Merge branch 'noosfero' into rails4

Braulio Bhavamitra
2 parents 36a91335 92476194
Showing 40 changed files with 100 additions and 279 deletions Show diff stats
app/models/article.rb
app/models/favorite_enterprises_block.rb
app/views/blocks/highlights.html.erb
app/views/cms/media_panel/_image.html.erb
app/views/profile_editor/index.html.erb
lib/tasks/backup.rake
plugins/environment_notification/controllers/public/environment_notification_plugin_public_controller.rb
plugins/lattes_curriculum/lib/html_parser.rb
plugins/ldap/Gemfile
plugins/ldap/dependencies.rb
plugins/ldap/lib/ldap_authentication.rb
plugins/newsletter/lib/newsletter_plugin/newsletter.rb
plugins/solr/dependencies.rb
plugins/solr/install.rb
plugins/solr/vendor/plugins/acts_as_solr_reloaded/Rakefile
plugins/solr/vendor/plugins/acts_as_solr_reloaded/lib/acts_as_solr/tasks.rb
plugins/solr/vendor/plugins/acts_as_solr_reloaded/lib/solr/xml.rb
plugins/solr/vendor/plugins/acts_as_solr_reloaded/solr_test_rakefile.rb
plugins/solr/vendor/plugins/acts_as_solr_reloaded/test/test_helper.rb
plugins/solr/vendor/plugins/acts_as_solr_reloaded/test/unit/test_helper.rb
@@ -811,7 +811,7 @@ class Article &lt; ActiveRecord::Base
   end
   def first_image
-    img = ( image.present? && { 'src' => image.public_filename } ) ||
+    img = ( image.present? && { 'src' => File.join([Noosfero.root, image.public_filename].join) } ) ||
           Nokogiri::HTML.fragment(self.lead.to_s).css('img[src]').first ||
           Nokogiri::HTML.fragment(self.body.to_s).search('img').first
     img.nil? ? '' : img['src']
@@ -16,7 +16,7 @@ class FavoriteEnterprisesBlock &lt; ProfileListBlock
     owner = self.owner
     return '' unless owner.kind_of?(Person)
     proc do
-      link_to _('View all'), :profile => owner.identifier, :controller => 'profile', :action => 'favorite_enterprises'
+      link_to _('enterprises|View all'), {:profile => owner.identifier, :controller => 'profile', :action => 'favorite_enterprises'}, :class => 'view-all'
     end
   end
@@ -4,7 +4,7 @@
     <div class='highlights-container'>
       <% block.featured_images.each do |img| %>
         <a href="<%= img[:address] %>" title="<%= img[:title] %>" class="highlights-image-link">
-          <%= content_tag :img, nil, :src => img[:image_src], :alt => img[:title] %>
+          <%= image_tag [Noosfero.root, img[:image_src]].join, alt: img[:title] %>
           <p class="highlights-label"><%= img[:title] %></p>
         </a>
       <% end %>
 <div class="item image" data-item="span" title="<%= @file.name %>">
   <span>
-    <img src="<%= @file.public_filename(:uploaded) %>"/>
+    <%= image_tag(@file.public_filename(:uploaded)) %>
   </span>
   <div class="controls image-controls">
     <a class="button icon-add add-to-text" href="#"><span><%= _('Add to the text') %></span></a>
@@ -28,7 +28,7 @@
   <%= control_panel_button(_('Manage Content'), 'cms', :controller => 'cms') %>
-  <%= control_panel_button(_('Manage Roles'), 'roles', :controller => 'profile_roles') %>
+  <%= control_panel_button(_('Manage Roles'), 'roles', :controller => 'profile_roles') if profile.organization? %>
   <% unless profile.enterprise? %>
     <%= case profile.blogs.count
@@ -18,14 +18,15 @@ backup_dirs = [
 desc "Creates a backup of the database and uploaded files"
 task :backup => :check_backup_support do
   dirs = backup_dirs.select { |d| File.exists?(d) }
+  rails_env = ENV["RAILS_ENV"] || 'production'
   backup_name = Time.now.strftime('%Y-%m-%d-%R')
   backup_file = File.join('tmp/backup', backup_name) + '.tar.gz'
   mkdir_p 'tmp/backup'
   dump = File.join('tmp/backup', backup_name) + '.sql'
-  database = $config['production']['database']
-  host = $config['production']['host']
+  database = $config[rails_env]['database']
+  host = $config[rails_env]['host']
   host = host && "-h #{host}" || ""
   sh "pg_dump #{host} #{database} > #{dump}"
@@ -52,6 +53,7 @@ end
 desc "Restores a backup created previousy with \`rake backup\`"
 task :restore => :check_backup_support do
   backup = ENV["BACKUP"]
+  rails_env = ENV["RAILS_ENV"] || 'production'
   unless backup
     puts "usage: rake restore BACKUP=/path/to/backup"
     exit 1
@@ -81,9 +83,9 @@ task :restore =&gt; :check_backup_support do
   end
   dump = dumps.first
-  database = $config['production']['database']
-  username = $config['production']['username']
-  host = $config['production']['host']
+  database = $config[rails_env]['database']
+  username = $config[rails_env]['username']
+  host = $config[rails_env]['host']
   host = host && "-h #{host}" || ""
   puts "WARNING: backups should be restored to an empty database, otherwise"
@@ -102,10 +104,39 @@ task :restore =&gt; :check_backup_support do
   end
   sh 'tar', 'xaf', backup
-  sh "rails dbconsole production < #{dump}"
+  sh "rails dbconsole #{rails_env} < #{dump}"
   rm_f dump
   puts "****************************************************"
   puts "Backup restored!"
   puts "****************************************************"
 end
+
+desc 'Removes emails from database'
+task 'restore:remove_emails' => :environment do
+  connection = ActiveRecord::Base.connection
+  [
+    "UPDATE users SET email = concat('user', id, '@localhost.localdomain')",
+    "UPDATE environments SET contact_email = concat('environment', id, '@localhost.localdomain')",
+  ].each do |update|
+    puts update
+    connection.execute(update)
+  end
+
+  profiles = connection.execute("select id, data from profiles")
+  profiles.each do |profile|
+    if profile['data']
+      data = YAML.load(profile['data'])
+      if data[:contact_email] && data[:contact_email] !~ /@localhost.localdomain$/
+        data[:contact_email] = ['profile', profile['id'], '@localhost.localdomain'].join
+        sql = Environment.send(:sanitize_sql, [
+          "UPDATE profiles SET data = ? WHERE id = ?",
+          YAML.dump(data),
+          profile['id'],
+        ])
+        puts sql
+        connection.execute(sql)
+      end
+    end
+  end
+end
 class EnvironmentNotificationPluginPublicController < PublicController
   helper EnvironmentNotificationHelper
+  include EnvironmentNotificationHelper
   def notifications_with_popup
     @hide_notifications = hide_notifications
-require 'rubygems'
 require 'nokogiri'
 require 'open-uri'
 gem "net-ldap"
+gem "magic", ">= 0.2.8"
-require 'rubygems'
 require 'net/ldap'
@@ -15,7 +15,6 @@
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
-require 'rubygems'
 require 'iconv'
 require 'net/ldap'
 require 'net/ldap/dn'
@@ -111,15 +111,15 @@ class NewsletterPlugin::Newsletter &lt; Noosfero::Plugin::ActiveRecord
   include DatesHelper
   def message_to_public_link
-    content_tag(:p, N_("If you can't view this email, %s.") % link_to(N_('click here'), '{mailing_url}'), :id => 'newsletter-public-link')
+    content_tag(:p, _("If you can't view this email, %s.") % link_to(_('click here'), '{mailing_url}'), :id => 'newsletter-public-link')
   end
   def message_to_unsubscribe
-    content_tag(:div, N_("This is an automatically generated email, please do not reply. If you do not wish to receive future newsletter emails, %s.") % link_to(N_("cancel your subscription here"), self.unsubscribe_url, :style => CSS['public-link']), :style => CSS['newsletter-unsubscribe'], :id => 'newsletter-unsubscribe')
+    content_tag(:div, _("This is an automatically generated email, please do not reply. If you do not wish to receive future newsletter emails, %s.") % link_to(_("cancel your subscription here"), self.unsubscribe_url, :style => CSS['public-link']), :style => CSS['newsletter-unsubscribe'], :id => 'newsletter-unsubscribe')
   end
   def read_more(link_address)
-    content_tag(:p, link_to(N_('Read more'), link_address, :style => CSS['read-more-link']), :style => CSS['read-more-line'])
+    content_tag(:p, link_to(_('Read more'), link_address, :style => CSS['read-more-link']), :style => CSS['read-more-line'])
   end
   def post_with_image(post)
@@ -141,7 +141,7 @@ class NewsletterPlugin::Newsletter &lt; Noosfero::Plugin::ActiveRecord
   end
   def default_subject
-    N_('Breaking news')
+    _('Breaking news')
   end
   def subject
-require 'rubygems'
 require 'active_record'
 require "#{File.dirname(__FILE__)}/lib/acts_as_searchable"
 require "#{File.dirname(__FILE__)}/lib/acts_as_faceted"
 #raise "Not ready yet. Some tests are failing."
-require 'rubygems'
 require 'rake'
 tasks_dir = File.join(File.dirname(__FILE__), 'vendor', 'plugins', 'acts_as_solr_reloaded', 'lib', 'tasks', '*.rake')
-require 'rubygems'
 require 'rake'
 require 'rake/testtask'
 require 'rdoc/task'
 dir = File.dirname(__FILE__)
-require 'rubygems'
 require 'rake'
 require 'net/http'
 require 'active_record'
@@ -16,7 +16,6 @@ end
 begin
   # If we can load rubygems and libxml-ruby...
-  require 'rubygems'
   require 'xml/libxml'
   raise "acts_as_solr requires libxml-ruby 0.7 or greater" unless XML::Node.public_instance_methods.collect{|x| x.to_sym}.include?(:attributes)
-require 'rubygems'
 require 'rake'
 dir = File.dirname(__FILE__)
 $:.unshift("#{dir}/lib")
-require 'rubygems'
 require 'test/unit'
 require 'active_record'
 require 'active_record/fixtures'
 dir = File.dirname(__FILE__)
 $:.unshift(File.join(File.expand_path(dir), "..", "..", "lib"))
-require 'rubygems'
 require 'test/unit'
 require 'acts_as_solr'
 require 'mocha'
-require 'rubygems'
 require 'benchmark'
@@ -484,6 +484,7 @@ div#notice {
 #content .profile-list-block ul,
 #content .enterprises-block ul,
 #content .communities-block ul,
+#content .favorite-enterprises-block ul,
 #content .fans-block ul {
   min-width: 196px;
   width: 192px;
@@ -499,15 +500,14 @@ div#notice {
   display: block;
 }
+.block-footer-content {
+  text-align: center;
+  padding-top: 3px;
+}
+
 .block-footer-content a.view-all {
-  position: absolute;
-  top: 2px;
-  right: 0px;
   font-size: 11px;
   color: #000;
-  text-decoration: none;
-  padding-right: 15px;
-  background: url(imgs/arrow-right-p.png) 100% 50% no-repeat;
 }
 #content .profile-list-block .block-title {
@@ -5,7 +5,7 @@
 }
 .controller-cms .show-media-panel .with_media_panel {
-  width: 600px;
+  width: 540px;
   transition: 1s;
 }
@@ -77,7 +77,7 @@
 .text-editor-sidebar {
   position: absolute;
-  width: 280px;
+  width: 340px;
   right: 20px;
   top: 70px;
   max-height: 45px;
@@ -141,7 +141,7 @@
 }
 .text-editor-sidebar .image {
-  width: 80px;
+  width: 100px;
   margin: 2px;
   height: 80px;
   line-height: 80px;
@@ -1,34 +0,0 @@
-languages = Dir.glob('po/*').reject { |f| f =~ /pot$/ }.map { |f| File.basename(f) }
-
-core_files = `grep '#:' po/noosfero.pot | cut -d ':' -f 2 | sed 's/^\s*//' | grep -v '^plugins' | sort -u`.split.map { |f| [ '-N', f] }.flatten
-
-languages.each do |lang|
-
-  lang_plugins_po = "tmp/#{lang}_plugins.po"
-  system('msggrep', '-v', *core_files, '--output-file', lang_plugins_po, "po/#{lang}/noosfero.po")
-
-  Dir.glob('plugins/*').each do |plugindir|
-    plugin = File.basename(plugindir)
-    po = File.join(plugindir, 'po', lang, plugin + '.po')
-
-    files = []
-    Dir.glob("#{plugindir}/**/*.{rb,html.erb}").each do |f|
-      files << '-N' << f
-    end
-
-    system('mkdir', '-p', File.dirname(po))
-    system('msggrep', *files, '--output-file', po, lang_plugins_po)
-
-    if system("msgfmt --statistics -o /dev/null #{po} 2>&1 | grep -q '^0 translated message'")
-      # empty .po
-      system('rm', '-f', po)
-      puts "[#{lang}] #{plugin}: PO file empty, deleted"
-    else
-      puts "[#{lang}] #{plugin}"
-    end
-
-  end
-
-  system('rm', '-f', lang_plugins_po)
-  system('find plugins/*/po -type d -empty -delete')
-end
@@ -12,5 +12,13 @@ for ip in 10.0.2.2 192.168.122.1; do
   fi
 done
+sudo apt-get install -qy postfix
+sudo postconf virtual_alias_maps=hash:/etc/postfix/virtual
+sudo tee /etc/postfix/virtual <<EOF
+@localhost.localdomain  vagrant
+EOF
+sudo postmap /etc/postfix/virtual
+sudo service postfix reload
+
 cd /vagrant
 ./script/quick-start
@@ -1207,4 +1207,10 @@ class ProfileEditorControllerTest &lt; ActionController::TestCase
     get :header_footer, :profile => user.identifier
     assert_response :success
   end
+
+  should 'not display button to manage roles on control panel of person' do
+    get :index, :profile => profile.identifier
+    assert_no_tag :tag => 'a', :attributes => { :href => "/myprofile/default_user/profile_roles" }
+  end
+
 end
@@ -931,14 +931,6 @@ class ArticleTest &lt; ActiveSupport::TestCase
     assert_no_match(/<script>/, a.name)
   end
-  should 'escape malformed html tags' do
-    article = Article.new
-    article.name = "<h1 Malformed >> html >< tag"
-    article.valid?
-
-    assert_equal '<h1>&gt; html &gt;</h1>', article.name
-  end
-
   should 'return truncated title in short_title' do
     article = Article.new
     article.name = 'a123456789abcdefghij'
@@ -202,17 +202,6 @@ class CommentTest &lt; ActiveSupport::TestCase
     assert comment.errors[:body.to_s].present?
   end
-  should 'escape malformed html tags' do
-    owner = create_user('testuser').person
-    article = owner.articles.create(:name => 'test', :body => '...')
-    comment = build(Comment, :article => article, :title => '<h1 title </h1>>> sd f <<', :body => '<h1>> sdf><asd>< body </h1>', :name => '<h1 name </h1>>><<dfsf<sd', :email => 'cracker@test.org')
-    comment.valid?
-
-    assert_no_match /[<>]/, comment.title
-    assert_no_match /[<>]/, comment.body
-    assert_no_match /[<>]/, comment.name
-  end
-
   should 'use an existing image for deleted comments' do
     image = Comment.new.removed_user_image[1..-1]
     assert File.exists?(Rails.root.join('public', image)), "#{image} does not exist."
@@ -755,6 +744,18 @@ class CommentTest &lt; ActiveSupport::TestCase
     comment.destroy
   end
+  should 'not double escape html content after validation' do
+    comment = create_comment
+    body = 'Comment with "quotes"'
+    comment.body = body
+
+    comment.valid?
+    assert_equal body, comment.body
+
+    comment.valid?
+    assert_equal body, comment.body
+  end
+
   private
   def create_comment(args = {})
@@ -242,20 +242,6 @@ class CommunityTest &lt; ActiveSupport::TestCase
     end
   end
-  should 'escape malformed html tags' do
-    community = Community.new
-    community.name = "<h1 Malformed >> html >< tag"
-    community.address = "<h1 Malformed >,<<<asfdf> html >< tag"
-    community.contact_phone = "<h1 Malformed<<> >> html >><>< tag"
-    community.description = "<h1 Malformed /h1>>><<> html ><>h1< tag"
-    community.valid?
-
-    assert_no_match /[<>]/, community.name
-    assert_no_match /[<>]/, community.address
-    assert_no_match /[<>]/, community.contact_phone
-    assert_no_match /[<>]/, community.description
-  end
-
   should "the followed_by method be protected and true to the community members by default" do
     c = fast_create(Community)
     p1 = fast_create(Person)
@@ -1140,14 +1140,6 @@ class EnvironmentTest &lt; ActiveSupport::TestCase
     assert_equal "<h1> Disabled Enterprise </h1>", environment.message_for_disabled_enterprise
   end
-  should 'escape malformed html tags' do
-    environment = Environment.new
-    environment.message_for_disabled_enterprise = "<h1> Disabled Enterprise /h1>"
-    environment.valid?
-
-    assert_match /<h1> Disabled Enterprise \/h1&gt;<\/h1>/, environment.message_for_disabled_enterprise
-  end
-
   should 'not sanitize html comments' do
     environment = Environment.new
     environment.message_for_disabled_enterprise = '<p><!-- <asdf> << aasdfa >>> --> <h1> Wellformed html code </h1>'
@@ -263,24 +263,6 @@ class EventTest &lt; ActiveSupport::TestCase
     assert_not_includes profile.events.by_day(today), event_out_of_range
   end
-  should 'filter fields with full filter' do
-    event = Event.new
-    event.link = "<h1 Malformed >> html >< tag"
-    event.valid?
-
-    assert_no_match /[<>]/, event.link
-  end
-
-  should 'filter fields with white_list filter' do
-    event = Event.new
-    event.body = "<h1> Description </h1>"
-    event.address = "<strong> Address </strong>"
-    event.valid?
-
-    assert_equal "<h1> Description </h1>", event.body
-    assert_equal "<strong> Address </strong>", event.address
-  end
-
   should 'not filter & on link field' do
     event = Event.new
     event.link = 'myevent.com/?param1=value&param2=value2'
@@ -289,16 +271,6 @@ class EventTest &lt; ActiveSupport::TestCase
     assert_equal "http://myevent.com/?param1=value&param2=value2", event.link
   end
-  should 'escape malformed html tags' do
-    event = Event.new
-    event.body = "<h1<< Description >>/h1>"
-    event.address = "<strong>><< Address <strong>"
-    event.valid?
-
-    assert_match /<h1>&gt;\/h1&gt;<\/h1>/, event.body
-    assert_match /<strong>&gt;<\/strong>/, event.address
-  end
-
   should 'not sanitize html comments' do
     event = Event.new
     event.body = '<p><!-- <asdf> << aasdfa >>> --> <h1> Wellformed html code </h1>'
@@ -133,14 +133,6 @@ class FolderTest &lt; ActiveSupport::TestCase
     assert_match  /<p><!-- .* --> <\/p><h1> Wellformed html code <\/h1>/, folder.body
   end
-  should 'escape malformed html tags' do
-    folder = Folder.new
-    folder.body = "<h1<< Description >>/h1>"
-    folder.valid?
-
-    assert_match /<h1>&gt;\/h1&gt;<\/h1>/, folder.body
-  end
-
   should 'not have a blog as parent' do
     folder = Folder.new
     folder.parent = Blog.new
@@ -134,14 +134,6 @@ class GalleryTest &lt; ActiveSupport::TestCase
     assert_match  /<p><!-- .* --> <\/p><h1> Wellformed html code <\/h1>/, gallery.body
   end
-  should 'escape malformed html tags' do
-    gallery = Gallery.new
-    gallery.body = "<h1<< Description >>/h1>"
-    gallery.valid?
-
-    assert_match /<h1>&gt;\/h1&gt;<\/h1>/, gallery.body
-  end
-
   should 'accept uploads' do
     folder = fast_create(Gallery)
     assert folder.accept_uploads?
@@ -132,6 +132,19 @@ class HighlightsBlockTest &lt; ActiveSupport::TestCase
     assert_equal block.images.first[:address], "/social/address"
   end
+  should 'display images with subdir src' do
+    Noosfero.stubs(:root).returns("/social")
+    f1 = mock()
+    f1.expects(:public_filename).returns('/img_address')
+    UploadedFile.expects(:find).with(1).returns(f1)
+    block = HighlightsBlock.new
+    i1 = {:image_id => 1, :address => '/address'}
+    block.images = [i1]
+    block.save!
+
+    assert_tag_in_string instance_eval(& block.content), :tag => 'img', :attributes => { :src => "/social/img_address" }
+  end
+
   [Environment, Profile].each do |klass|
     should "choose between owner galleries when owner is #{klass.name}" do
       owner = fast_create(klass)
@@ -253,25 +253,6 @@ class OrganizationTest &lt; ActiveSupport::TestCase
     assert organization.closed
   end
-  should 'escape malformed html tags' do
-    organization = Organization.new
-    organization.acronym = "<h1 Malformed >> html >< tag"
-    organization.contact_person = "<h1 Malformed >,<<<asfdf> html >< tag"
-    organization.contact_email = "<h1<malformed@html.com>>"
-    organization.description = "<h1 Malformed /h1>>><<> html ><>h1< tag"
-    organization.legal_form = "<h1 Malformed /h1>>><<> html ><>h1< tag"
-    organization.economic_activity = "<h1 Malformed /h1>>><<> html ><>h1< tag"
-    organization.management_information = "<h1 Malformed /h1>>><<> html ><>h1< tag"
-    organization.valid?
-
-    assert_no_match /[<>]/, organization.acronym
-    assert_no_match /[<>]/, organization.contact_person
-    assert_no_match /[<>]/, organization.contact_email
-    assert_no_match /[<>]/, organization.legal_form
-    assert_no_match /[<>]/, organization.economic_activity
-    assert_no_match /[<>]/, organization.management_information
-  end
-
   should "the followed_by? be true only to members" do
     o = fast_create(Organization)
     p1 = fast_create(Person)
@@ -171,16 +171,6 @@ class ProductTest &lt; ActiveSupport::TestCase
     assert_equal @product_category.name, product.name
   end
-  should 'escape malformed html tags' do
-    product = build(Product, :product_category => @product_category)
-    product.name = "<h1 Malformed >> html >< tag"
-    product.description = "<h1 Malformed</h1>><<<a>> >> html >< tag"
-    product.valid?
-
-    assert_no_match /[<>]/, product.name
-    assert_match /<h1>&gt;&gt; &gt;&gt; html &gt;<\/h1>/, product.description
-  end
-
   should 'use name of category when has no name yet' do
     product = Product.new
     product.product_category = @product_category
@@ -1699,34 +1699,6 @@ class ProfileTest &lt; ActiveSupport::TestCase
     assert_equal "<strong> Custom Footer <strong>", profile.custom_footer
   end
-  should 'escape malformed html tags' do
-    profile = Profile.new
-    profile.name = "<h1 Malformed >> html >>></a>< tag"
-    profile.nickname = "<h1 Malformed <<h1>>< html >< tag"
-    profile.address = "<h1><</h2< Malformed >> html >< tag"
-    profile.contact_phone = "<h1<< Malformed ><>>> html >< tag"
-    profile.description = "<h1<a> Malformed >> html ></a>< tag"
-    profile.valid?
-
-    assert_no_match /[<>]/, profile.name
-    assert_no_match /[<>]/, profile.nickname
-    assert_no_match /[<>]/, profile.address
-    assert_no_match /[<>]/, profile.contact_phone
-    assert_no_match /[<>]/, profile.description
-    assert_no_match /[<>]/, profile.custom_header
-    assert_no_match /[<>]/, profile.custom_footer
-  end
-
-  should 'escape malformed html tags in header and footer' do
-    profile = fast_create(Profile)
-    profile.custom_header = "<h1<a>><<> Malformed >> html ></a>< tag"
-    profile.custom_footer = "<h1> Malformed <><< html ></a>< tag"
-    profile.save
-
-    assert_match /<h1>&gt; Malformed &gt;&gt; html &gt;<\/h1>/, profile.custom_header
-    assert_match /<h1> Malformed <\/h1>/, profile.custom_footer
-  end
-
   should 'not sanitize html comments' do
     profile = Profile.new
     profile.custom_header = '<p><!-- <asdf> << aasdfa >>> --> <h1> Wellformed html code </h1>'
@@ -14,15 +14,6 @@ class TextArticleTest &lt; ActiveSupport::TestCase
     assert_includes TextArticle.find(:all), article
   end
-  should 'remove HTML from name' do
-    person = create_user('testuser').person
-    article = TextArticle.new(:profile => person)
-    article.name = "<h1 Malformed >> html >>></a>< tag"
-    article.valid?
-
-    assert_no_match /[<>]/, article.name
-  end
-
   should 'be translatable' do
     assert_kind_of Noosfero::TranslatableContent, TextArticle.new
   end
@@ -21,14 +21,4 @@ class ValidationInfoTest &lt; ActiveSupport::TestCase
     end
   end
-  should 'escape malformed html tags' do
-    info = ValidationInfo.new
-    info.validation_methodology = "<h1 Malformed >> html >< tag"
-    info.restrictions = "<h1 Malformed >> html >< tag"
-    info.valid?
-
-    assert_no_match /[<>]/, info.validation_methodology
-    assert_no_match /[<>]/, info.restrictions
-  end
-
 end
@@ -38,7 +38,7 @@ module XssTerminate
   module InstanceMethods
-    def sanitize_field(sanitizer, field, serialized = false, with= :full)
+    def sanitize_field(sanitizer, field, serialized = false)
       field = field.to_sym
       if serialized
         puts field
@@ -49,25 +49,11 @@ module XssTerminate
       else
         if self[field]
           self[field] = sanitizer.sanitize(self[field])
-
-          if with == :full
-            self[field] = CGI.escapeHTML(self[field])
-          elsif with == :white_list
-            self[field] = CGI.escapeHTML(self[field]) if !wellformed_html_code?(self[field])
-          end
-
         else
           value = self.send("#{field}")
           return unless value
           value = sanitizer.sanitize(value)
           self.send("#{field}=", value)
-
-          if with == :full
-            self.send("#{field}=", CGI.escapeHTML(value))
-          elsif with == :white_list
-            self.send("#{field}=", CGI.escapeHTML(value)) if !wellformed_html_code?(value)
-          end
-
         end
       end
     end
@@ -86,7 +72,7 @@ module XssTerminate
       sanitizer = ActionView::Base.full_sanitizer
       columns, columns_serialized = sanitize_columns(:full)
       columns.each do |column|
-        sanitize_field(sanitizer, column.to_sym, columns_serialized.include?(column), :full)
+        sanitize_field(sanitizer, column.to_sym, columns_serialized.include?(column))
       end
     end
@@ -94,7 +80,7 @@ module XssTerminate
       sanitizer = ActionView::Base.white_list_sanitizer
       columns, columns_serialized = sanitize_columns(:white_list)
       columns.each do |column|
-        sanitize_field(sanitizer, column.to_sym, columns_serialized.include?(column), :white_list)
+        sanitize_field(sanitizer, column.to_sym, columns_serialized.include?(column))
       end
    end
@@ -102,38 +88,8 @@ module XssTerminate
       sanitizer = HTML5libSanitize.new
       columns = sanitize_columns(:html5lib)
       columns.each do |column|
-        sanitize_field(sanitizer, column.to_sym, columns_serialized.include?(column), :html5lib)
-      end
-    end
-
-    def wellformed_html_code?(field)
-      return true if !field
-      counter = 0
-      in_comment = false
-      field=field.split(//)
-      for i in 0..field.length-1
-        if !in_comment
-          if field[i] == '<'
-            if field[i+1..i+3] == ["!","-","-"]
-              in_comment = true
-            else
-              counter += 1
-            end
-          elsif field[i] == '>'
-            counter -= 1
-          end
-        else
-          if field[i-2..i] == ["-","-",">"]
-            in_comment = false
-          end
-        end
-
-        if counter < 0 || 1 < counter
-          return false
-        end
+        sanitize_field(sanitizer, column.to_sym, columns_serialized.include?(column))
       end
-
-      return counter == 0
     end
   end
	@@ -811,7 +811,7 @@ class Article < ActiveRecord::Base		@@ -811,7 +811,7 @@ class Article < ActiveRecord::Base
811	end	811	end
812		812
813	def first_image	813	def first_image
814	- img = ( image.present? && { 'src' => image.public_filename } ) \|\|	814	+ img = ( image.present? && { 'src' => File.join([Noosfero.root, image.public_filename].join) } ) \|\|
815	Nokogiri::HTML.fragment(self.lead.to_s).css('img[src]').first \|\|	815	Nokogiri::HTML.fragment(self.lead.to_s).css('img[src]').first \|\|
816	Nokogiri::HTML.fragment(self.body.to_s).search('img').first	816	Nokogiri::HTML.fragment(self.body.to_s).search('img').first
817	img.nil? ? '' : img['src']	817	img.nil? ? '' : img['src']
	@@ -16,7 +16,7 @@ class FavoriteEnterprisesBlock < ProfileListBlock		@@ -16,7 +16,7 @@ class FavoriteEnterprisesBlock < ProfileListBlock
16	owner = self.owner	16	owner = self.owner
17	return '' unless owner.kind_of?(Person)	17	return '' unless owner.kind_of?(Person)
18	proc do	18	proc do
19	- link_to _('View all'), :profile => owner.identifier, :controller => 'profile', :action => 'favorite_enterprises'	19	+ link_to _('enterprises\|View all'), {:profile => owner.identifier, :controller => 'profile', :action => 'favorite_enterprises'}, :class => 'view-all'
20	end	20	end
21	end	21	end
22		22
	@@ -4,7 +4,7 @@		@@ -4,7 +4,7 @@
4	<div class='highlights-container'>	4	<div class='highlights-container'>
5	<% block.featured_images.each do \|img\| %>	5	<% block.featured_images.each do \|img\| %>
6	<a href="<%= img[:address] %>" title="<%= img[:title] %>" class="highlights-image-link">	6	<a href="<%= img[:address] %>" title="<%= img[:title] %>" class="highlights-image-link">
7	- <%= content_tag :img, nil, :src => img[:image_src], :alt => img[:title] %>	7	+ <%= image_tag [Noosfero.root, img[:image_src]].join, alt: img[:title] %>
8	<p class="highlights-label"><%= img[:title] %></p>	8	<p class="highlights-label"><%= img[:title] %></p>
9	</a>	9	</a>
10	<% end %>	10	<% end %>
1	<div class="item image" data-item="span" title="<%= @file.name %>">	1	<div class="item image" data-item="span" title="<%= @file.name %>">
2	<span>	2	<span>
3	- <img src="<%= @file.public_filename(:uploaded) %>"/>	3	+ <%= image_tag(@file.public_filename(:uploaded)) %>
4	</span>	4	</span>
5	<div class="controls image-controls">	5	<div class="controls image-controls">
6	<a class="button icon-add add-to-text" href="#"><span><%= _('Add to the text') %></span></a>	6	<a class="button icon-add add-to-text" href="#"><span><%= _('Add to the text') %></span></a>
	@@ -28,7 +28,7 @@		@@ -28,7 +28,7 @@
28		28
29	<%= control_panel_button(_('Manage Content'), 'cms', :controller => 'cms') %>	29	<%= control_panel_button(_('Manage Content'), 'cms', :controller => 'cms') %>
30		30
31	- <%= control_panel_button(_('Manage Roles'), 'roles', :controller => 'profile_roles') %>	31	+ <%= control_panel_button(_('Manage Roles'), 'roles', :controller => 'profile_roles') if profile.organization? %>
32		32
33	<% unless profile.enterprise? %>	33	<% unless profile.enterprise? %>
34	<%= case profile.blogs.count	34	<%= case profile.blogs.count
	@@ -18,14 +18,15 @@ backup_dirs = [		@@ -18,14 +18,15 @@ backup_dirs = [
18	desc "Creates a backup of the database and uploaded files"	18	desc "Creates a backup of the database and uploaded files"
19	task :backup => :check_backup_support do	19	task :backup => :check_backup_support do
20	dirs = backup_dirs.select { \|d\| File.exists?(d) }	20	dirs = backup_dirs.select { \|d\| File.exists?(d) }
		21	+ rails_env = ENV["RAILS_ENV"] \|\| 'production'
21		22
22	backup_name = Time.now.strftime('%Y-%m-%d-%R')	23	backup_name = Time.now.strftime('%Y-%m-%d-%R')
23	backup_file = File.join('tmp/backup', backup_name) + '.tar.gz'	24	backup_file = File.join('tmp/backup', backup_name) + '.tar.gz'
24	mkdir_p 'tmp/backup'	25	mkdir_p 'tmp/backup'
25	dump = File.join('tmp/backup', backup_name) + '.sql'	26	dump = File.join('tmp/backup', backup_name) + '.sql'
26		27
27	- database = $config['production']['database']
28	- host = $config['production']['host']	28	+ database = $config[rails_env]['database']
		29	+ host = $config[rails_env]['host']
29	host = host && "-h #{host}" \|\| ""	30	host = host && "-h #{host}" \|\| ""
30	sh "pg_dump #{host} #{database} > #{dump}"	31	sh "pg_dump #{host} #{database} > #{dump}"
31		32
	@@ -52,6 +53,7 @@ end		@@ -52,6 +53,7 @@ end
52	desc "Restores a backup created previousy with \`rake backup\`"	53	desc "Restores a backup created previousy with \`rake backup\`"
53	task :restore => :check_backup_support do	54	task :restore => :check_backup_support do
54	backup = ENV["BACKUP"]	55	backup = ENV["BACKUP"]
		56	+ rails_env = ENV["RAILS_ENV"] \|\| 'production'
55	unless backup	57	unless backup
56	puts "usage: rake restore BACKUP=/path/to/backup"	58	puts "usage: rake restore BACKUP=/path/to/backup"
57	exit 1	59	exit 1
	@@ -81,9 +83,9 @@ task :restore => :check_backup_support do		@@ -81,9 +83,9 @@ task :restore => :check_backup_support do
81	end	83	end
82	dump = dumps.first	84	dump = dumps.first
83		85
84	- database = $config['production']['database']
85	- username = $config['production']['username']
86	- host = $config['production']['host']	86	+ database = $config[rails_env]['database']
		87	+ username = $config[rails_env]['username']
		88	+ host = $config[rails_env]['host']
87	host = host && "-h #{host}" \|\| ""	89	host = host && "-h #{host}" \|\| ""
88		90
89	puts "WARNING: backups should be restored to an empty database, otherwise"	91	puts "WARNING: backups should be restored to an empty database, otherwise"
	@@ -102,10 +104,39 @@ task :restore => :check_backup_support do		@@ -102,10 +104,39 @@ task :restore => :check_backup_support do
102	end	104	end
103		105
104	sh 'tar', 'xaf', backup	106	sh 'tar', 'xaf', backup
105	- sh "rails dbconsole production < #{dump}"	107	+ sh "rails dbconsole #{rails_env} < #{dump}"
106	rm_f dump	108	rm_f dump
107		109
108	puts "****************************************************"	110	puts "****************************************************"
109	puts "Backup restored!"	111	puts "Backup restored!"
110	puts "****************************************************"	112	puts "****************************************************"
111	end	113	end
		114	+
		115	+desc 'Removes emails from database'
		116	+task 'restore:remove_emails' => :environment do
		117	+ connection = ActiveRecord::Base.connection
		118	+ [
		119	+ "UPDATE users SET email = concat('user', id, '@localhost.localdomain')",
		120	+ "UPDATE environments SET contact_email = concat('environment', id, '@localhost.localdomain')",
		121	+ ].each do \|update\|
		122	+ puts update
		123	+ connection.execute(update)
		124	+ end
		125	+
		126	+ profiles = connection.execute("select id, data from profiles")
		127	+ profiles.each do \|profile\|
		128	+ if profile['data']
		129	+ data = YAML.load(profile['data'])
		130	+ if data[:contact_email] && data[:contact_email] !~ /@localhost.localdomain$/
		131	+ data[:contact_email] = ['profile', profile['id'], '@localhost.localdomain'].join
		132	+ sql = Environment.send(:sanitize_sql, [
		133	+ "UPDATE profiles SET data = ? WHERE id = ?",
		134	+ YAML.dump(data),
		135	+ profile['id'],
		136	+ ])
		137	+ puts sql
		138	+ connection.execute(sql)
		139	+ end
		140	+ end
		141	+ end
		142	+end
1	class EnvironmentNotificationPluginPublicController < PublicController	1	class EnvironmentNotificationPluginPublicController < PublicController
2		2
3	helper EnvironmentNotificationHelper	3	helper EnvironmentNotificationHelper
		4	+ include EnvironmentNotificationHelper
4		5
5	def notifications_with_popup	6	def notifications_with_popup
6	@hide_notifications = hide_notifications	7	@hide_notifications = hide_notifications
1	-require 'rubygems'
2	require 'nokogiri'	1	require 'nokogiri'
3	require 'open-uri'	2	require 'open-uri'
4		3
	@@ -15,7 +15,6 @@		@@ -15,7 +15,6 @@
15	# along with this program; if not, write to the Free Software	15	# along with this program; if not, write to the Free Software
16	# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.	16	# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17		17
18	-require 'rubygems'
19	require 'iconv'	18	require 'iconv'
20	require 'net/ldap'	19	require 'net/ldap'
21	require 'net/ldap/dn'	20	require 'net/ldap/dn'
	@@ -111,15 +111,15 @@ class NewsletterPlugin::Newsletter < Noosfero::Plugin::ActiveRecord		@@ -111,15 +111,15 @@ class NewsletterPlugin::Newsletter < Noosfero::Plugin::ActiveRecord
111	include DatesHelper	111	include DatesHelper
112		112
113	def message_to_public_link	113	def message_to_public_link
114	- content_tag(:p, N_("If you can't view this email, %s.") % link_to(N_('click here'), '{mailing_url}'), :id => 'newsletter-public-link')	114	+ content_tag(:p, _("If you can't view this email, %s.") % link_to(_('click here'), '{mailing_url}'), :id => 'newsletter-public-link')
115	end	115	end
116		116
117	def message_to_unsubscribe	117	def message_to_unsubscribe
118	- content_tag(:div, N_("This is an automatically generated email, please do not reply. If you do not wish to receive future newsletter emails, %s.") % link_to(N_("cancel your subscription here"), self.unsubscribe_url, :style => CSS['public-link']), :style => CSS['newsletter-unsubscribe'], :id => 'newsletter-unsubscribe')	118	+ content_tag(:div, _("This is an automatically generated email, please do not reply. If you do not wish to receive future newsletter emails, %s.") % link_to(_("cancel your subscription here"), self.unsubscribe_url, :style => CSS['public-link']), :style => CSS['newsletter-unsubscribe'], :id => 'newsletter-unsubscribe')
119	end	119	end
120		120
121	def read_more(link_address)	121	def read_more(link_address)
122	- content_tag(:p, link_to(N_('Read more'), link_address, :style => CSS['read-more-link']), :style => CSS['read-more-line'])	122	+ content_tag(:p, link_to(_('Read more'), link_address, :style => CSS['read-more-link']), :style => CSS['read-more-line'])
123	end	123	end
124		124
125	def post_with_image(post)	125	def post_with_image(post)
	@@ -141,7 +141,7 @@ class NewsletterPlugin::Newsletter < Noosfero::Plugin::ActiveRecord		@@ -141,7 +141,7 @@ class NewsletterPlugin::Newsletter < Noosfero::Plugin::ActiveRecord
141	end	141	end
142		142
143	def default_subject	143	def default_subject
144	- N_('Breaking news')	144	+ _('Breaking news')
145	end	145	end
146		146
147	def subject	147	def subject