tagged version 0.8.6

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/tags/0.8.6@3002 e93f8b46-1217-0410-a6f0-8f06a7374b81

app/controllers/account_controller.rb

@@ -188,12 +188,12 @@ class AccountController < ApplicationController
   
 private
   def logged_user=(user)
-    reset_session
     if user && user.is_a?(User)
       User.current = user
       session[:user_id] = user.id
     else
       User.current = User.anonymous
+      session[:user_id] = nil
     end
   end
 end

app/controllers/application.rb

@@ -19,17 +19,10 @@ require 'uri'
 require 'cgi'
 
 class ApplicationController < ActionController::Base
-  class MissingSessionSecret < Exception ; end
   layout 'base'
   
   before_filter :user_setup, :check_if_login_required, :set_localization
   filter_parameter_logging :password
-
-  if session.first[:secret].blank?
-    raise MissingSessionSecret, "Missing session secret. Please run 'rake config/initializers/session_store.rb' to generate one"
-  else
-    protect_from_forgery :secret => session.first[:secret]
-  end
   
   include Redmine::MenuManager::MenuController
   helper Redmine::MenuManager::MenuHelper
@@ -89,13 +82,7 @@ class ApplicationController < ActionController::Base
   
   def require_login
     if !User.current.logged?
-      # Extract only the basic url parameters on non-GET requests
-      if request.get?
-        url = url_for(params)
-      else
-        url = url_for(:controller => params[:controller], :action => params[:action], :id => params[:id], :project_id => params[:project_id])
-      end
-      redirect_to :controller => "account", :action => "login", :back_url => url
+      redirect_to :controller => "account", :action => "login", :back_url => url_for(params)
       return false
     end
     true

app/controllers/timelog_controller.rb

@@ -88,7 +88,7 @@ class TimelogController < ApplicationController
       sql << " WHERE"
       sql << " (%s) AND" % @project.project_condition(Setting.display_subprojects_issues?) if @project
       sql << " (%s) AND" % Project.allowed_to_condition(User.current, :view_time_entries)
-      sql << " (spent_on BETWEEN '%s' AND '%s')" % [ActiveRecord::Base.connection.quoted_date(@from), ActiveRecord::Base.connection.quoted_date(@to)]
+      sql << " (spent_on BETWEEN '%s' AND '%s')" % [ActiveRecord::Base.connection.quoted_date(@from.to_time), ActiveRecord::Base.connection.quoted_date(@to.to_time)]
       sql << " GROUP BY #{sql_group_by}, tyear, tmonth, tweek, spent_on"
       
       @hours = ActiveRecord::Base.connection.select_all(sql)

app/views/issues/_form.rhtml

@@ -28,7 +28,7 @@
 <p><%= f.select :category_id, (@project.issue_categories.collect {|c| [c.name, c.id]}), :include_blank => true %>
 <%= prompt_to_remote(l(:label_issue_category_new),
                      l(:label_issue_category_new), 'category[name]', 
-                     {:controller => 'projects', :action => 'add_issue_category', :id => @project, :authenticity_token => form_authenticity_token},
+                     {:controller => 'projects', :action => 'add_issue_category', :id => @project},
                      :class => 'small', :tabindex => 199) if authorize_for('projects', 'add_issue_category') %></p>
 <% end %>
 <%= content_tag('p', f.select(:fixed_version_id, 

app/views/repositories/_dir_list_content.rhtml

@@ -1,7 +1,7 @@
 <% @entries.each do |entry| %>
 <% tr_id = Digest::MD5.hexdigest(entry.path)
    depth = params[:depth].to_i %>
-<tr id="<%= tr_id %>" class="<%= h params[:parent_id] %> entry <%= entry.kind %>">
+<tr id="<%= tr_id %>" class="<%= params[:parent_id] %> entry <%= entry.kind %>">
 <td style="padding-left: <%=18 * depth%>px;" class="filename">
 <% if entry.is_dir? %>
 <span class="expander" onclick="<%=  remote_function :url => {:action => 'browse', :id => @project, :path => to_path_param(entry.path), :rev => @rev, :depth => (depth + 1), :parent_id => tr_id},

app/views/wiki/export.rhtml

@@ -10,9 +10,6 @@ ul.toc { padding: 4px; margin-left: 0; }
 ul.toc li { list-style-type:none; }
 ul.toc li.heading2 { margin-left: 1em; }
 ul.toc li.heading3 { margin-left: 2em; }
-a.wiki-anchor { display: none; margin-left: 6px; text-decoration: none; }
-a.wiki-anchor:hover { color: #aaa !important; text-decoration: none; }
-h1:hover a.wiki-anchor, h2:hover a.wiki-anchor, h3:hover a.wiki-anchor { display: inline; color: #ddd; }
 </style>
 </head>
 <body>

app/views/wiki/export_multiple.rhtml

@@ -6,13 +6,6 @@
 <style>
 body { font:80% Verdana,Tahoma,Arial,sans-serif; }
 h1, h2, h3, h4 {  font-family: "Trebuchet MS",Georgia,"Times New Roman",serif; }
-ul.toc { padding: 4px; margin-left: 0; }
-ul.toc li { list-style-type:none; }
-ul.toc li.heading2 { margin-left: 1em; }
-ul.toc li.heading3 { margin-left: 2em; }
-a.wiki-anchor { display: none; margin-left: 6px; text-decoration: none; }
-a.wiki-anchor:hover { color: #aaa !important; text-decoration: none; }
-h1:hover a.wiki-anchor, h2:hover a.wiki-anchor, h3:hover a.wiki-anchor { display: inline; color: #ddd; }
 </style>
 </head>
 <body>

config/environments/test.rb

@@ -15,6 +15,3 @@ config.action_controller.perform_caching             = false
 
 config.action_mailer.perform_deliveries = true
 config.action_mailer.delivery_method = :test
-
-# Skip protect_from_forgery in requests http://m.onkey.org/2007/9/28/csrf-protection-for-your-existing-rails-application
-config.action_controller.allow_forgery_protection  = false

config/environments/test_pgsql.rb

@@ -15,7 +15,3 @@ config.action_controller.perform_caching             = false
 
 config.action_mailer.perform_deliveries = true
 config.action_mailer.delivery_method = :test
-
-# Skip protect_from_forgery in requests http://m.onkey.org/2007/9/28/csrf-protection-for-your-existing-rails-application
-config.action_controller.allow_forgery_protection  = false
-

config/environments/test_sqlite3.rb

@@ -15,6 +15,3 @@ config.action_controller.perform_caching             = false
 
 config.action_mailer.perform_deliveries = true
 config.action_mailer.delivery_method = :test
-
-# Skip protect_from_forgery in requests http://m.onkey.org/2007/9/28/csrf-protection-for-your-existing-rails-application
-config.action_controller.allow_forgery_protection  = false

doc/CHANGELOG

@@ -4,16 +4,6 @@ Redmine - project management software
 Copyright (C) 2006-2009  Jean-Philippe Lang
 http://www.redmine.org/
 
-== 2009-11-15 v0.8.7
-
-* Fixed: Hide paragraph terminator at the end of headings on html export
-* Fixed: pre tags containing "<pre*"
-* Fixed: First date of the date range not included in the time report with SQLite
-* Fixed: Password field not styled correctly on alternative stylesheet
-* Fixed: Error when sumbitting a POST request that requires a login
-* Fixed: CSRF vulnerabilities
-
-
 == 2009-11-04 v0.8.6
 
 * Change links to closed issues to be a grey color

doc/INSTALL

@@ -30,10 +30,7 @@ Optional:
    rake db:migrate RAILS_ENV="production"
    It will create tables and an administrator account.
 
-5. Generate a session store secret. Run:
-   rake config/initializers/session_store.rb
-
-6. Setting up permissions
+5. Setting up permissions
    The user who runs Redmine must have write permission on the following
    subdirectories: files, log, tmp (create the last one if not present).
 
@@ -42,13 +39,13 @@ Optional:
      sudo chown -R redmine:redmine files log tmp
      sudo chmod -R 755 files log tmp
 
-7. Test the installation by running WEBrick web server:
+6. Test the installation by running WEBrick web server:
    ruby script/server -e production   
   
    Once WEBrick has started, point your browser to http://localhost:3000/
    You should now see the application welcome page
 
-8. Use default administrator account to log in:
+7. Use default administrator account to log in:
    login: admin
    password: admin
    

lib/redcloth3.rb

@@ -1011,7 +1011,7 @@ class RedCloth3 < String
     end
     
     OFFTAGS = /(code|pre|kbd|notextile)/
-    OFFTAG_MATCH = /(?:(<\/#{ OFFTAGS }>)|(<#{ OFFTAGS }[^>]*>))(.*?)(?=<\/?#{ OFFTAGS }\W|\Z)/mi
+    OFFTAG_MATCH = /(?:(<\/#{ OFFTAGS }>)|(<#{ OFFTAGS }[^>]*>))(.*?)(?=<\/?#{ OFFTAGS }|\Z)/mi
     OFFTAG_OPEN = /<#{ OFFTAGS }/
     OFFTAG_CLOSE = /<\/?#{ OFFTAGS }/
     HASTAG_MATCH = /(<\/?\w[^\n]*?>)/m

lib/redmine/version.rb

@@ -4,7 +4,7 @@ module Redmine
   module VERSION #:nodoc:
     MAJOR = 0
     MINOR = 8
-    TINY  = 7
+    TINY  = 6
     
     # Branch values:
     # * official release: nil

lib/tasks/initializers.rake

@@ -1,24 +0,0 @@
-desc 'Generates a configuration file for cookie store sessions.'
-
-file 'config/initializers/session_store.rb' do
-  path = File.join(RAILS_ROOT, 'config', 'initializers', 'session_store.rb')
-  secret = Rails::SecretKeyGenerator.new(self).generate_secret[0,40]
-  File.open(path, 'w') do |f|
-    f.write <<"EOF"
-# This file was generated by 'rake config/initializers/session_store.rb',
-# and should not be made visible to public.
-# If you have a load-balancing Redmine cluster, you will need to use the
-# same version of this file on each machine. And be sure to restart your
-# server when you modify this file.
- 
-# Your secret key for verifying cookie session data integrity. If you
-# change this key, all old sessions will become invalid! Make sure the
-# secret is at least 30 characters and all random, no regular words or
-# you'll be exposed to dictionary attacks.
-ActionController::Base.session = {
-  :session_key => '_redmine_session',
-  :secret => '#{secret}'
-}
-EOF
-  end
-end

public/javascripts/application.js

@@ -69,8 +69,7 @@ function setPredecessorFieldsVisibility() {
 function promptToRemote(text, param, url) {
     value = prompt(text + ':');
     if (value) {
-    		var sep = (url.indexOf('?') < 0 ? '?' : '&' )
-        new Ajax.Request(url + sep + param + '=' + encodeURIComponent(value), {asynchronous:true, evalScripts:true});
+        new Ajax.Request(url + '?' + param + '=' + encodeURIComponent(value), {asynchronous:true, evalScripts:true});
         return false;
     }
 }

public/themes/alternate/stylesheets/application.css

@@ -61,9 +61,9 @@ input[type="button"], input[type="submit"], input[type="reset"] { background-col
 input[type="button"]:hover, input[type="submit"]:hover, input[type="reset"]:hover { background-color: #ccccbb; }
 
 /* Fields */
-input[type="text"], input[type="password"], textarea, select { padding: 2px; border: 1px solid #d7d7d7; }
-input[type="text"], input[type="password"] { padding: 3px; }
-input[type="text"]:focus, input[type="password"]:focus, textarea:focus, select:focus { border: 1px solid #888866; }
+input[type="text"], textarea, select { padding: 2px; border: 1px solid #d7d7d7; }
+input[type="text"] { padding: 3px; }
+input[type="text"]:focus, textarea:focus, select:focus { border: 1px solid #888866; }
 option { border-bottom: 1px dotted #d7d7d7; }
 
 /* Misc */

test/functional/timelog_controller_test.rb

@@ -147,14 +147,6 @@ class TimelogControllerTest < Test::Unit::TestCase
     assert_equal "162.90", "%.2f" % assigns(:total_hours)
   end
   
-  def test_report_one_day
-    get :report, :project_id => 1, :columns => 'day', :from => "2007-03-23", :to => "2007-03-23", :criterias => ["member", "activity"]
-    assert_response :success
-    assert_template 'report'
-    assert_not_nil assigns(:total_hours)
-    assert_equal "4.25", "%.2f" % assigns(:total_hours)
-  end
-  
   def test_report_custom_field_criteria
     get :report, :project_id => 1, :criterias => ['project', 'cf_1']
     assert_response :success
@@ -246,14 +238,6 @@ class TimelogControllerTest < Test::Unit::TestCase
     assert_equal Date.today - 7, assigns(:from)
     assert_equal Date.today, assigns(:to)
   end
-
-  def test_details_one_day
-    get :details, :project_id => 1, :from => "2007-03-23", :to => "2007-03-23"
-    assert_response :success
-    assert_template 'details'
-    assert_not_nil assigns(:total_hours)
-    assert_equal "4.25", "%.2f" % assigns(:total_hours)
-  end
   
   def test_details_at_issue_level
     get :details, :issue_id => 1

test/integration/account_test.rb

@@ -147,24 +147,6 @@ class AccountTest < ActionController::IntegrationTest
     assert user.hashed_password.blank?
   end
   
-  def test_login_and_logout_should_clear_session
-    get '/login'
-    sid = session.session_id
-    
-    post '/login', :username => 'admin', :password => 'admin'
-    assert_redirected_to 'my/page'
-    assert_not_equal sid, session.session_id, "login should reset session"
-    assert_equal 1, session[:user_id]
-    sid = session.session_id
-    
-    get '/'
-    assert_equal sid, session.session_id
-      
-    get '/logout'
-    assert_not_equal sid, session.session_id, "logout should reset session"
-    assert_nil session[:user_id]
-  end
-  
   else
     puts 'Mocha is missing. Skipping tests.'
   end

test/integration/admin_test.rb

@@ -63,10 +63,4 @@ class AdminTest < ActionController::IntegrationTest
     assert_response :success
     assert_template "admin/projects"
   end  
-
-  def test_add_a_user_as_an_anonymous_user_should_fail
-    post '/users/add', :user => { :login => 'psmith', :firstname => 'Paul'}, :password => "psmith09", :password_confirmation => "psmith09"
-    assert_response :redirect
-    assert_redirected_to "/login?back_url=http%3A%2F%2Fwww.example.com%2Fusers%2Fadd"
-  end
 end

test/unit/helpers/application_helper_test.rb

@@ -251,29 +251,7 @@ RAW
     to_test.each { |text, result| assert_equal result, textilizable(text) }
   end
   
-  def test_pre_tags
-    raw = <<-RAW
-Before
-
-<pre>
-<prepared-statement-cache-size>32</prepared-statement-cache-size>
-</pre>
-
-After
-RAW
-
-    expected = <<-EXPECTED
-<p>Before</p>
-<pre>
-&lt;prepared-statement-cache-size&gt;32&lt;/prepared-statement-cache-size&gt;
-</pre>
-<p>After</p>
-EXPECTED
-    
-    assert_equal expected.gsub(%r{[\r\n\t]}, ''), textilizable(raw).gsub(%r{[\r\n\t]}, '')
-  end
-  
-  def test_syntax_highlight
+  def syntax_highlight
     raw = <<-RAW
 <pre><code class="ruby">
 # Some ruby code here