Commit 1b6f9e37f5111d4029d9c106946a43e12926fff4
Exists in
master
and in
20 other branches
Merge branch 'noosfero' into rails4
Showing
40 changed files
with
100 additions
and
279 deletions
Show diff stats
app/models/article.rb
| @@ -811,7 +811,7 @@ class Article < ActiveRecord::Base | @@ -811,7 +811,7 @@ class Article < ActiveRecord::Base | ||
| 811 | end | 811 | end |
| 812 | 812 | ||
| 813 | def first_image | 813 | def first_image |
| 814 | - img = ( image.present? && { 'src' => image.public_filename } ) || | 814 | + img = ( image.present? && { 'src' => File.join([Noosfero.root, image.public_filename].join) } ) || |
| 815 | Nokogiri::HTML.fragment(self.lead.to_s).css('img[src]').first || | 815 | Nokogiri::HTML.fragment(self.lead.to_s).css('img[src]').first || |
| 816 | Nokogiri::HTML.fragment(self.body.to_s).search('img').first | 816 | Nokogiri::HTML.fragment(self.body.to_s).search('img').first |
| 817 | img.nil? ? '' : img['src'] | 817 | img.nil? ? '' : img['src'] |
app/models/favorite_enterprises_block.rb
| @@ -16,7 +16,7 @@ class FavoriteEnterprisesBlock < ProfileListBlock | @@ -16,7 +16,7 @@ class FavoriteEnterprisesBlock < ProfileListBlock | ||
| 16 | owner = self.owner | 16 | owner = self.owner |
| 17 | return '' unless owner.kind_of?(Person) | 17 | return '' unless owner.kind_of?(Person) |
| 18 | proc do | 18 | proc do |
| 19 | - link_to _('View all'), :profile => owner.identifier, :controller => 'profile', :action => 'favorite_enterprises' | 19 | + link_to _('enterprises|View all'), {:profile => owner.identifier, :controller => 'profile', :action => 'favorite_enterprises'}, :class => 'view-all' |
| 20 | end | 20 | end |
| 21 | end | 21 | end |
| 22 | 22 |
app/views/blocks/highlights.html.erb
| @@ -4,7 +4,7 @@ | @@ -4,7 +4,7 @@ | ||
| 4 | <div class='highlights-container'> | 4 | <div class='highlights-container'> |
| 5 | <% block.featured_images.each do |img| %> | 5 | <% block.featured_images.each do |img| %> |
| 6 | <a href="<%= img[:address] %>" title="<%= img[:title] %>" class="highlights-image-link"> | 6 | <a href="<%= img[:address] %>" title="<%= img[:title] %>" class="highlights-image-link"> |
| 7 | - <%= content_tag :img, nil, :src => img[:image_src], :alt => img[:title] %> | 7 | + <%= image_tag [Noosfero.root, img[:image_src]].join, alt: img[:title] %> |
| 8 | <p class="highlights-label"><%= img[:title] %></p> | 8 | <p class="highlights-label"><%= img[:title] %></p> |
| 9 | </a> | 9 | </a> |
| 10 | <% end %> | 10 | <% end %> |
app/views/cms/media_panel/_image.html.erb
| 1 | <div class="item image" data-item="span" title="<%= @file.name %>"> | 1 | <div class="item image" data-item="span" title="<%= @file.name %>"> |
| 2 | <span> | 2 | <span> |
| 3 | - <img src="<%= @file.public_filename(:uploaded) %>"/> | 3 | + <%= image_tag(@file.public_filename(:uploaded)) %> |
| 4 | </span> | 4 | </span> |
| 5 | <div class="controls image-controls"> | 5 | <div class="controls image-controls"> |
| 6 | <a class="button icon-add add-to-text" href="#"><span><%= _('Add to the text') %></span></a> | 6 | <a class="button icon-add add-to-text" href="#"><span><%= _('Add to the text') %></span></a> |
app/views/profile_editor/index.html.erb
| @@ -28,7 +28,7 @@ | @@ -28,7 +28,7 @@ | ||
| 28 | 28 | ||
| 29 | <%= control_panel_button(_('Manage Content'), 'cms', :controller => 'cms') %> | 29 | <%= control_panel_button(_('Manage Content'), 'cms', :controller => 'cms') %> |
| 30 | 30 | ||
| 31 | - <%= control_panel_button(_('Manage Roles'), 'roles', :controller => 'profile_roles') %> | 31 | + <%= control_panel_button(_('Manage Roles'), 'roles', :controller => 'profile_roles') if profile.organization? %> |
| 32 | 32 | ||
| 33 | <% unless profile.enterprise? %> | 33 | <% unless profile.enterprise? %> |
| 34 | <%= case profile.blogs.count | 34 | <%= case profile.blogs.count |
lib/tasks/backup.rake
| @@ -18,14 +18,15 @@ backup_dirs = [ | @@ -18,14 +18,15 @@ backup_dirs = [ | ||
| 18 | desc "Creates a backup of the database and uploaded files" | 18 | desc "Creates a backup of the database and uploaded files" |
| 19 | task :backup => :check_backup_support do | 19 | task :backup => :check_backup_support do |
| 20 | dirs = backup_dirs.select { |d| File.exists?(d) } | 20 | dirs = backup_dirs.select { |d| File.exists?(d) } |
| 21 | + rails_env = ENV["RAILS_ENV"] || 'production' | ||
| 21 | 22 | ||
| 22 | backup_name = Time.now.strftime('%Y-%m-%d-%R') | 23 | backup_name = Time.now.strftime('%Y-%m-%d-%R') |
| 23 | backup_file = File.join('tmp/backup', backup_name) + '.tar.gz' | 24 | backup_file = File.join('tmp/backup', backup_name) + '.tar.gz' |
| 24 | mkdir_p 'tmp/backup' | 25 | mkdir_p 'tmp/backup' |
| 25 | dump = File.join('tmp/backup', backup_name) + '.sql' | 26 | dump = File.join('tmp/backup', backup_name) + '.sql' |
| 26 | 27 | ||
| 27 | - database = $config['production']['database'] | ||
| 28 | - host = $config['production']['host'] | 28 | + database = $config[rails_env]['database'] |
| 29 | + host = $config[rails_env]['host'] | ||
| 29 | host = host && "-h #{host}" || "" | 30 | host = host && "-h #{host}" || "" |
| 30 | sh "pg_dump #{host} #{database} > #{dump}" | 31 | sh "pg_dump #{host} #{database} > #{dump}" |
| 31 | 32 | ||
| @@ -52,6 +53,7 @@ end | @@ -52,6 +53,7 @@ end | ||
| 52 | desc "Restores a backup created previousy with \`rake backup\`" | 53 | desc "Restores a backup created previousy with \`rake backup\`" |
| 53 | task :restore => :check_backup_support do | 54 | task :restore => :check_backup_support do |
| 54 | backup = ENV["BACKUP"] | 55 | backup = ENV["BACKUP"] |
| 56 | + rails_env = ENV["RAILS_ENV"] || 'production' | ||
| 55 | unless backup | 57 | unless backup |
| 56 | puts "usage: rake restore BACKUP=/path/to/backup" | 58 | puts "usage: rake restore BACKUP=/path/to/backup" |
| 57 | exit 1 | 59 | exit 1 |
| @@ -81,9 +83,9 @@ task :restore => :check_backup_support do | @@ -81,9 +83,9 @@ task :restore => :check_backup_support do | ||
| 81 | end | 83 | end |
| 82 | dump = dumps.first | 84 | dump = dumps.first |
| 83 | 85 | ||
| 84 | - database = $config['production']['database'] | ||
| 85 | - username = $config['production']['username'] | ||
| 86 | - host = $config['production']['host'] | 86 | + database = $config[rails_env]['database'] |
| 87 | + username = $config[rails_env]['username'] | ||
| 88 | + host = $config[rails_env]['host'] | ||
| 87 | host = host && "-h #{host}" || "" | 89 | host = host && "-h #{host}" || "" |
| 88 | 90 | ||
| 89 | puts "WARNING: backups should be restored to an empty database, otherwise" | 91 | puts "WARNING: backups should be restored to an empty database, otherwise" |
| @@ -102,10 +104,39 @@ task :restore => :check_backup_support do | @@ -102,10 +104,39 @@ task :restore => :check_backup_support do | ||
| 102 | end | 104 | end |
| 103 | 105 | ||
| 104 | sh 'tar', 'xaf', backup | 106 | sh 'tar', 'xaf', backup |
| 105 | - sh "rails dbconsole production < #{dump}" | 107 | + sh "rails dbconsole #{rails_env} < #{dump}" |
| 106 | rm_f dump | 108 | rm_f dump |
| 107 | 109 | ||
| 108 | puts "****************************************************" | 110 | puts "****************************************************" |
| 109 | puts "Backup restored!" | 111 | puts "Backup restored!" |
| 110 | puts "****************************************************" | 112 | puts "****************************************************" |
| 111 | end | 113 | end |
| 114 | + | ||
| 115 | +desc 'Removes emails from database' | ||
| 116 | +task 'restore:remove_emails' => :environment do | ||
| 117 | + connection = ActiveRecord::Base.connection | ||
| 118 | + [ | ||
| 119 | + "UPDATE users SET email = concat('user', id, '@localhost.localdomain')", | ||
| 120 | + "UPDATE environments SET contact_email = concat('environment', id, '@localhost.localdomain')", | ||
| 121 | + ].each do |update| | ||
| 122 | + puts update | ||
| 123 | + connection.execute(update) | ||
| 124 | + end | ||
| 125 | + | ||
| 126 | + profiles = connection.execute("select id, data from profiles") | ||
| 127 | + profiles.each do |profile| | ||
| 128 | + if profile['data'] | ||
| 129 | + data = YAML.load(profile['data']) | ||
| 130 | + if data[:contact_email] && data[:contact_email] !~ /@localhost.localdomain$/ | ||
| 131 | + data[:contact_email] = ['profile', profile['id'], '@localhost.localdomain'].join | ||
| 132 | + sql = Environment.send(:sanitize_sql, [ | ||
| 133 | + "UPDATE profiles SET data = ? WHERE id = ?", | ||
| 134 | + YAML.dump(data), | ||
| 135 | + profile['id'], | ||
| 136 | + ]) | ||
| 137 | + puts sql | ||
| 138 | + connection.execute(sql) | ||
| 139 | + end | ||
| 140 | + end | ||
| 141 | + end | ||
| 142 | +end |
plugins/environment_notification/controllers/public/environment_notification_plugin_public_controller.rb
| 1 | class EnvironmentNotificationPluginPublicController < PublicController | 1 | class EnvironmentNotificationPluginPublicController < PublicController |
| 2 | 2 | ||
| 3 | helper EnvironmentNotificationHelper | 3 | helper EnvironmentNotificationHelper |
| 4 | + include EnvironmentNotificationHelper | ||
| 4 | 5 | ||
| 5 | def notifications_with_popup | 6 | def notifications_with_popup |
| 6 | @hide_notifications = hide_notifications | 7 | @hide_notifications = hide_notifications |
plugins/lattes_curriculum/lib/html_parser.rb
plugins/ldap/Gemfile
plugins/ldap/dependencies.rb
plugins/ldap/lib/ldap_authentication.rb
| @@ -15,7 +15,6 @@ | @@ -15,7 +15,6 @@ | ||
| 15 | # along with this program; if not, write to the Free Software | 15 | # along with this program; if not, write to the Free Software |
| 16 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. | 16 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. |
| 17 | 17 | ||
| 18 | -require 'rubygems' | ||
| 19 | require 'iconv' | 18 | require 'iconv' |
| 20 | require 'net/ldap' | 19 | require 'net/ldap' |
| 21 | require 'net/ldap/dn' | 20 | require 'net/ldap/dn' |
plugins/newsletter/lib/newsletter_plugin/newsletter.rb
| @@ -111,15 +111,15 @@ class NewsletterPlugin::Newsletter < Noosfero::Plugin::ActiveRecord | @@ -111,15 +111,15 @@ class NewsletterPlugin::Newsletter < Noosfero::Plugin::ActiveRecord | ||
| 111 | include DatesHelper | 111 | include DatesHelper |
| 112 | 112 | ||
| 113 | def message_to_public_link | 113 | def message_to_public_link |
| 114 | - content_tag(:p, N_("If you can't view this email, %s.") % link_to(N_('click here'), '{mailing_url}'), :id => 'newsletter-public-link') | 114 | + content_tag(:p, _("If you can't view this email, %s.") % link_to(_('click here'), '{mailing_url}'), :id => 'newsletter-public-link') |
| 115 | end | 115 | end |
| 116 | 116 | ||
| 117 | def message_to_unsubscribe | 117 | def message_to_unsubscribe |
| 118 | - content_tag(:div, N_("This is an automatically generated email, please do not reply. If you do not wish to receive future newsletter emails, %s.") % link_to(N_("cancel your subscription here"), self.unsubscribe_url, :style => CSS['public-link']), :style => CSS['newsletter-unsubscribe'], :id => 'newsletter-unsubscribe') | 118 | + content_tag(:div, _("This is an automatically generated email, please do not reply. If you do not wish to receive future newsletter emails, %s.") % link_to(_("cancel your subscription here"), self.unsubscribe_url, :style => CSS['public-link']), :style => CSS['newsletter-unsubscribe'], :id => 'newsletter-unsubscribe') |
| 119 | end | 119 | end |
| 120 | 120 | ||
| 121 | def read_more(link_address) | 121 | def read_more(link_address) |
| 122 | - content_tag(:p, link_to(N_('Read more'), link_address, :style => CSS['read-more-link']), :style => CSS['read-more-line']) | 122 | + content_tag(:p, link_to(_('Read more'), link_address, :style => CSS['read-more-link']), :style => CSS['read-more-line']) |
| 123 | end | 123 | end |
| 124 | 124 | ||
| 125 | def post_with_image(post) | 125 | def post_with_image(post) |
| @@ -141,7 +141,7 @@ class NewsletterPlugin::Newsletter < Noosfero::Plugin::ActiveRecord | @@ -141,7 +141,7 @@ class NewsletterPlugin::Newsletter < Noosfero::Plugin::ActiveRecord | ||
| 141 | end | 141 | end |
| 142 | 142 | ||
| 143 | def default_subject | 143 | def default_subject |
| 144 | - N_('Breaking news') | 144 | + _('Breaking news') |
| 145 | end | 145 | end |
| 146 | 146 | ||
| 147 | def subject | 147 | def subject |
plugins/solr/dependencies.rb
| 1 | -require 'rubygems' | ||
| 2 | require 'active_record' | 1 | require 'active_record' |
| 3 | require "#{File.dirname(__FILE__)}/lib/acts_as_searchable" | 2 | require "#{File.dirname(__FILE__)}/lib/acts_as_searchable" |
| 4 | require "#{File.dirname(__FILE__)}/lib/acts_as_faceted" | 3 | require "#{File.dirname(__FILE__)}/lib/acts_as_faceted" |
plugins/solr/install.rb
| 1 | #raise "Not ready yet. Some tests are failing." | 1 | #raise "Not ready yet. Some tests are failing." |
| 2 | -require 'rubygems' | ||
| 3 | require 'rake' | 2 | require 'rake' |
| 4 | 3 | ||
| 5 | tasks_dir = File.join(File.dirname(__FILE__), 'vendor', 'plugins', 'acts_as_solr_reloaded', 'lib', 'tasks', '*.rake') | 4 | tasks_dir = File.join(File.dirname(__FILE__), 'vendor', 'plugins', 'acts_as_solr_reloaded', 'lib', 'tasks', '*.rake') |
plugins/solr/vendor/plugins/acts_as_solr_reloaded/Rakefile
plugins/solr/vendor/plugins/acts_as_solr_reloaded/lib/acts_as_solr/tasks.rb
plugins/solr/vendor/plugins/acts_as_solr_reloaded/lib/solr/xml.rb
| @@ -16,7 +16,6 @@ end | @@ -16,7 +16,6 @@ end | ||
| 16 | begin | 16 | begin |
| 17 | 17 | ||
| 18 | # If we can load rubygems and libxml-ruby... | 18 | # If we can load rubygems and libxml-ruby... |
| 19 | - require 'rubygems' | ||
| 20 | require 'xml/libxml' | 19 | require 'xml/libxml' |
| 21 | raise "acts_as_solr requires libxml-ruby 0.7 or greater" unless XML::Node.public_instance_methods.collect{|x| x.to_sym}.include?(:attributes) | 20 | raise "acts_as_solr requires libxml-ruby 0.7 or greater" unless XML::Node.public_instance_methods.collect{|x| x.to_sym}.include?(:attributes) |
| 22 | 21 |
plugins/solr/vendor/plugins/acts_as_solr_reloaded/solr_test_rakefile.rb
plugins/solr/vendor/plugins/acts_as_solr_reloaded/test/test_helper.rb
plugins/solr/vendor/plugins/acts_as_solr_reloaded/test/unit/test_helper.rb
| 1 | dir = File.dirname(__FILE__) | 1 | dir = File.dirname(__FILE__) |
| 2 | $:.unshift(File.join(File.expand_path(dir), "..", "..", "lib")) | 2 | $:.unshift(File.join(File.expand_path(dir), "..", "..", "lib")) |
| 3 | 3 | ||
| 4 | -require 'rubygems' | ||
| 5 | require 'test/unit' | 4 | require 'test/unit' |
| 6 | require 'acts_as_solr' | 5 | require 'acts_as_solr' |
| 7 | require 'mocha' | 6 | require 'mocha' |
plugins/spaminator/dependencies.rb
public/designs/themes/base/style.scss
| @@ -484,6 +484,7 @@ div#notice { | @@ -484,6 +484,7 @@ div#notice { | ||
| 484 | #content .profile-list-block ul, | 484 | #content .profile-list-block ul, |
| 485 | #content .enterprises-block ul, | 485 | #content .enterprises-block ul, |
| 486 | #content .communities-block ul, | 486 | #content .communities-block ul, |
| 487 | +#content .favorite-enterprises-block ul, | ||
| 487 | #content .fans-block ul { | 488 | #content .fans-block ul { |
| 488 | min-width: 196px; | 489 | min-width: 196px; |
| 489 | width: 192px; | 490 | width: 192px; |
| @@ -499,15 +500,14 @@ div#notice { | @@ -499,15 +500,14 @@ div#notice { | ||
| 499 | display: block; | 500 | display: block; |
| 500 | } | 501 | } |
| 501 | 502 | ||
| 503 | +.block-footer-content { | ||
| 504 | + text-align: center; | ||
| 505 | + padding-top: 3px; | ||
| 506 | +} | ||
| 507 | + | ||
| 502 | .block-footer-content a.view-all { | 508 | .block-footer-content a.view-all { |
| 503 | - position: absolute; | ||
| 504 | - top: 2px; | ||
| 505 | - right: 0px; | ||
| 506 | font-size: 11px; | 509 | font-size: 11px; |
| 507 | color: #000; | 510 | color: #000; |
| 508 | - text-decoration: none; | ||
| 509 | - padding-right: 15px; | ||
| 510 | - background: url(imgs/arrow-right-p.png) 100% 50% no-repeat; | ||
| 511 | } | 511 | } |
| 512 | 512 | ||
| 513 | #content .profile-list-block .block-title { | 513 | #content .profile-list-block .block-title { |
public/stylesheets/cms/media-panel.scss
| @@ -5,7 +5,7 @@ | @@ -5,7 +5,7 @@ | ||
| 5 | } | 5 | } |
| 6 | 6 | ||
| 7 | .controller-cms .show-media-panel .with_media_panel { | 7 | .controller-cms .show-media-panel .with_media_panel { |
| 8 | - width: 600px; | 8 | + width: 540px; |
| 9 | transition: 1s; | 9 | transition: 1s; |
| 10 | } | 10 | } |
| 11 | 11 | ||
| @@ -77,7 +77,7 @@ | @@ -77,7 +77,7 @@ | ||
| 77 | 77 | ||
| 78 | .text-editor-sidebar { | 78 | .text-editor-sidebar { |
| 79 | position: absolute; | 79 | position: absolute; |
| 80 | - width: 280px; | 80 | + width: 340px; |
| 81 | right: 20px; | 81 | right: 20px; |
| 82 | top: 70px; | 82 | top: 70px; |
| 83 | max-height: 45px; | 83 | max-height: 45px; |
| @@ -141,7 +141,7 @@ | @@ -141,7 +141,7 @@ | ||
| 141 | } | 141 | } |
| 142 | 142 | ||
| 143 | .text-editor-sidebar .image { | 143 | .text-editor-sidebar .image { |
| 144 | - width: 80px; | 144 | + width: 100px; |
| 145 | margin: 2px; | 145 | margin: 2px; |
| 146 | height: 80px; | 146 | height: 80px; |
| 147 | line-height: 80px; | 147 | line-height: 80px; |
script/move-translations-to-plugins.rb
| @@ -1,34 +0,0 @@ | @@ -1,34 +0,0 @@ | ||
| 1 | -languages = Dir.glob('po/*').reject { |f| f =~ /pot$/ }.map { |f| File.basename(f) } | ||
| 2 | - | ||
| 3 | -core_files = `grep '#:' po/noosfero.pot | cut -d ':' -f 2 | sed 's/^\s*//' | grep -v '^plugins' | sort -u`.split.map { |f| [ '-N', f] }.flatten | ||
| 4 | - | ||
| 5 | -languages.each do |lang| | ||
| 6 | - | ||
| 7 | - lang_plugins_po = "tmp/#{lang}_plugins.po" | ||
| 8 | - system('msggrep', '-v', *core_files, '--output-file', lang_plugins_po, "po/#{lang}/noosfero.po") | ||
| 9 | - | ||
| 10 | - Dir.glob('plugins/*').each do |plugindir| | ||
| 11 | - plugin = File.basename(plugindir) | ||
| 12 | - po = File.join(plugindir, 'po', lang, plugin + '.po') | ||
| 13 | - | ||
| 14 | - files = [] | ||
| 15 | - Dir.glob("#{plugindir}/**/*.{rb,html.erb}").each do |f| | ||
| 16 | - files << '-N' << f | ||
| 17 | - end | ||
| 18 | - | ||
| 19 | - system('mkdir', '-p', File.dirname(po)) | ||
| 20 | - system('msggrep', *files, '--output-file', po, lang_plugins_po) | ||
| 21 | - | ||
| 22 | - if system("msgfmt --statistics -o /dev/null #{po} 2>&1 | grep -q '^0 translated message'") | ||
| 23 | - # empty .po | ||
| 24 | - system('rm', '-f', po) | ||
| 25 | - puts "[#{lang}] #{plugin}: PO file empty, deleted" | ||
| 26 | - else | ||
| 27 | - puts "[#{lang}] #{plugin}" | ||
| 28 | - end | ||
| 29 | - | ||
| 30 | - end | ||
| 31 | - | ||
| 32 | - system('rm', '-f', lang_plugins_po) | ||
| 33 | - system('find plugins/*/po -type d -empty -delete') | ||
| 34 | -end |
script/vagrant
| @@ -12,5 +12,13 @@ for ip in 10.0.2.2 192.168.122.1; do | @@ -12,5 +12,13 @@ for ip in 10.0.2.2 192.168.122.1; do | ||
| 12 | fi | 12 | fi |
| 13 | done | 13 | done |
| 14 | 14 | ||
| 15 | +sudo apt-get install -qy postfix | ||
| 16 | +sudo postconf virtual_alias_maps=hash:/etc/postfix/virtual | ||
| 17 | +sudo tee /etc/postfix/virtual <<EOF | ||
| 18 | +@localhost.localdomain vagrant | ||
| 19 | +EOF | ||
| 20 | +sudo postmap /etc/postfix/virtual | ||
| 21 | +sudo service postfix reload | ||
| 22 | + | ||
| 15 | cd /vagrant | 23 | cd /vagrant |
| 16 | ./script/quick-start | 24 | ./script/quick-start |
test/functional/profile_editor_controller_test.rb
| @@ -1207,4 +1207,10 @@ class ProfileEditorControllerTest < ActionController::TestCase | @@ -1207,4 +1207,10 @@ class ProfileEditorControllerTest < ActionController::TestCase | ||
| 1207 | get :header_footer, :profile => user.identifier | 1207 | get :header_footer, :profile => user.identifier |
| 1208 | assert_response :success | 1208 | assert_response :success |
| 1209 | end | 1209 | end |
| 1210 | + | ||
| 1211 | + should 'not display button to manage roles on control panel of person' do | ||
| 1212 | + get :index, :profile => profile.identifier | ||
| 1213 | + assert_no_tag :tag => 'a', :attributes => { :href => "/myprofile/default_user/profile_roles" } | ||
| 1214 | + end | ||
| 1215 | + | ||
| 1210 | end | 1216 | end |
test/unit/article_test.rb
| @@ -931,14 +931,6 @@ class ArticleTest < ActiveSupport::TestCase | @@ -931,14 +931,6 @@ class ArticleTest < ActiveSupport::TestCase | ||
| 931 | assert_no_match(/<script>/, a.name) | 931 | assert_no_match(/<script>/, a.name) |
| 932 | end | 932 | end |
| 933 | 933 | ||
| 934 | - should 'escape malformed html tags' do | ||
| 935 | - article = Article.new | ||
| 936 | - article.name = "<h1 Malformed >> html >< tag" | ||
| 937 | - article.valid? | ||
| 938 | - | ||
| 939 | - assert_equal '<h1>> html ></h1>', article.name | ||
| 940 | - end | ||
| 941 | - | ||
| 942 | should 'return truncated title in short_title' do | 934 | should 'return truncated title in short_title' do |
| 943 | article = Article.new | 935 | article = Article.new |
| 944 | article.name = 'a123456789abcdefghij' | 936 | article.name = 'a123456789abcdefghij' |
test/unit/comment_test.rb
| @@ -202,17 +202,6 @@ class CommentTest < ActiveSupport::TestCase | @@ -202,17 +202,6 @@ class CommentTest < ActiveSupport::TestCase | ||
| 202 | assert comment.errors[:body.to_s].present? | 202 | assert comment.errors[:body.to_s].present? |
| 203 | end | 203 | end |
| 204 | 204 | ||
| 205 | - should 'escape malformed html tags' do | ||
| 206 | - owner = create_user('testuser').person | ||
| 207 | - article = owner.articles.create(:name => 'test', :body => '...') | ||
| 208 | - comment = build(Comment, :article => article, :title => '<h1 title </h1>>> sd f <<', :body => '<h1>> sdf><asd>< body </h1>', :name => '<h1 name </h1>>><<dfsf<sd', :email => 'cracker@test.org') | ||
| 209 | - comment.valid? | ||
| 210 | - | ||
| 211 | - assert_no_match /[<>]/, comment.title | ||
| 212 | - assert_no_match /[<>]/, comment.body | ||
| 213 | - assert_no_match /[<>]/, comment.name | ||
| 214 | - end | ||
| 215 | - | ||
| 216 | should 'use an existing image for deleted comments' do | 205 | should 'use an existing image for deleted comments' do |
| 217 | image = Comment.new.removed_user_image[1..-1] | 206 | image = Comment.new.removed_user_image[1..-1] |
| 218 | assert File.exists?(Rails.root.join('public', image)), "#{image} does not exist." | 207 | assert File.exists?(Rails.root.join('public', image)), "#{image} does not exist." |
| @@ -755,6 +744,18 @@ class CommentTest < ActiveSupport::TestCase | @@ -755,6 +744,18 @@ class CommentTest < ActiveSupport::TestCase | ||
| 755 | comment.destroy | 744 | comment.destroy |
| 756 | end | 745 | end |
| 757 | 746 | ||
| 747 | + should 'not double escape html content after validation' do | ||
| 748 | + comment = create_comment | ||
| 749 | + body = 'Comment with "quotes"' | ||
| 750 | + comment.body = body | ||
| 751 | + | ||
| 752 | + comment.valid? | ||
| 753 | + assert_equal body, comment.body | ||
| 754 | + | ||
| 755 | + comment.valid? | ||
| 756 | + assert_equal body, comment.body | ||
| 757 | + end | ||
| 758 | + | ||
| 758 | private | 759 | private |
| 759 | 760 | ||
| 760 | def create_comment(args = {}) | 761 | def create_comment(args = {}) |
test/unit/community_test.rb
| @@ -242,20 +242,6 @@ class CommunityTest < ActiveSupport::TestCase | @@ -242,20 +242,6 @@ class CommunityTest < ActiveSupport::TestCase | ||
| 242 | end | 242 | end |
| 243 | end | 243 | end |
| 244 | 244 | ||
| 245 | - should 'escape malformed html tags' do | ||
| 246 | - community = Community.new | ||
| 247 | - community.name = "<h1 Malformed >> html >< tag" | ||
| 248 | - community.address = "<h1 Malformed >,<<<asfdf> html >< tag" | ||
| 249 | - community.contact_phone = "<h1 Malformed<<> >> html >><>< tag" | ||
| 250 | - community.description = "<h1 Malformed /h1>>><<> html ><>h1< tag" | ||
| 251 | - community.valid? | ||
| 252 | - | ||
| 253 | - assert_no_match /[<>]/, community.name | ||
| 254 | - assert_no_match /[<>]/, community.address | ||
| 255 | - assert_no_match /[<>]/, community.contact_phone | ||
| 256 | - assert_no_match /[<>]/, community.description | ||
| 257 | - end | ||
| 258 | - | ||
| 259 | should "the followed_by method be protected and true to the community members by default" do | 245 | should "the followed_by method be protected and true to the community members by default" do |
| 260 | c = fast_create(Community) | 246 | c = fast_create(Community) |
| 261 | p1 = fast_create(Person) | 247 | p1 = fast_create(Person) |
test/unit/environment_test.rb
| @@ -1140,14 +1140,6 @@ class EnvironmentTest < ActiveSupport::TestCase | @@ -1140,14 +1140,6 @@ class EnvironmentTest < ActiveSupport::TestCase | ||
| 1140 | assert_equal "<h1> Disabled Enterprise </h1>", environment.message_for_disabled_enterprise | 1140 | assert_equal "<h1> Disabled Enterprise </h1>", environment.message_for_disabled_enterprise |
| 1141 | end | 1141 | end |
| 1142 | 1142 | ||
| 1143 | - should 'escape malformed html tags' do | ||
| 1144 | - environment = Environment.new | ||
| 1145 | - environment.message_for_disabled_enterprise = "<h1> Disabled Enterprise /h1>" | ||
| 1146 | - environment.valid? | ||
| 1147 | - | ||
| 1148 | - assert_match /<h1> Disabled Enterprise \/h1><\/h1>/, environment.message_for_disabled_enterprise | ||
| 1149 | - end | ||
| 1150 | - | ||
| 1151 | should 'not sanitize html comments' do | 1143 | should 'not sanitize html comments' do |
| 1152 | environment = Environment.new | 1144 | environment = Environment.new |
| 1153 | environment.message_for_disabled_enterprise = '<p><!-- <asdf> << aasdfa >>> --> <h1> Wellformed html code </h1>' | 1145 | environment.message_for_disabled_enterprise = '<p><!-- <asdf> << aasdfa >>> --> <h1> Wellformed html code </h1>' |
test/unit/event_test.rb
| @@ -263,24 +263,6 @@ class EventTest < ActiveSupport::TestCase | @@ -263,24 +263,6 @@ class EventTest < ActiveSupport::TestCase | ||
| 263 | assert_not_includes profile.events.by_day(today), event_out_of_range | 263 | assert_not_includes profile.events.by_day(today), event_out_of_range |
| 264 | end | 264 | end |
| 265 | 265 | ||
| 266 | - should 'filter fields with full filter' do | ||
| 267 | - event = Event.new | ||
| 268 | - event.link = "<h1 Malformed >> html >< tag" | ||
| 269 | - event.valid? | ||
| 270 | - | ||
| 271 | - assert_no_match /[<>]/, event.link | ||
| 272 | - end | ||
| 273 | - | ||
| 274 | - should 'filter fields with white_list filter' do | ||
| 275 | - event = Event.new | ||
| 276 | - event.body = "<h1> Description </h1>" | ||
| 277 | - event.address = "<strong> Address </strong>" | ||
| 278 | - event.valid? | ||
| 279 | - | ||
| 280 | - assert_equal "<h1> Description </h1>", event.body | ||
| 281 | - assert_equal "<strong> Address </strong>", event.address | ||
| 282 | - end | ||
| 283 | - | ||
| 284 | should 'not filter & on link field' do | 266 | should 'not filter & on link field' do |
| 285 | event = Event.new | 267 | event = Event.new |
| 286 | event.link = 'myevent.com/?param1=value¶m2=value2' | 268 | event.link = 'myevent.com/?param1=value¶m2=value2' |
| @@ -289,16 +271,6 @@ class EventTest < ActiveSupport::TestCase | @@ -289,16 +271,6 @@ class EventTest < ActiveSupport::TestCase | ||
| 289 | assert_equal "http://myevent.com/?param1=value¶m2=value2", event.link | 271 | assert_equal "http://myevent.com/?param1=value¶m2=value2", event.link |
| 290 | end | 272 | end |
| 291 | 273 | ||
| 292 | - should 'escape malformed html tags' do | ||
| 293 | - event = Event.new | ||
| 294 | - event.body = "<h1<< Description >>/h1>" | ||
| 295 | - event.address = "<strong>><< Address <strong>" | ||
| 296 | - event.valid? | ||
| 297 | - | ||
| 298 | - assert_match /<h1>>\/h1><\/h1>/, event.body | ||
| 299 | - assert_match /<strong>><\/strong>/, event.address | ||
| 300 | - end | ||
| 301 | - | ||
| 302 | should 'not sanitize html comments' do | 274 | should 'not sanitize html comments' do |
| 303 | event = Event.new | 275 | event = Event.new |
| 304 | event.body = '<p><!-- <asdf> << aasdfa >>> --> <h1> Wellformed html code </h1>' | 276 | event.body = '<p><!-- <asdf> << aasdfa >>> --> <h1> Wellformed html code </h1>' |
test/unit/folder_test.rb
| @@ -133,14 +133,6 @@ class FolderTest < ActiveSupport::TestCase | @@ -133,14 +133,6 @@ class FolderTest < ActiveSupport::TestCase | ||
| 133 | assert_match /<p><!-- .* --> <\/p><h1> Wellformed html code <\/h1>/, folder.body | 133 | assert_match /<p><!-- .* --> <\/p><h1> Wellformed html code <\/h1>/, folder.body |
| 134 | end | 134 | end |
| 135 | 135 | ||
| 136 | - should 'escape malformed html tags' do | ||
| 137 | - folder = Folder.new | ||
| 138 | - folder.body = "<h1<< Description >>/h1>" | ||
| 139 | - folder.valid? | ||
| 140 | - | ||
| 141 | - assert_match /<h1>>\/h1><\/h1>/, folder.body | ||
| 142 | - end | ||
| 143 | - | ||
| 144 | should 'not have a blog as parent' do | 136 | should 'not have a blog as parent' do |
| 145 | folder = Folder.new | 137 | folder = Folder.new |
| 146 | folder.parent = Blog.new | 138 | folder.parent = Blog.new |
test/unit/gallery_test.rb
| @@ -134,14 +134,6 @@ class GalleryTest < ActiveSupport::TestCase | @@ -134,14 +134,6 @@ class GalleryTest < ActiveSupport::TestCase | ||
| 134 | assert_match /<p><!-- .* --> <\/p><h1> Wellformed html code <\/h1>/, gallery.body | 134 | assert_match /<p><!-- .* --> <\/p><h1> Wellformed html code <\/h1>/, gallery.body |
| 135 | end | 135 | end |
| 136 | 136 | ||
| 137 | - should 'escape malformed html tags' do | ||
| 138 | - gallery = Gallery.new | ||
| 139 | - gallery.body = "<h1<< Description >>/h1>" | ||
| 140 | - gallery.valid? | ||
| 141 | - | ||
| 142 | - assert_match /<h1>>\/h1><\/h1>/, gallery.body | ||
| 143 | - end | ||
| 144 | - | ||
| 145 | should 'accept uploads' do | 137 | should 'accept uploads' do |
| 146 | folder = fast_create(Gallery) | 138 | folder = fast_create(Gallery) |
| 147 | assert folder.accept_uploads? | 139 | assert folder.accept_uploads? |
test/unit/highlights_block_test.rb
| @@ -132,6 +132,19 @@ class HighlightsBlockTest < ActiveSupport::TestCase | @@ -132,6 +132,19 @@ class HighlightsBlockTest < ActiveSupport::TestCase | ||
| 132 | assert_equal block.images.first[:address], "/social/address" | 132 | assert_equal block.images.first[:address], "/social/address" |
| 133 | end | 133 | end |
| 134 | 134 | ||
| 135 | + should 'display images with subdir src' do | ||
| 136 | + Noosfero.stubs(:root).returns("/social") | ||
| 137 | + f1 = mock() | ||
| 138 | + f1.expects(:public_filename).returns('/img_address') | ||
| 139 | + UploadedFile.expects(:find).with(1).returns(f1) | ||
| 140 | + block = HighlightsBlock.new | ||
| 141 | + i1 = {:image_id => 1, :address => '/address'} | ||
| 142 | + block.images = [i1] | ||
| 143 | + block.save! | ||
| 144 | + | ||
| 145 | + assert_tag_in_string instance_eval(& block.content), :tag => 'img', :attributes => { :src => "/social/img_address" } | ||
| 146 | + end | ||
| 147 | + | ||
| 135 | [Environment, Profile].each do |klass| | 148 | [Environment, Profile].each do |klass| |
| 136 | should "choose between owner galleries when owner is #{klass.name}" do | 149 | should "choose between owner galleries when owner is #{klass.name}" do |
| 137 | owner = fast_create(klass) | 150 | owner = fast_create(klass) |
test/unit/organization_test.rb
| @@ -253,25 +253,6 @@ class OrganizationTest < ActiveSupport::TestCase | @@ -253,25 +253,6 @@ class OrganizationTest < ActiveSupport::TestCase | ||
| 253 | assert organization.closed | 253 | assert organization.closed |
| 254 | end | 254 | end |
| 255 | 255 | ||
| 256 | - should 'escape malformed html tags' do | ||
| 257 | - organization = Organization.new | ||
| 258 | - organization.acronym = "<h1 Malformed >> html >< tag" | ||
| 259 | - organization.contact_person = "<h1 Malformed >,<<<asfdf> html >< tag" | ||
| 260 | - organization.contact_email = "<h1<malformed@html.com>>" | ||
| 261 | - organization.description = "<h1 Malformed /h1>>><<> html ><>h1< tag" | ||
| 262 | - organization.legal_form = "<h1 Malformed /h1>>><<> html ><>h1< tag" | ||
| 263 | - organization.economic_activity = "<h1 Malformed /h1>>><<> html ><>h1< tag" | ||
| 264 | - organization.management_information = "<h1 Malformed /h1>>><<> html ><>h1< tag" | ||
| 265 | - organization.valid? | ||
| 266 | - | ||
| 267 | - assert_no_match /[<>]/, organization.acronym | ||
| 268 | - assert_no_match /[<>]/, organization.contact_person | ||
| 269 | - assert_no_match /[<>]/, organization.contact_email | ||
| 270 | - assert_no_match /[<>]/, organization.legal_form | ||
| 271 | - assert_no_match /[<>]/, organization.economic_activity | ||
| 272 | - assert_no_match /[<>]/, organization.management_information | ||
| 273 | - end | ||
| 274 | - | ||
| 275 | should "the followed_by? be true only to members" do | 256 | should "the followed_by? be true only to members" do |
| 276 | o = fast_create(Organization) | 257 | o = fast_create(Organization) |
| 277 | p1 = fast_create(Person) | 258 | p1 = fast_create(Person) |
test/unit/product_test.rb
| @@ -171,16 +171,6 @@ class ProductTest < ActiveSupport::TestCase | @@ -171,16 +171,6 @@ class ProductTest < ActiveSupport::TestCase | ||
| 171 | assert_equal @product_category.name, product.name | 171 | assert_equal @product_category.name, product.name |
| 172 | end | 172 | end |
| 173 | 173 | ||
| 174 | - should 'escape malformed html tags' do | ||
| 175 | - product = build(Product, :product_category => @product_category) | ||
| 176 | - product.name = "<h1 Malformed >> html >< tag" | ||
| 177 | - product.description = "<h1 Malformed</h1>><<<a>> >> html >< tag" | ||
| 178 | - product.valid? | ||
| 179 | - | ||
| 180 | - assert_no_match /[<>]/, product.name | ||
| 181 | - assert_match /<h1>>> >> html ><\/h1>/, product.description | ||
| 182 | - end | ||
| 183 | - | ||
| 184 | should 'use name of category when has no name yet' do | 174 | should 'use name of category when has no name yet' do |
| 185 | product = Product.new | 175 | product = Product.new |
| 186 | product.product_category = @product_category | 176 | product.product_category = @product_category |
test/unit/profile_test.rb
| @@ -1699,34 +1699,6 @@ class ProfileTest < ActiveSupport::TestCase | @@ -1699,34 +1699,6 @@ class ProfileTest < ActiveSupport::TestCase | ||
| 1699 | assert_equal "<strong> Custom Footer <strong>", profile.custom_footer | 1699 | assert_equal "<strong> Custom Footer <strong>", profile.custom_footer |
| 1700 | end | 1700 | end |
| 1701 | 1701 | ||
| 1702 | - should 'escape malformed html tags' do | ||
| 1703 | - profile = Profile.new | ||
| 1704 | - profile.name = "<h1 Malformed >> html >>></a>< tag" | ||
| 1705 | - profile.nickname = "<h1 Malformed <<h1>>< html >< tag" | ||
| 1706 | - profile.address = "<h1><</h2< Malformed >> html >< tag" | ||
| 1707 | - profile.contact_phone = "<h1<< Malformed ><>>> html >< tag" | ||
| 1708 | - profile.description = "<h1<a> Malformed >> html ></a>< tag" | ||
| 1709 | - profile.valid? | ||
| 1710 | - | ||
| 1711 | - assert_no_match /[<>]/, profile.name | ||
| 1712 | - assert_no_match /[<>]/, profile.nickname | ||
| 1713 | - assert_no_match /[<>]/, profile.address | ||
| 1714 | - assert_no_match /[<>]/, profile.contact_phone | ||
| 1715 | - assert_no_match /[<>]/, profile.description | ||
| 1716 | - assert_no_match /[<>]/, profile.custom_header | ||
| 1717 | - assert_no_match /[<>]/, profile.custom_footer | ||
| 1718 | - end | ||
| 1719 | - | ||
| 1720 | - should 'escape malformed html tags in header and footer' do | ||
| 1721 | - profile = fast_create(Profile) | ||
| 1722 | - profile.custom_header = "<h1<a>><<> Malformed >> html ></a>< tag" | ||
| 1723 | - profile.custom_footer = "<h1> Malformed <><< html ></a>< tag" | ||
| 1724 | - profile.save | ||
| 1725 | - | ||
| 1726 | - assert_match /<h1>> Malformed >> html ><\/h1>/, profile.custom_header | ||
| 1727 | - assert_match /<h1> Malformed <\/h1>/, profile.custom_footer | ||
| 1728 | - end | ||
| 1729 | - | ||
| 1730 | should 'not sanitize html comments' do | 1702 | should 'not sanitize html comments' do |
| 1731 | profile = Profile.new | 1703 | profile = Profile.new |
| 1732 | profile.custom_header = '<p><!-- <asdf> << aasdfa >>> --> <h1> Wellformed html code </h1>' | 1704 | profile.custom_header = '<p><!-- <asdf> << aasdfa >>> --> <h1> Wellformed html code </h1>' |
test/unit/text_article_test.rb
| @@ -14,15 +14,6 @@ class TextArticleTest < ActiveSupport::TestCase | @@ -14,15 +14,6 @@ class TextArticleTest < ActiveSupport::TestCase | ||
| 14 | assert_includes TextArticle.find(:all), article | 14 | assert_includes TextArticle.find(:all), article |
| 15 | end | 15 | end |
| 16 | 16 | ||
| 17 | - should 'remove HTML from name' do | ||
| 18 | - person = create_user('testuser').person | ||
| 19 | - article = TextArticle.new(:profile => person) | ||
| 20 | - article.name = "<h1 Malformed >> html >>></a>< tag" | ||
| 21 | - article.valid? | ||
| 22 | - | ||
| 23 | - assert_no_match /[<>]/, article.name | ||
| 24 | - end | ||
| 25 | - | ||
| 26 | should 'be translatable' do | 17 | should 'be translatable' do |
| 27 | assert_kind_of Noosfero::TranslatableContent, TextArticle.new | 18 | assert_kind_of Noosfero::TranslatableContent, TextArticle.new |
| 28 | end | 19 | end |
test/unit/validation_info_test.rb
| @@ -21,14 +21,4 @@ class ValidationInfoTest < ActiveSupport::TestCase | @@ -21,14 +21,4 @@ class ValidationInfoTest < ActiveSupport::TestCase | ||
| 21 | end | 21 | end |
| 22 | end | 22 | end |
| 23 | 23 | ||
| 24 | - should 'escape malformed html tags' do | ||
| 25 | - info = ValidationInfo.new | ||
| 26 | - info.validation_methodology = "<h1 Malformed >> html >< tag" | ||
| 27 | - info.restrictions = "<h1 Malformed >> html >< tag" | ||
| 28 | - info.valid? | ||
| 29 | - | ||
| 30 | - assert_no_match /[<>]/, info.validation_methodology | ||
| 31 | - assert_no_match /[<>]/, info.restrictions | ||
| 32 | - end | ||
| 33 | - | ||
| 34 | end | 24 | end |
vendor/plugins/xss_terminate/lib/xss_terminate.rb
| @@ -38,7 +38,7 @@ module XssTerminate | @@ -38,7 +38,7 @@ module XssTerminate | ||
| 38 | 38 | ||
| 39 | module InstanceMethods | 39 | module InstanceMethods |
| 40 | 40 | ||
| 41 | - def sanitize_field(sanitizer, field, serialized = false, with= :full) | 41 | + def sanitize_field(sanitizer, field, serialized = false) |
| 42 | field = field.to_sym | 42 | field = field.to_sym |
| 43 | if serialized | 43 | if serialized |
| 44 | puts field | 44 | puts field |
| @@ -49,25 +49,11 @@ module XssTerminate | @@ -49,25 +49,11 @@ module XssTerminate | ||
| 49 | else | 49 | else |
| 50 | if self[field] | 50 | if self[field] |
| 51 | self[field] = sanitizer.sanitize(self[field]) | 51 | self[field] = sanitizer.sanitize(self[field]) |
| 52 | - | ||
| 53 | - if with == :full | ||
| 54 | - self[field] = CGI.escapeHTML(self[field]) | ||
| 55 | - elsif with == :white_list | ||
| 56 | - self[field] = CGI.escapeHTML(self[field]) if !wellformed_html_code?(self[field]) | ||
| 57 | - end | ||
| 58 | - | ||
| 59 | else | 52 | else |
| 60 | value = self.send("#{field}") | 53 | value = self.send("#{field}") |
| 61 | return unless value | 54 | return unless value |
| 62 | value = sanitizer.sanitize(value) | 55 | value = sanitizer.sanitize(value) |
| 63 | self.send("#{field}=", value) | 56 | self.send("#{field}=", value) |
| 64 | - | ||
| 65 | - if with == :full | ||
| 66 | - self.send("#{field}=", CGI.escapeHTML(value)) | ||
| 67 | - elsif with == :white_list | ||
| 68 | - self.send("#{field}=", CGI.escapeHTML(value)) if !wellformed_html_code?(value) | ||
| 69 | - end | ||
| 70 | - | ||
| 71 | end | 57 | end |
| 72 | end | 58 | end |
| 73 | end | 59 | end |
| @@ -86,7 +72,7 @@ module XssTerminate | @@ -86,7 +72,7 @@ module XssTerminate | ||
| 86 | sanitizer = ActionView::Base.full_sanitizer | 72 | sanitizer = ActionView::Base.full_sanitizer |
| 87 | columns, columns_serialized = sanitize_columns(:full) | 73 | columns, columns_serialized = sanitize_columns(:full) |
| 88 | columns.each do |column| | 74 | columns.each do |column| |
| 89 | - sanitize_field(sanitizer, column.to_sym, columns_serialized.include?(column), :full) | 75 | + sanitize_field(sanitizer, column.to_sym, columns_serialized.include?(column)) |
| 90 | end | 76 | end |
| 91 | end | 77 | end |
| 92 | 78 | ||
| @@ -94,7 +80,7 @@ module XssTerminate | @@ -94,7 +80,7 @@ module XssTerminate | ||
| 94 | sanitizer = ActionView::Base.white_list_sanitizer | 80 | sanitizer = ActionView::Base.white_list_sanitizer |
| 95 | columns, columns_serialized = sanitize_columns(:white_list) | 81 | columns, columns_serialized = sanitize_columns(:white_list) |
| 96 | columns.each do |column| | 82 | columns.each do |column| |
| 97 | - sanitize_field(sanitizer, column.to_sym, columns_serialized.include?(column), :white_list) | 83 | + sanitize_field(sanitizer, column.to_sym, columns_serialized.include?(column)) |
| 98 | end | 84 | end |
| 99 | end | 85 | end |
| 100 | 86 | ||
| @@ -102,38 +88,8 @@ module XssTerminate | @@ -102,38 +88,8 @@ module XssTerminate | ||
| 102 | sanitizer = HTML5libSanitize.new | 88 | sanitizer = HTML5libSanitize.new |
| 103 | columns = sanitize_columns(:html5lib) | 89 | columns = sanitize_columns(:html5lib) |
| 104 | columns.each do |column| | 90 | columns.each do |column| |
| 105 | - sanitize_field(sanitizer, column.to_sym, columns_serialized.include?(column), :html5lib) | ||
| 106 | - end | ||
| 107 | - end | ||
| 108 | - | ||
| 109 | - def wellformed_html_code?(field) | ||
| 110 | - return true if !field | ||
| 111 | - counter = 0 | ||
| 112 | - in_comment = false | ||
| 113 | - field=field.split(//) | ||
| 114 | - for i in 0..field.length-1 | ||
| 115 | - if !in_comment | ||
| 116 | - if field[i] == '<' | ||
| 117 | - if field[i+1..i+3] == ["!","-","-"] | ||
| 118 | - in_comment = true | ||
| 119 | - else | ||
| 120 | - counter += 1 | ||
| 121 | - end | ||
| 122 | - elsif field[i] == '>' | ||
| 123 | - counter -= 1 | ||
| 124 | - end | ||
| 125 | - else | ||
| 126 | - if field[i-2..i] == ["-","-",">"] | ||
| 127 | - in_comment = false | ||
| 128 | - end | ||
| 129 | - end | ||
| 130 | - | ||
| 131 | - if counter < 0 || 1 < counter | ||
| 132 | - return false | ||
| 133 | - end | 91 | + sanitize_field(sanitizer, column.to_sym, columns_serialized.include?(column)) |
| 134 | end | 92 | end |
| 135 | - | ||
| 136 | - return counter == 0 | ||
| 137 | end | 93 | end |
| 138 | 94 | ||
| 139 | end | 95 | end |