Merge branch 'stable'

Conflicts: test/unit/comment_test.rb

Merge branch 'stable'
Conflicts: test/unit/comment_test.rb
Rodrigo Souto
2 parents 6f8f36f0 2d698f0b
Showing 6 changed files with 46 additions and 4 deletions Show diff stats
app/views/layouts/application-ng.rhtml
debian/changelog
lib/noosfero.rb
public/javascripts/jquery-latest.js
test/unit/comment_test.rb
vendor/plugins/action_tracker_has_comments/init.rb
@@ -22,7 +22,7 @@
       DEFAULT_LOADING_MESSAGE = <%="'#{ _('loading...') }'" %>;
     </script>
   </head>
-  <body class="<%= body_classes %>">
+  <body class="<%= h body_classes %>">
     <a href="#content" id="link-go-content"><span><%= _("Go to the content") %></span></a>
  
     <%=
+noosfero (0.45.2) unstable; urgency=low
+
+  * Small release with a critical bugfix
+
+ -- Rodrigo Souto <rodrigo@colivre.coop.br>  Tue, 14 Jan 2014 13:25:18 +0000
+
 noosfero (0.45.1) unstable; urgency=low
  
   * Bugfix release
@@ -3,7 +3,7 @@ require &#39;fast_gettext&#39;
  
 module Noosfero
   PROJECT = 'noosfero'
-  VERSION = '0.45.1'
+  VERSION = '0.45.2'
  
   def self.pattern_for_controllers_in_directory(dir)
     disjunction = controllers_in_directory(dir).join('|')
@@ -36,7 +36,8 @@ var jQuery = function( selector, context ) {
  
 	// A simple way to check for HTML strings or ID strings
 	// (both of which we optimize for)
-	quickExpr = /^(?:[^<]*(<[\w\W]+>)[^>]*$|#([\w\-]+)$)/,
+	//fix xss: http://ma.la/jquery_xss/ http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/
+	quickExpr = /^(?:[^#<]*(<[\w\W]+>)[^>]*$|#([\w\-]*)$)/,
  
 	// Check if a string has a non-whitespace character in it
 	rnotwhite = /\S/,
@@ -285,6 +285,35 @@ class CommentTest &lt; ActiveSupport::TestCase
     assert_equal [c1,c3], c.reload.children
   end
  
+  should "return activities comments as a thread" do
+    person = fast_create(Person)
+    a = TextileArticle.create!(:profile => person, :name => 'My article', :body => 'Article body')
+    c0 = Comment.create!(:source => a, :body => 'My comment', :author => person)
+    c1 = Comment.create!(:reply_of_id => c0.id, :source => a, :body => 'bla', :author => person)
+    c2 = Comment.create!(:reply_of_id => c1.id, :source => a, :body => 'bla', :author => person)
+    c3 = Comment.create!(:reply_of_id => c0.id, :source => a, :body => 'bla', :author => person)
+    c4 = Comment.create!(:source => a, :body => 'My comment', :author => person)
+    result = a.activity.comments_as_thread
+    assert_equal c0, result[0]
+    assert_equal [c1, c3], result[0].replies
+    assert_equal [c2], result[0].replies[0].replies
+    assert_equal c4, result[1]
+    assert result[1].replies.empty?
+  end
+
+  should "return activities comments when some comment on thread is spam" do
+    person = fast_create(Person)
+    a = TextileArticle.create!(:profile => person, :name => 'My article', :body => 'Article body')
+    c0 = Comment.create(:source => a, :body => 'Root comment', :author => person)
+    c1 = Comment.create(:reply_of_id => c0.id, :source => a, :body => 'c1', :author => person)
+    spam = Comment.create(:spam => true, :reply_of_id => c0.id, :source => a, :body => 'spam', :author => person)
+    c2 = Comment.create(:reply_of_id => spam.id, :source => a, :body => 'c2', :author => person)
+    result = a.activity.comments_as_thread
+    assert_equal c0, result[0]
+    assert_equal [c1], result[0].replies
+    assert_equal c2, result[1]
+  end
+
   should 'provide author url for authenticated user' do
     author = Person.new
     author.expects(:url).returns('http://blabla.net/author')
@@ -18,7 +18,13 @@ Rails.configuration.to_prepare do
       self.comments.each do |c|
         c.replies = []
         result[c.id] ||= c
-        c.reply_of_id.nil? ? root << c : result[c.reply_of_id].replies << c
+        if c.reply_of_id.nil?
+          root << c
+        elsif result[c.reply_of_id]
+          result[c.reply_of_id].replies << c
+        else # Comment is a reply but the reply is not being displayed - is spam, for example
+          root << c
+        end
       end
       root
     end
...	...	@@ -22,7 +22,7 @@
22	22	DEFAULT_LOADING_MESSAGE = <%="'#{ _('loading...') }'" %>;
23	23	</script>
24	24	</head>
25		- <body class="<%= body_classes %>">
	25	+ <body class="<%= h body_classes %>">
26	26	<a href="#content" id="link-go-content"><span><%= _("Go to the content") %></span></a>
27	27
28	28	<%=
...	...
	1	+noosfero (0.45.2) unstable; urgency=low
	2	+
	3	+ * Small release with a critical bugfix
	4	+
	5	+ -- Rodrigo Souto <rodrigo@colivre.coop.br> Tue, 14 Jan 2014 13:25:18 +0000
	6	+
1	7	noosfero (0.45.1) unstable; urgency=low
2	8
3	9	* Bugfix release
...	...
...	...	@@ -3,7 +3,7 @@ require 'fast_gettext'
3	3
4	4	module Noosfero
5	5	PROJECT = 'noosfero'
6		- VERSION = '0.45.1'
	6	+ VERSION = '0.45.2'
7	7
8	8	def self.pattern_for_controllers_in_directory(dir)
9	9	disjunction = controllers_in_directory(dir).join('\|')
...	...
...	...	@@ -36,7 +36,8 @@ var jQuery = function( selector, context ) {
36	36
37	37	// A simple way to check for HTML strings or ID strings
38	38	// (both of which we optimize for)
39		- quickExpr = /^(?:[^<](<[\w\W]+>)[^>]$\|#([\w\-]+)$)/,
	39	+ //fix xss: http://ma.la/jquery_xss/ http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/
	40	+ quickExpr = /^(?:[^#<](<[\w\W]+>)[^>]$\|#([\w\-]*)$)/,
40	41
41	42	// Check if a string has a non-whitespace character in it
42	43	rnotwhite = /\S/,
...	...
...	...	@@ -285,6 +285,35 @@ class CommentTest < ActiveSupport::TestCase
285	285	assert_equal [c1,c3], c.reload.children
286	286	end
287	287
	288	+ should "return activities comments as a thread" do
	289	+ person = fast_create(Person)
	290	+ a = TextileArticle.create!(:profile => person, :name => 'My article', :body => 'Article body')
	291	+ c0 = Comment.create!(:source => a, :body => 'My comment', :author => person)
	292	+ c1 = Comment.create!(:reply_of_id => c0.id, :source => a, :body => 'bla', :author => person)
	293	+ c2 = Comment.create!(:reply_of_id => c1.id, :source => a, :body => 'bla', :author => person)
	294	+ c3 = Comment.create!(:reply_of_id => c0.id, :source => a, :body => 'bla', :author => person)
	295	+ c4 = Comment.create!(:source => a, :body => 'My comment', :author => person)
	296	+ result = a.activity.comments_as_thread
	297	+ assert_equal c0, result[0]
	298	+ assert_equal [c1, c3], result[0].replies
	299	+ assert_equal [c2], result[0].replies[0].replies
	300	+ assert_equal c4, result[1]
	301	+ assert result[1].replies.empty?
	302	+ end
	303	+
	304	+ should "return activities comments when some comment on thread is spam" do
	305	+ person = fast_create(Person)
	306	+ a = TextileArticle.create!(:profile => person, :name => 'My article', :body => 'Article body')
	307	+ c0 = Comment.create(:source => a, :body => 'Root comment', :author => person)
	308	+ c1 = Comment.create(:reply_of_id => c0.id, :source => a, :body => 'c1', :author => person)
	309	+ spam = Comment.create(:spam => true, :reply_of_id => c0.id, :source => a, :body => 'spam', :author => person)
	310	+ c2 = Comment.create(:reply_of_id => spam.id, :source => a, :body => 'c2', :author => person)
	311	+ result = a.activity.comments_as_thread
	312	+ assert_equal c0, result[0]
	313	+ assert_equal [c1], result[0].replies
	314	+ assert_equal c2, result[1]
	315	+ end
	316	+
288	317	should 'provide author url for authenticated user' do
289	318	author = Person.new
290	319	author.expects(:url).returns('http://blabla.net/author')
...	...
...	...	@@ -18,7 +18,13 @@ Rails.configuration.to_prepare do
18	18	self.comments.each do \|c\|
19	19	c.replies = []
20	20	result[c.id] \|\|= c
21		- c.reply_of_id.nil? ? root << c : result[c.reply_of_id].replies << c
	21	+ if c.reply_of_id.nil?
	22	+ root << c
	23	+ elsif result[c.reply_of_id]
	24	+ result[c.reply_of_id].replies << c
	25	+ else # Comment is a reply but the reply is not being displayed - is spam, for example
	26	+ root << c
	27	+ end
22	28	end
23	29	root
24	30	end
...	...