global_header %>
@@ -75,9 +84,14 @@
     <%= noosfero_layout_features %>
     <%= addthis_javascript %>
     <%=
-      @plugins.dispatch(:body_ending).map do |content|
-        if content.respond_to?(:call) then instance_exec(&content).html_safe else content.html_safe end
-      end.join("\n")
+      str = (@plugins.dispatch(:body_ending).map do |content|
+              if content.respond_to?(:call) then 
+                instance_exec(&content)
+              else 
+                content
+              end
+            end)
+      safe_join(str, "\n")
     %>
   </body>
@@ -16,7 +16,7 @@
   <% if profile.user.enable_email %>
     <h2><%= ('E-mail address') %></h2>
     <ul>
-      <%= profile.email_addresses.map{|i| content_tag('li', i)}.join("\n") %>
+      <%= safe_join(profile.email_addresses.map{|i| content_tag('li', i)}, "\n") %>
     </ul>
     <h2><%= _('Configuration') %></h2>
     <ul>
@@ -31,7 +31,7 @@
   <% else %>
     <h2><%= _("Enable e-Mail account below:") %></h2>
-    <ul><%= profile.email_addresses.map{|i| content_tag('li', i)}.join("\n") %></ul>
+    <ul><%= safe_join(profile.email_addresses.map{|i| content_tag('li', i)}, "\n") %></ul>
     <blockquote><%= _("You'll be able to access a webmail from your user menu.") %></blockquote>
     <% button_bar do %>
       <%= button(:ok, _('Enable e-Mail'), { :action => 'enable' }, :method => 'post') %>
@@ -4,7 +4,7 @@
     <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
   </head>
   <body style="margin: 0">
-    <%= word_wrap(@message) %>
+    <%= raw word_wrap(@message) %>
     <p>
       --<br/>
       <%= @signature_message %><br/>
@@ -14,7 +14,7 @@
     </div>
     <div id='product-extra-content'>
       <% extra_content = @plugins.dispatch(:product_info_extras, @product).collect { |content| instance_exec(&content) } %>
-      <%= extra_content.join("\n") %>
+      <%= safe_join(extra_content, "\n") %>
     </div>
     <div id='product-info'>
       <%= render :partial => 'manage_products/display_info' %>
@@ -34,13 +34,13 @@
   <div style='margin-bottom: 0.5em' id='community-join-before'>
     <%= radio_button 'community', 'closed', 'true', :style => 'float: left' %>
     <div style='margin-left: 30px'>
-      <%= _('<strong>Before</strong> joining this group (a moderator has to accept the member in pending request before member can access the intranet and/or the website).') %>
+      <%= _('<strong>Before</strong> joining this group (a moderator has to accept the member in pending request before member can access the intranet and/or the website).').html_safe %>
     </div>
   </div>
   <div id='community-join-after'>
     <%= radio_button 'community', 'closed', 'false', :style => 'float: left' %>
     <div style='margin-left: 30px'>
-      <%= _('<strong>After</strong> joining this group (a moderator can always desactivate access for users later).') %>
+      <%= _('<strong>After</strong> joining this group (a moderator can always desactivate access for users later).').html_safe %>
     </div>
   </div>
@@ -2,7 +2,7 @@
 <%= _("You have %d pending task(s).") % @tasks.size %>
-<%= @tasks.map{|i| " * #{i.description}"}.join("\n") %>
+<%= safe_join(@tasks.map{|i| " * #{i.description}"}, "\n") %>
 <%= _("Click in address below to process task(s):") %>
@@ -11,7 +11,7 @@
 <% pending_tasks = @person.pending_tasks_for_organization(organization) %>
 <%= _("%s has %d pending task(s).") % [organization.name, pending_tasks.size] %>
-<%= pending_tasks.map{|i| " * #{i.information}"}.join("\n") %>
+<%= safe_join(pending_tasks.map{|i| " * #{i.information}"}, "\n") %>
 <%= _("Click in address below to process task(s):") %>
@@ -20,6 +20,6 @@
   <%= pagination_links @tagged, :param_name => 'npage' %>
   <div>
-    <%= link_to _('See content tagged with "%s" in the entire site') % escaped_tag, :controller => 'search', :action => 'tag', :tag => @tag %>
+    <%= link_to (_('See content tagged with "%s" in the entire site') % escaped_tag).html_safe, :controller => 'search', :action => 'tag', :tag => @tag %>
   </div>
 <% end %>
@@ -5,7 +5,7 @@
 <% else %>
   <% unless profile.description.blank? %>
     <div class='public-profile-description'>
-      <%= profile.description %>
+      <%= raw profile.description %>
     </div>
   <% end %>
   <div id='public-profile-search'>
@@ -34,13 +34,13 @@
   <div style='margin-bottom: 0.5em'>
     <%= radio_button 'profile_data', 'closed', 'true', :style => 'float: left' %>
     <div style='margin-left: 30px'>
-      <%= _('<strong>Before</strong> joining this group (a moderator has to accept the member in pending request before member can access the intranet and/or the website).') %>
+      <%= _('<strong>Before</strong> joining this group (a moderator has to accept the member in pending request before member can access the intranet and/or the website).').html_safe %>
     </div>
   </div>
   <div>
     <%= radio_button 'profile_data', 'closed', 'false', :style => 'float: left' %>
     <div style='margin-left: 30px'>
-      <%= _('<strong>After</strong> joining this group (a moderator can always desactivate access for users later).') %>
+      <%= _('<strong>After</strong> joining this group (a moderator can always desactivate access for users later).').html_safe %>
     </div>
   </div>
   <br>
@@ -52,13 +52,13 @@
 <div style='margin-bottom: 0.5em'>
   <%= radio_button 'profile_data', 'moderated_articles', 'true', :style => 'float: left' %>
   <div style='margin-left: 30px'>
-    <%= _('<strong>Before</strong> being published in this group (a moderator has to accept the article in pending request before the article be listed as a article of this group).') %>
+    <%= _('<strong>Before</strong> being published in this group (a moderator has to accept the article in pending request before the article be listed as a article of this group).').html_safe %>
   </div>
 </div>
 <div>
   <%= radio_button 'profile_data', 'moderated_articles', 'false', :style => 'float: left' %>
   <div style='margin-left: 30px'>
-    <%= _('<strong>After</strong> being published in this group (a moderator can always remove publicated articles later).') %>
+    <%= _('<strong>After</strong> being published in this group (a moderator can always remove publicated articles later).').html_safe %>
   </div>
 </div>
@@ -4,7 +4,7 @@
   <%= required f.text_field(:name) %>
-  <%= @plugins.dispatch(:profile_info_extra_contents).collect { |content| instance_exec(&content) }.join("") %>
+  <%= safe_join(@plugins.dispatch(:profile_info_extra_contents).collect { |content| instance_exec(&content) }, "") %>
 <% if @environment.enabled?('enable_organization_url_change') %>
   <script type="text/javascript">
@@ -41,7 +41,7 @@
     <div id="profile-identifier-formitem">
       <%= required labelled_form_field( _('Address'),
             content_tag('code',
-              url_for(profile.url).gsub(/#{profile.identifier}$/, '') +
+              url_for(profile.url).gsub(/#{profile.identifier}$/, '').html_safe +
               text_field(:profile_data, :identifier, :onchange => "warn_value_change()", :size => 25)
             ) +
             content_tag('div',
@@ -4,7 +4,7 @@
   <div class='pending-tasks'>
     <h2><%= _('You have pending requests') %></h2>
     <ul>
-      <%= @pending_tasks.take(10).map {|task| content_tag('li', task_information(task))}.join %>
+      <%= safe_join(@pending_tasks.map {|task| content_tag('li', task_information(task))}) %>
     </ul>
     <%= button(:todo, _('Process requests'), :controller => 'tasks', :action => 'index') %>
   </div>
@@ -16,7 +16,7 @@
     </div>
   </div>
-  <%= @plugins.dispatch(:profile_info_extra_contents).collect { |content| instance_exec(&content) }.join("") %>
+  <%= safe_join(@plugins.dispatch(:profile_info_extra_contents).collect { |content| instance_exec(&content) }, "") %>
   <div class="formfieldline">
     <%= label_tag("private_token", _("Private Token")) %>
@@ -26,20 +26,20 @@
   <% if profile.person? %>
     <div>
-      <%= labelled_radio_button _('Public &mdash; show my contents to all internet users'), 'profile_data[public_profile]', true, @profile.public_profile? %>
+      <%= labelled_radio_button _('Public &mdash; show my contents to all internet users').html_safe, 'profile_data[public_profile]', true, @profile.public_profile? %>
     </div>
     <div>
-      <%= labelled_radio_button _('Private &mdash; show my contents only to friends'), 'profile_data[public_profile]', false, !@profile.public_profile? %>
+      <%= labelled_radio_button _('Private &mdash; show my contents only to friends').html_safe, 'profile_data[public_profile]', false, !@profile.public_profile? %>
     </div>
   <% else %>
     <div>
-      <%= labelled_check_box _("Secret &mdash; hide the community and all its contents for non members and other people can't join this community unless they are invited to."), 'profile_data[secret]', true, profile.secret, :class => "profile-secret-box" %>
+      <%= labelled_check_box _("Secret &mdash; hide the community and all its contents for non members and other people can't join this community unless they are invited to.").html_safe, 'profile_data[secret]', true, profile.secret, :class => "profile-secret-box" %>
     </div>
     <div>
-      <%= labelled_radio_button _('Public &mdash; show content of this group to all internet users'), 'profile_data[public_profile]', true, @profile.public_profile?, :class => "public-community-button" %>
+      <%= labelled_radio_button _('Public &mdash; show content of this group to all internet users').html_safe, 'profile_data[public_profile]', true, @profile.public_profile?, :class => "public-community-button" %>
     </div>
     <div>
-      <%= labelled_radio_button _('Private &mdash; show content of this group only to members'), 'profile_data[public_profile]', false, !@profile.public_profile?, :class => "private-community-button" %>
+      <%= labelled_radio_button _('Private &mdash; show content of this group only to members').html_safe, 'profile_data[public_profile]', false, !@profile.public_profile?, :class => "private-community-button" %>
     </div>
   <% end %>
@@ -60,9 +60,9 @@
   )%>
   <%=
-    @plugins.dispatch(:profile_editor_extras).map do |content|
+    safe_join(@plugins.dispatch(:profile_editor_extras).map do |content|
       content.kind_of?(Proc) ? self.instance_exec(&content) : content
-    end.join("\n")
+    end, "\n")
   %>
   <%= select_categories(:profile_data, _('Select the categories of your interest'), 2) %>
@@ -7,7 +7,7 @@
         <p><%= _('Roles:') %> </p>
         <% @data[:roles].each do |r| %>
-          <%= labelled_check_box(r.name, 'filters[roles][]', r.id, @filters[:roles].include?(r.id.to_s), :add_hidden => false) %><br/>
+          <%= raw labelled_check_box(r.name, 'filters[roles][]', r.id, @filters[:roles].include?(r.id.to_s), :add_hidden => false) %><br/>
         <% end %>
         <p>
           <%= submit_button(:search, _('Search')) %>
@@ -9,7 +9,7 @@
   <% permissions.each do |key| %>
   <div class="permissions <%= key.downcase %>">
     <h4><%= _('%s Permissions:' % key) %></h4>
-    <% ActiveRecord::Base::PERMISSIONS[key].keys.each do |p| %>
+    <% ApplicationRecord::PERMISSIONS[key].keys.each do |p| %>
       <%= check_box_tag("role[permissions][]", p, role.has_permission?(p), { :id => p }) %>
       <%= content_tag(:label, permission_name(p), { :for => p }) %><br/>
     <% end %>
@@ -9,7 +9,7 @@
   <% permissions.each do |key| %>
   <div class="permissions <%= key.downcase %>">
     <h4><%= _('%s Permissions:' % key) %></h4>
-    <% ActiveRecord::Base::PERMISSIONS[key].keys.each do |p| %>
+    <% ApplicationRecord::PERMISSIONS[key].keys.each do |p| %>
       <%= check_box_tag("role[permissions][]", p, role.has_permission?(p), { :id => p }) %>
       <%= content_tag(:label, permission_name(p), { :for => p }) %><br/>
     <% end %>
@@ -2,7 +2,7 @@
 <div class="search-article-author-changes">
   <% if article.last_changed_by and article.last_changed_by != article.profile %>
-    <span><%= _('Updated by %{name} at %{date}') % {:name => link_to(article.last_changed_by.name, article.last_changed_by.url),
+    <span><%= _('Updated by %{name} at %{date}').html_safe % {:name => link_to(article.last_changed_by.name, article.last_changed_by.url),
       :date => show_date(article.updated_at) } %></span>
   <% else %>
     <span><%= _('Last update: %s.') % show_date(article.updated_at) %></span>
 <% extra_content = @plugins.dispatch(:asset_product_extras, product).collect { |content| instance_exec(&content) } %>
-<% extra_properties = @plugins.dispatch(:asset_product_properties, product)%>
+<% extra_properties = @plugins.dispatch(:asset_product_properties, product) %>
 <li class="search-product-item <%= 'highlighted' if product.highlighted? %>">
@@ -77,9 +77,9 @@
   <div style="clear: both"></div>
-  <%= extra_content.join('\n') %>
+  <%= safe_join(extra_content, '\n') %>
   <% extra_properties.each do |property| %>
-    <div><%= property[:name] + ': ' + instance_exec(&property[:content]) %></div>
+    <div><%= ''.html_safe + property[:name] + ': ' + instance_exec(&property[:content]) %></div>
   <% end %>
 </li>
 <h2>
-  <%= _('Tagged with "%s"') % content_tag('code', @tag) %>
+  <%= _('Tagged with "%s"').html_safe % content_tag('code', @tag) %>
 </h2>
 <% button_bar do %>
@@ -6,9 +6,9 @@
       </div>
       <span class='profile-details'>
         <strong><%= group.name %></strong><br/>
-        <%= _('Role: %s') % rolename_for(profile, group) + '<br/>' if profile.role_assignments.find_by(resource_id: group.id) %>
+        <%= raw _('Role: %s') % rolename_for(profile, group) + '<br/>' if profile.role_assignments.find_by(resource_id: group.id) %>
         <%= _('Type: %s') % _(group.class.identification) %> <br/>
-        <%= _('Description: %s') % group.description  + '<br/>' if group.community? %>
+        <%= raw _('Description: %s') % group.description  + '<br/>' if group.community? %>
         <%= _('Members: %s') % group.members_count.to_s %> <br/>
         <%= _('Created at: %s') % show_date(group.created_at) unless group.enterprise? %> <br/>
         <% button_bar do %>
 <%= content = _("Roles:")+"<br />"
 roles = Profile::Roles.organization_member_roles(task.target.environment.id) + profile.custom_roles
 roles.each do |role|
-  content += labelled_check_box(role.name, "tasks[#{task.id}][task][roles][]", role.id, false)+"<br />"
+  content += labelled_check_box(role.name, "tasks[#{task.id}][task][roles][]", role.id, false) + "<br />".html_safe
 end
-content_tag('p', content, :class => 'member-classify-suggestion')
+content_tag('p', content.html_safe, :class => 'member-classify-suggestion').html_safe
 %>
@@ -3,7 +3,7 @@
   if icon_info[:type] == :profile_image
     icon = profile_image(icon_info[:profile], :minor)
   elsif icon_info[:type] == :defined_image
-    icon = "<img src='#{icon_info[:src]}' alt='#{icon_info[:name]}' />"
+    icon = "<img src='#{icon_info[:src]}' alt='#{icon_info[:name]}' />".html_safe
   end
   if icon_info[:url]
@@ -3,7 +3,7 @@
 <ul>
   <% @tasks.each do |task| %>
     <li>
-      <strong><%= task.respond_to?(:title) ? link_to( task.title, :action => 'ticket_details', :id => task.id) : task.information %></strong><br/>
+      <strong><%= task.respond_to?(:title) ? link_to( task.title, :action => 'ticket_details', :id => task.id).html_safe : task.information %></strong><br/>
       <small>
         <%= _('Created:') + ' ' + show_date(task.created_at) %>
         &nbsp; &#151; &nbsp;
@@ -6,23 +6,25 @@
 <div class="task-processed-filter">
 <%
   type_collection = [[nil, _('All')]] + @task_types
+  type_collection.map!{|first,last| [last,first]}
 %>
   <%= form_tag '#', :method => 'get' do %>
     <%= field_set_tag _('Filter'), :class => 'filter_fields' do %>
       <div>
-        <%= labelled_select(_('Type of task')+': ', 'filter[type]', :first, :last, @filter[:type],  type_collection, {:id => 'filter-type'}) %>
-        <%= labelled_select(_('Status:'), 'filter[status]', :last, :first, @filter[:status], [[_('Any'), nil], [_(Task::Status.names[Task::Status::CANCELLED]), 2], [_(Task::Status.names[Task::Status::FINISHED]), 3] ]) %>
+        <%= labelled_form_field(_('Type of task')+': ', select_tag('filter[type]', options_for_select(type_collection, @filter[:type]), {:id => 'filter-type'})) %>
+        <%= labelled_form_field(_('Status')+': ', select_tag('filter[status]', options_for_select([[_('Any'), nil], [_(Task::Status.names[Task::Status::CANCELLED]), 2], [_(Task::Status.names[Task::Status::FINISHED]), 3] ], @filter[:status]))) %>
       </div>
       <div>
-        <%= labelled_text_field(_('Text Filter:'), 'filter[text]', @filter[:text]) %>
+        <%= labelled_form_field(_('Text Filter:'), text_field_tag('filter[text]', @filter[:text])) %>
       </div>
       <div>
-        <%= labelled_text_field(_('Requestor:'), 'filter[requestor]', @filter[:requestor]) %>
-        <%= labelled_text_field(_('Closed by:'), 'filter[closed_by]', @filter[:closed_by]) %>
+        <%= labelled_form_field(_('Requestor:'), text_field_tag('filter[requestor]', @filter[:requestor])) %>
+        <%= labelled_form_field(_('Closed by:'), text_field_tag('filter[closed_by]', @filter[:closed_by])) %>
       </div>
-
+      <%= labelled_form_field(_('Creation date'), date_range_field('filter[created_from]', 'filter[created_until]', @filter[:created_from], @filter[:created_until], { :change_month => true, :change_year => true, :date_format => 'yy-mm-dd' }, { :size => 14, :from_id => 'filter_created_from', :to_id => 'filter_created_until' })) %>
+      <%= labelled_form_field(_('Processed date'), date_range_field('filter[closed_from]', 'filter[closed_until]', @filter[:closed_from], @filter[:closed_until], { :change_month => true, :change_year => true, :date_format => 'yy-mm-dd' }, { :size => 14, :from_id => 'filter_closed_from', :to_id => 'filter_closed_until' })) %>
       <div class="actions">
         <%= submit_button(:search, _('Search')) %>
@@ -28,22 +28,22 @@ test:
           bundle exec rake test:api
           bundle exec rake test:functionals
           SLICE=1/4 bundle exec rake selenium
-          SLICE=1/4 BUNDLE_OPTS=install bundle exec rake test:noosfero_plugins
+          SLICE=1/4 NOOSFERO_BUNDLE_OPTS=install bundle exec rake test:noosfero_plugins
           ;;
         1)
           bundle exec rake test:integration
           SLICE=2/4 bundle exec rake selenium
-          SLICE=2/4 BUNDLE_OPTS=install bundle exec rake test:noosfero_plugins
+          SLICE=2/4 NOOSFERO_BUNDLE_OPTS=install bundle exec rake test:noosfero_plugins
           ;;
         2)
           bundle exec rake test:units
           SLICE=3/4 bundle exec rake selenium
-          SLICE=3/4 BUNDLE_OPTS=install bundle exec rake test:noosfero_plugins
+          SLICE=3/4 NOOSFERO_BUNDLE_OPTS=install bundle exec rake test:noosfero_plugins
           ;;
         3)
           bundle exec rake cucumber
           SLICE=4/4 bundle exec rake selenium
-          SLICE=4/4 BUNDLE_OPTS=install bundle exec rake test:noosfero_plugins
+          SLICE=4/4 NOOSFERO_BUNDLE_OPTS=install bundle exec rake test:noosfero_plugins
           ;;
         esac
       :
@@ -14,4 +14,5 @@ module ActiveRecordExtension
     end
   end
 end
-ActiveRecord::Base.send(:include, ActiveRecordExtension)
+
+ApplicationRecord.send :include, ActiveRecordExtension
@@ -1,10 +0,0 @@
-#From: https://github.com/coletivoEITA/noosfero-ecosol/blob/57908cde4fe65dfe22298a8a7f6db5dba1e7cc75/config/initializers/html_safe.rb
-
-# Disable Rails html autoescaping. This is due to noosfero using too much helpers/models to output html.
-# It it would change too much code and make it hard to maintain.
-# FIXME THIS IS SO WRONG
-class Object
-  def html_safe?
-    true
-  end
-end
 class DestroyOrganizationAndPersonInfos < ActiveRecord::Migration
   def self.up
     Person.find_each do |i|
-      info = ActiveRecord::Base.connection.select_one("select * from person_infos where person_id = #{i.id}")
+      info = ApplicationRecord.connection.select_one("select * from person_infos where person_id = #{i.id}")
       i.name = info["name"] unless info["name"].nil?
       i.address = info["address"] unless info["address"].nil?
       [ "photo", "contact_information", "birth_date", "sex", "city", "state", "country" ].each do |field|
@@ -12,7 +12,7 @@ class DestroyOrganizationAndPersonInfos &lt; ActiveRecord::Migration
     drop_table :person_infos
     Organization.find_each do |i|
-      info = ActiveRecord::Base.connection.select_one("select * from organization_infos where organization_id = #{i.id}")
+      info = ApplicationRecord.connection.select_one("select * from organization_infos where organization_id = #{i.id}")
       [ "contact_person", "contact_email", "acronym", "foundation_year", "legal_form", "economic_activity", "management_information", "validated" ].each do |field|
         i.send("#{field}=", info[field])
       end
@@ -29,7 +29,7 @@ class AddBirthDateToPerson &lt; ActiveRecord::Migration
     end
   end
-  class Person < ActiveRecord::Base
+  class Person < ApplicationRecord
     self.table_name = 'profiles'
     serialize :data, Hash
   end
-class Role < ActiveRecord::Base; end
-class RoleWithEnvironment < ActiveRecord::Base
+class Role < ApplicationRecord
+class RoleWithEnvironment < ApplicationRecord
   self.table_name = 'roles'
   belongs_to :environment
 end
-class RoleAssignment < ActiveRecord::Base
+class RoleAssignment < ApplicationRecord
   belongs_to :accessor, :polymorphic => true
   belongs_to :resource, :polymorphic => true
 end
@@ -2,7 +2,7 @@ class MoveTitleToNameFromBlogs &lt; ActiveRecord::Migration
   def self.up
     select_all("select id, setting from articles where type = 'Blog' and name != 'Blog'").each do |blog|
       title = YAML.load(blog['setting'])[:title]
-      assignments = ActiveRecord::Base.sanitize_sql_for_assignment(:name => title)
+      assignments = ApplicationRecord.sanitize_sql_for_assignment(:name => title)
       update("update articles set %s where id = %d" % [assignments, blog['id']] )
     end
   end
@@ -3,7 +3,7 @@ class AddIsImageToArticles &lt; ActiveRecord::Migration
      add_column :articles, :is_image, :boolean, :default => false
      add_column :article_versions, :is_image, :boolean, :default => false
-     execute ActiveRecord::Base.sanitize_sql(["update articles set is_image = ? where articles.content_type like 'image/%'", true])
+     execute ApplicationRecord.sanitize_sql(["update articles set is_image = ? where articles.content_type like 'image/%'", true])
   end
   def self.down
@@ -10,7 +10,7 @@ class ConvertFoldersToGalleries &lt; ActiveRecord::Migration
     select_all("select id, setting from articles where type = 'Gallery'").each do |folder|
       settings = YAML.load(folder['setting'] || {}.to_yaml)
       settings[:view_as] = 'image_gallery'
-      assignments = ActiveRecord::Base.sanitize_sql_for_assignment(:setting => settings.to_yaml)
+      assignments = ApplicationRecord.sanitize_sql_for_assignment(:setting => settings.to_yaml)
       update("update articles set %s, type = 'Folder' where id = %d" % [assignments, folder['id']])
     end
   end
@@ -3,7 +3,7 @@ class RemovePublishedArticles &lt; ActiveRecord::Migration
     select_all("SELECT * from articles WHERE type = 'PublishedArticle'").each do |published|
       reference = select_one('select * from articles where id = %d' % published['reference_article_id'])
       if reference
-        execute(ActiveRecord::Base.sanitize_sql(["UPDATE articles SET type = ?, abstract = ?, body = ? WHERE articles.id  = ?", reference['type'], reference['abstract'], reference['body'], published['id']]))
+        execute(ApplicationRecord.sanitize_sql(["UPDATE articles SET type = ?, abstract = ?, body = ? WHERE articles.id  = ?", reference['type'], reference['abstract'], reference['body'], published['id']]))
       else
         execute("DELETE from articles where articles.id  = #{published['id']}")
       end
@@ -11,7 +11,7 @@ class AddLanguageAndTranslationOfIdToArticle &lt; ActiveRecord::Migration
     select_all("select id, setting from articles where type = 'Blog'").each do |blog|
       settings = YAML.load(blog['setting'] || {}.to_yaml)
       settings[:display_posts_in_current_language] = true
-      assignments = ActiveRecord::Base.sanitize_sql_for_assignment(:setting => settings.to_yaml)
+      assignments = ApplicationRecord.sanitize_sql_for_assignment(:setting => settings.to_yaml)
       update("update articles set %s where id = %d" % [assignments, blog['id']])
     end
@@ -15,7 +15,7 @@ class RenameImagesPathOnTrackedActions &lt; ActiveRecord::Migration
       end
       params[param_name] = paths
-      execute(ActiveRecord::Base.sanitize_sql(["UPDATE action_tracker SET params = ? WHERE id  = ?", params.to_yaml, tracker['id']]))
+      execute(ApplicationRecord.sanitize_sql(["UPDATE action_tracker SET params = ? WHERE id  = ?", params.to_yaml, tracker['id']]))
     end
   end
@@ -12,9 +12,9 @@ class MoveDataSerializedHashToSettingFieldForArticles &lt; ActiveRecord::Migration
       end
       if body.kind_of?(Hash)
         settings = article.setting.merge(body)
-        body = ActiveRecord::Base.sanitize_sql_for_assignment(:body => settings[:description])
+        body = ApplicationRecord.sanitize_sql_for_assignment(:body => settings[:description])
         update("UPDATE articles set %s WHERE id = %d" % [body, article.id])
-        setting = ActiveRecord::Base.sanitize_sql_for_assignment(:setting => settings.to_yaml)
+        setting = ApplicationRecord.sanitize_sql_for_assignment(:setting => settings.to_yaml)
         update("UPDATE articles set %s WHERE id = %d" % [setting, article.id])
       end
     end
@@ -11,9 +11,9 @@ class MoveDataSerializedHashToSettingFieldForEvents &lt; ActiveRecord::Migration
       end
       if body.kind_of?(Hash)
         settings = article.setting.merge(body)
-        body = ActiveRecord::Base.sanitize_sql_for_assignment(:body => settings[:description])
+        body = ApplicationRecord.sanitize_sql_for_assignment(:body => settings[:description])
         update("UPDATE articles set %s WHERE id = %d" % [body, article.id])
-        setting = ActiveRecord::Base.sanitize_sql_for_assignment(:setting => settings.to_yaml)
+        setting = ApplicationRecord.sanitize_sql_for_assignment(:setting => settings.to_yaml)
         update("UPDATE articles set %s WHERE id = %d" % [setting, article.id])
       end
     end
@@ -2,7 +2,7 @@
 # from the migration fall on a loop and breaks the migration. Both them are
 # related to alias_method_chain, probably there is a problem with this kind of
 # alias on the migration level.
-class Article < ActiveRecord::Base
+class Article < ApplicationRecord
   def sanitize_tag_list
   end
 end
@@ -2,7 +2,7 @@ class AddActivatedAtToUsers &lt; ActiveRecord::Migration
   def self.up
     add_column :users, :activation_code, :string, :limit => 40
     add_column :users, :activated_at, :datetime
-    if ActiveRecord::Base.connection.adapter_name == 'SQLite'
+    if ApplicationRecord.connection.adapter_name == 'SQLite'
       execute "update users set activated_at = datetime();"
     else
       execute "update users set activated_at = now();"
 class FixYamlEncoding < ActiveRecord::Migration
   def self.up
-    ActiveRecord::Base.transaction do
+    ApplicationRecord.transaction do
       fix_encoding(Environment, 'settings')
       fix_encoding(Profile, 'data')
       fix_encoding(Product, 'data')
 class CreateProfileActivity < ActiveRecord::Migration
   def up
-    ActiveRecord::Base.transaction do
+    ApplicationRecord.transaction do
       create_table :profile_activities do |t|
         t.integer :profile_id
         t.integer :activity_id
 class ActivitiesCounterCacheJob
   def perform
-    person_activities_counts = ActiveRecord::Base.connection.execute("SELECT profiles.id, count(action_tracker.id) as count FROM profiles LEFT OUTER JOIN action_tracker ON profiles.id = action_tracker.user_id WHERE (action_tracker.created_at >= #{ActiveRecord::Base.connection.quote(ActionTracker::Record::RECENT_DELAY.days.ago.to_s(:db))}) AND ( (profiles.type = 'Person' ) ) GROUP BY profiles.id;")
-    organization_activities_counts = ActiveRecord::Base.connection.execute("SELECT profiles.id, count(action_tracker.id) as count FROM profiles LEFT OUTER JOIN action_tracker ON profiles.id = action_tracker.target_id WHERE (action_tracker.created_at >= #{ActiveRecord::Base.connection.quote(ActionTracker::Record::RECENT_DELAY.days.ago.to_s(:db))}) AND ( (profiles.type = 'Community' OR profiles.type = 'Enterprise' OR profiles.type = 'Organization' ) ) GROUP BY profiles.id;")
+    person_activities_counts = ApplicationRecord.connection.execute("SELECT profiles.id, count(action_tracker.id) as count FROM profiles LEFT OUTER JOIN action_tracker ON profiles.id = action_tracker.user_id WHERE (action_tracker.created_at >= #{ApplicationRecord.connection.quote(ActionTracker::Record::RECENT_DELAY.days.ago.to_s(:db))}) AND ( (profiles.type = 'Person' ) ) GROUP BY profiles.id;")
+    organization_activities_counts = ApplicationRecord.connection.execute("SELECT profiles.id, count(action_tracker.id) as count FROM profiles LEFT OUTER JOIN action_tracker ON profiles.id = action_tracker.target_id WHERE (action_tracker.created_at >= #{ApplicationRecord.connection.quote(ActionTracker::Record::RECENT_DELAY.days.ago.to_s(:db))}) AND ( (profiles.type = 'Community' OR profiles.type = 'Enterprise' OR profiles.type = 'Organization' ) ) GROUP BY profiles.id;")
     activities_counts = person_activities_counts.entries + organization_activities_counts.entries
     activities_counts.each do |count|
-      update_sql = ActiveRecord::Base.__send__(:sanitize_sql, ["UPDATE profiles SET activities_count=? WHERE profiles.id=?;", count['count'].to_i, count['id'] ], '')
-      ActiveRecord::Base.connection.execute(update_sql)
+      update_sql = ApplicationRecord.__send__(:sanitize_sql, ["UPDATE profiles SET activities_count=? WHERE profiles.id=?;", count['count'].to_i, count['id'] ], '')
+      ApplicationRecord.connection.execute(update_sql)
     end
     Delayed::Job.enqueue(ActivitiesCounterCacheJob.new, {:priority => -3, :run_at => 1.day.from_now})
   end
@@ -122,4 +122,4 @@ module Customizable
   end
 end
-ActiveRecord::Base.send(:include, Customizable)
+ApplicationRecord.send :include, Customizable
@@ -33,7 +33,7 @@ module ActsAsFileSystem
   module ClassMethods
     def build_ancestry(parent_id = nil, ancestry = '')
-      ActiveRecord::Base.transaction do
+      ApplicationRecord.transaction do
         self.base_class.where(parent_id: parent_id).each do |node|
           node.update_column :ancestry, ancestry
@@ -263,5 +263,5 @@ module ActsAsFileSystem
   end
 end
-ActiveRecord::Base.extend ActsAsFileSystem::ActsMethods
+ApplicationRecord.extend ActsAsFileSystem::ActsMethods
@@ -35,4 +35,4 @@ module ActsAsHavingBoxes
 end
-ActiveRecord::Base.extend(ActsAsHavingBoxes::ClassMethods)
+ApplicationRecord.extend ActsAsHavingBoxes::ClassMethods
@@ -23,4 +23,5 @@ module ActsAsHavingImage
 end
-ActiveRecord::Base.extend(ActsAsHavingImage::ClassMethods)
+ApplicationRecord.extend ActsAsHavingImage::ClassMethods
+
@@ -47,4 +47,5 @@ module ActsAsHavingPosts
 end
-ActiveRecord::Base.extend(ActsAsHavingPosts::ClassMethods)
+ApplicationRecord.extend ActsAsHavingPosts::ClassMethods
+
@@ -87,4 +87,5 @@ module ActsAsHavingSettings
 end
-ActiveRecord::Base.send(:extend, ActsAsHavingSettings::ClassMethods)
+ApplicationRecord.extend ActsAsHavingSettings::ClassMethods
+
@@ -55,4 +55,4 @@ module CodeNumbering
   end
 end
-ActiveRecord::Base.extend CodeNumbering::ClassMethods
+ApplicationRecord.extend CodeNumbering::ClassMethods
@@ -52,4 +52,5 @@ module DelayedAttachmentFu
   end
 end
-ActiveRecord::Base.send(:extend, DelayedAttachmentFu::ClassMethods)
+ApplicationRecord.extend DelayedAttachmentFu::ClassMethods
+
 require 'noosfero/core_ext/string'
 require 'noosfero/core_ext/integer'
-require 'noosfero/core_ext/active_record'
+require 'noosfero/core_ext/active_record/calculations'
 require 'noosfero/core_ext/active_record/reflection'
@@ -1,74 +0,0 @@
-require 'active_record'
-
-class ActiveRecord::Base
-
-  def self.postgresql?
-    ActiveRecord::Base.connection.adapter_name == 'PostgreSQL'
-  end
-
-  # an ActionView instance for rendering views on models
-  def self.action_view
-    @action_view ||= begin
-      view_paths = ::ActionController::Base.view_paths
-      action_view = ::ActionView::Base.new view_paths
-      # for using Noosfero helpers inside render calls
-      action_view.extend ::ApplicationHelper
-      action_view
-    end
-  end
-
-  # default value needed for the above ActionView
-  def to_partial_path
-    self.class.name.underscore
-  end
-
-  alias :meta_cache_key :cache_key
-  def cache_key
-    key = [Noosfero::VERSION, meta_cache_key]
-    key.unshift(ActiveRecord::Base.connection.schema_search_path) if ActiveRecord::Base.postgresql?
-    key.join('/')
-  end
-
-  def self.like_search(query, options={})
-    if defined?(self::SEARCHABLE_FIELDS) || options[:fields].present?
-      fields_per_table = {}
-      fields_per_table[table_name] = (options[:fields].present? ? options[:fields] : self::SEARCHABLE_FIELDS.keys.map(&:to_s)) & column_names
-
-      if options[:joins].present?
-        join_asset = options[:joins].to_s.classify.constantize
-        if defined?(join_asset::SEARCHABLE_FIELDS) || options[:fields].present?
-          fields_per_table[join_asset.table_name] = (options[:fields].present? ? options[:fields] : join_asset::SEARCHABLE_FIELDS.keys.map(&:to_s)) & join_asset.column_names
-        end
-      end
-
-      query = query.downcase.strip
-      fields_per_table.delete_if { |table,fields| fields.blank? }
-      conditions = fields_per_table.map do |table,fields|
-        fields.map do |field|
-          "lower(#{table}.#{field}) LIKE '%#{query}%'"
-        end.join(' OR ')
-      end.join(' OR ')
-
-      if options[:joins].present?
-        joins(options[:joins]).where(conditions)
-      else
-        where(conditions)
-      end
-
-    else
-      raise "No searchable fields defined for #{self.name}"
-    end
-  end
-
-end
-
-ActiveRecord::Calculations.class_eval do
-  def count_with_distinct column_name=self.primary_key
-    if column_name
-      distinct.count_without_distinct column_name
-    else
-      count_without_distinct
-    end
-  end
-  alias_method_chain :count, :distinct
-end
@@ -0,0 +1,10 @@
+ActiveRecord::Calculations.class_eval do
+  def count_with_distinct column_name=self.primary_key
+    if column_name
+      distinct.count_without_distinct column_name
+    else
+      count_without_distinct
+    end
+  end
+  alias_method_chain :count, :distinct
+end
@@ -12,12 +12,12 @@ module Noosfero
     def self.db_by_host=(host)
       if host != @db_by_host
         @db_by_host = host
-        ActiveRecord::Base.connection.schema_search_path = self.mapping[host]
+        ApplicationRecord.connection.schema_search_path = self.mapping[host]
       end
     end
     def self.setup!(host)
-      if Noosfero::MultiTenancy.on? and ActiveRecord::Base.postgresql?
+      if Noosfero::MultiTenancy.on? and ApplicationRecord.postgresql?
         Noosfero::MultiTenancy.db_by_host = host
       end
     end
@@ -661,7 +661,7 @@ class Noosfero::Plugin
   end
   # -> Perform extra transactions related to profile in profile editor
-  # returns = true in success or raise and exception if it could not update the data
+  # returns = true in success or raise an exception if it could not update the data
   def profile_editor_transaction_extras
     nil
   end
@@ -7,11 +7,11 @@ GC.respond_to?(:copy_on_write_friendly=) and
   GC.copy_on_write_friendly = true
 before_fork do |server, worker|
-  ActiveRecord::Base.connection.disconnect! if defined?(ActiveRecord::Base)
+  ApplicationRecord.connection.disconnect! if defined?(ApplicationRecord)
 end
 after_fork do |server, worker|
-  ActiveRecord::Base.establish_connection if defined?(ActiveRecord::Base)
+  ApplicationRecord.establish_connection if defined?(ApplicationRecord)
 end
 # load local configuration file, if it exists
@@ -9,11 +9,12 @@ module PostgresqlAttachmentFu
   module InstanceMethods
     def full_filename(thumbnail = nil)
       file_system_path = (thumbnail ? thumbnail_class : self).attachment_options[:path_prefix].to_s
-      file_system_path = File.join(file_system_path, ActiveRecord::Base.connection.schema_search_path) if ActiveRecord::Base.postgresql? and Noosfero::MultiTenancy.on?
+      file_system_path = File.join(file_system_path, ApplicationRecord.connection.schema_search_path) if ApplicationRecord.postgresql? and Noosfero::MultiTenancy.on?
       Rails.root.join(file_system_path, *partitioned_path(thumbnail_name_for(thumbnail))).to_s
     end
   end
 end
-ActiveRecord::Base.send(:extend, PostgresqlAttachmentFu::ClassMethods)
+ApplicationRecord.extend PostgresqlAttachmentFu::ClassMethods
+
@@ -69,4 +69,5 @@ module SplitDatetime
 end
 Class.extend SplitDatetime::SplitMethods
-ActiveRecord::Base.extend SplitDatetime::SplitMethods
+ApplicationRecord.extend SplitDatetime::SplitMethods
+
-if ActiveRecord::Base.connection.adapter_name.downcase == 'sqlite'
+if ApplicationRecord.connection.adapter_name.downcase == 'sqlite'
-  database = ActiveRecord::Base.connection.raw_connection
+  database = ApplicationRecord.connection.raw_connection
   database.create_function('pow', 2, 1) do |func, base, exponent|
     func.set_result(base.to_f ** exponent.to_f)
   end
-  
+
   database.create_function('sqrt', 1, 1) do |func, value|
     func.set_result(Math.sqrt(value))
   end
@@ -18,8 +18,8 @@ if ActiveRecord::Base.connection.adapter_name.downcase == &#39;sqlite&#39;
     func.set_result(
       radius.to_f * Math.acos(
 	[1,
-        Math.cos(lat1.to_f) * Math.cos(long1.to_f) * Math.cos(lat2.to_f) * Math.cos(long2.to_f) + 
-         Math.cos(lat1.to_f) * Math.sin(long1.to_f) * Math.cos(lat2.to_f) * Math.sin(long2.to_f) + 
+        Math.cos(lat1.to_f) * Math.cos(long1.to_f) * Math.cos(lat2.to_f) * Math.cos(long2.to_f) +
+         Math.cos(lat1.to_f) * Math.sin(long1.to_f) * Math.cos(lat2.to_f) * Math.sin(long2.to_f) +
          Math.sin(lat1.to_f) * Math.sin(lat2.to_f)
         ].min
       )
@@ -115,7 +115,7 @@ end
 desc 'Removes emails from database'
 task 'restore:remove_emails' => :environment do
-  connection = ActiveRecord::Base.connection
+  connection = ApplicationRecord.connection
   [
     "UPDATE users SET email = concat('user', id, '@localhost.localdomain')",
     "UPDATE environments SET contact_email = concat('environment', id, '@localhost.localdomain')",
 namespace :multitenancy do
   task :create => :environment do
-    db_envs = ActiveRecord::Base.configurations.keys.select{ |k| k.match(/_development$|_production$|_test$/) }
+    db_envs = ApplicationRecord.configurations.keys.select{ |k| k.match(/_development$|_production$|_test$/) }
     cd Rails.root.join('config', 'environments'), :verbose => true
     file_envs = Dir.glob "{*_development.rb,*_production.rb,*_test.rb}"
     (db_envs.map{ |e| e + '.rb' } - file_envs).each { |env| ln_s env.split('_').last, env }
   end
   task :remove => :environment do
-    db_envs = ActiveRecord::Base.configurations.keys.select{ |k| k.match(/_development$|_production$|_test$/) }
+    db_envs = ApplicationRecord.configurations.keys.select{ |k| k.match(/_development$|_production$|_test$/) }
     cd Rails.root.join('config', 'environments'), :verbose => true
     file_envs = Dir.glob "{*_development.rb,*_production.rb,*_test.rb}"
     (file_envs - db_envs.map{ |e| e + '.rb' }).each { |env| safe_unlink env }
@@ -19,7 +19,7 @@ end
 namespace :db do
   task :migrate_other_environments => :environment do
-    envs = ActiveRecord::Base.configurations.keys.select{ |k| k.match(/_#{Rails.env}$/) }
+    envs = ApplicationRecord.configurations.keys.select{ |k| k.match(/_#{Rails.env}$/) }
     envs.each do |e|
       puts "*** Migrating #{e}" if Rake.application.options.trace
       system "rake db:migrate RAILS_ENV=#{e} SCHEMA=/dev/null"
@@ -9,7 +9,7 @@ $broken_plugins = %w[
 @all_plugins = Dir.glob('plugins/*').map { |f| File.basename(f) } - ['template']
 @all_plugins.sort!
-@all_tasks = [:units, :functionals, :integration, :cucumber, :selenium]
+@all_tasks = [:units, :api, :functionals, :integration, :cucumber, :selenium]
 def enabled_plugins
   Dir.glob('{baseplugins,config/plugins}/*').map { |f| File.basename(f) } - ['README']
@@ -25,7 +25,7 @@ def enable_plugins(plugins)
   plugins = Array(plugins)
   command = ['./script/noosfero-plugins', '-q', 'enable', *plugins]
   puts plugins.join(' ')
-  system *command
+  Bundler.clean_system *command
 end
 def disable_plugins(plugins = '*')
@@ -87,6 +87,8 @@ def task2folder(task)
   result = case task.to_sym
   when :units
     :unit
+  when :api
+    :api
   when :functionals
     :functional
   when :integration
@@ -10,4 +10,4 @@ module UploadSanitizer
   end
 end
-ActiveRecord::Base.send(:include, UploadSanitizer)
+ApplicationRecord.send :include, UploadSanitizer
-class AnalyticsPlugin::PageView < ActiveRecord::Base
+class AnalyticsPlugin::PageView < ApplicationRecord
   serialize :data
-class AnalyticsPlugin::Visit < ActiveRecord::Base
+class AnalyticsPlugin::Visit < ApplicationRecord
   attr_accessible *self.column_names
   attr_accessible :profile
@@ -49,7 +49,7 @@ class BreadcrumbsPlugin::ContentBreadcrumbsBlock &lt; Block
   def content(args={})
     block = self
-    proc do
+    ret = (proc do
       trail = block.trail(@page, @profile, params)
       if !trail.empty?
         separator = content_tag('span', ' > ', :class => 'separator')
@@ -63,11 +63,12 @@ class BreadcrumbsPlugin::ContentBreadcrumbsBlock &lt; Block
           breadcrumb << content_tag('div', section_name, :class => 'section-name')
         end
-        breadcrumb
+        breadcrumb.html_safe
       else
         ''
       end
-    end
+    end)
+    ret
   end
   def cacheable?
-class CommentClassificationPlugin::CommentLabelUser < ActiveRecord::Base
+class CommentClassificationPlugin::CommentLabelUser < ApplicationRecord
   self.table_name = :comment_classification_plugin_comment_label_user
   belongs_to :profile
-class CommentClassificationPlugin::CommentStatusUser < ActiveRecord::Base
+class CommentClassificationPlugin::CommentStatusUser < ApplicationRecord
   self.table_name = :comment_classification_plugin_comment_status_user
   belongs_to :profile
-class CommentClassificationPlugin::Label < ActiveRecord::Base
+class CommentClassificationPlugin::Label < ApplicationRecord
   belongs_to :owner, :polymorphic => true
-class CommentClassificationPlugin::Status < ActiveRecord::Base
+class CommentClassificationPlugin::Status < ApplicationRecord
   belongs_to :owner, :polymorphic => true
@@ -23,7 +23,7 @@
       <%= link_to(
             content_tag('span','',:class => 'community-block-button icon-arrow'),
             '#',
-            :onclick => "toggleSubmenu(this,'',#{CGI::escapeHTML(links.to_json)}); return false;",
+            :onclick => "toggleSubmenu(this,'',#{CGI::escapeHTML(links.to_json)}); return false;".html_safe,
             :class => 'simplemenu-trigger') %>
       <% end %>
@@ -86,15 +86,16 @@ class ContextContentPlugin::ContextContentBlock &lt; Block
   def content(args={})
     block = self
-    proc do
+    ret = proc do
       contents = block.contents(@page)
       parent_title = block.parent_title(contents)
-      if !contents.blank?
+      if contents.present?
         render(:file => 'blocks/context_content', :locals => {:block => block, :contents => contents, :parent_title => parent_title})
       else
         ''
       end
     end
+    ret
   end
   def cacheable?
 class AssociateFieldsToAlternatives < ActiveRecord::Migration
-  class CustomFormsPlugin::Field < ActiveRecord::Base
+  class CustomFormsPlugin::Field < ApplicationRecord
     self.table_name = :custom_forms_plugin_fields
     has_many :alternatives, :class_name => 'CustomFormsPlugin::Alternative'
     serialize :choices, Hash
-class CustomFormsPlugin::Alternative < ActiveRecord::Base
+class CustomFormsPlugin::Alternative < ApplicationRecord
   self.table_name = :custom_forms_plugin_alternatives
   validates_presence_of :label
-class CustomFormsPlugin::Answer < ActiveRecord::Base
+class CustomFormsPlugin::Answer < ApplicationRecord
   self.table_name = :custom_forms_plugin_answers
   belongs_to :field, :class_name => 'CustomFormsPlugin::Field'
   belongs_to :submission, :class_name => 'CustomFormsPlugin::Submission'
-class CustomFormsPlugin::Field < ActiveRecord::Base
+class CustomFormsPlugin::Field < ApplicationRecord
   self.table_name = :custom_forms_plugin_fields
   validates_presence_of :name
-class CustomFormsPlugin::Form < ActiveRecord::Base
+class CustomFormsPlugin::Form < ApplicationRecord
   belongs_to :profile
-class CustomFormsPlugin::Submission < ActiveRecord::Base
+class CustomFormsPlugin::Submission < ApplicationRecord
   belongs_to :form, :class_name => 'CustomFormsPlugin::Form'
   belongs_to :profile
@@ -7,21 +7,21 @@ msgid &quot;&quot;
 msgstr ""
 "Project-Id-Version: 1.3~rc2-1-ga15645d\n"
 "POT-Creation-Date: 2015-10-30 16:35-0300\n"
-"PO-Revision-Date: 2015-03-09 09:51+0200\n"
-"Last-Translator: Michal Čihař <michal@cihar.com>\n"
+"PO-Revision-Date: 2016-04-22 22:31+0000\n"
+"Last-Translator: Iryna Pruitt <jdpruitt2807@prodigy.net>\n"
 "Language-Team: Russian <https://hosted.weblate.org/projects/noosfero/plugin-"
 "custom-forms/ru/>\n"
 "Language: ru\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
-"Plural-Forms: nplurals=3; plural=n%10==1 && n%100!=11 ? 0 : n%10>=2 && n"
-"%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2;\n"
-"X-Generator: Weblate 2.3-dev\n"
+"Plural-Forms: nplurals=3; plural=n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<="
+"4 && (n%100<10 || n%100>=20) ? 1 : 2;\n"
+"X-Generator: Weblate 2.6-dev\n"
 #: plugins/custom_forms/lib/custom_forms_plugin/form.rb:67
 msgid "Invalid string format of access."
-msgstr ""
+msgstr "Недействительный формат строки доступа."
 #: plugins/custom_forms/lib/custom_forms_plugin/form.rb:71
 #: plugins/custom_forms/lib/custom_forms_plugin/form.rb:76
@@ -31,11 +31,11 @@ msgstr &quot;Со следующими файлами возникли проблем
 #: plugins/custom_forms/lib/custom_forms_plugin/form.rb:81
 msgid "Invalid type format of access."
-msgstr ""
+msgstr "Недействительный тип формата доступа."
 #: plugins/custom_forms/lib/custom_forms_plugin/form.rb:87
 msgid "The time range selected is invalid."
-msgstr ""
+msgstr "Диапазон времени выбран неверно."
 #: plugins/custom_forms/lib/custom_forms_plugin/membership_survey.rb:20
 #, fuzzy
@@ -76,11 +76,11 @@ msgstr &quot;Пользовательский заголовок&quot;
 #: plugins/custom_forms/lib/custom_forms_plugin/helper.rb:24
 msgid "Always"
-msgstr ""
+msgstr "Всегда"
 #: plugins/custom_forms/lib/custom_forms_plugin/helper.rb:28
 msgid "Until %s"
-msgstr ""
+msgstr "До %"
 #: plugins/custom_forms/lib/custom_forms_plugin/helper.rb:30
 #, fuzzy
@@ -94,16 +94,15 @@ msgstr &quot;Выбрать...&quot;
 #: plugins/custom_forms/lib/custom_forms_plugin/helper.rb:61
 msgid "Text field"
-msgstr ""
+msgstr "Поле текста"
 #: plugins/custom_forms/lib/custom_forms_plugin/helper.rb:62
-#, fuzzy
 msgid "Select field"
-msgstr "Выбрать папки"
+msgstr "Выбрать поле"
 #: plugins/custom_forms/lib/custom_forms_plugin/helper.rb:102
 msgid "Hold down Ctrl to select options"
-msgstr ""
+msgstr "Держать нажатой клавишу Ctrl для выбора опций"
 #: plugins/custom_forms/lib/custom_forms_plugin/admission_survey.rb:9
 #, fuzzy
@@ -111,9 +110,8 @@ msgid &quot;Admission survey&quot;
 msgstr "Участники: %s"
 #: plugins/custom_forms/lib/custom_forms_plugin/admission_survey.rb:13
-#, fuzzy
 msgid "%{requestor} wants you to fill in some information before joining."
-msgstr "%s хочет быть вашим другом"
+msgstr "%s хочет чтоб вы внесли информацию, прежде чем присоединиться."
 #: plugins/custom_forms/lib/custom_forms_plugin/admission_survey.rb:17
 #, fuzzy
@@ -6,9 +6,9 @@
 <% if @submission.id.nil? %>
   <% if @form.expired? %>
     <% if @form.will_open? %>
-      <h2><%= _('Sorry, you can\'t fill this form yet') %></h2>
+      <h2><%= _('Sorry, you can\'t fill this form yet').html_safe %></h2>
     <% else %>
-      <h2><%= _('Sorry, you can\'t fill this form anymore') %></h2>
+      <h2><%= _('Sorry, you can\'t fill this form anymore').html_safe %></h2>
     <% end %>
   <% end %>
 class CreateDeliveryPluginTables < ActiveRecord::Migration
   def self.up
     # check if distribution plugin already moved tables
-    return if ActiveRecord::Base.connection.table_exists? :delivery_plugin_methods
+    return if ApplicationRecord.connection.table_exists? :delivery_plugin_methods
     create_table :delivery_plugin_methods do |t|
       t.integer  :profile_id
-class DeliveryPlugin::Method < ActiveRecord::Base
+class DeliveryPlugin::Method < ApplicationRecord
   Types = ['pickup', 'deliver']
-class DeliveryPlugin::Option < ActiveRecord::Base
+class DeliveryPlugin::Option < ApplicationRecord
   belongs_to :delivery_method, :class_name => 'DeliveryPlugin::Method'
   belongs_to :owner, :polymorphic => true
@@ -177,9 +177,9 @@ class DisplayContentBlock &lt; Block
           content_sections += read_more_section if !read_more_section.blank?
 #raise sections.inspect
-          content_tag('li', content_sections)
+          content_tag('li', content_sections.html_safe)
         end
-      }.join(" "))
+      }.join(" ").html_safe)
     end
   end
-class DrivenSignupPlugin::Auth < ActiveRecord::Base
+class DrivenSignupPlugin::Auth < ApplicationRecord
   attr_accessible :name, :token
-class EnvironmentNotificationsUser < ActiveRecord::Base
+class EnvironmentNotificationsUser < ApplicationRecord
   self.table_name = "environment_notifications_users"
   belongs_to :user
-class EnvironmentNotificationPlugin::EnvironmentNotification < ActiveRecord::Base
+class EnvironmentNotificationPlugin::EnvironmentNotification < ApplicationRecord
   self.table_name = "environment_notifications"
@@ -3,11 +3,11 @@
   ev_days_tag = ''
   if event.duration > 1
     ev_days_tag = content_tag('time',
-      n_('Duration: 1 day', 'Duration: %s days', event.duration) % "<b>#{event.duration}</b>",
+      n_('Duration: 1 day', 'Duration: %s days', event.duration).html_safe % "<b>#{event.duration}</b>".html_safe,
       :itemprop => 'endDate',
       :datetime => show_date(event.end_date) + 'T00:00',
       :class => 'duration',
-      :title => show_date(event.start_date) + ' &mdash; ' + time_left_str
+      :title => (show_date(event.start_date) + ' &mdash; ' + time_left_str).html_safe
     )
   end
@@ -16,7 +16,7 @@
   img_class = img.blank? ? 'no-img' : 'has-img'
 %>
 <%=
-  link_to([
+  link_to(safe_join([
       content_tag('time',
         block.date_to_html(event.start_date),
         :itemprop => 'startDate',
@@ -33,7 +33,7 @@
                   :itemtype => 'http://schema.org/Place',
                   :itemprop => :location),
       content_tag('span', time_left_str, :class => 'days-left ' + time_class)
-    ].join("\n"),
+    ], "\n"),
     (event.link.blank? ? event.url : event.link),
     :class => 'ev-days-' + event.duration.to_s,
     :itemprop => :url
-class FbAppPlugin::PageTab < ActiveRecord::Base
+class FbAppPlugin::PageTab < ApplicationRecord
   # FIXME: rename table to match model
   self.table_name = :fb_app_plugin_page_tab_configs
-class FooPlugin::Bar < ActiveRecord::Base
+class FooPlugin::Bar < ApplicationRecord
 end
-class AcademicInfo < ActiveRecord::Base
+class AcademicInfo < ApplicationRecord
   belongs_to :person
-class MarkCommentAsReadPlugin::ReadComments < ActiveRecord::Base
+class MarkCommentAsReadPlugin::ReadComments < ApplicationRecord
   self.table_name = 'mark_comment_as_read_plugin'
   belongs_to :comment
   belongs_to :person
@@ -55,7 +55,7 @@ class MetadataPlugin::Base &lt; Noosfero::Plugin
           end
         end
       end
-      r.join
+      safe_join(r)
     end
   end
@@ -71,6 +71,6 @@ end
 ActiveSupport.run_load_hooks :metadata_plugin, MetadataPlugin
 ActiveSupport.on_load :active_record do
-  ActiveRecord::Base.extend MetadataPlugin::Specs::ClassMethods
+  ApplicationRecord.extend MetadataPlugin::Specs::ClassMethods
 end
 require 'csv'
-class NewsletterPlugin::Newsletter < ActiveRecord::Base
+class NewsletterPlugin::Newsletter < ApplicationRecord
   belongs_to :environment
   belongs_to :person
@@ -110,11 +110,11 @@ class NewsletterPlugin::Newsletter &lt; ActiveRecord::Base
   include DatesHelper
   def message_to_public_link
-    content_tag(:p, _("If you can't view this email, %s.") % link_to(_('click here'), '{mailing_url}'), :id => 'newsletter-public-link')
+    content_tag(:p, (_("If you can't view this email, %s.") % link_to(_('click here'), '{mailing_url}')).html_safe, :id => 'newsletter-public-link').html_safe
   end
   def message_to_unsubscribe
-    content_tag(:div, _("This is an automatically generated email, please do not reply. If you do not wish to receive future newsletter emails, %s.") % link_to(_("cancel your subscription here"), self.unsubscribe_url, :style => CSS['public-link']), :style => CSS['newsletter-unsubscribe'], :id => 'newsletter-unsubscribe')
+    content_tag(:div, _("This is an automatically generated email, please do not reply. If you do not wish to receive future newsletter emails, %s.").html_safe % link_to(_("cancel your subscription here"), self.unsubscribe_url, :style => CSS['public-link']), :style => CSS['newsletter-unsubscribe'], :id => 'newsletter-unsubscribe').html_safe
   end
   def read_more(link_address)
@@ -130,13 +130,13 @@ class NewsletterPlugin::Newsletter &lt; ActiveRecord::Base
   end
   def body(data = {})
-    content_tag(:div, content_tag(:div, message_to_public_link, :style => CSS['newsletter-public-link'])+content_tag(:table,(self.image.nil? ? '' : content_tag(:tr, content_tag(:th, tag(:img, :src => "#{self.environment.top_url}#{self.image.public_filename}", :style => CSS['header-image']),:colspan => 2),:style => CSS['newsletter-header']))+self.posts(data).map do |post|
+    content_tag(:div, content_tag(:div, message_to_public_link, :style => CSS['newsletter-public-link']).html_safe+content_tag(:table,(self.image.nil? ? '' : content_tag(:tr, content_tag(:th, tag(:img, :src => "#{self.environment.top_url}#{self.image.public_filename}", :style => CSS['header-image']),:colspan => 2),:style => CSS['newsletter-header'])).html_safe+self.posts(data).map do |post|
         if post.image
           post_with_image(post)
         else
           post_without_image(post)
         end
-      end.join()+content_tag(:tr, content_tag(:td, self.footer, :colspan => 2)),:style => CSS['breakingnews'])+content_tag(:div,message_to_unsubscribe, :style => CSS['newsletter-unsubscribe']),:style => CSS['breakingnews-wrap'])
+      end.join().html_safe+content_tag(:tr, content_tag(:td, self.footer, :colspan => 2)),:style => CSS['breakingnews']).html_safe+content_tag(:div,message_to_unsubscribe, :style => CSS['newsletter-unsubscribe']),:style => CSS['breakingnews-wrap']).html_safe
   end
   def default_subject
-class OauthClientPlugin::Auth < ActiveRecord::Base
+class OauthClientPlugin::Auth < ApplicationRecord
   attr_accessible :profile, :provider, :enabled,
     :access_token, :expires_in, :oauth_data
-class OauthClientPlugin::Provider < ActiveRecord::Base
+class OauthClientPlugin::Provider < ApplicationRecord
   belongs_to :environment
-class OpenGraphPlugin::Track < ActiveRecord::Base
+class OpenGraphPlugin::Track < ApplicationRecord
   class_attribute :context
   self.context = :open_graph
 class CreateOrdersPluginTables < ActiveRecord::Migration
   def self.up
     # check if distribution plugin already moved tables
-    return if ActiveRecord::Base.connection.table_exists? :orders_plugin_orders
+    return if ApplicationRecord.connection.table_exists? :orders_plugin_orders
     create_table :orders_plugin_orders do |t|
       t.integer  :profile_id
@@ -55,4 +55,4 @@ module CodeNumbering
   end
 end
-ActiveRecord::Base.extend CodeNumbering::ClassMethods
+ApplicationRecord.extend CodeNumbering::ClassMethods
@@ -56,7 +56,7 @@ module SerializedSyncedData
         source = self.send field
         if block_given?
           data = SerializedSyncedData.prepare_data instance_exec(source, &block)
-        elsif source.is_a? ActiveRecord::Base
+        elsif source.is_a? ApplicationRecord
           data = SerializedSyncedData.prepare_data source.attributes
         elsif source.is_a? Array
           data = source.map{ |source| SerializedSyncedData.prepare_data source.attributes }
-class OrdersPlugin::Item < ActiveRecord::Base
+class OrdersPlugin::Item < ApplicationRecord
   attr_accessible :order, :sale, :purchase,
     :product, :product_id,
-class OrdersPlugin::Order < ActiveRecord::Base
+class OrdersPlugin::Order < ApplicationRecord
   # if abstract_class is true then it will trigger https://github.com/rails/rails/issues/20871
   #self.abstract_class = true
@@ -2,7 +2,7 @@ class CreateOrdersCyclePluginTables &lt; ActiveRecord::Migration
   def change
     # check if distribution plugin already moved the table
-    return if ActiveRecord::Base.connection.table_exists? :orders_cycle_plugin_cycles
+    return if ApplicationRecord.connection.table_exists? :orders_cycle_plugin_cycles
     create_table :orders_cycle_plugin_cycle_orders do |t|
       t.integer  :cycle_id
-class OrdersCyclePlugin::Cycle < ActiveRecord::Base
+class OrdersCyclePlugin::Cycle < ApplicationRecord
   attr_accessible :profile, :status, :name, :description, :opening_message
@@ -233,7 +233,7 @@ class OrdersCyclePlugin::Cycle &lt; ActiveRecord::Base
   def add_products
     return if self.products.count > 0
-    ActiveRecord::Base.transaction do
+    ApplicationRecord.transaction do
       self.profile.products.supplied.unarchived.available.find_each batch_size: 20 do |product|
         self.add_product product
       end
-class OrdersCyclePlugin::CycleOrder < ActiveRecord::Base
+class OrdersCyclePlugin::CycleOrder < ApplicationRecord
   belongs_to :cycle, class_name: 'OrdersCyclePlugin::Cycle'
   belongs_to :sale, class_name: 'OrdersCyclePlugin::Sale', foreign_key: :sale_id, dependent: :destroy
-class OrdersCyclePlugin::CycleProduct < ActiveRecord::Base
+class OrdersCyclePlugin::CycleProduct < ApplicationRecord
   self.table_name = :orders_cycle_plugin_cycle_products
@@ -34,7 +34,7 @@ class OrdersCyclePlugin::Sale &lt; OrdersPlugin::Sale
   end
   def add_purchases_items
-    ActiveRecord::Base.transaction do
+    ApplicationRecord.transaction do
       self.items.each do |item|
         next unless supplier_product = item.product.supplier_product
         next unless supplier = supplier_product.profile
@@ -54,7 +54,7 @@ class OrdersCyclePlugin::Sale &lt; OrdersPlugin::Sale
   end
   def remove_purchases_items
-    ActiveRecord::Base.transaction do
+    ApplicationRecord.transaction do
       self.items.each do |item|
         next unless supplier_product = item.product.supplier_product
         next unless purchase = supplier_product.orders_cycles_purchases.for_cycle(self.cycle).first
-class OrganizationRating < ActiveRecord::Base
+class OrganizationRating < ApplicationRecord
   belongs_to :person
   belongs_to :organization
   belongs_to :comment
-class OrganizationRatingsConfig < ActiveRecord::Base
+class OrganizationRatingsConfig < ApplicationRecord
   belongs_to :environment
@@ -1,17 +0,0 @@
-require_dependency 'active_record'
-
-class ActiveRecord::Base
-  def self.pg_search_plugin_search(query)
-    filtered_query = query.gsub(/[\|\(\)\\\/\s\[\]'"*%&!:]/,' ').split.map{|w| w += ":*"}.join('|')
-    if defined?(self::SEARCHABLE_FIELDS)
-      where("to_tsvector('simple', #{pg_search_plugin_fields}) @@ to_tsquery('#{filtered_query}')").
-        order("ts_rank(to_tsvector('simple', #{pg_search_plugin_fields}), to_tsquery('#{filtered_query}')) DESC")
-    else
-      raise "No searchable fields defined for #{self.name}"
-    end
-  end
-
-  def self.pg_search_plugin_fields
-    self::SEARCHABLE_FIELDS.keys.map(&:to_s).sort.map {|f| "coalesce(#{table_name}.#{f}, '')"}.join(" || ' ' || ")
-  end
-end
@@ -0,0 +1,19 @@
+require_dependency 'application_record'
+
+class ApplicationRecord
+
+  def self.pg_search_plugin_search(query)
+    filtered_query = query.gsub(/[\|\(\)\\\/\s\[\]'"*%&!:]/,' ').split.map{|w| w += ":*"}.join('|')
+    if defined?(self::SEARCHABLE_FIELDS)
+      where("to_tsvector('simple', #{pg_search_plugin_fields}) @@ to_tsquery('#{filtered_query}')").
+        order("ts_rank(to_tsvector('simple', #{pg_search_plugin_fields}), to_tsquery('#{filtered_query}')) DESC")
+    else
+      raise "No searchable fields defined for #{self.name}"
+    end
+  end
+
+  def self.pg_search_plugin_fields
+    self::SEARCHABLE_FIELDS.keys.map(&:to_s).sort.map {|f| "coalesce(#{table_name}.#{f}, '')"}.join(" || ' ' || ")
+  end
+
+end
@@ -15,7 +15,7 @@
             <%= show_date(headline.published_at) %>
           </div>
           <div class='tags'>
-            <%= headline.tags.map { |t| link_to(t, :controller => 'profile', :profile => member.identifier, :action => 'tags', :id => t.name ) }.join("\n") %>
+            <%= safe_join(headline.tags.map { |t| link_to(t, :controller => 'profile', :profile => member.identifier, :action => 'tags', :id => t.name ) }, "\n") %>
           </div>
         </div>
       </div>
-class PushNotificationPlugin::DeviceToken < ActiveRecord::Base
+class PushNotificationPlugin::DeviceToken < ApplicationRecord
   belongs_to :user
   attr_accessible :token, :device_name, :user
-class PushNotificationPlugin::NotificationSettings < ActiveRecord::Base
+class PushNotificationPlugin::NotificationSettings < ApplicationRecord
   NOTIFICATIONS= {
     "add_friend" => 0x1,
-class PushNotificationPlugin::NotificationSubscription < ActiveRecord::Base
+class PushNotificationPlugin::NotificationSubscription < ApplicationRecord
+
   belongs_to :environment
   attr_accessible :subscribers, :notification, :environment
@@ -0,0 +1,178 @@
+require_relative '../../../../test/api/test_helper'
+
+class PushNotificationApiTest < ActiveSupport::TestCase
+
+  def setup
+    login_api
+    environment = Environment.default
+    environment.enable_plugin(PushNotificationPlugin)
+  end
+
+  should 'list all my device tokens' do
+    logged_user = @user
+    token1 = PushNotificationPlugin::DeviceToken.create!(:token => "firsttoken", device_name: "my device", :user => logged_user)
+    token2 = PushNotificationPlugin::DeviceToken.create!(:token => "secondtoken", device_name: "my device", :user => logged_user)
+
+    get "/api/v1/push_notification_plugin/device_tokens?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equivalent [token1.token, token2.token], json
+  end
+
+  should 'not list other people device tokens' do
+    user = User.create!(:login => 'outro', :email => 'outro@example.com', :password => 'outro', :password_confirmation => 'outro', :environment => Environment.default)
+    user.activate
+    PushNotificationPlugin::DeviceToken.create!(:token => "firsttoken", device_name: "my device", :user => user)
+    get "/api/v1/push_notification_plugin/device_tokens?#{params.merge(:target_id => user.id).to_query}"
+    assert_equal 401, last_response.status
+  end
+
+  should 'admin see other user\'s device tokens' do
+    logged_user = @user
+    Environment.default.add_admin(logged_user.person)
+    logged_user.reload
+
+    user = User.create!(:login => 'outro', :email => 'outro@example.com', :password => 'outro', :password_confirmation => 'outro', :environment => Environment.default)
+    user.activate
+
+    token1 = PushNotificationPlugin::DeviceToken.create!(:token => "firsttoken", device_name: "my device", :user => user)
+
+    get "/api/v1/push_notification_plugin/device_tokens?#{params.merge(:target_id => user.id).to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equivalent [token1.token], json
+  end
+
+#------------------------------------------------------------------------------------------------------
+
+  should 'add my device token' do
+    params.merge!(:device_name => "my_device", :token => "token1")
+    post "/api/v1/push_notification_plugin/device_tokens?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equivalent ["token1"], json["user"]["device_tokens"]
+  end
+
+  should 'not add device tokens for other people' do
+    user = User.create!(:login => 'outro', :email => 'outro@example.com', :password => 'outro', :password_confirmation => 'outro', :environment => Environment.default)
+    user.activate
+    params.merge!(:device_name => "my_device", :token => "tokenX", :target_id => user.id)
+    post "/api/v1/push_notification_plugin/device_tokens?#{params.to_query}"
+    assert_equal 401, last_response.status
+  end
+
+  should 'admin add device tokens for other users' do
+    logged_user = @user
+    Environment.default.add_admin(logged_user.person)
+    logged_user.reload
+
+    user = User.create!(:login => 'outro', :email => 'outro@example.com', :password => 'outro', :password_confirmation => 'outro', :environment => Environment.default)
+    user.activate
+
+    params.merge!(:device_name => "my_device", :token=> "tokenY", :target_id => user.id)
+    post "/api/v1/push_notification_plugin/device_tokens?#{params.to_query}"
+
+    json = JSON.parse(last_response.body)
+    assert_equivalent ["tokenY"], json["user"]["device_tokens"]
+  end
+
+#------------------------------------------------------------------------------------------------------
+
+  should 'delete my device tokens' do
+    logged_user = @user
+    PushNotificationPlugin::DeviceToken.create!(:token => "firsttoken", device_name: "my device", :user => logged_user)
+    PushNotificationPlugin::DeviceToken.create!(:token => "secondtoken", device_name: "my device", :user => logged_user)
+
+    params.merge!(:token => "secondtoken")
+    delete "/api/v1/push_notification_plugin/device_tokens?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equivalent ["firsttoken"], json["user"]["device_tokens"]
+  end
+
+  should 'not delete device tokens for other people' do
+    user = User.create!(:login => 'outro', :email => 'outro@example.com', :password => 'outro', :password_confirmation => 'outro', :environment => Environment.default)
+    user.activate
+
+    PushNotificationPlugin::DeviceToken.create!(:token => "secondtoken", device_name: "my device", :user => user)
+    user.reload
+
+    params.merge!(:token => "secondtoken", :target_id => user.id)
+    delete "/api/v1/push_notification_plugin/device_tokens?#{params.to_query}"
+    assert_equal 401, last_response.status
+    assert_equivalent user.device_token_list, ["secondtoken"]
+  end
+
+  should 'admin delete device tokens for other users' do
+    logged_user = @user
+    Environment.default.add_admin(logged_user.person)
+    logged_user.reload
+
+    user = User.create!(:login => 'outro', :email => 'outro@example.com', :password => 'outro', :password_confirmation => 'outro', :environment => Environment.default)
+    user.activate
+
+    PushNotificationPlugin::DeviceToken.create!(:token => "firsttoken", device_name: "my device", :user => user)
+    PushNotificationPlugin::DeviceToken.create!(:token => "secondtoken", device_name: "my device", :user => user)
+    user.reload
+
+    params.merge!(:token=> "secondtoken", :target_id => user.id)
+    delete "/api/v1/push_notification_plugin/device_tokens?#{params.to_query}"
+
+    json = JSON.parse(last_response.body)
+    assert_equivalent ["firsttoken"], json["user"]["device_tokens"]
+  end
+
+#--------------------------------------------------------------------------------------------------------------------------------------------
+
+  should 'list all notifications disabled by default for new users' do
+    get "/api/v1/push_notification_plugin/notification_settings?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    json["user"]["notification_settings"].each_pair do |notification, status|
+      refute status
+    end
+  end
+
+  should 'list device tokens notification options' do
+    logged_user = @user
+    logged_user.notification_settings.activate_notification "new_comment"
+    logged_user.save!
+
+    get "/api/v1/push_notification_plugin/notification_settings?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal true, json["user"]["notification_settings"]["new_comment"]
+		assert_equal false, json["user"]["notification_settings"]["add_friend"]
+  end
+
+  should 'get possible notifications' do
+    get "/api/v1/push_notification_plugin/possible_notifications?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equivalent PushNotificationPlugin::NotificationSettings::NOTIFICATIONS.keys, json["possible_notifications"]
+  end
+
+  should 'change device tokens notification options' do
+    logged_user = @user
+    params.merge!("new_comment"=> "true")
+
+    post "/api/v1/push_notification_plugin/notification_settings?#{params.to_query}"
+		logged_user.reload
+    json = JSON.parse(last_response.body)
+    assert_equal true, json["user"]["notification_settings"]["new_comment"]
+		assert_equal true, logged_user.notification_settings.hash_flags["new_comment"]
+	end
+
+  should 'get active notifications list' do
+    logged_user = @user
+    logged_user.notification_settings.activate_notification "new_comment"
+    logged_user.save!
+
+    get "/api/v1/push_notification_plugin/active_notifications?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+		assert_equivalent ["new_comment"], json
+  end
+
+  should 'get inactive notifications list' do
+    logged_user = @user
+    logged_user.notification_settings.activate_notification "new_comment"
+    logged_user.save
+
+    get "/api/v1/push_notification_plugin/inactive_notifications?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equivalent (PushNotificationPlugin::NotificationSettings::NOTIFICATIONS.keys-["new_comment"]), json
+  end
+end
@@ -1,178 +0,0 @@
-require_relative '../../../../test/unit/api/test_helper'
-
-class PushNotificationApiTest < ActiveSupport::TestCase
-
-  def setup
-    login_api
-    environment = Environment.default
-    environment.enable_plugin(PushNotificationPlugin)
-  end
-
-  should 'list all my device tokens' do
-    logged_user = @user
-    token1 = PushNotificationPlugin::DeviceToken.create!(:token => "firsttoken", device_name: "my device", :user => logged_user)
-    token2 = PushNotificationPlugin::DeviceToken.create!(:token => "secondtoken", device_name: "my device", :user => logged_user)
-
-    get "/api/v1/push_notification_plugin/device_tokens?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert_equivalent [token1.token, token2.token], json
-  end
-
-  should 'not list other people device tokens' do
-    user = User.create!(:login => 'outro', :email => 'outro@example.com', :password => 'outro', :password_confirmation => 'outro', :environment => Environment.default)
-    user.activate
-    PushNotificationPlugin::DeviceToken.create!(:token => "firsttoken", device_name: "my device", :user => user)
-    get "/api/v1/push_notification_plugin/device_tokens?#{params.merge(:target_id => user.id).to_query}"
-    assert_equal 401, last_response.status
-  end
-
-  should 'admin see other user\'s device tokens' do
-    logged_user = @user
-    Environment.default.add_admin(logged_user.person)
-    logged_user.reload
-
-    user = User.create!(:login => 'outro', :email => 'outro@example.com', :password => 'outro', :password_confirmation => 'outro', :environment => Environment.default)
-    user.activate
-
-    token1 = PushNotificationPlugin::DeviceToken.create!(:token => "firsttoken", device_name: "my device", :user => user)
-
-    get "/api/v1/push_notification_plugin/device_tokens?#{params.merge(:target_id => user.id).to_query}"
-    json = JSON.parse(last_response.body)
-    assert_equivalent [token1.token], json
-  end
-
-#------------------------------------------------------------------------------------------------------
-
-  should 'add my device token' do
-    params.merge!(:device_name => "my_device", :token => "token1")
-    post "/api/v1/push_notification_plugin/device_tokens?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert_equivalent ["token1"], json["user"]["device_tokens"]
-  end
-
-  should 'not add device tokens for other people' do
-    user = User.create!(:login => 'outro', :email => 'outro@example.com', :password => 'outro', :password_confirmation => 'outro', :environment => Environment.default)
-    user.activate
-    params.merge!(:device_name => "my_device", :token => "tokenX", :target_id => user.id)
-    post "/api/v1/push_notification_plugin/device_tokens?#{params.to_query}"
-    assert_equal 401, last_response.status
-  end
-
-  should 'admin add device tokens for other users' do
-    logged_user = @user
-    Environment.default.add_admin(logged_user.person)
-    logged_user.reload
-
-    user = User.create!(:login => 'outro', :email => 'outro@example.com', :password => 'outro', :password_confirmation => 'outro', :environment => Environment.default)
-    user.activate
-
-    params.merge!(:device_name => "my_device", :token=> "tokenY", :target_id => user.id)
-    post "/api/v1/push_notification_plugin/device_tokens?#{params.to_query}"
-
-    json = JSON.parse(last_response.body)
-    assert_equivalent ["tokenY"], json["user"]["device_tokens"]
-  end
-
-#------------------------------------------------------------------------------------------------------
-
-  should 'delete my device tokens' do
-    logged_user = @user
-    PushNotificationPlugin::DeviceToken.create!(:token => "firsttoken", device_name: "my device", :user => logged_user)
-    PushNotificationPlugin::DeviceToken.create!(:token => "secondtoken", device_name: "my device", :user => logged_user)
-
-    params.merge!(:token => "secondtoken")
-    delete "/api/v1/push_notification_plugin/device_tokens?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert_equivalent ["firsttoken"], json["user"]["device_tokens"]
-  end
-
-  should 'not delete device tokens for other people' do
-    user = User.create!(:login => 'outro', :email => 'outro@example.com', :password => 'outro', :password_confirmation => 'outro', :environment => Environment.default)
-    user.activate
-
-    PushNotificationPlugin::DeviceToken.create!(:token => "secondtoken", device_name: "my device", :user => user)
-    user.reload
-
-    params.merge!(:token => "secondtoken", :target_id => user.id)
-    delete "/api/v1/push_notification_plugin/device_tokens?#{params.to_query}"
-    assert_equal 401, last_response.status
-    assert_equivalent user.device_token_list, ["secondtoken"]
-  end
-
-  should 'admin delete device tokens for other users' do
-    logged_user = @user
-    Environment.default.add_admin(logged_user.person)
-    logged_user.reload
-
-    user = User.create!(:login => 'outro', :email => 'outro@example.com', :password => 'outro', :password_confirmation => 'outro', :environment => Environment.default)
-    user.activate
-
-    PushNotificationPlugin::DeviceToken.create!(:token => "firsttoken", device_name: "my device", :user => user)
-    PushNotificationPlugin::DeviceToken.create!(:token => "secondtoken", device_name: "my device", :user => user)
-    user.reload
-
-    params.merge!(:token=> "secondtoken", :target_id => user.id)
-    delete "/api/v1/push_notification_plugin/device_tokens?#{params.to_query}"
-
-    json = JSON.parse(last_response.body)
-    assert_equivalent ["firsttoken"], json["user"]["device_tokens"]
-  end
-
-#--------------------------------------------------------------------------------------------------------------------------------------------
-
-  should 'list all notifications disabled by default for new users' do
-    get "/api/v1/push_notification_plugin/notification_settings?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    json["user"]["notification_settings"].each_pair do |notification, status|
-      refute status
-    end
-  end
-
-  should 'list device tokens notification options' do
-    logged_user = @user
-    logged_user.notification_settings.activate_notification "new_comment"
-    logged_user.save!
-
-    get "/api/v1/push_notification_plugin/notification_settings?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert_equal true, json["user"]["notification_settings"]["new_comment"]
-		assert_equal false, json["user"]["notification_settings"]["add_friend"]
-  end
-
-  should 'get possible notifications' do
-    get "/api/v1/push_notification_plugin/possible_notifications?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert_equivalent PushNotificationPlugin::NotificationSettings::NOTIFICATIONS.keys, json["possible_notifications"]
-  end
-
-  should 'change device tokens notification options' do
-    logged_user = @user
-    params.merge!("new_comment"=> "true")
-
-    post "/api/v1/push_notification_plugin/notification_settings?#{params.to_query}"
-		logged_user.reload
-    json = JSON.parse(last_response.body)
-    assert_equal true, json["user"]["notification_settings"]["new_comment"]
-		assert_equal true, logged_user.notification_settings.hash_flags["new_comment"]
-	end
-
-  should 'get active notifications list' do
-    logged_user = @user
-    logged_user.notification_settings.activate_notification "new_comment"
-    logged_user.save!
-
-    get "/api/v1/push_notification_plugin/active_notifications?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-		assert_equivalent ["new_comment"], json
-  end
-
-  should 'get inactive notifications list' do
-    logged_user = @user
-    logged_user.notification_settings.activate_notification "new_comment"
-    logged_user.save
-
-    get "/api/v1/push_notification_plugin/inactive_notifications?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert_equivalent (PushNotificationPlugin::NotificationSettings::NOTIFICATIONS.keys-["new_comment"]), json
-  end
-end
@@ -83,7 +83,7 @@ class RelevantContentPlugin::RelevantContentBlock &lt; Block
         end
       end
     end
-    return content
+    return content.html_safe
   end
   def timeout
@@ -17,7 +17,7 @@ class RequireAuthToCommentPlugin &lt; Noosfero::Plugin
   end
   def profile_editor_extras
-    expanded_template('profile-editor-extras.html.erb')
+    expanded_template('profile-editor-extras.html.erb').html_safe
   end
   def stylesheet?
 OrdersPlugin.send :remove_const, :Item if defined? OrdersPlugin::Item
 OrdersPlugin.send :remove_const, :Order if defined? OrdersPlugin::Order
-class ShoppingCartPlugin::PurchaseOrder < ActiveRecord::Base
+class ShoppingCartPlugin::PurchaseOrder < ApplicationRecord
   acts_as_having_settings field: :data
   module Status
@@ -16,10 +16,10 @@ class Profile
   has_many :orders, class_name: 'OrdersPlugin::Order'
 end
-class OrdersPlugin::Item < ActiveRecord::Base
+class OrdersPlugin::Item < ApplicationRecord
   belongs_to :order, class_name: 'OrdersPlugin::Order'
 end
-class OrdersPlugin::Order < ActiveRecord::Base
+class OrdersPlugin::Order < ApplicationRecord
   has_many :items, class_name: 'OrdersPlugin::Item', foreign_key: :order_id
   extend CodeNumbering::ClassMethods
@@ -7,17 +7,17 @@ msgid &quot;&quot;
 msgstr ""
 "Project-Id-Version: 1.3~rc2-1-ga15645d\n"
 "POT-Creation-Date: 2015-10-30 16:34-0300\n"
-"PO-Revision-Date: 2015-02-23 11:36+0200\n"
-"Last-Translator: Michal Čihař <michal@cihar.com>\n"
+"PO-Revision-Date: 2016-04-21 01:21+0000\n"
+"Last-Translator: Iryna Pruitt <jdpruitt2807@prodigy.net>\n"
 "Language-Team: Russian <https://hosted.weblate.org/projects/noosfero/plugin-"
 "shopping-cart/ru/>\n"
 "Language: ru\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
-"Plural-Forms: nplurals=3; plural=n%10==1 && n%100!=11 ? 0 : n%10>=2 && n"
-"%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2;\n"
-"X-Generator: Weblate 2.3-dev\n"
+"Plural-Forms: nplurals=3; plural=n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<="
+"4 && (n%100<10 || n%100>=20) ? 1 : 2;\n"
+"X-Generator: Weblate 2.6-dev\n"
 #: plugins/shopping_cart/lib/shopping_cart_plugin.rb:10
 #, fuzzy
@@ -30,9 +30,8 @@ msgid &quot;Shopping basket&quot;
 msgstr "Учебный статус"
 #: plugins/shopping_cart/lib/shopping_cart_plugin/cart_helper.rb:11
-#, fuzzy
 msgid "Add to basket"
-msgstr "Добавить контакт"
+msgstr "Добавить в корзину"
 #: plugins/shopping_cart/lib/shopping_cart_plugin/mailer.rb:20
 #, fuzzy
@@ -48,20 +47,19 @@ msgid &quot;&quot;
 "Your order has been sent successfully! You will receive a confirmation e-"
 "mail shortly."
 msgstr ""
+"Ваш заказ был успешно отправлен! Вы получите подтверждение через минуту."
 #: plugins/shopping_cart/controllers/shopping_cart_plugin_controller.rb:158
-#, fuzzy
 msgid "Basket displayed."
-msgstr "Не отображать"
+msgstr "Изображение корзины"
 #: plugins/shopping_cart/controllers/shopping_cart_plugin_controller.rb:177
 msgid "Basket hidden."
-msgstr ""
+msgstr "Спрятать корзину"
 #: plugins/shopping_cart/controllers/shopping_cart_plugin_controller.rb:200
-#, fuzzy
 msgid "Delivery option updated."
-msgstr "Уничтожить профиль"
+msgstr "Способы отправки обновлены."
 #: plugins/shopping_cart/controllers/shopping_cart_plugin_controller.rb:218
 msgid ""
@@ -70,9 +68,8 @@ msgid &quot;&quot;
 msgstr ""
 #: plugins/shopping_cart/controllers/shopping_cart_plugin_controller.rb:232
-#, fuzzy
 msgid "There is no basket."
-msgstr "Нет категорий"
+msgstr "Нет корзины."
 #: plugins/shopping_cart/controllers/shopping_cart_plugin_controller.rb:248
 #, fuzzy
@@ -86,7 +83,7 @@ msgstr &quot;Компания не может быть активирована&quot;
 #: plugins/shopping_cart/controllers/shopping_cart_plugin_controller.rb:276
 msgid "Invalid quantity."
-msgstr ""
+msgstr "Недействительное количество."
 #: plugins/shopping_cart/controllers/shopping_cart_plugin_controller.rb:364
 #, fuzzy
@@ -94,14 +91,12 @@ msgid &quot;Undefined product&quot;
 msgstr "Продукт без категории"
 #: plugins/shopping_cart/controllers/shopping_cart_plugin_controller.rb:366
-#, fuzzy
 msgid "Wrong product id"
-msgstr "Нет продукта"
+msgstr "Неправильная категория товара"
 #: plugins/shopping_cart/views/shopping_cart_plugin_myprofile/edit.html.erb:1
-#, fuzzy
 msgid "Basket options"
-msgstr "Еще опции"
+msgstr "Опции корзины"
 #: plugins/shopping_cart/views/shopping_cart_plugin_myprofile/edit.html.erb:7
 #, fuzzy
@@ -109,86 +104,75 @@ msgid &quot;Enable shopping basket&quot;
 msgstr "Учебный статус"
 #: plugins/shopping_cart/views/shopping_cart_plugin_myprofile/edit.html.erb:13
-#, fuzzy
 msgid "Deliveries or pickups"
-msgstr "Уничтожить профиль"
+msgstr "Доставка или получение на месте"
 #: plugins/shopping_cart/views/public/_cart.html.erb:6
 #: plugins/shopping_cart/views/public/_cart.html.erb:19
 #: plugins/shopping_cart/views/shopping_cart_plugin/buy.html.erb:3
-#, fuzzy
 msgid "Shopping checkout"
-msgstr "Учебный статус"
+msgstr "Оформление и оплата заказа"
 #: plugins/shopping_cart/views/public/_cart.html.erb:8
-#, fuzzy
 msgid "Basket is empty"
-msgstr "Не отображать"
+msgstr "Корзина пуста"
 #: plugins/shopping_cart/views/public/_cart.html.erb:14
 msgid "Basket"
-msgstr ""
+msgstr "Корзина"
 #: plugins/shopping_cart/views/public/_cart.html.erb:16
-#, fuzzy
 msgid "Clean basket"
-msgstr "Открыть чат"
+msgstr "Чистая корзина"
 #: plugins/shopping_cart/views/public/_cart.html.erb:20
 #: plugins/shopping_cart/views/shopping_cart_plugin/_items.html.erb:42
-#, fuzzy
 msgid "Total:"
-msgstr "Получатель:"
+msgstr "Всего:"
 #: plugins/shopping_cart/views/public/_cart.html.erb:23
-#, fuzzy
 msgid "Show basket"
-msgstr "Учебный статус"
+msgstr "Показать корзину"
 #: plugins/shopping_cart/views/public/_cart.html.erb:24
-#, fuzzy
 msgid "Hide basket"
-msgstr "Спрятать"
+msgstr "Спрятать корзину"
 #: plugins/shopping_cart/views/public/_cart.html.erb:44
 msgid "Ups... I had a problem to load the basket list."
-msgstr ""
+msgstr "Ой... Проблема с загрузкой списка корзины."
 #: plugins/shopping_cart/views/public/_cart.html.erb:46
-#, fuzzy
 msgid "Did you want to reload this page?"
-msgstr "Хотите присоединиться к группе?"
+msgstr "Хотите перезагрузить эту страницу?"
 #: plugins/shopping_cart/views/public/_cart.html.erb:49
 msgid "Sorry, you can't have more then 100 kinds of items on this basket."
-msgstr ""
+msgstr "Извините, но в корзине не может быть более 100 товаров."
 #: plugins/shopping_cart/views/public/_cart.html.erb:51
 msgid "Oops, you must wait your last request to finish first!"
 msgstr ""
 #: plugins/shopping_cart/views/public/_cart.html.erb:52
-#, fuzzy
 msgid "Are you sure you want to remove this item?"
-msgstr "Вы уверены что хотите удалить этот элемент?"
+msgstr "Вы уверены, что хотите удалить этот товар?"
 #: plugins/shopping_cart/views/public/_cart.html.erb:53
-#, fuzzy
 msgid "Are you sure you want to clean your basket?"
-msgstr "Вы уверены что хотите выйти?"
+msgstr "Вы уверены, что хотите удалить все из корзины?"
 #: plugins/shopping_cart/views/public/_cart.html.erb:54
 msgid "repeat order"
-msgstr ""
+msgstr "Повторить заказ"
 #: plugins/shopping_cart/views/shopping_cart_plugin/_items.html.erb:7
-#, fuzzy
 msgid "Item name"
-msgstr "Имя файла"
+msgstr "Название товара"
 #: plugins/shopping_cart/views/shopping_cart_plugin/_items.html.erb:13
 msgid "Price"
-msgstr ""
+msgstr "Цена"
 #: plugins/shopping_cart/views/shopping_cart_plugin/mailer/customer_notification.html.erb:7
 #: plugins/shopping_cart/views/shopping_cart_plugin/mailer/supplier_notification.html.erb:7
@@ -207,45 +191,40 @@ msgid &quot;&quot;
 msgstr ""
 #: plugins/shopping_cart/views/shopping_cart_plugin/mailer/customer_notification.html.erb:12
-#, fuzzy
 msgid "If you have any doubts about your order, write to us at: %s."
-msgstr "У вас еще нет контактов"
+msgstr "Если у вас есть какие-либо сомнения в вашем заказе, свяжитесь с нами:%."
 #: plugins/shopping_cart/views/shopping_cart_plugin/mailer/customer_notification.html.erb:13
 msgid "Review below the informations of your order:"
-msgstr ""
+msgstr "Проверьте ваш заказ:"
 #: plugins/shopping_cart/views/shopping_cart_plugin/mailer/customer_notification.html.erb:19
 #: plugins/shopping_cart/views/shopping_cart_plugin/mailer/supplier_notification.html.erb:17
-#, fuzzy
 msgid "Phone number"
-msgstr "один участник"
+msgstr "Номер телефона"
 #: plugins/shopping_cart/views/shopping_cart_plugin/mailer/customer_notification.html.erb:22
 #: plugins/shopping_cart/views/shopping_cart_plugin/buy.html.erb:22
 msgid "Payment's method"
-msgstr ""
+msgstr "Метод оплаты"
 #: plugins/shopping_cart/views/shopping_cart_plugin/mailer/customer_notification.html.erb:24
 #: plugins/shopping_cart/views/shopping_cart_plugin/mailer/supplier_notification.html.erb:22
 #: plugins/shopping_cart/views/shopping_cart_plugin/buy.html.erb:26
-#, fuzzy
 msgid "shopping_cart|Change"
-msgstr "Учебный статус"
+msgstr "Покупательская корзина|Изменения"
 #: plugins/shopping_cart/views/shopping_cart_plugin/mailer/customer_notification.html.erb:28
-#, fuzzy
 msgid "Delivery or pickup"
-msgstr "Уничтожить профиль"
+msgstr "Доставка или получение на месте"
 #: plugins/shopping_cart/views/shopping_cart_plugin/mailer/customer_notification.html.erb:63
 msgid "Here are the products you bought:"
-msgstr ""
+msgstr "Вот купленный вами товар:"
 #: plugins/shopping_cart/views/shopping_cart_plugin/mailer/customer_notification.html.erb:67
-#, fuzzy
 msgid "Thanks for buying with us!"
-msgstr "Спасибо за регистрацию!"
+msgstr "Спасибо за вашу покупку!"
 #: plugins/shopping_cart/views/shopping_cart_plugin/mailer/customer_notification.html.erb:70
 #: plugins/shopping_cart/views/shopping_cart_plugin/mailer/supplier_notification.html.erb:61
@@ -259,28 +238,29 @@ msgstr &quot;Это републикация \&quot;%s\&quot;, от %s.&quot;
 #: plugins/shopping_cart/views/shopping_cart_plugin/mailer/supplier_notification.html.erb:11
 msgid "Below follows the customer informations:"
-msgstr ""
+msgstr "Ниже изображена информация покупателя:"
 #: plugins/shopping_cart/views/shopping_cart_plugin/mailer/supplier_notification.html.erb:20
 #: plugins/shopping_cart/views/shopping_cart_plugin/buy.html.erb:25
 msgid "Payment"
-msgstr ""
+msgstr "Оплата"
 #: plugins/shopping_cart/views/shopping_cart_plugin/mailer/supplier_notification.html.erb:55
 msgid "And here are the items bought by this customer:"
-msgstr ""
+msgstr "Вот товары, купленные этим покупателем:"
 #: plugins/shopping_cart/views/shopping_cart_plugin/mailer/supplier_notification.html.erb:59
 msgid "If there are any problems with this email contact the admin of %s."
 msgstr ""
+"Если есть проблемы с этим электронным сообщением, свяжитесь с администрацией."
 #: plugins/shopping_cart/views/shopping_cart_plugin/buy.html.erb:4
 msgid "haven't finished yet: back to shopping"
-msgstr ""
+msgstr "еще не закончил: назад к покупкам"
 #: plugins/shopping_cart/views/shopping_cart_plugin/buy.html.erb:12
 msgid "Personal identification"
-msgstr ""
+msgstr "Личная идентификация"
 #: plugins/shopping_cart/views/shopping_cart_plugin/buy.html.erb:15
 msgid "Name"
@@ -293,16 +273,15 @@ msgstr &quot;E-Mail&quot;
 #: plugins/shopping_cart/views/shopping_cart_plugin/buy.html.erb:17
 msgid "Contact phone"
-msgstr ""
+msgstr "Контактный телефон"
 #: plugins/shopping_cart/views/shopping_cart_plugin/buy.html.erb:32
-#, fuzzy
 msgid "Delivery or pickup method"
-msgstr "Уничтожить профиль"
+msgstr "Доставка или получение на месте"
 #: plugins/shopping_cart/views/shopping_cart_plugin/buy.html.erb:40
 msgid "Your Order"
-msgstr ""
+msgstr "Ваш заказ"
 #: plugins/shopping_cart/views/shopping_cart_plugin/buy.html.erb:47
 #, fuzzy
@@ -6,11 +6,11 @@
 <script>
   jQuery( document ).ready(function( $ ) {
     <% actions.each_with_index do |action, index| %>
-      <%= "siteTourPlugin.add('#{j action[:group_name]}', '#{j action[:selector]}', '#{j parse_tour_description(action[:description])}', #{index + 1});" %>
+      <%= raw "siteTourPlugin.add('#{j action[:group_name]}', '#{j action[:selector]}', '#{j parse_tour_description(action[:description])}', #{index + 1});" %>
     <% end %>
     <% (group_triggers||[]).each do |group| %>
-      <%= "siteTourPlugin.addGroupTrigger('#{j group[:group_name]}', '#{j group[:selector]}', '#{j group[:event]}');" %>
+      <%= "siteTourPlugin.addGroupTrigger('#{j group[:group_name]}', '#{j group[:selector]}', '#{j group[:event]}');".html_safe %>
     <% end %>
     siteTourPlugin.setOption('nextLabel', '<%= _('Next') %>');
 SnifferPlugin.send :remove_const, :Opportunity if defined? SnifferPlugin::Opportunity
-class SnifferPlugin::Profile < ActiveRecord::Base
+class SnifferPlugin::Profile < ApplicationRecord
   belongs_to :profile
 end
-class SnifferPlugin::Opportunity < ActiveRecord::Base
+class SnifferPlugin::Opportunity < ApplicationRecord
   belongs_to :sniffer_profile, class_name: 'SnifferPlugin::Profile', foreign_key: :profile_id
 end
-class SnifferPlugin::Opportunity < ActiveRecord::Base
+class SnifferPlugin::Opportunity < ApplicationRecord
   self.table_name = :sniffer_plugin_opportunities
@@ -46,8 +46,8 @@
   var currentProfile = <%= filter_visible_attr_profile(profile).to_json %>;
   sniffer.search.map.load({
     "zoom": <%= GoogleMaps.initial_zoom.to_json %>,
-    "balloonUrl": <%= url_for(:controller => :sniffer_plugin_myprofile, :action => :map_balloon, :id => "_id_", :escape => false).to_json %>,
-    "myBalloonUrl": <%= url_for(:controller => :sniffer_plugin_myprofile, :action => :my_map_balloon, :escape => false).to_json %>,
+    "balloonUrl": <%= raw url_for(:controller => :sniffer_plugin_myprofile, :action => :map_balloon, :id => "_id_", :escape => false).to_json %>,
+    "myBalloonUrl": <%= raw url_for(:controller => :sniffer_plugin_myprofile, :action => :my_map_balloon, :escape => false).to_json %>,
     "profiles": <%=
       @profiles_data.map do |id, profile_data|
         data = filter_visible_attr_profile(profile_data[:profile])
@@ -55,7 +55,7 @@
         data[:suppliersProducts] = filter_visible_attr_suppliers_products(profile_data[:suppliers_products])
         data[:icon] = profile_data[:profile][:icon]
         data
-      end.to_json
+      end.to_json.html_safe
     %>
   });
 </script>
@@ -191,32 +191,5 @@ module ActsAsFaceted
 end
-ActiveRecord::Base.extend ActsAsFaceted::ActsMethods
-
-# from https://github.com/rubyworks/facets/blob/master/lib/core/facets/enumerable/graph.rb
-module Enumerable
-  def graph(&yld)
-    if yld
-      h = {}
-      each do |*kv|
-        r = yld[*kv]
-        case r
-        when Hash
-          nk, nv = *r.to_a[0]
-        when Range
-          nk, nv = r.first, r.last
-        else
-          nk, nv = *r
-        end
-        h[nk] = nv
-      end
-      h
-    else
-      Enumerator.new(self,:graph)
-    end
-  end
-
-  # Alias for #graph, which stands for "map hash".
-  alias_method :mash, :graph
-end
+ApplicationRecord.extend ActsAsFaceted::ActsMethods
@@ -35,7 +35,7 @@ module ActsAsSearchable
     module FindByContents
       def schema_name
-        (Noosfero::MultiTenancy.on? and ActiveRecord::Base.postgresql?) ? ActiveRecord::Base.connection.schema_search_path : ''
+        (Noosfero::MultiTenancy.on? and ApplicationRecord.postgresql?) ? ApplicationRecord.connection.schema_search_path : ''
       end
       def find_by_contents(query, pg_options = {}, options = {}, db_options = {})
@@ -84,4 +84,5 @@ module ActsAsSearchable
   end
 end
-ActiveRecord::Base.send(:extend, ActsAsSearchable::ClassMethods)
+ApplicationRecord.extend ActsAsSearchable::ClassMethods
+
@@ -2,11 +2,11 @@ require_relative &#39;../test_helper&#39;
 require "#{File.dirname(__FILE__)}/../../lib/acts_as_faceted"
-class TestModel < ActiveRecord::Base
+class TestModel < ApplicationRecord
   def self.f_type_proc(klass)
-    klass.constantize 
+    klass.constantize
     h = {
-      'UploadedFile' => "Uploaded File", 
+      'UploadedFile' => "Uploaded File",
       'TextArticle' => "Text",
       'Folder' => "Folder",
       'Event' => "Event",
@@ -92,7 +92,7 @@ class ActsAsFacetedTest &lt; ActiveSupport::TestCase
     assert_equivalent [["[* TO NOW-1YEARS/DAY]", "Older than one year", 10], ["[NOW-1YEARS TO NOW/DAY]", "Last year", 19]], r
   end
-  should 'return facet hash in map_facets_for' do 
+  should 'return facet hash in map_facets_for' do
     r = TestModel.map_facets_for(Environment.default)
     assert r.count, 2
@@ -147,7 +147,7 @@ class ActsAsFacetedTest &lt; ActiveSupport::TestCase
     facets = TestModel.map_facets_for(Environment.default)
     facet = facets.select{ |f| f[:id] == 'f_type' }.first
     facet_data = TestModel.map_facet_results facet, @facet_params, @facets, @all_facets, {}
-    sorted = TestModel.facet_result_sort(facet, facet_data, :alphabetically) 
+    sorted = TestModel.facet_result_sort(facet, facet_data, :alphabetically)
     assert_equal sorted,
       [["Folder", "Folder", 3], ["Gallery", "Gallery", 1], ["TextArticle", 'Text', 15], ["UploadedFile", "Uploaded File", 6]]
   end
@@ -156,7 +156,7 @@ class ActsAsFacetedTest &lt; ActiveSupport::TestCase
     facets = TestModel.map_facets_for(Environment.default)
     facet = facets.select{ |f| f[:id] == 'f_type' }.first
     facet_data = TestModel.map_facet_results facet, @facet_params, @facets, @all_facets, {}
-    sorted = TestModel.facet_result_sort(facet, facet_data, :count) 
+    sorted = TestModel.facet_result_sort(facet, facet_data, :count)
     assert_equal sorted,
       [["TextArticle", "Text", 15], ["UploadedFile", "Uploaded File", 6], ["Folder", "Folder", 3], ["Gallery", "Gallery", 1]]
   end
@@ -23,7 +23,7 @@ class ActsAsSearchableTest &lt; ActiveSupport::TestCase
   should 'not be searchable when disabled' do
 		# suppress warning about already initialized constant
 		silent { ActsAsSearchable::ClassMethods::ACTS_AS_SEARCHABLE_ENABLED = false }
-		
+
     @test_model.expects(:acts_as_solr).never
 		@test_model.acts_as_searchable
   end
-class DynamicAttribute < ActiveRecord::Base
+class DynamicAttribute < ApplicationRecord
   belongs_to :dynamicable, :polymorphic => true
 end
-class SpaminatorPlugin::Report < ActiveRecord::Base
+class SpaminatorPlugin::Report < ApplicationRecord
   serialize :failed, Hash
-class StoaPlugin::UspAlunoTurmaGrad < ActiveRecord::Base
+class StoaPlugin::UspAlunoTurmaGrad < ApplicationRecord
   establish_connection(:stoa)
-class StoaPlugin::UspUser < ActiveRecord::Base
+class StoaPlugin::UspUser < ApplicationRecord
   establish_connection(:stoa)
   self.table_name = 'pessoa'
@@ -6,7 +6,7 @@ class AccountControllerTest &lt; ActionController::TestCase
   SALT=YAML::load(File.open(StoaPlugin.root_path + 'config.yml'))['salt']
   @db = Tempfile.new('stoa-test')
-  configs = ActiveRecord::Base.configurations['stoa'] = {:adapter => 'sqlite3', :database => @db.path}
+  ActiveRecord::Base.configurations['stoa'] = {:adapter => 'sqlite3', :database => @db.path}
   ActiveRecord::Base.establish_connection(:stoa)
   ActiveRecord::Schema.verbose = false
   ActiveRecord::Schema.create_table "pessoa" do |t|
@@ -13,7 +13,7 @@ class StoaPluginProfileEditorControllerTest &lt; ActionController::TestCase
     login_as(@person.identifier)
     Environment.default.enable_plugin(StoaPlugin.name)
     db = Tempfile.new('stoa-test')
-    ActiveRecord::Base.configurations['stoa'] = {:adapter => 'sqlite3', :database => db.path}
+    ApplicationRecord.configurations['stoa'] = {:adapter => 'sqlite3', :database => db.path}
   end
   attr_accessor :person
@@ -9,7 +9,7 @@ class StoaPluginControllerTest &lt; ActionController::TestCase
     @controller = StoaPluginController.new
     @request    = ActionController::TestRequest.new
     @response   = ActionController::TestResponse.new
-    ActiveRecord::Base.configurations['stoa'] = {:adapter => 'sqlite3', :database => ':memory:', :verbosity => 'quiet'}
+    ApplicationRecord.configurations['stoa'] = {:adapter => 'sqlite3', :database => ':memory:', :verbosity => 'quiet'}
     env = Environment.default
     env.enable_plugin(StoaPlugin.name)
     env.enable('skip_new_user_email_confirmation')
@@ -5,7 +5,7 @@ class StoaPlugin::UspUserTest &lt; ActiveSupport::TestCase
   SALT=YAML::load(File.open(StoaPlugin.root_path + 'config.yml'))['salt']
   @db = Tempfile.new('stoa-test')
-  configs = ActiveRecord::Base.configurations['stoa'] = {:adapter => 'sqlite3', :database => @db.path}
+  ActiveRecord::Base.configurations['stoa'] = {:adapter => 'sqlite3', :database => @db.path}
   ActiveRecord::Base.establish_connection(:stoa)
   ActiveRecord::Schema.verbose = false
   ActiveRecord::Schema.create_table "pessoa" do |t|
@@ -14,6 +14,7 @@ class StoaPlugin::UspUserTest &lt; ActiveSupport::TestCase
     t.date     "dtanas"
   end
   ActiveRecord::Base.establish_connection(:test)
+  StoaPlugin::UspUser.reset_column_information
   def setup
     StoaPlugin::UspUser.create({:codpes => 123456, :cpf => Digest::MD5.hexdigest(SALT+'12345678'), :birth_date => '1970-01-30'}, :without_protection => true)
-class SubOrganizationsPlugin::ApprovePaternityRelation < ActiveRecord::Base
+class SubOrganizationsPlugin::ApprovePaternityRelation < ApplicationRecord
   belongs_to :task
   belongs_to :parent, :polymorphic => true
-class SubOrganizationsPlugin::Relation < ActiveRecord::Base
+class SubOrganizationsPlugin::Relation < ApplicationRecord
   belongs_to :parent, :polymorphic => true
   belongs_to :child, :polymorphic => true
 class CreateSuppliersPluginTables < ActiveRecord::Migration
   def self.up
     # check if distribution plugin already moved the table
-    return if ActiveRecord::Base.connection.table_exists? :suppliers_plugin_suppliers
+    return if ApplicationRecord.connection.table_exists? :suppliers_plugin_suppliers
     create_table :suppliers_plugin_suppliers do |t|
       t.integer  :profile_id
 class CreateSuppliersPluginSourceProduct < ActiveRecord::Migration
   def self.up
     # check if distribution plugin already moved the table
-    return if ActiveRecord::Base.connection.table_exists? "suppliers_plugin_source_products"
+    return if ApplicationRecord.connection.table_exists? "suppliers_plugin_source_products"
     create_table :suppliers_plugin_source_products do |t|
       t.integer  "from_product_id"
-class SuppliersPlugin::Supplier < ActiveRecord::Base
+class SuppliersPlugin::Supplier < ApplicationRecord
 end
 class AddActiveToSuppliersPluginSupplier < ActiveRecord::Migration
@@ -126,4 +126,4 @@ module DefaultDelegate
 end
-ActiveRecord::Base.extend DefaultDelegate::ClassMethods
+ApplicationRecord.extend DefaultDelegate::ClassMethods
-class SuppliersPlugin::SourceProduct < ActiveRecord::Base
+class SuppliersPlugin::SourceProduct < ApplicationRecord
   attr_accessible :from_product, :to_product, :quantity
-class SuppliersPlugin::Supplier < ActiveRecord::Base
+class SuppliersPlugin::Supplier < ApplicationRecord
   attr_accessor :distribute_products_on_create, :dont_destroy_dummy, :identifier_from_name
-class ToleranceTimePlugin::Publication < ActiveRecord::Base
+class ToleranceTimePlugin::Publication < ApplicationRecord
   belongs_to :target, :polymorphic => true
   validates_presence_of :target_id, :target_type
-class ToleranceTimePlugin::Tolerance < ActiveRecord::Base
+class ToleranceTimePlugin::Tolerance < ApplicationRecord
   belongs_to :profile
   validates_presence_of :profile_id
-class VolunteersPlugin::Assignment < ActiveRecord::Base
+class VolunteersPlugin::Assignment < ApplicationRecord
   attr_accessible :profile_id
-class VolunteersPlugin::Period < ActiveRecord::Base
+class VolunteersPlugin::Period < ApplicationRecord
   attr_accessible :name
   attr_accessible :start, :end
@@ -7,17 +7,17 @@ msgid &quot;&quot;
 msgstr ""
 "Project-Id-Version: 1.3~rc2-8-g01ea9f7\n"
 "POT-Creation-Date: 2015-11-04 12:36-0300\n"
-"PO-Revision-Date: 2014-12-12 14:23+0200\n"
-"Last-Translator: Michal Čihař <michal@cihar.com>\n"
-"Language-Team: Russian <https://hosted.weblate.org/projects/noosfero/"
-"noosfero/ru/>\n"
+"PO-Revision-Date: 2016-04-21 01:15+0000\n"
+"Last-Translator: Iryna Pruitt <jdpruitt2807@prodigy.net>\n"
+"Language-Team: Russian "
+"<https://hosted.weblate.org/projects/noosfero/noosfero/ru/>\n"
 "Language: ru\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
-"Plural-Forms: nplurals=3; plural=n%10==1 && n%100!=11 ? 0 : n%10>=2 && n"
-"%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2;\n"
-"X-Generator: Weblate 2.2-dev\n"
+"Plural-Forms: nplurals=3; plural=n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<="
+"4 && (n%100<10 || n%100>=20) ? 1 : 2;\n"
+"X-Generator: Weblate 2.6-dev\n"
 #: app/models/approve_comment.rb:17
 #, fuzzy
@@ -9948,7 +9948,7 @@ msgstr &quot;Список продуктов и услуг&quot;
 #: app/views/manage_products/index.html.erb:6
 msgid "Price"
-msgstr "цена"
+msgstr "Цена"
 #: app/views/manage_products/index.html.erb:11
 msgid "(no product registered yet)"
@@ -3,7 +3,7 @@
     <%= link_to _('Manual'), '/doc', id: "link-to-doc", class: 'icon-help' %>
   </div><!-- end id="footer-links" -->
   <div id="copyright">
-    <p><%= _('This social network uses <a href="http://noosfero.org/">Noosfero</a>, developed by %s and licensed under the <a href="http://www.gnu.org/licenses/agpl.html">GNU Affero General Public License</a> version 3 or any later version.') % link_to('Colivre', 'http://colivre.coop.br/') %></p>
+    <p><%= (_('This social network uses <a href="http://noosfero.org/">Noosfero</a>, developed by %s and licensed under the <a href="http://www.gnu.org/licenses/agpl.html">GNU Affero General Public License</a> version 3 or any later version.') % link_to('Colivre', 'http://colivre.coop.br/')).html_safe %></p>
   </div><!-- end id="copyright" -->
   <%= language_chooser(environment) %>
 </div>
 <div id="footer-content">
-  <p><%= _('This site uses <a href="http://noosfero.org/">Noosfero</a>, developed by %s and licensed under the <a href="http://www.gnu.org/licenses/agpl.html">GNU Affero General Public License</a> version 3 or any later version.') % link_to('Colivre', 'http://colivre.coop.br/') %></p>
+  <p><%= _('This site uses <a href="http://noosfero.org/">Noosfero</a>, developed by %s and licensed under the <a href="http://www.gnu.org/licenses/agpl.html">GNU Affero General Public License</a> version 3 or any later version.') % link_to('Colivre', 'http://colivre.coop.br/').html_safe %></p>
 </div>
@@ -82,3 +82,47 @@ div.pending-tasks {
 .task_responsible {
   text-align: right;
 }
+
+.task-processed li {
+  background-color: rgb(240, 240, 240);
+  border-radius: 8px;
+  margin: 10px 0;
+  list-style-type: none;
+  padding: 12px;
+}
+
+.task-processed .task.status-3 {
+  background-color: rgb(205, 252, 218);
+}
+
+.task-processed .task.status-2 {
+  background-color: rgb(255, 203, 203);
+}
+
+.task-processed ul {
+  padding: 0;
+}
+
+.task-processed .task-list .task .title {
+  border-bottom: 1px solid rgba(0, 0, 0, 0.1);
+  font-weight: bold;
+  color: rgb(44, 44, 44);
+}
+
+.task-processed .task .status {
+  float: right;
+  color: rgb(156, 156, 156);
+  font-weight: bold;
+}
+
+.task-processed .task .dates {
+  font-size: 11px;
+}
+
+.task-processed .task .closed-by {
+  font-size: 11px;
+}
+
+.task-processed .task .label {
+  font-weight: bold
+}
@@ -79,7 +79,7 @@ run(){
 _install(){
   # export so that recursive enables for dependencies inherit this option too
-  export BUNDLE_OPTS='install'
+  export NOOSFERO_BUNDLE_OPTS='install'
   _enable "$1"
 }
@@ -119,8 +119,8 @@ _enable(){
       if [ -e $source/Gemfile ]; then
         gemfile=$(mktemp --tmpdir=.)
         cat $NOOSFERO_DIR/Gemfile $source/Gemfile > $gemfile
-        if [ -z "$BUNDLE_OPTS" ]; then BUNDLE_OPTS="--local"; fi
-        if ! RUBYOPT='' BUNDLE_GEMFILE="$gemfile" bundle $BUNDLE_OPTS --quiet; then
+        if [ -z "$NOOSFERO_BUNDLE_OPTS" ]; then NOOSFERO_BUNDLE_OPTS="--local"; fi
+        if ! RUBYOPT='' BUNDLE_GEMFILE="$gemfile" bundle $NOOSFERO_BUNDLE_OPTS --quiet; then
           dependencies_ok=false
         else
           mv "$gemfile".lock Gemfile.lock
@@ -689,7 +689,7 @@ class AccountControllerTest &lt; ActionController::TestCase
   should 'merge user data with extra stuff from plugins' do
     class Plugin1 < Noosfero::Plugin
       def user_data_extras
-        {:foo => 'bar'}
+        {:foo => 'bar'.html_safe }
       end
     end
@@ -787,12 +787,12 @@ class AccountControllerTest &lt; ActionController::TestCase
   should 'add extra content on signup forms from plugins' do
     class Plugin1 < Noosfero::Plugin
       def signup_extra_contents
-        proc {"<strong>Plugin1 text</strong>"}
+        proc {"<strong>Plugin1 text</strong>".html_safe}
       end
     end
     class Plugin2 < Noosfero::Plugin
       def signup_extra_contents
-        proc {"<strong>Plugin2 text</strong>"}
+        proc {"<strong>Plugin2 text</strong>".html_safe}
       end
     end
     Noosfero::Plugin.stubs(:all).returns([Plugin1.name, Plugin2.name])
@@ -909,12 +909,12 @@ class AccountControllerTest &lt; ActionController::TestCase
   should 'add extra content on login form from plugins' do
     class Plugin1 < Noosfero::Plugin
       def login_extra_contents
-        proc {"<strong>Plugin1 text</strong>"}
+        proc {"<strong>Plugin1 text</strong>".html_safe}
       end
     end
     class Plugin2 < Noosfero::Plugin
       def login_extra_contents
-        proc {"<strong>Plugin2 text</strong>"}
+        proc {"<strong>Plugin2 text</strong>".html_safe}
       end
     end
     Noosfero::Plugin.stubs(:all).returns([Plugin1.name, Plugin2.name])
@@ -375,7 +375,7 @@ class ApplicationControllerTest &lt; ActionController::TestCase
   should 'include javascripts supplied by plugins' do
     class Plugin1 < Noosfero::Plugin
       def js_files
-        ['js1.js']
+        ['js1.js'.html_safe]
       end
     end
@@ -384,7 +384,7 @@ class ApplicationControllerTest &lt; ActionController::TestCase
     class Plugin2 < Noosfero::Plugin
       def js_files
-        ['js2.js', 'js3.js']
+        ['js2.js'.html_safe, 'js3.js'.html_safe]
       end
     end
@@ -409,12 +409,12 @@ class ApplicationControllerTest &lt; ActionController::TestCase
   should 'include content in the beginning of body supplied by plugins regardless it is a block or html code' do
     class TestBodyBeginning1Plugin < Noosfero::Plugin
       def body_beginning
-        lambda {"<span id='plugin1'>This is [[plugin1]] speaking!</span>"}
+        lambda {"<span id='plugin1'>This is [[plugin1]] speaking!</span>".html_safe}
       end
     end
     class TestBodyBeginning2Plugin < Noosfero::Plugin
       def body_beginning
-        "<span id='plugin2'>This is Plugin2 speaking!</span>"
+        "<span id='plugin2'>This is Plugin2 speaking!</span>".html_safe
       end
     end
@@ -432,12 +432,12 @@ class ApplicationControllerTest &lt; ActionController::TestCase
     class TestHeadEnding1Plugin < Noosfero::Plugin
       def head_ending
-        lambda {"<script>alert('This is [[plugin1]] speaking!')</script>"}
+        lambda {"<script>alert('This is [[plugin1]] speaking!')</script>".html_safe}
       end
     end
     class TestHeadEnding2Plugin < Noosfero::Plugin
       def head_ending
-        "<style>This is Plugin2 speaking!</style>"
+        "<style>This is Plugin2 speaking!</style>".html_safe
       end
     end
@@ -71,13 +71,13 @@ class CatalogControllerTest &lt; ActionController::TestCase
   should 'include extra content supplied by plugins on catalog item extras' do
     class Plugin1 < Noosfero::Plugin
       def catalog_item_extras(product)
-        proc {"<span id='plugin1'>This is Plugin1 speaking!</span>"}
+        proc {"<span id='plugin1'>This is Plugin1 speaking!</span>".html_safe}
       end
     end
     class Plugin2 < Noosfero::Plugin
       def catalog_item_extras(product)
-        proc {"<span id='plugin2'>This is Plugin2 speaking!</span>"}
+        proc {"<span id='plugin2'>This is Plugin2 speaking!</span>".html_safe}
       end
     end
     Noosfero::Plugin.stubs(:all).returns([Plugin1.name, Plugin2.name])
@@ -191,13 +191,13 @@ class EnterpriseRegistrationControllerTest &lt; ActionController::TestCase
   should 'include hidden fields supplied by plugins on enterprise registration' do
     class Plugin1 < Noosfero::Plugin
       def enterprise_registration_hidden_fields
-        {'plugin1' => 'Plugin 1'}
+        {'plugin1' => 'Plugin 1'.html_safe}
       end
     end
     class Plugin2 < Noosfero::Plugin
       def enterprise_registration_hidden_fields
-        {'plugin2' => 'Plugin 2'}
+        {'plugin2' => 'Plugin 2'.html_safe}
       end
     end
     Noosfero::Plugin.stubs(:all).returns([Plugin1.name, Plugin2.name])
@@ -13,7 +13,7 @@ class EventsControllerTest &lt; ActionController::TestCase
     get :events, :profile => profile.identifier
-    today = DateTime.now.strftime("%B %d, %Y")
+    today = DateTime.now.strftime("%B %d, %Y").html_safe
     assert_tag :tag => 'div', :attributes => {:id => "agenda-items"},
       :descendant => {:tag => 'h3', :content => "Events for #{today}"},
       :descendant => {:tag => 'tr', :content => "Joao Birthday"},
@@ -43,7 +43,7 @@ class FriendsControllerTest &lt; ActionController::TestCase
   should 'display find people button' do
     get :index, :profile => 'testuser'
-    assert_tag :tag => 'a', :content => 'Find people', :attributes => { :href => '/search/assets?asset=people' }
+    assert_tag :tag => 'a', :content => 'Find people', :attributes => { :href => '/search/assets?asset=people'.html_safe }
   end
   should 'not display invite friends button if any plugin tells not to' do
@@ -88,12 +88,12 @@ class HomeControllerTest &lt; ActionController::TestCase
   should 'provide a link to make the user authentication' do
     class Plugin1 < Noosfero::Plugin
       def alternative_authentication_link
-        proc {"<a href='plugin1'>Plugin1 link</a>"}
+        proc {"<a href='plugin1'>Plugin1 link</a>".html_safe}
       end
     end
     class Plugin2 < Noosfero::Plugin
       def alternative_authentication_link
-        proc {"<a href='plugin2'>Plugin2 link</a>"}
+        proc {"<a href='plugin2'>Plugin2 link</a>".html_safe}
       end
     end
     Noosfero::Plugin.stubs(:all).returns([Plugin1.name, Plugin2.name])
@@ -168,7 +168,7 @@ class HomeControllerTest &lt; ActionController::TestCase
   should 'plugins add class to the <html>' do
     class Plugin1 < Noosfero::Plugin
       def html_tag_classes
-        lambda { ['t1', 't2'] }
+        lambda { ['t1'.html_safe, 't2'.html_safe] }
       end
     end
@@ -429,12 +429,12 @@ class ManageProductsControllerTest &lt; ActionController::TestCase
   should 'include extra content supplied by plugins on products info extras' do
     class TestProductInfoExtras1Plugin < Noosfero::Plugin
       def product_info_extras(p)
-        proc {"<span id='plugin1'>This is Plugin1 speaking!</span>"}
+        proc {"<span id='plugin1'>This is Plugin1 speaking!</span>".html_safe}
       end
     end
     class TestProductInfoExtras2Plugin < Noosfero::Plugin
       def product_info_extras(p)
-        proc { "<span id='plugin2'>This is Plugin2 speaking!</span>" }
+        proc { "<span id='plugin2'>This is Plugin2 speaking!</span>".html_safe }
       end
     end
@@ -125,7 +125,7 @@ class ProfileControllerTest &lt; ActionController::TestCase
     @profile.articles.create!(:name => 'testarticle', :tag_list => 'tag1')
     get :content_tagged, :profile => @profile.identifier, :id => 'tag1'
-    assert_tag :tag => 'a', :attributes => { :href => '/tag/tag1' }, :content => 'See content tagged with "tag1" in the entire site'
+    assert_tag :tag => 'a', :attributes => { :href => '/tag/tag1' }, :content => 'See content tagged with "tag1" in the entire site'.html_safe
   end
   should 'show a link to own control panel' do
@@ -512,7 +512,7 @@ class ProfileControllerTest &lt; ActionController::TestCase
   should 'show description of orgarnization' do
     login_as(@profile.identifier)
     ent = fast_create(Enterprise)
-    ent.description = 'Enterprise\'s description'
+    ent.description = "<span>Enterprise's description</span>"
     ent.save
     get :index, :profile => ent.identifier
     assert_tag :tag => 'div', :attributes => { :class => 'public-profile-description' }, :content => /Enterprise\'s description/
@@ -1236,13 +1236,13 @@ class ProfileControllerTest &lt; ActionController::TestCase
   should 'display plugins tabs' do
     class Plugin1 < Noosfero::Plugin
       def profile_tabs
-        {:title => 'Plugin1 tab', :id => 'plugin1_tab', :content => proc { 'Content from plugin1.' }}
+        {:title => 'Plugin1 tab', :id => 'plugin1_tab', :content => proc { 'Content from plugin1.'.html_safe }}
       end
     end
     class Plugin2 < Noosfero::Plugin
       def profile_tabs
-        {:title => 'Plugin2 tab', :id => 'plugin2_tab', :content => proc { 'Content from plugin2.' }}
+        {:title => 'Plugin2 tab', :id => 'plugin2_tab', :content => proc { 'Content from plugin2.'.html_safe }}
       end
     end
     Noosfero::Plugin.stubs(:all).returns([Plugin1.to_s, Plugin2.to_s])
@@ -1002,7 +1002,7 @@ class ProfileEditorControllerTest &lt; ActionController::TestCase
   should 'add extra content provided by plugins on edit' do
     class TestProfileEditPlugin < Noosfero::Plugin
       def profile_editor_extras
-        "<input id='field_added_by_plugin' value='value_of_field_added_by_plugin'/>"
+        "<input id='field_added_by_plugin' value='value_of_field_added_by_plugin'/>".html_safe
       end
     end
     Noosfero::Plugin.stubs(:all).returns([TestProfileEditPlugin.to_s])
@@ -1018,7 +1018,7 @@ class ProfileEditorControllerTest &lt; ActionController::TestCase
     class TestProfileEditPlugin < Noosfero::Plugin
       def profile_editor_extras
         lambda do
-          render :text => "<input id='field_added_by_plugin' value='value_of_field_added_by_plugin'/>"
+          (render :text => "<input id='field_added_by_plugin' value='value_of_field_added_by_plugin'/>".html_safe).html_safe
         end
       end
     end
@@ -1043,12 +1043,12 @@ class ProfileEditorControllerTest &lt; ActionController::TestCase
   should 'add extra content on person info from plugins' do
     class Plugin1 < Noosfero::Plugin
       def profile_info_extra_contents
-        proc {"<strong>Plugin1 text</strong>"}
+        proc {"<strong>Plugin1 text</strong>".html_safe}
       end
     end
     class Plugin2 < Noosfero::Plugin
       def profile_info_extra_contents
-        proc {"<strong>Plugin2 text</strong>"}
+        proc {"<strong>Plugin2 text</strong>".html_safe}
       end
     end
     Noosfero::Plugin.stubs(:all).returns([Plugin1.to_s, Plugin2.to_s])
@@ -1065,12 +1065,12 @@ class ProfileEditorControllerTest &lt; ActionController::TestCase
   should 'add extra content on organization info from plugins' do
     class Plugin1 < Noosfero::Plugin
       def profile_info_extra_contents
-        proc {"<strong>Plugin1 text</strong>"}
+        proc {"<strong>Plugin1 text</strong>".html_safe}
       end
     end
     class Plugin2 < Noosfero::Plugin
       def profile_info_extra_contents
-        proc {"<strong>Plugin2 text</strong>"}
+        proc {"<strong>Plugin2 text</strong>".html_safe}
       end
     end
     Noosfero::Plugin.stubs(:all).returns([Plugin1.to_s, Plugin2.to_s])
@@ -80,7 +80,7 @@ class RoleControllerTest &lt; ActionController::TestCase
     role = Role.create!(:name => 'environment_role', :key => 'environment_role', :environment => Environment.default)
     get :edit, :id => role.id
     ['Environment', 'Profile'].each do |key|
-      ActiveRecord::Base::PERMISSIONS[key].each do |permission, value|
+      ApplicationRecord::PERMISSIONS[key].each do |permission, value|
         assert_select ".permissions.#{key.downcase} input##{permission}"
       end
     end
@@ -89,7 +89,7 @@ class RoleControllerTest &lt; ActionController::TestCase
   should 'display permissions only for profile when editing a profile role' do
     role = Role.create!(:name => 'profile_role', :key => 'profile_role', :environment => Environment.default)
     get :edit, :id => role.id
-    ActiveRecord::Base::PERMISSIONS['Profile'].each do |permission, value|
+    ApplicationRecord::PERMISSIONS['Profile'].each do |permission, value|
       assert_select "input##{permission}"
     end
     assert_select ".permissions.environment", false
@@ -150,13 +150,13 @@ class SearchControllerTest &lt; ActionController::TestCase
   should 'include extra content supplied by plugins on product asset' do
     class Plugin1 < Noosfero::Plugin
       def asset_product_extras(product)
-        proc {"<span id='plugin1'>This is Plugin1 speaking!</span>"}
+        proc {"<span id='plugin1'>This is Plugin1 speaking!</span>".html_safe}
       end
     end
     class Plugin2 < Noosfero::Plugin
       def asset_product_extras(product)
-        proc {"<span id='plugin2'>This is Plugin2 speaking!</span>"}
+        proc {"<span id='plugin2'>This is Plugin2 speaking!</span>".html_safe}
       end
     end
     Noosfero::Plugin.stubs(:all).returns([Plugin1.to_s, Plugin2.to_s])
@@ -75,6 +75,7 @@ class TasksControllerTest &lt; ActionController::TestCase
     assert_response :success
     assert_template 'processed'
+    assert !assigns(:tasks).nil?
     assert_kind_of ActiveRecord::Relation, assigns(:tasks)
   end
@@ -761,32 +762,6 @@ class TasksControllerTest &lt; ActionController::TestCase
     assert_not_includes task_one.tags_from(nil), 'test'
   end
-  should 'filter processed tasks by all filters' do
-    requestor = fast_create(Person)
-    closed_by = fast_create(Person)
-    class AnotherTask < Task; end
-
-    created_date = DateTime.now
-    processed_date = DateTime.now
-
-    task_params = {:status => Task::Status::FINISHED, :requestor => requestor, :target => profile, :created_at => created_date, :end_date => processed_date, :closed_by => closed_by, :data => {:field => 'some data field'}}
-
-    task = create(AnotherTask, task_params)
-    create(Task, task_params)
-    create(AnotherTask, task_params.clone.merge(:status => Task::Status::CANCELLED))
-    create(AnotherTask, task_params.clone.merge(:created_at => created_date - 1.day))
-    create(AnotherTask, task_params.clone.merge(:created_at => created_date + 1.day))
-    create(AnotherTask, task_params.clone.merge(:end_date => processed_date - 1.day))
-    create(AnotherTask, task_params.clone.merge(:end_date => processed_date + 1.day))
-    create(AnotherTask, task_params.clone.merge(:requestor => fast_create(Person, :name => 'another-requestor')))
-    create(AnotherTask, task_params.clone.merge(:closed_by => fast_create(Person, :name => 'another-closer')))
-    create(AnotherTask, task_params.clone.merge(:data => {:field => 'other data field'}))
-
-    get :processed, :filter => {:type => AnotherTask, :status => Task::Status::FINISHED, :created_from => created_date, :created_until => created_date, :closed_from => processed_date, :closed_until => processed_date, :requestor => requestor.name, :closed_by => closed_by.name, :text => 'some data field'}
-    assert_response :success
-    assert_equal [task], assigns(:tasks)
-  end
-
   should 'list custom field details in moderation user tasks when moderation_tasks is true' do
     person_custom_field = CustomField.create(:name => "great_field", :format=>"string", :default_value => "value for person", :customized_type=>"Person", :active => true, :environment => Environment.default, :moderation_task => true, :required => true)
     p1 = create_user("great_person").person
@@ -847,4 +822,30 @@ class TasksControllerTest &lt; ActionController::TestCase
     assert_equal [email_template], assigns(:rejection_email_templates)
   end
+  should 'filter processed tasks by all filters' do
+    requestor = fast_create(Person)
+    closed_by = fast_create(Person)
+    class AnotherTask < Task; end
+
+    created_date = DateTime.now
+    processed_date = DateTime.now
+
+    task_params = {:status => Task::Status::FINISHED, :requestor => requestor, :target => profile, :created_at => created_date, :end_date => processed_date, :closed_by => closed_by, :data => {:field => 'some data field'}}
+
+    task = create(AnotherTask, task_params)
+    create(Task, task_params)
+    create(AnotherTask, task_params.clone.merge(:status => Task::Status::CANCELLED))
+    create(AnotherTask, task_params.clone.merge(:created_at => created_date - 1.day))
+    create(AnotherTask, task_params.clone.merge(:created_at => created_date + 1.day))
+    create(AnotherTask, task_params.clone.merge(:end_date => processed_date - 1.day))
+    create(AnotherTask, task_params.clone.merge(:end_date => processed_date + 1.day))
+    create(AnotherTask, task_params.clone.merge(:requestor => fast_create(Person, :name => 'another-requestor')))
+    create(AnotherTask, task_params.clone.merge(:closed_by => fast_create(Person, :name => 'another-closer')))
+    create(AnotherTask, task_params.clone.merge(:data => {:field => "other data field"}))
+
+    get :processed, :filter => {:type => AnotherTask, :status => Task::Status::FINISHED, :created_from => created_date, :created_until => created_date, :closed_from => processed_date, :closed_until => processed_date, :requestor => requestor.name, :closed_by => closed_by.name, :text => "some data field"}
+    assert_response :success
+    assert_equal [task], assigns(:tasks)
+  end
+
 end
@@ -29,12 +29,12 @@ class MultiTenancyTest &lt; ActionDispatch::IntegrationTest
     user = create_user
     session_obj = create(Session, user_id: user.id, session_id: 'some_id', data: {})
     person_identifier = user.person.identifier
-    
+
     Noosfero::MultiTenancy.setup!('schema1.com')
     host! 'schema2.com'
     cookies[:_noosfero_session] = session_obj.session_id
     assert_nothing_raised { get "/myprofile/#{person_identifier}" }
-    assert_equal 'public', ActiveRecord::Base.connection.schema_search_path
+    assert_equal 'public', ApplicationRecord.connection.schema_search_path
   end
 end
 require File.expand_path(File.dirname(__FILE__) +  "/../../../app/models/environment")
-class Environment < ActiveRecord::Base
+class Environment < ApplicationRecord
   def self.available_features
     {
     'feature1' => 'Enable Feature 1',
@@ -22,7 +22,7 @@ class TestController &lt; ApplicationController
   end
   def help_textile_with_string
-    render :inline => '<%= help_textile "*my_bold_help_message*" %>'
+    render :inline => '<%= help_textile "*my_bold_help_message*".html_safe %>'
   end
   def help_textile_with_block
@@ -5,9 +5,9 @@ module Noosfero::Factory
     attrs[:slug] = attrs[:name].to_slug if attrs[:name].present? && attrs[:slug].blank? && defaults[:slug].present?
     data = defaults_for(name.to_s.gsub('::','')).merge(attrs)
     klass = name.to_s.camelize.constantize
-    if klass.superclass != ActiveRecord::Base
-      data[:type] = klass.to_s
-    end
+
+    data[:type] = klass.to_s if klass.column_names.include? 'type'
+
     if options[:timestamps]
       fast_insert_with_timestamps(klass, data)
     else
@@ -129,7 +129,7 @@ module Noosfero::Factory
   def fast_insert(klass, data)
     names = data.keys
-    values = names.map {|k| ActiveRecord::Base.send(:sanitize_sql_array, ['?', data[k]]) }
+    values = names.map {|k| ApplicationRecord.send(:sanitize_sql_array, ['?', data[k]]) }
     sql = 'insert into %s(%s) values (%s)' % [klass.table_name, names.join(','), values.join(',')]
     klass.connection.execute(sql)
     klass.order(:id).last
@@ -187,14 +187,14 @@ class ActiveSupport::TestCase
   end
   def uses_postgresql(schema_name = 'test_schema')
-    adapter = ActiveRecord::Base.connection.class
+    adapter = ApplicationRecord.connection.class
     adapter.any_instance.stubs(:adapter_name).returns('PostgreSQL')
     adapter.any_instance.stubs(:schema_search_path).returns(schema_name)
     Noosfero::MultiTenancy.stubs(:on?).returns(true)
   end
   def uses_sqlite
-    adapter = ActiveRecord::Base.connection.class
+    adapter = ApplicationRecord.connection.class
     adapter.any_instance.stubs(:adapter_name).returns('SQLite')
     Noosfero::MultiTenancy.stubs(:on?).returns(false)
   end
@@ -43,7 +43,8 @@ class BlogHelperTest &lt; ActionView::TestCase
       "<#{tag}#{options.map{|k,v| " #{k}=\"#{[v].flatten.join(' ')}\""}.join}>#{content}</#{tag}>"
     end
-    html = Nokogiri::HTML list_posts(blog.posts)
+    html = Nokogiri::HTML list_posts(blog.posts).html_safe
+
     assert_select html, "div#post-#{newer_post.id}.blog-post.position-1.first.odd-post" +
                         " > div.odd-post-inner.blog-post-inner > .title", 'Last post'
     assert_select html, "div#post-#{hidden_post.id}.blog-post.position-2.not-published.even-post" +
@@ -22,7 +22,7 @@ class GeoRefTest &lt; ActiveSupport::TestCase
     @acme = Enterprise.create! environment: env, identifier: 'acme', name: 'ACME',
         city: 'Salvador', state: 'Bahia', country: 'BR', lat: -12.9, lng: -38.5
     def sql_dist_to(ll)
-      ActiveRecord::Base.connection.execute(
+      ApplicationRecord.connection.execute(
         "SELECT #{Noosfero::GeoRef.sql_dist ll[0], ll[1]} as dist" +
         " FROM profiles WHERE id = #{@acme.id};"
       ).first['dist'].to_f.round
@@ -36,7 +36,7 @@ class MultiTenancyTest &lt; ActiveSupport::TestCase
   def test_set_schema_by_host
     Noosfero::MultiTenancy.expects(:mapping).returns({ 'host' => 'schema' })
-    adapter = ActiveRecord::Base.connection.class
+    adapter = ApplicationRecord.connection.class
     adapter.any_instance.expects(:schema_search_path=).with('schema').returns(true)
     assert Noosfero::MultiTenancy.db_by_host = 'host'
   end
@@ -43,13 +43,13 @@ class PluginManagerTest &lt; ActiveSupport::TestCase
     class Plugin1 < Noosfero::Plugin
       def random_event
-        'Plugin 1 action.'
+        'Plugin 1 action.'.html_safe
       end
     end
     class Plugin2 < Noosfero::Plugin
       def random_event
-        'Plugin 2 action.'
+        'Plugin 2 action.'.html_safe
       end
     end
     Noosfero::Plugin.stubs(:all).returns(['PluginManagerTest::Plugin1', 'PluginManagerTest::Plugin2'])
@@ -70,19 +70,19 @@ class PluginManagerTest &lt; ActiveSupport::TestCase
     class Plugin1 < Noosfero::Plugin
       def random_event
-        'Plugin 1 action.'
+        'Plugin 1 action.'.html_safe
       end
     end
     class Plugin2 < Noosfero::Plugin
       def random_event
-        'Plugin 2 action.'
+        'Plugin 2 action.'.html_safe
       end
     end
     class Plugin3 < Noosfero::Plugin
       def random_event
-        'Plugin 3 action.'
+        'Plugin 3 action.'.html_safe
       end
     end
     Noosfero::Plugin.stubs(:all).returns(['PluginManagerTest::Plugin1', 'PluginManagerTest::Plugin2', 'PluginManagerTest::Plugin3'])
@@ -2,6 +2,8 @@ require_relative &quot;../test_helper&quot;
 class RecentDocumentsBlockTest < ActiveSupport::TestCase
+  include ActionView::Helpers::OutputSafetyHelper
+
   def setup
     @articles = []
     @profile = create_user('testinguser').person
@@ -1,34 +0,0 @@
-require_relative "../test_helper"
-
-# if this test is run without SQLite (e.g. with mysql or postgres), the tests
-# will just pass. The idea is to test our local extensions to SQLite.
-class SQliteExtensionTest < ActiveSupport::TestCase
-
-  if ActiveRecord::Base.connection.adapter_name =~ /^sqlite$/i
-
-    should 'have power function' do
-      assert_in_delta 8.0, ActiveRecord::Base.connection.execute('select pow(2.0, 3.0) as result').first['result'], 0.0001
-    end
-
-    should 'have radians function' do
-      assert_in_delta Math::PI/2, ActiveRecord::Base.connection.execute('select radians(90) as rad').first['rad'], 0.0001
-    end
-
-    should 'have square root function' do
-      assert_in_delta 1.4142, ActiveRecord::Base.connection.execute('select sqrt(2) as sqrt').first['sqrt'], 0.0001
-    end
-
-    should 'have a distance function' do
-      args = [32.918593, -96.958444, 32.951613, -96.958444].map{|l|l * Math::PI/180}
-      assert_in_delta 2.28402, ActiveRecord::Base.connection.execute("select spheric_distance(#{args.inspect[1..-2]}, 3963.19) as dist").first['dist'], 0.0001
-    end
-
-  else
-
-    should 'just pass (not using SQLite)' do
-      assert true
-    end
-
-  end
-
-end
	@@ -30,14 +30,47 @@ integration:		@@ -30,14 +30,47 @@ integration:
30	script: bundle exec rake test:integration	30	script: bundle exec rake test:integration
31	stage: all-tests	31	stage: all-tests
32		32
33	-cucumber:
34	- script: bundle exec rake cucumber	33	+cucumber-1:
		34	+ script: SLICE=1/2 bundle exec rake cucumber
		35	+ stage: all-tests
		36	+cucumber-2:
		37	+ script: SLICE=2/2 bundle exec rake cucumber
35	stage: all-tests	38	stage: all-tests
36		39
37	-selenium:
38	- script: bundle exec rake selenium	40	+selenium-1:
		41	+ script: SLICE=1/6 bundle exec rake selenium
		42	+ stage: all-tests
		43	+selenium-2:
		44	+ script: SLICE=2/6 bundle exec rake selenium
		45	+ stage: all-tests
		46	+selenium-3:
		47	+ script: SLICE=3/6 bundle exec rake selenium
		48	+ stage: all-tests
		49	+selenium-4:
		50	+ script: SLICE=4/6 bundle exec rake selenium
		51	+ stage: all-tests
		52	+selenium-5:
		53	+ script: SLICE=5/6 bundle exec rake selenium
		54	+ stage: all-tests
		55	+selenium-6:
		56	+ script: SLICE=6/6 bundle exec rake selenium
39	stage: all-tests	57	stage: all-tests
40		58
41	-plugins:
42	- script: bundle exec rake test:noosfero_plugins	59	+# NOOSFERO_BUNDLE_OPTS=install makes migrations fails
		60	+# probably because of rubygems-integration
		61	+plugins-1:
		62	+ script: SLICE=1/5 bundle exec rake test:noosfero_plugins
43	stage: all-tests	63	stage: all-tests
		64	+plugins-2:
		65	+ script: SLICE=2/5 bundle exec rake test:noosfero_plugins
		66	+ stage: all-tests
		67	+plugins-3:
		68	+ script: SLICE=3/5 bundle exec rake test:noosfero_plugins
		69	+ stage: all-tests
		70	+plugins-4:
		71	+ script: SLICE=4/5 bundle exec rake test:noosfero_plugins
		72	+ stage: all-tests
		73	+plugins-5:
		74	+ script: SLICE=5/5 bundle exec rake test:noosfero_plugins
		75	+ stage: all-tests
		76	+
	@@ -61,11 +61,11 @@ env:		@@ -61,11 +61,11 @@ env:
61	- SLICE=2/4 TASK=selenium	61	- SLICE=2/4 TASK=selenium
62	- SLICE=3/4 TASK=selenium	62	- SLICE=3/4 TASK=selenium
63	- SLICE=4/4 TASK=selenium	63	- SLICE=4/4 TASK=selenium
64	- - SLICE=1/5 TASK=test:noosfero_plugins BUNDLE_OPTS=install
65	- - SLICE=2/5 TASK=test:noosfero_plugins BUNDLE_OPTS=install
66	- - SLICE=3/5 TASK=test:noosfero_plugins BUNDLE_OPTS=install
67	- - SLICE=4/5 TASK=test:noosfero_plugins BUNDLE_OPTS=install
68	- - SLICE=5/5 TASK=test:noosfero_plugins BUNDLE_OPTS=install	64	+ - SLICE=1/5 TASK=test:noosfero_plugins NOOSFERO_BUNDLE_OPTS=install
		65	+ - SLICE=2/5 TASK=test:noosfero_plugins NOOSFERO_BUNDLE_OPTS=install
		66	+ - SLICE=3/5 TASK=test:noosfero_plugins NOOSFERO_BUNDLE_OPTS=install
		67	+ - SLICE=4/5 TASK=test:noosfero_plugins NOOSFERO_BUNDLE_OPTS=install
		68	+ - SLICE=5/5 TASK=test:noosfero_plugins NOOSFERO_BUNDLE_OPTS=install
69		69
70	script:	70	script:
71	- ./script/ci	71	- ./script/ci
	@@ -99,7 +99,7 @@ Description of contents		@@ -99,7 +99,7 @@ Description of contents
99	Holds controllers that should be named like weblog_controller.rb for automated URL mapping. All controllers should descend from `ActionController::Base`.	99	Holds controllers that should be named like weblog_controller.rb for automated URL mapping. All controllers should descend from `ActionController::Base`.
100		100
101	* `app/models`	101	* `app/models`
102	- Holds models that should be named like post.rb. Most models will descend from `ActiveRecord::Base`.	102	+ Holds models that should be named like post.rb. Most models will descend from `ApplicationRecord`.
103		103
104	* `app/views`	104	* `app/views`
105	Holds the template files for the view that should be named like `weblog/index.rhtml` for the `WeblogController#index` action. All views use eRuby syntax. This directory can also be used to keep stylesheets, images, and so on that can be symlinked to public.	105	Holds the template files for the view that should be named like `weblog/index.rhtml` for the `WeblogController#index` action. All views use eRuby syntax. This directory can also be used to keep stylesheets, images, and so on that can be symlinked to public.
	@@ -108,7 +108,7 @@ class CmsController < MyProfileController		@@ -108,7 +108,7 @@ class CmsController < MyProfileController
108	end	108	end
109		109
110	def new	110	def new
111	- # FIXME this method should share some logic wirh edit !!!	111	+ # FIXME this method should share some logic with edit !!!
112		112
113	@success_back_to = params[:success_back_to]	113	@success_back_to = params[:success_back_to]
114	# user must choose an article type first	114	# user must choose an article type first
	@@ -365,7 +365,7 @@ class CmsController < MyProfileController		@@ -365,7 +365,7 @@ class CmsController < MyProfileController
365	def search	365	def search
366	query = params[:q]	366	query = params[:q]
367	results = find_by_contents(:uploaded_files, profile, profile.files.published, query)[:results]	367	results = find_by_contents(:uploaded_files, profile, profile.files.published, query)[:results]
368	- render :text => article_list_to_json(results), :content_type => 'application/json'	368	+ render :text => article_list_to_json(results).html_safe, :content_type => 'application/json'
369	end	369	end
370		370
371	def search_article_privacy_exceptions	371	def search_article_privacy_exceptions
	@@ -5,22 +5,22 @@ module ActionTrackerHelper		@@ -5,22 +5,22 @@ module ActionTrackerHelper
5	end	5	end
6		6
7	def new_friendship_description ta	7	def new_friendship_description ta
8	- n_('has made 1 new friend:<br />%{name}', 'has made %{num} new friends:<br />%{name}', ta.get_friend_name.size) % {	8	+ n_('has made 1 new friend:<br />%{name}', 'has made %{num} new friends:<br />%{name}', ta.get_friend_name.size).html_safe % {
9	num: ta.get_friend_name.size,	9	num: ta.get_friend_name.size,
10	- name: ta.collect_group_with_index(:friend_name) do \|n,i\|	10	+ name: safe_join(ta.collect_group_with_index(:friend_name) do \|n,i\|
11	link_to image_tag(ta.get_friend_profile_custom_icon[i] \|\| default_or_themed_icon("/images/icons-app/person-icon.png")),	11	link_to image_tag(ta.get_friend_profile_custom_icon[i] \|\| default_or_themed_icon("/images/icons-app/person-icon.png")),
12	ta.get_friend_url[i], title: n	12	ta.get_friend_url[i], title: n
13	- end.join	13	+ end)
14	}	14	}
15	end	15	end
16		16
17	def join_community_description ta	17	def join_community_description ta
18	- n_('has joined 1 community:<br />%{name}', 'has joined %{num} communities:<br />%{name}', ta.get_resource_name.size) % {	18	+ n_('has joined 1 community:<br />%{name}'.html_safe, 'has joined %{num} communities:<br />%{name}'.html_safe, ta.get_resource_name.size) % {
19	num: ta.get_resource_name.size,	19	num: ta.get_resource_name.size,
20	name: ta.collect_group_with_index(:resource_name) do \|n,i\|	20	name: ta.collect_group_with_index(:resource_name) do \|n,i\|
21	- link_to image_tag(ta.get_resource_profile_custom_icon[i] \|\| default_or_themed_icon("/images/icons-app/community-icon.png")),	21	+ link = link_to image_tag(ta.get_resource_profile_custom_icon[i] \|\| default_or_themed_icon("/images/icons-app/community-icon.png")),
22	ta.get_resource_url[i], title: n	22	ta.get_resource_url[i], title: n
23	- end.join	23	+ end.join.html_safe
24	}	24	}
25	end	25	end
26		26
	@@ -3,13 +3,13 @@ module BlockHelper		@@ -3,13 +3,13 @@ module BlockHelper
3	def block_title(title, subtitle=nil)	3	def block_title(title, subtitle=nil)
4	block_header = block_heading title	4	block_header = block_heading title
5	block_header += block_heading(subtitle, 'h4') if subtitle	5	block_header += block_heading(subtitle, 'h4') if subtitle
6	- content_tag 'div', block_header, :class => 'block-header'	6	+ content_tag('div', block_header, :class => 'block-header').html_safe
7	end	7	end
8		8
9	def block_heading(title, heading='h3')	9	def block_heading(title, heading='h3')
10	tag_class = 'block-' + (heading == 'h3' ? 'title' : 'subtitle')	10	tag_class = 'block-' + (heading == 'h3' ? 'title' : 'subtitle')
11	tag_class += ' empty' if title.empty?	11	tag_class += ' empty' if title.empty?
12	- content_tag heading, content_tag('span', h(title)), :class => tag_class	12	+ content_tag heading, content_tag('span', h(title)), :class => tag_class.html_safe
13	end	13	end
14		14
15	def highlights_block_config_image_fields(block, image={}, row_number=nil)	15	def highlights_block_config_image_fields(block, image={}, row_number=nil)
	@@ -38,7 +38,7 @@ module BoxOrganizerHelper		@@ -38,7 +38,7 @@ module BoxOrganizerHelper
38	content_tag(:ul,	38	content_tag(:ul,
39	images_path.map do \|preview\|	39	images_path.map do \|preview\|
40	content_tag(:li, image_tag(preview, height: '240', alt: ''))	40	content_tag(:li, image_tag(preview, height: '240', alt: ''))
41	- end.join("\n")	41	+ end.join("\n").html_safe
42	)	42	)
43	end	43	end
44		44
	@@ -15,9 +15,9 @@ module ButtonsHelper		@@ -15,9 +15,9 @@ module ButtonsHelper
15	end	15	end
16	the_title = html_options[:title] \|\| label	16	the_title = html_options[:title] \|\| label
17	if html_options[:disabled]	17	if html_options[:disabled]
18	- content_tag('a', ' '+content_tag('span', label), html_options.merge(:class => the_class, :title => the_title))	18	+ content_tag('a', ' '.html_safe+content_tag('span', label), html_options.merge(:class => the_class, :title => the_title))
19	else	19	else
20	- link_to(' '+content_tag('span', label), url, html_options.merge(:class => the_class, :title => the_title))	20	+ link_to(' '.html_safe+content_tag('span', label), url, html_options.merge(:class => the_class, :title => the_title))
21	end	21	end
22	end	22	end
23		23
	@@ -19,18 +19,18 @@ module CatalogHelper		@@ -19,18 +19,18 @@ module CatalogHelper
19	ancestors = category.ancestors.map { \|c\| link_to(c.name, {:controller => :catalog, :action => 'index', :level => c.id}) }.reverse	19	ancestors = category.ancestors.map { \|c\| link_to(c.name, {:controller => :catalog, :action => 'index', :level => c.id}) }.reverse
20	current_level = content_tag('strong', category.name)	20	current_level = content_tag('strong', category.name)
21	all_items = [start] + ancestors + [current_level]	21	all_items = [start] + ancestors + [current_level]
22	- content_tag('div', all_items.join(' → '), :id => 'breadcrumb')	22	+ content_tag('div', safe_join(all_items, ' → '), :id => 'breadcrumb')
23	end	23	end
24		24
25	def category_link(category)	25	def category_link(category)
26	count = profile.products.from_category(category).count	26	count = profile.products.from_category(category).count
27	name = truncate(category.name, :length => 22 - count.to_s.size)	27	name = truncate(category.name, :length => 22 - count.to_s.size)
28	link = link_to(name, {:controller => 'catalog', :action => 'index', :level => category.id}, :title => category.name)	28	link = link_to(name, {:controller => 'catalog', :action => 'index', :level => category.id}, :title => category.name)
29	- content_tag('div', "#{link} <span class=\"count\">#{count}</span>") if count > 0	29	+ content_tag('div', "#{link} <span class=\"count\">#{count}</span>".html_safe) if count > 0
30	end	30	end
31		31
32	def category_with_sub_list(category)	32	def category_with_sub_list(category)
33	- content_tag 'li', "#{category_link(category)}\n#{sub_category_list(category)}"	33	+ content_tag 'li', "#{category_link(category)}\n#{sub_category_list(category)}".html_safe
34	end	34	end
35		35
36	def sub_category_list(category)	36	def sub_category_list(category)
	@@ -39,7 +39,7 @@ module CatalogHelper		@@ -39,7 +39,7 @@ module CatalogHelper
39	cat_link = category_link sub_category	39	cat_link = category_link sub_category
40	sub_categories << content_tag('li', cat_link) unless cat_link.nil?	40	sub_categories << content_tag('li', cat_link) unless cat_link.nil?
41	end	41	end
42	- content_tag('ul', sub_categories.join) if sub_categories.size > 0	42	+ content_tag('ul', sub_categories.join.html_safe) if sub_categories.size > 0
43	end	43	end
44		44
45	end	45	end
	@@ -35,7 +35,7 @@ module ForumHelper		@@ -35,7 +35,7 @@ module ForumHelper
35	:id => "post-#{art.id}"	35	:id => "post-#{art.id}"
36	)	36	)
37	}	37	}
38	- content_tag('table', content.join) + (pagination or '')	38	+ content_tag('table', safe_join(content, "")) + (pagination or '').html_safe
39	end	39	end
40		40
41	def last_topic_update(article)	41	def last_topic_update(article)