tagged version 1.4.2

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/tags/1.4.2@9693 e93f8b46-1217-0410-a6f0-8f06a7374b81

app/controllers/timelog_controller.rb

@@ -18,13 +18,12 @@
 class TimelogController < ApplicationController
   menu_item :issues
 
-  before_filter :find_project_for_new_time_entry, :only => [:create]
+  before_filter :find_project, :only => [:create]
   before_filter :find_time_entry, :only => [:show, :edit, :update]
   before_filter :find_time_entries, :only => [:bulk_edit, :bulk_update, :destroy]
   before_filter :authorize, :except => [:new, :index, :report]
 
-  before_filter :find_optional_project, :only => [:index, :report]
-  before_filter :find_optional_project_for_new_time_entry, :only => [:new]
+  before_filter :find_optional_project, :only => [:new, :index, :report]
   before_filter :authorize_global, :only => [:new, :index, :report]
 
   accept_rss_auth :index
@@ -134,13 +133,9 @@ class TimelogController < ApplicationController
           flash[:notice] = l(:notice_successful_create)
           if params[:continue]
             if params[:project_id]
-              redirect_to :action => 'new', :project_id => @time_entry.project, :issue_id => @time_entry.issue,
-                :time_entry => {:issue_id => @time_entry.issue_id, :activity_id => @time_entry.activity_id},
-                :back_url => params[:back_url]
+              redirect_to :action => 'new', :project_id => @time_entry.project, :issue_id => @time_entry.issue, :back_url => params[:back_url]
             else
-              redirect_to :action => 'new', 
-                :time_entry => {:project_id => @time_entry.project_id, :issue_id => @time_entry.issue_id, :activity_id => @time_entry.activity_id},
-                :back_url => params[:back_url]
+              redirect_to :action => 'new', :back_url => params[:back_url]
             end
           else
             redirect_back_or_default :action => 'index', :project_id => @time_entry.project
@@ -263,7 +258,7 @@ private
     end
   end
 
-  def find_optional_project_for_new_time_entry
+  def find_project
     if (project_id = (params[:project_id] || params[:time_entry] && params[:time_entry][:project_id])).present?
       @project = Project.find(project_id)
     end
@@ -271,15 +266,12 @@ private
       @issue = Issue.find(issue_id)
       @project ||= @issue.project
     end
-  rescue ActiveRecord::RecordNotFound
-    render_404
-  end
-
-  def find_project_for_new_time_entry
-    find_optional_project_for_new_time_entry
     if @project.nil?
       render_404
+      return false
     end
+  rescue ActiveRecord::RecordNotFound
+    render_404
   end
 
   def find_optional_project

app/views/timelog/new.html.erb

@@ -1,7 +1,6 @@
 <h2><%= l(:label_spent_time) %></h2>
 
 <% labelled_form_for @time_entry, :url => time_entries_path do |f| %>
-  <%= hidden_field_tag 'project_id', params[:project_id] if params[:project_id] %>
   <%= render :partial => 'form', :locals => {:f => f} %>
   <%= submit_tag l(:button_create) %>
   <%= submit_tag l(:button_create_and_continue), :name => 'continue' %>

config/initializers/10-patches.rb

@@ -85,30 +85,4 @@ module ActionController
       end
     end
   end
-
-  # CVE-2012-2660
-  # https://groups.google.com/group/rubyonrails-security/browse_thread/thread/f1203e3376acec0f
-  class Request
-    protected
-
-    # Remove nils from the params hash
-    def deep_munge(hash)
-      hash.each_value do |v|
-        case v
-        when Array
-          v.grep(Hash) { |x| deep_munge(x) }
-        when Hash
-          deep_munge(v)
-        end
-      end
-
-      keys = hash.keys.find_all { |k| hash[k] == [nil] }
-      keys.each { |k| hash[k] = nil }
-      hash
-    end
-
-    def parse_query(qs)
-      deep_munge(super)
-    end
-  end
 end

doc/CHANGELOG

@@ -4,13 +4,6 @@ Redmine - project management software
 Copyright (C) 2006-2012  Jean-Philippe Lang
 http://www.redmine.org/
 
-== 2012-06-05 v1.4.3
-
-* Defect #11038: "Create and continue" should preserve project, issue and activity when logging time
-* Defect #11046: Redmine.pm does not support "bind as user" ldap authentication
-* Defect #11051: reposman.rb fails in 1.4.2 because of missing require for rubygems
-* Fix for Rails vulnerability CVE-2012-2660
-
 == 2012-05-13 v1.4.2
 
 * Defect #10744: rake task redmine:email:test broken

extra/svn/Redmine.pm

@@ -366,19 +366,12 @@ sub is_member {
           );
           $sthldap->execute($auth_source_id);
           while (my @rowldap = $sthldap->fetchrow_array) {
-            my $bind_as = $rowldap[3] ? $rowldap[3] : "";
-            my $bind_pw = $rowldap[4] ? $rowldap[4] : "";
-            if ($bind_as =~ m/\$login/) {
-              # replace $login with $redmine_user and use $redmine_pass
-              $bind_as =~ s/\$login/$redmine_user/g;
-              $bind_pw = $redmine_pass
-            }
             my $ldap = Authen::Simple::LDAP->new(
                 host    =>      ($rowldap[2] eq "1" || $rowldap[2] eq "t") ? "ldaps://$rowldap[0]:$rowldap[1]" : $rowldap[0],
                 port    =>      $rowldap[1],
                 basedn  =>      $rowldap[5],
-                binddn  =>      $bind_as,
-                bindpw  =>      $bind_pw,
+                binddn  =>      $rowldap[3] ? $rowldap[3] : "",
+                bindpw  =>      $rowldap[4] ? $rowldap[4] : "",
                 filter  =>      "(".$rowldap[6]."=%s)"
             );
             my $method = $r->method;

extra/svn/reposman.rb

@@ -3,7 +3,6 @@
 require 'optparse'
 require 'find'
 require 'etc'
-require 'rubygems'
 
 Version = "1.4"
 SUPPORTED_SCM = %w( Subversion Darcs Mercurial Bazaar Git Filesystem )

lib/redmine/version.rb

@@ -4,7 +4,7 @@ module Redmine
   module VERSION #:nodoc:
     MAJOR = 1
     MINOR = 4
-    TINY  = 3
+    TINY  = 2
 
     # Branch values:
     # * official release: nil

test/functional/timelog_controller_test.rb

@@ -44,7 +44,6 @@ class TimelogControllerTest < ActionController::TestCase
     # Default activity selected
     assert_tag :tag => 'option', :attributes => { :selected => 'selected' },
                                  :content => 'Development'
-    assert_select 'input[name=project_id][value=1]'
   end
 
   def test_get_new_should_only_show_active_time_entry_activities
@@ -62,18 +61,6 @@ class TimelogControllerTest < ActionController::TestCase
     assert_response :success
     assert_template 'new'
     assert_tag 'select', :attributes => {:name => 'time_entry[project_id]'}
-    assert_select 'input[name=project_id]', 0
-  end
-
-  def test_new_without_project_should_prefill_the_form
-    @request.session[:user_id] = 3
-    get :new, :time_entry => {:project_id => '1'}
-    assert_response :success
-    assert_template 'new'
-    assert_select 'select[name=?]', 'time_entry[project_id]' do
-      assert_select 'option[value=1][selected=selected]'
-    end
-    assert_select 'input[name=project_id]', 0
   end
 
   def test_new_without_project_should_deny_without_permission
@@ -157,7 +144,7 @@ class TimelogControllerTest < ActionController::TestCase
                                 :spent_on => '2008-03-14',
                                 :hours => '7.3'},
                 :continue => '1'
-    assert_redirected_to '/projects/ecookbook/time_entries/new?time_entry%5Bactivity_id%5D=11&time_entry%5Bissue_id%5D='
+    assert_redirected_to '/projects/ecookbook/time_entries/new'
   end
 
   def test_create_and_continue_with_issue_id
@@ -168,7 +155,7 @@ class TimelogControllerTest < ActionController::TestCase
                                 :spent_on => '2008-03-14',
                                 :hours => '7.3'},
                 :continue => '1'
-    assert_redirected_to '/projects/ecookbook/issues/1/time_entries/new?time_entry%5Bactivity_id%5D=11&time_entry%5Bissue_id%5D=1'
+    assert_redirected_to '/projects/ecookbook/issues/1/time_entries/new'
   end
 
   def test_create_and_continue_without_project
@@ -180,7 +167,7 @@ class TimelogControllerTest < ActionController::TestCase
                                 :hours => '7.3'},
                   :continue => '1'
 
-    assert_redirected_to '/time_entries/new?time_entry%5Bactivity_id%5D=11&time_entry%5Bissue_id%5D=&time_entry%5Bproject_id%5D=1'
+    assert_redirected_to '/time_entries/new'
   end
 
   def test_create_without_log_time_permission_should_be_denied