tagged version 1.4.3

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/tags/1.4.3@9773 e93f8b46-1217-0410-a6f0-8f06a7374b81

app/controllers/timelog_controller.rb

@@ -18,12 +18,13 @@
 class TimelogController < ApplicationController
   menu_item :issues
 
-  before_filter :find_project, :only => [:create]
+  before_filter :find_project_for_new_time_entry, :only => [:create]
   before_filter :find_time_entry, :only => [:show, :edit, :update]
   before_filter :find_time_entries, :only => [:bulk_edit, :bulk_update, :destroy]
   before_filter :authorize, :except => [:new, :index, :report]
 
-  before_filter :find_optional_project, :only => [:new, :index, :report]
+  before_filter :find_optional_project, :only => [:index, :report]
+  before_filter :find_optional_project_for_new_time_entry, :only => [:new]
   before_filter :authorize_global, :only => [:new, :index, :report]
 
   accept_rss_auth :index
@@ -133,9 +134,13 @@ class TimelogController < ApplicationController
           flash[:notice] = l(:notice_successful_create)
           if params[:continue]
             if params[:project_id]
-              redirect_to :action => 'new', :project_id => @time_entry.project, :issue_id => @time_entry.issue, :back_url => params[:back_url]
+              redirect_to :action => 'new', :project_id => @time_entry.project, :issue_id => @time_entry.issue,
+                :time_entry => {:issue_id => @time_entry.issue_id, :activity_id => @time_entry.activity_id},
+                :back_url => params[:back_url]
             else
-              redirect_to :action => 'new', :back_url => params[:back_url]
+              redirect_to :action => 'new', 
+                :time_entry => {:project_id => @time_entry.project_id, :issue_id => @time_entry.issue_id, :activity_id => @time_entry.activity_id},
+                :back_url => params[:back_url]
             end
           else
             redirect_back_or_default :action => 'index', :project_id => @time_entry.project
@@ -258,7 +263,7 @@ private
     end
   end
 
-  def find_project
+  def find_optional_project_for_new_time_entry
     if (project_id = (params[:project_id] || params[:time_entry] && params[:time_entry][:project_id])).present?
       @project = Project.find(project_id)
     end
@@ -266,14 +271,17 @@ private
       @issue = Issue.find(issue_id)
       @project ||= @issue.project
     end
-    if @project.nil?
-      render_404
-      return false
-    end
   rescue ActiveRecord::RecordNotFound
     render_404
   end
 
+  def find_project_for_new_time_entry
+    find_optional_project_for_new_time_entry
+    if @project.nil?
+      render_404
+    end
+  end
+
   def find_optional_project
     if !params[:issue_id].blank?
       @issue = Issue.find(params[:issue_id])

app/views/timelog/new.html.erb

@@ -1,6 +1,7 @@
 <h2><%= l(:label_spent_time) %></h2>
 
 <% labelled_form_for @time_entry, :url => time_entries_path do |f| %>
+  <%= hidden_field_tag 'project_id', params[:project_id] if params[:project_id] %>
   <%= render :partial => 'form', :locals => {:f => f} %>
   <%= submit_tag l(:button_create) %>
   <%= submit_tag l(:button_create_and_continue), :name => 'continue' %>

config/initializers/10-patches.rb

@@ -85,4 +85,30 @@ module ActionController
       end
     end
   end
+
+  # CVE-2012-2660
+  # https://groups.google.com/group/rubyonrails-security/browse_thread/thread/f1203e3376acec0f
+  class Request
+    protected
+
+    # Remove nils from the params hash
+    def deep_munge(hash)
+      hash.each_value do |v|
+        case v
+        when Array
+          v.grep(Hash) { |x| deep_munge(x) }
+        when Hash
+          deep_munge(v)
+        end
+      end
+
+      keys = hash.keys.find_all { |k| hash[k] == [nil] }
+      keys.each { |k| hash[k] = nil }
+      hash
+    end
+
+    def parse_query(qs)
+      deep_munge(super)
+    end
+  end
 end

doc/CHANGELOG

@@ -4,6 +4,13 @@ Redmine - project management software
 Copyright (C) 2006-2012  Jean-Philippe Lang
 http://www.redmine.org/
 
+== 2012-06-05 v1.4.3
+
+* Defect #11038: "Create and continue" should preserve project, issue and activity when logging time
+* Defect #11046: Redmine.pm does not support "bind as user" ldap authentication
+* Defect #11051: reposman.rb fails in 1.4.2 because of missing require for rubygems
+* Fix for Rails vulnerability CVE-2012-2660
+
 == 2012-05-13 v1.4.2
 
 * Defect #10744: rake task redmine:email:test broken

extra/svn/Redmine.pm

@@ -366,12 +366,19 @@ sub is_member {
           );
           $sthldap->execute($auth_source_id);
           while (my @rowldap = $sthldap->fetchrow_array) {
+            my $bind_as = $rowldap[3] ? $rowldap[3] : "";
+            my $bind_pw = $rowldap[4] ? $rowldap[4] : "";
+            if ($bind_as =~ m/\$login/) {
+              # replace $login with $redmine_user and use $redmine_pass
+              $bind_as =~ s/\$login/$redmine_user/g;
+              $bind_pw = $redmine_pass
+            }
             my $ldap = Authen::Simple::LDAP->new(
                 host    =>      ($rowldap[2] eq "1" || $rowldap[2] eq "t") ? "ldaps://$rowldap[0]:$rowldap[1]" : $rowldap[0],
                 port    =>      $rowldap[1],
                 basedn  =>      $rowldap[5],
-                binddn  =>      $rowldap[3] ? $rowldap[3] : "",
-                bindpw  =>      $rowldap[4] ? $rowldap[4] : "",
+                binddn  =>      $bind_as,
+                bindpw  =>      $bind_pw,
                 filter  =>      "(".$rowldap[6]."=%s)"
             );
             my $method = $r->method;

extra/svn/reposman.rb

@@ -3,6 +3,7 @@
 require 'optparse'
 require 'find'
 require 'etc'
+require 'rubygems'
 
 Version = "1.4"
 SUPPORTED_SCM = %w( Subversion Darcs Mercurial Bazaar Git Filesystem )

lib/redmine/version.rb

@@ -4,7 +4,7 @@ module Redmine
   module VERSION #:nodoc:
     MAJOR = 1
     MINOR = 4
-    TINY  = 2
+    TINY  = 3
 
     # Branch values:
     # * official release: nil

test/functional/timelog_controller_test.rb

@@ -44,6 +44,7 @@ class TimelogControllerTest < ActionController::TestCase
     # Default activity selected
     assert_tag :tag => 'option', :attributes => { :selected => 'selected' },
                                  :content => 'Development'
+    assert_select 'input[name=project_id][value=1]'
   end
 
   def test_get_new_should_only_show_active_time_entry_activities
@@ -61,6 +62,18 @@ class TimelogControllerTest < ActionController::TestCase
     assert_response :success
     assert_template 'new'
     assert_tag 'select', :attributes => {:name => 'time_entry[project_id]'}
+    assert_select 'input[name=project_id]', 0
+  end
+
+  def test_new_without_project_should_prefill_the_form
+    @request.session[:user_id] = 3
+    get :new, :time_entry => {:project_id => '1'}
+    assert_response :success
+    assert_template 'new'
+    assert_select 'select[name=?]', 'time_entry[project_id]' do
+      assert_select 'option[value=1][selected=selected]'
+    end
+    assert_select 'input[name=project_id]', 0
   end
 
   def test_new_without_project_should_deny_without_permission
@@ -144,7 +157,7 @@ class TimelogControllerTest < ActionController::TestCase
                                 :spent_on => '2008-03-14',
                                 :hours => '7.3'},
                 :continue => '1'
-    assert_redirected_to '/projects/ecookbook/time_entries/new'
+    assert_redirected_to '/projects/ecookbook/time_entries/new?time_entry%5Bactivity_id%5D=11&time_entry%5Bissue_id%5D='
   end
 
   def test_create_and_continue_with_issue_id
@@ -155,7 +168,7 @@ class TimelogControllerTest < ActionController::TestCase
                                 :spent_on => '2008-03-14',
                                 :hours => '7.3'},
                 :continue => '1'
-    assert_redirected_to '/projects/ecookbook/issues/1/time_entries/new'
+    assert_redirected_to '/projects/ecookbook/issues/1/time_entries/new?time_entry%5Bactivity_id%5D=11&time_entry%5Bissue_id%5D=1'
   end
 
   def test_create_and_continue_without_project
@@ -167,7 +180,7 @@ class TimelogControllerTest < ActionController::TestCase
                                 :hours => '7.3'},
                   :continue => '1'
 
-    assert_redirected_to '/time_entries/new'
+    assert_redirected_to '/time_entries/new?time_entry%5Bactivity_id%5D=11&time_entry%5Bissue_id%5D=&time_entry%5Bproject_id%5D=1'
   end
 
   def test_create_without_log_time_permission_should_be_denied