tagged version 1.1.3

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/tags/1.1.3@5594 e93f8b46-1217-0410-a6f0-8f06a7374b81
Updates for 1.1.3 release.
2011-04-29 09:37:47 +00:00 · 2011-04-29 09:23:34 +00:00 · 2011-04-29 09:07:40 +00:00 · 2011-04-29 09:06:32 +00:00 · 2011-04-29 09:02:29 +00:00 · 2011-04-29 09:01:37 +00:00
1822 changed files with 81598 additions and 97399 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -1,18 +1,14 @@
 /.project
 /.loadpath
 /config/additional_environment.rb
-/config/configuration.yml
 /config/database.yml
 /config/email.yml
 /config/initializers/session_store.rb
-/config/initializers/secret_token.rb
 /coverage
 /db/*.db
 /db/*.sqlite3
 /db/schema.rb
 /files/*
-/lib/redmine/scm/adapters/mercurial/redminehelper.pyc
-/lib/redmine/scm/adapters/mercurial/redminehelper.pyo
 /log/*.log*
 /log/mongrel_debug
 /public/dispatch.*
@@ -22,11 +18,5 @@
 /tmp/sessions/*
 /tmp/sockets/*
 /tmp/test/*
-/vendor/cache
 /vendor/rails
 *.rbc
-
-/.bundle
-/Gemfile.lock
-/Gemfile.local
-
--- a/.hgignore
+++ b/.hgignore
@@ -3,18 +3,14 @@ syntax: glob
 .project
 .loadpath
 config/additional_environment.rb
-config/configuration.yml
 config/database.yml
 config/email.yml
 config/initializers/session_store.rb
-config/initializers/secret_token.rb
 coverage
 db/*.db
 db/*.sqlite3
 db/schema.rb
 files/*
-lib/redmine/scm/adapters/mercurial/redminehelper.pyc
-lib/redmine/scm/adapters/mercurial/redminehelper.pyo
 log/*.log*
 log/mongrel_debug
 public/dispatch.*
@@ -24,14 +20,5 @@ tmp/cache/*
 tmp/sessions/*
 tmp/sockets/*
 tmp/test/*
-vendor/cache
 vendor/rails
 *.rbc
-
-.svn/
-.git/
-
-.bundle
-Gemfile.lock
-Gemfile.local
-
--- a/92
+++ b/92
@@ -1,92 +0,0 @@
-source 'http://rubygems.org'
-
-gem 'rails', '3.2.8'
-gem "jquery-rails", "~> 2.0.2"
-gem "i18n", "~> 0.6.0"
-gem "coderay", "~> 1.0.6"
-gem "fastercsv", "~> 1.5.0", :platforms => [:mri_18, :mingw_18, :jruby]
-gem "builder", "3.0.0"
-
-# Optional gem for LDAP authentication
-group :ldap do
-  gem "net-ldap", "~> 0.3.1"
-end
-
-# Optional gem for OpenID authentication
-group :openid do
-  gem "ruby-openid", "~> 2.1.4", :require => "openid"
-  gem "rack-openid"
-end
-
-# Optional gem for exporting the gantt to a PNG file, not supported with jruby
-platforms :mri, :mingw do
-  group :rmagick do
-    # RMagick 2 supports ruby 1.9
-    # RMagick 1 would be fine for ruby 1.8 but Bundler does not support
-    # different requirements for the same gem on different platforms
-    gem "rmagick", ">= 2.0.0"
-  end
-end
-
-# Database gems
-platforms :mri, :mingw do
-  group :postgresql do
-    gem "pg", ">= 0.11.0"
-  end
-
-  group :sqlite do
-    gem "sqlite3"
-  end
-end
-
-platforms :mri_18, :mingw_18 do
-  group :mysql do
-    gem "mysql"
-  end
-end
-
-platforms :mri_19, :mingw_19 do
-  group :mysql do
-    gem "mysql2", "~> 0.3.11"
-  end
-end
-
-platforms :jruby do
-  gem "jruby-openssl"
-
-  group :mysql do
-    gem "activerecord-jdbcmysql-adapter"
-  end
-
-  group :postgresql do
-    gem "activerecord-jdbcpostgresql-adapter"
-  end
-
-  group :sqlite do
-    gem "activerecord-jdbcsqlite3-adapter"
-  end
-end
-
-group :development do
-  gem "rdoc", ">= 2.4.2"
-  gem "yard"
-end
-
-group :test do
-  gem "shoulda", "~> 2.11"
-  # Shoulda does not work nice on Ruby 1.9.3 and seems to need test-unit explicitely.
-  gem "test-unit", :platforms => [:mri_19]
-  gem "mocha", "0.12.3"
-end
-
-local_gemfile = File.join(File.dirname(__FILE__), "Gemfile.local")
-if File.exists?(local_gemfile)
-  puts "Loading Gemfile.local ..." if $DEBUG # `ruby -d` or `bundle -v`
-  instance_eval File.read(local_gemfile)
-end
-
-# Load plugins' Gemfiles
-Dir.glob File.expand_path("../plugins/*/Gemfile", __FILE__) do |file|
-  puts "Loading #{file} ..." if $DEBUG # `ruby -d` or `bundle -v`
-  instance_eval File.read(file)
-end
--- a/README.rdoc
+++ b/README.rdoc
@@ -2,4 +2,4 @@

 Redmine is a flexible project management web application written using Ruby on Rails framework.

-More details can be found in the doc directory or on the official website http://www.redmine.org
+More details can be found at in the doc directory or on the official website http://www.redmine.org
--- a/11
+++ b/11
@@ -1,7 +1,10 @@
-#!/usr/bin/env rake
 # Add your own tasks in files placed in lib/tasks ending in .rake,
-# for example lib/tasks/capistrano.rake, and they will automatically be available to Rake.
+# for example lib/tasks/switchtower.rake, and they will automatically be available to Rake.

-require File.expand_path('../config/application', __FILE__)
+require(File.join(File.dirname(__FILE__), 'config', 'boot'))

-RedmineApp::Application.load_tasks
+require 'rake'
+require 'rake/testtask'
+require 'rake/rdoctask'
+
+require 'tasks/rails'
--- a/app/controllers/account_controller.rb
+++ b/app/controllers/account_controller.rb
@@ -1,24 +1,24 @@
 # Redmine - project management software
-# Copyright (C) 2006-2012  Jean-Philippe Lang
+# Copyright (C) 2006-2009  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 class AccountController < ApplicationController
  helper :custom_fields
-  include CustomFieldsHelper
-
+  include CustomFieldsHelper   
+  
  # prevents login action to be filtered by check_if_login_required application scope filter
  skip_before_filter :check_if_login_required

@@ -29,9 +29,6 @@ class AccountController < ApplicationController
    else
      authenticate_user
    end
-  rescue AuthSourceException => e
-    logger.error "An error occured when authenticating #{params[:username]}: #{e.message}"
-    render_error :message => e.message
  end

  # Log out current user and redirect to welcome page
@@ -39,57 +36,44 @@ class AccountController < ApplicationController
    logout_user
    redirect_to home_url
  end
-
-  # Lets user choose a new password
+  
+  # Enable user to choose a new password
  def lost_password
    redirect_to(home_url) && return unless Setting.lost_password?
    if params[:token]
-      @token = Token.find_by_action_and_value("recovery", params[:token].to_s)
-      if @token.nil? || @token.expired?
-        redirect_to home_url
-        return
-      end
+      @token = Token.find_by_action_and_value("recovery", params[:token])
+      redirect_to(home_url) && return unless @token and !@token.expired?
      @user = @token.user
-      unless @user && @user.active?
-        redirect_to home_url
-        return
-      end
      if request.post?
        @user.password, @user.password_confirmation = params[:new_password], params[:new_password_confirmation]
        if @user.save
          @token.destroy
          flash[:notice] = l(:notice_account_password_updated)
-          redirect_to signin_path
+          redirect_to :action => 'login'
          return
-        end
+        end 
      end
      render :template => "account/password_recovery"
      return
    else
      if request.post?
-        user = User.find_by_mail(params[:mail].to_s)
-        # user not found or not active
-        unless user && user.active?
-          flash.now[:error] = l(:notice_account_unknown_email)
-          return
-        end
-        # user cannot change its password
-        unless user.change_password_allowed?
-          flash.now[:error] = l(:notice_can_t_change_password)
-          return
-        end
+        user = User.find_by_mail(params[:mail])
+        # user not found in db
+        (flash.now[:error] = l(:notice_account_unknown_email); return) unless user
+        # user uses an external authentification
+        (flash.now[:error] = l(:notice_can_t_change_password); return) if user.auth_source_id
        # create a new token for password recovery
        token = Token.new(:user => user, :action => "recovery")
        if token.save
-          Mailer.lost_password(token).deliver
+          Mailer.deliver_lost_password(token)
          flash[:notice] = l(:notice_account_lost_email_sent)
-          redirect_to signin_path
+          redirect_to :action => 'login'
          return
        end
      end
    end
  end
-
+  
  # User self-registration
  def register
    redirect_to(home_url) && return unless Setting.self_registration? || session[:auth_source_registration]
@@ -97,9 +81,7 @@ class AccountController < ApplicationController
      session[:auth_source_registration] = nil
      @user = User.new(:language => Setting.default_language)
    else
-      user_params = params[:user] || {}
-      @user = User.new
-      @user.safe_attributes = user_params
+      @user = User.new(params[:user])
      @user.admin = false
      @user.register
      if session[:auth_source_registration]
@@ -114,9 +96,7 @@ class AccountController < ApplicationController
        end
      else
        @user.login = params[:user][:login]
-        unless user_params[:identity_url].present? && user_params[:password].blank? && user_params[:password_confirmation].blank?
-          @user.password, @user.password_confirmation = user_params[:password], user_params[:password_confirmation]
-        end
+        @user.password, @user.password_confirmation = params[:password], params[:password_confirmation]

        case Setting.self_registration
        when '1'
@@ -129,7 +109,7 @@ class AccountController < ApplicationController
      end
    end
  end
-
+  
  # Token based account activation
  def activate
    redirect_to(home_url) && return unless Setting.self_registration? && params[:token]
@@ -142,11 +122,19 @@ class AccountController < ApplicationController
      token.destroy
      flash[:notice] = l(:notice_account_activated)
    end
-    redirect_to signin_path
+    redirect_to :action => 'login'
  end
-
+  
  private
-
+  
+  def logout_user
+    if User.current.logged?
+      cookies.delete :autologin
+      Token.delete_all(["user_id = ? AND action = ?", User.current.id, 'autologin'])
+      self.logged_user = nil
+    end
+  end
+  
  def authenticate_user
    if Setting.openid? && using_open_id?
      open_id_authenticate(params[:openid_url])
@@ -168,8 +156,9 @@ class AccountController < ApplicationController
    end
  end

+  
  def open_id_authenticate(openid_url)
-    authenticate_with_open_id(openid_url, :required => [:nickname, :fullname, :email], :return_to => signin_url, :method => :post) do |result, identity_url, registration|
+    authenticate_with_open_id(openid_url, :required => [:nickname, :fullname, :email], :return_to => signin_url) do |result, identity_url, registration|
      if result.successful?
        user = User.find_or_initialize_by_identity_url(identity_url)
        if user.new_record?
@@ -196,7 +185,7 @@ class AccountController < ApplicationController
            register_manually_by_administrator(user) do
              onthefly_creation_failed(user)
            end
-          end
+          end          
        else
          # Existing record
          if user.active?
@@ -208,32 +197,19 @@ class AccountController < ApplicationController
      end
    end
  end
-
+  
  def successful_authentication(user)
-    logger.info "Successful authentication for '#{user.login}' from #{request.remote_ip} at #{Time.now.utc}"
    # Valid user
    self.logged_user = user
    # generate a key and set cookie if autologin
    if params[:autologin] && Setting.autologin?
-      set_autologin_cookie(user)
+      token = Token.create(:user => user, :action => 'autologin')
+      cookies[:autologin] = { :value => token.value, :expires => 1.year.from_now }
    end
    call_hook(:controller_account_success_authentication_after, {:user => user })
    redirect_back_or_default :controller => 'my', :action => 'page'
  end

-  def set_autologin_cookie(user)
-    token = Token.create(:user => user, :action => 'autologin')
-    cookie_name = Redmine::Configuration['autologin_cookie_name'] || 'autologin'
-    cookie_options = {
-      :value => token.value,
-      :expires => 1.year.from_now,
-      :path => (Redmine::Configuration['autologin_cookie_path'] || '/'),
-      :secure => (Redmine::Configuration['autologin_cookie_secure'] ? true : false),
-      :httponly => true
-    }
-    cookies[cookie_name] = cookie_options
-  end
-
  # Onthefly creation failed, display the registration form to fill/fix attributes
  def onthefly_creation_failed(user, auth_source_options = { })
    @user = user
@@ -252,14 +228,14 @@ class AccountController < ApplicationController
  def register_by_email_activation(user, &block)
    token = Token.new(:user => user, :action => "register")
    if user.save and token.save
-      Mailer.register(token).deliver
+      Mailer.deliver_register(token)
      flash[:notice] = l(:notice_account_register_done)
-      redirect_to signin_path
+      redirect_to :action => 'login'
    else
      yield if block_given?
    end
  end
-
+  
  # Automatically register a user
  #
  # Pass a block for behavior when a user fails to save
@@ -275,14 +251,14 @@ class AccountController < ApplicationController
      yield if block_given?
    end
  end
-
+  
  # Manual activation by the administrator
  #
  # Pass a block for behavior when a user fails to save
  def register_manually_by_administrator(user, &block)
    if user.save
      # Sends an email to the administrators
-      Mailer.account_activation_request(user).deliver
+      Mailer.deliver_account_activation_request(user)
      account_pending
    else
      yield if block_given?
@@ -291,6 +267,6 @@ class AccountController < ApplicationController

  def account_pending
    flash[:notice] = l(:notice_account_pending)
-    redirect_to signin_path
+    redirect_to :action => 'login'
  end
 end
--- a/app/controllers/activities_controller.rb
+++ b/app/controllers/activities_controller.rb
@@ -1,28 +1,11 @@
-# Redmine - project management software
-# Copyright (C) 2006-2012  Jean-Philippe Lang
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
-# of the License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
-
 class ActivitiesController < ApplicationController
  menu_item :activity
  before_filter :find_optional_project
-  accept_rss_auth :index
+  accept_key_auth :index

  def index
    @days = Setting.activity_days_default.to_i
-
+    
    if params[:from]
      begin; @date_to = params[:from].to_date + 1; rescue; end
    end
@@ -31,19 +14,19 @@ class ActivitiesController < ApplicationController
    @date_from = @date_to - @days
    @with_subprojects = params[:with_subprojects].nil? ? Setting.display_subprojects_issues? : (params[:with_subprojects] == '1')
    @author = (params[:user_id].blank? ? nil : User.active.find(params[:user_id]))
-
-    @activity = Redmine::Activity::Fetcher.new(User.current, :project => @project,
+    
+    @activity = Redmine::Activity::Fetcher.new(User.current, :project => @project, 
                                                             :with_subprojects => @with_subprojects,
                                                             :author => @author)
    @activity.scope_select {|t| !params["show_#{t}"].nil?}
    @activity.scope = (@author.nil? ? :default : :all) if @activity.scope.empty?

    events = @activity.events(@date_from, @date_to)
-
-    if events.empty? || stale?(:etag => [@activity.scope, @date_to, @date_from, @with_subprojects, @author, events.first, events.size, User.current, current_language])
+    
+    if events.empty? || stale?(:etag => [@activity.scope, @date_to, @date_from, @with_subprojects, @author, events.first, User.current, current_language])
      respond_to do |format|
-        format.html {
-          @events_by_day = events.group_by {|event| User.current.time_to_date(event.event_datetime)}
+        format.html { 
+          @events_by_day = events.group_by(&:event_date)
          render :layout => false if request.xhr?
        }
        format.atom {
@@ -57,7 +40,7 @@ class ActivitiesController < ApplicationController
        }
      end
    end
-
+    
  rescue ActiveRecord::RecordNotFound
    render_404
  end
@@ -72,4 +55,5 @@ class ActivitiesController < ApplicationController
  rescue ActiveRecord::RecordNotFound
    render_404
  end
+
 end
--- a/app/controllers/admin_controller.rb
+++ b/app/controllers/admin_controller.rb
@@ -1,27 +1,25 @@
-# Redmine - project management software
-# Copyright (C) 2006-2012  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 class AdminController < ApplicationController
  layout 'admin'
-  menu_item :projects, :only => :projects
-  menu_item :plugins, :only => :plugins
-  menu_item :info, :only => :info
-
+  
  before_filter :require_admin
+
  helper :sort
  include SortHelper	

@@ -30,20 +28,24 @@ class AdminController < ApplicationController
  end
 	
  def projects
-    @status = params[:status] || 1
-
-    scope = Project.status(@status)
-    scope = scope.like(params[:name]) if params[:name].present?
-
-    @projects = scope.all(:order => 'lft')
+    @status = params[:status] ? params[:status].to_i : 1
+    c = ARCondition.new(@status == 0 ? "status <> 0" : ["status = ?", @status])
+    
+    unless params[:name].blank?
+      name = "%#{params[:name].strip.downcase}%"
+      c << ["LOWER(identifier) LIKE ? OR LOWER(name) LIKE ?", name, name]
+    end
+    
+    @projects = Project.find :all, :order => 'lft',
+                                   :conditions => c.conditions

    render :action => "projects", :layout => false if request.xhr?
  end
-
+  
  def plugins
    @plugins = Redmine::Plugin.all
  end
-
+  
  # Loads the default configuration
  # (roles, trackers, statuses, workflow, enumerations)
  def default_configuration
@@ -57,13 +59,13 @@ class AdminController < ApplicationController
    end
    redirect_to :action => 'index'
  end
-
+  
  def test_email
    raise_delivery_errors = ActionMailer::Base.raise_delivery_errors
    # Force ActionMailer to raise delivery errors so we can catch it
    ActionMailer::Base.raise_delivery_errors = true
    begin
-      @test = Mailer.test_email(User.current).deliver
+      @test = Mailer.deliver_test(User.current)
      flash[:notice] = l(:notice_email_sent, User.current.mail)
    rescue Exception => e
      flash[:error] = l(:notice_email_error, e.message)
@@ -71,14 +73,14 @@ class AdminController < ApplicationController
    ActionMailer::Base.raise_delivery_errors = raise_delivery_errors
    redirect_to :controller => 'settings', :action => 'edit', :tab => 'notifications'
  end
-
+  
  def info
    @db_adapter_name = ActiveRecord::Base.connection.adapter_name
    @checklist = [
-      [:text_default_administrator_account_changed, User.default_admin_account_changed?],
+      [:text_default_administrator_account_changed, User.find(:first, :conditions => ["login=? and hashed_password=?", 'admin', User.hash_password('admin')]).nil?],
      [:text_file_repository_writable, File.writable?(Attachment.storage_path)],
-      [:text_plugin_assets_writable,   File.writable?(Redmine::Plugin.public_directory)],
-      [:text_rmagick_available,        Object.const_defined?(:Magick)]
+      [:text_plugin_assets_writable, File.writable?(Engines.public_directory)],
+      [:text_rmagick_available, Object.const_defined?(:Magick)]
    ]
-  end
+  end  
 end
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -1,16 +1,16 @@
-# Redmine - project management software
-# Copyright (C) 2006-2012  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006-2007  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
@@ -18,63 +18,36 @@
 require 'uri'
 require 'cgi'

-class Unauthorized < Exception; end
-
 class ApplicationController < ActionController::Base
  include Redmine::I18n
-  
-  class_attribute :accept_api_auth_actions
-  class_attribute :accept_rss_auth_actions
-  class_attribute :model_object

  layout 'base'
-
-  protect_from_forgery
-  def handle_unverified_request
-    super
-    cookies.delete(:autologin)
+  exempt_from_layout 'builder', 'rsb'
+  
+  # Remove broken cookie after upgrade from 0.8.x (#4292)
+  # See https://rails.lighthouseapp.com/projects/8994/tickets/3360
+  # TODO: remove it when Rails is fixed
+  before_filter :delete_broken_cookies
+  def delete_broken_cookies
+    if cookies['_redmine_session'] && cookies['_redmine_session'] !~ /--/
+      cookies.delete '_redmine_session'    
+      redirect_to home_path
+      return false
+    end
  end
-
-  before_filter :session_expiration, :user_setup, :check_if_login_required, :set_localization
-
+  
+  before_filter :user_setup, :check_if_login_required, :set_localization
+  filter_parameter_logging :password
+  protect_from_forgery
+  
  rescue_from ActionController::InvalidAuthenticityToken, :with => :invalid_authenticity_token
-  rescue_from ::Unauthorized, :with => :deny_access
-  rescue_from ::ActionView::MissingTemplate, :with => :missing_template
-
+  
  include Redmine::Search::Controller
  include Redmine::MenuManager::MenuController
  helper Redmine::MenuManager::MenuHelper
-
-  def session_expiration
-    if session[:user_id]
-      if session_expired? && !try_to_autologin
-        reset_session
-        flash[:error] = l(:error_session_expired)
-        redirect_to signin_url
-      else
-        session[:atime] = Time.now.utc.to_i
-      end
-    end
-  end
-
-  def session_expired?
-    if Setting.session_lifetime?
-      unless session[:ctime] && (Time.now.utc.to_i - session[:ctime].to_i <= Setting.session_lifetime.to_i * 60)
-        return true
-      end
-    end
-    if Setting.session_timeout?
-      unless session[:atime] && (Time.now.utc.to_i - session[:atime].to_i <= Setting.session_timeout.to_i * 60)
-        return true
-      end
-    end
-    false
-  end
-
-  def start_user_session(user)
-    session[:user_id] = user.id
-    session[:ctime] = Time.now.utc.to_i
-    session[:atime] = Time.now.utc.to_i
+  
+  Redmine::Scm::Base.all.each do |scm|
+    require_dependency "repository/#{scm.underscore}"
  end

  def user_setup
@@ -82,48 +55,33 @@ class ApplicationController < ActionController::Base
    Setting.check_cache
    # Find the current user
    User.current = find_current_user
-    logger.info("  Current user: " + (User.current.logged? ? "#{User.current.login} (id=#{User.current.id})" : "anonymous")) if logger
  end
-
+  
  # Returns the current user or nil if no user is logged in
  # and starts a session if needed
  def find_current_user
-    user = nil
-    unless api_request?
-      if session[:user_id] 
-        # existing session
-        user = (User.active.find(session[:user_id]) rescue nil)
-      elsif autologin_user = try_to_autologin
-        user = autologin_user
-      elsif params[:format] == 'atom' && params[:key] && request.get? && accept_rss_auth?
-        # RSS key authentication does not start a session
-        user = User.find_by_rss_key(params[:key])
-      end
-    end
-    if user.nil? && Setting.rest_api_enabled? && accept_api_auth?
-      if (key = api_key_from_request)
+    if session[:user_id]
+      # existing session
+      (User.active.find(session[:user_id]) rescue nil)
+    elsif cookies[:autologin] && Setting.autologin?
+      # auto-login feature starts a new session
+      user = User.try_to_autologin(cookies[:autologin])
+      session[:user_id] = user.id if user
+      user
+    elsif params[:format] == 'atom' && params[:key] && accept_key_auth_actions.include?(params[:action])
+      # RSS key authentication does not start a session
+      User.find_by_rss_key(params[:key])
+    elsif Setting.rest_api_enabled? && api_request?
+      if (key = api_key_from_request) && accept_key_auth_actions.include?(params[:action])
        # Use API key
-        user = User.find_by_api_key(key)
+        User.find_by_api_key(key)
      else
        # HTTP Basic, either username/password or API key/random
        authenticate_with_http_basic do |username, password|
-          user = User.try_to_login(username, password) || User.find_by_api_key(username)
+          User.try_to_login(username, password) || User.find_by_api_key(username)
        end
      end
    end
-    user
-  end
-
-  def try_to_autologin
-    if cookies[:autologin] && Setting.autologin?
-      # auto-login feature starts a new session
-      user = User.try_to_autologin(cookies[:autologin])
-      if user
-        reset_session
-        start_user_session(user)
-      end
-      user
-    end
  end

  # Sets the logged in user
@@ -131,28 +89,19 @@ class ApplicationController < ActionController::Base
    reset_session
    if user && user.is_a?(User)
      User.current = user
-      start_user_session(user)
+      session[:user_id] = user.id
    else
      User.current = User.anonymous
    end
  end
-
-  # Logs out current user
-  def logout_user
-    if User.current.logged?
-      cookies.delete :autologin
-      Token.delete_all(["user_id = ? AND action = ?", User.current.id, 'autologin'])
-      self.logged_user = nil
-    end
-  end
-
+  
  # check if login is globally required to access the application
  def check_if_login_required
    # no check needed if user is already logged in
    return true if User.current.logged?
    require_login if Setting.login_required?
-  end
-
+  end 
+  
  def set_localization
    lang = nil
    if User.current.logged?
@@ -168,7 +117,7 @@ class ApplicationController < ActionController::Base
    lang ||= Setting.default_language
    set_language_if_valid(lang)
  end
-
+  
  def require_login
    if !User.current.logged?
      # Extract only the basic url parameters on non-GET requests
@@ -197,7 +146,7 @@ class ApplicationController < ActionController::Base
    end
    true
  end
-
+  
  def deny_access
    User.current.logged? ? render_403 : require_login
  end
@@ -248,12 +197,14 @@ class ApplicationController < ActionController::Base
  # Finds and sets @project based on @object.project
  def find_project_from_association
    render_404 unless @object.present?
-
+    
    @project = @object.project
+  rescue ActiveRecord::RecordNotFound
+    render_404
  end

  def find_model_object
-    model = self.class.model_object
+    model = self.class.read_inheritable_attribute('model_object')
    if model
      @object = model.find(params[:id])
      self.instance_variable_set('@' + controller_name.singularize, @object) if @object
@@ -263,31 +214,36 @@ class ApplicationController < ActionController::Base
  end

  def self.model_object(model)
-    self.model_object = model
+    write_inheritable_attribute('model_object', model)
  end

  # Filter for bulk issue operations
  def find_issues
    @issues = Issue.find_all_by_id(params[:id] || params[:ids])
    raise ActiveRecord::RecordNotFound if @issues.empty?
-    if @issues.detect {|issue| !issue.visible?}
-      deny_access
-      return
-    end
    @projects = @issues.collect(&:project).compact.uniq
    @project = @projects.first if @projects.size == 1
  rescue ActiveRecord::RecordNotFound
    render_404
  end
-
+  
+  # Check if project is unique before bulk operations
+  def check_project_uniqueness
+    unless @project
+      # TODO: let users bulk edit/move/destroy issues from different projects
+      render_error 'Can not bulk edit/move/destroy issues from different projects'
+      return false
+    end
+  end
+  
  # make sure that the user is a member of the project (or admin) if project is private
  # used as a before_filter for actions that do not require any particular permission on the project
  def check_project_privacy
-    if @project && !@project.archived?
-      if @project.visible?
+    if @project && @project.active?
+      if @project.is_public? || User.current.member_of?(@project) || User.current.admin?
        true
      else
-        deny_access
+        User.current.logged? ? render_403 : require_login
      end
    else
      @project = nil
@@ -297,16 +253,12 @@ class ApplicationController < ActionController::Base
  end

  def back_url
-    url = params[:back_url]
-    if url.nil? && referer = request.env['HTTP_REFERER']
-      url = CGI.unescape(referer.to_s)
-    end
-    url
+    params[:back_url] || request.env['HTTP_REFERER']
  end

  def redirect_back_or_default(default)
-    back_url = params[:back_url].to_s
-    if back_url.present?
+    back_url = CGI.unescape(params[:back_url].to_s)
+    if !back_url.blank?
      begin
        uri = URI.parse(back_url)
        # do not redirect user to another host or to the login or register page
@@ -315,71 +267,39 @@ class ApplicationController < ActionController::Base
          return
        end
      rescue URI::InvalidURIError
-        logger.warn("Could not redirect to invalid URL #{back_url}")
        # redirect to default
      end
    end
    redirect_to default
-    false
  end
-
-  # Redirects to the request referer if present, redirects to args or call block otherwise.
-  def redirect_to_referer_or(*args, &block)
-    redirect_to :back
-  rescue ::ActionController::RedirectBackError
-    if args.any?
-      redirect_to *args
-    elsif block_given?
-      block.call
-    else
-      raise "#redirect_to_referer_or takes arguments or a block"
-    end
-  end
-
+  
  def render_403(options={})
    @project = nil
    render_error({:message => :notice_not_authorized, :status => 403}.merge(options))
    return false
  end
-
+    
  def render_404(options={})
    render_error({:message => :notice_file_not_found, :status => 404}.merge(options))
    return false
  end
-
+  
  # Renders an error response
  def render_error(arg)
    arg = {:message => arg} unless arg.is_a?(Hash)
-
+    
    @message = arg[:message]
    @message = l(@message) if @message.is_a?(Symbol)
    @status = arg[:status] || 500
-
+    
    respond_to do |format|
      format.html {
        render :template => 'common/error', :layout => use_layout, :status => @status
      }
-      format.any { head @status }
-    end
-  end
-
-  # Handler for ActionView::MissingTemplate exception
-  def missing_template
-    logger.warn "Missing template, responding with 404"
-    @project = nil
-    render_404
-  end
-
-  # Filter for actions that provide an API response
-  # but have no HTML representation for non admin users
-  def require_admin_or_api_request
-    return true if api_request?
-    if User.current.admin?
-      true
-    elsif User.current.logged?
-      render_error(:status => 406)
-    else
-      deny_access
+      format.atom { head @status }
+      format.xml { head @status }
+      format.js { head @status }
+      format.json { head @status }
    end
  end

@@ -389,47 +309,31 @@ class ApplicationController < ActionController::Base
  def use_layout
    request.xhr? ? false : 'base'
  end
-
+  
  def invalid_authenticity_token
    if api_request?
      logger.error "Form authenticity token is missing or is invalid. API calls must include a proper Content-type header (text/xml or text/json)."
    end
    render_error "Invalid form authenticity token."
  end
-
-  def render_feed(items, options={})
+  
+  def render_feed(items, options={})    
    @items = items || []
    @items.sort! {|x,y| y.event_datetime <=> x.event_datetime }
    @items = @items.slice(0, Setting.feeds_limit.to_i)
    @title = options[:title] || Setting.app_title
-    render :template => "common/feed.atom", :layout => false,
-           :content_type => 'application/atom+xml'
+    render :template => "common/feed.atom.rxml", :layout => false, :content_type => 'application/atom+xml'
  end
-
-  def self.accept_rss_auth(*actions)
-    if actions.any?
-      self.accept_rss_auth_actions = actions
-    else
-      self.accept_rss_auth_actions || []
-    end
+  
+  def self.accept_key_auth(*actions)
+    actions = actions.flatten.map(&:to_s)
+    write_inheritable_attribute('accept_key_auth_actions', actions)
  end
-
-  def accept_rss_auth?(action=action_name)
-    self.class.accept_rss_auth.include?(action.to_sym)
+  
+  def accept_key_auth_actions
+    self.class.read_inheritable_attribute('accept_key_auth_actions') || []
  end
-
-  def self.accept_api_auth(*actions)
-    if actions.any?
-      self.accept_api_auth_actions = actions
-    else
-      self.accept_api_auth_actions || []
-    end
-  end
-
-  def accept_api_auth?(action=action_name)
-    self.class.accept_api_auth.include?(action.to_sym)
-  end
-
+  
  # Returns the number of objects that should be displayed
  # on the paginated list
  def per_page_option
@@ -465,10 +369,10 @@ class ApplicationController < ActionController::Base
      offset = 0 if offset < 0
    end
    offset ||= 0
-
+    
    [offset, limit]
  end
-
+  
  # qvalues http header parser
  # code taken from webrick
  def parse_qvalues(value)
@@ -489,22 +393,22 @@ class ApplicationController < ActionController::Base
  rescue
    nil
  end
-
+  
  # Returns a string that can be used as filename value in Content-Disposition header
  def filename_for_content_disposition(name)
    request.env['HTTP_USER_AGENT'] =~ %r{MSIE} ? ERB::Util.url_encode(name) : name
  end
-
+  
  def api_request?
    %w(xml json).include? params[:format]
  end
-
+  
  # Returns the API key present in the request
  def api_key_from_request
    if params[:key].present?
-      params[:key].to_s
+      params[:key]
    elsif request.headers["X-Redmine-API-Key"].present?
-      request.headers["X-Redmine-API-Key"].to_s
+      request.headers["X-Redmine-API-Key"]
    end
  end

@@ -536,25 +440,43 @@ class ApplicationController < ActionController::Base
    render_error "An error occurred while executing the query and has been logged. Please report this error to your Redmine administrator."
  end

-  # Renders a 200 response for successfull updates or deletions via the API
-  def render_api_ok
-    # head :ok would return a response body with one space
-    render :text => '', :status => :ok, :layout => nil
+  # Converts the errors on an ActiveRecord object into a common JSON format
+  def object_errors_to_json(object)
+    object.errors.collect do |attribute, error|
+      { attribute => error }
+    end.to_json
  end

  # Renders API response on validation failure
-  def render_validation_errors(objects)
-    if objects.is_a?(Array)
-      @error_messages = objects.map {|object| object.errors.full_messages}.flatten
-    else
-      @error_messages = objects.errors.full_messages
-    end
-    render :template => 'common/error_messages.api', :status => :unprocessable_entity, :layout => nil
+  def render_validation_errors(object)
+    options = { :status => :unprocessable_entity, :layout => false }
+    options.merge!(case params[:format]
+      when 'xml';  { :xml =>  object.errors }
+      when 'json'; { :json => {'errors' => object.errors} } # ActiveResource client compliance
+      else
+        raise "Unknown format #{params[:format]} in #render_validation_errors"
+      end
+    )
+    render options
  end
-
-  # Overrides #_include_layout? so that #render with no arguments
+  
+  # Overrides #default_template so that the api template
+  # is used automatically if it exists
+  def default_template(action_name = self.action_name)
+    if api_request?
+      begin
+        return self.view_paths.find_template(default_template_name(action_name), 'api')
+      rescue ::ActionView::MissingTemplate
+        # the api template was not found
+        # fallback to the default behaviour
+      end
+    end
+    super
+  end
+  
+  # Overrides #pick_layout so that #render with no arguments
  # doesn't use the layout for api requests
-  def _include_layout?(*args)
-    api_request? ? false : super
+  def pick_layout(*args)
+    api_request? ? nil : super
  end
 end
--- a/app/controllers/attachments_controller.rb
+++ b/app/controllers/attachments_controller.rb
@@ -1,111 +1,59 @@
 # Redmine - project management software
-# Copyright (C) 2006-2012  Jean-Philippe Lang
+# Copyright (C) 2006-2008  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 class AttachmentsController < ApplicationController
-  before_filter :find_project, :except => :upload
-  before_filter :file_readable, :read_authorize, :only => [:show, :download, :thumbnail]
+  before_filter :find_project
+  before_filter :file_readable, :read_authorize, :except => :destroy
  before_filter :delete_authorize, :only => :destroy
-  before_filter :authorize_global, :only => :upload
-
-  accept_api_auth :show, :download, :upload
-
+  
+  verify :method => :post, :only => :destroy
+  
  def show
-    respond_to do |format|
-      format.html {
-        if @attachment.is_diff?
-          @diff = File.new(@attachment.diskfile, "rb").read
-          @diff_type = params[:type] || User.current.pref[:diff_type] || 'inline'
-          @diff_type = 'inline' unless %w(inline sbs).include?(@diff_type)
-          # Save diff type as user preference
-          if User.current.logged? && @diff_type != User.current.pref[:diff_type]
-            User.current.pref[:diff_type] = @diff_type
-            User.current.preference.save
-          end
-          render :action => 'diff'
-        elsif @attachment.is_text? && @attachment.filesize <= Setting.file_max_size_displayed.to_i.kilobyte
-          @content = File.new(@attachment.diskfile, "rb").read
-          render :action => 'file'
-        else
-          download
-        end
-      }
-      format.api
+    if @attachment.is_diff?
+      @diff = File.new(@attachment.diskfile, "rb").read
+      render :action => 'diff'
+    elsif @attachment.is_text? && @attachment.filesize <= Setting.file_max_size_displayed.to_i.kilobyte
+      @content = File.new(@attachment.diskfile, "rb").read
+      render :action => 'file'
+    else
+      download
    end
  end
-
+  
  def download
    if @attachment.container.is_a?(Version) || @attachment.container.is_a?(Project)
      @attachment.increment_download
    end
-
-    if stale?(:etag => @attachment.digest)
-      # images are sent inline
-      send_file @attachment.diskfile, :filename => filename_for_content_disposition(@attachment.filename),
-                                      :type => detect_content_type(@attachment),
-                                      :disposition => (@attachment.image? ? 'inline' : 'attachment')
-    end
+    
+    # images are sent inline
+    send_file @attachment.diskfile, :filename => filename_for_content_disposition(@attachment.filename),
+                                    :type => detect_content_type(@attachment), 
+                                    :disposition => (@attachment.image? ? 'inline' : 'attachment')
+   
  end
-
-  def thumbnail
-    if @attachment.thumbnailable? && thumbnail = @attachment.thumbnail(:size => params[:size])
-      if stale?(:etag => thumbnail)
-        send_file thumbnail,
-          :filename => filename_for_content_disposition(@attachment.filename),
-          :type => detect_content_type(@attachment),
-          :disposition => 'inline'
-      end
-    else
-      # No thumbnail for the attachment or thumbnail could not be created
-      render :nothing => true, :status => 404
-    end
-  end
-
-  def upload
-    # Make sure that API users get used to set this content type
-    # as it won't trigger Rails' automatic parsing of the request body for parameters
-    unless request.content_type == 'application/octet-stream'
-      render :nothing => true, :status => 406
-      return
-    end
-
-    @attachment = Attachment.new(:file => request.raw_post)
-    @attachment.author = User.current
-    @attachment.filename = Redmine::Utils.random_hex(16)
-
-    if @attachment.save
-      respond_to do |format|
-        format.api { render :action => 'upload', :status => :created }
-      end
-    else
-      respond_to do |format|
-        format.api { render_validation_errors(@attachment) }
-      end
-    end
-  end
-
+  
  def destroy
-    if @attachment.container.respond_to?(:init_journal)
-      @attachment.container.init_journal(User.current)
-    end
    # Make sure association callbacks are called
    @attachment.container.attachments.delete(@attachment)
-    redirect_to_referer_or project_path(@project)
+    redirect_to :back
+  rescue ::ActionController::RedirectBackError
+    redirect_to :controller => 'projects', :action => 'show', :id => @project
  end
-
+  
 private
  def find_project
    @attachment = Attachment.find(params[:id])
@@ -115,20 +63,20 @@ private
  rescue ActiveRecord::RecordNotFound
    render_404
  end
-
+  
  # Checks that the file exists and is readable
  def file_readable
    @attachment.readable? ? true : render_404
  end
-
+  
  def read_authorize
    @attachment.visible? ? true : deny_access
  end
-
+  
  def delete_authorize
    @attachment.deletable? ? true : deny_access
  end
-
+  
  def detect_content_type(attachment)
    content_type = attachment.content_type
    if content_type.blank?
--- a/app/controllers/auth_sources_controller.rb
+++ b/app/controllers/auth_sources_controller.rb
@@ -1,47 +1,52 @@
-# Redmine - project management software
-# Copyright (C) 2006-2012  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 class AuthSourcesController < ApplicationController
  layout 'admin'
-  menu_item :ldap_authentication
-
+  
  before_filter :require_admin

+  # GETs should be safe (see http://www.w3.org/2001/tag/doc/whenToUseGet.html)
+  verify :method => :post, :only => [ :destroy, :create, :update ],
+         :redirect_to => { :template => :index }
+
  def index
-    @auth_source_pages, @auth_sources = paginate AuthSource, :per_page => 10
+    @auth_source_pages, @auth_sources = paginate auth_source_class.name.tableize, :per_page => 10
+    render "auth_sources/index"
  end

  def new
-    klass_name = params[:type] || 'AuthSourceLdap'
-    @auth_source = AuthSource.new_subclass_instance(klass_name, params[:auth_source])
+    @auth_source = auth_source_class.new
+    render 'auth_sources/new'
  end

  def create
-    @auth_source = AuthSource.new_subclass_instance(params[:type], params[:auth_source])
+    @auth_source = auth_source_class.new(params[:auth_source])
    if @auth_source.save
      flash[:notice] = l(:notice_successful_create)
      redirect_to :action => 'index'
    else
-      render :action => 'new'
+      render 'auth_sources/new'
    end
  end

  def edit
    @auth_source = AuthSource.find(params[:id])
+    render 'auth_sources/edit'
  end

  def update
@@ -50,17 +55,17 @@ class AuthSourcesController < ApplicationController
      flash[:notice] = l(:notice_successful_update)
      redirect_to :action => 'index'
    else
-      render :action => 'edit'
+      render 'auth_sources/edit'
    end
  end
-
+  
  def test_connection
-    @auth_source = AuthSource.find(params[:id])
+    @auth_method = AuthSource.find(params[:id])
    begin
-      @auth_source.test_connection
+      @auth_method.test_connection
      flash[:notice] = l(:notice_successful_connection)
-    rescue Exception => e
-      flash[:error] = l(:error_unable_to_connect, e.message)
+    rescue => text
+      flash[:error] = l(:error_unable_to_connect, text.message)
    end
    redirect_to :action => 'index'
  end
@@ -73,4 +78,10 @@ class AuthSourcesController < ApplicationController
    end
    redirect_to :action => 'index'
  end
+
+  protected
+
+  def auth_source_class
+    AuthSource
+  end
 end
--- a/app/controllers/auto_completes_controller.rb
+++ b/app/controllers/auto_completes_controller.rb
@@ -1,44 +1,27 @@
-# Redmine - project management software
-# Copyright (C) 2006-2012  Jean-Philippe Lang
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
-# of the License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
-
 class AutoCompletesController < ApplicationController
  before_filter :find_project
-
+  
  def issues
    @issues = []
-    q = (params[:q] || params[:term]).to_s.strip
-    if q.present?
-      scope = (params[:scope] == "all" || @project.nil? ? Issue : @project.issues).visible
-      if q.match(/^\d+$/)
-        @issues << scope.find_by_id(q.to_i)
-      end
-      @issues += scope.where("LOWER(#{Issue.table_name}.subject) LIKE ?", "%#{q.downcase}%").order("#{Issue.table_name}.id DESC").limit(10).all
-      @issues.compact!
+    q = params[:q].to_s
+    query = (params[:scope] == "all" && Setting.cross_project_issue_relations?) ? Issue : @project.issues
+    if q.match(/^\d+$/)
+      @issues << query.visible.find_by_id(q.to_i)
    end
+    unless q.blank?
+      @issues += query.visible.find(:all, :conditions => ["LOWER(#{Issue.table_name}.subject) LIKE ?", "%#{q.downcase}%"], :limit => 10)
+    end
+    @issues.compact!
    render :layout => false
  end

  private

  def find_project
-    if params[:project_id].present?
-      @project = Project.find(params[:project_id])
-    end
+    project_id = (params[:issue] && params[:issue][:project_id]) || params[:project_id]
+    @project = Project.find(project_id)
  rescue ActiveRecord::RecordNotFound
    render_404
  end
+
 end
--- a/app/controllers/boards_controller.rb
+++ b/app/controllers/boards_controller.rb
@@ -1,31 +1,34 @@
-# Redmine - project management software
-# Copyright (C) 2006-2012  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006-2007  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 class BoardsController < ApplicationController
  default_search_scope :messages
-  before_filter :find_project_by_project_id, :find_board_if_available, :authorize
-  accept_rss_auth :index, :show
+  before_filter :find_project, :find_board_if_available, :authorize
+  accept_key_auth :index, :show

+  helper :messages
+  include MessagesHelper
  helper :sort
  include SortHelper
  helper :watchers
-
+  include WatchersHelper
+ 
  def index
-    @boards = @project.boards.includes(:last_message => :author).all
+    @boards = @project.boards
    # show the board if there is only one
    if @boards.size == 1
      @board = @boards.first
@@ -40,14 +43,14 @@ class BoardsController < ApplicationController
        sort_update	'created_on' => "#{Message.table_name}.created_on",
                    'replies' => "#{Message.table_name}.replies_count",
                    'updated_on' => "#{Message.table_name}.updated_on"
-
+          
        @topic_count = @board.topics.count
        @topic_pages = Paginator.new self, @topic_count, per_page_option, params['page']
-        @topics =  @board.topics.reorder("#{Message.table_name}.sticky DESC").order(sort_clause).all(
+        @topics =  @board.topics.find :all, :order => ["#{Message.table_name}.sticky DESC", sort_clause].compact.join(', '),
                                      :include => [:author, {:last_reply => :author}],
                                      :limit  =>  @topic_pages.items_per_page,
-                                      :offset =>  @topic_pages.current.offset)
-        @message = Message.new(:board => @board)
+                                      :offset =>  @topic_pages.current.offset
+        @message = Message.new
        render :action => 'show', :layout => !request.xhr?
      }
      format.atom {
@@ -58,32 +61,21 @@ class BoardsController < ApplicationController
      }
    end
  end
+  
+  verify :method => :post, :only => [ :destroy ], :redirect_to => { :action => :index }

  def new
-    @board = @project.boards.build
-    @board.safe_attributes = params[:board]
-  end
-
-  def create
-    @board = @project.boards.build
-    @board.safe_attributes = params[:board]
-    if @board.save
+    @board = Board.new(params[:board])
+    @board.project = @project
+    if request.post? && @board.save
      flash[:notice] = l(:notice_successful_create)
      redirect_to_settings_in_projects
-    else
-      render :action => 'new'
    end
  end

  def edit
-  end
-
-  def update
-    @board.safe_attributes = params[:board]
-    if @board.save
+    if request.post? && @board.update_attributes(params[:board])
      redirect_to_settings_in_projects
-    else
-      render :action => 'edit'
    end
  end

@@ -91,12 +83,18 @@ class BoardsController < ApplicationController
    @board.destroy
    redirect_to_settings_in_projects
  end
-
+  
 private
  def redirect_to_settings_in_projects
    redirect_to :controller => 'projects', :action => 'settings', :id => @project, :tab => 'boards'
  end

+  def find_project
+    @project = Project.find(params[:project_id])
+  rescue ActiveRecord::RecordNotFound
+    render_404
+  end
+
  def find_board_if_available
    @board = @project.boards.find(params[:id]) if params[:id]
  rescue ActiveRecord::RecordNotFound
--- a/app/controllers/calendars_controller.rb
+++ b/app/controllers/calendars_controller.rb
@@ -1,20 +1,3 @@
-# Redmine - project management software
-# Copyright (C) 2006-2012  Jean-Philippe Lang
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
-# of the License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
-
 class CalendarsController < ApplicationController
  menu_item :calendar
  before_filter :find_optional_project
@@ -33,11 +16,11 @@ class CalendarsController < ApplicationController
      @year = params[:year].to_i
      if params[:month] and params[:month].to_i > 0 and params[:month].to_i < 13
        @month = params[:month].to_i
-      end
+      end    
    end
    @year ||= Date.today.year
    @month ||= Date.today.month
-
+    
    @calendar = Redmine::Helpers::Calendar.new(Date.civil(@year, @month, 1), current_language, :month)
    retrieve_query
    @query.group_by = nil
@@ -47,10 +30,15 @@ class CalendarsController < ApplicationController
                              :conditions => ["((start_date BETWEEN ? AND ?) OR (due_date BETWEEN ? AND ?))", @calendar.startdt, @calendar.enddt, @calendar.startdt, @calendar.enddt]
                              )
      events += @query.versions(:conditions => ["effective_date BETWEEN ? AND ?", @calendar.startdt, @calendar.enddt])
-
+                                     
      @calendar.events = events
    end
-
+    
    render :action => 'show', :layout => false if request.xhr?
  end
+  
+  def update
+    show
+  end
+
 end
--- a/app/controllers/comments_controller.rb
+++ b/app/controllers/comments_controller.rb
@@ -1,20 +1,3 @@
-# Redmine - project management software
-# Copyright (C) 2006-2012  Jean-Philippe Lang
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
-# of the License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
-
 class CommentsController < ApplicationController
  default_search_scope :news
  model_object News
@@ -22,19 +5,18 @@ class CommentsController < ApplicationController
  before_filter :find_project_from_association
  before_filter :authorize

+  verify :method => :post, :only => :create, :render => {:nothing => true, :status => :method_not_allowed }
  def create
-    raise Unauthorized unless @news.commentable?
-
-    @comment = Comment.new
-    @comment.safe_attributes = params[:comment]
+    @comment = Comment.new(params[:comment])
    @comment.author = User.current
    if @news.comments << @comment
      flash[:notice] = l(:label_comment_added)
    end
-
+    
    redirect_to :controller => 'news', :action => 'show', :id => @news
  end

+  verify :method => :delete, :only => :destroy, :render => {:nothing => true, :status => :method_not_allowed }
  def destroy
    @news.comments.find(params[:comment_id]).destroy
    redirect_to :controller => 'news', :action => 'show', :id => @news
@@ -50,4 +32,5 @@ class CommentsController < ApplicationController
    @comment = nil
    @news
  end
+  
 end
--- a/app/controllers/context_menus_controller.rb
+++ b/app/controllers/context_menus_controller.rb
@@ -1,32 +1,19 @@
-# Redmine - project management software
-# Copyright (C) 2006-2012  Jean-Philippe Lang
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
-# of the License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
-
 class ContextMenusController < ApplicationController
  helper :watchers
-  helper :issues
-
+  
  def issues
    @issues = Issue.visible.all(:conditions => {:id => params[:ids]}, :include => :project)
+    
    if (@issues.size == 1)
      @issue = @issues.first
+      @allowed_statuses = @issue.new_statuses_allowed_to(User.current)
+    else
+      @allowed_statuses = @issues.map do |i|
+        i.new_statuses_allowed_to(User.current)
+      end.inject do |memo,s|
+        memo & s
+      end
    end
-    @issue_ids = @issues.map(&:id).sort
-
-    @allowed_statuses = @issues.map(&:new_statuses_allowed_to).reduce(:&)
    @projects = @issues.collect(&:project).compact.uniq
    @project = @projects.first if @projects.size == 1

@@ -38,49 +25,20 @@ class ContextMenusController < ApplicationController
            :delete => User.current.allowed_to?(:delete_issues, @projects)
            }
    if @project
-      if @issue
-        @assignables = @issue.assignable_users
-      else
-        @assignables = @project.assignable_users
-      end
+      @assignables = @project.assignable_users
+      @assignables << @issue.assigned_to if @issue && @issue.assigned_to && !@assignables.include?(@issue.assigned_to)
      @trackers = @project.trackers
    else
      #when multiple projects, we only keep the intersection of each set
-      @assignables = @projects.map(&:assignable_users).reduce(:&)
-      @trackers = @projects.map(&:trackers).reduce(:&)
+      @assignables = @projects.map(&:assignable_users).inject{|memo,a| memo & a}
+      @trackers = @projects.map(&:trackers).inject{|memo,t| memo & t}
    end
-    @versions = @projects.map {|p| p.shared_versions.open}.reduce(:&)
-
-    @priorities = IssuePriority.active.reverse
-    @back = back_url
-
-    @options_by_custom_field = {}
-    if @can[:edit]
-      custom_fields = @issues.map(&:available_custom_fields).reduce(:&).select do |f|
-        %w(bool list user version).include?(f.field_format) && !f.multiple?
-      end
-      custom_fields.each do |field|
-        values = field.possible_values_options(@projects)
-        if values.any?
-          @options_by_custom_field[field] = values
-        end
-      end
-    end
-
-    @safe_attributes = @issues.map(&:safe_attribute_names).reduce(:&)
-    render :layout => false
-  end
-
-  def time_entries
-    @time_entries = TimeEntry.all(
-       :conditions => {:id => params[:ids]}, :include => :project)
-    @projects = @time_entries.collect(&:project).compact.uniq
-    @project = @projects.first if @projects.size == 1
-    @activities = TimeEntryActivity.shared.active
-    @can = {:edit   => User.current.allowed_to?(:edit_time_entries, @projects),
-            :delete => User.current.allowed_to?(:edit_time_entries, @projects)
-            }
+    
+    @priorities = IssuePriority.all.reverse
+    @statuses = IssueStatus.find(:all, :order => 'position')
    @back = back_url
+    
    render :layout => false
  end
+  
 end
--- a/app/controllers/custom_fields_controller.rb
+++ b/app/controllers/custom_fields_controller.rb
@@ -1,78 +1,62 @@
 # Redmine - project management software
-# Copyright (C) 2006-2012  Jean-Philippe Lang
+# Copyright (C) 2006-2009  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 class CustomFieldsController < ApplicationController
  layout 'admin'
-
+  
  before_filter :require_admin
-  before_filter :build_new_custom_field, :only => [:new, :create]
-  before_filter :find_custom_field, :only => [:edit, :update, :destroy]

  def index
    @custom_fields_by_type = CustomField.find(:all).group_by {|f| f.class.name }
    @tab = params[:tab] || 'IssueCustomField'
  end
-
+  
  def new
-  end
-
-  def create
+    @custom_field = begin
+      if params[:type].to_s.match(/.+CustomField$/)
+        params[:type].to_s.constantize.new(params[:custom_field])
+      end
+    rescue
+    end
+    (redirect_to(:action => 'index'); return) unless @custom_field.is_a?(CustomField)
+    
    if request.post? and @custom_field.save
      flash[:notice] = l(:notice_successful_create)
      call_hook(:controller_custom_fields_new_after_save, :params => params, :custom_field => @custom_field)
      redirect_to :action => 'index', :tab => @custom_field.class.name
-    else
-      render :action => 'new'
    end
+    @trackers = Tracker.find(:all, :order => 'position')
  end

  def edit
-  end
-
-  def update
-    if request.put? and @custom_field.update_attributes(params[:custom_field])
+    @custom_field = CustomField.find(params[:id])
+    if request.post? and @custom_field.update_attributes(params[:custom_field])
      flash[:notice] = l(:notice_successful_update)
      call_hook(:controller_custom_fields_edit_after_save, :params => params, :custom_field => @custom_field)
      redirect_to :action => 'index', :tab => @custom_field.class.name
-    else
-      render :action => 'edit'
    end
+    @trackers = Tracker.find(:all, :order => 'position')
  end
-
+  
  def destroy
-    @custom_field.destroy
+    @custom_field = CustomField.find(params[:id]).destroy
    redirect_to :action => 'index', :tab => @custom_field.class.name
  rescue
    flash[:error] = l(:error_can_not_delete_custom_field)
    redirect_to :action => 'index'
  end
-
-  private
-
-  def build_new_custom_field
-    @custom_field = CustomField.new_subclass_instance(params[:type], params[:custom_field])
-    if @custom_field.nil?
-      render_404
-    end
-  end
-
-  def find_custom_field
-    @custom_field = CustomField.find(params[:id])
-  rescue ActiveRecord::RecordNotFound
-    render_404
-  end
 end
--- a/app/controllers/documents_controller.rb
+++ b/app/controllers/documents_controller.rb
@@ -1,16 +1,16 @@
-# Redmine - project management software
-# Copyright (C) 2006-2012  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006-2007  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
@@ -18,13 +18,13 @@
 class DocumentsController < ApplicationController
  default_search_scope :documents
  model_object Document
-  before_filter :find_project_by_project_id, :only => [:index, :new, :create]
-  before_filter :find_model_object, :except => [:index, :new, :create]
-  before_filter :find_project_from_association, :except => [:index, :new, :create]
+  before_filter :find_project, :only => [:index, :new]
+  before_filter :find_model_object, :except => [:index, :new]
+  before_filter :find_project_from_association, :except => [:index, :new]
  before_filter :authorize
-
+  
  helper :attachments
-
+  
  def index
    @sort_by = %w(category date title author).include?(params[:sort_by]) ? params[:sort_by] : 'category'
    documents = @project.documents.find :all, :include => [:attachments, :category]
@@ -41,54 +41,46 @@ class DocumentsController < ApplicationController
    @document = @project.documents.build
    render :layout => false if request.xhr?
  end
-
+  
  def show
    @attachments = @document.attachments.find(:all, :order => "created_on DESC")
  end

  def new
-    @document = @project.documents.build
-    @document.safe_attributes = params[:document]
-  end
-
-  def create
-    @document = @project.documents.build
-    @document.safe_attributes = params[:document]
-    @document.save_attachments(params[:attachments])
-    if @document.save
+    @document = @project.documents.build(params[:document])    
+    if request.post? and @document.save	
+      attachments = Attachment.attach_files(@document, params[:attachments])
      render_attachment_warning_if_needed(@document)
      flash[:notice] = l(:notice_successful_create)
      redirect_to :action => 'index', :project_id => @project
-    else
-      render :action => 'new'
    end
  end
-
+  
  def edit
-  end
-
-  def update
-    @document.safe_attributes = params[:document]
-    if request.put? and @document.save
+    @categories = DocumentCategory.all
+    if request.post? and @document.update_attributes(params[:document])
      flash[:notice] = l(:notice_successful_update)
      redirect_to :action => 'show', :id => @document
-    else
-      render :action => 'edit'
    end
-  end
+  end  

  def destroy
-    @document.destroy if request.delete?
+    @document.destroy
    redirect_to :controller => 'documents', :action => 'index', :project_id => @project
  end
-
+  
  def add_attachment
    attachments = Attachment.attach_files(@document, params[:attachments])
    render_attachment_warning_if_needed(@document)

-    if attachments.present? && attachments[:files].present? && Setting.notified_events.include?('document_added')
-      Mailer.attachments_added(attachments[:files]).deliver
-    end
+    Mailer.deliver_attachments_added(attachments[:files]) if attachments.present? && attachments[:files].present? && Setting.notified_events.include?('document_added')
    redirect_to :action => 'show', :id => @document
  end
+
+private
+  def find_project
+    @project = Project.find(params[:project_id])
+  rescue ActiveRecord::RecordNotFound
+    render_404
+  end
 end
--- a/app/controllers/enumerations_controller.rb
+++ b/app/controllers/enumerations_controller.rb
@@ -1,85 +1,89 @@
-# Redmine - project management software
-# Copyright (C) 2006-2012  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 class EnumerationsController < ApplicationController
  layout 'admin'
-
+  
  before_filter :require_admin
-  before_filter :build_new_enumeration, :only => [:new, :create]
-  before_filter :find_enumeration, :only => [:edit, :update, :destroy]

  helper :custom_fields
-
+  include CustomFieldsHelper
+  
  def index
+    list
+    render :action => 'list'
+  end
+
+  # GETs should be safe (see http://www.w3.org/2001/tag/doc/whenToUseGet.html)
+  verify :method => :post, :only => [ :destroy, :create, :update ],
+         :redirect_to => { :action => :list }
+
+  def list
  end

  def new
+    begin
+      @enumeration = params[:type].constantize.new
+    rescue NameError
+      @enumeration = Enumeration.new      
+    end
  end

  def create
-    if request.post? && @enumeration.save
+    @enumeration = Enumeration.new(params[:enumeration])
+    @enumeration.type = params[:enumeration][:type]
+    if @enumeration.save
      flash[:notice] = l(:notice_successful_create)
-      redirect_to :action => 'index', :type => @enumeration.type
+      redirect_to :action => 'list', :type => @enumeration.type
    else
      render :action => 'new'
    end
  end

  def edit
+    @enumeration = Enumeration.find(params[:id])
  end

  def update
-    if request.put? && @enumeration.update_attributes(params[:enumeration])
+    @enumeration = Enumeration.find(params[:id])
+    @enumeration.type = params[:enumeration][:type] if params[:enumeration][:type]
+    if @enumeration.update_attributes(params[:enumeration])
      flash[:notice] = l(:notice_successful_update)
-      redirect_to :action => 'index', :type => @enumeration.type
+      redirect_to :action => 'list', :type => @enumeration.type
    else
      render :action => 'edit'
    end
  end
-
+  
  def destroy
+    @enumeration = Enumeration.find(params[:id])
    if !@enumeration.in_use?
      # No associated objects
      @enumeration.destroy
      redirect_to :action => 'index'
-      return
    elsif params[:reassign_to_id]
      if reassign_to = @enumeration.class.find_by_id(params[:reassign_to_id])
        @enumeration.destroy(reassign_to)
        redirect_to :action => 'index'
-        return
      end
    end
-    @enumerations = @enumeration.class.all - [@enumeration]
-  end
-
-  private
-
-  def build_new_enumeration
-    class_name = params[:enumeration] && params[:enumeration][:type] || params[:type]
-    @enumeration = Enumeration.new_subclass_instance(class_name, params[:enumeration])
-    if @enumeration.nil?
-      render_404
-    end
-  end
-
-  def find_enumeration
-    @enumeration = Enumeration.find(params[:id])
-  rescue ActiveRecord::RecordNotFound
-    render_404
+    @enumerations = @enumeration.class.find(:all) - [@enumeration]
+  #rescue
+  #  flash[:error] = 'Unable to delete enumeration'
+  #  redirect_to :action => 'index'
  end
 end
--- a/app/controllers/files_controller.rb
+++ b/app/controllers/files_controller.rb
@@ -1,20 +1,3 @@
-# Redmine - project management software
-# Copyright (C) 2006-2012  Jean-Philippe Lang
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
-# of the License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
-
 class FilesController < ApplicationController
  menu_item :files

@@ -30,7 +13,7 @@ class FilesController < ApplicationController
                'created_on' => "#{Attachment.table_name}.created_on",
                'size' => "#{Attachment.table_name}.filesize",
                'downloads' => "#{Attachment.table_name}.downloads"
-
+                
    @containers = [ Project.find(@project.id, :include => :attachments, :order => sort_clause)]
    @containers += @project.versions.find(:all, :include => :attachments, :order => sort_clause).sort.reverse
    render :layout => !request.xhr?
@@ -46,7 +29,7 @@ class FilesController < ApplicationController
    render_attachment_warning_if_needed(container)

    if !attachments.empty? && !attachments[:files].blank? && Setting.notified_events.include?('file_added')
-      Mailer.attachments_added(attachments[:files]).deliver
+      Mailer.deliver_attachments_added(attachments[:files])
    end
    redirect_to project_files_path(@project)
  end
--- a/app/controllers/gantts_controller.rb
+++ b/app/controllers/gantts_controller.rb
@@ -1,20 +1,3 @@
-# Redmine - project management software
-# Copyright (C) 2006-2012  Jean-Philippe Lang
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
-# of the License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
-
 class GanttsController < ApplicationController
  menu_item :gantt
  before_filter :find_optional_project
@@ -29,20 +12,25 @@ class GanttsController < ApplicationController
  helper :sort
  include SortHelper
  include Redmine::Export::PDF
-
+  
  def show
    @gantt = Redmine::Helpers::Gantt.new(params)
    @gantt.project = @project
    retrieve_query
    @query.group_by = nil
    @gantt.query = @query if @query.valid?
-
+    
    basename = (@project ? "#{@project.identifier}-" : '') + 'gantt'
-
+    
    respond_to do |format|
      format.html { render :action => "show", :layout => !request.xhr? }
      format.png  { send_data(@gantt.to_image, :disposition => 'inline', :type => 'image/png', :filename => "#{basename}.png") } if @gantt.respond_to?('to_image')
      format.pdf  { send_data(@gantt.to_pdf, :type => 'application/pdf', :filename => "#{basename}.pdf") }
    end
  end
+
+  def update
+    show
+  end
+
 end
--- a/app/controllers/groups_controller.rb
+++ b/app/controllers/groups_controller.rb
@@ -1,140 +1,170 @@
 # Redmine - project management software
-# Copyright (C) 2006-2012  Jean-Philippe Lang
+# Copyright (C) 2006-2009  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 class GroupsController < ApplicationController
  layout 'admin'
-
+  
  before_filter :require_admin
-  before_filter :find_group, :except => [:index, :new, :create]
-  accept_api_auth :index, :show, :create, :update, :destroy, :add_users, :remove_user
-
+  
  helper :custom_fields
-
+  
+  # GET /groups
+  # GET /groups.xml
  def index
-    @groups = Group.sorted.all
+    @groups = Group.find(:all, :order => 'lastname')

    respond_to do |format|
-      format.html
-      format.api
+      format.html # index.html.erb
+      format.xml  { render :xml => @groups }
    end
  end

+  # GET /groups/1
+  # GET /groups/1.xml
  def show
+    @group = Group.find(params[:id])
+
    respond_to do |format|
-      format.html
-      format.api
+      format.html # show.html.erb
+      format.xml  { render :xml => @group }
    end
  end

+  # GET /groups/new
+  # GET /groups/new.xml
  def new
    @group = Group.new
+    
+    respond_to do |format|
+      format.html # new.html.erb
+      format.xml  { render :xml => @group }
+    end
  end

+  # GET /groups/1/edit
+  def edit
+    @group = Group.find(params[:id], :include => :projects)
+  end
+
+  # POST /groups
+  # POST /groups.xml
  def create
-    @group = Group.new
-    @group.safe_attributes = params[:group]
+    @group = Group.new(params[:group])

    respond_to do |format|
      if @group.save
-        format.html {
-          flash[:notice] = l(:notice_successful_create)
-          redirect_to(params[:continue] ? new_group_path : groups_path)
-        }
-        format.api  { render :action => 'show', :status => :created, :location => group_url(@group) }
+        flash[:notice] = l(:notice_successful_create)
+        format.html { redirect_to(groups_path) }
+        format.xml  { render :xml => @group, :status => :created, :location => @group }
      else
        format.html { render :action => "new" }
-        format.api  { render_validation_errors(@group) }
+        format.xml  { render :xml => @group.errors, :status => :unprocessable_entity }
      end
    end
  end

-  def edit
-  end
-
+  # PUT /groups/1
+  # PUT /groups/1.xml
  def update
-    @group.safe_attributes = params[:group]
+    @group = Group.find(params[:id])

    respond_to do |format|
-      if @group.save
+      if @group.update_attributes(params[:group])
        flash[:notice] = l(:notice_successful_update)
        format.html { redirect_to(groups_path) }
-        format.api  { render_api_ok }
+        format.xml  { head :ok }
      else
        format.html { render :action => "edit" }
-        format.api  { render_validation_errors(@group) }
+        format.xml  { render :xml => @group.errors, :status => :unprocessable_entity }
      end
    end
  end

+  # DELETE /groups/1
+  # DELETE /groups/1.xml
  def destroy
+    @group = Group.find(params[:id])
    @group.destroy

    respond_to do |format|
      format.html { redirect_to(groups_url) }
-      format.api  { render_api_ok }
+      format.xml  { head :ok }
    end
  end
-
+  
  def add_users
-    @users = User.find_all_by_id(params[:user_id] || params[:user_ids])
-    @group.users << @users if request.post?
+    @group = Group.find(params[:id])
+    users = User.find_all_by_id(params[:user_ids])
+    @group.users << users if request.post?
    respond_to do |format|
      format.html { redirect_to :controller => 'groups', :action => 'edit', :id => @group, :tab => 'users' }
-      format.js
-      format.api { render_api_ok }
+      format.js { 
+        render(:update) {|page| 
+          page.replace_html "tab-content-users", :partial => 'groups/users'
+          users.each {|user| page.visual_effect(:highlight, "user-#{user.id}") }
+        }
+      }
    end
  end
-
+  
  def remove_user
-    @group.users.delete(User.find(params[:user_id])) if request.delete?
+    @group = Group.find(params[:id])
+    @group.users.delete(User.find(params[:user_id])) if request.post?
    respond_to do |format|
      format.html { redirect_to :controller => 'groups', :action => 'edit', :id => @group, :tab => 'users' }
-      format.js
-      format.api { render_api_ok }
+      format.js { render(:update) {|page| page.replace_html "tab-content-users", :partial => 'groups/users'} }
    end
  end
-
+  
  def autocomplete_for_user
-    @users = User.active.not_in_group(@group).like(params[:q]).all(:limit => 100)
+    @group = Group.find(params[:id])
+    @users = User.active.like(params[:q]).find(:all, :limit => 100) - @group.users
    render :layout => false
  end
-
+  
  def edit_membership
+    @group = Group.find(params[:id])
    @membership = Member.edit_membership(params[:membership_id], params[:membership], @group)
    @membership.save if request.post?
    respond_to do |format|
-      format.html { redirect_to :controller => 'groups', :action => 'edit', :id => @group, :tab => 'memberships' }
-      format.js
+      if @membership.valid?
+        format.html { redirect_to :controller => 'groups', :action => 'edit', :id => @group, :tab => 'memberships' }
+        format.js {
+          render(:update) {|page|
+            page.replace_html "tab-content-memberships", :partial => 'groups/memberships'
+            page.visual_effect(:highlight, "member-#{@membership.id}")
+          }
+        }
+      else
+        format.js {
+          render(:update) {|page|
+            page.alert(l(:notice_failed_to_save_members, :errors => @membership.errors.full_messages.join(', ')))
+          }
+        }
+      end
    end
  end
-
+  
  def destroy_membership
+    @group = Group.find(params[:id])
    Member.find(params[:membership_id]).destroy if request.post?
    respond_to do |format|
      format.html { redirect_to :controller => 'groups', :action => 'edit', :id => @group, :tab => 'memberships' }
-      format.js
+      format.js { render(:update) {|page| page.replace_html "tab-content-memberships", :partial => 'groups/memberships'} }
    end
  end
-
-  private
-
-  def find_group
-    @group = Group.find(params[:id])
-  rescue ActiveRecord::RecordNotFound
-    render_404
-  end
 end
--- a/app/controllers/issue_categories_controller.rb
+++ b/app/controllers/issue_categories_controller.rb
@@ -1,16 +1,16 @@
-# Redmine - project management software
-# Copyright (C) 2006-2012  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
@@ -18,91 +18,57 @@
 class IssueCategoriesController < ApplicationController
  menu_item :settings
  model_object IssueCategory
-  before_filter :find_model_object, :except => [:index, :new, :create]
-  before_filter :find_project_from_association, :except => [:index, :new, :create]
-  before_filter :find_project_by_project_id, :only => [:index, :new, :create]
+  before_filter :find_model_object, :except => :new
+  before_filter :find_project_from_association, :except => :new
+  before_filter :find_project, :only => :new
  before_filter :authorize
-  accept_api_auth :index, :show, :create, :update, :destroy
  
-  def index
-    respond_to do |format|
-      format.html { redirect_to :controller => 'projects', :action => 'settings', :tab => 'categories', :id => @project }
-      format.api { @categories = @project.issue_categories.all }
-    end
-  end
-
-  def show
-    respond_to do |format|
-      format.html { redirect_to :controller => 'projects', :action => 'settings', :tab => 'categories', :id => @project }
-      format.api
-    end
-  end
+  verify :method => :post, :only => :destroy

  def new
-    @category = @project.issue_categories.build
-    @category.safe_attributes = params[:issue_category]
-
-    respond_to do |format|
-      format.html
-      format.js
-    end
-  end
-
-  def create
-    @category = @project.issue_categories.build
-    @category.safe_attributes = params[:issue_category]
-    if @category.save
-      respond_to do |format|
-        format.html do
-          flash[:notice] = l(:notice_successful_create)
-          redirect_to :controller => 'projects', :action => 'settings', :tab => 'categories', :id => @project
+    @category = @project.issue_categories.build(params[:category])
+    if request.post?
+      if @category.save
+        respond_to do |format|
+          format.html do
+            flash[:notice] = l(:notice_successful_create)
+            redirect_to :controller => 'projects', :action => 'settings', :tab => 'categories', :id => @project
+          end
+          format.js do
+            # IE doesn't support the replace_html rjs method for select box options
+            render(:update) {|page| page.replace "issue_category_id",
+              content_tag('select', '<option></option>' + options_from_collection_for_select(@project.issue_categories, 'id', 'name', @category.id), :id => 'issue_category_id', :name => 'issue[category_id]')
+            }
+          end
+        end
+      else
+        respond_to do |format|
+          format.html
+          format.js do
+            render(:update) {|page| page.alert(@category.errors.full_messages.join('\n')) }
+          end
        end
-        format.js
-        format.api { render :action => 'show', :status => :created, :location => issue_category_path(@category) }
-      end
-    else
-      respond_to do |format|
-        format.html { render :action => 'new'}
-        format.js   { render :action => 'new'}
-        format.api { render_validation_errors(@category) }
      end
    end
  end
-
+  
  def edit
-  end
-
-  def update
-    @category.safe_attributes = params[:issue_category]
-    if @category.save
-      respond_to do |format|
-        format.html {
-          flash[:notice] = l(:notice_successful_update)
-          redirect_to :controller => 'projects', :action => 'settings', :tab => 'categories', :id => @project
-        }
-        format.api { render_api_ok }
-      end
-    else
-      respond_to do |format|
-        format.html { render :action => 'edit' }
-        format.api { render_validation_errors(@category) }
-      end
+    if request.post? and @category.update_attributes(params[:category])
+      flash[:notice] = l(:notice_successful_update)
+      redirect_to :controller => 'projects', :action => 'settings', :tab => 'categories', :id => @project
    end
  end

  def destroy
    @issue_count = @category.issues.size
-    if @issue_count == 0 || params[:todo] || api_request? 
-      reassign_to = nil
-      if params[:reassign_to_id] && (params[:todo] == 'reassign' || params[:todo].blank?)
-        reassign_to = @project.issue_categories.find_by_id(params[:reassign_to_id])
-      end
+    if @issue_count == 0
+      # No issue assigned to this category
+      @category.destroy
+      redirect_to :controller => 'projects', :action => 'settings', :id => @project, :tab => 'categories'
+    elsif params[:todo]
+      reassign_to = @project.issue_categories.find_by_id(params[:reassign_to_id]) if params[:todo] == 'reassign'
      @category.destroy(reassign_to)
-      respond_to do |format|
-        format.html { redirect_to :controller => 'projects', :action => 'settings', :id => @project, :tab => 'categories' }
-        format.api { render_api_ok }
-      end
-      return
+      redirect_to :controller => 'projects', :action => 'settings', :id => @project, :tab => 'categories'
    end
    @categories = @project.issue_categories - [@category]
  end
@@ -113,5 +79,11 @@ private
  def find_model_object
    super
    @category = @object
+  end    
+  
+  def find_project
+    @project = Project.find(params[:project_id])
+  rescue ActiveRecord::RecordNotFound
+    render_404
  end
 end
--- a/app/controllers/issue_moves_controller.rb
+++ b/app/controllers/issue_moves_controller.rb
@@ -0,0 +1,68 @@
+class IssueMovesController < ApplicationController
+  default_search_scope :issues
+  before_filter :find_issues, :check_project_uniqueness
+  before_filter :authorize
+  
+  def new
+    prepare_for_issue_move
+    render :layout => false if request.xhr?
+  end
+
+  def create
+    prepare_for_issue_move
+
+    if request.post?
+      new_tracker = params[:new_tracker_id].blank? ? nil : @target_project.trackers.find_by_id(params[:new_tracker_id])
+      unsaved_issue_ids = []
+      moved_issues = []
+      @issues.each do |issue|
+        issue.reload
+        issue.init_journal(User.current)
+        issue.current_journal.notes = @notes if @notes.present?
+        call_hook(:controller_issues_move_before_save, { :params => params, :issue => issue, :target_project => @target_project, :copy => !!@copy })
+        if r = issue.move_to_project(@target_project, new_tracker, {:copy => @copy, :attributes => extract_changed_attributes_for_move(params)})
+          moved_issues << r
+        else
+          unsaved_issue_ids << issue.id
+        end
+      end
+      set_flash_from_bulk_issue_save(@issues, unsaved_issue_ids)
+
+      if params[:follow]
+        if @issues.size == 1 && moved_issues.size == 1
+          redirect_to :controller => 'issues', :action => 'show', :id => moved_issues.first
+        else
+          redirect_to :controller => 'issues', :action => 'index', :project_id => (@target_project || @project)
+        end
+      else
+        redirect_to :controller => 'issues', :action => 'index', :project_id => @project
+      end
+      return
+    end
+  end
+
+  private
+
+  def prepare_for_issue_move
+    @issues.sort!
+    @copy = params[:copy_options] && params[:copy_options][:copy]
+    @allowed_projects = Issue.allowed_target_projects_on_move
+    @target_project = @allowed_projects.detect {|p| p.id.to_s == params[:new_project_id]} if params[:new_project_id]
+    @target_project ||= @project    
+    @trackers = @target_project.trackers
+    @available_statuses = Workflow.available_statuses(@project)
+    @notes = params[:notes]
+    @notes ||= ''
+  end
+
+  def extract_changed_attributes_for_move(params)
+    changed_attributes = {}
+    [:assigned_to_id, :status_id, :start_date, :due_date, :priority_id].each do |valid_attribute|
+      unless params[valid_attribute].blank?
+        changed_attributes[valid_attribute] = (params[valid_attribute] == 'none' ? nil : params[valid_attribute])
+      end
+    end
+    changed_attributes
+  end
+
+end
--- a/app/controllers/issue_relations_controller.rb
+++ b/app/controllers/issue_relations_controller.rb
@@ -1,88 +1,64 @@
-# Redmine - project management software
-# Copyright (C) 2006-2012  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006-2007  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 class IssueRelationsController < ApplicationController
-  before_filter :find_issue, :find_project_from_association, :authorize, :only => [:index, :create]
-  before_filter :find_relation, :except => [:index, :create]
-
-  accept_api_auth :index, :show, :create, :destroy
-
-  def index
-    @relations = @issue.relations
-
-    respond_to do |format|
-      format.html { render :nothing => true }
-      format.api
-    end
-  end
-
-  def show
-    raise Unauthorized unless @relation.visible?
-
-    respond_to do |format|
-      format.html { render :nothing => true }
-      format.api
-    end
-  end
-
-  def create
+  before_filter :find_issue, :find_project_from_association, :authorize
+  
+  def new
    @relation = IssueRelation.new(params[:relation])
    @relation.issue_from = @issue
-    if params[:relation] && m = params[:relation][:issue_to_id].to_s.strip.match(/^#?(\d+)$/)
+    if params[:relation] && m = params[:relation][:issue_to_id].to_s.match(/^#?(\d+)$/)
      @relation.issue_to = Issue.visible.find_by_id(m[1].to_i)
    end
-    saved = @relation.save
-
+    @relation.save if request.post?
+    respond_to do |format|
+      format.html { redirect_to :controller => 'issues', :action => 'show', :id => @issue }
+      format.js do
+        @relations = @issue.relations.select {|r| r.other_issue(@issue) && r.other_issue(@issue).visible? }
+        render :update do |page|
+          page.replace_html "relations", :partial => 'issues/relations'
+          if @relation.errors.empty?
+            page << "$('relation_delay').value = ''"
+            page << "$('relation_issue_to_id').value = ''"
+          end
+        end
+      end
+    end
+  end
+  
+  def destroy
+    relation = IssueRelation.find(params[:id])
+    if request.post? && @issue.relations.include?(relation)
+      relation.destroy
+      @issue.reload
+    end
    respond_to do |format|
      format.html { redirect_to :controller => 'issues', :action => 'show', :id => @issue }
      format.js {
        @relations = @issue.relations.select {|r| r.other_issue(@issue) && r.other_issue(@issue).visible? }
-      }
-      format.api {
-        if saved
-          render :action => 'show', :status => :created, :location => relation_url(@relation)
-        else
-          render_validation_errors(@relation)
-        end
+        render(:update) {|page| page.replace_html "relations", :partial => 'issues/relations'}
      }
    end
  end
-
-  def destroy
-    raise Unauthorized unless @relation.deletable?
-    @relation.destroy
-
-    respond_to do |format|
-      format.html { redirect_to issue_path } # TODO : does this really work since @issue is always nil? What is it useful to?
-      format.js
-      format.api  { render_api_ok }
-    end
-  end
-
+  
 private
  def find_issue
    @issue = @object = Issue.find(params[:issue_id])
  rescue ActiveRecord::RecordNotFound
    render_404
  end
-
-  def find_relation
-    @relation = IssueRelation.find(params[:id])
-  rescue ActiveRecord::RecordNotFound
-    render_404
-  end
 end
--- a/app/controllers/issue_statuses_controller.rb
+++ b/app/controllers/issue_statuses_controller.rb
@@ -1,37 +1,31 @@
-# Redmine - project management software
-# Copyright (C) 2006-2012  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 class IssueStatusesController < ApplicationController
  layout 'admin'
+  
+  before_filter :require_admin

-  before_filter :require_admin, :except => :index
-  before_filter :require_admin_or_api_request, :only => :index
-  accept_api_auth :index
-
+  verify :method => :post, :only => [ :destroy, :create, :update, :move, :update_issue_done_ratio ],
+         :redirect_to => { :action => :index }
+         
  def index
-    respond_to do |format|
-      format.html {
-        @issue_status_pages, @issue_statuses = paginate :issue_statuses, :per_page => 25, :order => "position"
-        render :action => "index", :layout => false if request.xhr?
-      }
-      format.api {
-        @issue_statuses = IssueStatus.all(:order => 'position')
-      }
-    end
+    @issue_status_pages, @issue_statuses = paginate :issue_statuses, :per_page => 25, :order => "position"
+    render :action => "index", :layout => false if request.xhr?
  end

  def new
@@ -40,7 +34,7 @@ class IssueStatusesController < ApplicationController

  def create
    @issue_status = IssueStatus.new(params[:issue_status])
-    if request.post? && @issue_status.save
+    if @issue_status.save
      flash[:notice] = l(:notice_successful_create)
      redirect_to :action => 'index'
    else
@@ -54,7 +48,7 @@ class IssueStatusesController < ApplicationController

  def update
    @issue_status = IssueStatus.find(params[:id])
-    if request.put? && @issue_status.update_attributes(params[:issue_status])
+    if @issue_status.update_attributes(params[:issue_status])
      flash[:notice] = l(:notice_successful_update)
      redirect_to :action => 'index'
    else
@@ -69,9 +63,9 @@ class IssueStatusesController < ApplicationController
    flash[:error] = l(:error_unable_delete_issue_status)
    redirect_to :action => 'index'
  end  	
-
+  
  def update_issue_done_ratio
-    if request.post? && IssueStatus.update_issue_done_ratios
+    if IssueStatus.update_issue_done_ratios
      flash[:notice] = l(:notice_issue_done_ratios_updated)
    else
      flash[:error] =  l(:error_issue_done_ratios_not_updated)
--- a/app/controllers/issues_controller.rb
+++ b/app/controllers/issues_controller.rb
@@ -1,16 +1,16 @@
 # Redmine - project management software
-# Copyright (C) 2006-2012  Jean-Philippe Lang
+# Copyright (C) 2006-2008  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
@@ -18,22 +18,22 @@
 class IssuesController < ApplicationController
  menu_item :new_issue, :only => [:new, :create]
  default_search_scope :issues
-
+  
  before_filter :find_issue, :only => [:show, :edit, :update]
-  before_filter :find_issues, :only => [:bulk_edit, :bulk_update, :destroy]
+  before_filter :find_issues, :only => [:bulk_edit, :bulk_update, :move, :perform_move, :destroy]
+  before_filter :check_project_uniqueness, :only => [:move, :perform_move]
  before_filter :find_project, :only => [:new, :create]
  before_filter :authorize, :except => [:index]
  before_filter :find_optional_project, :only => [:index]
  before_filter :check_for_default_issue_status, :only => [:new, :create]
  before_filter :build_new_issue_from_params, :only => [:new, :create]
-  accept_rss_auth :index, :show
-  accept_api_auth :index, :show, :create, :update, :destroy
+  accept_key_auth :index, :show, :create, :update, :destroy

  rescue_from Query::StatementInvalid, :with => :query_statement_invalid
-
+  
  helper :journals
  helper :projects
-  include ProjectsHelper
+  include ProjectsHelper   
  helper :custom_fields
  include CustomFieldsHelper
  helper :issue_relations
@@ -50,13 +50,22 @@ class IssuesController < ApplicationController
  include SortHelper
  include IssuesHelper
  helper :timelog
+  helper :gantt
  include Redmine::Export::PDF

+  verify :method => [:post, :delete],
+         :only => :destroy,
+         :render => { :nothing => true, :status => :method_not_allowed }
+
+  verify :method => :post, :only => :create, :render => {:nothing => true, :status => :method_not_allowed }
+  verify :method => :post, :only => :bulk_update, :render => {:nothing => true, :status => :method_not_allowed }
+  verify :method => :put, :only => :update, :render => {:nothing => true, :status => :method_not_allowed }
+  
  def index
    retrieve_query
    sort_init(@query.sort_criteria.empty? ? [['id', 'desc']] : @query.sort_criteria)
    sort_update(@query.sortable_columns)
-
+    
    if @query.valid?
      case params[:format]
      when 'csv', 'pdf'
@@ -68,54 +77,44 @@ class IssuesController < ApplicationController
      else
        @limit = per_page_option
      end
-
+      
      @issue_count = @query.issue_count
      @issue_pages = Paginator.new self, @issue_count, @limit, params['page']
      @offset ||= @issue_pages.current.offset
      @issues = @query.issues(:include => [:assigned_to, :tracker, :priority, :category, :fixed_version],
-                              :order => sort_clause,
-                              :offset => @offset,
+                              :order => sort_clause, 
+                              :offset => @offset, 
                              :limit => @limit)
      @issue_count_by_group = @query.issue_count_by_group
-
+      
      respond_to do |format|
-        format.html { render :template => 'issues/index', :layout => !request.xhr? }
-        format.api  {
-          Issue.load_relations(@issues) if include_in_api_response?('relations')
-        }
+        format.html { render :template => 'issues/index.rhtml', :layout => !request.xhr? }
+        format.api
        format.atom { render_feed(@issues, :title => "#{@project || Setting.app_title}: #{l(:label_issue_plural)}") }
-        format.csv  { send_data(issues_to_csv(@issues, @project, @query, params), :type => 'text/csv; header=present', :filename => 'export.csv') }
+        format.csv  { send_data(issues_to_csv(@issues, @project), :type => 'text/csv; header=present', :filename => 'export.csv') }
        format.pdf  { send_data(issues_to_pdf(@issues, @project, @query), :type => 'application/pdf', :filename => 'export.pdf') }
      end
    else
-      respond_to do |format|
-        format.html { render(:template => 'issues/index', :layout => !request.xhr?) }
-        format.any(:atom, :csv, :pdf) { render(:nothing => true) }
-        format.api { render_validation_errors(@query) }
-      end
+      # Send html if the query is not valid
+      render(:template => 'issues/index.rhtml', :layout => !request.xhr?)
    end
  rescue ActiveRecord::RecordNotFound
    render_404
  end
-
+  
  def show
    @journals = @issue.journals.find(:all, :include => [:user, :details], :order => "#{Journal.table_name}.created_on ASC")
    @journals.each_with_index {|j,i| j.indice = i+1}
    @journals.reverse! if User.current.wants_comments_in_reverse_order?
-
    @changesets = @issue.changesets.visible.all
    @changesets.reverse! if User.current.wants_comments_in_reverse_order?
-
    @relations = @issue.relations.select {|r| r.other_issue(@issue) && r.other_issue(@issue).visible? }
    @allowed_statuses = @issue.new_statuses_allowed_to(User.current)
    @edit_allowed = User.current.allowed_to?(:edit_issues, @project)
-    @priorities = IssuePriority.active
-    @time_entry = TimeEntry.new(:issue => @issue, :project => @issue.project)
+    @priorities = IssuePriority.all
+    @time_entry = TimeEntry.new
    respond_to do |format|
-      format.html {
-        retrieve_previous_and_next_issue_ids
-        render :template => 'issues/show'
-      }
+      format.html { render :template => 'issues/show.rhtml' }
      format.api
      format.atom { render :template => 'journals/index', :layout => false, :content_type => 'application/atom+xml' }
      format.pdf  { send_data(issue_to_pdf(@issue), :type => 'application/pdf', :filename => "#{@project.identifier}-#{@issue.id}.pdf") }
@@ -127,20 +126,20 @@ class IssuesController < ApplicationController
  def new
    respond_to do |format|
      format.html { render :action => 'new', :layout => !request.xhr? }
-      format.js { render :partial => 'update_form' }
+      format.js { render :partial => 'attributes' }
    end
  end

  def create
    call_hook(:controller_issues_new_before_save, { :params => params, :issue => @issue })
-    @issue.save_attachments(params[:attachments] || (params[:issue] && params[:issue][:uploads]))
    if @issue.save
+      attachments = Attachment.attach_files(@issue, params[:attachments])
+      render_attachment_warning_if_needed(@issue)
+      flash[:notice] = l(:notice_successful_create)
      call_hook(:controller_issues_new_after_save, { :params => params, :issue => @issue})
      respond_to do |format|
        format.html {
-          render_attachment_warning_if_needed(@issue)
-          flash[:notice] = l(:notice_issue_successful_create, :id => view_context.link_to("##{@issue.id}", issue_path(@issue), :title => @issue.subject))
-          redirect_to(params[:continue] ?  { :action => 'new', :project_id => @issue.project, :issue => {:tracker_id => @issue.tracker, :parent_issue_id => @issue.parent_issue_id}.reject {|k,v| v.nil?} } :
+          redirect_to(params[:continue] ?  { :action => 'new', :project_id => @project, :issue => {:tracker_id => @issue.tracker, :parent_issue_id => @issue.parent_issue_id}.reject {|k,v| v.nil?} } :
                      { :action => 'show', :id => @issue })
        }
        format.api  { render :action => 'show', :status => :created, :location => issue_url(@issue) }
@@ -153,9 +152,11 @@ class IssuesController < ApplicationController
      end
    end
  end
-
+    
  def edit
-    return unless update_issue_from_params
+    update_issue_from_params
+
+    @journal = @issue.current_journal

    respond_to do |format|
      format.html { }
@@ -164,27 +165,21 @@ class IssuesController < ApplicationController
  end

  def update
-    return unless update_issue_from_params
-    @issue.save_attachments(params[:attachments] || (params[:issue] && params[:issue][:uploads]))
-    saved = false
-    begin
-      saved = @issue.save_issue_with_child_records(params, @time_entry)
-    rescue ActiveRecord::StaleObjectError
-      @conflict = true
-      if params[:last_journal_id]
-        @conflict_journals = @issue.journals_after(params[:last_journal_id]).all
-      end
-    end
+    update_issue_from_params

-    if saved
+    if @issue.save_issue_with_child_records(params, @time_entry)
      render_attachment_warning_if_needed(@issue)
      flash[:notice] = l(:notice_successful_update) unless @issue.current_journal.new_record?

      respond_to do |format|
        format.html { redirect_back_or_default({:action => 'show', :id => @issue}) }
-        format.api  { render_api_ok }
+        format.api  { head :ok }
      end
    else
+      render_attachment_warning_if_needed(@issue)
+      flash[:notice] = l(:notice_successful_update) unless @issue.current_journal.new_record?
+      @journal = @issue.current_journal
+
      respond_to do |format|
        format.html { render :action => 'edit' }
        format.api  { render_validation_errors(@issue) }
@@ -192,87 +187,34 @@ class IssuesController < ApplicationController
    end
  end

-  # Bulk edit/copy a set of issues
+  # Bulk edit a set of issues
  def bulk_edit
    @issues.sort!
-    @copy = params[:copy].present?
-    @notes = params[:notes]
-
-    if User.current.allowed_to?(:move_issues, @projects)
-      @allowed_projects = Issue.allowed_target_projects_on_move
-      if params[:issue]
-        @target_project = @allowed_projects.detect {|p| p.id.to_s == params[:issue][:project_id].to_s}
-        if @target_project
-          target_projects = [@target_project]
-        end
-      end
-    end
-    target_projects ||= @projects
-
-    if @copy
-      @available_statuses = [IssueStatus.default]
-    else
-      @available_statuses = @issues.map(&:new_statuses_allowed_to).reduce(:&)
-    end
-    @custom_fields = target_projects.map{|p|p.all_issue_custom_fields}.reduce(:&)
-    @assignables = target_projects.map(&:assignable_users).reduce(:&)
-    @trackers = target_projects.map(&:trackers).reduce(:&)
-    @versions = target_projects.map {|p| p.shared_versions.open}.reduce(:&)
-    @categories = target_projects.map {|p| p.issue_categories}.reduce(:&)
-    if @copy
-      @attachments_present = @issues.detect {|i| i.attachments.any?}.present?
-      @subtasks_present = @issues.detect {|i| !i.leaf?}.present?
-    end
-
-    @safe_attributes = @issues.map(&:safe_attribute_names).reduce(:&)
-    render :layout => false if request.xhr?
+    @available_statuses = @projects.map{|p|Workflow.available_statuses(p)}.inject{|memo,w|memo & w}
+    @custom_fields = @projects.map{|p|p.all_issue_custom_fields}.inject{|memo,c|memo & c}
+    @assignables = @projects.map(&:assignable_users).inject{|memo,a| memo & a}
+    @trackers = @projects.map(&:trackers).inject{|memo,t| memo & t}
  end

  def bulk_update
    @issues.sort!
-    @copy = params[:copy].present?
    attributes = parse_params_for_bulk_issue_attributes(params)

    unsaved_issue_ids = []
-    moved_issues = []
-
-    if @copy && params[:copy_subtasks].present?
-      # Descendant issues will be copied with the parent task
-      # Don't copy them twice
-      @issues.reject! {|issue| @issues.detect {|other| issue.is_descendant_of?(other)}}
-    end
-
    @issues.each do |issue|
      issue.reload
-      if @copy
-        issue = issue.copy({},
-          :attachments => params[:copy_attachments].present?,
-          :subtasks => params[:copy_subtasks].present?
-        )
-      end
      journal = issue.init_journal(User.current, params[:notes])
      issue.safe_attributes = attributes
      call_hook(:controller_issues_bulk_edit_before_save, { :params => params, :issue => issue })
-      if issue.save
-        moved_issues << issue
-      else
+      unless issue.save
        # Keep unsaved issue ids to display them in flash error
        unsaved_issue_ids << issue.id
      end
    end
    set_flash_from_bulk_issue_save(@issues, unsaved_issue_ids)
-
-    if params[:follow]
-      if @issues.size == 1 && moved_issues.size == 1
-        redirect_to :controller => 'issues', :action => 'show', :id => moved_issues.first
-      elsif moved_issues.map(&:project).uniq.size == 1
-        redirect_to :controller => 'issues', :action => 'index', :project_id => moved_issues.map(&:project).first
-      end
-    else
-      redirect_back_or_default({:controller => 'issues', :action => 'index', :project_id => @project})
-    end
+    redirect_back_or_default({:controller => 'issues', :action => 'index', :project_id => @project})
  end
-
+  
  def destroy
    @hours = TimeEntry.sum(:hours, :conditions => ['issue_id IN (?)', @issues]).to_f
    if @hours > 0
@@ -303,77 +245,38 @@ class IssuesController < ApplicationController
    end
    respond_to do |format|
      format.html { redirect_back_or_default(:action => 'index', :project_id => @project) }
-      format.api  { render_api_ok }
+      format.api  { head :ok }
    end
  end

 private
  def find_issue
-    # Issue.visible.find(...) can not be used to redirect user to the login form
-    # if the issue actually exists but requires authentication
    @issue = Issue.find(params[:id], :include => [:project, :tracker, :status, :author, :priority, :category])
-    unless @issue.visible?
-      deny_access
-      return
-    end
    @project = @issue.project
  rescue ActiveRecord::RecordNotFound
    render_404
  end
-
+  
  def find_project
-    project_id = params[:project_id] || (params[:issue] && params[:issue][:project_id])
+    project_id = (params[:issue] && params[:issue][:project_id]) || params[:project_id]
    @project = Project.find(project_id)
  rescue ActiveRecord::RecordNotFound
    render_404
  end
-
-  def retrieve_previous_and_next_issue_ids
-    retrieve_query_from_session
-    if @query
-      sort_init(@query.sort_criteria.empty? ? [['id', 'desc']] : @query.sort_criteria)
-      sort_update(@query.sortable_columns, 'issues_index_sort')
-      limit = 500
-      issue_ids = @query.issue_ids(:order => sort_clause, :limit => (limit + 1), :include => [:assigned_to, :tracker, :priority, :category, :fixed_version])
-      if (idx = issue_ids.index(@issue.id)) && idx < limit
-        if issue_ids.size < 500
-          @issue_position = idx + 1
-          @issue_count = issue_ids.size
-        end
-        @prev_issue_id = issue_ids[idx - 1] if idx > 0
-        @next_issue_id = issue_ids[idx + 1] if idx < (issue_ids.size - 1)
-      end
-    end
-  end
-
+  
  # Used by #edit and #update to set some common instance variables
  # from the params
  # TODO: Refactor, not everything in here is needed by #edit
  def update_issue_from_params
+    @allowed_statuses = @issue.new_statuses_allowed_to(User.current)
+    @priorities = IssuePriority.all
    @edit_allowed = User.current.allowed_to?(:edit_issues, @project)
-    @time_entry = TimeEntry.new(:issue => @issue, :project => @issue.project)
+    @time_entry = TimeEntry.new
    @time_entry.attributes = params[:time_entry]
-
+    
    @notes = params[:notes] || (params[:issue].present? ? params[:issue][:notes] : nil)
    @issue.init_journal(User.current, @notes)
-
-    issue_attributes = params[:issue]
-    if issue_attributes && params[:conflict_resolution]
-      case params[:conflict_resolution]
-      when 'overwrite'
-        issue_attributes = issue_attributes.dup
-        issue_attributes.delete(:lock_version)
-      when 'add_notes'
-        issue_attributes = {}
-      when 'cancel'
-        redirect_to issue_path(@issue)
-        return false
-      end
-    end
-    @issue.safe_attributes = issue_attributes
-    @priorities = IssuePriority.active
-    @allowed_statuses = @issue.new_statuses_allowed_to(User.current)
-    true
+    @issue.safe_attributes = params[:issue]
  end

  # TODO: Refactor, lots of extra code in here
@@ -381,36 +284,29 @@ private
  def build_new_issue_from_params
    if params[:id].blank?
      @issue = Issue.new
-      if params[:copy_from]
-        begin
-          @copy_from = Issue.visible.find(params[:copy_from])
-          @copy_attachments = params[:copy_attachments].present? || request.get?
-          @copy_subtasks = params[:copy_subtasks].present? || request.get?
-          @issue.copy_from(@copy_from, :attachments => @copy_attachments, :subtasks => @copy_subtasks)
-        rescue ActiveRecord::RecordNotFound
-          render_404
-          return
-        end
-      end
+      @issue.copy_from(params[:copy_from]) if params[:copy_from]
      @issue.project = @project
    else
      @issue = @project.issues.visible.find(params[:id])
    end
-
+    
    @issue.project = @project
-    @issue.author ||= User.current
    # Tracker must be set before custom field values
    @issue.tracker ||= @project.trackers.find((params[:issue] && params[:issue][:tracker_id]) || params[:tracker_id] || :first)
    if @issue.tracker.nil?
      render_error l(:error_no_tracker_in_project)
      return false
    end
-    @issue.start_date ||= Date.today if Setting.default_issue_start_date_to_creation_date?
-    @issue.safe_attributes = params[:issue]
-
-    @priorities = IssuePriority.active
+    @issue.start_date ||= Date.today
+    if params[:issue].is_a?(Hash)
+      @issue.safe_attributes = params[:issue]
+      if User.current.allowed_to?(:add_issue_watchers, @project) && @issue.new_record?
+        @issue.watcher_user_ids = params[:issue]['watcher_user_ids']
+      end
+    end
+    @issue.author = User.current
+    @priorities = IssuePriority.all
    @allowed_statuses = @issue.new_statuses_allowed_to(User.current, true)
-    @available_watchers = (@issue.project.users.sort + @issue.watcher_users).uniq
  end

  def check_for_default_issue_status
@@ -423,16 +319,7 @@ private
  def parse_params_for_bulk_issue_attributes(params)
    attributes = (params[:issue] || {}).reject {|k,v| v.blank?}
    attributes.keys.each {|k| attributes[k] = '' if attributes[k] == 'none'}
-    if custom = attributes[:custom_field_values]
-      custom.reject! {|k,v| v.blank?}
-      custom.keys.each do |k|
-        if custom[k].is_a?(Array)
-          custom[k] << '' if custom[k].delete('__none__')
-        else
-          custom[k] = '' if custom[k] == '__none__'
-        end
-      end
-    end
+    attributes[:custom_field_values].reject! {|k,v| v.blank?} if attributes[:custom_field_values]
    attributes
  end
 end
--- a/app/controllers/journals_controller.rb
+++ b/app/controllers/journals_controller.rb
@@ -1,27 +1,26 @@
-# Redmine - project management software
-# Copyright (C) 2006-2012  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006-2008  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 class JournalsController < ApplicationController
-  before_filter :find_journal, :only => [:edit, :diff]
+  before_filter :find_journal, :only => [:edit]
  before_filter :find_issue, :only => [:new]
  before_filter :find_optional_project, :only => [:index]
-  before_filter :authorize, :only => [:new, :edit, :diff]
-  accept_rss_auth :index
-  menu_item :issues
+  before_filter :authorize, :only => [:new, :edit]
+  accept_key_auth :index

  helper :issues
  helper :custom_fields
@@ -34,9 +33,9 @@ class JournalsController < ApplicationController
    retrieve_query
    sort_init 'id', 'desc'
    sort_update(@query.sortable_columns)
-
+    
    if @query.valid?
-      @journals = @query.journals(:order => "#{Journal.table_name}.created_on DESC",
+      @journals = @query.journals(:order => "#{Journal.table_name}.created_on DESC", 
                                  :limit => 25)
    end
    @title = (@project ? @project.name : Setting.app_title) + ": " + (@query.new_record? ? l(:label_changes_details) : @query.name)
@@ -44,18 +43,7 @@ class JournalsController < ApplicationController
  rescue ActiveRecord::RecordNotFound
    render_404
  end
-
-  def diff
-    @issue = @journal.issue
-    if params[:detail_id].present?
-      @detail = @journal.details.find_by_id(params[:detail_id])
-    else
-      @detail = @journal.details.detect {|d| d.prop_key == 'description'}
-    end
-    (render_404; return false) unless @issue && @detail
-    @diff = Redmine::Helpers::Diff.new(@detail.value, @detail.old_value)
-  end
-
+  
  def new
    journal = Journal.find(params[:journal_id]) if params[:journal_id]
    if journal
@@ -67,12 +55,19 @@ class JournalsController < ApplicationController
    end
    # Replaces pre blocks with [...]
    text = text.to_s.strip.gsub(%r{<pre>((.|\s)*?)</pre>}m, '[...]')
-    @content = "#{ll(Setting.default_language, :text_user_wrote, user)}\n> "
-    @content << text.gsub(/(\r?\n|\r\n?)/, "\n> ") + "\n\n"
+    content = "#{ll(Setting.default_language, :text_user_wrote, user)}\n> "
+    content << text.gsub(/(\r?\n|\r\n?)/, "\n> ") + "\n\n"
+      
+    render(:update) { |page|
+      page.<< "$('notes').value = \"#{escape_javascript content}\";"
+      page.show 'update'
+      page << "Form.Element.focus('notes');"
+      page << "Element.scrollTo('update');"
+      page << "$('notes').scrollTop = $('notes').scrollHeight - $('notes').clientHeight;"
+    }
  end
-
+  
  def edit
-    (render_403; return false) unless @journal.editable_by?(User.current)
    if request.post?
      @journal.update_attributes(:notes => params[:notes]) if params[:notes]
      @journal.destroy if @journal.details.empty? && @journal.notes.blank?
@@ -85,17 +80,17 @@ class JournalsController < ApplicationController
      respond_to do |format|
        format.html {
          # TODO: implement non-JS journal update
-          render :nothing => true
+          render :nothing => true 
        }
        format.js
      end
    end
  end
-
-  private
-
+  
+private
  def find_journal
    @journal = Journal.find(params[:id])
+    (render_403; return false) unless @journal.editable_by?(User.current)
    @project = @journal.journalized.project
  rescue ActiveRecord::RecordNotFound
    render_404
--- a/app/controllers/ldap_auth_sources_controller.rb
+++ b/app/controllers/ldap_auth_sources_controller.rb
@@ -1,24 +1,25 @@
-# Redmine - project management software
-# Copyright (C) 2006-2012  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

-class CommentObserver < ActiveRecord::Observer
-  def after_create(comment)
-    if comment.commented.is_a?(News) && Setting.notified_events.include?('news_comment_added')
-      Mailer.news_comment_added(comment).deliver
-    end
+class LdapAuthSourcesController < AuthSourcesController
+
+  protected
+  
+  def auth_source_class
+    AuthSourceLdap
  end
 end
--- a/app/controllers/mail_handler_controller.rb
+++ b/app/controllers/mail_handler_controller.rb
@@ -1,23 +1,27 @@
-# Redmine - project management software
-# Copyright (C) 2006-2012  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006-2008  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 class MailHandlerController < ActionController::Base
  before_filter :check_credential
-
+  
+  verify :method => :post,
+         :only => :index,
+         :render => { :nothing => true, :status => 405 }
+         
  # Submits an incoming email to MailHandler
  def index
    options = params.dup
@@ -28,9 +32,9 @@ class MailHandlerController < ActionController::Base
      render :nothing => true, :status => :unprocessable_entity
    end
  end
-
+  
  private
-
+  
  def check_credential
    User.current = nil
    unless Setting.mail_handler_api_enabled? && params[:key].to_s == Setting.mail_handler_api_key
--- a/app/controllers/members_controller.rb
+++ b/app/controllers/members_controller.rb
@@ -1,118 +1,100 @@
-# Redmine - project management software
-# Copyright (C) 2006-2012  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 class MembersController < ApplicationController
  model_object Member
-  before_filter :find_model_object, :except => [:index, :create, :autocomplete]
-  before_filter :find_project_from_association, :except => [:index, :create, :autocomplete]
-  before_filter :find_project_by_project_id, :only => [:index, :create, :autocomplete]
+  before_filter :find_model_object, :except => [:new, :autocomplete_for_member]
+  before_filter :find_project_from_association, :except => [:new, :autocomplete_for_member]
+  before_filter :find_project, :only => [:new, :autocomplete_for_member]
  before_filter :authorize
-  accept_api_auth :index, :show, :create, :update, :destroy

-  def index
-    @offset, @limit = api_offset_and_limit
-    @member_count = @project.member_principals.count
-    @member_pages = Paginator.new self, @member_count, @limit, params['page']
-    @offset ||= @member_pages.current.offset
-    @members =  @project.member_principals.all(
-      :order => "#{Member.table_name}.id",
-      :limit  =>  @limit,
-      :offset =>  @offset
-    )
-
-    respond_to do |format|
-      format.html { head 406 }
-      format.api
-    end
-  end
-
-  def show
-    respond_to do |format|
-      format.html { head 406 }
-      format.api
-    end
-  end
-
-  def create
+  def new
    members = []
-    if params[:membership]
-      if params[:membership][:user_ids]
-        attrs = params[:membership].dup
-        user_ids = attrs.delete(:user_ids)
+    if params[:member] && request.post?
+      attrs = params[:member].dup
+      if (user_ids = attrs.delete(:user_ids))
        user_ids.each do |user_id|
-          members << Member.new(:role_ids => params[:membership][:role_ids], :user_id => user_id)
+          members << Member.new(attrs.merge(:user_id => user_id))
        end
      else
-        members << Member.new(:role_ids => params[:membership][:role_ids], :user_id => params[:membership][:user_id])
+        members << Member.new(attrs)
      end
      @project.members << members
    end
-
    respond_to do |format|
-      format.html { redirect_to :controller => 'projects', :action => 'settings', :tab => 'members', :id => @project }
-      format.js { @members = members }
-      format.api {
-        @member = members.first
-        if @member.valid?
-          render :action => 'show', :status => :created, :location => membership_url(@member)
-        else
-          render_validation_errors(@member)
-        end
-      }
+      if members.present? && members.all? {|m| m.valid? }
+
+        format.html { redirect_to :controller => 'projects', :action => 'settings', :tab => 'members', :id => @project }
+
+        format.js { 
+          render(:update) {|page| 
+            page.replace_html "tab-content-members", :partial => 'projects/settings/members'
+            page << 'hideOnLoad()'
+            members.each {|member| page.visual_effect(:highlight, "member-#{member.id}") }
+          }
+        }
+      else
+
+        format.js {
+          render(:update) {|page|
+            errors = members.collect {|m|
+              m.errors.full_messages
+            }.flatten.uniq
+
+            page.alert(l(:notice_failed_to_save_members, :errors => errors.join(', ')))
+          }
+        }
+        
+      end
    end
  end
-
-  def update
-    if params[:membership]
-      @member.role_ids = params[:membership][:role_ids]
-    end
-    saved = @member.save
-    respond_to do |format|
-      format.html { redirect_to :controller => 'projects', :action => 'settings', :tab => 'members', :id => @project }
-      format.js
-      format.api {
-        if saved
-          render_api_ok
-        else
-          render_validation_errors(@member)
-        end
-      }
+  
+  def edit
+    if request.post? and @member.update_attributes(params[:member])
+  	 respond_to do |format|
+        format.html { redirect_to :controller => 'projects', :action => 'settings', :tab => 'members', :id => @project }
+        format.js { 
+          render(:update) {|page| 
+            page.replace_html "tab-content-members", :partial => 'projects/settings/members'
+            page << 'hideOnLoad()'
+            page.visual_effect(:highlight, "member-#{@member.id}")
+          }
+        }
+      end
    end
  end

  def destroy
-    if request.delete? && @member.deletable?
+    if request.post? && @member.deletable?
      @member.destroy
    end
    respond_to do |format|
      format.html { redirect_to :controller => 'projects', :action => 'settings', :tab => 'members', :id => @project }
-      format.js
-      format.api {
-        if @member.destroyed?
-          render_api_ok
-        else
-          head :unprocessable_entity
-        end
+      format.js { render(:update) {|page|
+          page.replace_html "tab-content-members", :partial => 'projects/settings/members'
+          page << 'hideOnLoad()'
+        }
      }
    end
  end
-
-  def autocomplete
-    @principals = Principal.active.not_member_of(@project).like(params[:q]).all(:limit => 100)
+  
+  def autocomplete_for_member
+    @principals = Principal.active.like(params[:q]).find(:all, :limit => 100) - @project.principals
    render :layout => false
  end
+
 end
--- a/app/controllers/messages_controller.rb
+++ b/app/controllers/messages_controller.rb
@@ -1,16 +1,16 @@
-# Redmine - project management software
-# Copyright (C) 2006-2012  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006-2007  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
@@ -22,13 +22,15 @@ class MessagesController < ApplicationController
  before_filter :find_message, :except => [:new, :preview]
  before_filter :authorize, :except => [:preview, :edit, :destroy]

-  helper :boards
+  verify :method => :post, :only => [ :reply, :destroy ], :redirect_to => { :action => :show }
+  verify :xhr => true, :only => :quote
+
  helper :watchers
  helper :attachments
-  include AttachmentsHelper
+  include AttachmentsHelper   

  REPLIES_PER_PAGE = 25 unless const_defined?(:REPLIES_PER_PAGE)
-
+  
  # Show a topic and its replies
  def show
    page = params[:page]
@@ -37,90 +39,98 @@ class MessagesController < ApplicationController
      offset = @topic.children.count(:conditions => ["#{Message.table_name}.id < ?", params[:r].to_i])
      page = 1 + offset / REPLIES_PER_PAGE
    end
-
+    
    @reply_count = @topic.children.count
    @reply_pages = Paginator.new self, @reply_count, REPLIES_PER_PAGE, page
    @replies =  @topic.children.find(:all, :include => [:author, :attachments, {:board => :project}],
                                           :order => "#{Message.table_name}.created_on ASC",
                                           :limit => @reply_pages.items_per_page,
                                           :offset => @reply_pages.current.offset)
-
+    
    @reply = Message.new(:subject => "RE: #{@message.subject}")
    render :action => "show", :layout => false if request.xhr?
  end
-
+  
  # Create a new topic
  def new
-    @message = Message.new
+    @message = Message.new(params[:message])
    @message.author = User.current
    @message.board = @board
-    @message.safe_attributes = params[:message]
-    if request.post?
-      @message.save_attachments(params[:attachments])
-      if @message.save
-        call_hook(:controller_messages_new_after_save, { :params => params, :message => @message})
-        render_attachment_warning_if_needed(@message)
-        redirect_to board_message_path(@board, @message)
-      end
+    if params[:message] && User.current.allowed_to?(:edit_messages, @project)
+      @message.locked = params[:message]['locked']
+      @message.sticky = params[:message]['sticky']
+    end
+    if request.post? && @message.save
+      call_hook(:controller_messages_new_after_save, { :params => params, :message => @message})
+      attachments = Attachment.attach_files(@message, params[:attachments])
+      render_attachment_warning_if_needed(@message)
+      redirect_to :action => 'show', :id => @message
    end
  end

  # Reply to a topic
  def reply
-    @reply = Message.new
+    @reply = Message.new(params[:reply])
    @reply.author = User.current
    @reply.board = @board
-    @reply.safe_attributes = params[:reply]
    @topic.children << @reply
    if !@reply.new_record?
      call_hook(:controller_messages_reply_after_save, { :params => params, :message => @reply})
      attachments = Attachment.attach_files(@reply, params[:attachments])
      render_attachment_warning_if_needed(@reply)
    end
-    redirect_to board_message_path(@board, @topic, :r => @reply)
+    redirect_to :action => 'show', :id => @topic, :r => @reply
  end

  # Edit a message
  def edit
    (render_403; return false) unless @message.editable_by?(User.current)
-    @message.safe_attributes = params[:message]
-    if request.post? && @message.save
+    if params[:message]
+      @message.locked = params[:message]['locked']
+      @message.sticky = params[:message]['sticky']
+    end
+    if request.post? && @message.update_attributes(params[:message])
      attachments = Attachment.attach_files(@message, params[:attachments])
      render_attachment_warning_if_needed(@message)
      flash[:notice] = l(:notice_successful_update)
      @message.reload
-      redirect_to board_message_path(@message.board, @message.root, :r => (@message.parent_id && @message.id))
+      redirect_to :action => 'show', :board_id => @message.board, :id => @message.root, :r => (@message.parent_id && @message.id)
    end
  end
-
+  
  # Delete a messages
  def destroy
    (render_403; return false) unless @message.destroyable_by?(User.current)
-    r = @message.to_param
    @message.destroy
-    if @message.parent
-      redirect_to board_message_path(@board, @message.parent, :r => r)
-    else
-      redirect_to project_board_path(@project, @board)
-    end
+    redirect_to @message.parent.nil? ?
+      { :controller => 'boards', :action => 'show', :project_id => @project, :id => @board } :
+      { :action => 'show', :id => @message.parent, :r => @message }
  end
-
+  
  def quote
-    @subject = @message.subject
-    @subject = "RE: #{@subject}" unless @subject.starts_with?('RE:')
-
-    @content = "#{ll(Setting.default_language, :text_user_wrote, @message.author)}\n> "
-    @content << @message.content.to_s.strip.gsub(%r{<pre>((.|\s)*?)</pre>}m, '[...]').gsub(/(\r?\n|\r\n?)/, "\n> ") + "\n\n"
+    user = @message.author
+    text = @message.content
+    subject = @message.subject.gsub('"', '\"')
+    subject = "RE: #{subject}" unless subject.starts_with?('RE:')
+    content = "#{ll(Setting.default_language, :text_user_wrote, user)}\\n> "
+    content << text.to_s.strip.gsub(%r{<pre>((.|\s)*?)</pre>}m, '[...]').gsub('"', '\"').gsub(/(\r?\n|\r\n?)/, "\\n> ") + "\\n\\n"
+    render(:update) { |page|
+      page << "$('reply_subject').value = \"#{subject}\";"
+      page.<< "$('message_content').value = \"#{content}\";"
+      page.show 'reply'
+      page << "Form.Element.focus('message_content');"
+      page << "Element.scrollTo('reply');"
+      page << "$('message_content').scrollTop = $('message_content').scrollHeight - $('message_content').clientHeight;"
+    }
  end
-
+  
  def preview
    message = @board.messages.find_by_id(params[:id])
    @attachements = message.attachments if message
    @text = (params[:message] || params[:reply])[:content]
-    @previewed = message
    render :partial => 'common/preview'
  end
-
+  
 private
  def find_message
    find_board
@@ -129,7 +139,7 @@ private
  rescue ActiveRecord::RecordNotFound
    render_404
  end
-
+  
  def find_board
    @board = Board.find(params[:board_id], :include => :project)
    @project = @board.project
--- a/app/controllers/my_controller.rb
+++ b/app/controllers/my_controller.rb
@@ -1,16 +1,16 @@
 # Redmine - project management software
-# Copyright (C) 2006-2012  Jean-Philippe Lang
+# Copyright (C) 2006-2009  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
@@ -31,10 +31,13 @@ class MyController < ApplicationController
             'timelog' => :label_spent_time
           }.merge(Redmine::Views::MyPage::Block.additional_blocks).freeze

-  DEFAULT_LAYOUT = {  'left' => ['issuesassignedtome'],
-                      'right' => ['issuesreportedbyme']
+  DEFAULT_LAYOUT = {  'left' => ['issuesassignedtome'], 
+                      'right' => ['issuesreportedbyme'] 
                   }.freeze

+  verify :xhr => true,
+         :only => [:add_block, :remove_block, :order_blocks]
+
  def index
    page
    render :action => 'page'
@@ -65,24 +68,6 @@ class MyController < ApplicationController
    end
  end

-  # Destroys user's account
-  def destroy
-    @user = User.current
-    unless @user.own_account_deletable?
-      redirect_to :action => 'account'
-      return
-    end
-
-    if request.post? && params[:confirm]
-      @user.destroy
-      if @user.destroyed?
-        logout_user
-        flash[:notice] = l(:notice_account_deleted)
-      end
-      redirect_to home_path
-    end
-  end
-
  # Manage user's password
  def password
    @user = User.current
@@ -103,7 +88,7 @@ class MyController < ApplicationController
      end
    end
  end
-
+  
  # Create a new feeds key
  def reset_rss_key
    if request.post?
@@ -135,13 +120,9 @@ class MyController < ApplicationController
    @user = User.current
    @blocks = @user.pref[:my_page_layout] || DEFAULT_LAYOUT.dup
    @block_options = []
-    BLOCKS.each do |k, v|
-      unless %w(top left right).detect {|f| (@blocks[f] ||= []).include?(k)}
-        @block_options << [l("my.blocks.#{v}", :default => [v, v.to_s.humanize]), k.dasherize]
-      end
-    end
+    BLOCKS.each {|k, v| @block_options << [l("my.blocks.#{v}", :default => [v, v.to_s.humanize]), k.dasherize]}
  end
-
+  
  # Add a block to user's page
  # The block is added on top of the page
  # params[:block] : id of the block to add
@@ -155,10 +136,10 @@ class MyController < ApplicationController
    # add it on top
    layout['top'].unshift block
    @user.pref[:my_page_layout] = layout
-    @user.pref.save
-    redirect_to :action => 'page_layout'
+    @user.pref.save 
+    render :partial => "block", :locals => {:user => @user, :block_name => block}
  end
-
+  
  # Remove a block to user's page
  # params[:block] : id of the block to remove
  def remove_block
@@ -168,8 +149,8 @@ class MyController < ApplicationController
    layout = @user.pref[:my_page_layout] || {}
    %w(top left right).each {|f| (layout[f] ||= []).delete block }
    @user.pref[:my_page_layout] = layout
-    @user.pref.save
-    redirect_to :action => 'page_layout'
+    @user.pref.save 
+    render :nothing => true
  end

  # Change blocks order on user's page
@@ -179,8 +160,7 @@ class MyController < ApplicationController
    group = params[:group]
    @user = User.current
    if group.is_a?(String)
-      group_items = (params["blocks"] || []).collect(&:underscore)
-      group_items.each {|s| s.sub!(/^block_/, '')}
+      group_items = (params["list-#{group}"] || []).collect(&:underscore)
      if group_items and group_items.is_a? Array
        layout = @user.pref[:my_page_layout] || {}
        # remove group blocks if they are presents in other groups
@@ -189,7 +169,7 @@ class MyController < ApplicationController
        }
        layout[group] = group_items
        @user.pref[:my_page_layout] = layout
-        @user.pref.save
+        @user.pref.save 
      end
    end
    render :nothing => true
--- a/app/controllers/news_controller.rb
+++ b/app/controllers/news_controller.rb
@@ -1,16 +1,16 @@
-# Redmine - project management software
-# Copyright (C) 2006-2012  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
@@ -20,15 +20,11 @@ class NewsController < ApplicationController
  model_object News
  before_filter :find_model_object, :except => [:new, :create, :index]
  before_filter :find_project_from_association, :except => [:new, :create, :index]
-  before_filter :find_project_by_project_id, :only => [:new, :create]
+  before_filter :find_project, :only => [:new, :create]
  before_filter :authorize, :except => [:index]
  before_filter :find_optional_project, :only => :index
-  accept_rss_auth :index
-  accept_api_auth :index
-
-  helper :watchers
-  helper :attachments
-
+  accept_key_auth :index
+  
  def index
    case params[:format]
    when 'xml', 'json'
@@ -36,9 +32,9 @@ class NewsController < ApplicationController
    else
      @limit =  10
    end
-
+    
    scope = @project ? @project.news.visible : News.visible
-
+    
    @news_count = scope.count
    @news_pages = Paginator.new self, @news_count, @limit, params['page']
    @offset ||= @news_pages.current.offset
@@ -46,17 +42,14 @@ class NewsController < ApplicationController
                                       :order => "#{News.table_name}.created_on DESC",
                                       :offset => @offset,
                                       :limit => @limit)
-
+    
    respond_to do |format|
-      format.html {
-        @news = News.new # for adding news inline
-        render :layout => false if request.xhr?
-      }
+      format.html { render :layout => false if request.xhr? }
      format.api
      format.atom { render_feed(@newss, :title => (@project ? @project.name : Setting.app_title) + ": #{l(:label_news_plural)}") }
    end
  end
-
+  
  def show
    @comments = @news.comments
    @comments.reverse! if User.current.wants_comments_in_reverse_order?
@@ -68,25 +61,22 @@ class NewsController < ApplicationController

  def create
    @news = News.new(:project => @project, :author => User.current)
-    @news.safe_attributes = params[:news]
-    @news.save_attachments(params[:attachments])
-    if @news.save
-      render_attachment_warning_if_needed(@news)
-      flash[:notice] = l(:notice_successful_create)
-      redirect_to :controller => 'news', :action => 'index', :project_id => @project
-    else
-      render :action => 'new'
+    if request.post?
+      @news.attributes = params[:news]
+      if @news.save
+        flash[:notice] = l(:notice_successful_create)
+        redirect_to :controller => 'news', :action => 'index', :project_id => @project
+      else
+        render :action => 'new'
+      end
    end
  end

  def edit
  end
-
+  
  def update
-    @news.safe_attributes = params[:news]
-    @news.save_attachments(params[:attachments])
-    if @news.save
-      render_attachment_warning_if_needed(@news)
+    if request.put? and @news.update_attributes(params[:news])
      flash[:notice] = l(:notice_successful_update)
      redirect_to :action => 'show', :id => @news
    else
@@ -98,9 +88,14 @@ class NewsController < ApplicationController
    @news.destroy
    redirect_to :action => 'index', :project_id => @project
  end
-
-  private
-
+  
+private
+  def find_project
+    @project = Project.find(params[:project_id])
+  rescue ActiveRecord::RecordNotFound
+    render_404
+  end
+  
  def find_optional_project
    return true unless params[:project_id]
    @project = Project.find(params[:project_id])
--- a/app/controllers/previews_controller.rb
+++ b/app/controllers/previews_controller.rb
@@ -1,20 +1,3 @@
-# Redmine - project management software
-# Copyright (C) 2006-2012  Jean-Philippe Lang
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
-# of the License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
-
 class PreviewsController < ApplicationController
  before_filter :find_project

@@ -39,12 +22,12 @@ class PreviewsController < ApplicationController
  end

  private
-
+  
  def find_project
    project_id = (params[:issue] && params[:issue][:project_id]) || params[:project_id]
    @project = Project.find(project_id)
  rescue ActiveRecord::RecordNotFound
    render_404
  end
-
+  
 end
--- a/app/controllers/project_enumerations_controller.rb
+++ b/app/controllers/project_enumerations_controller.rb
@@ -1,24 +1,7 @@
-# Redmine - project management software
-# Copyright (C) 2006-2012  Jean-Philippe Lang
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
-# of the License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
-
 class ProjectEnumerationsController < ApplicationController
  before_filter :find_project_by_project_id
  before_filter :authorize
-
+  
  def update
    if request.put? && params[:enumerations]
      Project.transaction do
@@ -28,7 +11,7 @@ class ProjectEnumerationsController < ApplicationController
      end
      flash[:notice] = l(:notice_successful_update)
    end
-
+    
    redirect_to :controller => 'projects', :action => 'settings', :tab => 'activities', :id => @project
  end

--- a/app/controllers/projects_controller.rb
+++ b/app/controllers/projects_controller.rb
@@ -1,16 +1,16 @@
 # Redmine - project management software
-# Copyright (C) 2006-2012  Jean-Philippe Lang
+# Copyright (C) 2006-2009  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
@@ -19,40 +19,35 @@ class ProjectsController < ApplicationController
  menu_item :overview
  menu_item :roadmap, :only => :roadmap
  menu_item :settings, :only => :settings
-
+  
  before_filter :find_project, :except => [ :index, :list, :new, :create, :copy ]
  before_filter :authorize, :except => [ :index, :list, :new, :create, :copy, :archive, :unarchive, :destroy]
  before_filter :authorize_global, :only => [:new, :create]
  before_filter :require_admin, :only => [ :copy, :archive, :unarchive, :destroy ]
-  accept_rss_auth :index
-  accept_api_auth :index, :show, :create, :update, :destroy
+  accept_key_auth :index, :show, :create, :update, :destroy

  after_filter :only => [:create, :edit, :update, :archive, :unarchive, :destroy] do |controller|
    if controller.request.post?
-      controller.send :expire_action, :controller => 'welcome', :action => 'robots'
+      controller.send :expire_action, :controller => 'welcome', :action => 'robots.txt'
    end
  end

  helper :sort
  include SortHelper
  helper :custom_fields
-  include CustomFieldsHelper
+  include CustomFieldsHelper   
  helper :issues
  helper :queries
  include QueriesHelper
  helper :repositories
  include RepositoriesHelper
  include ProjectsHelper
-
+  
  # Lists visible projects
  def index
    respond_to do |format|
-      format.html {
-        scope = Project
-        unless params[:closed]
-          scope = scope.active
-        end
-        @projects = scope.visible.order('lft').all
+      format.html { 
+        @projects = Project.visible.find(:all, :order => 'lft') 
      }
      format.api  {
        @offset, @limit = api_offset_and_limit
@@ -66,17 +61,17 @@ class ProjectsController < ApplicationController
      }
    end
  end
-
+  
  def new
    @issue_custom_fields = IssueCustomField.find(:all, :order => "#{CustomField.table_name}.position")
-    @trackers = Tracker.sorted.all
-    @project = Project.new
-    @project.safe_attributes = params[:project]
+    @trackers = Tracker.all
+    @project = Project.new(params[:project])
  end

+  verify :method => :post, :only => :create, :render => {:nothing => true, :status => :method_not_allowed }
  def create
    @issue_custom_fields = IssueCustomField.find(:all, :order => "#{CustomField.table_name}.position")
-    @trackers = Tracker.sorted.all
+    @trackers = Tracker.all
    @project = Project.new
    @project.safe_attributes = params[:project]

@@ -89,12 +84,9 @@ class ProjectsController < ApplicationController
        @project.members << m
      end
      respond_to do |format|
-        format.html {
+        format.html { 
          flash[:notice] = l(:notice_successful_create)
-          redirect_to(params[:continue] ?
-            {:controller => 'projects', :action => 'new', :project => {:parent_id => @project.parent_id}.reject {|k,v| v.nil?}} :
-            {:controller => 'projects', :action => 'settings', :id => @project}
-          )
+          redirect_to :controller => 'projects', :action => 'settings', :id => @project
        }
        format.api  { render :action => 'show', :status => :created, :location => url_for(:controller => 'projects', :action => 'show', :id => @project.id) }
      end
@@ -104,12 +96,12 @@ class ProjectsController < ApplicationController
        format.api  { render_validation_errors(@project) }
      end
    end
-
+    
  end
-
+  
  def copy
    @issue_custom_fields = IssueCustomField.find(:all, :order => "#{CustomField.table_name}.position")
-    @trackers = Tracker.sorted.all
+    @trackers = Tracker.all
    @root_projects = Project.find(:all,
                                  :conditions => "parent_id IS NULL AND status = #{Project::STATUS_ACTIVE}",
                                  :order => 'name')
@@ -120,7 +112,7 @@ class ProjectsController < ApplicationController
        @project.identifier = Project.next_identifier if Setting.sequential_project_identifiers?
      else
        redirect_to :controller => 'admin', :action => 'projects'
-      end
+      end  
    else
      Mailer.with_deliveries(params[:notifications] == '1') do
        @project = Project.new
@@ -148,23 +140,28 @@ class ProjectsController < ApplicationController
      # try to redirect to the requested menu item
      redirect_to_project_menu_item(@project, params[:jump]) && return
    end
-
+    
    @users_by_role = @project.users_by_role
-    @subprojects = @project.children.visible.all
+    @subprojects = @project.children.visible
    @news = @project.news.find(:all, :limit => 5, :include => [ :author, :project ], :order => "#{News.table_name}.created_on DESC")
    @trackers = @project.rolled_up_trackers
-
+    
    cond = @project.project_condition(Setting.display_subprojects_issues?)
-
-    @open_issues_by_tracker = Issue.visible.open.where(cond).count(:group => :tracker)
-    @total_issues_by_tracker = Issue.visible.where(cond).count(:group => :tracker)
-
-    if User.current.allowed_to?(:view_time_entries, @project)
-      @total_hours = TimeEntry.visible.sum(:hours, :include => :project, :conditions => cond).to_f
+    
+    @open_issues_by_tracker = Issue.visible.count(:group => :tracker,
+                                            :include => [:project, :status, :tracker],
+                                            :conditions => ["(#{cond}) AND #{IssueStatus.table_name}.is_closed=?", false])
+    @total_issues_by_tracker = Issue.visible.count(:group => :tracker,
+                                            :include => [:project, :status, :tracker],
+                                            :conditions => cond)
+    
+    TimeEntry.visible_by(User.current) do
+      @total_hours = TimeEntry.sum(:hours, 
+                                   :include => :project,
+                                   :conditions => cond).to_f
    end
-
    @key = User.current.rss_key
-
+    
    respond_to do |format|
      format.html
      format.api
@@ -175,27 +172,30 @@ class ProjectsController < ApplicationController
    @issue_custom_fields = IssueCustomField.find(:all, :order => "#{CustomField.table_name}.position")
    @issue_category ||= IssueCategory.new
    @member ||= @project.members.new
-    @trackers = Tracker.sorted.all
+    @trackers = Tracker.all
+    @repository ||= @project.repository
    @wiki ||= @project.wiki
  end
-
+  
  def edit
  end

+  # TODO: convert to PUT only
+  verify :method => [:post, :put], :only => :update, :render => {:nothing => true, :status => :method_not_allowed }
  def update
    @project.safe_attributes = params[:project]
    if validate_parent_id && @project.save
      @project.set_allowed_parent!(params[:project]['parent_id']) if params[:project].has_key?('parent_id')
      respond_to do |format|
-        format.html {
+        format.html { 
          flash[:notice] = l(:notice_successful_update)
          redirect_to :action => 'settings', :id => @project
        }
-        format.api  { render_api_ok }
+        format.api  { head :ok }
      end
    else
      respond_to do |format|
-        format.html {
+        format.html { 
          settings
          render :action => 'settings'
        }
@@ -204,6 +204,7 @@ class ProjectsController < ApplicationController
    end
  end

+  verify :method => :post, :only => :modules, :render => {:nothing => true, :status => :method_not_allowed }
  def modules
    @project.enabled_module_names = params[:enabled_module_names]
    flash[:notice] = l(:notice_successful_update)
@@ -218,37 +219,38 @@ class ProjectsController < ApplicationController
    end
    redirect_to(url_for(:controller => 'admin', :action => 'projects', :status => params[:status]))
  end
-
+  
  def unarchive
    @project.unarchive if request.post? && !@project.active?
    redirect_to(url_for(:controller => 'admin', :action => 'projects', :status => params[:status]))
  end
-
-  def close
-    @project.close
-    redirect_to project_path(@project)
-  end
-
-  def reopen
-    @project.reopen
-    redirect_to project_path(@project)
-  end
-
+  
  # Delete @project
  def destroy
    @project_to_destroy = @project
-    if api_request? || params[:confirm]
-      @project_to_destroy.destroy
-      respond_to do |format|
-        format.html { redirect_to :controller => 'admin', :action => 'projects' }
-        format.api  { render_api_ok }
+    if request.get?
+      # display confirmation view
+    else
+      if api_request? || params[:confirm]
+        @project_to_destroy.destroy
+        respond_to do |format|
+          format.html { redirect_to :controller => 'admin', :action => 'projects' }
+          format.api  { head :ok }
+        end
      end
    end
    # hide project in layout
    @project = nil
  end

-  private
+private
+  def find_optional_project
+    return true unless params[:id]
+    @project = Project.find(params[:id])
+    authorize
+  rescue ActiveRecord::RecordNotFound
+    render_404
+  end

  # Validates parent_id param according to user's permissions
  # TODO: move it to Project model in a validation that depends on User.current
--- a/app/controllers/queries_controller.rb
+++ b/app/controllers/queries_controller.rb
@@ -1,94 +1,64 @@
-# Redmine - project management software
-# Copyright (C) 2006-2012  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006-2007  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 class QueriesController < ApplicationController
  menu_item :issues
-  before_filter :find_query, :except => [:new, :create, :index]
-  before_filter :find_optional_project, :only => [:new, :create]
-
-  accept_api_auth :index
-
-  include QueriesHelper
-
-  def index
-    case params[:format]
-    when 'xml', 'json'
-      @offset, @limit = api_offset_and_limit
-    else
-      @limit = per_page_option
-    end
-
-    @query_count = Query.visible.count
-    @query_pages = Paginator.new self, @query_count, @limit, params['page']
-    @queries = Query.visible.all(:limit => @limit, :offset => @offset, :order => "#{Query.table_name}.name")
-
-    respond_to do |format|
-      format.html { render :nothing => true }
-      format.api
-    end
-  end
-
+  before_filter :find_query, :except => :new
+  before_filter :find_optional_project, :only => :new
+  
  def new
-    @query = Query.new
-    @query.user = User.current
-    @query.project = @project
-    @query.is_public = false unless User.current.allowed_to?(:manage_public_queries, @project) || User.current.admin?
-    build_query_from_params
-  end
-
-  def create
    @query = Query.new(params[:query])
-    @query.user = User.current
    @query.project = params[:query_is_for_all] ? nil : @project
+    @query.user = User.current
    @query.is_public = false unless User.current.allowed_to?(:manage_public_queries, @project) || User.current.admin?
-    build_query_from_params
    @query.column_names = nil if params[:default_columns]
-
-    if @query.save
+    
+    @query.add_filters(params[:fields], params[:operators], params[:values]) if params[:fields]
+    @query.group_by ||= params[:group_by]
+    
+    if request.post? && params[:confirm] && @query.save
      flash[:notice] = l(:notice_successful_create)
      redirect_to :controller => 'issues', :action => 'index', :project_id => @project, :query_id => @query
-    else
-      render :action => 'new', :layout => !request.xhr?
+      return
    end
+    render :layout => false if request.xhr?
  end
-
+  
  def edit
-  end
-
-  def update
-    @query.attributes = params[:query]
-    @query.project = nil if params[:query_is_for_all]
-    @query.is_public = false unless User.current.allowed_to?(:manage_public_queries, @project) || User.current.admin?
-    build_query_from_params
-    @query.column_names = nil if params[:default_columns]
-
-    if @query.save
-      flash[:notice] = l(:notice_successful_update)
-      redirect_to :controller => 'issues', :action => 'index', :project_id => @project, :query_id => @query
-    else
-      render :action => 'edit'
+    if request.post?
+      @query.filters = {}
+      @query.add_filters(params[:fields], params[:operators], params[:values]) if params[:fields]
+      @query.attributes = params[:query]
+      @query.project = nil if params[:query_is_for_all]
+      @query.is_public = false unless User.current.allowed_to?(:manage_public_queries, @project) || User.current.admin?
+      @query.column_names = nil if params[:default_columns]
+      
+      if @query.save
+        flash[:notice] = l(:notice_successful_update)
+        redirect_to :controller => 'issues', :action => 'index', :project_id => @project, :query_id => @query
+      end
    end
  end

  def destroy
-    @query.destroy
+    @query.destroy if request.post?
    redirect_to :controller => 'issues', :action => 'index', :project_id => @project, :set_filter => 1
  end
-
+  
 private
  def find_query
    @query = Query.find(params[:id])
@@ -97,7 +67,7 @@ private
  rescue ActiveRecord::RecordNotFound
    render_404
  end
-
+  
  def find_optional_project
    @project = Project.find(params[:project_id]) if params[:project_id]
    render_403 unless User.current.allowed_to?(:save_queries, @project, :global => true)
--- a/app/controllers/reports_controller.rb
+++ b/app/controllers/reports_controller.rb
@@ -1,16 +1,16 @@
-# Redmine - project management software
-# Copyright (C) 2006-2012  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
@@ -22,10 +22,10 @@ class ReportsController < ApplicationController
  def issue_report
    @trackers = @project.trackers
    @versions = @project.shared_versions.sort
-    @priorities = IssuePriority.all.reverse
+    @priorities = IssuePriority.all
    @categories = @project.issue_categories
-    @assignees = (Setting.issue_group_assignment? ? @project.principals : @project.users).sort
-    @authors = @project.users.sort
+    @assignees = @project.members.collect { |m| m.user }.sort
+    @authors = @project.members.collect { |m| m.user }.sort
    @subprojects = @project.descendants.visible

    @issues_by_tracker = Issue.by_tracker(@project)
@@ -37,7 +37,7 @@ class ReportsController < ApplicationController
    @issues_by_subproject = Issue.by_subproject(@project) || []

    render :template => "reports/issue_report"
-  end
+  end  

  def issue_report_details
    case params[:detail]
@@ -53,7 +53,7 @@ class ReportsController < ApplicationController
      @report_title = l(:field_version)
    when "priority"
      @field = "priority_id"
-      @rows = IssuePriority.all.reverse
+      @rows = IssuePriority.all
      @data = Issue.by_priority(@project)
      @report_title = l(:field_priority)
    when "category"
@@ -63,12 +63,12 @@ class ReportsController < ApplicationController
      @report_title = l(:field_category)
    when "assigned_to"
      @field = "assigned_to_id"
-      @rows = (Setting.issue_group_assignment? ? @project.principals : @project.users).sort
+      @rows = @project.members.collect { |m| m.user }.sort
      @data = Issue.by_assigned_to(@project)
      @report_title = l(:field_assigned_to)
    when "author"
      @field = "author_id"
-      @rows = @project.users.sort
+      @rows = @project.members.collect { |m| m.user }.sort
      @data = Issue.by_author(@project)
      @report_title = l(:field_author)
    when "subproject"
--- a/app/controllers/repositories_controller.rb
+++ b/app/controllers/repositories_controller.rb
@@ -1,16 +1,16 @@
 # Redmine - project management software
-# Copyright (C) 2006-2012  Jean-Philippe Lang
+# Copyright (C) 2006-2009  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
@@ -18,78 +18,41 @@
 require 'SVG/Graph/Bar'
 require 'SVG/Graph/BarHorizontal'
 require 'digest/sha1'
-require 'redmine/scm/adapters/abstract_adapter'

 class ChangesetNotFound < Exception; end
 class InvalidRevisionParam < Exception; end

 class RepositoriesController < ApplicationController
  menu_item :repository
-  menu_item :settings, :only => [:new, :create, :edit, :update, :destroy, :committers]
+  menu_item :settings, :only => :edit
  default_search_scope :changesets
-
-  before_filter :find_project_by_project_id, :only => [:new, :create]
-  before_filter :find_repository, :only => [:edit, :update, :destroy, :committers]
-  before_filter :find_project_repository, :except => [:new, :create, :edit, :update, :destroy, :committers]
-  before_filter :find_changeset, :only => [:revision, :add_related_issue, :remove_related_issue]
+  
+  before_filter :find_repository, :except => :edit
+  before_filter :find_project, :only => :edit
  before_filter :authorize
-  accept_rss_auth :revisions
-
+  accept_key_auth :revisions
+  
  rescue_from Redmine::Scm::Adapters::CommandFailed, :with => :show_error_command_failed
-
-  def new
-    scm = params[:repository_scm] || (Redmine::Scm::Base.all & Setting.enabled_scm).first
-    @repository = Repository.factory(scm)
-    @repository.is_default = @project.repository.nil?
-    @repository.project = @project
-  end
-
-  def create
-    attrs = pickup_extra_info
-    @repository = Repository.factory(params[:repository_scm])
-    @repository.safe_attributes = params[:repository]
-    if attrs[:attrs_extra].keys.any?
-      @repository.merge_extra_info(attrs[:attrs_extra])
-    end
-    @repository.project = @project
-    if request.post? && @repository.save
-      redirect_to settings_project_path(@project, :tab => 'repositories')
-    else
-      render :action => 'new'
-    end
-  end
-
+  
  def edit
-  end
-
-  def update
-    attrs = pickup_extra_info
-    @repository.safe_attributes = attrs[:attrs]
-    if attrs[:attrs_extra].keys.any?
-      @repository.merge_extra_info(attrs[:attrs_extra])
+    @repository = @project.repository
+    if !@repository
+      @repository = Repository.factory(params[:repository_scm])
+      @repository.project = @project if @repository
    end
-    @repository.project = @project
-    if request.put? && @repository.save
-      redirect_to settings_project_path(@project, :tab => 'repositories')
-    else
-      render :action => 'edit'
+    if request.post? && @repository
+      @repository.attributes = params[:repository]
+      @repository.save
    end
-  end
-
-  def pickup_extra_info
-    p       = {}
-    p_extra = {}
-    params[:repository].each do |k, v|
-      if k =~ /^extra_/
-        p_extra[k] = v
-      else
-        p[k] = v
+    render(:update) do |page|
+      page.replace_html "tab-content-repository", :partial => 'projects/settings/repository'
+      if @repository && !@project.repository
+        @project.reload #needed to reload association
+        page.replace_html "main-menu", render_main_menu(@project)
      end
    end
-    {:attrs => p, :attrs_extra => p_extra}
  end
-  private :pickup_extra_info
-
+  
  def committers
    @committers = @repository.committers
    @users = @project.users
@@ -101,66 +64,55 @@ class RepositoriesController < ApplicationController
      # Build a hash with repository usernames as keys and corresponding user ids as values
      @repository.committer_ids = params[:committers].values.inject({}) {|h, c| h[c.first] = c.last; h}
      flash[:notice] = l(:notice_successful_update)
-      redirect_to settings_project_path(@project, :tab => 'repositories')
+      redirect_to :action => 'committers', :id => @project
    end
  end
-
+  
  def destroy
-    @repository.destroy if request.delete?
-    redirect_to settings_project_path(@project, :tab => 'repositories')
+    @repository.destroy
+    redirect_to :controller => 'projects', :action => 'settings', :id => @project, :tab => 'repository'
  end
-
-  def show
+  
+  def show 
    @repository.fetch_changesets if Setting.autofetch_changesets? && @path.empty?

    @entries = @repository.entries(@path, @rev)
-    @changeset = @repository.find_changeset_by_name(@rev)
    if request.xhr?
      @entries ? render(:partial => 'dir_list_content') : render(:nothing => true)
    else
      (show_error_not_found; return) unless @entries
      @changesets = @repository.latest_changesets(@path, @rev)
      @properties = @repository.properties(@path, @rev)
-      @repositories = @project.repositories
      render :action => 'show'
    end
  end

  alias_method :browse, :show
-
+  
  def changes
    @entry = @repository.entry(@path, @rev)
    (show_error_not_found; return) unless @entry
    @changesets = @repository.latest_changesets(@path, @rev, Setting.repository_log_display_limit.to_i)
    @properties = @repository.properties(@path, @rev)
-    @changeset = @repository.find_changeset_by_name(@rev)
  end
-
+  
  def revisions
    @changeset_count = @repository.changesets.count
    @changeset_pages = Paginator.new self, @changeset_count,
-                                     per_page_option,
-                                     params['page']
+								      per_page_option,
+								      params['page']								
    @changesets = @repository.changesets.find(:all,
-                       :limit  =>  @changeset_pages.items_per_page,
-                       :offset =>  @changeset_pages.current.offset,
-                       :include => [:user, :repository, :parents])
+						:limit  =>  @changeset_pages.items_per_page,
+						:offset =>  @changeset_pages.current.offset,
+            :include => [:user, :repository])

    respond_to do |format|
      format.html { render :layout => false if request.xhr? }
      format.atom { render_feed(@changesets, :title => "#{@project.name}: #{l(:label_revision_plural)}") }
    end
  end
-
-  def raw
-    entry_and_raw(true)
-  end
-
+  
  def entry
-    entry_and_raw(false)
-  end
-
-  def entry_and_raw(is_raw)
    @entry = @repository.entry(@path, @rev)
    (show_error_not_found; return) unless @entry

@@ -169,84 +121,36 @@ class RepositoriesController < ApplicationController

    @content = @repository.cat(@path, @rev)
    (show_error_not_found; return) unless @content
-    if is_raw ||
-         (@content.size && @content.size > Setting.file_max_size_displayed.to_i.kilobyte) ||
-         ! is_entry_text_data?(@content, @path)
+    if 'raw' == params[:format] || @content.is_binary_data? || (@entry.size && @entry.size > Setting.file_max_size_displayed.to_i.kilobyte)
      # Force the download
-      send_opt = { :filename => filename_for_content_disposition(@path.split('/').last) }
-      send_type = Redmine::MimeType.of(@path)
-      send_opt[:type] = send_type.to_s if send_type
-      send_opt[:disposition] = (Redmine::MimeType.is_type?('image', @path) && !is_raw ? 'inline' : 'attachment')
-      send_data @content, send_opt
+      send_data @content, :filename => filename_for_content_disposition(@path.split('/').last)
    else
      # Prevent empty lines when displaying a file with Windows style eol
-      # TODO: UTF-16
-      # Is this needs? AttachmentsController reads file simply.
      @content.gsub!("\r\n", "\n")
-      @changeset = @repository.find_changeset_by_name(@rev)
-    end
+   end
  end
-  private :entry_and_raw
-
-  def is_entry_text_data?(ent, path)
-    # UTF-16 contains "\x00".
-    # It is very strict that file contains less than 30% of ascii symbols
-    # in non Western Europe.
-    return true if Redmine::MimeType.is_type?('text', path)
-    # Ruby 1.8.6 has a bug of integer divisions.
-    # http://apidock.com/ruby/v1_8_6_287/String/is_binary_data%3F
-    return false if ent.is_binary_data?
-    true
-  end
-  private :is_entry_text_data?
-
+  
  def annotate
    @entry = @repository.entry(@path, @rev)
    (show_error_not_found; return) unless @entry
-
+    
    @annotate = @repository.scm.annotate(@path, @rev)
-    if @annotate.nil? || @annotate.empty?
-      (render_error l(:error_scm_annotate); return)
-    end
-    ann_buf_size = 0
-    @annotate.lines.each do |buf|
-      ann_buf_size += buf.size
-    end
-    if ann_buf_size > Setting.file_max_size_displayed.to_i.kilobyte
-      (render_error l(:error_scm_annotate_big_text_file); return)
-    end
-    @changeset = @repository.find_changeset_by_name(@rev)
+    (render_error l(:error_scm_annotate); return) if @annotate.nil? || @annotate.empty?
  end
-
+  
  def revision
+    raise ChangesetNotFound if @rev.nil? || @rev.empty?
+    @changeset = @repository.find_changeset_by_name(@rev)
+    raise ChangesetNotFound unless @changeset
+
    respond_to do |format|
      format.html
      format.js {render :layout => false}
    end
+  rescue ChangesetNotFound
+    show_error_not_found
  end
-
-  # Adds a related issue to a changeset
-  # POST /projects/:project_id/repository/(:repository_id/)revisions/:rev/issues
-  def add_related_issue
-    @issue = @changeset.find_referenced_issue_by_id(params[:issue_id])
-    if @issue && (!@issue.visible? || @changeset.issues.include?(@issue))
-      @issue = nil
-    end
-
-    if @issue
-      @changeset.issues << @issue
-    end
-  end
-
-  # Removes a related issue from a changeset
-  # DELETE /projects/:project_id/repository/(:repository_id/)revisions/:rev/issues/:issue_id
-  def remove_related_issue
-    @issue = Issue.visible.find_by_id(params[:issue_id])
-    if @issue 
-      @changeset.issues.delete(@issue)
-    end
-  end
-
+  
  def diff
    if params[:format] == 'diff'
      @diff = @repository.diff(@path, @rev, @rev_to)
@@ -259,14 +163,14 @@ class RepositoriesController < ApplicationController
    else
      @diff_type = params[:type] || User.current.pref[:diff_type] || 'inline'
      @diff_type = 'inline' unless %w(inline sbs).include?(@diff_type)
-
+      
      # Save diff type as user preference
      if User.current.logged? && @diff_type != User.current.pref[:diff_type]
        User.current.pref[:diff_type] = @diff_type
        User.current.preference.save
      end
-      @cache_key = "repositories/diff/#{@repository.id}/" +
-                      Digest::MD5.hexdigest("#{@path}-#{@rev}-#{@rev_to}-#{@diff_type}-#{current_language}")
+      
+      @cache_key = "repositories/diff/#{@repository.id}/" + Digest::MD5.hexdigest("#{@path}-#{@rev}-#{@rev_to}-#{@diff_type}")    
      unless read_fragment(@cache_key)
        @diff = @repository.diff(@path, @rev, @rev_to)
        show_error_not_found unless @diff
@@ -274,15 +178,14 @@ class RepositoriesController < ApplicationController

      @changeset = @repository.find_changeset_by_name(@rev)
      @changeset_to = @rev_to ? @repository.find_changeset_by_name(@rev_to) : nil
-      @diff_format_revisions = @repository.diff_format_revisions(@changeset, @changeset_to)
    end
  end
-
-  def stats
+  
+  def stats  
  end
-
+  
  def graph
-    data = nil
+    data = nil    
    case params[:graph]
    when "commits_per_month"
      data = graph_commits_per_month(@repository)
@@ -296,30 +199,20 @@ class RepositoriesController < ApplicationController
      render_404
    end
  end
-
+  
  private

-  def find_repository
-    @repository = Repository.find(params[:id])
-    @project = @repository.project
-  rescue ActiveRecord::RecordNotFound
-    render_404
-  end
-
  REV_PARAM_RE = %r{\A[a-f0-9]*\Z}i

-  def find_project_repository
+  def find_repository
    @project = Project.find(params[:id])
-    if params[:repository_id].present?
-      @repository = @project.repositories.find_by_identifier_param(params[:repository_id])
-    else
-      @repository = @project.repository
-    end
+    @repository = @project.repository
    (render_404; return false) unless @repository
-    @path = params[:path].is_a?(Array) ? params[:path].join('/') : params[:path].to_s
-    @rev = params[:rev].blank? ? @repository.default_branch : params[:rev].to_s.strip
+    @path = params[:path].join('/') unless params[:path].nil?
+    @path ||= ''
+    @rev = params[:rev].blank? ? @repository.default_branch : params[:rev].strip
    @rev_to = params[:rev_to]
-
+    
    unless @rev.to_s.match(REV_PARAM_RE) && @rev_to.to_s.match(REV_PARAM_RE)
      if @repository.branches.blank?
        raise InvalidRevisionParam
@@ -331,41 +224,30 @@ class RepositoriesController < ApplicationController
    show_error_not_found
  end

-  def find_changeset
-    if @rev.present?
-      @changeset = @repository.find_changeset_by_name(@rev)
-    end
-    show_error_not_found unless @changeset
-  end
-
  def show_error_not_found
    render_error :message => l(:error_scm_not_found), :status => 404
  end
-
+  
  # Handler for Redmine::Scm::Adapters::CommandFailed exception
  def show_error_command_failed(exception)
    render_error l(:error_scm_command_failed, exception.message)
  end
-
+  
  def graph_commits_per_month(repository)
    @date_to = Date.today
    @date_from = @date_to << 11
    @date_from = Date.civil(@date_from.year, @date_from.month, 1)
-    commits_by_day = Changeset.count(
-                          :all, :group => :commit_date,
-                          :conditions => ["repository_id = ? AND commit_date BETWEEN ? AND ?", repository.id, @date_from, @date_to])
+    commits_by_day = repository.changesets.count(:all, :group => :commit_date, :conditions => ["commit_date BETWEEN ? AND ?", @date_from, @date_to])
    commits_by_month = [0] * 12
-    commits_by_day.each {|c| commits_by_month[(@date_to.month - c.first.to_date.month) % 12] += c.last }
+    commits_by_day.each {|c| commits_by_month[c.first.to_date.months_ago] += c.last }

-    changes_by_day = Change.count(
-                          :all, :group => :commit_date, :include => :changeset,
-                          :conditions => ["#{Changeset.table_name}.repository_id = ? AND #{Changeset.table_name}.commit_date BETWEEN ? AND ?", repository.id, @date_from, @date_to])
+    changes_by_day = repository.changes.count(:all, :group => :commit_date, :conditions => ["commit_date BETWEEN ? AND ?", @date_from, @date_to])
    changes_by_month = [0] * 12
-    changes_by_day.each {|c| changes_by_month[(@date_to.month - c.first.to_date.month) % 12] += c.last }
-
+    changes_by_day.each {|c| changes_by_month[c.first.to_date.months_ago] += c.last }
+   
    fields = []
    12.times {|m| fields << month_name(((Date.today.month - 1 - m) % 12) + 1)}
-
+  
    graph = SVG::Graph::Bar.new(
      :height => 300,
      :width => 800,
@@ -377,7 +259,7 @@ class RepositoriesController < ApplicationController
      :graph_title => l(:label_commits_per_month),
      :show_graph_title => true
    )
-
+    
    graph.add_data(
      :data => commits_by_month[0..11].reverse,
      :title => l(:label_revision_plural)
@@ -387,28 +269,28 @@ class RepositoriesController < ApplicationController
      :data => changes_by_month[0..11].reverse,
      :title => l(:label_change_plural)
    )
-
+    
    graph.burn
  end

  def graph_commits_per_author(repository)
-    commits_by_author = Changeset.count(:all, :group => :committer, :conditions => ["repository_id = ?", repository.id])
+    commits_by_author = repository.changesets.count(:all, :group => :committer)
    commits_by_author.to_a.sort! {|x, y| x.last <=> y.last}

-    changes_by_author = Change.count(:all, :group => :committer, :include => :changeset, :conditions => ["#{Changeset.table_name}.repository_id = ?", repository.id])
+    changes_by_author = repository.changes.count(:all, :group => :committer)
    h = changes_by_author.inject({}) {|o, i| o[i.first] = i.last; o}
-
+    
    fields = commits_by_author.collect {|r| r.first}
    commits_data = commits_by_author.collect {|r| r.last}
    changes_data = commits_by_author.collect {|r| h[r.first] || 0}
-
+    
    fields = fields + [""]*(10 - fields.length) if fields.length<10
    commits_data = commits_data + [0]*(10 - commits_data.length) if commits_data.length<10
    changes_data = changes_data + [0]*(10 - changes_data.length) if changes_data.length<10
-
+    
    # Remove email adress in usernames
    fields = fields.collect {|c| c.gsub(%r{<.+@.+>}, '') }
-
+    
    graph = SVG::Graph::BarHorizontal.new(
      :height => 400,
      :width => 800,
@@ -420,14 +302,34 @@ class RepositoriesController < ApplicationController
      :graph_title => l(:label_commits_per_author),
      :show_graph_title => true
    )
+    
    graph.add_data(
      :data => commits_data,
      :title => l(:label_revision_plural)
    )
+
    graph.add_data(
      :data => changes_data,
      :title => l(:label_change_plural)
    )
+       
    graph.burn
  end
+
+end
+  
+class Date
+  def months_ago(date = Date.today)
+    (date.year - self.year)*12 + (date.month - self.month)
+  end
+
+  def weeks_ago(date = Date.today)
+    (date.year - self.year)*52 + (date.cweek - self.cweek)
+  end
+end
+
+class String
+  def with_leading_slash
+    starts_with?('/') ? self : "/#{self}"
+  end
 end
--- a/app/controllers/roles_controller.rb
+++ b/app/controllers/roles_controller.rb
@@ -1,86 +1,68 @@
-# Redmine - project management software
-# Copyright (C) 2006-2012  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 class RolesController < ApplicationController
  layout 'admin'
+  
+  before_filter :require_admin

-  before_filter :require_admin, :except => :index
-  before_filter :require_admin_or_api_request, :only => :index
-  before_filter :find_role, :only => [:edit, :update, :destroy]
-  accept_api_auth :index
+  verify :method => :post, :only => [ :destroy, :move ],
+         :redirect_to => { :action => :index }

  def index
-    respond_to do |format|
-      format.html {
-        @role_pages, @roles = paginate :roles, :per_page => 25, :order => 'builtin, position'
-        render :action => "index", :layout => false if request.xhr?
-      }
-      format.api {
-        @roles = Role.givable.all
-      }
-    end
+    @role_pages, @roles = paginate :roles, :per_page => 25, :order => 'builtin, position'
+    render :action => "index", :layout => false if request.xhr?
  end

  def new
-    # Prefills the form with 'Non member' role permissions by default
+    # Prefills the form with 'Non member' role permissions
    @role = Role.new(params[:role] || {:permissions => Role.non_member.permissions})
-    if params[:copy].present? && @copy_from = Role.find_by_id(params[:copy])
-      @role.copy_from(@copy_from)
-    end
-    @roles = Role.sorted.all
-  end
-
-  def create
-    @role = Role.new(params[:role])
    if request.post? && @role.save
      # workflow copy
      if !params[:copy_workflow_from].blank? && (copy_from = Role.find_by_id(params[:copy_workflow_from]))
-        @role.workflow_rules.copy(copy_from)
+        @role.workflows.copy(copy_from)
      end
      flash[:notice] = l(:notice_successful_create)
      redirect_to :action => 'index'
-    else
-      @roles = Role.sorted.all
-      render :action => 'new'
    end
+    @permissions = @role.setable_permissions
+    @roles = Role.find :all, :order => 'builtin, position'
  end

  def edit
-  end
-
-  def update
-    if request.put? and @role.update_attributes(params[:role])
+    @role = Role.find(params[:id])
+    if request.post? and @role.update_attributes(params[:role])
      flash[:notice] = l(:notice_successful_update)
      redirect_to :action => 'index'
-    else
-      render :action => 'edit'
    end
+    @permissions = @role.setable_permissions
  end

  def destroy
+    @role = Role.find(params[:id])
    @role.destroy
    redirect_to :action => 'index'
  rescue
    flash[:error] =  l(:error_can_not_remove_role)
    redirect_to :action => 'index'
  end
-
-  def permissions
-    @roles = Role.sorted.all
+  
+  def report    
+    @roles = Role.find(:all, :order => 'builtin, position')
    @permissions = Redmine::AccessControl.permissions.select { |p| !p.public? }
    if request.post?
      @roles.each do |role|
@@ -91,12 +73,4 @@ class RolesController < ApplicationController
      redirect_to :action => 'index'
    end
  end
-
-  private
-
-  def find_role
-    @role = Role.find(params[:id])
-  rescue ActiveRecord::RecordNotFound
-    render_404
-  end
 end
--- a/app/controllers/search_controller.rb
+++ b/app/controllers/search_controller.rb
@@ -1,16 +1,16 @@
-# Redmine - project management software
-# Copyright (C) 2006-2012  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
@@ -24,9 +24,9 @@ class SearchController < ApplicationController
  def index
    @question = params[:q] || ""
    @question.strip!
-    @all_words = params[:all_words] ? params[:all_words].present? : true
-    @titles_only = params[:titles_only] ? params[:titles_only].present? : false
-
+    @all_words = params[:all_words] || (params[:submit] ? false : true)
+    @titles_only = !params[:titles_only].nil?
+    
    projects_to_search =
      case params[:scope]
      when 'all'
@@ -34,20 +34,20 @@ class SearchController < ApplicationController
      when 'my_projects'
        User.current.memberships.collect(&:project)
      when 'subprojects'
-        @project ? (@project.self_and_descendants.active.all) : nil
+        @project ? (@project.self_and_descendants.active) : nil
      else
        @project
      end
-
+          
    offset = nil
    begin; offset = params[:offset].to_time if params[:offset]; rescue; end
-
+    
    # quick jump to an issue
    if @question.match(/^#?(\d+)$/) && Issue.visible.find_by_id($1.to_i)
      redirect_to :controller => "issues", :action => "show", :id => $1
      return
    end
-
+    
    @object_types = Redmine::Search.available_search_types.dup
    if projects_to_search.is_a? Project
      # don't search projects
@@ -55,23 +55,23 @@ class SearchController < ApplicationController
      # only show what the user is allowed to view
      @object_types = @object_types.select {|o| User.current.allowed_to?("view_#{o}".to_sym, projects_to_search)}
    end
-
+      
    @scope = @object_types.select {|t| params[t]}
    @scope = @object_types if @scope.empty?
-
+    
    # extract tokens from the question
    # eg. hello "bye bye" => ["hello", "bye bye"]
    @tokens = @question.scan(%r{((\s|^)"[\s\w]+"(\s|$)|\S+)}).collect {|m| m.first.gsub(%r{(^\s*"\s*|\s*"\s*$)}, '')}
    # tokens must be at least 2 characters long
    @tokens = @tokens.uniq.select {|w| w.length > 1 }
-
+    
    if !@tokens.empty?
      # no more than 5 tokens to search for
-      @tokens.slice! 5..-1 if @tokens.size > 5
-
+      @tokens.slice! 5..-1 if @tokens.size > 5  
+      
      @results = []
      @results_by_type = Hash.new {|h,k| h[k] = 0}
-
+      
      limit = 10
      @scope.each do |s|
        r, c = s.singularize.camelcase.constantize.search(@tokens, projects_to_search,
@@ -87,13 +87,13 @@ class SearchController < ApplicationController
      if params[:previous].nil?
        @pagination_previous_date = @results[0].event_datetime if offset && @results[0]
        if @results.size > limit
-          @pagination_next_date = @results[limit-1].event_datetime
+          @pagination_next_date = @results[limit-1].event_datetime 
          @results = @results[0, limit]
        end
      else
        @pagination_next_date = @results[-1].event_datetime if offset && @results[-1]
        if @results.size > limit
-          @pagination_previous_date = @results[-(limit)].event_datetime
+          @pagination_previous_date = @results[-(limit)].event_datetime 
          @results = @results[-(limit), limit]
        end
      end
@@ -103,7 +103,7 @@ class SearchController < ApplicationController
    render :layout => false if request.xhr?
  end

-private
+private  
  def find_optional_project
    return true unless params[:id]
    @project = Project.find(params[:id])
--- a/app/controllers/settings_controller.rb
+++ b/app/controllers/settings_controller.rb
@@ -1,5 +1,5 @@
-# Redmine - project management software
-# Copyright (C) 2006-2012  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006-2007  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
@@ -17,8 +17,7 @@

 class SettingsController < ApplicationController
  layout 'admin'
-  menu_item :plugins, :only => :plugin
-
+  
  before_filter :require_admin

  def index
@@ -37,28 +36,27 @@ class SettingsController < ApplicationController
      end
      flash[:notice] = l(:notice_successful_update)
      redirect_to :action => 'edit', :tab => params[:tab]
-    else
-      @options = {}
-      @options[:user_format] = User::USER_FORMATS.keys.collect {|f| [User.current.name(f), f.to_s] }
-      @deliveries = ActionMailer::Base.perform_deliveries
-
-      @guessed_host_and_path = request.host_with_port.dup
-      @guessed_host_and_path << ('/'+ Redmine::Utils.relative_url_root.gsub(%r{^\/}, '')) unless Redmine::Utils.relative_url_root.blank?
-
-      Redmine::Themes.rescan
+      return
    end
+    @options = {}
+    @options[:user_format] = User::USER_FORMATS.keys.collect {|f| [User.current.name(f), f.to_s] }
+    @deliveries = ActionMailer::Base.perform_deliveries
+
+    @guessed_host_and_path = request.host_with_port.dup
+    @guessed_host_and_path << ('/'+ Redmine::Utils.relative_url_root.gsub(%r{^\/}, '')) unless Redmine::Utils.relative_url_root.blank?
+    
+    Redmine::Themes.rescan
  end

  def plugin
    @plugin = Redmine::Plugin.find(params[:id])
    if request.post?
-      Setting.send "plugin_#{@plugin.id}=", params[:settings]
+      Setting["plugin_#{@plugin.id}"] = params[:settings]
      flash[:notice] = l(:notice_successful_update)
      redirect_to :action => 'plugin', :id => @plugin.id
-    else
-      @partial = @plugin.settings[:partial]
-      @settings = Setting.send "plugin_#{@plugin.id}"
    end
+    @partial = @plugin.settings[:partial]
+    @settings = Setting["plugin_#{@plugin.id}"]
  rescue Redmine::PluginNotFound
    render_404
  end
--- a/app/controllers/sys_controller.rb
+++ b/app/controllers/sys_controller.rb
@@ -1,70 +1,53 @@
 # Redmine - project management software
-# Copyright (C) 2006-2012  Jean-Philippe Lang
+# Copyright (C) 2006-2009  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 class SysController < ActionController::Base
  before_filter :check_enabled
-
+  
  def projects
-    p = Project.active.has_module(:repository).find(
-                   :all,
-                   :include => :repository,
-                   :order => "#{Project.table_name}.identifier"
-                 )
-    # extra_info attribute from repository breaks activeresource client
-    render :xml => p.to_xml(
-                       :only => [:id, :identifier, :name, :is_public, :status],
-                       :include => {:repository => {:only => [:id, :url]}}
-                     )
+    p = Project.active.has_module(:repository).find(:all, :include => :repository, :order => 'identifier')
+    render :xml => p.to_xml(:include => :repository)
  end
-
+  
  def create_project_repository
    project = Project.find(params[:id])
    if project.repository
      render :nothing => true, :status => 409
    else
      logger.info "Repository for #{project.name} was reported to be created by #{request.remote_ip}."
-      repository = Repository.factory(params[:vendor], params[:repository])
-      repository.project = project
-      if repository.save
-        render :xml => {repository.class.name.underscore.gsub('/', '-') => {:id => repository.id, :url => repository.url}}, :status => 201
+      project.repository = Repository.factory(params[:vendor], params[:repository])
+      if project.repository && project.repository.save
+        render :xml => project.repository, :status => 201
      else
        render :nothing => true, :status => 422
      end
    end
  end
-
+  
  def fetch_changesets
    projects = []
-    scope = Project.active.has_module(:repository)
    if params[:id]
-      project = nil
-      if params[:id].to_s =~ /^\d*$/
-        project = scope.find(params[:id])
-      else
-        project = scope.find_by_identifier(params[:id])
-      end
-      raise ActiveRecord::RecordNotFound unless project
-      projects << project
+      projects << Project.active.has_module(:repository).find(params[:id])
    else
-      projects = scope.all
+      projects = Project.active.has_module(:repository).find(:all, :include => :repository)
    end
    projects.each do |project|
-      project.repositories.each do |repository|
-        repository.fetch_changesets
+      if project.repository
+        project.repository.fetch_changesets
      end
    end
    render :nothing => true, :status => 200
--- a/app/controllers/time_entry_reports_controller.rb
+++ b/app/controllers/time_entry_reports_controller.rb
@@ -0,0 +1,209 @@
+class TimeEntryReportsController < ApplicationController
+  menu_item :issues
+  before_filter :find_optional_project
+  before_filter :load_available_criterias
+
+  helper :sort
+  include SortHelper
+  helper :issues
+  helper :timelog
+  include TimelogHelper
+  helper :custom_fields
+  include CustomFieldsHelper
+
+  def report
+    @criterias = params[:criterias] || []
+    @criterias = @criterias.select{|criteria| @available_criterias.has_key? criteria}
+    @criterias.uniq!
+    @criterias = @criterias[0,3]
+    
+    @columns = (params[:columns] && %w(year month week day).include?(params[:columns])) ? params[:columns] : 'month'
+    
+    retrieve_date_range
+    
+    unless @criterias.empty?
+      sql_select = @criterias.collect{|criteria| @available_criterias[criteria][:sql] + " AS " + criteria}.join(', ')
+      sql_group_by = @criterias.collect{|criteria| @available_criterias[criteria][:sql]}.join(', ')
+      sql_condition = ''
+      
+      if @project.nil?
+        sql_condition = Project.allowed_to_condition(User.current, :view_time_entries)
+      elsif @issue.nil?
+        sql_condition = @project.project_condition(Setting.display_subprojects_issues?)
+      else
+        sql_condition = "#{Issue.table_name}.root_id = #{@issue.root_id} AND #{Issue.table_name}.lft >= #{@issue.lft} AND #{Issue.table_name}.rgt <= #{@issue.rgt}"
+      end
+
+      sql = "SELECT #{sql_select}, tyear, tmonth, tweek, spent_on, SUM(hours) AS hours"
+      sql << " FROM #{TimeEntry.table_name}"
+      sql << time_report_joins
+      sql << " WHERE"
+      sql << " (%s) AND" % sql_condition
+      sql << " (spent_on BETWEEN '%s' AND '%s')" % [ActiveRecord::Base.connection.quoted_date(@from), ActiveRecord::Base.connection.quoted_date(@to)]
+      sql << " GROUP BY #{sql_group_by}, tyear, tmonth, tweek, spent_on"
+      
+      @hours = ActiveRecord::Base.connection.select_all(sql)
+      
+      @hours.each do |row|
+        case @columns
+        when 'year'
+          row['year'] = row['tyear']
+        when 'month'
+          row['month'] = "#{row['tyear']}-#{row['tmonth']}"
+        when 'week'
+          row['week'] = "#{row['tyear']}-#{row['tweek']}"
+        when 'day'
+          row['day'] = "#{row['spent_on']}"
+        end
+      end
+      
+      @total_hours = @hours.inject(0) {|s,k| s = s + k['hours'].to_f}
+      
+      @periods = []
+      # Date#at_beginning_of_ not supported in Rails 1.2.x
+      date_from = @from.to_time
+      # 100 columns max
+      while date_from <= @to.to_time && @periods.length < 100
+        case @columns
+        when 'year'
+          @periods << "#{date_from.year}"
+          date_from = (date_from + 1.year).at_beginning_of_year
+        when 'month'
+          @periods << "#{date_from.year}-#{date_from.month}"
+          date_from = (date_from + 1.month).at_beginning_of_month
+        when 'week'
+          @periods << "#{date_from.year}-#{date_from.to_date.cweek}"
+          date_from = (date_from + 7.day).at_beginning_of_week
+        when 'day'
+          @periods << "#{date_from.to_date}"
+          date_from = date_from + 1.day
+        end
+      end
+    end
+    
+    respond_to do |format|
+      format.html { render :layout => !request.xhr? }
+      format.csv  { send_data(report_to_csv(@criterias, @periods, @hours), :type => 'text/csv; header=present', :filename => 'timelog.csv') }
+    end
+  end
+  
+  private
+
+  # TODO: duplicated in TimelogController
+  def find_optional_project
+    if !params[:issue_id].blank?
+      @issue = Issue.find(params[:issue_id])
+      @project = @issue.project
+    elsif !params[:project_id].blank?
+      @project = Project.find(params[:project_id])
+    end
+    deny_access unless User.current.allowed_to?(:view_time_entries, @project, :global => true)
+  end
+
+  # Retrieves the date range based on predefined ranges or specific from/to param dates
+  # TODO: duplicated in TimelogController
+  def retrieve_date_range
+    @free_period = false
+    @from, @to = nil, nil
+
+    if params[:period_type] == '1' || (params[:period_type].nil? && !params[:period].nil?)
+      case params[:period].to_s
+      when 'today'
+        @from = @to = Date.today
+      when 'yesterday'
+        @from = @to = Date.today - 1
+      when 'current_week'
+        @from = Date.today - (Date.today.cwday - 1)%7
+        @to = @from + 6
+      when 'last_week'
+        @from = Date.today - 7 - (Date.today.cwday - 1)%7
+        @to = @from + 6
+      when '7_days'
+        @from = Date.today - 7
+        @to = Date.today
+      when 'current_month'
+        @from = Date.civil(Date.today.year, Date.today.month, 1)
+        @to = (@from >> 1) - 1
+      when 'last_month'
+        @from = Date.civil(Date.today.year, Date.today.month, 1) << 1
+        @to = (@from >> 1) - 1
+      when '30_days'
+        @from = Date.today - 30
+        @to = Date.today
+      when 'current_year'
+        @from = Date.civil(Date.today.year, 1, 1)
+        @to = Date.civil(Date.today.year, 12, 31)
+      end
+    elsif params[:period_type] == '2' || (params[:period_type].nil? && (!params[:from].nil? || !params[:to].nil?))
+      begin; @from = params[:from].to_s.to_date unless params[:from].blank?; rescue; end
+      begin; @to = params[:to].to_s.to_date unless params[:to].blank?; rescue; end
+      @free_period = true
+    else
+      # default
+    end
+    
+    @from, @to = @to, @from if @from && @to && @from > @to
+    @from ||= (TimeEntry.earilest_date_for_project(@project) || Date.today)
+    @to   ||= (TimeEntry.latest_date_for_project(@project) || Date.today)
+  end
+
+  def load_available_criterias
+    @available_criterias = { 'project' => {:sql => "#{TimeEntry.table_name}.project_id",
+                                          :klass => Project,
+                                          :label => :label_project},
+                             'version' => {:sql => "#{Issue.table_name}.fixed_version_id",
+                                          :klass => Version,
+                                          :label => :label_version},
+                             'category' => {:sql => "#{Issue.table_name}.category_id",
+                                            :klass => IssueCategory,
+                                            :label => :field_category},
+                             'member' => {:sql => "#{TimeEntry.table_name}.user_id",
+                                         :klass => User,
+                                         :label => :label_member},
+                             'tracker' => {:sql => "#{Issue.table_name}.tracker_id",
+                                          :klass => Tracker,
+                                          :label => :label_tracker},
+                             'activity' => {:sql => "#{TimeEntry.table_name}.activity_id",
+                                           :klass => TimeEntryActivity,
+                                           :label => :label_activity},
+                             'issue' => {:sql => "#{TimeEntry.table_name}.issue_id",
+                                         :klass => Issue,
+                                         :label => :label_issue}
+                           }
+    
+    # Add list and boolean custom fields as available criterias
+    custom_fields = (@project.nil? ? IssueCustomField.for_all : @project.all_issue_custom_fields)
+    custom_fields.select {|cf| %w(list bool).include? cf.field_format }.each do |cf|
+      @available_criterias["cf_#{cf.id}"] = {:sql => "(SELECT c.value FROM #{CustomValue.table_name} c WHERE c.custom_field_id = #{cf.id} AND c.customized_type = 'Issue' AND c.customized_id = #{Issue.table_name}.id)",
+                                             :format => cf.field_format,
+                                             :label => cf.name}
+    end if @project
+    
+    # Add list and boolean time entry custom fields
+    TimeEntryCustomField.find(:all).select {|cf| %w(list bool).include? cf.field_format }.each do |cf|
+      @available_criterias["cf_#{cf.id}"] = {:sql => "(SELECT c.value FROM #{CustomValue.table_name} c WHERE c.custom_field_id = #{cf.id} AND c.customized_type = 'TimeEntry' AND c.customized_id = #{TimeEntry.table_name}.id)",
+                                             :format => cf.field_format,
+                                             :label => cf.name}
+    end
+
+    # Add list and boolean time entry activity custom fields
+    TimeEntryActivityCustomField.find(:all).select {|cf| %w(list bool).include? cf.field_format }.each do |cf|
+      @available_criterias["cf_#{cf.id}"] = {:sql => "(SELECT c.value FROM #{CustomValue.table_name} c WHERE c.custom_field_id = #{cf.id} AND c.customized_type = 'Enumeration' AND c.customized_id = #{TimeEntry.table_name}.activity_id)",
+                                             :format => cf.field_format,
+                                             :label => cf.name}
+    end
+
+    call_hook(:controller_timelog_available_criterias, { :available_criterias => @available_criterias, :project => @project })
+    @available_criterias
+  end
+
+  def time_report_joins
+    sql = ''
+    sql << " LEFT JOIN #{Issue.table_name} ON #{TimeEntry.table_name}.issue_id = #{Issue.table_name}.id"
+    sql << " LEFT JOIN #{Project.table_name} ON #{TimeEntry.table_name}.project_id = #{Project.table_name}.id"
+    # TODO: rename hook
+    call_hook(:controller_timelog_time_report_joins, {:sql => sql} )
+    sql
+  end
+
+end
--- a/app/controllers/timelog_controller.rb
+++ b/app/controllers/timelog_controller.rb
@@ -1,114 +1,102 @@
 # Redmine - project management software
-# Copyright (C) 2006-2012  Jean-Philippe Lang
+# Copyright (C) 2006-2010  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 class TimelogController < ApplicationController
  menu_item :issues
-
-  before_filter :find_project_for_new_time_entry, :only => [:create]
-  before_filter :find_time_entry, :only => [:show, :edit, :update]
-  before_filter :find_time_entries, :only => [:bulk_edit, :bulk_update, :destroy]
-  before_filter :authorize, :except => [:new, :index, :report]
-
-  before_filter :find_optional_project, :only => [:index, :report]
-  before_filter :find_optional_project_for_new_time_entry, :only => [:new]
-  before_filter :authorize_global, :only => [:new, :index, :report]
-
-  accept_rss_auth :index
-  accept_api_auth :index, :show, :create, :update, :destroy
-
+  before_filter :find_project, :only => [:new, :create]
+  before_filter :find_time_entry, :only => [:show, :edit, :update, :destroy]
+  before_filter :authorize, :except => [:index]
+  before_filter :find_optional_project, :only => [:index]
+  accept_key_auth :index, :show, :create, :update, :destroy
+  
  helper :sort
  include SortHelper
  helper :issues
  include TimelogHelper
  helper :custom_fields
  include CustomFieldsHelper
-
+  
  def index
    sort_init 'spent_on', 'desc'
-    sort_update 'spent_on' => ['spent_on', "#{TimeEntry.table_name}.created_on"],
+    sort_update 'spent_on' => 'spent_on',
                'user' => 'user_id',
                'activity' => 'activity_id',
                'project' => "#{Project.table_name}.name",
                'issue' => 'issue_id',
                'hours' => 'hours'
-
-    retrieve_date_range
-
-    scope = TimeEntry.visible.spent_between(@from, @to)
-    if @issue
-      scope = scope.on_issue(@issue)
-    elsif @project
-      scope = scope.on_project(@project, Setting.display_subprojects_issues?)
+    
+    cond = ARCondition.new
+    if @project.nil?
+      cond << Project.allowed_to_condition(User.current, :view_time_entries)
+    elsif @issue.nil?
+      cond << @project.project_condition(Setting.display_subprojects_issues?)
+    else
+      cond << "#{Issue.table_name}.root_id = #{@issue.root_id} AND #{Issue.table_name}.lft >= #{@issue.lft} AND #{Issue.table_name}.rgt <= #{@issue.rgt}"
    end
+    
+    retrieve_date_range
+    cond << ['spent_on BETWEEN ? AND ?', @from, @to]

-    respond_to do |format|
-      format.html {
-        # Paginate results
-        @entry_count = scope.count
-        @entry_pages = Paginator.new self, @entry_count, per_page_option, params['page']
-        @entries = scope.all(
-          :include => [:project, :activity, :user, {:issue => :tracker}],
-          :order => sort_clause,
-          :limit  =>  @entry_pages.items_per_page,
-          :offset =>  @entry_pages.current.offset
-        )
-        @total_hours = scope.sum(:hours).to_f
+    TimeEntry.visible_by(User.current) do
+      respond_to do |format|
+        format.html {
+          # Paginate results
+          @entry_count = TimeEntry.count(:include => [:project, :issue], :conditions => cond.conditions)
+          @entry_pages = Paginator.new self, @entry_count, per_page_option, params['page']
+          @entries = TimeEntry.find(:all, 
+                                    :include => [:project, :activity, :user, {:issue => :tracker}],
+                                    :conditions => cond.conditions,
+                                    :order => sort_clause,
+                                    :limit  =>  @entry_pages.items_per_page,
+                                    :offset =>  @entry_pages.current.offset)
+          @total_hours = TimeEntry.sum(:hours, :include => [:project, :issue], :conditions => cond.conditions).to_f

-        render :layout => !request.xhr?
-      }
-      format.api  {
-        @entry_count = scope.count
-        @offset, @limit = api_offset_and_limit
-        @entries = scope.all(
-          :include => [:project, :activity, :user, {:issue => :tracker}],
-          :order => sort_clause,
-          :limit  => @limit,
-          :offset => @offset
-        )
-      }
-      format.atom {
-        entries = scope.all(
-          :include => [:project, :activity, :user, {:issue => :tracker}],
-          :order => "#{TimeEntry.table_name}.created_on DESC",
-          :limit => Setting.feeds_limit.to_i
-        )
-        render_feed(entries, :title => l(:label_spent_time))
-      }
-      format.csv {
-        # Export all entries
-        @entries = scope.all(
-          :include => [:project, :activity, :user, {:issue => [:tracker, :assigned_to, :priority]}],
-          :order => sort_clause
-        )
-        send_data(entries_to_csv(@entries), :type => 'text/csv; header=present', :filename => 'timelog.csv')
-      }
+          render :layout => !request.xhr?
+        }
+        format.api  {
+          @entry_count = TimeEntry.count(:include => [:project, :issue], :conditions => cond.conditions)
+          @entry_pages = Paginator.new self, @entry_count, per_page_option, params['page']
+          @entries = TimeEntry.find(:all, 
+                                    :include => [:project, :activity, :user, {:issue => :tracker}],
+                                    :conditions => cond.conditions,
+                                    :order => sort_clause,
+                                    :limit  =>  @entry_pages.items_per_page,
+                                    :offset =>  @entry_pages.current.offset)
+        }
+        format.atom {
+          entries = TimeEntry.find(:all,
+                                   :include => [:project, :activity, :user, {:issue => :tracker}],
+                                   :conditions => cond.conditions,
+                                   :order => "#{TimeEntry.table_name}.created_on DESC",
+                                   :limit => Setting.feeds_limit.to_i)
+          render_feed(entries, :title => l(:label_spent_time))
+        }
+        format.csv {
+          # Export all entries
+          @entries = TimeEntry.find(:all, 
+                                    :include => [:project, :activity, :user, {:issue => [:tracker, :assigned_to, :priority]}],
+                                    :conditions => cond.conditions,
+                                    :order => sort_clause)
+          send_data(entries_to_csv(@entries), :type => 'text/csv; header=present', :filename => 'timelog.csv')
+        }
+      end
    end
  end
-
-  def report
-    retrieve_date_range
-    @report = Redmine::Helpers::TimeReport.new(@project, @issue, params[:criteria], params[:columns], @from, @to)
-
-    respond_to do |format|
-      format.html { render :layout => !request.xhr? }
-      format.csv  { send_data(report_to_csv(@report), :type => 'text/csv; header=present', :filename => 'timelog.csv') }
-    end
-  end
-
+  
  def show
    respond_to do |format|
      # TODO: Implement html response
@@ -119,116 +107,84 @@ class TimelogController < ApplicationController

  def new
    @time_entry ||= TimeEntry.new(:project => @project, :issue => @issue, :user => User.current, :spent_on => User.current.today)
-    @time_entry.safe_attributes = params[:time_entry]
+    @time_entry.attributes = params[:time_entry]
+    
+    call_hook(:controller_timelog_edit_before_save, { :params => params, :time_entry => @time_entry })
+    render :action => 'edit'
  end

+  verify :method => :post, :only => :create, :render => {:nothing => true, :status => :method_not_allowed }
  def create
    @time_entry ||= TimeEntry.new(:project => @project, :issue => @issue, :user => User.current, :spent_on => User.current.today)
-    @time_entry.safe_attributes = params[:time_entry]
-
+    @time_entry.attributes = params[:time_entry]
+    
    call_hook(:controller_timelog_edit_before_save, { :params => params, :time_entry => @time_entry })
-
-    if @time_entry.save
-      respond_to do |format|
-        format.html {
-          flash[:notice] = l(:notice_successful_create)
-          if params[:continue]
-            if params[:project_id]
-              redirect_to :action => 'new', :project_id => @time_entry.project, :issue_id => @time_entry.issue,
-                :time_entry => {:issue_id => @time_entry.issue_id, :activity_id => @time_entry.activity_id},
-                :back_url => params[:back_url]
-            else
-              redirect_to :action => 'new', 
-                :time_entry => {:project_id => @time_entry.project_id, :issue_id => @time_entry.issue_id, :activity_id => @time_entry.activity_id},
-                :back_url => params[:back_url]
-            end
-          else
-            redirect_back_or_default :action => 'index', :project_id => @time_entry.project
-          end
-        }
-        format.api  { render :action => 'show', :status => :created, :location => time_entry_url(@time_entry) }
-      end
-    else
-      respond_to do |format|
-        format.html { render :action => 'new' }
-        format.api  { render_validation_errors(@time_entry) }
-      end
-    end
-  end
-
-  def edit
-    @time_entry.safe_attributes = params[:time_entry]
-  end
-
-  def update
-    @time_entry.safe_attributes = params[:time_entry]
-
-    call_hook(:controller_timelog_edit_before_save, { :params => params, :time_entry => @time_entry })
-
+    
    if @time_entry.save
      respond_to do |format|
        format.html {
          flash[:notice] = l(:notice_successful_update)
          redirect_back_or_default :action => 'index', :project_id => @time_entry.project
        }
-        format.api  { render_api_ok }
+        format.api  { render :action => 'show', :status => :created, :location => time_entry_url(@time_entry) }
      end
    else
      respond_to do |format|
        format.html { render :action => 'edit' }
        format.api  { render_validation_errors(@time_entry) }
      end
-    end
+    end    
+  end
+  
+  def edit
+    @time_entry.attributes = params[:time_entry]
+    
+    call_hook(:controller_timelog_edit_before_save, { :params => params, :time_entry => @time_entry })
  end

-  def bulk_edit
-    @available_activities = TimeEntryActivity.shared.active
-    @custom_fields = TimeEntry.first.available_custom_fields
-  end
-
-  def bulk_update
-    attributes = parse_params_for_bulk_time_entry_attributes(params)
-
-    unsaved_time_entry_ids = []
-    @time_entries.each do |time_entry|
-      time_entry.reload
-      time_entry.safe_attributes = attributes
-      call_hook(:controller_time_entries_bulk_edit_before_save, { :params => params, :time_entry => time_entry })
-      unless time_entry.save
-        # Keep unsaved time_entry ids to display them in flash error
-        unsaved_time_entry_ids << time_entry.id
+  verify :method => :put, :only => :update, :render => {:nothing => true, :status => :method_not_allowed }
+  def update
+    @time_entry.attributes = params[:time_entry]
+    
+    call_hook(:controller_timelog_edit_before_save, { :params => params, :time_entry => @time_entry })
+    
+    if @time_entry.save
+      respond_to do |format|
+        format.html {
+          flash[:notice] = l(:notice_successful_update)
+          redirect_back_or_default :action => 'index', :project_id => @time_entry.project
+        }
+        format.api  { head :ok }
      end
-    end
-    set_flash_from_bulk_time_entry_save(@time_entries, unsaved_time_entry_ids)
-    redirect_back_or_default({:controller => 'timelog', :action => 'index', :project_id => @projects.first})
+    else
+      respond_to do |format|
+        format.html { render :action => 'edit' }
+        format.api  { render_validation_errors(@time_entry) }
+      end
+    end    
  end

+  verify :method => :delete, :only => :destroy, :render => {:nothing => true, :status => :method_not_allowed }
  def destroy
-    destroyed = TimeEntry.transaction do
-      @time_entries.each do |t|
-        unless t.destroy && t.destroyed?
-          raise ActiveRecord::Rollback
-        end
+    if @time_entry.destroy && @time_entry.destroyed?
+      respond_to do |format|
+        format.html {
+          flash[:notice] = l(:notice_successful_delete)
+          redirect_to :back
+        }
+        format.api  { head :ok }
+      end
+    else
+      respond_to do |format|
+        format.html {
+          flash[:error] = l(:notice_unable_delete_time_entry)
+          redirect_to :back
+        }
+        format.api  { render_validation_errors(@time_entry) }
      end
    end
-
-    respond_to do |format|
-      format.html {
-        if destroyed
-          flash[:notice] = l(:notice_successful_delete)
-        else
-          flash[:error] = l(:notice_unable_delete_time_entry)
-        end
-        redirect_back_or_default(:action => 'index', :project_id => @projects.first)
-      }
-      format.api  {
-        if destroyed
-          render_api_ok
-        else
-          render_validation_errors(@time_entries)
-        end
-      }
-    end
+  rescue ::ActionController::RedirectBackError
+    redirect_to :action => 'index', :project_id => @time_entry.project
  end

 private
@@ -243,45 +199,20 @@ private
    render_404
  end

-  def find_time_entries
-    @time_entries = TimeEntry.find_all_by_id(params[:id] || params[:ids])
-    raise ActiveRecord::RecordNotFound if @time_entries.empty?
-    @projects = @time_entries.collect(&:project).compact.uniq
-    @project = @projects.first if @projects.size == 1
-  rescue ActiveRecord::RecordNotFound
-    render_404
-  end
-
-  def set_flash_from_bulk_time_entry_save(time_entries, unsaved_time_entry_ids)
-    if unsaved_time_entry_ids.empty?
-      flash[:notice] = l(:notice_successful_update) unless time_entries.empty?
-    else
-      flash[:error] = l(:notice_failed_to_save_time_entries,
-                        :count => unsaved_time_entry_ids.size,
-                        :total => time_entries.size,
-                        :ids => '#' + unsaved_time_entry_ids.join(', #'))
-    end
-  end
-
-  def find_optional_project_for_new_time_entry
-    if (project_id = (params[:project_id] || params[:time_entry] && params[:time_entry][:project_id])).present?
-      @project = Project.find(project_id)
-    end
+  def find_project
    if (issue_id = (params[:issue_id] || params[:time_entry] && params[:time_entry][:issue_id])).present?
      @issue = Issue.find(issue_id)
-      @project ||= @issue.project
+      @project = @issue.project
+    elsif (project_id = (params[:project_id] || params[:time_entry] && params[:time_entry][:project_id])).present?
+      @project = Project.find(project_id)
+    else
+      render_404
+      return false
    end
  rescue ActiveRecord::RecordNotFound
    render_404
  end
-
-  def find_project_for_new_time_entry
-    find_optional_project_for_new_time_entry
-    if @project.nil?
-      render_404
-    end
-  end
-
+  
  def find_optional_project
    if !params[:issue_id].blank?
      @issue = Issue.find(params[:issue_id])
@@ -289,8 +220,9 @@ private
    elsif !params[:project_id].blank?
      @project = Project.find(params[:project_id])
    end
+    deny_access unless User.current.allowed_to?(:view_time_entries, @project, :global => true)
  end
-
+  
  # Retrieves the date range based on predefined ranges or specific from/to param dates
  def retrieve_date_range
    @free_period = false
@@ -331,14 +263,10 @@ private
    else
      # default
    end
-
+    
    @from, @to = @to, @from if @from && @to && @from > @to
+    @from ||= (TimeEntry.earilest_date_for_project(@project) || Date.today)
+    @to   ||= (TimeEntry.latest_date_for_project(@project) || Date.today)
  end

-  def parse_params_for_bulk_time_entry_attributes(params)
-    attributes = (params[:time_entry] || {}).reject {|k,v| v.blank?}
-    attributes.keys.each {|k| attributes[k] = '' if attributes[k] == 'none'}
-    attributes[:custom_field_values].reject! {|k,v| v.blank?} if attributes[:custom_field_values]
-    attributes
-  end
 end
--- a/app/controllers/trackers_controller.rb
+++ b/app/controllers/trackers_controller.rb
@@ -1,76 +1,57 @@
 # Redmine - project management software
-# Copyright (C) 2006-2012  Jean-Philippe Lang
+# Copyright (C) 2006-2009  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 class TrackersController < ApplicationController
  layout 'admin'
+  
+  before_filter :require_admin

-  before_filter :require_admin, :except => :index
-  before_filter :require_admin_or_api_request, :only => :index
-  accept_api_auth :index
+  verify :method => :post, :only => :destroy, :redirect_to => { :action => :index }

  def index
-    respond_to do |format|
-      format.html {
-        @tracker_pages, @trackers = paginate :trackers, :per_page => 10, :order => 'position'
-        render :action => "index", :layout => false if request.xhr?
-      }
-      format.api {
-        @trackers = Tracker.sorted.all
-      }
-    end
+    @tracker_pages, @trackers = paginate :trackers, :per_page => 10, :order => 'position'
+    render :action => "index", :layout => false if request.xhr?
  end

  def new
-    @tracker ||= Tracker.new(params[:tracker])
-    @trackers = Tracker.find :all, :order => 'position'
-    @projects = Project.find(:all)
-  end
-
-  def create
    @tracker = Tracker.new(params[:tracker])
    if request.post? and @tracker.save
      # workflow copy
      if !params[:copy_workflow_from].blank? && (copy_from = Tracker.find_by_id(params[:copy_workflow_from]))
-        @tracker.workflow_rules.copy(copy_from)
+        @tracker.workflows.copy(copy_from)
      end
      flash[:notice] = l(:notice_successful_create)
      redirect_to :action => 'index'
      return
    end
-    new
-    render :action => 'new'
+    @trackers = Tracker.find :all, :order => 'position'
+    @projects = Project.find(:all)
  end

  def edit
-    @tracker ||= Tracker.find(params[:id])
-    @projects = Project.find(:all)
-  end
-  
-  def update
    @tracker = Tracker.find(params[:id])
-    if request.put? and @tracker.update_attributes(params[:tracker])
+    if request.post? and @tracker.update_attributes(params[:tracker])
      flash[:notice] = l(:notice_successful_update)
      redirect_to :action => 'index'
      return
    end
-    edit
-    render :action => 'edit'
+    @projects = Project.find(:all)
  end
-
+  
  def destroy
    @tracker = Tracker.find(params[:id])
    unless @tracker.issues.empty?
@@ -79,23 +60,5 @@ class TrackersController < ApplicationController
      @tracker.destroy
    end
    redirect_to :action => 'index'
-  end
-
-  def fields
-    if request.post? && params[:trackers]
-      params[:trackers].each do |tracker_id, tracker_params|
-        tracker = Tracker.find_by_id(tracker_id)
-        if tracker
-          tracker.core_fields = tracker_params[:core_fields]
-          tracker.custom_field_ids = tracker_params[:custom_field_ids]
-          tracker.save
-        end
-      end
-      flash[:notice] = l(:notice_successful_update)
-      redirect_to :action => 'fields'
-      return
-    end
-    @trackers = Tracker.sorted.all
-    @custom_fields = IssueCustomField.all.sort
-  end
+  end  
 end
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -1,80 +1,80 @@
 # Redmine - project management software
-# Copyright (C) 2006-2012  Jean-Philippe Lang
+# Copyright (C) 2006-2010  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 class UsersController < ApplicationController
  layout 'admin'
-
+  
  before_filter :require_admin, :except => :show
-  before_filter :find_user, :only => [:show, :edit, :update, :destroy, :edit_membership, :destroy_membership]
-  accept_api_auth :index, :show, :create, :update, :destroy
+  before_filter :find_user, :only => [:show, :edit, :update, :edit_membership, :destroy_membership]
+  accept_key_auth :index, :show, :create, :update

  helper :sort
  include SortHelper
  helper :custom_fields
-  include CustomFieldsHelper
+  include CustomFieldsHelper   

  def index
    sort_init 'login', 'asc'
    sort_update %w(login firstname lastname mail admin created_on last_login_on)
-
+    
    case params[:format]
    when 'xml', 'json'
      @offset, @limit = api_offset_and_limit
    else
      @limit = per_page_option
    end
+    
+    @status = params[:status] ? params[:status].to_i : 1
+    c = ARCondition.new(@status == 0 ? "status <> 0" : ["status = ?", @status])

-    @status = params[:status] || 1
-
-    scope = User.logged.status(@status)
-    scope = scope.like(params[:name]) if params[:name].present?
-    scope = scope.in_group(params[:group_id]) if params[:group_id].present?
-
-    @user_count = scope.count
+    unless params[:name].blank?
+      name = "%#{params[:name].strip.downcase}%"
+      c << ["LOWER(login) LIKE ? OR LOWER(firstname) LIKE ? OR LOWER(lastname) LIKE ? OR LOWER(mail) LIKE ?", name, name, name, name]
+    end
+    
+    @user_count = User.count(:conditions => c.conditions)
    @user_pages = Paginator.new self, @user_count, @limit, params['page']
    @offset ||= @user_pages.current.offset
-    @users =  scope.find :all,
+    @users =  User.find :all,
                        :order => sort_clause,
+                        :conditions => c.conditions,
                        :limit  =>  @limit,
                        :offset =>  @offset

-    respond_to do |format|
-      format.html {
-        @groups = Group.all.sort
-        render :layout => !request.xhr?
-      }
+		respond_to do |format|
+		  format.html { render :layout => !request.xhr? }
      format.api
-    end	
+		end	
  end
-
+  
  def show
    # show projects based on current user visibility
-    @memberships = @user.memberships.all(:conditions => Project.visible_condition(User.current))
-
+    @memberships = @user.memberships.all(:conditions => Project.visible_by(User.current))
+    
    events = Redmine::Activity::Fetcher.new(User.current, :author => @user).events(nil, nil, :limit => 10)
    @events_by_day = events.group_by(&:event_date)
-
+    
    unless User.current.admin?
      if !@user.active? || (@user != User.current  && @memberships.empty? && events.empty?)
        render_404
        return
      end
    end
-
+    
    respond_to do |format|
      format.html { render :layout => 'base' }
      format.api
@@ -85,7 +85,8 @@ class UsersController < ApplicationController
    @user = User.new(:language => Setting.default_language, :mail_notification => Setting.default_notification_option)
    @auth_sources = AuthSource.find(:all)
  end
-
+  
+  verify :method => :post, :only => :create, :render => {:nothing => true, :status => :method_not_allowed }
  def create
    @user = User.new(:language => Setting.default_language, :mail_notification => Setting.default_notification_option)
    @user.safe_attributes = params[:user]
@@ -93,19 +94,21 @@ class UsersController < ApplicationController
    @user.login = params[:user][:login]
    @user.password, @user.password_confirmation = params[:user][:password], params[:user][:password_confirmation] unless @user.auth_source_id

+    # TODO: Similar to My#account
+    @user.pref.attributes = params[:pref]
+    @user.pref[:no_self_notified] = (params[:no_self_notified] == '1')
+
    if @user.save
-      @user.pref.attributes = params[:pref]
-      @user.pref[:no_self_notified] = (params[:no_self_notified] == '1')
      @user.pref.save
      @user.notified_project_ids = (@user.mail_notification == 'selected' ? params[:notified_project_ids] : [])

-      Mailer.account_information(@user, params[:user][:password]).deliver if params[:send_information]
-
+      Mailer.deliver_account_information(@user, params[:user][:password]) if params[:send_information]
+      
      respond_to do |format|
        format.html {
-          flash[:notice] = l(:notice_user_successful_create, :id => view_context.link_to(@user.login, user_path(@user)))
-          redirect_to(params[:continue] ?
-            {:controller => 'users', :action => 'new'} :
+          flash[:notice] = l(:notice_successful_create)
+          redirect_to(params[:continue] ? 
+            {:controller => 'users', :action => 'new'} : 
            {:controller => 'users', :action => 'edit', :id => @user}
          )
        }
@@ -127,7 +130,8 @@ class UsersController < ApplicationController
    @auth_sources = AuthSource.find(:all)
    @membership ||= Member.new
  end
-
+  
+  verify :method => :put, :only => :update, :render => {:nothing => true, :status => :method_not_allowed }
  def update
    @user.admin = params[:user][:admin] if params[:user][:admin]
    @user.login = params[:user][:login] if params[:user][:login]
@@ -146,17 +150,17 @@ class UsersController < ApplicationController
      @user.notified_project_ids = (@user.mail_notification == 'selected' ? params[:notified_project_ids] : [])

      if was_activated
-        Mailer.account_activated(@user).deliver
+        Mailer.deliver_account_activated(@user)
      elsif @user.active? && params[:send_information] && !params[:user][:password].blank? && @user.auth_source_id.nil?
-        Mailer.account_information(@user, params[:user][:password]).deliver
+        Mailer.deliver_account_information(@user, params[:user][:password])
      end
-
+      
      respond_to do |format|
        format.html {
          flash[:notice] = l(:notice_successful_update)
-          redirect_to_referer_or edit_user_path(@user)
+          redirect_to :back
        }
-        format.api  { render_api_ok }
+        format.api  { head :ok }
      end
    else
      @auth_sources = AuthSource.find(:all)
@@ -169,38 +173,45 @@ class UsersController < ApplicationController
        format.api  { render_validation_errors(@user) }
      end
    end
-  end
-
-  def destroy
-    @user.destroy
-    respond_to do |format|
-      format.html { redirect_back_or_default(users_url) }
-      format.api  { render_api_ok }
-    end
+  rescue ::ActionController::RedirectBackError
+    redirect_to :controller => 'users', :action => 'edit', :id => @user
  end

  def edit_membership
    @membership = Member.edit_membership(params[:membership_id], params[:membership], @user)
-    @membership.save
+    @membership.save if request.post?
    respond_to do |format|
-      format.html { redirect_to :controller => 'users', :action => 'edit', :id => @user, :tab => 'memberships' }
-      format.js
+      if @membership.valid?
+        format.html { redirect_to :controller => 'users', :action => 'edit', :id => @user, :tab => 'memberships' }
+        format.js {
+          render(:update) {|page|
+            page.replace_html "tab-content-memberships", :partial => 'users/memberships'
+            page.visual_effect(:highlight, "member-#{@membership.id}")
+          }
+        }
+      else
+        format.js {
+          render(:update) {|page|
+            page.alert(l(:notice_failed_to_save_members, :errors => @membership.errors.full_messages.join(', ')))
+          }
+        }
+      end
    end
  end
-
+  
  def destroy_membership
    @membership = Member.find(params[:membership_id])
-    if @membership.deletable?
+    if request.post? && @membership.deletable?
      @membership.destroy
    end
    respond_to do |format|
      format.html { redirect_to :controller => 'users', :action => 'edit', :id => @user, :tab => 'memberships' }
-      format.js
+      format.js { render(:update) {|page| page.replace_html "tab-content-memberships", :partial => 'users/memberships'} }
    end
  end
-
+  
  private
-
+  
  def find_user
    if params[:id] == 'current'
      require_login || return
--- a/app/controllers/versions_controller.rb
+++ b/app/controllers/versions_controller.rb
@@ -1,16 +1,16 @@
-# Redmine - project management software
-# Copyright (C) 2006-2012  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
@@ -23,71 +23,55 @@ class VersionsController < ApplicationController
  before_filter :find_project, :only => [:index, :new, :create, :close_completed]
  before_filter :authorize

-  accept_api_auth :index, :show, :create, :update, :destroy
-
  helper :custom_fields
  helper :projects

  def index
-    respond_to do |format|
-      format.html {
-        @trackers = @project.trackers.find(:all, :order => 'position')
-        retrieve_selected_tracker_ids(@trackers, @trackers.select {|t| t.is_in_roadmap?})
-        @with_subprojects = params[:with_subprojects].nil? ? Setting.display_subprojects_issues? : (params[:with_subprojects] == '1')
-        project_ids = @with_subprojects ? @project.self_and_descendants.collect(&:id) : [@project.id]
-
-        @versions = @project.shared_versions || []
-        @versions += @project.rolled_up_versions.visible if @with_subprojects
-        @versions = @versions.uniq.sort
-        unless params[:completed]
-          @completed_versions = @versions.select {|version| version.closed? || version.completed? }
-          @versions -= @completed_versions
-        end
-
-        @issues_by_version = {}
-        if @selected_tracker_ids.any? && @versions.any?
-          issues = Issue.visible.all(
-            :include => [:project, :status, :tracker, :priority, :fixed_version],
-            :conditions => {:tracker_id => @selected_tracker_ids, :project_id => project_ids, :fixed_version_id => @versions.map(&:id)},
-            :order => "#{Project.table_name}.lft, #{Tracker.table_name}.position, #{Issue.table_name}.id"
-          )
-          @issues_by_version = issues.group_by(&:fixed_version)
-        end
-        @versions.reject! {|version| !project_ids.include?(version.project_id) && @issues_by_version[version].blank?}
-      }
-      format.api {
-        @versions = @project.shared_versions.all
-      }
+    @trackers = @project.trackers.find(:all, :order => 'position')
+    retrieve_selected_tracker_ids(@trackers, @trackers.select {|t| t.is_in_roadmap?})
+    @with_subprojects = params[:with_subprojects].nil? ? Setting.display_subprojects_issues? : (params[:with_subprojects] == '1')
+    project_ids = @with_subprojects ? @project.self_and_descendants.collect(&:id) : [@project.id]
+    
+    @versions = @project.shared_versions || []
+    @versions += @project.rolled_up_versions.visible if @with_subprojects
+    @versions = @versions.uniq.sort
+    @versions.reject! {|version| version.closed? || version.completed? } unless params[:completed]
+    
+    @issues_by_version = {}
+    unless @selected_tracker_ids.empty?
+      @versions.each do |version|
+        issues = version.fixed_issues.visible.find(:all,
+                                                   :include => [:project, :status, :tracker, :priority],
+                                                   :conditions => {:tracker_id => @selected_tracker_ids, :project_id => project_ids},
+                                                   :order => "#{Project.table_name}.lft, #{Tracker.table_name}.position, #{Issue.table_name}.id")
+        @issues_by_version[version] = issues
+      end
    end
+    @versions.reject! {|version| !project_ids.include?(version.project_id) && @issues_by_version[version].blank?}
  end
-
+  
  def show
-    respond_to do |format|
-      format.html {
-        @issues = @version.fixed_issues.visible.find(:all,
-          :include => [:status, :tracker, :priority],
-          :order => "#{Tracker.table_name}.position, #{Issue.table_name}.id")
-      }
-      format.api
-    end
+    @issues = @version.fixed_issues.visible.find(:all,
+      :include => [:status, :tracker, :priority],
+      :order => "#{Tracker.table_name}.position, #{Issue.table_name}.id")
  end
-
+  
  def new
-    @version = @project.versions.build
-    @version.safe_attributes = params[:version]
-
-    respond_to do |format|
-      format.html
-      format.js
-    end
-  end
-
-  def create
    @version = @project.versions.build
    if params[:version]
      attributes = params[:version].dup
      attributes.delete('sharing') unless attributes.nil? || @version.allowed_sharings.include?(attributes['sharing'])
-      @version.safe_attributes = attributes
+      @version.attributes = attributes
+    end
+  end
+
+  def create
+    # TODO: refactor with code above in #new
+    @version = @project.versions.build
+    if params[:version]
+      attributes = params[:version].dup
+      attributes.delete('sharing') unless attributes.nil? || @version.allowed_sharings.include?(attributes['sharing'])
+      @version.attributes = attributes
    end

    if request.post?
@@ -95,18 +79,21 @@ class VersionsController < ApplicationController
        respond_to do |format|
          format.html do
            flash[:notice] = l(:notice_successful_create)
-            redirect_back_or_default :controller => 'projects', :action => 'settings', :tab => 'versions', :id => @project
+            redirect_to :controller => 'projects', :action => 'settings', :tab => 'versions', :id => @project
          end
-          format.js
-          format.api do
-            render :action => 'show', :status => :created, :location => version_url(@version)
+          format.js do
+            # IE doesn't support the replace_html rjs method for select box options
+            render(:update) {|page| page.replace "issue_fixed_version_id",
+              content_tag('select', '<option></option>' + version_options_for_select(@project.shared_versions.open, @version), :id => 'issue_fixed_version_id', :name => 'issue[fixed_version_id]')
+            }
          end
        end
      else
        respond_to do |format|
          format.html { render :action => 'new' }
-          format.js   { render :action => 'new' }
-          format.api  { render_validation_errors(@version) }
+          format.js do
+            render(:update) {|page| page.alert(@version.errors.full_messages.join('\n')) }
+          end
        end
      end
    end
@@ -114,29 +101,22 @@ class VersionsController < ApplicationController

  def edit
  end
-
+  
  def update
    if request.put? && params[:version]
      attributes = params[:version].dup
      attributes.delete('sharing') unless @version.allowed_sharings.include?(attributes['sharing'])
-      @version.safe_attributes = attributes
-      if @version.save
-        respond_to do |format|
-          format.html {
-            flash[:notice] = l(:notice_successful_update)
-            redirect_back_or_default :controller => 'projects', :action => 'settings', :tab => 'versions', :id => @project
-          }
-          format.api  { render_api_ok }
-        end
+      if @version.update_attributes(attributes)
+        flash[:notice] = l(:notice_successful_update)
+        redirect_to :controller => 'projects', :action => 'settings', :tab => 'versions', :id => @project
      else
        respond_to do |format|
          format.html { render :action => 'edit' }
-          format.api  { render_validation_errors(@version) }
        end
      end
    end
  end
-
+  
  def close_completed
    if request.put?
      @project.close_completed_versions
@@ -147,25 +127,17 @@ class VersionsController < ApplicationController
  def destroy
    if @version.fixed_issues.empty?
      @version.destroy
-      respond_to do |format|
-        format.html { redirect_back_or_default :controller => 'projects', :action => 'settings', :tab => 'versions', :id => @project }
-        format.api  { render_api_ok }
-      end
+      redirect_to :controller => 'projects', :action => 'settings', :tab => 'versions', :id => @project
    else
-      respond_to do |format|
-        format.html {
-          flash[:error] = l(:notice_unable_delete_version)
-          redirect_to :controller => 'projects', :action => 'settings', :tab => 'versions', :id => @project
-        }
-        format.api  { head :unprocessable_entity }
-      end
+      flash[:error] = l(:notice_unable_delete_version)
+      redirect_to :controller => 'projects', :action => 'settings', :tab => 'versions', :id => @project
    end
  end
-
+  
  def status_by
    respond_to do |format|
      format.html { render :action => 'show' }
-      format.js
+      format.js { render(:update) {|page| page.replace_html 'status_by', render_issue_status_by(@version, params[:status_by])} }
    end
  end

--- a/app/controllers/watchers_controller.rb
+++ b/app/controllers/watchers_controller.rb
@@ -1,16 +1,16 @@
-# Redmine - project management software
-# Copyright (C) 2006-2012  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006-2007  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
@@ -19,7 +19,11 @@ class WatchersController < ApplicationController
  before_filter :find_project
  before_filter :require_login, :check_project_privacy, :only => [:watch, :unwatch]
  before_filter :authorize, :only => [:new, :destroy]
-
+  
+  verify :method => :post,
+         :only => [ :watch, :unwatch ],
+         :render => { :nothing => true, :status => :method_not_allowed }
+  
  def watch
    if @watched.respond_to?(:visible?) && !@watched.visible?(User.current)
      render_403
@@ -27,69 +31,71 @@ class WatchersController < ApplicationController
      set_watcher(User.current, true)
    end
  end
-
+  
  def unwatch
    set_watcher(User.current, false)
  end
-
+  
  def new
-  end
-
-  def create
-    if params[:watcher].is_a?(Hash) && request.post?
-      user_ids = params[:watcher][:user_ids] || [params[:watcher][:user_id]]
-      user_ids.each do |user_id|
-        Watcher.create(:watchable => @watched, :user_id => user_id)
+    @watcher = Watcher.new(params[:watcher])
+    @watcher.watchable = @watched
+    @watcher.save if request.post?
+    respond_to do |format|
+      format.html { redirect_to :back }
+      format.js do
+        render :update do |page|
+          page.replace_html 'watchers', :partial => 'watchers/watchers', :locals => {:watched => @watched}
+        end
      end
    end
-    respond_to do |format|
-      format.html { redirect_to_referer_or {render :text => 'Watcher added.', :layout => true}}
-      format.js
-    end
+  rescue ::ActionController::RedirectBackError
+    render :text => 'Watcher added.', :layout => true
  end
-
-  def append
-    if params[:watcher].is_a?(Hash)
-      user_ids = params[:watcher][:user_ids] || [params[:watcher][:user_id]]
-      @users = User.active.find_all_by_id(user_ids)
-    end
-  end
-
+  
  def destroy
    @watched.set_watcher(User.find(params[:user_id]), false) if request.post?
    respond_to do |format|
      format.html { redirect_to :back }
-      format.js
+      format.js do
+        render :update do |page|
+          page.replace_html 'watchers', :partial => 'watchers/watchers', :locals => {:watched => @watched}
+        end
+      end
    end
  end
-
-  def autocomplete_for_user
-    @users = User.active.like(params[:q]).find(:all, :limit => 100)
-    if @watched
-      @users -= @watched.watcher_users
-    end
-    render :layout => false
-  end
-
+  
 private
  def find_project
-    if params[:object_type] && params[:object_id]
-      klass = Object.const_get(params[:object_type].camelcase)
-      return false unless klass.respond_to?('watched_by')
-      @watched = klass.find(params[:object_id])
-      @project = @watched.project
-    elsif params[:project_id]
-      @project = Project.visible.find_by_param(params[:project_id])
-    end
+    klass = Object.const_get(params[:object_type].camelcase)
+    return false unless klass.respond_to?('watched_by')
+    @watched = klass.find(params[:object_id])
+    @project = @watched.project
  rescue
    render_404
  end
-
+  
  def set_watcher(user, watching)
    @watched.set_watcher(user, watching)
-    respond_to do |format|
-      format.html { redirect_to_referer_or {render :text => (watching ? 'Watcher added.' : 'Watcher removed.'), :layout => true}}
-      format.js { render :partial => 'set_watcher', :locals => {:user => user, :watched => @watched} }
+    if params[:replace].present?
+      if params[:replace].is_a? Array
+        replace_ids = params[:replace]
+      else
+        replace_ids = [params[:replace]]
+      end
+    else
+      replace_ids = ['watcher']
    end
+    respond_to do |format|
+      format.html { redirect_to :back }
+      format.js do
+        render(:update) do |page|
+          replace_ids.each do |replace_id|
+            page.replace_html replace_id, watcher_link(@watched, user, :replace => replace_ids)
+          end
+        end
+      end
+    end
+  rescue ::ActionController::RedirectBackError
+    render :text => (watching ? 'Watcher added.' : 'Watcher removed.'), :layout => true
  end
 end
--- a/app/controllers/welcome_controller.rb
+++ b/app/controllers/welcome_controller.rb
@@ -1,16 +1,16 @@
-# Redmine - project management software
-# Copyright (C) 2006-2012  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
@@ -22,7 +22,7 @@ class WelcomeController < ApplicationController
    @news = News.latest User.current
    @projects = Project.latest User.current
  end
-
+  
  def robots
    @projects = Project.all_public.active
    render :layout => false, :content_type => 'text/plain'
--- a/app/controllers/wiki_controller.rb
+++ b/app/controllers/wiki_controller.rb
@@ -1,16 +1,16 @@
-# Redmine - project management software
-# Copyright (C) 2006-2012  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006-2007  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
@@ -34,28 +34,23 @@ require 'diff'
 class WikiController < ApplicationController
  default_search_scope :wiki_pages
  before_filter :find_wiki, :authorize
-  before_filter :find_existing_or_new_page, :only => [:show, :edit, :update]
  before_filter :find_existing_page, :only => [:rename, :protect, :history, :diff, :annotate, :add_attachment, :destroy]
+  
+  verify :method => :post, :only => [:protect], :redirect_to => { :action => :show }

  helper :attachments
-  include AttachmentsHelper
+  include AttachmentsHelper   
  helper :watchers
-  include Redmine::Export::PDF

  # List of pages, sorted alphabetically and by parent (hierarchy)
  def index
-    load_pages_for_index
-    @pages_by_parent_id = @pages.group_by(&:parent_id)
-  end
-
-  # List of page, by last update
-  def date_index
-    load_pages_for_index
-    @pages_by_date = @pages.group_by {|p| p.updated_on.to_date}
+    load_pages_grouped_by_date_without_content
  end

  # display a page (in editing mode if it doesn't exist)
  def show
+    page_title = params[:id]
+    @page = @wiki.find_or_new_page(page_title)
    if @page.new_record?
      if User.current.allowed_to?(:edit_wiki_pages, @project) && editable?
        edit
@@ -72,10 +67,7 @@ class WikiController < ApplicationController
    end
    @content = @page.content_for_version(params[:version])
    if User.current.allowed_to?(:export_wiki_pages, @project)
-      if params[:format] == 'pdf'
-        send_data(wiki_page_to_pdf(@page, @project), :type => 'application/pdf', :filename => "#{@page.title}.pdf")
-        return
-      elsif params[:format] == 'html'
+      if params[:format] == 'html'
        export = render_to_string :action => 'export', :layout => false
        send_data(export, :type => 'text/html', :filename => "#{@page.title}.html")
        return
@@ -85,23 +77,15 @@ class WikiController < ApplicationController
      end
    end
    @editable = editable?
-    @sections_editable = @editable && User.current.allowed_to?(:edit_wiki_pages, @page.project) &&
-      @content.current_version? &&
-      Redmine::WikiFormatting.supports_section_edit?
-
    render :action => 'show'
  end
-
+  
  # edit an existing page or a new one
  def edit
+    @page = @wiki.find_or_new_page(params[:id])    
    return render_403 unless editable?
-    if @page.new_record?
-      @page.content = WikiContent.new(:page => @page)
-      if params[:parent].present?
-        @page.parent = @page.wiki.find_page(params[:parent].to_s)
-      end
-    end
-
+    @page.content = WikiContent.new(:page => @page) if @page.new_record?
+    
    @content = @page.content_for_version(params[:version])
    @content.text = initial_page_content(@page) if @content.text.blank?
    # don't keep previous comment
@@ -109,21 +93,15 @@ class WikiController < ApplicationController

    # To prevent StaleObjectError exception when reverting to a previous version
    @content.version = @page.content.version
-
-    @text = @content.text
-    if params[:section].present? && Redmine::WikiFormatting.supports_section_edit?
-      @section = params[:section].to_i
-      @text, @section_hash = Redmine::WikiFormatting.formatter.new(@text).get_section(@section)
-      render_404 if @text.blank?
-    end
  end

+  verify :method => :put, :only => :update, :render => {:nothing => true, :status => :method_not_allowed }
  # Creates a new page or updates an existing one
  def update
+    @page = @wiki.find_or_new_page(params[:id])    
    return render_403 unless editable?
    @page.content = WikiContent.new(:page => @page) if @page.new_record?
-    @page.safe_attributes = params[:wiki_page]
-
+    
    @content = @page.content_for_version(params[:version])
    @content.text = initial_page_content(@page) if @content.text.blank?
    # don't keep previous comment
@@ -132,25 +110,14 @@ class WikiController < ApplicationController
    if !@page.new_record? && params[:content].present? && @content.text == params[:content][:text]
      attachments = Attachment.attach_files(@page, params[:attachments])
      render_attachment_warning_if_needed(@page)
-      # don't save content if text wasn't changed
-      @page.save
+      # don't save if text wasn't changed
      redirect_to :action => 'show', :project_id => @project, :id => @page.title
      return
    end
-
-    @content.comments = params[:content][:comments]
-    @text = params[:content][:text]
-    if params[:section].present? && Redmine::WikiFormatting.supports_section_edit?
-      @section = params[:section].to_i
-      @section_hash = params[:section_hash]
-      @content.text = Redmine::WikiFormatting.formatter.new(@content.text).update_section(params[:section].to_i, @text, @section_hash)
-    else
-      @content.version = params[:content][:version]
-      @content.text = @text
-    end
+    @content.attributes = params[:content]
    @content.author = User.current
-    @page.content = @content
-    if @page.save
+    # if page is new @page.save will also save content, but not if page isn't a new record
+    if (@page.new_record? ? @page.save : @content.save)
      attachments = Attachment.attach_files(@page, params[:attachments])
      render_attachment_warning_if_needed(@page)
      call_hook(:controller_wiki_edit_after_save, { :params => params, :page => @page})
@@ -159,12 +126,10 @@ class WikiController < ApplicationController
      render :action => 'edit'
    end

-  rescue ActiveRecord::StaleObjectError, Redmine::WikiFormatting::StaleSectionError
+  rescue ActiveRecord::StaleObjectError
    # Optimistic locking exception
    flash.now[:error] = l(:notice_locking_conflict)
    render :action => 'edit'
-  rescue ActiveRecord::RecordNotSaved
-    render :action => 'edit'
  end

  # rename a page
@@ -178,7 +143,7 @@ class WikiController < ApplicationController
      redirect_to :action => 'show', :project_id => @project, :id => @page.title
    end
  end
-
+  
  def protect
    @page.update_attribute :protected, params[:protected]
    redirect_to :action => 'show', :project_id => @project, :id => @page.title
@@ -188,8 +153,8 @@ class WikiController < ApplicationController
  def history
    @version_count = @page.content.versions.count
    @version_pages = Paginator.new self, @version_count, per_page_option, params['p']
-    # don't load text
-    @versions = @page.content.versions.find :all,
+    # don't load text    
+    @versions = @page.content.versions.find :all, 
                                            :select => "id, author_id, comments, updated_on, version",
                                            :order => 'version DESC',
                                            :limit  =>  @version_pages.items_per_page + 1,
@@ -197,22 +162,23 @@ class WikiController < ApplicationController

    render :layout => false if request.xhr?
  end
-
+  
  def diff
    @diff = @page.diff(params[:version], params[:version_from])
    render_404 unless @diff
  end
-
+  
  def annotate
    @annotate = @page.annotate(params[:version])
    render_404 unless @annotate
  end

+  verify :method => :delete, :only => [:destroy], :redirect_to => { :action => :show }
  # Removes a wiki page and its history
  # Children can be either set as root pages, removed or reassigned to another parent page
  def destroy
    return render_403 unless editable?
-
+    
    @descendants_count = @page.descendants.size
    if @descendants_count > 0
      case params[:todo]
@@ -237,20 +203,21 @@ class WikiController < ApplicationController
    redirect_to :action => 'index', :project_id => @project
  end

-  # Export wiki to a single pdf or html file
+  # Export wiki to a single html file
  def export
-    @pages = @wiki.pages.all(:order => 'title', :include => [:content, :attachments], :limit => 75)
-    respond_to do |format|
-      format.html {
-        export = render_to_string :action => 'export_multiple', :layout => false
-        send_data(export, :type => 'text/html', :filename => "wiki.html")
-      }
-      format.pdf {
-        send_data(wiki_pages_to_pdf(@pages, @project), :type => 'application/pdf', :filename => "#{@project.identifier}.pdf")
-      }
+    if User.current.allowed_to?(:export_wiki_pages, @project)
+      @pages = @wiki.pages.find :all, :order => 'title'
+      export = render_to_string :action => 'export_multiple', :layout => false
+      send_data(export, :type => 'text/html', :filename => "wiki.html")
+    else
+      redirect_to :action => 'show', :project_id => @project, :id => nil
    end
  end

+  def date_index
+    load_pages_grouped_by_date_without_content
+  end
+  
  def preview
    page = @wiki.find_page(params[:id])
    # page is nil when previewing a new page
@@ -271,7 +238,7 @@ class WikiController < ApplicationController
  end

 private
-
+  
  def find_wiki
    @project = Project.find(params[:project_id])
    @wiki = @project.wiki
@@ -279,27 +246,13 @@ private
  rescue ActiveRecord::RecordNotFound
    render_404
  end
-
-  # Finds the requested page or a new page if it doesn't exist
-  def find_existing_or_new_page
-    @page = @wiki.find_or_new_page(params[:id])
-    if @wiki.page_found_with_redirect?
-      redirect_to params.update(:id => @page.title)
-    end
-  end
-
+  
  # Finds the requested page and returns a 404 error if it doesn't exist
  def find_existing_page
    @page = @wiki.find_page(params[:id])
-    if @page.nil?
-      render_404
-      return
-    end
-    if @wiki.page_found_with_redirect?
-      redirect_to params.update(:id => @page.title)
-    end
+    render_404 if @page.nil?
  end
-
+  
  # Returns true if the current user is allowed to edit the page, otherwise false
  def editable?(page = @page)
    page.editable_by?(User.current)
@@ -312,7 +265,13 @@ private
    helper.instance_method(:initial_page_content).bind(self).call(page)
  end

-  def load_pages_for_index
-    @pages = @wiki.pages.with_updated_on.all(:order => 'title', :include => {:wiki => :project})
+  # eager load information about last updates, without loading text
+  def load_pages_grouped_by_date_without_content
+    @pages = @wiki.pages.find :all, :select => "#{WikiPage.table_name}.*, #{WikiContent.table_name}.updated_on",
+                                    :joins => "LEFT JOIN #{WikiContent.table_name} ON #{WikiContent.table_name}.page_id = #{WikiPage.table_name}.id",
+                                    :order => 'title'
+    @pages_by_date = @pages.group_by {|p| p.updated_on.to_date}
+    @pages_by_parent_id = @pages.group_by(&:parent_id)
  end
+  
 end
--- a/app/controllers/wikis_controller.rb
+++ b/app/controllers/wikis_controller.rb
@@ -1,16 +1,16 @@
-# Redmine - project management software
-# Copyright (C) 2006-2012  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006-2007  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
@@ -18,12 +18,13 @@
 class WikisController < ApplicationController
  menu_item :settings
  before_filter :find_project, :authorize
-
+  
  # Create or update a project's wiki
  def edit
    @wiki = @project.wiki || Wiki.new(:project => @project)
-    @wiki.safe_attributes = params[:wiki]
+    @wiki.attributes = params[:wiki]
    @wiki.save if request.post?
+    render(:update) {|page| page.replace_html "tab-content-wiki", :partial => 'projects/settings/wiki'}
  end

  # Delete a project's wiki
@@ -31,6 +32,6 @@ class WikisController < ApplicationController
    if request.post? && params[:confirm] && @project.wiki
      @project.wiki.destroy
      redirect_to :controller => 'projects', :action => 'settings', :id => @project, :tab => 'wiki'
-    end
+    end    
  end
 end
--- a/app/controllers/workflows_controller.rb
+++ b/app/controllers/workflows_controller.rb
@@ -1,94 +1,57 @@
 # Redmine - project management software
-# Copyright (C) 2006-2012  Jean-Philippe Lang
+# Copyright (C) 2006-2008  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 class WorkflowsController < ApplicationController
  layout 'admin'
-
-  before_filter :require_admin, :find_roles, :find_trackers
-
+  
+  before_filter :require_admin
+  before_filter :find_roles
+  before_filter :find_trackers
+  
  def index
-    @workflow_counts = WorkflowTransition.count_by_tracker_and_role
+    @workflow_counts = Workflow.count_by_tracker_and_role
  end
-
+  
  def edit
-    @role = Role.find_by_id(params[:role_id]) if params[:role_id]
-    @tracker = Tracker.find_by_id(params[:tracker_id]) if params[:tracker_id]
-
+    @role = Role.find_by_id(params[:role_id])
+    @tracker = Tracker.find_by_id(params[:tracker_id])    
+    
    if request.post?
-      WorkflowTransition.destroy_all( ["role_id=? and tracker_id=?", @role.id, @tracker.id])
-      (params[:issue_status] || []).each { |status_id, transitions|
-        transitions.each { |new_status_id, options|
-          author = options.is_a?(Array) && options.include?('author') && !options.include?('always')
-          assignee = options.is_a?(Array) && options.include?('assignee') && !options.include?('always')
-          WorkflowTransition.create(:role_id => @role.id, :tracker_id => @tracker.id, :old_status_id => status_id, :new_status_id => new_status_id, :author => author, :assignee => assignee)
+      Workflow.destroy_all( ["role_id=? and tracker_id=?", @role.id, @tracker.id])
+      (params[:issue_status] || []).each { |old, news| 
+        news.each { |new| 
+          @role.workflows.build(:tracker_id => @tracker.id, :old_status_id => old, :new_status_id => new) 
        }
      }
      if @role.save
-        redirect_to :action => 'edit', :role_id => @role, :tracker_id => @tracker, :used_statuses_only => params[:used_statuses_only]
-        return
+        flash[:notice] = l(:notice_successful_update)
+        redirect_to :action => 'edit', :role_id => @role, :tracker_id => @tracker
      end
    end
-
+    
    @used_statuses_only = (params[:used_statuses_only] == '0' ? false : true)
    if @tracker && @used_statuses_only && @tracker.issue_statuses.any?
      @statuses = @tracker.issue_statuses
    end
-    @statuses ||= IssueStatus.sorted.all
-
-    if @tracker && @role && @statuses.any?
-      workflows = WorkflowTransition.where(:role_id => @role.id, :tracker_id => @tracker.id).all
-      @workflows = {}
-      @workflows['always'] = workflows.select {|w| !w.author && !w.assignee}
-      @workflows['author'] = workflows.select {|w| w.author}
-      @workflows['assignee'] = workflows.select {|w| w.assignee}
-    end
+    @statuses ||= IssueStatus.find(:all, :order => 'position')
  end
-
-  def permissions
-    @role = Role.find_by_id(params[:role_id]) if params[:role_id]
-    @tracker = Tracker.find_by_id(params[:tracker_id]) if params[:tracker_id]
-
-    if request.post? && @role && @tracker
-      WorkflowPermission.replace_permissions(@tracker, @role, params[:permissions] || {})
-      redirect_to :action => 'permissions', :role_id => @role, :tracker_id => @tracker, :used_statuses_only => params[:used_statuses_only]
-      return
-    end
-
-    @used_statuses_only = (params[:used_statuses_only] == '0' ? false : true)
-    if @tracker && @used_statuses_only && @tracker.issue_statuses.any?
-      @statuses = @tracker.issue_statuses
-    end
-    @statuses ||= IssueStatus.sorted.all
-
-    if @role && @tracker
-      @fields = (Tracker::CORE_FIELDS_ALL - @tracker.disabled_core_fields).map {|field| [field, l("field_"+field.sub(/_id$/, ''))]}
-      @custom_fields = @tracker.custom_fields
-
-      @permissions = WorkflowPermission.where(:tracker_id => @tracker.id, :role_id => @role.id).all.inject({}) do |h, w|
-        h[w.old_status_id] ||= {}
-        h[w.old_status_id][w.field_name] = w.rule
-        h
-      end
-      @statuses.each {|status| @permissions[status.id] ||= {}}
-    end
-  end
-
+  
  def copy
-
+    
    if params[:source_tracker_id].blank? || params[:source_tracker_id] == 'any'
      @source_tracker = nil
    else
@@ -99,17 +62,17 @@ class WorkflowsController < ApplicationController
    else
      @source_role = Role.find_by_id(params[:source_role_id].to_i)
    end
-
+    
    @target_trackers = params[:target_tracker_ids].blank? ? nil : Tracker.find_all_by_id(params[:target_tracker_ids])
    @target_roles = params[:target_role_ids].blank? ? nil : Role.find_all_by_id(params[:target_role_ids])
-
+     
    if request.post?
      if params[:source_tracker_id].blank? || params[:source_role_id].blank? || (@source_tracker.nil? && @source_role.nil?)
        flash.now[:error] = l(:error_workflow_copy_source)
      elsif @target_trackers.nil? || @target_roles.nil?
        flash.now[:error] = l(:error_workflow_copy_target)
      else
-        WorkflowRule.copy(@source_tracker, @source_role, @target_trackers, @target_roles)
+        Workflow.copy(@source_tracker, @source_role, @target_trackers, @target_roles)
        flash[:notice] = l(:notice_successful_update)
        redirect_to :action => 'copy', :source_tracker_id => @source_tracker, :source_role_id => @source_role
      end
@@ -119,10 +82,10 @@ class WorkflowsController < ApplicationController
  private

  def find_roles
-    @roles = Role.sorted.all
+    @roles = Role.find(:all, :order => 'builtin, position')
  end
-
+  
  def find_trackers
-    @trackers = Tracker.sorted.all
+    @trackers = Tracker.find(:all, :order => 'position')
  end
 end
--- a/app/helpers/account_helper.rb
+++ b/app/helpers/account_helper.rb
@@ -1,18 +1,16 @@
-# encoding: utf-8
-#
-# Redmine - project management software
-# Copyright (C) 2006-2012  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
--- a/app/helpers/admin_helper.rb
+++ b/app/helpers/admin_helper.rb
@@ -1,27 +1,23 @@
-# encoding: utf-8
-#
-# Redmine - project management software
-# Copyright (C) 2006-2012  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 module AdminHelper
  def project_status_options_for_select(selected)
-    options_for_select([[l(:label_all), ''],
-                        [l(:project_status_active), '1'],
-                        [l(:project_status_closed), '5'],
-                        [l(:project_status_archived), '9']], selected.to_s)
+    options_for_select([[l(:label_all), ''], 
+                        [l(:status_active), 1]], selected)
  end
 end
--- a/app/helpers/application_helper.rb
+++ b/app/helpers/application_helper.rb
--- a/app/helpers/attachments_helper.rb
+++ b/app/helpers/attachments_helper.rb
@@ -1,18 +1,16 @@
-# encoding: utf-8
-#
-# Redmine - project management software
-# Copyright (C) 2006-2012  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006-2007  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
@@ -21,27 +19,16 @@ module AttachmentsHelper
  # Displays view/delete links to the attachments of the given object
  # Options:
  #   :author -- author names are not displayed if set to false
-  #   :thumbails -- display thumbnails if enabled in settings
  def link_to_attachments(container, options = {})
-    options.assert_valid_keys(:author, :thumbnails)
-
+    options.assert_valid_keys(:author)
+    
    if container.attachments.any?
      options = {:deletable => container.attachments_deletable?, :author => true}.merge(options)
-      render :partial => 'attachments/links',
-        :locals => {:attachments => container.attachments, :options => options, :thumbnails => (options[:thumbnails] && Setting.thumbnails_enabled?)}
+      render :partial => 'attachments/links', :locals => {:attachments => container.attachments, :options => options}
    end
  end
-
-  def render_api_attachment(attachment, api)
-    api.attachment do
-      api.id attachment.id
-      api.filename attachment.filename
-      api.filesize attachment.filesize
-      api.content_type attachment.content_type
-      api.description attachment.description
-      api.content_url url_for(:controller => 'attachments', :action => 'download', :id => attachment, :filename => attachment.filename, :only_path => false)
-      api.author(:id => attachment.author.id, :name => attachment.author.name) if attachment.author
-      api.created_on attachment.created_on
-    end
+  
+  def to_utf8(str)
+    str
  end
 end
--- a/app/helpers/auth_sources_helper.rb
+++ b/app/helpers/auth_sources_helper.rb
@@ -1,24 +1,19 @@
-# encoding: utf-8
-#
-# Redmine - project management software
-# Copyright (C) 2006-2012  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 module AuthSourcesHelper
-  def auth_source_partial_name(auth_source)
-    "form_#{auth_source.class.name.underscore}"
-  end
 end
--- a/app/helpers/boards_helper.rb
+++ b/app/helpers/boards_helper.rb
@@ -1,41 +1,19 @@
-# encoding: utf-8
-#
-# Redmine - project management software
-# Copyright (C) 2006-2012  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006-2007  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 module BoardsHelper
-  def board_breadcrumb(item)
-    board = item.is_a?(Message) ? item.board : item
-    links = [link_to(l(:label_board_plural), project_boards_path(item.project))]
-    boards = board.ancestors.reverse
-    if item.is_a?(Message)
-      boards << board
-    end
-    links += boards.map {|ancestor| link_to(h(ancestor.name), project_board_path(ancestor.project, ancestor))}
-    breadcrumb links
-  end
-
-  def boards_options_for_select(boards)
-    options = []
-    Board.board_tree(boards) do |board, level|
-      label = (level > 0 ? '&nbsp;' * 2 * level + '&#187; ' : '').html_safe
-      label << board.name
-      options << [label, board.id]
-    end
-    options
-  end
 end
--- a/app/helpers/calendars_helper.rb
+++ b/app/helpers/calendars_helper.rb
@@ -1,22 +1,3 @@
-# encoding: utf-8
-#
-# Redmine - project management software
-# Copyright (C) 2006-2012  Jean-Philippe Lang
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
-# of the License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
-
 module CalendarsHelper
  def link_to_previous_month(year, month, options={})
    target_year, target_month = if month == 1
@@ -24,15 +5,14 @@ module CalendarsHelper
                                else
                                  [year, month - 1]
                                end
-
+    
    name = if target_month == 12
             "#{month_name(target_month)} #{target_year}"
           else
             "#{month_name(target_month)}"
           end

-    # \xc2\xab(utf-8) = &#171;
-    link_to_month(("\xc2\xab " + name), target_year, target_month, options)
+    link_to_month(('&#171; ' + name), target_year, target_month, options)
  end

  def link_to_next_month(year, month, options={})
@@ -48,11 +28,18 @@ module CalendarsHelper
             "#{month_name(target_month)}"
           end

-    # \xc2\xbb(utf-8) = &#187;
-    link_to_month((name + " \xc2\xbb"), target_year, target_month, options)
+    link_to_month((name + ' &#187;'), target_year, target_month, options)
  end

  def link_to_month(link_name, year, month, options={})
-    link_to_content_update(h(link_name), params.merge(:year => year, :month => month))
+    project_id = options[:project].present? ? options[:project].to_param : nil
+
+    link_target = calendar_path(:year => year, :month => month, :project_id => project_id)
+
+    link_to_remote(link_name,
+                   {:update => "content", :url => link_target, :method => :put},
+                   {:href => link_target})
+
  end
+  
 end
--- a/app/helpers/context_menus_helper.rb
+++ b/app/helpers/context_menus_helper.rb
@@ -1,43 +0,0 @@
-# encoding: utf-8
-#
-# Redmine - project management software
-# Copyright (C) 2006-2012  Jean-Philippe Lang
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
-# of the License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
-
-module ContextMenusHelper
-  def context_menu_link(name, url, options={})
-    options[:class] ||= ''
-    if options.delete(:selected)
-      options[:class] << ' icon-checked disabled'
-      options[:disabled] = true
-    end
-    if options.delete(:disabled)
-      options.delete(:method)
-      options.delete(:confirm)
-      options.delete(:onclick)
-      options[:class] << ' disabled'
-      url = '#'
-    end
-    link_to h(name), url, options
-  end
-
-  def bulk_update_custom_field_context_menu_link(field, text, value)
-    context_menu_link h(text),
-      {:controller => 'issues', :action => 'bulk_update', :ids => @issue_ids, :issue => {'custom_field_values' => {field.id => value}}, :back_url => @back},
-      :method => :post,
-      :selected => (@issue && @issue.custom_field_value(field) == value)
-  end
-end
--- a/app/helpers/custom_fields_helper.rb
+++ b/app/helpers/custom_fields_helper.rb
@@ -1,18 +1,16 @@
-# encoding: utf-8
-#
 # Redmine - project management software
-# Copyright (C) 2006-2012  Jean-Philippe Lang
+# Copyright (C) 2006-2011  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
@@ -31,87 +29,63 @@ module CustomFieldsHelper
            {:name => 'DocumentCategoryCustomField', :partial => 'custom_fields/index', :label => DocumentCategory::OptionName}
            ]
  end
-
+  
  # Return custom field html tag corresponding to its format
  def custom_field_tag(name, custom_value)	
    custom_field = custom_value.custom_field
    field_name = "#{name}[custom_field_values][#{custom_field.id}]"
-    field_name << "[]" if custom_field.multiple?
    field_id = "#{name}_custom_field_values_#{custom_field.id}"

-    tag_options = {:id => field_id, :class => "#{custom_field.field_format}_cf"}
-
    field_format = Redmine::CustomFieldFormat.find_by_name(custom_field.field_format)
    case field_format.try(:edit_as)
    when "date"
-      text_field_tag(field_name, custom_value.value, tag_options.merge(:size => 10)) +
+      text_field_tag(field_name, custom_value.value, :id => field_id, :size => 10) + 
      calendar_for(field_id)
    when "text"
-      text_area_tag(field_name, custom_value.value, tag_options.merge(:rows => 3))
+      text_area_tag(field_name, custom_value.value, :id => field_id, :rows => 3, :style => 'width:90%')
    when "bool"
-      hidden_field_tag(field_name, '0') + check_box_tag(field_name, '1', custom_value.true?, tag_options)
+      hidden_field_tag(field_name, '0') + check_box_tag(field_name, '1', custom_value.true?, :id => field_id)
    when "list"
-      blank_option = ''.html_safe
-      unless custom_field.multiple?
-        if custom_field.is_required?
-          unless custom_field.default_value.present?
-            blank_option = content_tag('option', "--- #{l(:actionview_instancetag_blank_option)} ---", :value => '')
-          end
-        else
-          blank_option = content_tag('option')
-        end
-      end
-      s = select_tag(field_name, blank_option + options_for_select(custom_field.possible_values_options(custom_value.customized), custom_value.value),
-        tag_options.merge(:multiple => custom_field.multiple?))
-      if custom_field.multiple?
-        s << hidden_field_tag(field_name, '')
-      end
-      s
+      blank_option = custom_field.is_required? ?
+                       (custom_field.default_value.blank? ? "<option value=\"\">--- #{l(:actionview_instancetag_blank_option)} ---</option>" : '') : 
+                       '<option></option>'
+      select_tag(field_name, blank_option + options_for_select(custom_field.possible_values, custom_value.value), :id => field_id)
    else
-      text_field_tag(field_name, custom_value.value, tag_options)
+      text_field_tag(field_name, custom_value.value, :id => field_id)
    end
  end
-
+  
  # Return custom field label tag
-  def custom_field_label_tag(name, custom_value, options={})
-    required = options[:required] || custom_value.custom_field.is_required?
-
-    content_tag "label", h(custom_value.custom_field.name) +
-      (required ? " <span class=\"required\">*</span>".html_safe : ""),
-      :for => "#{name}_custom_field_values_#{custom_value.custom_field.id}"
+  def custom_field_label_tag(name, custom_value)
+    content_tag "label", custom_value.custom_field.name +
+	(custom_value.custom_field.is_required? ? " <span class=\"required\">*</span>" : ""),
+	:for => "#{name}_custom_field_values_#{custom_value.custom_field.id}",
+	:class => (custom_value.errors.empty? ? nil : "error" )
  end
-
+  
  # Return custom field tag with its label tag
-  def custom_field_tag_with_label(name, custom_value, options={})
-    custom_field_label_tag(name, custom_value, options) + custom_field_tag(name, custom_value)
+  def custom_field_tag_with_label(name, custom_value)
+    custom_field_label_tag(name, custom_value) + custom_field_tag(name, custom_value)
  end
-
-  def custom_field_tag_for_bulk_edit(name, custom_field, projects=nil)
+  
+  def custom_field_tag_for_bulk_edit(name, custom_field)
    field_name = "#{name}[custom_field_values][#{custom_field.id}]"
-    field_name << "[]" if custom_field.multiple?
    field_id = "#{name}_custom_field_values_#{custom_field.id}"
-
-    tag_options = {:id => field_id, :class => "#{custom_field.field_format}_cf"}
-
    field_format = Redmine::CustomFieldFormat.find_by_name(custom_field.field_format)
    case field_format.try(:edit_as)
      when "date"
-        text_field_tag(field_name, '', tag_options.merge(:size => 10)) +
+        text_field_tag(field_name, '', :id => field_id, :size => 10) + 
        calendar_for(field_id)
      when "text"
-        text_area_tag(field_name, '', tag_options.merge(:rows => 3))
+        text_area_tag(field_name, '', :id => field_id, :rows => 3, :style => 'width:90%')
      when "bool"
        select_tag(field_name, options_for_select([[l(:label_no_change_option), ''],
                                                   [l(:general_text_yes), '1'],
-                                                   [l(:general_text_no), '0']]), tag_options)
+                                                   [l(:general_text_no), '0']]), :id => field_id)
      when "list"
-        options = []
-        options << [l(:label_no_change_option), ''] unless custom_field.multiple?
-        options << [l(:label_none), '__none__'] unless custom_field.is_required?
-        options += custom_field.possible_values_options(projects)
-        select_tag(field_name, options_for_select(options), tag_options.merge(:multiple => custom_field.multiple?))
+        select_tag(field_name, options_for_select([[l(:label_no_change_option), '']] + custom_field.possible_values), :id => field_id)
      else
-        text_field_tag(field_name, '', tag_options)
+        text_field_tag(field_name, '', :id => field_id)
    end
  end

@@ -120,37 +94,23 @@ module CustomFieldsHelper
    return "" unless custom_value
    format_value(custom_value.value, custom_value.custom_field.field_format)
  end
-
+  
  # Return a string used to display a custom value
  def format_value(value, field_format)
-    if value.is_a?(Array)
-      value.collect {|v| format_value(v, field_format)}.compact.sort.join(', ')
-    else
-      Redmine::CustomFieldFormat.format_value(value, field_format)
-    end
+    Redmine::CustomFieldFormat.format_value(value, field_format) # Proxy
  end

  # Return an array of custom field formats which can be used in select_tag
-  def custom_field_formats_for_select(custom_field)
-    Redmine::CustomFieldFormat.as_select(custom_field.class.customized_class.name)
+  def custom_field_formats_for_select
+    Redmine::CustomFieldFormat.as_select
  end
-
+  
  # Renders the custom_values in api views
  def render_api_custom_values(custom_values, api)
    api.array :custom_fields do
      custom_values.each do |custom_value|
-        attrs = {:id => custom_value.custom_field_id, :name => custom_value.custom_field.name}
-        attrs.merge!(:multiple => true) if custom_value.custom_field.multiple?
-        api.custom_field attrs do
-          if custom_value.value.is_a?(Array)
-            api.array :value do
-              custom_value.value.each do |value|
-                api.value value unless value.blank?
-              end
-            end
-          else
-            api.value custom_value.value
-          end
+        api.custom_field :id => custom_value.custom_field_id, :name => custom_value.custom_field.name do
+          api.value custom_value.value
        end
      end
    end unless custom_values.empty?
--- a/app/helpers/documents_helper.rb
+++ b/app/helpers/documents_helper.rb
@@ -1,18 +1,16 @@
-# encoding: utf-8
-#
-# Redmine - project management software
-# Copyright (C) 2006-2012  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
--- a/app/helpers/enumerations_helper.rb
+++ b/app/helpers/enumerations_helper.rb
@@ -1,18 +1,16 @@
-# encoding: utf-8
-#
-# Redmine - project management software
-# Copyright (C) 2006-2012  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
--- a/app/helpers/gantt_helper.rb
+++ b/app/helpers/gantt_helper.rb
@@ -1,18 +1,16 @@
-# encoding: utf-8
-#
-# Redmine - project management software
-# Copyright (C) 2006-2012  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
@@ -23,21 +21,29 @@ module GanttHelper
    case in_or_out
    when :in
      if gantt.zoom < 4
-        link_to_content_update l(:text_zoom_in),
-          params.merge(gantt.params.merge(:zoom => (gantt.zoom+1))),
-          :class => 'icon icon-zoom-in'
+        link_to_remote(l(:text_zoom_in),
+                       {:url => gantt.params.merge(:zoom => (gantt.zoom+1)), :method => :get, :update => 'content'},
+                       {:href => url_for(gantt.params.merge(:zoom => (gantt.zoom+1))),
+                        :class => 'icon icon-zoom-in'})
      else
-        content_tag('span', l(:text_zoom_in), :class => 'icon icon-zoom-in').html_safe
+        content_tag('span', l(:text_zoom_in), :class => 'icon icon-zoom-in')
      end
-
+      
    when :out
      if gantt.zoom > 1
-        link_to_content_update l(:text_zoom_out),
-          params.merge(gantt.params.merge(:zoom => (gantt.zoom-1))),
-          :class => 'icon icon-zoom-out'
+        link_to_remote(l(:text_zoom_out),
+                       {:url => gantt.params.merge(:zoom => (gantt.zoom-1)), :method => :get, :update => 'content'},
+                       {:href => url_for(gantt.params.merge(:zoom => (gantt.zoom-1))),
+                        :class => 'icon icon-zoom-out'})
      else
-        content_tag('span', l(:text_zoom_out), :class => 'icon icon-zoom-out').html_safe
+        content_tag('span', l(:text_zoom_out), :class => 'icon icon-zoom-out')
      end
    end
  end
+  
+  def number_of_issues_on_versions(gantt)
+    versions = gantt.events.collect {|event| (event.is_a? Version) ? event : nil}.compact
+
+    versions.sum {|v| v.fixed_issues.for_gantt.with_query(@query).count}
+  end
 end
--- a/app/helpers/groups_helper.rb
+++ b/app/helpers/groups_helper.rb
@@ -1,18 +1,16 @@
-# encoding: utf-8
-#
 # Redmine - project management software
-# Copyright (C) 2006-2012  Jean-Philippe Lang
+# Copyright (C) 2006-2009  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
@@ -26,7 +24,7 @@ module GroupsHelper
    end
    options
  end
-
+  
  def group_settings_tabs
    tabs = [{:name => 'general', :partial => 'groups/general', :label => :label_general},
            {:name => 'users', :partial => 'groups/users', :label => :label_user_plural},
--- a/app/helpers/issue_categories_helper.rb
+++ b/app/helpers/issue_categories_helper.rb
@@ -1,18 +1,16 @@
-# encoding: utf-8
-#
-# Redmine - project management software
-# Copyright (C) 2006-2012  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
--- a/app/helpers/issue_moves_helper.rb
+++ b/app/helpers/issue_moves_helper.rb
@@ -0,0 +1,2 @@
+module IssueMovesHelper
+end
--- a/app/helpers/issue_relations_helper.rb
+++ b/app/helpers/issue_relations_helper.rb
@@ -1,18 +1,16 @@
-# encoding: utf-8
-#
-# Redmine - project management software
-# Copyright (C) 2006-2012  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006-2007  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
--- a/app/helpers/issue_statuses_helper.rb
+++ b/app/helpers/issue_statuses_helper.rb
@@ -1,18 +1,16 @@
-# encoding: utf-8
-#
-# Redmine - project management software
-# Copyright (C) 2006-2012  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
--- a/app/helpers/issues_helper.rb
+++ b/app/helpers/issues_helper.rb
@@ -1,18 +1,16 @@
-# encoding: utf-8
-#
-# Redmine - project management software
-# Copyright (C) 2006-2012  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
@@ -48,38 +46,28 @@ module IssuesHelper
    @cached_label_priority ||= l(:field_priority)
    @cached_label_project ||= l(:field_project)

-    link_to_issue(issue) + "<br /><br />".html_safe +
-      "<strong>#{@cached_label_project}</strong>: #{link_to_project(issue.project)}<br />".html_safe +
-      "<strong>#{@cached_label_status}</strong>: #{h(issue.status.name)}<br />".html_safe +
-      "<strong>#{@cached_label_start_date}</strong>: #{format_date(issue.start_date)}<br />".html_safe +
-      "<strong>#{@cached_label_due_date}</strong>: #{format_date(issue.due_date)}<br />".html_safe +
-      "<strong>#{@cached_label_assigned_to}</strong>: #{h(issue.assigned_to)}<br />".html_safe +
-      "<strong>#{@cached_label_priority}</strong>: #{h(issue.priority.name)}".html_safe
+    link_to_issue(issue) + "<br /><br />" +
+      "<strong>#{@cached_label_project}</strong>: #{link_to_project(issue.project)}<br />" +
+      "<strong>#{@cached_label_status}</strong>: #{issue.status.name}<br />" +
+      "<strong>#{@cached_label_start_date}</strong>: #{format_date(issue.start_date)}<br />" +
+      "<strong>#{@cached_label_due_date}</strong>: #{format_date(issue.due_date)}<br />" +
+      "<strong>#{@cached_label_assigned_to}</strong>: #{issue.assigned_to}<br />" +
+      "<strong>#{@cached_label_priority}</strong>: #{issue.priority.name}"
  end
-
-  def issue_heading(issue)
-    h("#{issue.tracker} ##{issue.id}")
-  end
-
+    
  def render_issue_subject_with_tree(issue)
    s = ''
-    ancestors = issue.root? ? [] : issue.ancestors.visible.all
-    ancestors.each do |ancestor|
+    issue.ancestors.each do |ancestor|
      s << '<div>' + content_tag('p', link_to_issue(ancestor))
    end
-    s << '<div>'
-    subject = h(issue.subject)
-    if issue.is_private?
-      subject = content_tag('span', l(:field_is_private), :class => 'private') + ' ' + subject
-    end
-    s << content_tag('h3', subject)
-    s << '</div>' * (ancestors.size + 1)
-    s.html_safe
+    s << '<div>' + content_tag('h3', h(issue.subject))
+    s << '</div>' * (issue.ancestors.size + 1)
+    s
  end
-
+  
  def render_descendants_tree(issue)
    s = '<form><table class="list issues">'
-    issue_list(issue.descendants.visible.sort_by(&:lft)) do |child, level|
+    issue_list(issue.descendants.sort_by(&:lft)) do |child, level|
      s << content_tag('tr',
             content_tag('td', check_box_tag("ids[]", child.id, false, :id => nil), :class => 'checkbox') +
             content_tag('td', link_to_issue(child, :truncate => 60), :class => 'subject') +
@@ -88,52 +76,10 @@ module IssuesHelper
             content_tag('td', progress_bar(child.done_ratio, :width => '80px')),
             :class => "issue issue-#{child.id} hascontextmenu #{level > 0 ? "idnt idnt-#{level}" : nil}")
    end
-    s << '</table></form>'
-    s.html_safe
+    s << '</form></table>'
+    s
  end
-
-  class IssueFieldsRows
-    include ActionView::Helpers::TagHelper
-
-    def initialize
-      @left = []
-      @right = []
-    end
-
-    def left(*args)
-      args.any? ? @left << cells(*args) : @left
-    end
-
-    def right(*args)
-      args.any? ? @right << cells(*args) : @right
-    end
-
-    def size
-      @left.size > @right.size ? @left.size : @right.size
-    end
-
-    def to_html
-      html = ''.html_safe
-      blank = content_tag('th', '') + content_tag('td', '')
-      size.times do |i|
-        left = @left[i] || blank
-        right = @right[i] || blank
-        html << content_tag('tr', left + right)
-      end
-      html
-    end
-
-    def cells(label, text, options={})
-      content_tag('th', "#{label}:", options) + content_tag('td', text, options)
-    end
-  end
-
-  def issue_fields_rows
-    r = IssueFieldsRows.new
-    yield r
-    r.to_html
-  end
-
+  
  def render_custom_fields_rows(issue)
    return if issue.custom_field_values.empty?
    ordered_values = []
@@ -150,129 +96,49 @@ module IssuesHelper
      n += 1
    end
    s << "</tr>\n"
-    s.html_safe
+    s
  end
-
-  def issues_destroy_confirmation_message(issues)
-    issues = [issues] unless issues.is_a?(Array)
-    message = l(:text_issues_destroy_confirmation)
-    descendant_count = issues.inject(0) {|memo, i| memo += (i.right - i.left - 1)/2}
-    if descendant_count > 0
-      issues.each do |issue|
-        next if issue.root?
-        issues.each do |other_issue|
-          descendant_count -= 1 if issue.is_descendant_of?(other_issue)
-        end
-      end
-      if descendant_count > 0
-        message << "\n" + l(:text_issues_destroy_descendants_confirmation, :count => descendant_count)
-      end
-    end
-    message
-  end
-
+  
  def sidebar_queries
    unless @sidebar_queries
-      @sidebar_queries = Query.visible.all(
-        :order => "#{Query.table_name}.name ASC",
-        # Project specific queries and global queries
-        :conditions => (@project.nil? ? ["project_id IS NULL"] : ["project_id IS NULL OR project_id = ?", @project.id])
-      )
+      # User can see public queries and his own queries
+      visible = ARCondition.new(["is_public = ? OR user_id = ?", true, (User.current.logged? ? User.current.id : 0)])
+      # Project specific queries and global queries
+      visible << (@project.nil? ? ["project_id IS NULL"] : ["project_id IS NULL OR project_id = ?", @project.id])
+      @sidebar_queries = Query.find(:all, 
+                                    :select => 'id, name',
+                                    :order => "name ASC",
+                                    :conditions => visible.conditions)
    end
    @sidebar_queries
  end

-  def query_links(title, queries)
-    # links to #index on issues/show
-    url_params = controller_name == 'issues' ? {:controller => 'issues', :action => 'index', :project_id => @project} : params
-
-    content_tag('h3', h(title)) +
-      queries.collect {|query|
-          css = 'query'
-          css << ' selected' if query == @query
-          link_to(h(query.name), url_params.merge(:query_id => query), :class => css)
-        }.join('<br />').html_safe
-  end
-
-  def render_sidebar_queries
-    out = ''.html_safe
-    queries = sidebar_queries.select {|q| !q.is_public?}
-    out << query_links(l(:label_my_queries), queries) if queries.any?
-    queries = sidebar_queries.select {|q| q.is_public?}
-    out << query_links(l(:label_query_plural), queries) if queries.any?
-    out
-  end
-
-  # Returns the textual representation of a journal details
-  # as an array of strings
-  def details_to_strings(details, no_html=false, options={})
-    options[:only_path] = (options[:only_path] == false ? false : true)
-    strings = []
-    values_by_field = {}
-    details.each do |detail|
-      if detail.property == 'cf'
-        field_id = detail.prop_key
-        field = CustomField.find_by_id(field_id)
-        if field && field.multiple?
-          values_by_field[field_id] ||= {:added => [], :deleted => []}
-          if detail.old_value
-            values_by_field[field_id][:deleted] << detail.old_value
-          end
-          if detail.value
-            values_by_field[field_id][:added] << detail.value
-          end
-          next
-        end
-      end
-      strings << show_detail(detail, no_html, options)
-    end
-    values_by_field.each do |field_id, changes|
-      detail = JournalDetail.new(:property => 'cf', :prop_key => field_id)
-      if changes[:added].any?
-        detail.value = changes[:added]
-        strings << show_detail(detail, no_html, options)
-      elsif changes[:deleted].any?
-        detail.old_value = changes[:deleted]
-        strings << show_detail(detail, no_html, options)
-      end
-    end
-    strings
-  end
-
-  # Returns the textual representation of a single journal detail
-  def show_detail(detail, no_html=false, options={})
-    multiple = false
+  def show_detail(detail, no_html=false)
    case detail.property
    when 'attr'
      field = detail.prop_key.to_s.gsub(/\_id$/, "")
      label = l(("field_" + field).to_sym)
-      case detail.prop_key
-      when 'due_date', 'start_date'
+      case
+      when ['due_date', 'start_date'].include?(detail.prop_key)
        value = format_date(detail.value.to_date) if detail.value
        old_value = format_date(detail.old_value.to_date) if detail.old_value

-      when 'project_id', 'status_id', 'tracker_id', 'assigned_to_id',
-            'priority_id', 'category_id', 'fixed_version_id'
+      when ['project_id', 'status_id', 'tracker_id', 'assigned_to_id', 'priority_id', 'category_id', 'fixed_version_id'].include?(detail.prop_key)
        value = find_name_by_reflection(field, detail.value)
        old_value = find_name_by_reflection(field, detail.old_value)

-      when 'estimated_hours'
+      when detail.prop_key == 'estimated_hours'
        value = "%0.02f" % detail.value.to_f unless detail.value.blank?
        old_value = "%0.02f" % detail.old_value.to_f unless detail.old_value.blank?

-      when 'parent_id'
+      when detail.prop_key == 'parent_id'
        label = l(:field_parent_issue)
        value = "##{detail.value}" unless detail.value.blank?
        old_value = "##{detail.old_value}" unless detail.old_value.blank?
-
-      when 'is_private'
-        value = l(detail.value == "0" ? :general_text_No : :general_text_Yes) unless detail.value.blank?
-        old_value = l(detail.old_value == "0" ? :general_text_No : :general_text_Yes) unless detail.old_value.blank?
      end
    when 'cf'
      custom_field = CustomField.find_by_id(detail.prop_key)
      if custom_field
-        multiple = custom_field.multiple?
        label = custom_field.name
        value = format_value(detail.value, custom_field.field_format) if detail.value
        old_value = format_value(detail.old_value, custom_field.field_format) if detail.old_value
@@ -280,57 +146,37 @@ module IssuesHelper
    when 'attachment'
      label = l(:label_attachment)
    end
-    call_hook(:helper_issues_show_detail_after_setting,
-              {:detail => detail, :label => label, :value => value, :old_value => old_value })
+    call_hook(:helper_issues_show_detail_after_setting, {:detail => detail, :label => label, :value => value, :old_value => old_value })

    label ||= detail.prop_key
    value ||= detail.value
    old_value ||= detail.old_value
-
+    
    unless no_html
      label = content_tag('strong', label)
      old_value = content_tag("i", h(old_value)) if detail.old_value
-      old_value = content_tag("del", old_value) if detail.old_value and detail.value.blank?
-      if detail.property == 'attachment' && !value.blank? && atta = Attachment.find_by_id(detail.prop_key)
+      old_value = content_tag("strike", old_value) if detail.old_value and (!detail.value or detail.value.empty?)
+      if detail.property == 'attachment' && !value.blank? && a = Attachment.find_by_id(detail.prop_key)
        # Link to the attachment if it has not been removed
-        value = link_to_attachment(atta, :download => true, :only_path => options[:only_path])
-        if options[:only_path] != false && atta.is_text?
-          value += link_to(
-                       image_tag('magnifier.png'),
-                       :controller => 'attachments', :action => 'show',
-                       :id => atta, :filename => atta.filename
-                     )
-        end
+        value = link_to_attachment(a)
      else
        value = content_tag("i", h(value)) if value
      end
    end
-
-    if detail.property == 'attr' && detail.prop_key == 'description'
-      s = l(:text_journal_changed_no_detail, :label => label)
-      unless no_html
-        diff_link = link_to 'diff',
-          {:controller => 'journals', :action => 'diff', :id => detail.journal_id,
-           :detail_id => detail.id, :only_path => options[:only_path]},
-          :title => l(:label_view_diff)
-        s << " (#{ diff_link })"
-      end
-      s.html_safe
-    elsif detail.value.present?
+    
+    if !detail.value.blank?
      case detail.property
      when 'attr', 'cf'
-        if detail.old_value.present?
-          l(:text_journal_changed, :label => label, :old => old_value, :new => value).html_safe
-        elsif multiple
-          l(:text_journal_added, :label => label, :value => value).html_safe
+        if !detail.old_value.blank?
+          l(:text_journal_changed, :label => label, :old => old_value, :new => value)
        else
-          l(:text_journal_set_to, :label => label, :value => value).html_safe
+          l(:text_journal_set_to, :label => label, :value => value)
        end
      when 'attachment'
-        l(:text_journal_added, :label => label, :value => value).html_safe
+        l(:text_journal_added, :label => label, :value => value)
      end
    else
-      l(:text_journal_deleted, :label => label, :old => old_value).html_safe
+      l(:text_journal_deleted, :label => label, :old => old_value)
    end
  end

@@ -342,7 +188,7 @@ module IssuesHelper
      return record.name if record
    end
  end
-
+  
  # Renders issue children recursively
  def render_api_issue_children(issue, api)
    return if issue.leaf?
@@ -356,39 +202,60 @@ module IssuesHelper
      end
    end
  end
-
-  def issues_to_csv(issues, project, query, options={})
+  
+  def issues_to_csv(issues, project = nil)
+    ic = Iconv.new(l(:general_csv_encoding), 'UTF-8')    
    decimal_separator = l(:general_csv_decimal_separator)
-    encoding = l(:general_csv_encoding)
-    columns = (options[:columns] == 'all' ? query.available_columns : query.columns)
-
    export = FCSV.generate(:col_sep => l(:general_csv_separator)) do |csv|
      # csv header fields
-      csv << [ "#" ] + columns.collect {|c| Redmine::CodesetUtil.from_utf8(c.caption.to_s, encoding) } +
-        (options[:description] ? [Redmine::CodesetUtil.from_utf8(l(:field_description), encoding)] : [])
-
+      headers = [ "#",
+                  l(:field_status), 
+                  l(:field_project),
+                  l(:field_tracker),
+                  l(:field_priority),
+                  l(:field_subject),
+                  l(:field_assigned_to),
+                  l(:field_category),
+                  l(:field_fixed_version),
+                  l(:field_author),
+                  l(:field_start_date),
+                  l(:field_due_date),
+                  l(:field_done_ratio),
+                  l(:field_estimated_hours),
+                  l(:field_parent_issue),
+                  l(:field_created_on),
+                  l(:field_updated_on)
+                  ]
+      # Export project custom fields if project is given
+      # otherwise export custom fields marked as "For all projects"
+      custom_fields = project.nil? ? IssueCustomField.for_all : project.all_issue_custom_fields
+      custom_fields.each {|f| headers << f.name}
+      # Description in the last column
+      headers << l(:field_description)
+      csv << headers.collect {|c| begin; ic.iconv(c.to_s); rescue; c.to_s; end }
      # csv lines
      issues.each do |issue|
-        col_values = columns.collect do |column|
-          s = if column.is_a?(QueryCustomFieldColumn)
-            cv = issue.custom_field_values.detect {|v| v.custom_field_id == column.custom_field.id}
-            show_value(cv)
-          else
-            value = column.value(issue)
-            if value.is_a?(Date)
-              format_date(value)
-            elsif value.is_a?(Time)
-              format_time(value)
-            elsif value.is_a?(Float)
-              ("%.2f" % value).gsub('.', decimal_separator)
-            else
-              value
-            end
-          end
-          s.to_s
-        end
-        csv << [ issue.id.to_s ] + col_values.collect {|c| Redmine::CodesetUtil.from_utf8(c.to_s, encoding) } +
-          (options[:description] ? [Redmine::CodesetUtil.from_utf8(issue.description, encoding)] : [])
+        fields = [issue.id,
+                  issue.status.name, 
+                  issue.project.name,
+                  issue.tracker.name, 
+                  issue.priority.name,
+                  issue.subject,
+                  issue.assigned_to,
+                  issue.category,
+                  issue.fixed_version,
+                  issue.author.name,
+                  format_date(issue.start_date),
+                  format_date(issue.due_date),
+                  issue.done_ratio,
+                  issue.estimated_hours.to_s.gsub('.', decimal_separator),
+                  issue.parent_id,
+                  format_time(issue.created_on),  
+                  format_time(issue.updated_on)
+                  ]
+        custom_fields.each {|f| fields << show_value(issue.custom_value_for(f)) }
+        fields << issue.description
+        csv << fields.collect {|c| begin; ic.iconv(c.to_s); rescue; c.to_s; end }
      end
    end
    export
--- a/app/helpers/journals_helper.rb
+++ b/app/helpers/journals_helper.rb
@@ -1,18 +1,16 @@
-# encoding: utf-8
-#
-# Redmine - project management software
-# Copyright (C) 2006-2012  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006-2008  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
@@ -23,24 +21,22 @@ module JournalsHelper
    editable = User.current.logged? && (User.current.allowed_to?(:edit_issue_notes, issue.project) || (journal.user == User.current && User.current.allowed_to?(:edit_own_issue_notes, issue.project)))
    links = []
    if !journal.notes.blank?
-      links << link_to(image_tag('comment.png'),
-                       {:controller => 'journals', :action => 'new', :id => issue, :journal_id => journal},
-                       :remote => true,
-                       :method => 'post',
-                       :title => l(:button_quote)) if options[:reply_links]
-      links << link_to_in_place_notes_editor(image_tag('edit.png'), "journal-#{journal.id}-notes",
-                                             { :controller => 'journals', :action => 'edit', :id => journal, :format => 'js' },
+      links << link_to_remote(image_tag('comment.png'),
+                              { :url => {:controller => 'journals', :action => 'new', :id => issue, :journal_id => journal} },
+                              :title => l(:button_quote)) if options[:reply_links]
+      links << link_to_in_place_notes_editor(image_tag('edit.png'), "journal-#{journal.id}-notes", 
+                                             { :controller => 'journals', :action => 'edit', :id => journal },
                                                :title => l(:button_edit)) if editable
    end
-    content << content_tag('div', links.join(' ').html_safe, :class => 'contextual') unless links.empty?
+    content << content_tag('div', links.join(' '), :class => 'contextual') unless links.empty?
    content << textilizable(journal, :notes)
    css_classes = "wiki"
    css_classes << " editable" if editable
-    content_tag('div', content.html_safe, :id => "journal-#{journal.id}-notes", :class => css_classes)
+    content_tag('div', content, :id => "journal-#{journal.id}-notes", :class => css_classes)
  end
-
+  
  def link_to_in_place_notes_editor(text, field_id, url, options={})
-    onclick = "$.ajax({url: '#{url_for(url)}', type: 'get'}); return false;"
+    onclick = "new Ajax.Request('#{url_for(url)}', {asynchronous:true, evalScripts:true, method:'get'}); return false;"
    link_to text, '#', options.merge(:onclick => onclick)
  end
 end
--- a/app/helpers/mail_handler_helper.rb
+++ b/app/helpers/mail_handler_helper.rb
@@ -1,18 +1,16 @@
-# encoding: utf-8
-#
-# Redmine - project management software
-# Copyright (C) 2006-2012  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006-2008  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
--- a/app/helpers/members_helper.rb
+++ b/app/helpers/members_helper.rb
@@ -1,18 +1,16 @@
-# encoding: utf-8
-#
-# Redmine - project management software
-# Copyright (C) 2006-2012  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
--- a/app/helpers/messages_helper.rb
+++ b/app/helpers/messages_helper.rb
@@ -1,21 +1,29 @@
-# encoding: utf-8
-#
-# Redmine - project management software
-# Copyright (C) 2006-2012  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006-2007  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 module MessagesHelper
+
+  def link_to_message(message)
+    return '' unless message
+    link_to h(truncate(message.subject, :length => 60)), :controller => 'messages',
+                                           :action => 'show',
+                                           :board_id => message.board_id,
+                                           :id => message.root,
+                                           :r => (message.parent_id && message.id),
+                                           :anchor => (message.parent_id ? "message-#{message.id}" : nil)
+  end
 end
--- a/app/helpers/my_helper.rb
+++ b/app/helpers/my_helper.rb
@@ -1,18 +1,16 @@
-# encoding: utf-8
-#
-# Redmine - project management software
-# Copyright (C) 2006-2012  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
--- a/app/helpers/news_helper.rb
+++ b/app/helpers/news_helper.rb
@@ -1,18 +1,16 @@
-# encoding: utf-8
-#
-# Redmine - project management software
-# Copyright (C) 2006-2012  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
--- a/app/helpers/projects_helper.rb
+++ b/app/helpers/projects_helper.rb
@@ -1,18 +1,16 @@
-# encoding: utf-8
-#
-# Redmine - project management software
-# Copyright (C) 2006-2012  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
@@ -22,7 +20,7 @@ module ProjectsHelper
    return '' unless version && version.is_a?(Version)
    link_to_if version.visible?, format_version_name(version), { :controller => 'versions', :action => 'show', :id => version }, options
  end
-
+  
  def project_settings_tabs
    tabs = [{:name => 'info', :action => :edit_project, :partial => 'projects/edit', :label => :label_information_plural},
            {:name => 'modules', :action => :select_project_modules, :partial => 'projects/settings/modules', :label => :label_module_plural},
@@ -30,13 +28,13 @@ module ProjectsHelper
            {:name => 'versions', :action => :manage_versions, :partial => 'projects/settings/versions', :label => :label_version_plural},
            {:name => 'categories', :action => :manage_categories, :partial => 'projects/settings/issue_categories', :label => :label_issue_category_plural},
            {:name => 'wiki', :action => :manage_wiki, :partial => 'projects/settings/wiki', :label => :label_wiki},
-            {:name => 'repositories', :action => :manage_repository, :partial => 'projects/settings/repositories', :label => :label_repository_plural},
+            {:name => 'repository', :action => :manage_repository, :partial => 'projects/settings/repository', :label => :label_repository},
            {:name => 'boards', :action => :manage_boards, :partial => 'projects/settings/boards', :label => :label_board_plural},
            {:name => 'activities', :action => :manage_project_activities, :partial => 'projects/settings/activities', :label => :enumeration_activities}
            ]
-    tabs.select {|tab| User.current.allowed_to?(tab[:action], @project)}
+    tabs.select {|tab| User.current.allowed_to?(tab[:action], @project)}     
  end
-
+  
  def parent_project_select_tag(project)
    selected = project.parent
    # retrieve the requested parent project
@@ -44,22 +42,45 @@ module ProjectsHelper
    if parent_id
      selected = (parent_id.blank? ? nil : Project.find(parent_id))
    end
-
+    
    options = ''
    options << "<option value=''></option>" if project.allowed_parents.include?(nil)
    options << project_tree_options_for_select(project.allowed_parents.compact, :selected => selected)
-    content_tag('select', options.html_safe, :name => 'project[parent_id]', :id => 'project_parent_id')
+    content_tag('select', options, :name => 'project[parent_id]', :id => 'project_parent_id')
  end
-
-  # Renders the projects index
+  
+  # Renders a tree of projects as a nested set of unordered lists
+  # The given collection may be a subset of the whole project tree
+  # (eg. some intermediate nodes are private and can not be seen)
  def render_project_hierarchy(projects)
-    render_project_nested_lists(projects) do |project|
-      s = link_to_project(project, {}, :class => "#{project.css_classes} #{User.current.member_of?(project) ? 'my-project' : nil}")
-      if project.description.present?
-        s << content_tag('div', textilizable(project.short_description, :project => project), :class => 'wiki description')
+    s = ''
+    if projects.any?
+      ancestors = []
+      original_project = @project
+      projects.each do |project|
+        # set the project environment to please macros.
+        @project = project
+        if (ancestors.empty? || project.is_descendant_of?(ancestors.last))
+          s << "<ul class='projects #{ ancestors.empty? ? 'root' : nil}'>\n"
+        else
+          ancestors.pop
+          s << "</li>"
+          while (ancestors.any? && !project.is_descendant_of?(ancestors.last)) 
+            ancestors.pop
+            s << "</ul></li>\n"
+          end
+        end
+        classes = (ancestors.empty? ? 'root' : 'child')
+        s << "<li class='#{classes}'><div class='#{classes}'>" +
+               link_to_project(project, {}, :class => "project #{User.current.member_of?(project) ? 'my-project' : nil}")
+        s << "<div class='wiki description'>#{textilizable(project.short_description, :project => project)}</div>" unless project.description.blank?
+        s << "</div>\n"
+        ancestors << project
      end
-      s
+      s << ("</li></ul>\n" * ancestors.size)
+      @project = original_project
    end
+    s
  end

  # Returns a set of options for a select field, grouped by project.
@@ -68,7 +89,11 @@ module ProjectsHelper
    versions.each do |version|
      grouped[version.project.name] << [version.name, version.id]
    end
-
+    # Add in the selected
+    if selected && !versions.include?(selected)
+      grouped[selected.project.name] << [selected.name, selected.id]
+    end
+    
    if grouped.keys.size > 1
      grouped_options_for_select(grouped, selected && selected.id)
    else
--- a/app/helpers/queries_helper.rb
+++ b/app/helpers/queries_helper.rb
@@ -1,47 +1,35 @@
-# encoding: utf-8
-#
-# Redmine - project management software
-# Copyright (C) 2006-2012  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006-2007  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 module QueriesHelper
-  def filters_options_for_select(query)
-    options = [[]]
-    options += query.available_filters.sort {|a,b| a[1][:order] <=> b[1][:order]}.map do |field, field_options|
-      [field_options[:name], field]
-    end
-    options_for_select(options)
-  end
-
-  def column_header(column)
-    column.sortable ? sort_header_tag(column.name.to_s, :caption => column.caption,
-                                                        :default_order => column.default_order) :
-                      content_tag('th', h(column.caption))
-  end
-
-  def column_content(column, issue)
-    value = column.value(issue)
-    if value.is_a?(Array)
-      value.collect {|v| column_value(column, issue, v)}.compact.sort.join(', ').html_safe
-    else
-      column_value(column, issue, value)
-    end
+  
+  def operators_for_select(filter_type)
+    Query.operators_by_filter_type[filter_type].collect {|o| [l(Query.operators[o]), o]}
  end
  
-  def column_value(column, issue, value)
+  def column_header(column)
+    column.sortable ? sort_header_tag(column.name.to_s, :caption => column.caption,
+                                                        :default_order => column.default_order) : 
+                      content_tag('th', column.caption)
+  end
+  
+  def column_content(column, issue)
+    value = column.value(issue)
+    
    case value.class.name
    when 'String'
      if column.name == :subject
@@ -56,10 +44,8 @@ module QueriesHelper
    when 'Fixnum', 'Float'
      if column.name == :done_ratio
        progress_bar(value, :width => '80px')
-      elsif  column.name == :spent_hours
-        sprintf "%.2f", value
      else
-        h(value.to_s)
+        value.to_s
      end
    when 'User'
      link_to_user value
@@ -84,51 +70,30 @@ module QueriesHelper
      cond = "project_id IS NULL"
      cond << " OR project_id = #{@project.id}" if @project
      @query = Query.find(params[:query_id], :conditions => cond)
-      raise ::Unauthorized unless @query.visible?
      @query.project = @project
      session[:query] = {:id => @query.id, :project_id => @query.project_id}
      sort_clear
-    elsif api_request? || params[:set_filter] || session[:query].nil? || session[:query][:project_id] != (@project ? @project.id : nil)
-      # Give it a name, required to be valid
-      @query = Query.new(:name => "_")
-      @query.project = @project
-      build_query_from_params
-      session[:query] = {:project_id => @query.project_id, :filters => @query.filters, :group_by => @query.group_by, :column_names => @query.column_names}
    else
-      # retrieve from session
-      @query = Query.find_by_id(session[:query][:id]) if session[:query][:id]
-      @query ||= Query.new(:name => "_", :filters => session[:query][:filters], :group_by => session[:query][:group_by], :column_names => session[:query][:column_names])
-      @query.project = @project
-    end
-  end
-
-  def retrieve_query_from_session
-    if session[:query]
-      if session[:query][:id]
-        @query = Query.find_by_id(session[:query][:id])
-        return unless @query
-      else
-        @query = Query.new(:name => "_", :filters => session[:query][:filters], :group_by => session[:query][:group_by], :column_names => session[:query][:column_names])
-      end
-      if session[:query].has_key?(:project_id)
-        @query.project_id = session[:query][:project_id]
+      if api_request? || params[:set_filter] || session[:query].nil? || session[:query][:project_id] != (@project ? @project.id : nil)
+        # Give it a name, required to be valid
+        @query = Query.new(:name => "_")
+        @query.project = @project
+        if params[:fields]
+          @query.filters = {}
+          @query.add_filters(params[:fields], params[:operators], params[:values])
+        else
+          @query.available_filters.keys.each do |field|
+            @query.add_short_filter(field, params[field]) if params[field]
+          end
+        end
+        @query.group_by = params[:group_by]
+        @query.column_names = params[:query] && params[:query][:column_names]
+        session[:query] = {:project_id => @query.project_id, :filters => @query.filters, :group_by => @query.group_by, :column_names => @query.column_names}
      else
+        @query = Query.find_by_id(session[:query][:id]) if session[:query][:id]
+        @query ||= Query.new(:name => "_", :project => @project, :filters => session[:query][:filters], :group_by => session[:query][:group_by], :column_names => session[:query][:column_names])
        @query.project = @project
      end
-      @query
    end
  end
-
-  def build_query_from_params
-    if params[:fields] || params[:f]
-      @query.filters = {}
-      @query.add_filters(params[:fields] || params[:f], params[:operators] || params[:op], params[:values] || params[:v])
-    else
-      @query.available_filters.keys.each do |field|
-        @query.add_short_filter(field, params[field]) if params[field]
-      end
-    end
-    @query.group_by = params[:group_by] || (params[:query] && params[:query][:group_by])
-    @query.column_names = params[:c] || (params[:query] && params[:query][:column_names])
-  end
 end
--- a/app/helpers/reports_helper.rb
+++ b/app/helpers/reports_helper.rb
@@ -1,24 +1,22 @@
-# encoding: utf-8
-#
-# Redmine - project management software
-# Copyright (C) 2006-2012  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 module ReportsHelper
-
+  
  def aggregate(data, criteria)
    a = 0
    data.each { |row|
@@ -30,9 +28,9 @@ module ReportsHelper
    } unless data.nil?
    a
  end
-
+  
  def aggregate_link(data, criteria, *args)
    a = aggregate data, criteria
-    a > 0 ? link_to(h(a), *args) : '-'
-  end
+    a > 0 ? link_to(a, *args) : '-'
+  end  
 end
--- a/app/helpers/repositories_helper.rb
+++ b/app/helpers/repositories_helper.rb
@@ -1,24 +1,21 @@
-# encoding: utf-8
-#
-# Redmine - project management software
-# Copyright (C) 2006-2012  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 require 'iconv'
-require 'redmine/codeset_util'

 module RepositoriesHelper
  def format_revision(revision)
@@ -28,40 +25,39 @@ module RepositoriesHelper
      revision.to_s
    end
  end
-
+  
  def truncate_at_line_break(text, length = 255)
    if text
      text.gsub(%r{^(.{#{length}}[^\n]*)\n.+$}m, '\\1...')
    end
  end
-
+  
  def render_properties(properties)
    unless properties.nil? || properties.empty?
      content = ''
      properties.keys.sort.each do |property|
-        content << content_tag('li', "<b>#{h property}</b>: <span>#{h properties[property]}</span>".html_safe)
+        content << content_tag('li', "<b>#{h property}</b>: <span>#{h properties[property]}</span>")
      end
-      content_tag('ul', content.html_safe, :class => 'properties')
+      content_tag('ul', content, :class => 'properties')
    end
  end
-
+  
  def render_changeset_changes
-    changes = @changeset.filechanges.find(:all, :limit => 1000, :order => 'path').collect do |change|
+    changes = @changeset.changes.find(:all, :limit => 1000, :order => 'path').collect do |change|
      case change.action
      when 'A'
        # Detects moved/copied files
        if !change.from_path.blank?
-          change.action =
-             @changeset.filechanges.detect {|c| c.action == 'D' && c.path == change.from_path} ? 'R' : 'C'
+          change.action = @changeset.changes.detect {|c| c.action == 'D' && c.path == change.from_path} ? 'R' : 'C'
        end
        change
      when 'D'
-        @changeset.filechanges.detect {|c| c.from_path == change.path} ? nil : change
+        @changeset.changes.detect {|c| c.from_path == change.path} ? nil : change
      else
        change
      end
-    end.compact
-
+   end.compact
+    
    tree = { }
    changes.each do |change|
      p = tree
@@ -76,11 +72,13 @@ module RepositoriesHelper
      end
      p[:c] = change
    end
+    
    render_changes_tree(tree[:s])
  end
-
+  
  def render_changes_tree(tree)
    return '' if tree.nil?
+    
    output = ''
    output << '<ul>'
    tree.keys.sort.each do |file|
@@ -89,225 +87,106 @@ module RepositoriesHelper
      if s = tree[file][:s]
        style << ' folder'
        path_param = to_path_param(@repository.relative_path(file))
-        text = link_to(h(text), :controller => 'repositories',
+        text = link_to(text, :controller => 'repositories',
                             :action => 'show',
                             :id => @project,
-                             :repository_id => @repository.identifier_param,
                             :path => path_param,
                             :rev => @changeset.identifier)
-        output << "<li class='#{style}'>#{text}"
+        output << "<li class='#{style}'>#{text}</li>"
        output << render_changes_tree(s)
-        output << "</li>"
      elsif c = tree[file][:c]
        style << " change-#{c.action}"
        path_param = to_path_param(@repository.relative_path(c.path))
-        text = link_to(h(text), :controller => 'repositories',
+        text = link_to(text, :controller => 'repositories',
                             :action => 'entry',
                             :id => @project,
-                             :repository_id => @repository.identifier_param,
                             :path => path_param,
                             :rev => @changeset.identifier) unless c.action == 'D'
-        text << " - #{h(c.revision)}" unless c.revision.blank?
-        text << ' ('.html_safe + link_to(l(:label_diff), :controller => 'repositories',
+        text << " - #{c.revision}" unless c.revision.blank?
+        text << ' (' + link_to('diff', :controller => 'repositories',
                                       :action => 'diff',
                                       :id => @project,
-                                       :repository_id => @repository.identifier_param,
                                       :path => path_param,
-                                       :rev => @changeset.identifier) + ') '.html_safe if c.action == 'M'
-        text << ' '.html_safe + content_tag('span', h(c.from_path), :class => 'copied-from') unless c.from_path.blank?
+                                       :rev => @changeset.identifier) + ') ' if c.action == 'M'
+        text << ' ' + content_tag('span', c.from_path, :class => 'copied-from') unless c.from_path.blank?
        output << "<li class='#{style}'>#{text}</li>"
      end
    end
    output << '</ul>'
-    output.html_safe
+    output
  end
-
-  def repository_field_tags(form, repository)
-    method = repository.class.name.demodulize.underscore + "_field_tags"
-    if repository.is_a?(Repository) &&
-        respond_to?(method) && method != 'repository_field_tags'
-      send(method, form, repository)
+  
+  def to_utf8(str)
+    return str if /\A[\r\n\t\x20-\x7e]*\Z/n.match(str) # for us-ascii
+    @encodings ||= Setting.repositories_encodings.split(',').collect(&:strip)
+    @encodings.each do |encoding|
+      begin
+        return Iconv.conv('UTF-8', encoding, str)
+      rescue Iconv::Failure
+        # do nothing here and try the next encoding
+      end
    end
+    str
  end
-
+  
+  def repository_field_tags(form, repository)    
+    method = repository.class.name.demodulize.underscore + "_field_tags"
+    send(method, form, repository) if repository.is_a?(Repository) && respond_to?(method) && method != 'repository_field_tags'
+  end
+  
  def scm_select_tag(repository)
    scm_options = [["--- #{l(:actionview_instancetag_blank_option)} ---", '']]
    Redmine::Scm::Base.all.each do |scm|
-    if Setting.enabled_scm.include?(scm) ||
-          (repository && repository.class.name.demodulize == scm)
-        scm_options << ["Repository::#{scm}".constantize.scm_name, scm]
-      end
+      scm_options << ["Repository::#{scm}".constantize.scm_name, scm] if Setting.enabled_scm.include?(scm) || (repository && repository.class.name.demodulize == scm)
    end
-    select_tag('repository_scm',
+    
+    select_tag('repository_scm', 
               options_for_select(scm_options, repository.class.name.demodulize),
               :disabled => (repository && !repository.new_record?),
-               :data => {:remote => true, :method => 'get'})
+               :onchange => remote_function(:url => { :controller => 'repositories', :action => 'edit', :id => @project }, :method => :get, :with => "Form.serialize(this.form)")
+               )
  end
-
+  
  def with_leading_slash(path)
    path.to_s.starts_with?('/') ? path : "/#{path}"
  end
-
+  
  def without_leading_slash(path)
    path.gsub(%r{^/+}, '')
  end

  def subversion_field_tags(form, repository)
-      content_tag('p', form.text_field(:url, :size => 60, :required => true,
-                       :disabled => !repository.safe_attribute?('url')) +
-                       '<br />'.html_safe +
-                       '(file:///, http://, https://, svn://, svn+[tunnelscheme]://)') +
+      content_tag('p', form.text_field(:url, :size => 60, :required => true, :disabled => (repository && !repository.root_url.blank?)) +
+                       '<br />(file:///, http://, https://, svn://, svn+[tunnelscheme]://)') +
      content_tag('p', form.text_field(:login, :size => 30)) +
-      content_tag('p', form.password_field(
-                            :password, :size => 30, :name => 'ignore',
-                            :value => ((repository.new_record? || repository.password.blank?) ? '' : ('x'*15)),
-                            :onfocus => "this.value=''; this.name='repository[password]';",
-                            :onchange => "this.name='repository[password]';"))
+      content_tag('p', form.password_field(:password, :size => 30, :name => 'ignore',
+                                           :value => ((repository.new_record? || repository.password.blank?) ? '' : ('x'*15)),
+                                           :onfocus => "this.value=''; this.name='repository[password]';",
+                                           :onchange => "this.name='repository[password]';"))
  end

  def darcs_field_tags(form, repository)
-    content_tag('p', form.text_field(
-                     :url, :label => l(:field_path_to_repository),
-                     :size => 60, :required => true,
-                     :disabled => !repository.safe_attribute?('url'))) +
-    content_tag('p', form.select(
-                     :log_encoding, [nil] + Setting::ENCODINGS,
-                     :label => l(:field_commit_logs_encoding), :required => true))
+      content_tag('p', form.text_field(:url, :label => 'Root directory', :size => 60, :required => true, :disabled => (repository && !repository.new_record?)))
  end
-
+  
  def mercurial_field_tags(form, repository)
-    content_tag('p', form.text_field(
-                       :url, :label => l(:field_path_to_repository),
-                       :size => 60, :required => true,
-                       :disabled => !repository.safe_attribute?('url')
-                         ) +
-                     '<br />'.html_safe + l(:text_mercurial_repository_note)) +
-    content_tag('p', form.select(
-                        :path_encoding, [nil] + Setting::ENCODINGS,
-                        :label => l(:field_scm_path_encoding)
-                        ) +
-                     '<br />'.html_safe + l(:text_scm_path_encoding_note))
+      content_tag('p', form.text_field(:url, :label => 'Root directory', :size => 60, :required => true, :disabled => (repository && !repository.root_url.blank?)))
  end

  def git_field_tags(form, repository)
-    content_tag('p', form.text_field(
-                       :url, :label => l(:field_path_to_repository),
-                       :size => 60, :required => true,
-                       :disabled => !repository.safe_attribute?('url')
-                         ) +
-                      '<br />'.html_safe +
-                      l(:text_git_repository_note)) +
-    content_tag('p', form.select(
-                        :path_encoding, [nil] + Setting::ENCODINGS,
-                        :label => l(:field_scm_path_encoding)
-                        ) +
-                     '<br />'.html_safe + l(:text_scm_path_encoding_note)) +
-    content_tag('p', form.check_box(
-                        :extra_report_last_commit,
-                        :label => l(:label_git_report_last_commit)
-                         ))
+      content_tag('p', form.text_field(:url, :label => 'Path to .git directory', :size => 60, :required => true, :disabled => (repository && !repository.root_url.blank?)))
  end

  def cvs_field_tags(form, repository)
-    content_tag('p', form.text_field(
-                     :root_url,
-                     :label => l(:field_cvsroot),
-                     :size => 60, :required => true,
-                     :disabled => !repository.safe_attribute?('root_url'))) +
-    content_tag('p', form.text_field(
-                     :url,
-                     :label => l(:field_cvs_module),
-                     :size => 30, :required => true,
-                     :disabled => !repository.safe_attribute?('url'))) +
-    content_tag('p', form.select(
-                     :log_encoding, [nil] + Setting::ENCODINGS,
-                     :label => l(:field_commit_logs_encoding), :required => true)) +
-    content_tag('p', form.select(
-                        :path_encoding, [nil] + Setting::ENCODINGS,
-                        :label => l(:field_scm_path_encoding)
-                        ) +
-                     '<br />'.html_safe + l(:text_scm_path_encoding_note))
+      content_tag('p', form.text_field(:root_url, :label => 'CVSROOT', :size => 60, :required => true, :disabled => !repository.new_record?)) +
+      content_tag('p', form.text_field(:url, :label => 'Module', :size => 30, :required => true, :disabled => !repository.new_record?))
  end

  def bazaar_field_tags(form, repository)
-    content_tag('p', form.text_field(
-                     :url, :label => l(:field_path_to_repository),
-                     :size => 60, :required => true,
-                     :disabled => !repository.safe_attribute?('url'))) +
-    content_tag('p', form.select(
-                     :log_encoding, [nil] + Setting::ENCODINGS,
-                     :label => l(:field_commit_logs_encoding), :required => true))
+      content_tag('p', form.text_field(:url, :label => 'Root directory', :size => 60, :required => true, :disabled => (repository && !repository.new_record?)))
  end
-
+  
  def filesystem_field_tags(form, repository)
-    content_tag('p', form.text_field(
-                     :url, :label => l(:field_root_directory),
-                     :size => 60, :required => true,
-                     :disabled => !repository.safe_attribute?('url'))) +
-    content_tag('p', form.select(
-                        :path_encoding, [nil] + Setting::ENCODINGS,
-                        :label => l(:field_scm_path_encoding)
-                        ) +
-                     '<br />'.html_safe + l(:text_scm_path_encoding_note))
-  end
-
-  def index_commits(commits, heads)
-    return nil if commits.nil? or commits.first.parents.nil?
-
-    refs_map = {}
-    heads.each do |head|
-      refs_map[head.scmid] ||= []
-      refs_map[head.scmid] << head
-    end
-
-    commits_by_scmid = {}
-    commits.reverse.each_with_index do |commit, commit_index|
-
-      commits_by_scmid[commit.scmid] = {
-        :parent_scmids => commit.parents.collect { |parent| parent.scmid },
-        :rdmid => commit_index,
-        :refs  => refs_map.include?(commit.scmid) ? refs_map[commit.scmid].join(" ") : nil,
-        :scmid => commit.scmid,
-        :href  => block_given? ? yield(commit.scmid) : commit.scmid
-      }
-    end
-
-    heads.sort! { |head1, head2| head1.to_s <=> head2.to_s }
-
-    space = nil  
-    heads.each do |head|
-      if commits_by_scmid.include? head.scmid
-        space = index_head((space || -1) + 1, head, commits_by_scmid)
-      end
-    end
-
-    # when no head matched anything use first commit
-    space ||= index_head(0, commits.first, commits_by_scmid)
-
-    return commits_by_scmid, space
-  end
-
-  def index_head(space, commit, commits_by_scmid)
-
-    stack = [[space, commits_by_scmid[commit.scmid]]]
-    max_space = space
-
-    until stack.empty?
-      space, commit = stack.pop
-      commit[:space] = space if commit[:space].nil?
-
-      space -= 1
-      commit[:parent_scmids].each_with_index do |parent_scmid, parent_index|
-
-        parent_commit = commits_by_scmid[parent_scmid]
-
-        if parent_commit and parent_commit[:space].nil?
-
-          stack.unshift [space += 1, parent_commit]
-        end
-      end
-      max_space = space if max_space < space
-    end
-    max_space
+    content_tag('p', form.text_field(:url, :label => 'Root directory', :size => 60, :required => true, :disabled => (repository && !repository.root_url.blank?)))
  end
 end
--- a/app/helpers/roles_helper.rb
+++ b/app/helpers/roles_helper.rb
@@ -1,18 +1,16 @@
-# encoding: utf-8
-#
-# Redmine - project management software
-# Copyright (C) 2006-2012  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
--- a/app/helpers/search_helper.rb
+++ b/app/helpers/search_helper.rb
@@ -1,18 +1,16 @@
-# encoding: utf-8
-#
-# Redmine - project management software
-# Copyright (C) 2006-2012  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006-2007  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
@@ -21,7 +19,7 @@ module SearchHelper
  def highlight_tokens(text, tokens)
    return text unless text && tokens && !tokens.empty?
    re_tokens = tokens.collect {|t| Regexp.escape(t)}
-    regexp = Regexp.new "(#{re_tokens.join('|')})", Regexp::IGNORECASE
+    regexp = Regexp.new "(#{re_tokens.join('|')})", Regexp::IGNORECASE    
    result = ''
    text.split(regexp).each_with_index do |words, i|
      if result.length > 1200
@@ -37,22 +35,21 @@ module SearchHelper
        result << content_tag('span', h(words), :class => "highlight token-#{t}")
      end
    end
-    result.html_safe
+    result
  end
-
+  
  def type_label(t)
    l("label_#{t.singularize}_plural", :default => t.to_s.humanize)
  end
-
+  
  def project_select_tag
    options = [[l(:label_project_all), 'all']]
    options << [l(:label_my_projects), 'my_projects'] unless User.current.memberships.empty?
    options << [l(:label_and_its_subprojects, @project.name), 'subprojects'] unless @project.nil? || @project.descendants.active.empty?
    options << [@project.name, ''] unless @project.nil?
-    label_tag("scope", l(:description_project_scope), :class => "hidden-for-sighted") +
    select_tag('scope', options_for_select(options, params[:scope].to_s)) if options.size > 1
  end
-
+  
  def render_results_by_type(results_by_type)
    links = []
    # Sorts types by results count
@@ -60,11 +57,8 @@ module SearchHelper
      c = results_by_type[t]
      next if c == 0
      text = "#{type_label(t)} (#{c})"
-      links << link_to(h(text), :q => params[:q], :titles_only => params[:titles_only],
-                       :all_words => params[:all_words], :scope => params[:scope], t => 1)
+      links << link_to(text, :q => params[:q], :titles_only => params[:title_only], :all_words => params[:all_words], :scope => params[:scope], t => 1)
    end
-    ('<ul>'.html_safe +
-        links.map {|link| content_tag('li', link)}.join(' ').html_safe + 
-        '</ul>'.html_safe) unless links.empty?
+    ('<ul>' + links.map {|link| content_tag('li', link)}.join(' ') + '</ul>') unless links.empty?
  end
 end
--- a/app/helpers/settings_helper.rb
+++ b/app/helpers/settings_helper.rb
@@ -1,18 +1,16 @@
-# encoding: utf-8
-#
 # Redmine - project management software
-# Copyright (C) 2006-2012  Jean-Philippe Lang
+# Copyright (C) 2006-2009  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
@@ -29,57 +27,49 @@ module SettingsHelper
            {:name => 'repositories', :partial => 'settings/repositories', :label => :label_repository_plural}
            ]
  end
-
+  
  def setting_select(setting, choices, options={})
    if blank_text = options.delete(:blank)
      choices = [[blank_text.is_a?(Symbol) ? l(blank_text) : blank_text, '']] + choices
    end
-    setting_label(setting, options).html_safe +
-      select_tag("settings[#{setting}]",
-                 options_for_select(choices, Setting.send(setting).to_s),
-                 options).html_safe
+    setting_label(setting, options) +
+      select_tag("settings[#{setting}]", options_for_select(choices, Setting.send(setting).to_s), options)
  end
-
+  
  def setting_multiselect(setting, choices, options={})
    setting_values = Setting.send(setting)
    setting_values = [] unless setting_values.is_a?(Array)
-
-    content_tag("label", l(options[:label] || "setting_#{setting}")) +
-      hidden_field_tag("settings[#{setting}][]", '').html_safe +
+      
+    setting_label(setting, options) +
+      hidden_field_tag("settings[#{setting}][]", '') +
      choices.collect do |choice|
-        text, value = (choice.is_a?(Array) ? choice : [choice, choice])
-        content_tag(
-          'label',
-          check_box_tag(
-             "settings[#{setting}][]",
-             value,
-             Setting.send(setting).include?(value),
-             :id => nil
-           ) + text.to_s,
+        text, value = (choice.is_a?(Array) ? choice : [choice, choice]) 
+        content_tag('label',
+          check_box_tag("settings[#{setting}][]", value, Setting.send(setting).include?(value)) + text.to_s,
          :class => 'block'
-         )
-      end.join.html_safe
+        )
+      end.join
  end
-
+  
  def setting_text_field(setting, options={})
-    setting_label(setting, options).html_safe +
-      text_field_tag("settings[#{setting}]", Setting.send(setting), options).html_safe
+    setting_label(setting, options) +
+      text_field_tag("settings[#{setting}]", Setting.send(setting), options)
  end
-
+  
  def setting_text_area(setting, options={})
-    setting_label(setting, options).html_safe +
-      text_area_tag("settings[#{setting}]", Setting.send(setting), options).html_safe
+    setting_label(setting, options) +
+      text_area_tag("settings[#{setting}]", Setting.send(setting), options)
  end
-
+  
  def setting_check_box(setting, options={})
-    setting_label(setting, options).html_safe +
-      hidden_field_tag("settings[#{setting}]", 0, :id => nil).html_safe +
-        check_box_tag("settings[#{setting}]", 1, Setting.send("#{setting}?"), options).html_safe
+    setting_label(setting, options) +
+      hidden_field_tag("settings[#{setting}]", 0) +
+      check_box_tag("settings[#{setting}]", 1, Setting.send("#{setting}?"), options)
  end
-
+  
  def setting_label(setting, options={})
    label = options.delete(:label)
-    label != false ? label_tag("settings_#{setting}", l(label || "setting_#{setting}")).html_safe : ''
+    label != false ? content_tag("label", l(label || "setting_#{setting}")) : ''
  end

  # Renders a notification field for a Redmine::Notifiable option
@@ -87,8 +77,8 @@ module SettingsHelper
    return content_tag(:label,
                       check_box_tag('settings[notified_events][]',
                                     notifiable.name,
-                                     Setting.notified_events.include?(notifiable.name), :id => nil).html_safe +
-                         l_or_humanize(notifiable.name, :prefix => 'label_').html_safe,
-                       :class => notifiable.parent.present? ? "parent" : '').html_safe
+                                     Setting.notified_events.include?(notifiable.name)) +
+                         l_or_humanize(notifiable.name, :prefix => 'label_'),
+                       :class => notifiable.parent.present? ? "parent" : '')
  end
 end
--- a/app/helpers/sort_helper.rb
+++ b/app/helpers/sort_helper.rb
@@ -1,5 +1,3 @@
-# encoding: utf-8
-#
 # Helpers to sort tables using clickable column headers.
 #
 # Author:  Stuart Rackham <srackham@methods.co.nz>, March 2005.
@@ -17,18 +15,18 @@
 #
 #   helper :sort
 #   include SortHelper
-#
+# 
 #   def list
 #     sort_init 'last_name'
 #     sort_update %w(first_name last_name)
 #     @items = Contact.find_all nil, sort_clause
 #   end
-#
+# 
 # Controller (using Pagination module):
 #
 #   helper :sort
 #   include SortHelper
-#
+# 
 #   def list
 #     sort_init 'last_name'
 #     sort_update %w(first_name last_name)
@@ -36,9 +34,9 @@
 #       :order_by => sort_clause,
 #       :per_page => 10
 #   end
-#
+# 
 # View (table header in list.rhtml):
-#
+# 
 #   <thead>
 #     <tr>
 #       <%= sort_header_tag('id', :title => 'Sort by contact ID') %>
@@ -54,32 +52,32 @@

 module SortHelper
  class SortCriteria
-
+    
    def initialize
      @criteria = []
    end
-
+    
    def available_criteria=(criteria)
      unless criteria.is_a?(Hash)
        criteria = criteria.inject({}) {|h,k| h[k] = k; h}
      end
      @available_criteria = criteria
    end
-
+    
    def from_param(param)
      @criteria = param.to_s.split(',').collect {|s| s.split(':')[0..1]}
      normalize!
    end
-
+    
    def criteria=(arg)
      @criteria = arg
      normalize!
    end
-
+    
    def to_param
      @criteria.collect {|k,o| k + (o ? '' : ':desc')}.join(',')
    end
-
+    
    def to_sql
      sql = @criteria.collect do |k,o|
        if s = @available_criteria[k]
@@ -88,33 +86,33 @@ module SortHelper
      end.compact.join(', ')
      sql.blank? ? nil : sql
    end
-
+    
    def add!(key, asc)
      @criteria.delete_if {|k,o| k == key}
      @criteria = [[key, asc]] + @criteria
      normalize!
    end
-
+    
    def add(*args)
      r = self.class.new.from_param(to_param)
      r.add!(*args)
      r
    end
-
+    
    def first_key
      @criteria.first && @criteria.first.first
    end
-
+    
    def first_asc?
      @criteria.first && @criteria.first.last
    end
-
+    
    def empty?
      @criteria.empty?
    end
-
+    
    private
-
+    
    def normalize!
      @criteria ||= []
      @criteria = @criteria.collect {|s| s = s.to_a; [s.first, (s.last == false || s.last == 'desc') ? false : true]}
@@ -122,7 +120,7 @@ module SortHelper
      @criteria.slice!(3)
      self
    end
-
+    
    # Appends DESC to the sort criterion unless it has a fixed order
    def append_desc(criterion)
      if criterion =~ / (asc|desc)$/i
@@ -132,14 +130,14 @@ module SortHelper
      end
    end
  end
-
+  
  def sort_name
    controller_name + '_' + action_name + '_sort'
  end

  # Initializes the default sort.
  # Examples:
-  #
+  #   
  #   sort_init 'name'
  #   sort_init 'id', 'desc'
  #   sort_init ['name', ['id', 'desc']]
@@ -160,15 +158,14 @@ module SortHelper
  # sort_clause.
  # - criteria can be either an array or a hash of allowed keys
  #
-  def sort_update(criteria, sort_name=nil)
-    sort_name ||= self.sort_name
+  def sort_update(criteria)
    @sort_criteria = SortCriteria.new
    @sort_criteria.available_criteria = criteria
    @sort_criteria.from_param(params[:sort] || session[sort_name])
    @sort_criteria.criteria = @sort_default if @sort_criteria.empty?
    session[sort_name] = @sort_criteria.to_param
  end
-
+  
  # Clears the sort criteria session data
  #
  def sort_clear
@@ -190,7 +187,7 @@ module SortHelper
  #
  def sort_link(column, caption, default_order)
    css, order = nil, default_order
-
+    
    if column.to_s == @sort_criteria.first_key
      if @sort_criteria.first_asc?
        css = 'sort asc'
@@ -201,14 +198,18 @@ module SortHelper
      end
    end
    caption = column.to_s.humanize unless caption
-
+    
    sort_options = { :sort => @sort_criteria.add(column.to_s, order).to_param }
-    url_options = params.merge(sort_options)
-
+    # don't reuse params if filters are present
+    url_options = params.has_key?(:set_filter) ? sort_options : params.merge(sort_options)
+    
     # Add project_id to url_options
    url_options = url_options.merge(:project_id => params[:project_id]) if params.has_key?(:project_id)

-    link_to_content_update(h(caption), url_options, :class => css)
+    link_to_remote(caption,
+                  {:update => "content", :url => url_options, :method => :get},
+                  {:href => url_for(url_options),
+                   :class => css})
  end

  # Returns a table header <th> tag with a sort link for the named column
--- a/app/helpers/timelog_helper.rb
+++ b/app/helpers/timelog_helper.rb
@@ -1,25 +1,23 @@
-# encoding: utf-8
-#
-# Redmine - project management software
-# Copyright (C) 2006-2012  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 module TimelogHelper
  include ApplicationHelper
-
+  
  def render_timelog_breadcrumb
    links = []
    links << link_to(l(:label_project_all), {:project_id => nil, :issue_id => nil})
@@ -54,15 +52,15 @@ module TimelogHelper
    activities.each { |a| collection << [a.name, a.id] }
    collection
  end
-
+  
  def select_hours(data, criteria, value)
  	if value.to_s.empty?
  		data.select {|row| row[criteria].blank? }
-    else
+    else 
    	data.select {|row| row[criteria].to_s == value.to_s}
    end
  end
-
+  
  def sum_hours(data)
    sum = 0
    data.each do |row|
@@ -70,7 +68,7 @@ module TimelogHelper
    end
    sum
  end
-
+  
  def options_for_period_select(value)
    options_for_select([[l(:label_all_time), 'all'],
                        [l(:label_today), 'today'],
@@ -84,8 +82,9 @@ module TimelogHelper
                        [l(:label_this_year), 'current_year']],
                        value)
  end
-
+  
  def entries_to_csv(entries)
+    ic = Iconv.new(l(:general_csv_encoding), 'UTF-8')    
    decimal_separator = l(:general_csv_decimal_separator)
    custom_fields = TimeEntryCustomField.find(:all)
    export = FCSV.generate(:col_sep => l(:general_csv_separator)) do |csv|
@@ -102,10 +101,8 @@ module TimelogHelper
                 ]
      # Export custom fields
      headers += custom_fields.collect(&:name)
-
-      csv << headers.collect {|c| Redmine::CodesetUtil.from_utf8(
-                                     c.to_s,
-                                     l(:general_csv_encoding) )  }
+      
+      csv << headers.collect {|c| begin; ic.iconv(c.to_s); rescue; c.to_s; end }
      # csv lines
      entries.each do |entry|
        fields = [format_date(entry.spent_on),
@@ -118,20 +115,18 @@ module TimelogHelper
                  entry.hours.to_s.gsub('.', decimal_separator),
                  entry.comments
                  ]
-        fields += custom_fields.collect {|f| show_value(entry.custom_field_values.detect {|v| v.custom_field_id == f.id}) }
-
-        csv << fields.collect {|c| Redmine::CodesetUtil.from_utf8(
-                                     c.to_s,
-                                     l(:general_csv_encoding) )  }
+        fields += custom_fields.collect {|f| show_value(entry.custom_value_for(f)) }
+                  
+        csv << fields.collect {|c| begin; ic.iconv(c.to_s); rescue; c.to_s; end }
      end
    end
    export
  end
-
-  def format_criteria_value(criteria_options, value)
+  
+  def format_criteria_value(criteria, value)
    if value.blank?
-      "[#{l(:label_none)}]"
-    elsif k = criteria_options[:klass]
+      l(:label_none)
+    elsif k = @available_criterias[criteria][:klass]
      obj = k.find_by_id(value.to_i)
      if obj.is_a?(Issue)
        obj.visible? ? "#{obj.tracker} ##{obj.id}: #{obj.subject}" : "##{obj.id}"
@@ -139,58 +134,57 @@ module TimelogHelper
        obj
      end
    else
-      format_value(value, criteria_options[:format])
+      format_value(value, @available_criterias[criteria][:format])
    end
  end
-
-  def report_to_csv(report)
-    decimal_separator = l(:general_csv_decimal_separator)
+  
+  def report_to_csv(criterias, periods, hours)
    export = FCSV.generate(:col_sep => l(:general_csv_separator)) do |csv|
      # Column headers
-      headers = report.criteria.collect {|criteria| l(report.available_criteria[criteria][:label]) }
-      headers += report.periods
+      headers = criterias.collect {|criteria| l(@available_criterias[criteria][:label]) }
+      headers += periods
      headers << l(:label_total)
-      csv << headers.collect {|c| Redmine::CodesetUtil.from_utf8(
-                                    c.to_s,
-                                    l(:general_csv_encoding) ) }
+      csv << headers.collect {|c| to_utf8(c) }
      # Content
-      report_criteria_to_csv(csv, report.available_criteria, report.columns, report.criteria, report.periods, report.hours)
+      report_criteria_to_csv(csv, criterias, periods, hours)
      # Total row
-      str_total = Redmine::CodesetUtil.from_utf8(l(:label_total), l(:general_csv_encoding))
-      row = [ str_total ] + [''] * (report.criteria.size - 1)
+      row = [ l(:label_total) ] + [''] * (criterias.size - 1)
      total = 0
-      report.periods.each do |period|
-        sum = sum_hours(select_hours(report.hours, report.columns, period.to_s))
+      periods.each do |period|
+        sum = sum_hours(select_hours(hours, @columns, period.to_s))
        total += sum
-        row << (sum > 0 ? ("%.2f" % sum).gsub('.',decimal_separator) : '')
+        row << (sum > 0 ? "%.2f" % sum : '')
      end
-      row << ("%.2f" % total).gsub('.',decimal_separator)
+      row << "%.2f" %total
      csv << row
    end
    export
  end
-
-  def report_criteria_to_csv(csv, available_criteria, columns, criteria, periods, hours, level=0)
-    decimal_separator = l(:general_csv_decimal_separator)
-    hours.collect {|h| h[criteria[level]].to_s}.uniq.each do |value|
-      hours_for_value = select_hours(hours, criteria[level], value)
+  
+  def report_criteria_to_csv(csv, criterias, periods, hours, level=0)
+    hours.collect {|h| h[criterias[level]].to_s}.uniq.each do |value|
+      hours_for_value = select_hours(hours, criterias[level], value)
      next if hours_for_value.empty?
      row = [''] * level
-      row << Redmine::CodesetUtil.from_utf8(
-                        format_criteria_value(available_criteria[criteria[level]], value).to_s,
-                        l(:general_csv_encoding) )
-      row += [''] * (criteria.length - level - 1)
+      row << to_utf8(format_criteria_value(criterias[level], value))
+      row += [''] * (criterias.length - level - 1)
      total = 0
      periods.each do |period|
-        sum = sum_hours(select_hours(hours_for_value, columns, period.to_s))
+        sum = sum_hours(select_hours(hours_for_value, @columns, period.to_s))
        total += sum
-        row << (sum > 0 ? ("%.2f" % sum).gsub('.',decimal_separator) : '')
+        row << (sum > 0 ? "%.2f" % sum : '')
      end
-      row << ("%.2f" % total).gsub('.',decimal_separator)
+      row << "%.2f" %total
      csv << row
-      if criteria.length > level + 1
-        report_criteria_to_csv(csv, available_criteria, columns, criteria, periods, hours_for_value, level + 1)
+      
+      if criterias.length > level + 1
+        report_criteria_to_csv(csv, criterias, periods, hours_for_value, level + 1)
      end
    end
  end
+  
+  def to_utf8(s)
+    @ic ||= Iconv.new(l(:general_csv_encoding), 'UTF-8')
+    begin; @ic.iconv(s.to_s); rescue; s.to_s; end
+  end
 end
--- a/app/helpers/trackers_helper.rb
+++ b/app/helpers/trackers_helper.rb
@@ -1,18 +1,16 @@
-# encoding: utf-8
-#
-# Redmine - project management software
-# Copyright (C) 2006-2012  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
--- a/app/helpers/users_helper.rb
+++ b/app/helpers/users_helper.rb
@@ -1,18 +1,16 @@
-# encoding: utf-8
-#
-# Redmine - project management software
-# Copyright (C) 2006-2012  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
@@ -20,12 +18,12 @@
 module UsersHelper
  def users_status_options_for_select(selected)
    user_count_by_status = User.count(:group => 'status').to_hash
-    options_for_select([[l(:label_all), ''],
-                        ["#{l(:status_active)} (#{user_count_by_status[1].to_i})", '1'],
-                        ["#{l(:status_registered)} (#{user_count_by_status[2].to_i})", '2'],
-                        ["#{l(:status_locked)} (#{user_count_by_status[3].to_i})", '3']], selected.to_s)
+    options_for_select([[l(:label_all), ''], 
+                        ["#{l(:status_active)} (#{user_count_by_status[1].to_i})", 1],
+                        ["#{l(:status_registered)} (#{user_count_by_status[2].to_i})", 2],
+                        ["#{l(:status_locked)} (#{user_count_by_status[3].to_i})", 3]], selected)
  end
-
+  
  # Options for the new membership projects combo-box
  def options_for_membership_project_select(user, projects)
    options = content_tag('option', "--- #{l(:actionview_instancetag_blank_option)} ---")
@@ -34,14 +32,14 @@ module UsersHelper
    end
    options
  end
-
+  
  def user_mail_notification_options(user)
    user.valid_notification_options.collect {|o| [l(o.last), o.first]}
  end
-
+  
  def change_status_link(user)
    url = {:controller => 'users', :action => 'update', :id => user, :page => params[:page], :status => params[:status], :tab => nil}
-
+    
    if user.locked?
      link_to l(:button_unlock), url.merge(:user => {:status => User::STATUS_ACTIVE}), :method => :put, :class => 'icon icon-unlock'
    elsif user.registered?
@@ -50,7 +48,7 @@ module UsersHelper
      link_to l(:button_lock), url.merge(:user => {:status => User::STATUS_LOCKED}), :method => :put, :class => 'icon icon-lock'
    end
  end
-
+  
  def user_settings_tabs
    tabs = [{:name => 'general', :partial => 'users/general', :label => :label_general},
            {:name => 'memberships', :partial => 'users/memberships', :label => :label_project_plural}
--- a/app/helpers/versions_helper.rb
+++ b/app/helpers/versions_helper.rb
@@ -1,37 +1,28 @@
-# encoding: utf-8
-#
-# Redmine - project management software
-# Copyright (C) 2006-2012  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 module VersionsHelper

-  def version_anchor(version)
-    if @project == version.project
-      anchor version.name
-    else
-      anchor "#{version.project.try(:identifier)}-#{version.name}"
-    end
-  end
-
-  STATUS_BY_CRITERIAS = %w(tracker status priority author assigned_to category)
-
+  STATUS_BY_CRITERIAS = %w(category tracker priority author assigned_to)
+  
  def render_issue_status_by(version, criteria)
-    criteria = 'tracker' unless STATUS_BY_CRITERIAS.include?(criteria)
-
+    criteria ||= 'category'
+    raise 'Unknown criteria' unless STATUS_BY_CRITERIAS.include?(criteria)
+    
    h = Hash.new {|k,v| k[v] = [0, 0]}
    begin
      # Total issue count
@@ -46,10 +37,10 @@ module VersionsHelper
    end
    counts = h.keys.compact.sort.collect {|k| {:group => k, :total => h[k][0], :open => h[k][1], :closed => (h[k][0] - h[k][1])}}
    max = counts.collect {|c| c[:total]}.max
-
+    
    render :partial => 'issue_counts', :locals => {:version => version, :criteria => criteria, :counts => counts, :max => max}
  end
-
+  
  def status_by_options_for_select(value)
    options_for_select(STATUS_BY_CRITERIAS.collect {|criteria| [l("field_#{criteria}".to_sym), criteria]}, value)
  end
--- a/app/helpers/watchers_helper.rb
+++ b/app/helpers/watchers_helper.rb
@@ -1,75 +1,69 @@
-# encoding: utf-8
-#
-# Redmine - project management software
-# Copyright (C) 2006-2012  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006-2007  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 module WatchersHelper

-  def watcher_tag(object, user, options={})
-    content_tag("span", watcher_link(object, user), :class => watcher_css(object))
+  # Valid options
+  # * :id - the element id
+  # * :replace - a string or array of element ids that will be
+  #   replaced
+  def watcher_tag(object, user, options={:replace => 'watcher'})
+    id = options[:id]
+    id ||= options[:replace] if options[:replace].is_a? String
+    content_tag("span", watcher_link(object, user, options), :id => id)
  end
-
-  def watcher_link(object, user)
+  
+  # Valid options
+  # * :replace - a string or array of element ids that will be
+  #   replaced
+  def watcher_link(object, user, options={:replace => 'watcher'})
    return '' unless user && user.logged? && object.respond_to?('watched_by?')
    watched = object.watched_by?(user)
    url = {:controller => 'watchers',
           :action => (watched ? 'unwatch' : 'watch'),
           :object_type => object.class.to_s.underscore,
-           :object_id => object.id}
-    link_to((watched ? l(:button_unwatch) : l(:button_watch)), url,
-            :remote => true, :method => 'post', :class => (watched ? 'icon icon-fav' : 'icon icon-fav-off'))
-
+           :object_id => object.id,
+           :replace => options[:replace]}
+    link_to_remote((watched ? l(:button_unwatch) : l(:button_watch)),
+                   {:url => url},
+                   :href => url_for(url),
+                   :class => (watched ? 'icon icon-fav' : 'icon icon-fav-off'))
+  
  end
-
-  # Returns the css class used to identify watch links for a given +object+
-  def watcher_css(object)
-    "#{object.class.to_s.underscore}-#{object.id}-watcher"
-  end
-
+  
  # Returns a comma separated list of users watching the given object
  def watchers_list(object)
    remove_allowed = User.current.allowed_to?("delete_#{object.class.name.underscore}_watchers".to_sym, object.project)
-    content = ''.html_safe
    lis = object.watcher_users.collect do |user|
-      s = ''.html_safe
-      s << avatar(user, :size => "16").to_s
-      s << link_to_user(user, :class => 'user')
+      s = avatar(user, :size => "16").to_s + link_to_user(user, :class => 'user').to_s
      if remove_allowed
        url = {:controller => 'watchers',
               :action => 'destroy',
               :object_type => object.class.to_s.underscore,
               :object_id => object.id,
               :user_id => user}
-        s << ' '
-        s << link_to(image_tag('delete.png'), url,
-                     :remote => true, :method => 'post', :style => "vertical-align: middle", :class => "delete")
+        s += ' ' + link_to_remote(image_tag('delete.png'),
+                                  {:url => url},
+                                  :href => url_for(url),
+                                  :style => "vertical-align: middle",
+                                  :class => "delete")
      end
-      content << content_tag('li', s)
+      "<li>#{ s }</li>"
    end
-    content.present? ? content_tag('ul', content) : content
-  end
-
-  def watchers_checkboxes(object, users, checked=nil)
-    users.map do |user|
-      c = checked.nil? ? object.watched_by?(user) : checked
-      tag = check_box_tag 'issue[watcher_user_ids][]', user.id, c, :id => nil
-      content_tag 'label', "#{tag} #{h(user)}".html_safe,
-                  :id => "issue_watcher_user_ids_#{user.id}",
-                  :class => "floating"
-    end.join.html_safe
+    lis.empty? ? "" : "<ul>#{ lis.join("\n") }</ul>"
  end
 end
--- a/app/helpers/welcome_helper.rb
+++ b/app/helpers/welcome_helper.rb
@@ -1,18 +1,16 @@
-# encoding: utf-8
-#
-# Redmine - project management software
-# Copyright (C) 2006-2012  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
--- a/app/helpers/wiki_helper.rb
+++ b/app/helpers/wiki_helper.rb
@@ -1,43 +1,69 @@
-# encoding: utf-8
-#
-# Redmine - project management software
-# Copyright (C) 2006-2012  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006-2007  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 module WikiHelper
-
+  
  def wiki_page_options_for_select(pages, selected = nil, parent = nil, level = 0)
-    pages = pages.group_by(&:parent) unless pages.is_a?(Hash)
-    s = ''.html_safe
-    if pages.has_key?(parent)
-      pages[parent].each do |page|
-        attrs = "value='#{page.id}'"
-        attrs << " selected='selected'" if selected == page
-        indent = (level > 0) ? ('&nbsp;' * level * 2 + '&#187; ') : ''
-
-        s << content_tag('option', (indent + h(page.pretty_title)).html_safe, :value => page.id.to_s, :selected => selected == page) +
-               wiki_page_options_for_select(pages, selected, page, level + 1)
-      end
+    s = ''
+    pages.select {|p| p.parent == parent}.each do |page|
+      attrs = "value='#{page.id}'"
+      attrs << " selected='selected'" if selected == page
+      indent = (level > 0) ? ('&nbsp;' * level * 2 + '&#187; ') : nil
+      
+      s << "<option #{attrs}>#{indent}#{h page.pretty_title}</option>\n" + 
+             wiki_page_options_for_select(pages, selected, page, level + 1)
    end
    s
  end
-
-  def wiki_page_breadcrumb(page)
-    breadcrumb(page.ancestors.reverse.collect {|parent|
-      link_to(h(parent.pretty_title), {:controller => 'wiki', :action => 'show', :id => parent.title, :project_id => parent.project})
-    })
+  
+  def html_diff(wdiff)
+    words = wdiff.words.collect{|word| h(word)}
+    words_add = 0
+    words_del = 0
+    dels = 0
+    del_off = 0
+    wdiff.diff.diffs.each do |diff|
+      add_at = nil
+      add_to = nil
+      del_at = nil
+      deleted = ""	    
+      diff.each do |change|
+        pos = change[1]
+        if change[0] == "+"
+          add_at = pos + dels unless add_at
+          add_to = pos + dels
+          words_add += 1
+        else
+          del_at = pos unless del_at
+          deleted << ' ' + h(change[2])
+          words_del	 += 1
+        end
+      end
+      if add_at
+        words[add_at] = '<span class="diff_in">' + words[add_at]
+        words[add_to] = words[add_to] + '</span>'
+      end
+      if del_at
+        words.insert del_at - del_off + dels + words_add, '<span class="diff_out">' + deleted + '</span>'
+        dels += 1
+        del_off += words_del
+        words_del = 0
+      end
+    end
+    simple_format_without_paragraph(words.join(' '))
  end
 end
--- a/app/helpers/workflows_helper.rb
+++ b/app/helpers/workflows_helper.rb
@@ -1,32 +1,19 @@
-# encoding: utf-8
-#
 # Redmine - project management software
-# Copyright (C) 2006-2012  Jean-Philippe Lang
+# Copyright (C) 2006-2008  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 module WorkflowsHelper
-  def field_required?(field)
-    field.is_a?(CustomField) ? field.is_required? : %w(project_id tracker_id subject priority_id is_private).include?(field)
-  end
-
-  def field_permission_tag(permissions, status, field)
-    name = field.is_a?(CustomField) ? field.id.to_s : field
-    options = [["", ""], [l(:label_readonly), "readonly"]]
-    options << [l(:label_required), "required"] unless field_required?(field)
-
-    select_tag("permissions[#{name}][#{status.id}]", options_for_select(options, permissions[status.id][name]))
-  end
 end
--- a/app/models/attachment.rb
+++ b/app/models/attachment.rb
@@ -1,16 +1,16 @@
-# Redmine - project management software
-# Copyright (C) 2006-2012  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006-2007  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
@@ -20,12 +20,10 @@ require "digest/md5"
 class Attachment < ActiveRecord::Base
  belongs_to :container, :polymorphic => true
  belongs_to :author, :class_name => "User", :foreign_key => "author_id"
-
-  validates_presence_of :filename, :author
+  
+  validates_presence_of :container, :filename, :author
  validates_length_of :filename, :maximum => 255
  validates_length_of :disk_filename, :maximum => 255
-  validates_length_of :description, :maximum => 255
-  validate :validate_max_file_size

  acts_as_event :title => :filename,
                :url => Proc.new {|o| {:controller => 'attachments', :action => 'download', :id => o.id, :filename => o.filename}}
@@ -33,37 +31,23 @@ class Attachment < ActiveRecord::Base
  acts_as_activity_provider :type => 'files',
                            :permission => :view_files,
                            :author_key => :author_id,
-                            :find_options => {:select => "#{Attachment.table_name}.*",
+                            :find_options => {:select => "#{Attachment.table_name}.*", 
                                              :joins => "LEFT JOIN #{Version.table_name} ON #{Attachment.table_name}.container_type='Version' AND #{Version.table_name}.id = #{Attachment.table_name}.container_id " +
                                                        "LEFT JOIN #{Project.table_name} ON #{Version.table_name}.project_id = #{Project.table_name}.id OR ( #{Attachment.table_name}.container_type='Project' AND #{Attachment.table_name}.container_id = #{Project.table_name}.id )"}
-
+  
  acts_as_activity_provider :type => 'documents',
                            :permission => :view_documents,
                            :author_key => :author_id,
-                            :find_options => {:select => "#{Attachment.table_name}.*",
+                            :find_options => {:select => "#{Attachment.table_name}.*", 
                                              :joins => "LEFT JOIN #{Document.table_name} ON #{Attachment.table_name}.container_type='Document' AND #{Document.table_name}.id = #{Attachment.table_name}.container_id " +
                                                        "LEFT JOIN #{Project.table_name} ON #{Document.table_name}.project_id = #{Project.table_name}.id"}

  cattr_accessor :storage_path
-  @@storage_path = Redmine::Configuration['attachments_storage_path'] || File.join(Rails.root, "files")
-
-  cattr_accessor :thumbnails_storage_path
-  @@thumbnails_storage_path = File.join(Rails.root, "tmp", "thumbnails")
-
-  before_save :files_to_final_location
-  after_destroy :delete_from_disk
-
-  # Returns an unsaved copy of the attachment
-  def copy(attributes=nil)
-    copy = self.class.new
-    copy.attributes = self.attributes.dup.except("id", "downloads")
-    copy.attributes = attributes if attributes
-    copy
-  end
-
-  def validate_max_file_size
-    if @temp_file && self.filesize > Setting.attachment_max_size.to_i.kilobytes
-      errors.add(:base, l(:error_attachment_too_big, :max_size => Setting.attachment_max_size.to_i.kilobytes))
+  @@storage_path = "#{RAILS_ROOT}/files"
+  
+  def validate
+    if self.filesize > Setting.attachment_max_size.to_i.kilobytes
+      errors.add(:base, :too_long, :count => Setting.attachment_max_size.to_i.kilobytes)
    end
  end

@@ -71,203 +55,123 @@ class Attachment < ActiveRecord::Base
    unless incoming_file.nil?
      @temp_file = incoming_file
      if @temp_file.size > 0
-        if @temp_file.respond_to?(:original_filename)
-          self.filename = @temp_file.original_filename
-          self.filename.force_encoding("UTF-8") if filename.respond_to?(:force_encoding)
-        end
-        if @temp_file.respond_to?(:content_type)
-          self.content_type = @temp_file.content_type.to_s.chomp
-        end
-        if content_type.blank? && filename.present?
+        self.filename = sanitize_filename(@temp_file.original_filename)
+        self.disk_filename = Attachment.disk_filename(filename)
+        self.content_type = @temp_file.content_type.to_s.chomp
+        if content_type.blank?
          self.content_type = Redmine::MimeType.of(filename)
        end
        self.filesize = @temp_file.size
      end
    end
  end
-
+	
  def file
    nil
  end

-  def filename=(arg)
-    write_attribute :filename, sanitize_filename(arg.to_s)
-    if new_record? && disk_filename.blank?
-      self.disk_filename = Attachment.disk_filename(filename)
-    end
-    filename
-  end
-
  # Copies the temporary file to its final location
  # and computes its MD5 hash
-  def files_to_final_location
+  def before_save
    if @temp_file && (@temp_file.size > 0)
-      logger.info("Saving attachment '#{self.diskfile}' (#{@temp_file.size} bytes)")
+      logger.debug("saving '#{self.diskfile}'")
      md5 = Digest::MD5.new
-      File.open(diskfile, "wb") do |f|
-        if @temp_file.respond_to?(:read)
-          buffer = ""
-          while (buffer = @temp_file.read(8192))
-            f.write(buffer)
-            md5.update(buffer)
-          end
-        else
-          f.write(@temp_file)
-          md5.update(@temp_file)
+      File.open(diskfile, "wb") do |f| 
+        buffer = ""
+        while (buffer = @temp_file.read(8192))
+          f.write(buffer)
+          md5.update(buffer)
        end
      end
      self.digest = md5.hexdigest
    end
-    @temp_file = nil
    # Don't save the content type if it's longer than the authorized length
    if self.content_type && self.content_type.length > 255
      self.content_type = nil
    end
  end

-  # Deletes the file from the file system if it's not referenced by other attachments
-  def delete_from_disk
-    if Attachment.where("disk_filename = ? AND id <> ?", disk_filename, id).empty?
-      delete_from_disk!
-    end
+  # Deletes file on the disk
+  def after_destroy
+    File.delete(diskfile) if !filename.blank? && File.exist?(diskfile)
  end

  # Returns file's location on disk
  def diskfile
-    File.join(self.class.storage_path, disk_filename.to_s)
+    "#{@@storage_path}/#{self.disk_filename}"
  end
-
-  def title
-    title = filename.to_s
-    if description.present?
-      title << " (#{description})"
-    end
-    title
-  end
-
+  
  def increment_download
    increment!(:downloads)
  end

  def project
-    container.try(:project)
+    container.project
  end
-
+  
  def visible?(user=User.current)
-    container && container.attachments_visible?(user)
+    container.attachments_visible?(user)
  end
-
+  
  def deletable?(user=User.current)
-    container && container.attachments_deletable?(user)
+    container.attachments_deletable?(user)
  end
-
+  
  def image?
-    !!(self.filename =~ /\.(bmp|gif|jpg|jpe|jpeg|png)$/i)
+    self.filename =~ /\.(jpe?g|gif|png)$/i
  end
-
-  def thumbnailable?
-    image?
-  end
-
-  # Returns the full path the attachment thumbnail, or nil
-  # if the thumbnail cannot be generated.
-  def thumbnail(options={})
-    if thumbnailable? && readable?
-      size = options[:size].to_i
-      if size > 0
-        # Limit the number of thumbnails per image
-        size = (size / 50) * 50
-        # Maximum thumbnail size
-        size = 800 if size > 800
-      else
-        size = Setting.thumbnails_size.to_i
-      end
-      size = 100 unless size > 0
-      target = File.join(self.class.thumbnails_storage_path, "#{id}_#{digest}_#{size}.thumb")
-
-      begin
-        Redmine::Thumbnail.generate(self.diskfile, target, size)
-      rescue => e
-        logger.error "An error occured while generating thumbnail for #{disk_filename} to #{target}\nException was: #{e.message}" if logger
-        return nil
-      end
-    end
-  end
-
-  # Deletes all thumbnails
-  def self.clear_thumbnails
-    Dir.glob(File.join(thumbnails_storage_path, "*.thumb")).each do |file|
-      File.delete file
-    end
-  end
-
+  
  def is_text?
    Redmine::MimeType.is_type?('text', filename)
  end
-
+  
  def is_diff?
    self.filename =~ /\.(patch|diff)$/i
  end
-
+  
  # Returns true if the file is readable
  def readable?
    File.readable?(diskfile)
  end

-  # Returns the attachment token
-  def token
-    "#{id}.#{digest}"
-  end
-
-  # Finds an attachment that matches the given token and that has no container
-  def self.find_by_token(token)
-    if token.to_s =~ /^(\d+)\.([0-9a-f]+)$/
-      attachment_id, attachment_digest = $1, $2
-      attachment = Attachment.where(:id => attachment_id, :digest => attachment_digest).first
-      if attachment && attachment.container.nil?
-        attachment
-      end
-    end
-  end
-
  # Bulk attaches a set of files to an object
  #
  # Returns a Hash of the results:
  # :files => array of the attached files
  # :unsaved => array of the files that could not be attached
  def self.attach_files(obj, attachments)
-    result = obj.save_attachments(attachments, User.current)
-    obj.attach_saved_attachments
-    result
-  end
+    attached = []
+    if attachments && attachments.is_a?(Hash)
+      attachments.each_value do |attachment|
+        file = attachment['file']
+        next unless file && file.size > 0
+        a = Attachment.create(:container => obj, 
+                              :file => file,
+                              :description => attachment['description'].to_s.strip,
+                              :author => User.current)

-  def self.latest_attach(attachments, filename)
-    attachments.sort_by(&:created_on).reverse.detect {
-      |att| att.filename.downcase == filename.downcase
-     }
-  end
-
-  def self.prune(age=1.day)
-    Attachment.where("created_on < ? AND (container_type IS NULL OR container_type = '')", Time.now - age).destroy_all
-  end
-
-  private
-
-  # Physically deletes the file from the file system
-  def delete_from_disk!
-    if disk_filename.present? && File.exist?(diskfile)
-      File.delete(diskfile)
+        if a.new_record?
+          obj.unsaved_attachments ||= []
+          obj.unsaved_attachments << a
+        else
+          attached << a
+        end
+      end
    end
+    {:files => attached, :unsaved => obj.unsaved_attachments}
  end
-
+  
+private
  def sanitize_filename(value)
    # get only the filename, not the whole path
    just_filename = value.gsub(/^.*(\\|\/)/, '')
+    # NOTE: File.basename doesn't work right with Windows paths on Unix
+    # INCORRECT: just_filename = File.basename(value.gsub('\\\\', '/')) 

-    # Finally, replace invalid characters with underscore
-    @filename = just_filename.gsub(/[\/\?\%\*\:\|\"\'<>]+/, '_')
+    # Finally, replace all non alphanumeric, hyphens or periods with underscore
+    @filename = just_filename.gsub(/[^\w\.\-]/,'_') 
  end
-
+  
  # Returns an ASCII or hashed filename
  def self.disk_filename(filename)
    timestamp = DateTime.now.strftime("%y%m%d%H%M%S")
--- a/app/models/auth_source.rb
+++ b/app/models/auth_source.rb
@@ -1,53 +1,37 @@
-# Redmine - project management software
-# Copyright (C) 2006-2012  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

-# Generic exception for when the AuthSource can not be reached
-# (eg. can not connect to the LDAP)
-class AuthSourceException < Exception; end
-class AuthSourceTimeoutException < AuthSourceException; end
-
 class AuthSource < ActiveRecord::Base
-  include Redmine::SubclassFactory
-  include Redmine::Ciphering
-
  has_many :users
-
+  
  validates_presence_of :name
  validates_uniqueness_of :name
  validates_length_of :name, :maximum => 60

  def authenticate(login, password)
  end
-
+  
  def test_connection
  end
-
+  
  def auth_method_name
    "Abstract"
  end

-  def account_password
-    read_ciphered_attribute(:account_password)
-  end
-
-  def account_password=(arg)
-    write_ciphered_attribute(:account_password, arg)
-  end
-
  def allow_password_changes?
    self.class.allow_password_changes?
  end
@@ -59,7 +43,7 @@ class AuthSource < ActiveRecord::Base

  # Try to authenticate a user not yet registered against available sources
  def self.authenticate(login, password)
-    AuthSource.where(:onthefly_register => true).all.each do |source|
+    AuthSource.find(:all, :conditions => ["onthefly_register=?", true]).each do |source|
      begin
        logger.debug "Authenticating '#{login}' against '#{source.name}'" if logger && logger.debug?
        attrs = source.authenticate(login, password)
--- a/app/models/auth_source_ldap.rb
+++ b/app/models/auth_source_ldap.rb
@@ -1,101 +1,68 @@
-# Redmine - project management software
-# Copyright (C) 2006-2012  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

-require 'iconv'
 require 'net/ldap'
-require 'net/ldap/dn'
-require 'timeout'
+require 'iconv'

-class AuthSourceLdap < AuthSource
+class AuthSourceLdap < AuthSource 
  validates_presence_of :host, :port, :attr_login
-  validates_length_of :name, :host, :maximum => 60, :allow_nil => true
-  validates_length_of :account, :account_password, :base_dn, :filter, :maximum => 255, :allow_blank => true
+  validates_length_of :name, :host, :account_password, :maximum => 60, :allow_nil => true
+  validates_length_of :account, :base_dn, :maximum => 255, :allow_nil => true
  validates_length_of :attr_login, :attr_firstname, :attr_lastname, :attr_mail, :maximum => 30, :allow_nil => true
  validates_numericality_of :port, :only_integer => true
-  validates_numericality_of :timeout, :only_integer => true, :allow_blank => true
-  validate :validate_filter
-
+  
  before_validation :strip_ldap_attributes
-
-  def initialize(attributes=nil, *args)
-    super
+  
+  def after_initialize
    self.port = 389 if self.port == 0
  end
-
+  
  def authenticate(login, password)
    return nil if login.blank? || password.blank?
-
-    with_timeout do
-      attrs = get_user_dn(login, password)
-      if attrs && attrs[:dn] && authenticate_dn(attrs[:dn], password)
-        logger.debug "Authentication successful for '#{login}'" if logger && logger.debug?
-        return attrs.except(:dn)
-      end
+    attrs = get_user_dn(login)
+    
+    if attrs && attrs[:dn] && authenticate_dn(attrs[:dn], password)
+      logger.debug "Authentication successful for '#{login}'" if logger && logger.debug?
+      return attrs.except(:dn)
    end
-  rescue Net::LDAP::LdapError => e
-    raise AuthSourceException.new(e.message)
+  rescue  Net::LDAP::LdapError => text
+    raise "LdapError: " + text
  end

  # test the connection to the LDAP
  def test_connection
-    with_timeout do
-      ldap_con = initialize_ldap_con(self.account, self.account_password)
-      ldap_con.open { }
-    end
-  rescue Net::LDAP::LdapError => e
-    raise AuthSourceException.new(e.message)
+    ldap_con = initialize_ldap_con(self.account, self.account_password)
+    ldap_con.open { }
+  rescue  Net::LDAP::LdapError => text
+    raise "LdapError: " + text
  end
-
+ 
  def auth_method_name
    "LDAP"
  end
-
+  
  private
-
-  def with_timeout(&block)
-    timeout = self.timeout
-    timeout = 20 unless timeout && timeout > 0
-    Timeout.timeout(timeout) do
-      return yield
-    end
-  rescue Timeout::Error => e
-    raise AuthSourceTimeoutException.new(e.message)
-  end
-
-  def ldap_filter
-    if filter.present?
-      Net::LDAP::Filter.construct(filter)
-    end
-  rescue Net::LDAP::LdapError
-    nil
-  end
-
-  def validate_filter
-    if filter.present? && ldap_filter.nil?
-      errors.add(:filter, :invalid)
-    end
-  end
-
+  
  def strip_ldap_attributes
    [:attr_login, :attr_firstname, :attr_lastname, :attr_mail].each do |attr|
      write_attribute(attr, read_attribute(attr).strip) unless read_attribute(attr).nil?
    end
  end
-
+  
  def initialize_ldap_con(ldap_user, ldap_password)
    options = { :host => self.host,
                :port => self.port,
@@ -133,24 +100,14 @@ class AuthSourceLdap < AuthSource
  end

  # Get the user's dn and any attributes for them, given their login
-  def get_user_dn(login, password)
-    ldap_con = nil
-    if self.account && self.account.include?("$login")
-      ldap_con = initialize_ldap_con(self.account.sub("$login", Net::LDAP::DN.escape(login)), password)
-    else
-      ldap_con = initialize_ldap_con(self.account, self.account_password)
-    end
-    login_filter = Net::LDAP::Filter.eq( self.attr_login, login )
-    object_filter = Net::LDAP::Filter.eq( "objectClass", "*" )
+  def get_user_dn(login)
+    ldap_con = initialize_ldap_con(self.account, self.account_password)
+    login_filter = Net::LDAP::Filter.eq( self.attr_login, login ) 
+    object_filter = Net::LDAP::Filter.eq( "objectClass", "*" ) 
    attrs = {}
-
-    search_filter = object_filter & login_filter
-    if f = ldap_filter
-      search_filter = search_filter & f
-    end
-
-    ldap_con.search( :base => self.base_dn,
-                     :filter => search_filter,
+    
+    ldap_con.search( :base => self.base_dn, 
+                     :filter => object_filter & login_filter, 
                     :attributes=> search_attributes) do |entry|

      if onthefly_register?
@@ -164,7 +121,7 @@ class AuthSourceLdap < AuthSource

    attrs
  end
-
+  
  def self.get_attr(entry, attr_name)
    if !attr_name.blank?
      entry[attr_name].is_a?(Array) ? entry[attr_name].first : entry[attr_name]
--- a/app/models/board.rb
+++ b/app/models/board.rb
@@ -1,61 +1,44 @@
-# Redmine - project management software
-# Copyright (C) 2006-2012  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006-2007  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 class Board < ActiveRecord::Base
-  include Redmine::SafeAttributes
  belongs_to :project
  has_many :topics, :class_name => 'Message', :conditions => "#{Message.table_name}.parent_id IS NULL", :order => "#{Message.table_name}.created_on DESC"
  has_many :messages, :dependent => :destroy, :order => "#{Message.table_name}.created_on DESC"
  belongs_to :last_message, :class_name => 'Message', :foreign_key => :last_message_id
-  acts_as_tree :dependent => :nullify
-  acts_as_list :scope => '(project_id = #{project_id} AND parent_id #{parent_id ? "= #{parent_id}" : "IS NULL"})'
+  acts_as_list :scope => :project_id
  acts_as_watchable
-
+  
  validates_presence_of :name, :description
  validates_length_of :name, :maximum => 30
  validates_length_of :description, :maximum => 255
-  validate :validate_board
-
-  scope :visible, lambda {|*args| { :include => :project,
-                                          :conditions => Project.allowed_to_condition(args.shift || User.current, :view_messages, *args) } }
-
-  safe_attributes 'name', 'description', 'parent_id', 'move_to'
-
+  
  def visible?(user=User.current)
    !user.nil? && user.allowed_to?(:view_messages, project)
  end
-
-  def reload(*args)
-    @valid_parents = nil
-    super
-  end
-
+  
  def to_s
    name
  end
-
-  def valid_parents
-    @valid_parents ||= project.boards - self_and_descendants
-  end
-
+  
  def reset_counters!
    self.class.reset_counters!(id)
  end
-
+  
  # Updates topics_count, messages_count and last_message_id attributes for +board_id+
  def self.reset_counters!(board_id)
    board_id = board_id.to_i
@@ -64,26 +47,4 @@ class Board < ActiveRecord::Base
               " last_message_id = (SELECT MAX(id) FROM #{Message.table_name} WHERE board_id=#{board_id})",
               ["id = ?", board_id])
  end
-
-  def self.board_tree(boards, parent_id=nil, level=0)
-    tree = []
-    boards.select {|board| board.parent_id == parent_id}.sort_by(&:position).each do |board|
-      tree << [board, level]
-      tree += board_tree(boards, board.id, level+1)
-    end
-    if block_given?
-      tree.each do |board, level|
-        yield board, level
-      end
-    end
-    tree
-  end
-
-  protected
-
-  def validate_board
-    if parent_id && parent_id_changed?
-      errors.add(:parent_id, :invalid) unless valid_parents.include?(parent)
-    end
-  end
 end
--- a/app/models/change.rb
+++ b/app/models/change.rb
@@ -1,36 +1,30 @@
-# Redmine - project management software
-# Copyright (C) 2006-2012  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006-2007  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 class Change < ActiveRecord::Base
  belongs_to :changeset
-
+  
  validates_presence_of :changeset_id, :action, :path
  before_save :init_path
-  before_validation :replace_invalid_utf8_of_path
-
+  
  def relative_path
    changeset.repository.relative_path(path)
  end
-
-  def replace_invalid_utf8_of_path
-    self.path      = Redmine::CodesetUtil.replace_invalid_utf8(self.path)
-    self.from_path = Redmine::CodesetUtil.replace_invalid_utf8(self.from_path)
-  end
-
+  
  def init_path
    self.path ||= ""
  end
--- a/app/models/changeset.rb
+++ b/app/models/changeset.rb
@@ -1,16 +1,16 @@
 # Redmine - project management software
-# Copyright (C) 2006-2012  Jean-Philippe Lang
+# Copyright (C) 2006-2010  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
@@ -20,42 +20,30 @@ require 'iconv'
 class Changeset < ActiveRecord::Base
  belongs_to :repository
  belongs_to :user
-  has_many :filechanges, :class_name => 'Change', :dependent => :delete_all
+  has_many :changes, :dependent => :delete_all
  has_and_belongs_to_many :issues
-  has_and_belongs_to_many :parents,
-                          :class_name => "Changeset",
-                          :join_table => "#{table_name_prefix}changeset_parents#{table_name_suffix}",
-                          :association_foreign_key => 'parent_id', :foreign_key => 'changeset_id'
-  has_and_belongs_to_many :children,
-                          :class_name => "Changeset",
-                          :join_table => "#{table_name_prefix}changeset_parents#{table_name_suffix}",
-                          :association_foreign_key => 'changeset_id', :foreign_key => 'parent_id'

-  acts_as_event :title => Proc.new {|o| o.title},
+  acts_as_event :title => Proc.new {|o| "#{l(:label_revision)} #{o.format_identifier}" + (o.short_comments.blank? ? '' : (': ' + o.short_comments))},
                :description => :long_comments,
                :datetime => :committed_on,
-                :url => Proc.new {|o| {:controller => 'repositories', :action => 'revision', :id => o.repository.project, :repository_id => o.repository.identifier_param, :rev => o.identifier}}
-
+                :url => Proc.new {|o| {:controller => 'repositories', :action => 'revision', :id => o.repository.project, :rev => o.identifier}}
+                
  acts_as_searchable :columns => 'comments',
                     :include => {:repository => :project},
                     :project_key => "#{Repository.table_name}.project_id",
                     :date_column => 'committed_on'
-
+                     
  acts_as_activity_provider :timestamp => "#{table_name}.committed_on",
                            :author_key => :user_id,
                            :find_options => {:include => [:user, {:repository => :project}]}
-
+  
  validates_presence_of :repository_id, :revision, :committed_on, :commit_date
  validates_uniqueness_of :revision, :scope => :repository_id
  validates_uniqueness_of :scmid, :scope => :repository_id, :allow_nil => true
-
-  scope :visible,
-     lambda {|*args| { :include => {:repository => :project},
-                                          :conditions => Project.allowed_to_condition(args.shift || User.current, :view_changesets, *args) } }
-
-  after_create :scan_for_issues
-  before_create :before_create_cs
-
+  
+  named_scope :visible, lambda {|*args| { :include => {:repository => :project},
+                                          :conditions => Project.allowed_to_condition(args.first || User.current, :view_changesets) } }
+                                          
  def revision=(r)
    write_attribute :revision, (r.nil? ? nil : r.to_s)
  end
@@ -68,6 +56,10 @@ class Changeset < ActiveRecord::Base
      revision.to_s
    end
  end
+  
+  def comments=(comment)
+    write_attribute(:comments, Changeset.normalize_comments(comment))
+  end

  def committed_on=(date)
    self.commit_date = date
@@ -82,26 +74,27 @@ class Changeset < ActiveRecord::Base
      identifier
    end
  end
+  
+  def committer=(arg)
+    write_attribute(:committer, self.class.to_utf8(arg.to_s))
+  end

  def project
    repository.project
  end
-
+  
  def author
    user || committer.to_s.split('<').first
  end
-
-  def before_create_cs
-    self.committer = self.class.to_utf8(self.committer, repository.repo_log_encoding)
-    self.comments  = self.class.normalize_comments(
-                       self.comments, repository.repo_log_encoding)
-    self.user = repository.find_committer_user(self.committer)
+  
+  def before_create
+    self.user = repository.find_committer_user(committer)
  end
-
-  def scan_for_issues
+  
+  def after_create
    scan_comment_for_issue_ids
  end
-
+  
  TIMELOG_RE = /
    (
    ((\d+)(h|hours?))((\d+)(m|min)?)?
@@ -113,7 +106,7 @@ class Changeset < ActiveRecord::Base
    (\d+([\.,]\d+)?)h?
    )
    /x
-
+  
  def scan_comment_for_issue_ids
    return if comments.blank?
    # keywords used to reference issues
@@ -121,15 +114,15 @@ class Changeset < ActiveRecord::Base
    ref_keywords_any = ref_keywords.delete('*')
    # keywords used to fix issues
    fix_keywords = Setting.commit_fix_keywords.downcase.split(",").collect(&:strip)
-
+    
    kw_regexp = (ref_keywords + fix_keywords).collect{|kw| Regexp.escape(kw)}.join("|")
-
+    
    referenced_issues = []
-
+    
    comments.scan(/([\s\(\[,-]|^)((#{kw_regexp})[\s:]+)?(#\d+(\s+@#{TIMELOG_RE})?([\s,;&]+#\d+(\s+@#{TIMELOG_RE})?)*)(?=[[:punct:]]|\s|<|$)/i) do |match|
      action, refs = match[2], match[3]
      next unless action.present? || ref_keywords_any
-
+      
      refs.scan(/#(\d+)(\s+@#{TIMELOG_RE})?/).each do |m|
        issue, hours = find_referenced_issue_by_id(m[0].to_i), m[2]
        if issue
@@ -139,92 +132,79 @@ class Changeset < ActiveRecord::Base
        end
      end
    end
-
+    
    referenced_issues.uniq!
    self.issues = referenced_issues unless referenced_issues.empty?
  end
-
+  
  def short_comments
    @short_comments || split_comments.first
  end
-
+  
  def long_comments
    @long_comments || split_comments.last
  end

-  def text_tag(ref_project=nil)
-    tag = if scmid?
+  def text_tag
+    if scmid?
      "commit:#{scmid}"
    else
      "r#{revision}"
    end
-    if repository && repository.identifier.present?
-      tag = "#{repository.identifier}|#{tag}"
-    end
-    if ref_project && project && ref_project != project
-      tag = "#{project.identifier}:#{tag}"
-    end
-    tag
  end
-
-  # Returns the title used for the changeset in the activity/search results
-  def title
-    repo = (repository && repository.identifier.present?) ? " (#{repository.identifier})" : ''
-    comm = short_comments.blank? ? '' : (': ' + short_comments)
-    "#{l(:label_revision)} #{format_identifier}#{repo}#{comm}"
-  end
-
+  
  # Returns the previous changeset
  def previous
-    @previous ||= Changeset.where(["id < ? AND repository_id = ?", id, repository_id]).order('id DESC').first
+    @previous ||= Changeset.find(:first, :conditions => ['id < ? AND repository_id = ?', self.id, self.repository_id], :order => 'id DESC')
  end

  # Returns the next changeset
  def next
-    @next ||= Changeset.where(["id > ? AND repository_id = ?", id, repository_id]).order('id ASC').first
+    @next ||= Changeset.find(:first, :conditions => ['id > ? AND repository_id = ?', self.id, self.repository_id], :order => 'id ASC')
+  end
+  
+  # Strips and reencodes a commit log before insertion into the database
+  def self.normalize_comments(str)
+    to_utf8(str.to_s.strip)
  end

  # Creates a new Change from it's common parameters
  def create_change(change)
-    Change.create(:changeset     => self,
-                  :action        => change[:action],
-                  :path          => change[:path],
-                  :from_path     => change[:from_path],
+    Change.create(:changeset => self,
+                  :action => change[:action],
+                  :path => change[:path],
+                  :from_path => change[:from_path],
                  :from_revision => change[:from_revision])
  end
+  
+  private

  # Finds an issue that can be referenced by the commit message
+  # i.e. an issue that belong to the repository project, a subproject or a parent project
  def find_referenced_issue_by_id(id)
    return nil if id.blank?
    issue = Issue.find_by_id(id.to_i, :include => :project)
-    if Setting.commit_cross_project_ref?
-      # all issues can be referenced/fixed
-    elsif issue
-      # issue that belong to the repository project, a subproject or a parent project only
-      unless issue.project &&
-                (project == issue.project || project.is_ancestor_of?(issue.project) ||
-                 project.is_descendant_of?(issue.project))
+    if issue
+      unless issue.project && (project == issue.project || project.is_ancestor_of?(issue.project) || project.is_descendant_of?(issue.project))
        issue = nil
      end
    end
    issue
  end
-
-  private
-
+  
  def fix_issue(issue)
    status = IssueStatus.find_by_id(Setting.commit_fix_status_id.to_i)
    if status.nil?
-      logger.warn("No status matches commit_fix_status_id setting (#{Setting.commit_fix_status_id})") if logger
+      logger.warn("No status macthes commit_fix_status_id setting (#{Setting.commit_fix_status_id})") if logger
      return issue
    end
-
+    
    # the issue may have been updated by the closure of another one (eg. duplicate)
    issue.reload
    # don't change the status is the issue is closed
    return if issue.status && issue.status.is_closed?
-
-    journal = issue.init_journal(user || User.anonymous, ll(Setting.default_language, :text_status_changed_by_changeset, text_tag(issue.project)))
+    
+    journal = issue.init_journal(user || User.anonymous, ll(Setting.default_language, :text_status_changed_by_changeset, text_tag))
    issue.status = status
    unless Setting.commit_fix_done_ratio.blank?
      issue.done_ratio = Setting.commit_fix_done_ratio.to_i
@@ -236,30 +216,29 @@ class Changeset < ActiveRecord::Base
    end
    issue
  end
-
+  
  def log_time(issue, hours)
    time_entry = TimeEntry.new(
      :user => user,
      :hours => hours,
      :issue => issue,
      :spent_on => commit_date,
-      :comments => l(:text_time_logged_by_changeset, :value => text_tag(issue.project),
-                     :locale => Setting.default_language)
+      :comments => l(:text_time_logged_by_changeset, :value => text_tag, :locale => Setting.default_language)
      )
    time_entry.activity = log_time_activity unless log_time_activity.nil?
-
+    
    unless time_entry.save
      logger.warn("TimeEntry could not be created by changeset #{id}: #{time_entry.errors.full_messages}") if logger
    end
    time_entry
  end
-
+  
  def log_time_activity
    if Setting.commit_logtime_activity_id.to_i > 0
      TimeEntryActivity.find_by_id(Setting.commit_logtime_activity_id.to_i)
    end
  end
-
+  
  def split_comments
    comments =~ /\A(.+?)\r?\n(.*)$/m
    @short_comments = $1 || comments
@@ -267,14 +246,22 @@ class Changeset < ActiveRecord::Base
    return @short_comments, @long_comments
  end

-  public
-
-  # Strips and reencodes a commit log before insertion into the database
-  def self.normalize_comments(str, encoding)
-    Changeset.to_utf8(str.to_s.strip, encoding)
-  end
-
-  def self.to_utf8(str, encoding)
-    Redmine::CodesetUtil.to_utf8(str, encoding)
+  def self.to_utf8(str)
+    return str if /\A[\r\n\t\x20-\x7e]*\Z/n.match(str) # for us-ascii
+    encoding = Setting.commit_logs_encoding.to_s.strip
+    unless encoding.blank? || encoding == 'UTF-8'
+      begin
+        str = Iconv.conv('UTF-8', encoding, str)
+      rescue Iconv::Failure
+        # do nothing here
+      end
+    end
+    # removes invalid UTF8 sequences
+    begin
+      Iconv.conv('UTF-8//IGNORE', 'UTF-8', str + '  ')[0..-3]
+    rescue Iconv::InvalidEncoding
+      # "UTF-8//IGNORE" is not supported on some OS
+      str
+    end
  end
 end
--- a/Show More
+++ b/Show More