tagged version 1.2.2

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/tags/1.2.2@7778 e93f8b46-1217-0410-a6f0-8f06a7374b81
Merged r7776 from trunk.
2011-11-11 13:01:35 +00:00 · 2011-11-11 12:53:35 +00:00 · 2011-11-11 12:44:13 +00:00 · 2011-11-11 12:33:15 +00:00 · 2011-11-11 11:44:10 +00:00 · 2011-11-11 11:40:56 +00:00
1914 changed files with 81708 additions and 76432 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -5,7 +5,6 @@
 /config/database.yml
 /config/email.yml
 /config/initializers/session_store.rb
-/config/initializers/secret_token.rb
 /coverage
 /db/*.db
 /db/*.sqlite3
@@ -19,16 +18,8 @@
 /public/plugin_assets
 /tmp/*
 /tmp/cache/*
-/tmp/pdf/*
 /tmp/sessions/*
 /tmp/sockets/*
 /tmp/test/*
-/tmp/thumbnails/*
-/vendor/cache
 /vendor/rails
 *.rbc
-
-/.bundle
-/Gemfile.lock
-/Gemfile.local
-
--- a/.hgignore
+++ b/.hgignore
@@ -7,7 +7,6 @@ config/configuration.yml
 config/database.yml
 config/email.yml
 config/initializers/session_store.rb
-config/initializers/secret_token.rb
 coverage
 db/*.db
 db/*.sqlite3
@@ -21,19 +20,10 @@ public/dispatch.*
 public/plugin_assets
 tmp/*
 tmp/cache/*
-tmp/pdf/*
 tmp/sessions/*
 tmp/sockets/*
 tmp/test/*
-tmp/thumbnails/*
-vendor/cache
 vendor/rails
 *.rbc
-
 .svn/
 .git/
-
-.bundle
-Gemfile.lock
-Gemfile.local
-
--- a/96
+++ b/96
@@ -1,96 +0,0 @@
-source 'https://rubygems.org'
-
-gem "rails", "3.2.13"
-gem "jquery-rails", "~> 2.0.2"
-gem "i18n", "~> 0.6.0"
-gem "coderay", "~> 1.0.9"
-gem "fastercsv", "~> 1.5.0", :platforms => [:mri_18, :mingw_18, :jruby]
-gem "builder", "3.0.0"
-
-# Optional gem for LDAP authentication
-group :ldap do
-  gem "net-ldap", "~> 0.3.1"
-end
-
-# Optional gem for OpenID authentication
-group :openid do
-  gem "ruby-openid", "~> 2.2.3", :require => "openid"
-  gem "rack-openid"
-end
-
-# Optional gem for exporting the gantt to a PNG file, not supported with jruby
-platforms :mri, :mingw do
-  group :rmagick do
-    # RMagick 2 supports ruby 1.9
-    # RMagick 1 would be fine for ruby 1.8 but Bundler does not support
-    # different requirements for the same gem on different platforms
-    gem "rmagick", ">= 2.0.0"
-  end
-end
-
-platforms :jruby do
-  # jruby-openssl is bundled with JRuby 1.7.0
-  gem "jruby-openssl" if Object.const_defined?(:JRUBY_VERSION) && JRUBY_VERSION < '1.7.0'
-  gem "activerecord-jdbc-adapter", "1.2.5"
-end
-
-# Include database gems for the adapters found in the database
-# configuration file
-require 'erb'
-require 'yaml'
-database_file = File.join(File.dirname(__FILE__), "config/database.yml")
-if File.exist?(database_file)
-  database_config = YAML::load(ERB.new(IO.read(database_file)).result)
-  adapters = database_config.values.map {|c| c['adapter']}.compact.uniq
-  if adapters.any?
-    adapters.each do |adapter|
-      case adapter
-      when 'mysql2'
-        gem "mysql2", "~> 0.3.11", :platforms => [:mri, :mingw]
-        gem "activerecord-jdbcmysql-adapter", :platforms => :jruby
-      when 'mysql'
-        gem "mysql", "~> 2.8.1", :platforms => [:mri, :mingw]
-        gem "activerecord-jdbcmysql-adapter", :platforms => :jruby
-      when /postgresql/
-        gem "pg", ">= 0.11.0", :platforms => [:mri, :mingw]
-        gem "activerecord-jdbcpostgresql-adapter", :platforms => :jruby
-      when /sqlite3/
-        gem "sqlite3", :platforms => [:mri, :mingw]
-        gem "activerecord-jdbcsqlite3-adapter", :platforms => :jruby
-      when /sqlserver/
-        gem "tiny_tds", "~> 0.5.1", :platforms => [:mri, :mingw]
-        gem "activerecord-sqlserver-adapter", :platforms => [:mri, :mingw]
-      else
-        warn("Unknown database adapter `#{adapter}` found in config/database.yml, use Gemfile.local to load your own database gems")
-      end
-    end
-  else
-    warn("No adapter found in config/database.yml, please configure it first")
-  end
-else
-  warn("Please configure your config/database.yml first")
-end
-
-group :development do
-  gem "rdoc", ">= 2.4.2"
-  gem "yard"
-end
-
-group :test do
-  gem "shoulda", "~> 3.3.2"
-  gem "mocha", "~> 0.13.3"
-  gem 'capybara', '~> 2.0.0'
-  gem 'nokogiri', '< 1.6.0'
-end
-
-local_gemfile = File.join(File.dirname(__FILE__), "Gemfile.local")
-if File.exists?(local_gemfile)
-  puts "Loading Gemfile.local ..." if $DEBUG # `ruby -d` or `bundle -v`
-  instance_eval File.read(local_gemfile)
-end
-
-# Load plugins' Gemfiles
-Dir.glob File.expand_path("../plugins/*/Gemfile", __FILE__) do |file|
-  puts "Loading #{file} ..." if $DEBUG # `ruby -d` or `bundle -v`
-  instance_eval File.read(file)
-end
--- a/README.rdoc
+++ b/README.rdoc
@@ -2,4 +2,4 @@

 Redmine is a flexible project management web application written using Ruby on Rails framework.

-More details can be found in the doc directory or on the official website http://www.redmine.org
+More details can be found at in the doc directory or on the official website http://www.redmine.org
--- a/11
+++ b/11
@@ -1,7 +1,10 @@
-#!/usr/bin/env rake
 # Add your own tasks in files placed in lib/tasks ending in .rake,
-# for example lib/tasks/capistrano.rake, and they will automatically be available to Rake.
+# for example lib/tasks/switchtower.rake, and they will automatically be available to Rake.

-require File.expand_path('../config/application', __FILE__)
+require(File.join(File.dirname(__FILE__), 'config', 'boot'))

-RedmineApp::Application.load_tasks
+require 'rake'
+require 'rake/testtask'
+require 'rake/rdoctask'
+
+require 'tasks/rails'
--- a/app/controllers/account_controller.rb
+++ b/app/controllers/account_controller.rb
@@ -1,112 +1,87 @@
 # Redmine - project management software
-# Copyright (C) 2006-2013  Jean-Philippe Lang
+# Copyright (C) 2006-2009  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 class AccountController < ApplicationController
  helper :custom_fields
-  include CustomFieldsHelper
-
+  include CustomFieldsHelper   
+  
  # prevents login action to be filtered by check_if_login_required application scope filter
  skip_before_filter :check_if_login_required

  # Login request and validation
  def login
    if request.get?
-      if User.current.logged?
-        redirect_to home_url
-      end
+      logout_user
    else
      authenticate_user
    end
-  rescue AuthSourceException => e
-    logger.error "An error occured when authenticating #{params[:username]}: #{e.message}"
-    render_error :message => e.message
  end

  # Log out current user and redirect to welcome page
  def logout
-    if User.current.anonymous?
-      redirect_to home_url
-    elsif request.post?
-      logout_user
-      redirect_to home_url
-    end
-    # display the logout form
+    logout_user
+    redirect_to home_url
  end
-
-  # Lets user choose a new password
+  
+  # Enable user to choose a new password
  def lost_password
-    (redirect_to(home_url); return) unless Setting.lost_password?
+    redirect_to(home_url) && return unless Setting.lost_password?
    if params[:token]
-      @token = Token.find_token("recovery", params[:token].to_s)
-      if @token.nil? || @token.expired?
-        redirect_to home_url
-        return
-      end
+      @token = Token.find_by_action_and_value("recovery", params[:token])
+      redirect_to(home_url) && return unless @token and !@token.expired?
      @user = @token.user
-      unless @user && @user.active?
-        redirect_to home_url
-        return
-      end
      if request.post?
        @user.password, @user.password_confirmation = params[:new_password], params[:new_password_confirmation]
        if @user.save
          @token.destroy
          flash[:notice] = l(:notice_account_password_updated)
-          redirect_to signin_path
+          redirect_to :action => 'login'
          return
-        end
+        end 
      end
      render :template => "account/password_recovery"
      return
    else
      if request.post?
-        user = User.find_by_mail(params[:mail].to_s)
-        # user not found or not active
-        unless user && user.active?
-          flash.now[:error] = l(:notice_account_unknown_email)
-          return
-        end
-        # user cannot change its password
-        unless user.change_password_allowed?
-          flash.now[:error] = l(:notice_can_t_change_password)
-          return
-        end
+        user = User.find_by_mail(params[:mail])
+        # user not found in db
+        (flash.now[:error] = l(:notice_account_unknown_email); return) unless user
+        # user uses an external authentification
+        (flash.now[:error] = l(:notice_can_t_change_password); return) if user.auth_source_id
        # create a new token for password recovery
        token = Token.new(:user => user, :action => "recovery")
        if token.save
-          Mailer.lost_password(token).deliver
+          Mailer.deliver_lost_password(token)
          flash[:notice] = l(:notice_account_lost_email_sent)
-          redirect_to signin_path
+          redirect_to :action => 'login'
          return
        end
      end
    end
  end
-
+  
  # User self-registration
  def register
-    (redirect_to(home_url); return) unless Setting.self_registration? || session[:auth_source_registration]
+    redirect_to(home_url) && return unless Setting.self_registration? || session[:auth_source_registration]
    if request.get?
      session[:auth_source_registration] = nil
-      @user = User.new(:language => current_language.to_s)
+      @user = User.new(:language => Setting.default_language)
    else
-      user_params = params[:user] || {}
-      @user = User.new
-      @user.safe_attributes = user_params
+      @user = User.new(params[:user])
      @user.admin = false
      @user.register
      if session[:auth_source_registration]
@@ -117,13 +92,11 @@ class AccountController < ApplicationController
          session[:auth_source_registration] = nil
          self.logged_user = @user
          flash[:notice] = l(:notice_account_activated)
-          redirect_to my_account_path
+          redirect_to :controller => 'my', :action => 'account'
        end
      else
        @user.login = params[:user][:login]
-        unless user_params[:identity_url].present? && user_params[:password].blank? && user_params[:password_confirmation].blank?
-          @user.password, @user.password_confirmation = user_params[:password], user_params[:password_confirmation]
-        end
+        @user.password, @user.password_confirmation = params[:password], params[:password_confirmation]

        case Setting.self_registration
        when '1'
@@ -136,24 +109,32 @@ class AccountController < ApplicationController
      end
    end
  end
-
+  
  # Token based account activation
  def activate
-    (redirect_to(home_url); return) unless Setting.self_registration? && params[:token].present?
-    token = Token.find_token('register', params[:token].to_s)
-    (redirect_to(home_url); return) unless token and !token.expired?
+    redirect_to(home_url) && return unless Setting.self_registration? && params[:token]
+    token = Token.find_by_action_and_value('register', params[:token])
+    redirect_to(home_url) && return unless token and !token.expired?
    user = token.user
-    (redirect_to(home_url); return) unless user.registered?
+    redirect_to(home_url) && return unless user.registered?
    user.activate
    if user.save
      token.destroy
      flash[:notice] = l(:notice_account_activated)
    end
-    redirect_to signin_path
+    redirect_to :action => 'login'
  end
-
+  
  private
-
+  
+  def logout_user
+    if User.current.logged?
+      cookies.delete :autologin
+      Token.delete_all(["user_id = ? AND action = ?", User.current.id, 'autologin'])
+      self.logged_user = nil
+    end
+  end
+  
  def authenticate_user
    if Setting.openid? && using_open_id?
      open_id_authenticate(params[:openid_url])
@@ -175,15 +156,14 @@ class AccountController < ApplicationController
    end
  end

+  
  def open_id_authenticate(openid_url)
-    back_url = signin_url(:autologin => params[:autologin])
-
-    authenticate_with_open_id(openid_url, :required => [:nickname, :fullname, :email], :return_to => back_url, :method => :post) do |result, identity_url, registration|
+    authenticate_with_open_id(openid_url, :required => [:nickname, :fullname, :email], :return_to => signin_url) do |result, identity_url, registration|
      if result.successful?
        user = User.find_or_initialize_by_identity_url(identity_url)
        if user.new_record?
          # Self-registration off
-          (redirect_to(home_url); return) unless Setting.self_registration?
+          redirect_to(home_url) && return unless Setting.self_registration?

          # Create on the fly
          user.login = registration['nickname'] unless registration['nickname'].nil?
@@ -205,7 +185,7 @@ class AccountController < ApplicationController
            register_manually_by_administrator(user) do
              onthefly_creation_failed(user)
            end
-          end
+          end          
        else
          # Existing record
          if user.active?
@@ -217,9 +197,8 @@ class AccountController < ApplicationController
      end
    end
  end
-
+  
  def successful_authentication(user)
-    logger.info "Successful authentication for '#{user.login}' from #{request.remote_ip} at #{Time.now.utc}"
    # Valid user
    self.logged_user = user
    # generate a key and set cookie if autologin
@@ -227,11 +206,12 @@ class AccountController < ApplicationController
      set_autologin_cookie(user)
    end
    call_hook(:controller_account_success_authentication_after, {:user => user })
-    redirect_back_or_default my_page_path
+    redirect_back_or_default :controller => 'my', :action => 'page'
  end
-
+  
  def set_autologin_cookie(user)
    token = Token.create(:user => user, :action => 'autologin')
+    cookie_name = Redmine::Configuration['autologin_cookie_name'] || 'autologin'
    cookie_options = {
      :value => token.value,
      :expires => 1.year.from_now,
@@ -239,7 +219,7 @@ class AccountController < ApplicationController
      :secure => (Redmine::Configuration['autologin_cookie_secure'] ? true : false),
      :httponly => true
    }
-    cookies[autologin_cookie_name] = cookie_options
+    cookies[cookie_name] = cookie_options
  end

  # Onthefly creation failed, display the registration form to fill/fix attributes
@@ -260,14 +240,14 @@ class AccountController < ApplicationController
  def register_by_email_activation(user, &block)
    token = Token.new(:user => user, :action => "register")
    if user.save and token.save
-      Mailer.register(token).deliver
+      Mailer.deliver_register(token)
      flash[:notice] = l(:notice_account_register_done)
-      redirect_to signin_path
+      redirect_to :action => 'login'
    else
      yield if block_given?
    end
  end
-
+  
  # Automatically register a user
  #
  # Pass a block for behavior when a user fails to save
@@ -278,19 +258,19 @@ class AccountController < ApplicationController
    if user.save
      self.logged_user = user
      flash[:notice] = l(:notice_account_activated)
-      redirect_to my_account_path
+      redirect_to :controller => 'my', :action => 'account'
    else
      yield if block_given?
    end
  end
-
+  
  # Manual activation by the administrator
  #
  # Pass a block for behavior when a user fails to save
  def register_manually_by_administrator(user, &block)
    if user.save
      # Sends an email to the administrators
-      Mailer.account_activation_request(user).deliver
+      Mailer.deliver_account_activation_request(user)
      account_pending
    else
      yield if block_given?
@@ -299,6 +279,6 @@ class AccountController < ApplicationController

  def account_pending
    flash[:notice] = l(:notice_account_pending)
-    redirect_to signin_path
+    redirect_to :action => 'login'
  end
 end
--- a/app/controllers/activities_controller.rb
+++ b/app/controllers/activities_controller.rb
@@ -1,5 +1,5 @@
 # Redmine - project management software
-# Copyright (C) 2006-2013  Jean-Philippe Lang
+# Copyright (C) 2006-2011  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
@@ -40,10 +40,10 @@ class ActivitiesController < ApplicationController

    events = @activity.events(@date_from, @date_to)

-    if events.empty? || stale?(:etag => [@activity.scope, @date_to, @date_from, @with_subprojects, @author, events.first, events.size, User.current, current_language])
+    if events.empty? || stale?(:etag => [@activity.scope, @date_to, @date_from, @with_subprojects, @author, events.first, User.current, current_language])
      respond_to do |format|
        format.html {
-          @events_by_day = events.group_by {|event| User.current.time_to_date(event.event_datetime)}
+          @events_by_day = events.group_by(&:event_date)
          render :layout => false if request.xhr?
        }
        format.atom {
--- a/app/controllers/admin_controller.rb
+++ b/app/controllers/admin_controller.rb
@@ -1,40 +1,39 @@
-# Redmine - project management software
-# Copyright (C) 2006-2013  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 class AdminController < ApplicationController
  layout 'admin'
-  menu_item :projects, :only => :projects
-  menu_item :plugins, :only => :plugins
-  menu_item :info, :only => :info
-
  before_filter :require_admin
  helper :sort
-  include SortHelper
+  include SortHelper	

  def index
    @no_configuration_data = Redmine::DefaultData::Loader::no_data?
  end
-
+	
  def projects
-    @status = params[:status] || 1
-
-    scope = Project.status(@status).order('lft')
-    scope = scope.like(params[:name]) if params[:name].present?
-    @projects = scope.all
+    @status = params[:status] ? params[:status].to_i : 1
+    c = ARCondition.new(@status == 0 ? "status <> 0" : ["status = ?", @status])
+    unless params[:name].blank?
+      name = "%#{params[:name].strip.downcase}%"
+      c << ["LOWER(identifier) LIKE ? OR LOWER(name) LIKE ?", name, name]
+    end
+    @projects = Project.find :all, :order => 'lft',
+                                   :conditions => c.conditions

    render :action => "projects", :layout => false if request.xhr?
  end
@@ -54,7 +53,7 @@ class AdminController < ApplicationController
        flash[:error] = l(:error_can_t_load_default_data, e.message)
      end
    end
-    redirect_to admin_path
+    redirect_to :action => 'index'
  end

  def test_email
@@ -62,21 +61,23 @@ class AdminController < ApplicationController
    # Force ActionMailer to raise delivery errors so we can catch it
    ActionMailer::Base.raise_delivery_errors = true
    begin
-      @test = Mailer.test_email(User.current).deliver
+      @test = Mailer.deliver_test(User.current)
      flash[:notice] = l(:notice_email_sent, User.current.mail)
    rescue Exception => e
      flash[:error] = l(:notice_email_error, e.message)
    end
    ActionMailer::Base.raise_delivery_errors = raise_delivery_errors
-    redirect_to settings_path(:tab => 'notifications')
+    redirect_to :controller => 'settings', :action => 'edit', :tab => 'notifications'
  end

  def info
    @db_adapter_name = ActiveRecord::Base.connection.adapter_name
    @checklist = [
-      [:text_default_administrator_account_changed, User.default_admin_account_changed?],
+      [:text_default_administrator_account_changed,
+          User.find(:first,
+                    :conditions => ["login=? and hashed_password=?", 'admin', User.hash_password('admin')]).nil?],
      [:text_file_repository_writable, File.writable?(Attachment.storage_path)],
-      [:text_plugin_assets_writable,   File.writable?(Redmine::Plugin.public_directory)],
+      [:text_plugin_assets_writable,   File.writable?(Engines.public_directory)],
      [:text_rmagick_available,        Object.const_defined?(:Magick)]
    ]
  end
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -1,5 +1,5 @@
 # Redmine - project management software
-# Copyright (C) 2006-2013  Jean-Philippe Lang
+# Copyright (C) 2006-2011  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
@@ -22,62 +22,35 @@ class Unauthorized < Exception; end

 class ApplicationController < ActionController::Base
  include Redmine::I18n
-  include Redmine::Pagination
-  include RoutesHelper
-  helper :routes
-
-  class_attribute :accept_api_auth_actions
-  class_attribute :accept_rss_auth_actions
-  class_attribute :model_object

  layout 'base'
+  exempt_from_layout 'builder', 'rsb'

-  protect_from_forgery
-  def handle_unverified_request
-    super
-    cookies.delete(autologin_cookie_name)
+  # Remove broken cookie after upgrade from 0.8.x (#4292)
+  # See https://rails.lighthouseapp.com/projects/8994/tickets/3360
+  # TODO: remove it when Rails is fixed
+  before_filter :delete_broken_cookies
+  def delete_broken_cookies
+    if cookies['_redmine_session'] && cookies['_redmine_session'] !~ /--/
+      cookies.delete '_redmine_session'
+      redirect_to home_path
+      return false
+    end
  end

-  before_filter :session_expiration, :user_setup, :check_if_login_required, :set_localization
+  before_filter :user_setup, :check_if_login_required, :set_localization
+  filter_parameter_logging :password
+  protect_from_forgery

  rescue_from ActionController::InvalidAuthenticityToken, :with => :invalid_authenticity_token
  rescue_from ::Unauthorized, :with => :deny_access
-  rescue_from ::ActionView::MissingTemplate, :with => :missing_template

  include Redmine::Search::Controller
  include Redmine::MenuManager::MenuController
  helper Redmine::MenuManager::MenuHelper

-  def session_expiration
-    if session[:user_id]
-      if session_expired? && !try_to_autologin
-        reset_session
-        flash[:error] = l(:error_session_expired)
-        redirect_to signin_url
-      else
-        session[:atime] = Time.now.utc.to_i
-      end
-    end
-  end
-
-  def session_expired?
-    if Setting.session_lifetime?
-      unless session[:ctime] && (Time.now.utc.to_i - session[:ctime].to_i <= Setting.session_lifetime.to_i * 60)
-        return true
-      end
-    end
-    if Setting.session_timeout?
-      unless session[:atime] && (Time.now.utc.to_i - session[:atime].to_i <= Setting.session_timeout.to_i * 60)
-        return true
-      end
-    end
-    false
-  end
-
-  def start_user_session(user)
-    session[:user_id] = user.id
-    session[:ctime] = Time.now.utc.to_i
-    session[:atime] = Time.now.utc.to_i
+  Redmine::Scm::Base.all.each do |scm|
+    require_dependency "repository/#{scm.underscore}"
  end

  def user_setup
@@ -85,61 +58,32 @@ class ApplicationController < ActionController::Base
    Setting.check_cache
    # Find the current user
    User.current = find_current_user
-    logger.info("  Current user: " + (User.current.logged? ? "#{User.current.login} (id=#{User.current.id})" : "anonymous")) if logger
  end

  # Returns the current user or nil if no user is logged in
  # and starts a session if needed
  def find_current_user
-    user = nil
-    unless api_request?
-      if session[:user_id]
-        # existing session
-        user = (User.active.find(session[:user_id]) rescue nil)
-      elsif autologin_user = try_to_autologin
-        user = autologin_user
-      elsif params[:format] == 'atom' && params[:key] && request.get? && accept_rss_auth?
-        # RSS key authentication does not start a session
-        user = User.find_by_rss_key(params[:key])
-      end
-    end
-    if user.nil? && Setting.rest_api_enabled? && accept_api_auth?
+    if session[:user_id]
+      # existing session
+      (User.active.find(session[:user_id]) rescue nil)
+    elsif cookies[:autologin] && Setting.autologin?
+      # auto-login feature starts a new session
+      user = User.try_to_autologin(cookies[:autologin])
+      session[:user_id] = user.id if user
+      user
+    elsif params[:format] == 'atom' && params[:key] && request.get? && accept_rss_auth?
+      # RSS key authentication does not start a session
+      User.find_by_rss_key(params[:key])
+    elsif Setting.rest_api_enabled? && accept_api_auth?
      if (key = api_key_from_request)
        # Use API key
-        user = User.find_by_api_key(key)
+        User.find_by_api_key(key)
      else
        # HTTP Basic, either username/password or API key/random
        authenticate_with_http_basic do |username, password|
-          user = User.try_to_login(username, password) || User.find_by_api_key(username)
+          User.try_to_login(username, password) || User.find_by_api_key(username)
        end
      end
-      # Switch user if requested by an admin user
-      if user && user.admin? && (username = api_switch_user_from_request)
-        su = User.find_by_login(username)
-        if su && su.active?
-          logger.info("  User switched by: #{user.login} (id=#{user.id})") if logger
-          user = su
-        else
-          render_error :message => 'Invalid X-Redmine-Switch-User header', :status => 412
-        end
-      end
-    end
-    user
-  end
-
-  def autologin_cookie_name
-    Redmine::Configuration['autologin_cookie_name'].presence || 'autologin'
-  end
-
-  def try_to_autologin
-    if cookies[autologin_cookie_name] && Setting.autologin?
-      # auto-login feature starts a new session
-      user = User.try_to_autologin(cookies[autologin_cookie_name])
-      if user
-        reset_session
-        start_user_session(user)
-      end
-      user
    end
  end

@@ -148,21 +92,12 @@ class ApplicationController < ActionController::Base
    reset_session
    if user && user.is_a?(User)
      User.current = user
-      start_user_session(user)
+      session[:user_id] = user.id
    else
      User.current = User.anonymous
    end
  end

-  # Logs out current user
-  def logout_user
-    if User.current.logged?
-      cookies.delete(autologin_cookie_name)
-      Token.delete_all(["user_id = ? AND action = ?", User.current.id, 'autologin'])
-      self.logged_user = nil
-    end
-  end
-
  # check if login is globally required to access the application
  def check_if_login_required
    # no check needed if user is already logged in
@@ -267,10 +202,12 @@ class ApplicationController < ActionController::Base
    render_404 unless @object.present?

    @project = @object.project
+  rescue ActiveRecord::RecordNotFound
+    render_404
  end

  def find_model_object
-    model = self.class.model_object
+    model = self.class.read_inheritable_attribute('model_object')
    if model
      @object = model.find(params[:id])
      self.instance_variable_set('@' + controller_name.singularize, @object) if @object
@@ -280,51 +217,40 @@ class ApplicationController < ActionController::Base
  end

  def self.model_object(model)
-    self.model_object = model
+    write_inheritable_attribute('model_object', model)
  end

-  # Find the issue whose id is the :id parameter
-  # Raises a Unauthorized exception if the issue is not visible
-  def find_issue
-    # Issue.visible.find(...) can not be used to redirect user to the login form
-    # if the issue actually exists but requires authentication
-    @issue = Issue.find(params[:id])
-    raise Unauthorized unless @issue.visible?
-    @project = @issue.project
-  rescue ActiveRecord::RecordNotFound
-    render_404
-  end
-
-  # Find issues with a single :id param or :ids array param
-  # Raises a Unauthorized exception if one of the issues is not visible
+  # Filter for bulk issue operations
  def find_issues
    @issues = Issue.find_all_by_id(params[:id] || params[:ids])
    raise ActiveRecord::RecordNotFound if @issues.empty?
-    raise Unauthorized unless @issues.all?(&:visible?)
+    if @issues.detect {|issue| !issue.visible?}
+      deny_access
+      return
+    end
    @projects = @issues.collect(&:project).compact.uniq
    @project = @projects.first if @projects.size == 1
  rescue ActiveRecord::RecordNotFound
    render_404
  end

-  def find_attachments
-    if (attachments = params[:attachments]).present?
-      att = attachments.values.collect do |attachment|
-        Attachment.find_by_token( attachment[:token] ) if attachment[:token].present?
-      end
-      att.compact!
+  # Check if project is unique before bulk operations
+  def check_project_uniqueness
+    unless @project
+      # TODO: let users bulk edit/move/destroy issues from different projects
+      render_error 'Can not bulk edit/move/destroy issues from different projects'
+      return false
    end
-    @attachments = att || []
  end

  # make sure that the user is a member of the project (or admin) if project is private
  # used as a before_filter for actions that do not require any particular permission on the project
  def check_project_privacy
-    if @project && !@project.archived?
-      if @project.visible?
+    if @project && @project.active?
+      if @project.is_public? || User.current.member_of?(@project) || User.current.admin?
        true
      else
-        deny_access
+        User.current.logged? ? render_403 : require_login
      end
    else
      @project = nil
@@ -334,16 +260,12 @@ class ApplicationController < ActionController::Base
  end

  def back_url
-    url = params[:back_url]
-    if url.nil? && referer = request.env['HTTP_REFERER']
-      url = CGI.unescape(referer.to_s)
-    end
-    url
+    params[:back_url] || request.env['HTTP_REFERER']
  end

  def redirect_back_or_default(default)
-    back_url = params[:back_url].to_s
-    if back_url.present?
+    back_url = CGI.unescape(params[:back_url].to_s)
+    if !back_url.blank?
      begin
        uri = URI.parse(back_url)
        # do not redirect user to another host or to the login or register page
@@ -352,7 +274,6 @@ class ApplicationController < ActionController::Base
          return
        end
      rescue URI::InvalidURIError
-        logger.warn("Could not redirect to invalid URL #{back_url}")
        # redirect to default
      end
    end
@@ -360,19 +281,6 @@ class ApplicationController < ActionController::Base
    false
  end

-  # Redirects to the request referer if present, redirects to args or call block otherwise.
-  def redirect_to_referer_or(*args, &block)
-    redirect_to :back
-  rescue ::ActionController::RedirectBackError
-    if args.any?
-      redirect_to *args
-    elsif block_given?
-      block.call
-    else
-      raise "#redirect_to_referer_or takes arguments or a block"
-    end
-  end
-
  def render_403(options={})
    @project = nil
    render_error({:message => :notice_not_authorized, :status => 403}.merge(options))
@@ -396,27 +304,10 @@ class ApplicationController < ActionController::Base
      format.html {
        render :template => 'common/error', :layout => use_layout, :status => @status
      }
-      format.any { head @status }
-    end
-  end
-
-  # Handler for ActionView::MissingTemplate exception
-  def missing_template
-    logger.warn "Missing template, responding with 404"
-    @project = nil
-    render_404
-  end
-
-  # Filter for actions that provide an API response
-  # but have no HTML representation for non admin users
-  def require_admin_or_api_request
-    return true if api_request?
-    if User.current.admin?
-      true
-    elsif User.current.logged?
-      render_error(:status => 406)
-    else
-      deny_access
+      format.atom { head @status }
+      format.xml { head @status }
+      format.js { head @status }
+      format.json { head @status }
    end
  end

@@ -439,30 +330,41 @@ class ApplicationController < ActionController::Base
    @items.sort! {|x,y| y.event_datetime <=> x.event_datetime }
    @items = @items.slice(0, Setting.feeds_limit.to_i)
    @title = options[:title] || Setting.app_title
-    render :template => "common/feed", :formats => [:atom], :layout => false,
-           :content_type => 'application/atom+xml'
+    render :template => "common/feed.atom.rxml", :layout => false, :content_type => 'application/atom+xml'
+  end
+  
+  # TODO: remove in Redmine 1.4
+  def self.accept_key_auth(*actions)
+    ActiveSupport::Deprecation.warn "ApplicationController.accept_key_auth is deprecated and will be removed in Redmine 1.4. Use accept_rss_auth (or accept_api_auth) instead."
+    accept_rss_auth(*actions)
  end

+  # TODO: remove in Redmine 1.4
+  def accept_key_auth_actions
+    ActiveSupport::Deprecation.warn "ApplicationController.accept_key_auth_actions is deprecated and will be removed in Redmine 1.4. Use accept_rss_auth (or accept_api_auth) instead."
+    self.class.accept_rss_auth
+  end
+  
  def self.accept_rss_auth(*actions)
    if actions.any?
-      self.accept_rss_auth_actions = actions
+      write_inheritable_attribute('accept_rss_auth_actions', actions)
    else
-      self.accept_rss_auth_actions || []
+      read_inheritable_attribute('accept_rss_auth_actions') || []
    end
  end
-
+  
  def accept_rss_auth?(action=action_name)
    self.class.accept_rss_auth.include?(action.to_sym)
  end
-
+  
  def self.accept_api_auth(*actions)
    if actions.any?
-      self.accept_api_auth_actions = actions
+      write_inheritable_attribute('accept_api_auth_actions', actions)
    else
-      self.accept_api_auth_actions || []
+      read_inheritable_attribute('accept_api_auth_actions') || []
    end
  end
-
+  
  def accept_api_auth?(action=action_name)
    self.class.accept_api_auth.include?(action.to_sym)
  end
@@ -539,17 +441,12 @@ class ApplicationController < ActionController::Base
  # Returns the API key present in the request
  def api_key_from_request
    if params[:key].present?
-      params[:key].to_s
+      params[:key]
    elsif request.headers["X-Redmine-API-Key"].present?
-      request.headers["X-Redmine-API-Key"].to_s
+      request.headers["X-Redmine-API-Key"]
    end
  end

-  # Returns the API 'switch user' value if present
-  def api_switch_user_from_request
-    request.headers["X-Redmine-Switch-User"].to_s.presence
-  end
-
  # Renders a warning flash if obj has unsaved attachments
  def render_attachment_warning_if_needed(obj)
    flash[:warning] = l(:warning_attachments_not_saved, obj.unsaved_attachments.size) if obj.unsaved_attachments.present?
@@ -578,30 +475,43 @@ class ApplicationController < ActionController::Base
    render_error "An error occurred while executing the query and has been logged. Please report this error to your Redmine administrator."
  end

-  # Renders a 200 response for successfull updates or deletions via the API
-  def render_api_ok
-    render_api_head :ok
-  end
-
-  # Renders a head API response
-  def render_api_head(status)
-    # #head would return a response body with one space
-    render :text => '', :status => status, :layout => nil
+  # Converts the errors on an ActiveRecord object into a common JSON format
+  def object_errors_to_json(object)
+    object.errors.collect do |attribute, error|
+      { attribute => error }
+    end.to_json
  end

  # Renders API response on validation failure
-  def render_validation_errors(objects)
-    if objects.is_a?(Array)
-      @error_messages = objects.map {|object| object.errors.full_messages}.flatten
-    else
-      @error_messages = objects.errors.full_messages
-    end
-    render :template => 'common/error_messages.api', :status => :unprocessable_entity, :layout => nil
+  def render_validation_errors(object)
+    options = { :status => :unprocessable_entity, :layout => false }
+    options.merge!(case params[:format]
+      when 'xml';  { :xml =>  object.errors }
+      when 'json'; { :json => {'errors' => object.errors} } # ActiveResource client compliance
+      else
+        raise "Unknown format #{params[:format]} in #render_validation_errors"
+      end
+    )
+    render options
  end

-  # Overrides #_include_layout? so that #render with no arguments
+  # Overrides #default_template so that the api template
+  # is used automatically if it exists
+  def default_template(action_name = self.action_name)
+    if api_request?
+      begin
+        return self.view_paths.find_template(default_template_name(action_name), 'api')
+      rescue ::ActionView::MissingTemplate
+        # the api template was not found
+        # fallback to the default behaviour
+      end
+    end
+    super
+  end
+
+  # Overrides #pick_layout so that #render with no arguments
  # doesn't use the layout for api requests
-  def _include_layout?(*args)
-    api_request? ? false : super
+  def pick_layout(*args)
+    api_request? ? nil : super
  end
 end
--- a/app/controllers/attachments_controller.rb
+++ b/app/controllers/attachments_controller.rb
@@ -1,5 +1,5 @@
 # Redmine - project management software
-# Copyright (C) 2006-2013  Jean-Philippe Lang
+# Copyright (C) 2006-2011  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
@@ -16,34 +16,21 @@
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 class AttachmentsController < ApplicationController
-  before_filter :find_project, :except => :upload
-  before_filter :file_readable, :read_authorize, :only => [:show, :download, :thumbnail]
+  before_filter :find_project
+  before_filter :file_readable, :read_authorize, :except => :destroy
  before_filter :delete_authorize, :only => :destroy
-  before_filter :authorize_global, :only => :upload

-  accept_api_auth :show, :download, :upload
+  verify :method => :post, :only => :destroy

  def show
-    respond_to do |format|
-      format.html {
-        if @attachment.is_diff?
-          @diff = File.new(@attachment.diskfile, "rb").read
-          @diff_type = params[:type] || User.current.pref[:diff_type] || 'inline'
-          @diff_type = 'inline' unless %w(inline sbs).include?(@diff_type)
-          # Save diff type as user preference
-          if User.current.logged? && @diff_type != User.current.pref[:diff_type]
-            User.current.pref[:diff_type] = @diff_type
-            User.current.preference.save
-          end
-          render :action => 'diff'
-        elsif @attachment.is_text? && @attachment.filesize <= Setting.file_max_size_displayed.to_i.kilobyte
-          @content = File.new(@attachment.diskfile, "rb").read
-          render :action => 'file'
-        else
-          download
-        end
-      }
-      format.api
+    if @attachment.is_diff?
+      @diff = File.new(@attachment.diskfile, "rb").read
+      render :action => 'diff'
+    elsif @attachment.is_text? && @attachment.filesize <= Setting.file_max_size_displayed.to_i.kilobyte
+      @content = File.new(@attachment.diskfile, "rb").read
+      render :action => 'file'
+    else
+      download
    end
  end

@@ -52,68 +39,19 @@ class AttachmentsController < ApplicationController
      @attachment.increment_download
    end

-    if stale?(:etag => @attachment.digest)
-      # images are sent inline
-      send_file @attachment.diskfile, :filename => filename_for_content_disposition(@attachment.filename),
-                                      :type => detect_content_type(@attachment),
-                                      :disposition => (@attachment.image? ? 'inline' : 'attachment')
-    end
-  end
+    # images are sent inline
+    send_file @attachment.diskfile, :filename => filename_for_content_disposition(@attachment.filename),
+                                    :type => detect_content_type(@attachment),
+                                    :disposition => (@attachment.image? ? 'inline' : 'attachment')

-  def thumbnail
-    if @attachment.thumbnailable? && thumbnail = @attachment.thumbnail(:size => params[:size])
-      if stale?(:etag => thumbnail)
-        send_file thumbnail,
-          :filename => filename_for_content_disposition(@attachment.filename),
-          :type => detect_content_type(@attachment),
-          :disposition => 'inline'
-      end
-    else
-      # No thumbnail for the attachment or thumbnail could not be created
-      render :nothing => true, :status => 404
-    end
-  end
-
-  def upload
-    # Make sure that API users get used to set this content type
-    # as it won't trigger Rails' automatic parsing of the request body for parameters
-    unless request.content_type == 'application/octet-stream'
-      render :nothing => true, :status => 406
-      return
-    end
-
-    @attachment = Attachment.new(:file => request.raw_post)
-    @attachment.author = User.current
-    @attachment.filename = params[:filename].presence || Redmine::Utils.random_hex(16)
-    saved = @attachment.save
-
-    respond_to do |format|
-      format.js
-      format.api {
-        if saved
-          render :action => 'upload', :status => :created
-        else
-          render_validation_errors(@attachment)
-        end
-      }
-    end
  end

  def destroy
-    if @attachment.container.respond_to?(:init_journal)
-      @attachment.container.init_journal(User.current)
-    end
-    if @attachment.container
-      # Make sure association callbacks are called
-      @attachment.container.attachments.delete(@attachment)
-    else
-      @attachment.destroy
-    end
-
-    respond_to do |format|
-      format.html { redirect_to_referer_or project_path(@project) }
-      format.js
-    end
+    # Make sure association callbacks are called
+    @attachment.container.attachments.delete(@attachment)
+    redirect_to :back
+  rescue ::ActionController::RedirectBackError
+    redirect_to :controller => 'projects', :action => 'show', :id => @project
  end

 private
@@ -128,12 +66,7 @@ private

  # Checks that the file exists and is readable
  def file_readable
-    if @attachment.readable?
-      true
-    else
-      logger.error "Cannot send attachment, #{@attachment.diskfile} does not exist or is unreadable."
-      render_404
-    end
+    @attachment.readable? ? true : render_404
  end

  def read_authorize
--- a/app/controllers/auth_sources_controller.rb
+++ b/app/controllers/auth_sources_controller.rb
@@ -1,96 +1,87 @@
-# Redmine - project management software
-# Copyright (C) 2006-2013  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 class AuthSourcesController < ApplicationController
  layout 'admin'
-  menu_item :ldap_authentication
-
+  
  before_filter :require_admin
-  before_filter :find_auth_source, :only => [:edit, :update, :test_connection, :destroy]
+
+  # GETs should be safe (see http://www.w3.org/2001/tag/doc/whenToUseGet.html)
+  verify :method => :post, :only => [ :destroy, :create, :update ],
+         :redirect_to => { :template => :index }

  def index
-    @auth_source_pages, @auth_sources = paginate AuthSource, :per_page => 25
+    @auth_source_pages, @auth_sources = paginate auth_source_class.name.tableize, :per_page => 10
+    render "auth_sources/index"
  end

  def new
-    klass_name = params[:type] || 'AuthSourceLdap'
-    @auth_source = AuthSource.new_subclass_instance(klass_name, params[:auth_source])
-    render_404 unless @auth_source
+    @auth_source = auth_source_class.new
+    render 'auth_sources/new'
  end

  def create
-    @auth_source = AuthSource.new_subclass_instance(params[:type], params[:auth_source])
+    @auth_source = auth_source_class.new(params[:auth_source])
    if @auth_source.save
      flash[:notice] = l(:notice_successful_create)
-      redirect_to auth_sources_path
+      redirect_to :action => 'index'
    else
-      render :action => 'new'
+      render 'auth_sources/new'
    end
  end

  def edit
+    @auth_source = AuthSource.find(params[:id])
+    render 'auth_sources/edit'
  end

  def update
+    @auth_source = AuthSource.find(params[:id])
    if @auth_source.update_attributes(params[:auth_source])
      flash[:notice] = l(:notice_successful_update)
-      redirect_to auth_sources_path
+      redirect_to :action => 'index'
    else
-      render :action => 'edit'
+      render 'auth_sources/edit'
    end
  end
-
+  
  def test_connection
+    @auth_method = AuthSource.find(params[:id])
    begin
-      @auth_source.test_connection
+      @auth_method.test_connection
      flash[:notice] = l(:notice_successful_connection)
-    rescue Exception => e
-      flash[:error] = l(:error_unable_to_connect, e.message)
+    rescue => text
+      flash[:error] = l(:error_unable_to_connect, text.message)
    end
-    redirect_to auth_sources_path
+    redirect_to :action => 'index'
  end

  def destroy
-    unless @auth_source.users.exists?
+    @auth_source = AuthSource.find(params[:id])
+    unless @auth_source.users.find(:first)
      @auth_source.destroy
      flash[:notice] = l(:notice_successful_delete)
    end
-    redirect_to auth_sources_path
+    redirect_to :action => 'index'
  end

-  def autocomplete_for_new_user
-    results = AuthSource.search(params[:term])
+  protected

-    render :json => results.map {|result| {
-      'value' => result[:login],
-      'label' => "#{result[:login]} (#{result[:firstname]} #{result[:lastname]})",
-      'login' => result[:login].to_s,
-      'firstname' => result[:firstname].to_s,
-      'lastname' => result[:lastname].to_s,
-      'mail' => result[:mail].to_s,
-      'auth_source_id' => result[:auth_source_id].to_s
-    }}
-  end
-
-  private
-
-  def find_auth_source
-    @auth_source = AuthSource.find(params[:id])
-  rescue ActiveRecord::RecordNotFound
-    render_404
+  def auth_source_class
+    AuthSource
  end
 end
--- a/app/controllers/auto_completes_controller.rb
+++ b/app/controllers/auto_completes_controller.rb
@@ -1,44 +1,27 @@
-# Redmine - project management software
-# Copyright (C) 2006-2013  Jean-Philippe Lang
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
-# of the License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
-
 class AutoCompletesController < ApplicationController
  before_filter :find_project
-
+  
  def issues
    @issues = []
-    q = (params[:q] || params[:term]).to_s.strip
-    if q.present?
-      scope = (params[:scope] == "all" || @project.nil? ? Issue : @project.issues).visible
-      if q.match(/\A#?(\d+)\z/)
-        @issues << scope.find_by_id($1.to_i)
-      end
-      @issues += scope.where("LOWER(#{Issue.table_name}.subject) LIKE LOWER(?)", "%#{q}%").order("#{Issue.table_name}.id DESC").limit(10).all
-      @issues.compact!
+    q = params[:q].to_s
+    query = (params[:scope] == "all" && Setting.cross_project_issue_relations?) ? Issue : @project.issues
+    if q.match(/^\d+$/)
+      @issues << query.visible.find_by_id(q.to_i)
    end
+    unless q.blank?
+      @issues += query.visible.find(:all, :conditions => ["LOWER(#{Issue.table_name}.subject) LIKE ?", "%#{q.downcase}%"], :limit => 10)
+    end
+    @issues.compact!
    render :layout => false
  end

  private

  def find_project
-    if params[:project_id].present?
-      @project = Project.find(params[:project_id])
-    end
+    project_id = (params[:issue] && params[:issue][:project_id]) || params[:project_id]
+    @project = Project.find(project_id)
  rescue ActiveRecord::RecordNotFound
    render_404
  end
+
 end
--- a/app/controllers/boards_controller.rb
+++ b/app/controllers/boards_controller.rb
@@ -1,31 +1,34 @@
 # Redmine - project management software
-# Copyright (C) 2006-2013  Jean-Philippe Lang
+# Copyright (C) 2006-2011  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 class BoardsController < ApplicationController
  default_search_scope :messages
-  before_filter :find_project_by_project_id, :find_board_if_available, :authorize
+  before_filter :find_project, :find_board_if_available, :authorize
  accept_rss_auth :index, :show

+  helper :messages
+  include MessagesHelper
  helper :sort
  include SortHelper
  helper :watchers
-
+  include WatchersHelper
+ 
  def index
-    @boards = @project.boards.includes(:last_message => :author).all
+    @boards = @project.boards
    # show the board if there is only one
    if @boards.size == 1
      @board = @boards.first
@@ -37,59 +40,42 @@ class BoardsController < ApplicationController
    respond_to do |format|
      format.html {
        sort_init 'updated_on', 'desc'
-        sort_update 'created_on' => "#{Message.table_name}.created_on",
+        sort_update	'created_on' => "#{Message.table_name}.created_on",
                    'replies' => "#{Message.table_name}.replies_count",
-                    'updated_on' => "COALESCE(last_replies_messages.created_on, #{Message.table_name}.created_on)"
-
+                    'updated_on' => "#{Message.table_name}.updated_on"
+          
        @topic_count = @board.topics.count
-        @topic_pages = Paginator.new @topic_count, per_page_option, params['page']
-        @topics =  @board.topics.
-          reorder("#{Message.table_name}.sticky DESC").
-          includes(:last_reply).
-          limit(@topic_pages.per_page).
-          offset(@topic_pages.offset).
-          order(sort_clause).
-          preload(:author, {:last_reply => :author}).
-          all
-        @message = Message.new(:board => @board)
+        @topic_pages = Paginator.new self, @topic_count, per_page_option, params['page']
+        @topics =  @board.topics.find :all, :order => ["#{Message.table_name}.sticky DESC", sort_clause].compact.join(', '),
+                                      :include => [:author, {:last_reply => :author}],
+                                      :limit  =>  @topic_pages.items_per_page,
+                                      :offset =>  @topic_pages.current.offset
+        @message = Message.new
        render :action => 'show', :layout => !request.xhr?
      }
      format.atom {
-        @messages = @board.messages.
-          reorder('created_on DESC').
-          includes(:author, :board).
-          limit(Setting.feeds_limit.to_i).
-          all
+        @messages = @board.messages.find :all, :order => 'created_on DESC',
+                                               :include => [:author, :board],
+                                               :limit => Setting.feeds_limit.to_i
        render_feed(@messages, :title => "#{@project}: #{@board}")
      }
    end
  end
+  
+  verify :method => :post, :only => [ :destroy ], :redirect_to => { :action => :index }

  def new
-    @board = @project.boards.build
-    @board.safe_attributes = params[:board]
-  end
-
-  def create
-    @board = @project.boards.build
-    @board.safe_attributes = params[:board]
-    if @board.save
+    @board = Board.new(params[:board])
+    @board.project = @project
+    if request.post? && @board.save
      flash[:notice] = l(:notice_successful_create)
      redirect_to_settings_in_projects
-    else
-      render :action => 'new'
    end
  end

  def edit
-  end
-
-  def update
-    @board.safe_attributes = params[:board]
-    if @board.save
+    if request.post? && @board.update_attributes(params[:board])
      redirect_to_settings_in_projects
-    else
-      render :action => 'edit'
    end
  end

@@ -97,10 +83,16 @@ class BoardsController < ApplicationController
    @board.destroy
    redirect_to_settings_in_projects
  end
-
+  
 private
  def redirect_to_settings_in_projects
-    redirect_to settings_project_path(@project, :tab => 'boards')
+    redirect_to :controller => 'projects', :action => 'settings', :id => @project, :tab => 'boards'
+  end
+
+  def find_project
+    @project = Project.find(params[:project_id])
+  rescue ActiveRecord::RecordNotFound
+    render_404
  end

  def find_board_if_available
--- a/app/controllers/calendars_controller.rb
+++ b/app/controllers/calendars_controller.rb
@@ -1,16 +1,16 @@
 # Redmine - project management software
-# Copyright (C) 2006-2013  Jean-Philippe Lang
+# Copyright (C) 2006-2011  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
@@ -33,11 +33,11 @@ class CalendarsController < ApplicationController
      @year = params[:year].to_i
      if params[:month] and params[:month].to_i > 0 and params[:month].to_i < 13
        @month = params[:month].to_i
-      end
+      end    
    end
    @year ||= Date.today.year
    @month ||= Date.today.month
-
+    
    @calendar = Redmine::Helpers::Calendar.new(Date.civil(@year, @month, 1), current_language, :month)
    retrieve_query
    @query.group_by = nil
@@ -47,10 +47,10 @@ class CalendarsController < ApplicationController
                              :conditions => ["((start_date BETWEEN ? AND ?) OR (due_date BETWEEN ? AND ?))", @calendar.startdt, @calendar.enddt, @calendar.startdt, @calendar.enddt]
                              )
      events += @query.versions(:conditions => ["effective_date BETWEEN ? AND ?", @calendar.startdt, @calendar.enddt])
-
+                                     
      @calendar.events = events
    end
-
+    
    render :action => 'show', :layout => false if request.xhr?
  end
 end
--- a/app/controllers/comments_controller.rb
+++ b/app/controllers/comments_controller.rb
@@ -1,20 +1,3 @@
-# Redmine - project management software
-# Copyright (C) 2006-2013  Jean-Philippe Lang
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
-# of the License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
-
 class CommentsController < ApplicationController
  default_search_scope :news
  model_object News
@@ -22,22 +5,21 @@ class CommentsController < ApplicationController
  before_filter :find_project_from_association
  before_filter :authorize

+  verify :method => :post, :only => :create, :render => {:nothing => true, :status => :method_not_allowed }
  def create
-    raise Unauthorized unless @news.commentable?
-
-    @comment = Comment.new
-    @comment.safe_attributes = params[:comment]
+    @comment = Comment.new(params[:comment])
    @comment.author = User.current
    if @news.comments << @comment
      flash[:notice] = l(:label_comment_added)
    end
-
-    redirect_to news_path(@news)
+    
+    redirect_to :controller => 'news', :action => 'show', :id => @news
  end

+  verify :method => :delete, :only => :destroy, :render => {:nothing => true, :status => :method_not_allowed }
  def destroy
    @news.comments.find(params[:comment_id]).destroy
-    redirect_to news_path(@news)
+    redirect_to :controller => 'news', :action => 'show', :id => @news
  end

  private
@@ -50,4 +32,5 @@ class CommentsController < ApplicationController
    @comment = nil
    @news
  end
+  
 end
--- a/app/controllers/context_menus_controller.rb
+++ b/app/controllers/context_menus_controller.rb
@@ -1,33 +1,20 @@
-# Redmine - project management software
-# Copyright (C) 2006-2013  Jean-Philippe Lang
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
-# of the License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
-
 class ContextMenusController < ApplicationController
  helper :watchers
  helper :issues
-
+  
  def issues
    @issues = Issue.visible.all(:conditions => {:id => params[:ids]}, :include => :project)
-    (render_404; return) unless @issues.present?
+    
    if (@issues.size == 1)
      @issue = @issues.first
+      @allowed_statuses = @issue.new_statuses_allowed_to(User.current)
+    else
+      @allowed_statuses = @issues.map do |i|
+        i.new_statuses_allowed_to(User.current)
+      end.inject do |memo,s|
+        memo & s
+      end
    end
-    @issue_ids = @issues.map(&:id).sort
-
-    @allowed_statuses = @issues.map(&:new_statuses_allowed_to).reduce(:&)
    @projects = @issues.collect(&:project).compact.uniq
    @project = @projects.first if @projects.size == 1

@@ -39,51 +26,33 @@ class ContextMenusController < ApplicationController
            :delete => User.current.allowed_to?(:delete_issues, @projects)
            }
    if @project
-      if @issue
-        @assignables = @issue.assignable_users
-      else
-        @assignables = @project.assignable_users
-      end
+      @assignables = @project.assignable_users
+      @assignables << @issue.assigned_to if @issue && @issue.assigned_to && !@assignables.include?(@issue.assigned_to)
      @trackers = @project.trackers
    else
      #when multiple projects, we only keep the intersection of each set
-      @assignables = @projects.map(&:assignable_users).reduce(:&)
-      @trackers = @projects.map(&:trackers).reduce(:&)
+      @assignables = @projects.map(&:assignable_users).inject{|memo,a| memo & a}
+      @trackers = @projects.map(&:trackers).inject{|memo,t| memo & t}
    end
-    @versions = @projects.map {|p| p.shared_versions.open}.reduce(:&)
-
-    @priorities = IssuePriority.active.reverse
+    
+    @priorities = IssuePriority.all.reverse
+    @statuses = IssueStatus.find(:all, :order => 'position')
    @back = back_url
-
-    @options_by_custom_field = {}
-    if @can[:edit]
-      custom_fields = @issues.map(&:available_custom_fields).reduce(:&).select do |f|
-        %w(bool list user version).include?(f.field_format) && !f.multiple?
-      end
-      custom_fields.each do |field|
-        values = field.possible_values_options(@projects)
-        if values.any?
-          @options_by_custom_field[field] = values
-        end
-      end
-    end
-
-    @safe_attributes = @issues.map(&:safe_attribute_names).reduce(:&)
+    
    render :layout => false
  end

  def time_entries
    @time_entries = TimeEntry.all(
       :conditions => {:id => params[:ids]}, :include => :project)
-    (render_404; return) unless @time_entries.present?
-
    @projects = @time_entries.collect(&:project).compact.uniq
    @project = @projects.first if @projects.size == 1
    @activities = TimeEntryActivity.shared.active
-    @can = {:edit   => User.current.allowed_to?(:edit_time_entries, @projects),
-            :delete => User.current.allowed_to?(:edit_time_entries, @projects)
+    @can = {:edit   => User.current.allowed_to?(:log_time, @projects),
+            :update => User.current.allowed_to?(:log_time, @projects),
+            :delete => User.current.allowed_to?(:log_time, @projects)
            }
    @back = back_url
    render :layout => false
-  end
+  end  
 end
--- a/app/controllers/custom_fields_controller.rb
+++ b/app/controllers/custom_fields_controller.rb
@@ -1,81 +1,64 @@
 # Redmine - project management software
-# Copyright (C) 2006-2013  Jean-Philippe Lang
+# Copyright (C) 2006-2009  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 class CustomFieldsController < ApplicationController
  layout 'admin'
-
+  
  before_filter :require_admin
-  before_filter :build_new_custom_field, :only => [:new, :create]
-  before_filter :find_custom_field, :only => [:edit, :update, :destroy]

  def index
-    @custom_fields_by_type = CustomField.all.group_by {|f| f.class.name }
+    @custom_fields_by_type = CustomField.find(:all).group_by {|f| f.class.name }
    @tab = params[:tab] || 'IssueCustomField'
  end
-
+  
  def new
-  end
-
-  def create
-    if @custom_field.save
+    @custom_field = begin
+      if params[:type].to_s.match(/.+CustomField$/)
+        params[:type].to_s.constantize.new(params[:custom_field])
+      end
+    rescue
+    end
+    (redirect_to(:action => 'index'); return) unless @custom_field.is_a?(CustomField)
+    
+    if request.post? and @custom_field.save
      flash[:notice] = l(:notice_successful_create)
      call_hook(:controller_custom_fields_new_after_save, :params => params, :custom_field => @custom_field)
-      redirect_to custom_fields_path(:tab => @custom_field.class.name)
+      redirect_to :action => 'index', :tab => @custom_field.class.name
    else
-      render :action => 'new'
+      @trackers = Tracker.find(:all, :order => 'position')
    end
  end

  def edit
-  end
-
-  def update
-    if @custom_field.update_attributes(params[:custom_field])
+    @custom_field = CustomField.find(params[:id])
+    if request.post? and @custom_field.update_attributes(params[:custom_field])
      flash[:notice] = l(:notice_successful_update)
      call_hook(:controller_custom_fields_edit_after_save, :params => params, :custom_field => @custom_field)
-      redirect_to custom_fields_path(:tab => @custom_field.class.name)
+      redirect_to :action => 'index', :tab => @custom_field.class.name
    else
-      render :action => 'edit'
+      @trackers = Tracker.find(:all, :order => 'position')
    end
  end
-
+  
  def destroy
-    begin
-      @custom_field.destroy
-    rescue
-      flash[:error] = l(:error_can_not_delete_custom_field)
-    end
-    redirect_to custom_fields_path(:tab => @custom_field.class.name)
-  end
-
-  private
-
-  def build_new_custom_field
-    @custom_field = CustomField.new_subclass_instance(params[:type], params[:custom_field])
-    if @custom_field.nil?
-      render_404
-    else
-      @custom_field.default_value = nil
-    end
-  end
-
-  def find_custom_field
-    @custom_field = CustomField.find(params[:id])
-  rescue ActiveRecord::RecordNotFound
-    render_404
+    @custom_field = CustomField.find(params[:id]).destroy
+    redirect_to :action => 'index', :tab => @custom_field.class.name
+  rescue
+    flash[:error] = l(:error_can_not_delete_custom_field)
+    redirect_to :action => 'index'
  end
 end
--- a/app/controllers/documents_controller.rb
+++ b/app/controllers/documents_controller.rb
@@ -1,16 +1,16 @@
-# Redmine - project management software
-# Copyright (C) 2006-2013  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006-2007  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
@@ -18,16 +18,16 @@
 class DocumentsController < ApplicationController
  default_search_scope :documents
  model_object Document
-  before_filter :find_project_by_project_id, :only => [:index, :new, :create]
-  before_filter :find_model_object, :except => [:index, :new, :create]
-  before_filter :find_project_from_association, :except => [:index, :new, :create]
+  before_filter :find_project, :only => [:index, :new]
+  before_filter :find_model_object, :except => [:index, :new]
+  before_filter :find_project_from_association, :except => [:index, :new]
  before_filter :authorize
-
+  
  helper :attachments
-
+  
  def index
    @sort_by = %w(category date title author).include?(params[:sort_by]) ? params[:sort_by] : 'category'
-    documents = @project.documents.includes(:attachments, :category).all
+    documents = @project.documents.find :all, :include => [:attachments, :category]
    case @sort_by
    when 'date'
      @grouped = documents.group_by {|d| d.updated_on.to_date }
@@ -41,54 +41,46 @@ class DocumentsController < ApplicationController
    @document = @project.documents.build
    render :layout => false if request.xhr?
  end
-
+  
  def show
-    @attachments = @document.attachments.all
+    @attachments = @document.attachments.find(:all, :order => "created_on DESC")
  end

  def new
-    @document = @project.documents.build
-    @document.safe_attributes = params[:document]
-  end
-
-  def create
-    @document = @project.documents.build
-    @document.safe_attributes = params[:document]
-    @document.save_attachments(params[:attachments])
-    if @document.save
+    @document = @project.documents.build(params[:document])    
+    if request.post? and @document.save	
+      attachments = Attachment.attach_files(@document, params[:attachments])
      render_attachment_warning_if_needed(@document)
      flash[:notice] = l(:notice_successful_create)
-      redirect_to project_documents_path(@project)
-    else
-      render :action => 'new'
+      redirect_to :action => 'index', :project_id => @project
    end
  end
-
+  
  def edit
-  end
-
-  def update
-    @document.safe_attributes = params[:document]
-    if request.put? and @document.save
+    @categories = DocumentCategory.all
+    if request.post? and @document.update_attributes(params[:document])
      flash[:notice] = l(:notice_successful_update)
-      redirect_to document_path(@document)
-    else
-      render :action => 'edit'
+      redirect_to :action => 'show', :id => @document
    end
-  end
+  end  

  def destroy
-    @document.destroy if request.delete?
-    redirect_to project_documents_path(@project)
+    @document.destroy
+    redirect_to :controller => 'documents', :action => 'index', :project_id => @project
  end
-
+  
  def add_attachment
    attachments = Attachment.attach_files(@document, params[:attachments])
    render_attachment_warning_if_needed(@document)

-    if attachments.present? && attachments[:files].present? && Setting.notified_events.include?('document_added')
-      Mailer.attachments_added(attachments[:files]).deliver
-    end
-    redirect_to document_path(@document)
+    Mailer.deliver_attachments_added(attachments[:files]) if attachments.present? && attachments[:files].present? && Setting.notified_events.include?('document_added')
+    redirect_to :action => 'show', :id => @document
+  end
+
+private
+  def find_project
+    @project = Project.find(params[:project_id])
+  rescue ActiveRecord::RecordNotFound
+    render_404
  end
 end
--- a/app/controllers/enumerations_controller.rb
+++ b/app/controllers/enumerations_controller.rb
@@ -1,96 +1,91 @@
-# Redmine - project management software
-# Copyright (C) 2006-2013  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 class EnumerationsController < ApplicationController
  layout 'admin'
-
-  before_filter :require_admin, :except => :index
-  before_filter :require_admin_or_api_request, :only => :index
-  before_filter :build_new_enumeration, :only => [:new, :create]
-  before_filter :find_enumeration, :only => [:edit, :update, :destroy]
-  accept_api_auth :index
+  
+  before_filter :require_admin

  helper :custom_fields
-
+  include CustomFieldsHelper
+  
  def index
-    respond_to do |format|
-      format.html
-      format.api {
-        @klass = Enumeration.get_subclass(params[:type])
-        if @klass
-          @enumerations = @klass.shared.sorted.all
-        else
-          render_404
-        end
-      }
-    end
+    list
+    render :action => 'list'
+  end
+
+  # GETs should be safe (see http://www.w3.org/2001/tag/doc/whenToUseGet.html)
+  verify :method => :post, :only => [ :destroy, :create, :update ],
+         :redirect_to => { :action => :list }
+
+  def list
  end

  def new
+    begin
+      @enumeration = params[:type].constantize.new
+    rescue NameError
+      @enumeration = Enumeration.new      
+    end
  end

  def create
-    if request.post? && @enumeration.save
+    @enumeration = Enumeration.new(params[:enumeration])
+    @enumeration.type = params[:enumeration][:type]
+    if @enumeration.save
      flash[:notice] = l(:notice_successful_create)
-      redirect_to enumerations_path
+      redirect_to :action => 'list', :type => @enumeration.type
    else
      render :action => 'new'
    end
  end

  def edit
+    @enumeration = Enumeration.find(params[:id])
  end

  def update
-    if request.put? && @enumeration.update_attributes(params[:enumeration])
+    @enumeration = Enumeration.find(params[:id])
+    @enumeration.type = params[:enumeration][:type] if params[:enumeration][:type]
+    if @enumeration.update_attributes(params[:enumeration])
      flash[:notice] = l(:notice_successful_update)
-      redirect_to enumerations_path
+      redirect_to :action => 'list', :type => @enumeration.type
    else
      render :action => 'edit'
    end
  end
-
+  
  def destroy
+    @enumeration = Enumeration.find(params[:id])
    if !@enumeration.in_use?
      # No associated objects
      @enumeration.destroy
-      redirect_to enumerations_path
-      return
-    elsif params[:reassign_to_id].present? && (reassign_to = @enumeration.class.find_by_id(params[:reassign_to_id].to_i))
-      @enumeration.destroy(reassign_to)
-      redirect_to enumerations_path
+      redirect_to :action => 'index'
      return
+    elsif params[:reassign_to_id]
+      if reassign_to = @enumeration.class.find_by_id(params[:reassign_to_id])
+        @enumeration.destroy(reassign_to)
+        redirect_to :action => 'index'
+        return
+      end
    end
-    @enumerations = @enumeration.class.system.all - [@enumeration]
-  end
-
-  private
-
-  def build_new_enumeration
-    class_name = params[:enumeration] && params[:enumeration][:type] || params[:type]
-    @enumeration = Enumeration.new_subclass_instance(class_name, params[:enumeration])
-    if @enumeration.nil?
-      render_404
-    end
-  end
-
-  def find_enumeration
-    @enumeration = Enumeration.find(params[:id])
-  rescue ActiveRecord::RecordNotFound
-    render_404
+    @enumerations = @enumeration.class.find(:all) - [@enumeration]
+  #rescue
+  #  flash[:error] = 'Unable to delete enumeration'
+  #  redirect_to :action => 'index'
  end
 end
--- a/app/controllers/files_controller.rb
+++ b/app/controllers/files_controller.rb
@@ -1,20 +1,3 @@
-# Redmine - project management software
-# Copyright (C) 2006-2013  Jean-Philippe Lang
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
-# of the License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
-
 class FilesController < ApplicationController
  menu_item :files

@@ -31,8 +14,8 @@ class FilesController < ApplicationController
                'size' => "#{Attachment.table_name}.filesize",
                'downloads' => "#{Attachment.table_name}.downloads"

-    @containers = [ Project.includes(:attachments).reorder(sort_clause).find(@project.id)]
-    @containers += @project.versions.includes(:attachments).reorder(sort_clause).all.sort.reverse
+    @containers = [ Project.find(@project.id, :include => :attachments, :order => sort_clause)]
+    @containers += @project.versions.find(:all, :include => :attachments, :order => sort_clause).sort.reverse
    render :layout => !request.xhr?
  end

@@ -46,7 +29,7 @@ class FilesController < ApplicationController
    render_attachment_warning_if_needed(container)

    if !attachments.empty? && !attachments[:files].blank? && Setting.notified_events.include?('file_added')
-      Mailer.attachments_added(attachments[:files]).deliver
+      Mailer.deliver_attachments_added(attachments[:files])
    end
    redirect_to project_files_path(@project)
  end
--- a/app/controllers/gantts_controller.rb
+++ b/app/controllers/gantts_controller.rb
@@ -1,16 +1,16 @@
 # Redmine - project management software
-# Copyright (C) 2006-2013  Jean-Philippe Lang
+# Copyright (C) 2006-2011  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
@@ -29,16 +29,16 @@ class GanttsController < ApplicationController
  helper :sort
  include SortHelper
  include Redmine::Export::PDF
-
+  
  def show
    @gantt = Redmine::Helpers::Gantt.new(params)
    @gantt.project = @project
    retrieve_query
    @query.group_by = nil
    @gantt.query = @query if @query.valid?
-
+    
    basename = (@project ? "#{@project.identifier}-" : '') + 'gantt'
-
+    
    respond_to do |format|
      format.html { render :action => "show", :layout => !request.xhr? }
      format.png  { send_data(@gantt.to_image, :disposition => 'inline', :type => 'image/png', :filename => "#{basename}.png") } if @gantt.respond_to?('to_image')
--- a/app/controllers/groups_controller.rb
+++ b/app/controllers/groups_controller.rb
@@ -1,141 +1,170 @@
 # Redmine - project management software
-# Copyright (C) 2006-2013  Jean-Philippe Lang
+# Copyright (C) 2006-2009  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 class GroupsController < ApplicationController
  layout 'admin'
-
+  
  before_filter :require_admin
-  before_filter :find_group, :except => [:index, :new, :create]
-  accept_api_auth :index, :show, :create, :update, :destroy, :add_users, :remove_user
-
+  
  helper :custom_fields
-
+  
+  # GET /groups
+  # GET /groups.xml
  def index
-    @groups = Group.sorted.all
+    @groups = Group.find(:all, :order => 'lastname')

    respond_to do |format|
-      format.html
-      format.api
+      format.html # index.html.erb
+      format.xml  { render :xml => @groups }
    end
  end

+  # GET /groups/1
+  # GET /groups/1.xml
  def show
+    @group = Group.find(params[:id])
+
    respond_to do |format|
-      format.html
-      format.api
+      format.html # show.html.erb
+      format.xml  { render :xml => @group }
    end
  end

+  # GET /groups/new
+  # GET /groups/new.xml
  def new
    @group = Group.new
+    
+    respond_to do |format|
+      format.html # new.html.erb
+      format.xml  { render :xml => @group }
+    end
  end

+  # GET /groups/1/edit
+  def edit
+    @group = Group.find(params[:id], :include => :projects)
+  end
+
+  # POST /groups
+  # POST /groups.xml
  def create
-    @group = Group.new
-    @group.safe_attributes = params[:group]
+    @group = Group.new(params[:group])

    respond_to do |format|
      if @group.save
-        format.html {
-          flash[:notice] = l(:notice_successful_create)
-          redirect_to(params[:continue] ? new_group_path : groups_path)
-        }
-        format.api  { render :action => 'show', :status => :created, :location => group_url(@group) }
+        flash[:notice] = l(:notice_successful_create)
+        format.html { redirect_to(groups_path) }
+        format.xml  { render :xml => @group, :status => :created, :location => @group }
      else
        format.html { render :action => "new" }
-        format.api  { render_validation_errors(@group) }
+        format.xml  { render :xml => @group.errors, :status => :unprocessable_entity }
      end
    end
  end

-  def edit
-  end
-
+  # PUT /groups/1
+  # PUT /groups/1.xml
  def update
-    @group.safe_attributes = params[:group]
+    @group = Group.find(params[:id])

    respond_to do |format|
-      if @group.save
+      if @group.update_attributes(params[:group])
        flash[:notice] = l(:notice_successful_update)
        format.html { redirect_to(groups_path) }
-        format.api  { render_api_ok }
+        format.xml  { head :ok }
      else
        format.html { render :action => "edit" }
-        format.api  { render_validation_errors(@group) }
+        format.xml  { render :xml => @group.errors, :status => :unprocessable_entity }
      end
    end
  end

+  # DELETE /groups/1
+  # DELETE /groups/1.xml
  def destroy
+    @group = Group.find(params[:id])
    @group.destroy

    respond_to do |format|
-      format.html { redirect_to(groups_path) }
-      format.api  { render_api_ok }
+      format.html { redirect_to(groups_url) }
+      format.xml  { head :ok }
    end
  end
-
+  
  def add_users
-    @users = User.find_all_by_id(params[:user_id] || params[:user_ids])
-    @group.users << @users if request.post?
+    @group = Group.find(params[:id])
+    users = User.find_all_by_id(params[:user_ids])
+    @group.users << users if request.post?
    respond_to do |format|
-      format.html { redirect_to edit_group_path(@group, :tab => 'users') }
-      format.js
-      format.api { render_api_ok }
+      format.html { redirect_to :controller => 'groups', :action => 'edit', :id => @group, :tab => 'users' }
+      format.js { 
+        render(:update) {|page| 
+          page.replace_html "tab-content-users", :partial => 'groups/users'
+          users.each {|user| page.visual_effect(:highlight, "user-#{user.id}") }
+        }
+      }
    end
  end
-
+  
  def remove_user
-    @group.users.delete(User.find(params[:user_id])) if request.delete?
+    @group = Group.find(params[:id])
+    @group.users.delete(User.find(params[:user_id])) if request.post?
    respond_to do |format|
-      format.html { redirect_to edit_group_path(@group, :tab => 'users') }
-      format.js
-      format.api { render_api_ok }
+      format.html { redirect_to :controller => 'groups', :action => 'edit', :id => @group, :tab => 'users' }
+      format.js { render(:update) {|page| page.replace_html "tab-content-users", :partial => 'groups/users'} }
    end
  end
-
+  
  def autocomplete_for_user
-    respond_to do |format|
-      format.js
-    end
+    @group = Group.find(params[:id])
+    @users = User.active.not_in_group(@group).like(params[:q]).all(:limit => 100)
+    render :layout => false
  end
-
+  
  def edit_membership
+    @group = Group.find(params[:id])
    @membership = Member.edit_membership(params[:membership_id], params[:membership], @group)
    @membership.save if request.post?
    respond_to do |format|
-      format.html { redirect_to edit_group_path(@group, :tab => 'memberships') }
-      format.js
+      if @membership.valid?
+        format.html { redirect_to :controller => 'groups', :action => 'edit', :id => @group, :tab => 'memberships' }
+        format.js {
+          render(:update) {|page|
+            page.replace_html "tab-content-memberships", :partial => 'groups/memberships'
+            page.visual_effect(:highlight, "member-#{@membership.id}")
+          }
+        }
+      else
+        format.js {
+          render(:update) {|page|
+            page.alert(l(:notice_failed_to_save_members, :errors => @membership.errors.full_messages.join(', ')))
+          }
+        }
+      end
    end
  end
-
+  
  def destroy_membership
+    @group = Group.find(params[:id])
    Member.find(params[:membership_id]).destroy if request.post?
    respond_to do |format|
-      format.html { redirect_to edit_group_path(@group, :tab => 'memberships') }
-      format.js
+      format.html { redirect_to :controller => 'groups', :action => 'edit', :id => @group, :tab => 'memberships' }
+      format.js { render(:update) {|page| page.replace_html "tab-content-memberships", :partial => 'groups/memberships'} }
    end
  end
-
-  private
-
-  def find_group
-    @group = Group.find(params[:id])
-  rescue ActiveRecord::RecordNotFound
-    render_404
-  end
 end
--- a/app/controllers/issue_categories_controller.rb
+++ b/app/controllers/issue_categories_controller.rb
@@ -1,16 +1,16 @@
-# Redmine - project management software
-# Copyright (C) 2006-2013  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
@@ -18,105 +18,74 @@
 class IssueCategoriesController < ApplicationController
  menu_item :settings
  model_object IssueCategory
-  before_filter :find_model_object, :except => [:index, :new, :create]
-  before_filter :find_project_from_association, :except => [:index, :new, :create]
-  before_filter :find_project_by_project_id, :only => [:index, :new, :create]
+  before_filter :find_model_object, :except => :new
+  before_filter :find_project_from_association, :except => :new
+  before_filter :find_project, :only => :new
  before_filter :authorize
-  accept_api_auth :index, :show, :create, :update, :destroy
-
-  def index
-    respond_to do |format|
-      format.html { redirect_to_settings_in_projects }
-      format.api { @categories = @project.issue_categories.all }
-    end
-  end
-
-  def show
-    respond_to do |format|
-      format.html { redirect_to_settings_in_projects }
-      format.api
-    end
-  end
+  
+  verify :method => :post, :only => :destroy

  def new
-    @category = @project.issue_categories.build
-    @category.safe_attributes = params[:issue_category]
-
-    respond_to do |format|
-      format.html
-      format.js
-    end
-  end
-
-  def create
-    @category = @project.issue_categories.build
-    @category.safe_attributes = params[:issue_category]
-    if @category.save
-      respond_to do |format|
-        format.html do
-          flash[:notice] = l(:notice_successful_create)
-          redirect_to_settings_in_projects
+    @category = @project.issue_categories.build(params[:category])
+    if request.post?
+      if @category.save
+        respond_to do |format|
+          format.html do
+            flash[:notice] = l(:notice_successful_create)
+            redirect_to :controller => 'projects', :action => 'settings', :tab => 'categories', :id => @project
+          end
+          format.js do
+            # IE doesn't support the replace_html rjs method for select box options
+            render(:update) {|page| page.replace "issue_category_id",
+              content_tag('select', '<option></option>' + options_from_collection_for_select(@project.issue_categories, 'id', 'name', @category.id), :id => 'issue_category_id', :name => 'issue[category_id]')
+            }
+          end
+        end
+      else
+        respond_to do |format|
+          format.html
+          format.js do
+            render(:update) {|page| page.alert(@category.errors.full_messages.join('\n')) }
+          end
        end
-        format.js
-        format.api { render :action => 'show', :status => :created, :location => issue_category_path(@category) }
-      end
-    else
-      respond_to do |format|
-        format.html { render :action => 'new'}
-        format.js   { render :action => 'new'}
-        format.api { render_validation_errors(@category) }
      end
    end
  end
-
+  
  def edit
-  end
-
-  def update
-    @category.safe_attributes = params[:issue_category]
-    if @category.save
-      respond_to do |format|
-        format.html {
-          flash[:notice] = l(:notice_successful_update)
-          redirect_to_settings_in_projects
-        }
-        format.api { render_api_ok }
-      end
-    else
-      respond_to do |format|
-        format.html { render :action => 'edit' }
-        format.api { render_validation_errors(@category) }
-      end
+    if request.post? and @category.update_attributes(params[:category])
+      flash[:notice] = l(:notice_successful_update)
+      redirect_to :controller => 'projects', :action => 'settings', :tab => 'categories', :id => @project
    end
  end

  def destroy
    @issue_count = @category.issues.size
-    if @issue_count == 0 || params[:todo] || api_request?
-      reassign_to = nil
-      if params[:reassign_to_id] && (params[:todo] == 'reassign' || params[:todo].blank?)
-        reassign_to = @project.issue_categories.find_by_id(params[:reassign_to_id])
-      end
+    if @issue_count == 0
+      # No issue assigned to this category
+      @category.destroy
+      redirect_to :controller => 'projects', :action => 'settings', :id => @project, :tab => 'categories'
+      return
+    elsif params[:todo]
+      reassign_to = @project.issue_categories.find_by_id(params[:reassign_to_id]) if params[:todo] == 'reassign'
      @category.destroy(reassign_to)
-      respond_to do |format|
-        format.html { redirect_to_settings_in_projects }
-        format.api { render_api_ok }
-      end
+      redirect_to :controller => 'projects', :action => 'settings', :id => @project, :tab => 'categories'
      return
    end
    @categories = @project.issue_categories - [@category]
  end

-  private
-
-  def redirect_to_settings_in_projects
-    redirect_to settings_project_path(@project, :tab => 'categories')
-  end
-
+private
  # Wrap ApplicationController's find_model_object method to set
  # @category instead of just @issue_category
  def find_model_object
    super
    @category = @object
+  end    
+  
+  def find_project
+    @project = Project.find(params[:project_id])
+  rescue ActiveRecord::RecordNotFound
+    render_404
  end
 end
--- a/app/controllers/issue_moves_controller.rb
+++ b/app/controllers/issue_moves_controller.rb
@@ -0,0 +1,68 @@
+class IssueMovesController < ApplicationController
+  default_search_scope :issues
+  before_filter :find_issues, :check_project_uniqueness
+  before_filter :authorize
+
+  def new
+    prepare_for_issue_move
+    render :layout => false if request.xhr?
+  end
+
+  def create
+    prepare_for_issue_move
+
+    if request.post?
+      new_tracker = params[:new_tracker_id].blank? ? nil : @target_project.trackers.find_by_id(params[:new_tracker_id])
+      unsaved_issue_ids = []
+      moved_issues = []
+      @issues.each do |issue|
+        issue.reload
+        issue.init_journal(User.current)
+        issue.current_journal.notes = @notes if @notes.present?
+        call_hook(:controller_issues_move_before_save, { :params => params, :issue => issue, :target_project => @target_project, :copy => !!@copy })
+        if r = issue.move_to_project(@target_project, new_tracker, {:copy => @copy, :attributes => extract_changed_attributes_for_move(params)})
+          moved_issues << r
+        else
+          unsaved_issue_ids << issue.id
+        end
+      end
+      set_flash_from_bulk_issue_save(@issues, unsaved_issue_ids)
+
+      if params[:follow]
+        if @issues.size == 1 && moved_issues.size == 1
+          redirect_to :controller => 'issues', :action => 'show', :id => moved_issues.first
+        else
+          redirect_to :controller => 'issues', :action => 'index', :project_id => (@target_project || @project)
+        end
+      else
+        redirect_to :controller => 'issues', :action => 'index', :project_id => @project
+      end
+      return
+    end
+  end
+
+  private
+
+  def prepare_for_issue_move
+    @issues.sort!
+    @copy = params[:copy_options] && params[:copy_options][:copy]
+    @allowed_projects = Issue.allowed_target_projects_on_move
+    @target_project = @allowed_projects.detect {|p| p.id.to_s == params[:new_project_id]} if params[:new_project_id]
+    @target_project ||= @project
+    @trackers = @target_project.trackers
+    @available_statuses = Workflow.available_statuses(@project)
+    @notes = params[:notes]
+    @notes ||= ''
+  end
+
+  def extract_changed_attributes_for_move(params)
+    changed_attributes = {}
+    [:assigned_to_id, :status_id, :start_date, :due_date, :priority_id].each do |valid_attribute|
+      unless params[valid_attribute].blank?
+        changed_attributes[valid_attribute] = (params[valid_attribute] == 'none' ? nil : params[valid_attribute])
+      end
+    end
+    changed_attributes
+  end
+
+end
--- a/app/controllers/issue_relations_controller.rb
+++ b/app/controllers/issue_relations_controller.rb
@@ -1,88 +1,64 @@
 # Redmine - project management software
-# Copyright (C) 2006-2013  Jean-Philippe Lang
+# Copyright (C) 2006-2007  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 class IssueRelationsController < ApplicationController
-  before_filter :find_issue, :find_project_from_association, :authorize, :only => [:index, :create]
-  before_filter :find_relation, :except => [:index, :create]
-
-  accept_api_auth :index, :show, :create, :destroy
-
-  def index
-    @relations = @issue.relations
-
-    respond_to do |format|
-      format.html { render :nothing => true }
-      format.api
-    end
-  end
-
-  def show
-    raise Unauthorized unless @relation.visible?
-
-    respond_to do |format|
-      format.html { render :nothing => true }
-      format.api
-    end
-  end
-
-  def create
+  before_filter :find_issue, :find_project_from_association, :authorize
+  
+  def new
    @relation = IssueRelation.new(params[:relation])
    @relation.issue_from = @issue
-    if params[:relation] && m = params[:relation][:issue_to_id].to_s.strip.match(/^#?(\d+)$/)
+    if params[:relation] && m = params[:relation][:issue_to_id].to_s.match(/^#?(\d+)$/)
      @relation.issue_to = Issue.visible.find_by_id(m[1].to_i)
    end
-    saved = @relation.save
-
+    @relation.save if request.post?
    respond_to do |format|
-      format.html { redirect_to issue_path(@issue) }
-      format.js {
-        @relations = @issue.reload.relations.select {|r| r.other_issue(@issue) && r.other_issue(@issue).visible? }
-      }
-      format.api {
-        if saved
-          render :action => 'show', :status => :created, :location => relation_url(@relation)
-        else
-          render_validation_errors(@relation)
+      format.html { redirect_to :controller => 'issues', :action => 'show', :id => @issue }
+      format.js do
+        @relations = @issue.relations.select {|r| r.other_issue(@issue) && r.other_issue(@issue).visible? }
+        render :update do |page|
+          page.replace_html "relations", :partial => 'issues/relations'
+          if @relation.errors.empty?
+            page << "$('relation_delay').value = ''"
+            page << "$('relation_issue_to_id').value = ''"
+          end
        end
+      end
+    end
+  end
+  
+  def destroy
+    relation = IssueRelation.find(params[:id])
+    if request.post? && @issue.relations.include?(relation)
+      relation.destroy
+      @issue.reload
+    end
+    respond_to do |format|
+      format.html { redirect_to :controller => 'issues', :action => 'show', :id => @issue }
+      format.js {
+        @relations = @issue.relations.select {|r| r.other_issue(@issue) && r.other_issue(@issue).visible? }
+        render(:update) {|page| page.replace_html "relations", :partial => 'issues/relations'}
      }
    end
  end
-
-  def destroy
-    raise Unauthorized unless @relation.deletable?
-    @relation.destroy
-
-    respond_to do |format|
-      format.html { redirect_to issue_path(@relation.issue_from) }
-      format.js
-      format.api  { render_api_ok }
-    end
-  end
-
+  
 private
  def find_issue
    @issue = @object = Issue.find(params[:issue_id])
  rescue ActiveRecord::RecordNotFound
    render_404
  end
-
-  def find_relation
-    @relation = IssueRelation.find(params[:id])
-  rescue ActiveRecord::RecordNotFound
-    render_404
-  end
 end
--- a/app/controllers/issue_statuses_controller.rb
+++ b/app/controllers/issue_statuses_controller.rb
@@ -1,37 +1,31 @@
-# Redmine - project management software
-# Copyright (C) 2006-2013  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 class IssueStatusesController < ApplicationController
  layout 'admin'
+  
+  before_filter :require_admin

-  before_filter :require_admin, :except => :index
-  before_filter :require_admin_or_api_request, :only => :index
-  accept_api_auth :index
-
+  verify :method => :post, :only => [ :destroy, :create, :update, :move, :update_issue_done_ratio ],
+         :redirect_to => { :action => :index }
+         
  def index
-    respond_to do |format|
-      format.html {
-        @issue_status_pages, @issue_statuses = paginate IssueStatus.sorted, :per_page => 25
-        render :action => "index", :layout => false if request.xhr?
-      }
-      format.api {
-        @issue_statuses = IssueStatus.all(:order => 'position')
-      }
-    end
+    @issue_status_pages, @issue_statuses = paginate :issue_statuses, :per_page => 25, :order => "position"
+    render :action => "index", :layout => false if request.xhr?
  end

  def new
@@ -40,9 +34,9 @@ class IssueStatusesController < ApplicationController

  def create
    @issue_status = IssueStatus.new(params[:issue_status])
-    if request.post? && @issue_status.save
+    if @issue_status.save
      flash[:notice] = l(:notice_successful_create)
-      redirect_to issue_statuses_path
+      redirect_to :action => 'index'
    else
      render :action => 'new'
    end
@@ -54,9 +48,9 @@ class IssueStatusesController < ApplicationController

  def update
    @issue_status = IssueStatus.find(params[:id])
-    if request.put? && @issue_status.update_attributes(params[:issue_status])
+    if @issue_status.update_attributes(params[:issue_status])
      flash[:notice] = l(:notice_successful_update)
-      redirect_to issue_statuses_path
+      redirect_to :action => 'index'
    else
      render :action => 'edit'
    end
@@ -64,18 +58,18 @@ class IssueStatusesController < ApplicationController

  def destroy
    IssueStatus.find(params[:id]).destroy
-    redirect_to issue_statuses_path
+    redirect_to :action => 'index'
  rescue
    flash[:error] = l(:error_unable_delete_issue_status)
-    redirect_to issue_statuses_path
-  end
-
+    redirect_to :action => 'index'
+  end  	
+  
  def update_issue_done_ratio
-    if request.post? && IssueStatus.update_issue_done_ratios
+    if IssueStatus.update_issue_done_ratios
      flash[:notice] = l(:notice_issue_done_ratios_updated)
    else
      flash[:error] =  l(:error_issue_done_ratios_not_updated)
    end
-    redirect_to issue_statuses_path
+    redirect_to :action => 'index'
  end
 end
--- a/app/controllers/issues_controller.rb
+++ b/app/controllers/issues_controller.rb
@@ -1,5 +1,5 @@
 # Redmine - project management software
-# Copyright (C) 2006-2013  Jean-Philippe Lang
+# Copyright (C) 2006-2011  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
@@ -20,12 +20,13 @@ class IssuesController < ApplicationController
  default_search_scope :issues

  before_filter :find_issue, :only => [:show, :edit, :update]
-  before_filter :find_issues, :only => [:bulk_edit, :bulk_update, :destroy]
-  before_filter :find_project, :only => [:new, :create, :update_form]
+  before_filter :find_issues, :only => [:bulk_edit, :bulk_update, :move, :perform_move, :destroy]
+  before_filter :check_project_uniqueness, :only => [:move, :perform_move]
+  before_filter :find_project, :only => [:new, :create]
  before_filter :authorize, :except => [:index]
  before_filter :find_optional_project, :only => [:index]
  before_filter :check_for_default_issue_status, :only => [:new, :create]
-  before_filter :build_new_issue_from_params, :only => [:new, :create, :update_form]
+  before_filter :build_new_issue_from_params, :only => [:new, :create]
  accept_rss_auth :index, :show
  accept_api_auth :index, :show, :create, :update, :destroy

@@ -50,13 +51,21 @@ class IssuesController < ApplicationController
  include SortHelper
  include IssuesHelper
  helper :timelog
+  helper :gantt
  include Redmine::Export::PDF

+  verify :method => [:post, :delete],
+         :only => :destroy,
+         :render => { :nothing => true, :status => :method_not_allowed }
+
+  verify :method => :post, :only => :create, :render => {:nothing => true, :status => :method_not_allowed }
+  verify :method => :post, :only => :bulk_update, :render => {:nothing => true, :status => :method_not_allowed }
+  verify :method => :put, :only => :update, :render => {:nothing => true, :status => :method_not_allowed }
+
  def index
    retrieve_query
    sort_init(@query.sort_criteria.empty? ? [['id', 'desc']] : @query.sort_criteria)
    sort_update(@query.sortable_columns)
-    @query.sort_criteria = sort_criteria.to_a

    if @query.valid?
      case params[:format]
@@ -71,8 +80,8 @@ class IssuesController < ApplicationController
      end

      @issue_count = @query.issue_count
-      @issue_pages = Paginator.new @issue_count, @limit, params['page']
-      @offset ||= @issue_pages.offset
+      @issue_pages = Paginator.new self, @issue_count, @limit, params['page']
+      @offset ||= @issue_pages.current.offset
      @issues = @query.issues(:include => [:assigned_to, :tracker, :priority, :category, :fixed_version],
                              :order => sort_clause,
                              :offset => @offset,
@@ -80,50 +89,40 @@ class IssuesController < ApplicationController
      @issue_count_by_group = @query.issue_count_by_group

      respond_to do |format|
-        format.html { render :template => 'issues/index', :layout => !request.xhr? }
-        format.api  {
-          Issue.load_visible_relations(@issues) if include_in_api_response?('relations')
-        }
+        format.html { render :template => 'issues/index.rhtml', :layout => !request.xhr? }
+        format.api
        format.atom { render_feed(@issues, :title => "#{@project || Setting.app_title}: #{l(:label_issue_plural)}") }
-        format.csv  { send_data(query_to_csv(@issues, @query, params), :type => 'text/csv; header=present', :filename => 'issues.csv') }
-        format.pdf  { send_data(issues_to_pdf(@issues, @project, @query), :type => 'application/pdf', :filename => 'issues.pdf') }
+        format.csv  { send_data(issues_to_csv(@issues, @project), :type => 'text/csv; header=present', :filename => 'export.csv') }
+        format.pdf  { send_data(issues_to_pdf(@issues, @project, @query), :type => 'application/pdf', :filename => 'export.pdf') }
      end
    else
-      respond_to do |format|
-        format.html { render(:template => 'issues/index', :layout => !request.xhr?) }
-        format.any(:atom, :csv, :pdf) { render(:nothing => true) }
-        format.api { render_validation_errors(@query) }
-      end
+      # Send html if the query is not valid
+      render(:template => 'issues/index.rhtml', :layout => !request.xhr?)
    end
  rescue ActiveRecord::RecordNotFound
    render_404
  end

  def show
-    @journals = @issue.journals.includes(:user, :details).reorder("#{Journal.table_name}.id ASC").all
+    @journals = @issue.journals.find(:all, :include => [:user, :details], :order => "#{Journal.table_name}.created_on ASC")
    @journals.each_with_index {|j,i| j.indice = i+1}
-    @journals.reject!(&:private_notes?) unless User.current.allowed_to?(:view_private_notes, @issue.project)
    @journals.reverse! if User.current.wants_comments_in_reverse_order?

-    @changesets = @issue.changesets.visible.all
-    @changesets.reverse! if User.current.wants_comments_in_reverse_order?
+    if User.current.allowed_to?(:view_changesets, @project)
+      @changesets = @issue.changesets.visible.all
+      @changesets.reverse! if User.current.wants_comments_in_reverse_order?
+    end

    @relations = @issue.relations.select {|r| r.other_issue(@issue) && r.other_issue(@issue).visible? }
    @allowed_statuses = @issue.new_statuses_allowed_to(User.current)
    @edit_allowed = User.current.allowed_to?(:edit_issues, @project)
-    @priorities = IssuePriority.active
+    @priorities = IssuePriority.all
    @time_entry = TimeEntry.new(:issue => @issue, :project => @issue.project)
    respond_to do |format|
-      format.html {
-        retrieve_previous_and_next_issue_ids
-        render :template => 'issues/show'
-      }
+      format.html { render :template => 'issues/show.rhtml' }
      format.api
      format.atom { render :template => 'journals/index', :layout => false, :content_type => 'application/atom+xml' }
-      format.pdf  {
-        pdf = issue_to_pdf(@issue, :journals => @journals)
-        send_data(pdf, :type => 'application/pdf', :filename => "#{@project.identifier}-#{@issue.id}.pdf")
-      }
+      format.pdf  { send_data(issue_to_pdf(@issue), :type => 'application/pdf', :filename => "#{@project.identifier}-#{@issue.id}.pdf") }
    end
  end

@@ -132,24 +131,21 @@ class IssuesController < ApplicationController
  def new
    respond_to do |format|
      format.html { render :action => 'new', :layout => !request.xhr? }
+      format.js { render :partial => 'attributes' }
    end
  end

  def create
    call_hook(:controller_issues_new_before_save, { :params => params, :issue => @issue })
-    @issue.save_attachments(params[:attachments] || (params[:issue] && params[:issue][:uploads]))
    if @issue.save
+      attachments = Attachment.attach_files(@issue, params[:attachments])
+      render_attachment_warning_if_needed(@issue)
+      flash[:notice] = l(:notice_successful_create)
      call_hook(:controller_issues_new_after_save, { :params => params, :issue => @issue})
      respond_to do |format|
        format.html {
-          render_attachment_warning_if_needed(@issue)
-          flash[:notice] = l(:notice_issue_successful_create, :id => view_context.link_to("##{@issue.id}", issue_path(@issue), :title => @issue.subject))
-          if params[:continue]
-            attrs = {:tracker_id => @issue.tracker, :parent_issue_id => @issue.parent_issue_id}.reject {|k,v| v.nil?}
-            redirect_to new_project_issue_path(@issue.project, :issue => attrs)
-          else
-            redirect_to issue_path(@issue)
-          end
+          redirect_to(params[:continue] ?  { :action => 'new', :project_id => @project, :issue => {:tracker_id => @issue.tracker, :parent_issue_id => @issue.parent_issue_id}.reject {|k,v| v.nil?} } :
+                      { :action => 'show', :id => @issue })
        }
        format.api  { render :action => 'show', :status => :created, :location => issue_url(@issue) }
      end
@@ -163,7 +159,9 @@ class IssuesController < ApplicationController
  end

  def edit
-    return unless update_issue_from_params
+    update_issue_from_params
+
+    @journal = @issue.current_journal

    respond_to do |format|
      format.html { }
@@ -172,28 +170,21 @@ class IssuesController < ApplicationController
  end

  def update
-    return unless update_issue_from_params
-    @issue.save_attachments(params[:attachments] || (params[:issue] && params[:issue][:uploads]))
-    saved = false
-    begin
-      saved = @issue.save_issue_with_child_records(params, @time_entry)
-    rescue ActiveRecord::StaleObjectError
-      @conflict = true
-      if params[:last_journal_id]
-        @conflict_journals = @issue.journals_after(params[:last_journal_id]).all
-        @conflict_journals.reject!(&:private_notes?) unless User.current.allowed_to?(:view_private_notes, @issue.project)
-      end
-    end
+    update_issue_from_params

-    if saved
+    if @issue.save_issue_with_child_records(params, @time_entry)
      render_attachment_warning_if_needed(@issue)
      flash[:notice] = l(:notice_successful_update) unless @issue.current_journal.new_record?

      respond_to do |format|
-        format.html { redirect_back_or_default issue_path(@issue) }
-        format.api  { render_api_ok }
+        format.html { redirect_back_or_default({:action => 'show', :id => @issue}) }
+        format.api  { head :ok }
      end
    else
+      render_attachment_warning_if_needed(@issue)
+      flash[:notice] = l(:notice_successful_update) unless @issue.current_journal.new_record?
+      @journal = @issue.current_journal
+
      respond_to do |format|
        format.html { render :action => 'edit' }
        format.api  { render_validation_errors(@issue) }
@@ -201,90 +192,32 @@ class IssuesController < ApplicationController
    end
  end

-  # Updates the issue form when changing the project, status or tracker
-  # on issue creation/update
-  def update_form
-  end
-
-  # Bulk edit/copy a set of issues
+  # Bulk edit a set of issues
  def bulk_edit
    @issues.sort!
-    @copy = params[:copy].present?
-    @notes = params[:notes]
-
-    if User.current.allowed_to?(:move_issues, @projects)
-      @allowed_projects = Issue.allowed_target_projects_on_move
-      if params[:issue]
-        @target_project = @allowed_projects.detect {|p| p.id.to_s == params[:issue][:project_id].to_s}
-        if @target_project
-          target_projects = [@target_project]
-        end
-      end
-    end
-    target_projects ||= @projects
-
-    if @copy
-      @available_statuses = [IssueStatus.default]
-    else
-      @available_statuses = @issues.map(&:new_statuses_allowed_to).reduce(:&)
-    end
-    @custom_fields = target_projects.map{|p|p.all_issue_custom_fields}.reduce(:&)
-    @assignables = target_projects.map(&:assignable_users).reduce(:&)
-    @trackers = target_projects.map(&:trackers).reduce(:&)
-    @versions = target_projects.map {|p| p.shared_versions.open}.reduce(:&)
-    @categories = target_projects.map {|p| p.issue_categories}.reduce(:&)
-    if @copy
-      @attachments_present = @issues.detect {|i| i.attachments.any?}.present?
-      @subtasks_present = @issues.detect {|i| !i.leaf?}.present?
-    end
-
-    @safe_attributes = @issues.map(&:safe_attribute_names).reduce(:&)
-    render :layout => false if request.xhr?
+    @available_statuses = @projects.map{|p|Workflow.available_statuses(p)}.inject{|memo,w|memo & w}
+    @custom_fields = @projects.map{|p|p.all_issue_custom_fields}.inject{|memo,c|memo & c}
+    @assignables = @projects.map(&:assignable_users).inject{|memo,a| memo & a}
+    @trackers = @projects.map(&:trackers).inject{|memo,t| memo & t}
  end

  def bulk_update
    @issues.sort!
-    @copy = params[:copy].present?
    attributes = parse_params_for_bulk_issue_attributes(params)

    unsaved_issue_ids = []
-    moved_issues = []
-
-    if @copy && params[:copy_subtasks].present?
-      # Descendant issues will be copied with the parent task
-      # Don't copy them twice
-      @issues.reject! {|issue| @issues.detect {|other| issue.is_descendant_of?(other)}}
-    end
-
    @issues.each do |issue|
      issue.reload
-      if @copy
-        issue = issue.copy({},
-          :attachments => params[:copy_attachments].present?,
-          :subtasks => params[:copy_subtasks].present?
-        )
-      end
      journal = issue.init_journal(User.current, params[:notes])
      issue.safe_attributes = attributes
      call_hook(:controller_issues_bulk_edit_before_save, { :params => params, :issue => issue })
-      if issue.save
-        moved_issues << issue
-      else
+      unless issue.save
        # Keep unsaved issue ids to display them in flash error
        unsaved_issue_ids << issue.id
      end
    end
    set_flash_from_bulk_issue_save(@issues, unsaved_issue_ids)
-
-    if params[:follow]
-      if @issues.size == 1 && moved_issues.size == 1
-        redirect_to issue_path(moved_issues.first)
-      elsif moved_issues.map(&:project).uniq.size == 1
-        redirect_to project_issues_path(moved_issues.map(&:project).first)
-      end
-    else
-      redirect_back_or_default _project_issues_path(@project)
-    end
+    redirect_back_or_default({:controller => 'issues', :action => 'index', :project_id => @project})
  end

  def destroy
@@ -316,65 +249,45 @@ class IssuesController < ApplicationController
      end
    end
    respond_to do |format|
-      format.html { redirect_back_or_default _project_issues_path(@project) }
-      format.api  { render_api_ok }
+      format.html { redirect_back_or_default(:action => 'index', :project_id => @project) }
+      format.api  { head :ok }
    end
  end

-  private
-
-  def find_project
-    project_id = params[:project_id] || (params[:issue] && params[:issue][:project_id])
-    @project = Project.find(project_id)
+private
+  def find_issue
+    # Issue.visible.find(...) can not be used to redirect user to the login form
+    # if the issue actually exists but requires authentication
+    @issue = Issue.find(params[:id], :include => [:project, :tracker, :status, :author, :priority, :category])
+    unless @issue.visible?
+      deny_access
+      return
+    end
+    @project = @issue.project
  rescue ActiveRecord::RecordNotFound
    render_404
  end

-  def retrieve_previous_and_next_issue_ids
-    retrieve_query_from_session
-    if @query
-      sort_init(@query.sort_criteria.empty? ? [['id', 'desc']] : @query.sort_criteria)
-      sort_update(@query.sortable_columns, 'issues_index_sort')
-      limit = 500
-      issue_ids = @query.issue_ids(:order => sort_clause, :limit => (limit + 1), :include => [:assigned_to, :tracker, :priority, :category, :fixed_version])
-      if (idx = issue_ids.index(@issue.id)) && idx < limit
-        if issue_ids.size < 500
-          @issue_position = idx + 1
-          @issue_count = issue_ids.size
-        end
-        @prev_issue_id = issue_ids[idx - 1] if idx > 0
-        @next_issue_id = issue_ids[idx + 1] if idx < (issue_ids.size - 1)
-      end
-    end
+  def find_project
+    project_id = (params[:issue] && params[:issue][:project_id]) || params[:project_id]
+    @project = Project.find(project_id)
+  rescue ActiveRecord::RecordNotFound
+    render_404
  end

  # Used by #edit and #update to set some common instance variables
  # from the params
  # TODO: Refactor, not everything in here is needed by #edit
  def update_issue_from_params
+    @allowed_statuses = @issue.new_statuses_allowed_to(User.current)
+    @priorities = IssuePriority.all
    @edit_allowed = User.current.allowed_to?(:edit_issues, @project)
    @time_entry = TimeEntry.new(:issue => @issue, :project => @issue.project)
    @time_entry.attributes = params[:time_entry]

-    @issue.init_journal(User.current)
-
-    issue_attributes = params[:issue]
-    if issue_attributes && params[:conflict_resolution]
-      case params[:conflict_resolution]
-      when 'overwrite'
-        issue_attributes = issue_attributes.dup
-        issue_attributes.delete(:lock_version)
-      when 'add_notes'
-        issue_attributes = issue_attributes.slice(:notes)
-      when 'cancel'
-        redirect_to issue_path(@issue)
-        return false
-      end
-    end
-    @issue.safe_attributes = issue_attributes
-    @priorities = IssuePriority.active
-    @allowed_statuses = @issue.new_statuses_allowed_to(User.current)
-    true
+    @notes = params[:notes] || (params[:issue].present? ? params[:issue][:notes] : nil)
+    @issue.init_journal(User.current, @notes)
+    @issue.safe_attributes = params[:issue]
  end

  # TODO: Refactor, lots of extra code in here
@@ -382,36 +295,29 @@ class IssuesController < ApplicationController
  def build_new_issue_from_params
    if params[:id].blank?
      @issue = Issue.new
-      if params[:copy_from]
-        begin
-          @copy_from = Issue.visible.find(params[:copy_from])
-          @copy_attachments = params[:copy_attachments].present? || request.get?
-          @copy_subtasks = params[:copy_subtasks].present? || request.get?
-          @issue.copy_from(@copy_from, :attachments => @copy_attachments, :subtasks => @copy_subtasks)
-        rescue ActiveRecord::RecordNotFound
-          render_404
-          return
-        end
-      end
+      @issue.copy_from(params[:copy_from]) if params[:copy_from]
      @issue.project = @project
    else
      @issue = @project.issues.visible.find(params[:id])
    end

    @issue.project = @project
-    @issue.author ||= User.current
+    @issue.author = User.current
    # Tracker must be set before custom field values
    @issue.tracker ||= @project.trackers.find((params[:issue] && params[:issue][:tracker_id]) || params[:tracker_id] || :first)
    if @issue.tracker.nil?
      render_error l(:error_no_tracker_in_project)
      return false
    end
-    @issue.start_date ||= Date.today if Setting.default_issue_start_date_to_creation_date?
-    @issue.safe_attributes = params[:issue]
-
-    @priorities = IssuePriority.active
+    @issue.start_date ||= Date.today
+    if params[:issue].is_a?(Hash)
+      @issue.safe_attributes = params[:issue]
+      if User.current.allowed_to?(:add_issue_watchers, @project) && @issue.new_record?
+        @issue.watcher_user_ids = params[:issue]['watcher_user_ids']
+      end
+    end
+    @priorities = IssuePriority.all
    @allowed_statuses = @issue.new_statuses_allowed_to(User.current, true)
-    @available_watchers = (@issue.project.users.sort + @issue.watcher_users).uniq
  end

  def check_for_default_issue_status
@@ -424,16 +330,7 @@ class IssuesController < ApplicationController
  def parse_params_for_bulk_issue_attributes(params)
    attributes = (params[:issue] || {}).reject {|k,v| v.blank?}
    attributes.keys.each {|k| attributes[k] = '' if attributes[k] == 'none'}
-    if custom = attributes[:custom_field_values]
-      custom.reject! {|k,v| v.blank?}
-      custom.keys.each do |k|
-        if custom[k].is_a?(Array)
-          custom[k] << '' if custom[k].delete('__none__')
-        else
-          custom[k] = '' if custom[k] == '__none__'
-        end
-      end
-    end
+    attributes[:custom_field_values].reject! {|k,v| v.blank?} if attributes[:custom_field_values]
    attributes
  end
 end
--- a/app/controllers/journals_controller.rb
+++ b/app/controllers/journals_controller.rb
@@ -1,16 +1,16 @@
 # Redmine - project management software
-# Copyright (C) 2006-2013  Jean-Philippe Lang
+# Copyright (C) 2006-2011  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
@@ -22,7 +22,7 @@ class JournalsController < ApplicationController
  before_filter :authorize, :only => [:new, :edit, :diff]
  accept_rss_auth :index
  menu_item :issues
-
+  
  helper :issues
  helper :custom_fields
  helper :queries
@@ -34,9 +34,9 @@ class JournalsController < ApplicationController
    retrieve_query
    sort_init 'id', 'desc'
    sort_update(@query.sortable_columns)
-
+    
    if @query.valid?
-      @journals = @query.journals(:order => "#{Journal.table_name}.created_on DESC",
+      @journals = @query.journals(:order => "#{Journal.table_name}.created_on DESC", 
                                  :limit => 25)
    end
    @title = (@project ? @project.name : Setting.app_title) + ": " + (@query.new_record? ? l(:label_changes_details) : @query.name)
@@ -44,7 +44,7 @@ class JournalsController < ApplicationController
  rescue ActiveRecord::RecordNotFound
    render_404
  end
-
+  
  def diff
    @issue = @journal.issue
    if params[:detail_id].present?
@@ -55,24 +55,30 @@ class JournalsController < ApplicationController
    (render_404; return false) unless @issue && @detail
    @diff = Redmine::Helpers::Diff.new(@detail.value, @detail.old_value)
  end
-
+  
  def new
-    @journal = Journal.visible.find(params[:journal_id]) if params[:journal_id]
-    if @journal
-      user = @journal.user
-      text = @journal.notes
+    journal = Journal.find(params[:journal_id]) if params[:journal_id]
+    if journal
+      user = journal.user
+      text = journal.notes
    else
      user = @issue.author
      text = @issue.description
    end
    # Replaces pre blocks with [...]
    text = text.to_s.strip.gsub(%r{<pre>((.|\s)*?)</pre>}m, '[...]')
-    @content = "#{ll(Setting.default_language, :text_user_wrote, user)}\n> "
-    @content << text.gsub(/(\r?\n|\r\n?)/, "\n> ") + "\n\n"
-  rescue ActiveRecord::RecordNotFound
-    render_404
+    content = "#{ll(Setting.default_language, :text_user_wrote, user)}\n> "
+    content << text.gsub(/(\r?\n|\r\n?)/, "\n> ") + "\n\n"
+      
+    render(:update) { |page|
+      page.<< "$('notes').value = \"#{escape_javascript content}\";"
+      page.show 'update'
+      page << "Form.Element.focus('notes');"
+      page << "Element.scrollTo('update');"
+      page << "$('notes').scrollTop = $('notes').scrollHeight - $('notes').clientHeight;"
+    }
  end
-
+  
  def edit
    (render_403; return false) unless @journal.editable_by?(User.current)
    if request.post?
@@ -80,26 +86,34 @@ class JournalsController < ApplicationController
      @journal.destroy if @journal.details.empty? && @journal.notes.blank?
      call_hook(:controller_journals_edit_post, { :journal => @journal, :params => params})
      respond_to do |format|
-        format.html { redirect_to issue_path(@journal.journalized) }
+        format.html { redirect_to :controller => 'issues', :action => 'show', :id => @journal.journalized_id }
        format.js { render :action => 'update' }
      end
    else
      respond_to do |format|
        format.html {
          # TODO: implement non-JS journal update
-          render :nothing => true
+          render :nothing => true 
        }
        format.js
      end
    end
  end
-
+  
  private
-
+  
  def find_journal
-    @journal = Journal.visible.find(params[:id])
+    @journal = Journal.find(params[:id])
    @project = @journal.journalized.project
  rescue ActiveRecord::RecordNotFound
    render_404
  end
+
+  # TODO: duplicated in IssuesController
+  def find_issue
+    @issue = Issue.find(params[:id], :include => [:project, :tracker, :status, :author, :priority, :category])
+    @project = @issue.project
+  rescue ActiveRecord::RecordNotFound
+    render_404
+  end
 end
--- a/app/controllers/ldap_auth_sources_controller.rb
+++ b/app/controllers/ldap_auth_sources_controller.rb
@@ -1,27 +1,25 @@
-# Redmine - project management software
-# Copyright (C) 2006-2013  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

-require File.expand_path('../../../../test_helper', __FILE__)
+class LdapAuthSourcesController < AuthSourcesController

-class Redmine::InfoTest < ActiveSupport::TestCase
-  def test_environment
-    env = Redmine::Info.environment
-
-    assert_kind_of String, env
-    assert_match 'Redmine version', env
+  protected
+  
+  def auth_source_class
+    AuthSourceLdap
  end
 end
--- a/app/controllers/mail_handler_controller.rb
+++ b/app/controllers/mail_handler_controller.rb
@@ -1,5 +1,5 @@
 # Redmine - project management software
-# Copyright (C) 2006-2013  Jean-Philippe Lang
+# Copyright (C) 2006-2011  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
@@ -18,6 +18,10 @@
 class MailHandlerController < ActionController::Base
  before_filter :check_credential

+  verify :method => :post,
+         :only => :index,
+         :render => { :nothing => true, :status => 405 }
+
  # Submits an incoming email to MailHandler
  def index
    options = params.dup
--- a/app/controllers/members_controller.rb
+++ b/app/controllers/members_controller.rb
@@ -1,125 +1,100 @@
-# Redmine - project management software
-# Copyright (C) 2006-2013  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 class MembersController < ApplicationController
  model_object Member
-  before_filter :find_model_object, :except => [:index, :create, :autocomplete]
-  before_filter :find_project_from_association, :except => [:index, :create, :autocomplete]
-  before_filter :find_project_by_project_id, :only => [:index, :create, :autocomplete]
+  before_filter :find_model_object, :except => [:new, :autocomplete_for_member]
+  before_filter :find_project_from_association, :except => [:new, :autocomplete_for_member]
+  before_filter :find_project, :only => [:new, :autocomplete_for_member]
  before_filter :authorize
-  accept_api_auth :index, :show, :create, :update, :destroy

-  def index
-    @offset, @limit = api_offset_and_limit
-    @member_count = @project.member_principals.count
-    @member_pages = Paginator.new @member_count, @limit, params['page']
-    @offset ||= @member_pages.offset
-    @members =  @project.member_principals.all(
-      :order => "#{Member.table_name}.id",
-      :limit  =>  @limit,
-      :offset =>  @offset
-    )
-
-    respond_to do |format|
-      format.html { head 406 }
-      format.api
-    end
-  end
-
-  def show
-    respond_to do |format|
-      format.html { head 406 }
-      format.api
-    end
-  end
-
-  def create
+  def new
    members = []
-    if params[:membership]
-      if params[:membership][:user_ids]
-        attrs = params[:membership].dup
-        user_ids = attrs.delete(:user_ids)
+    if params[:member] && request.post?
+      attrs = params[:member].dup
+      if (user_ids = attrs.delete(:user_ids))
        user_ids.each do |user_id|
-          members << Member.new(:role_ids => params[:membership][:role_ids], :user_id => user_id)
+          members << Member.new(attrs.merge(:user_id => user_id))
        end
      else
-        members << Member.new(:role_ids => params[:membership][:role_ids], :user_id => params[:membership][:user_id])
+        members << Member.new(attrs)
      end
      @project.members << members
    end
-
    respond_to do |format|
-      format.html { redirect_to_settings_in_projects }
-      format.js { @members = members }
-      format.api {
-        @member = members.first
-        if @member.valid?
-          render :action => 'show', :status => :created, :location => membership_url(@member)
-        else
-          render_validation_errors(@member)
-        end
-      }
+      if members.present? && members.all? {|m| m.valid? }
+
+        format.html { redirect_to :controller => 'projects', :action => 'settings', :tab => 'members', :id => @project }
+
+        format.js { 
+          render(:update) {|page| 
+            page.replace_html "tab-content-members", :partial => 'projects/settings/members'
+            page << 'hideOnLoad()'
+            members.each {|member| page.visual_effect(:highlight, "member-#{member.id}") }
+          }
+        }
+      else
+
+        format.js {
+          render(:update) {|page|
+            errors = members.collect {|m|
+              m.errors.full_messages
+            }.flatten.uniq
+
+            page.alert(l(:notice_failed_to_save_members, :errors => errors.join(', ')))
+          }
+        }
+        
+      end
    end
  end
-
-  def update
-    if params[:membership]
-      @member.role_ids = params[:membership][:role_ids]
-    end
-    saved = @member.save
-    respond_to do |format|
-      format.html { redirect_to_settings_in_projects }
-      format.js
-      format.api {
-        if saved
-          render_api_ok
-        else
-          render_validation_errors(@member)
-        end
-      }
+  
+  def edit
+    if request.post? and @member.update_attributes(params[:member])
+  	 respond_to do |format|
+        format.html { redirect_to :controller => 'projects', :action => 'settings', :tab => 'members', :id => @project }
+        format.js { 
+          render(:update) {|page| 
+            page.replace_html "tab-content-members", :partial => 'projects/settings/members'
+            page << 'hideOnLoad()'
+            page.visual_effect(:highlight, "member-#{@member.id}")
+          }
+        }
+      end
    end
  end

  def destroy
-    if request.delete? && @member.deletable?
+    if request.post? && @member.deletable?
      @member.destroy
    end
    respond_to do |format|
-      format.html { redirect_to_settings_in_projects }
-      format.js
-      format.api {
-        if @member.destroyed?
-          render_api_ok
-        else
-          head :unprocessable_entity
-        end
+      format.html { redirect_to :controller => 'projects', :action => 'settings', :tab => 'members', :id => @project }
+      format.js { render(:update) {|page|
+          page.replace_html "tab-content-members", :partial => 'projects/settings/members'
+          page << 'hideOnLoad()'
+        }
      }
    end
  end
-
-  def autocomplete
-    respond_to do |format|
-      format.js
-    end
+  
+  def autocomplete_for_member
+    @principals = Principal.active.like(params[:q]).find(:all, :limit => 100) - @project.principals
+    render :layout => false
  end

-  private
-
-  def redirect_to_settings_in_projects
-    redirect_to settings_project_path(@project, :tab => 'members')
-  end
 end
--- a/app/controllers/messages_controller.rb
+++ b/app/controllers/messages_controller.rb
@@ -1,16 +1,16 @@
-# Redmine - project management software
-# Copyright (C) 2006-2013  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006-2007  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
@@ -19,17 +19,18 @@ class MessagesController < ApplicationController
  menu_item :boards
  default_search_scope :messages
  before_filter :find_board, :only => [:new, :preview]
-  before_filter :find_attachments, :only => [:preview]
  before_filter :find_message, :except => [:new, :preview]
  before_filter :authorize, :except => [:preview, :edit, :destroy]

-  helper :boards
+  verify :method => :post, :only => [ :reply, :destroy ], :redirect_to => { :action => :show }
+  verify :xhr => true, :only => :quote
+
  helper :watchers
  helper :attachments
-  include AttachmentsHelper
+  include AttachmentsHelper   

  REPLIES_PER_PAGE = 25 unless const_defined?(:REPLIES_PER_PAGE)
-
+  
  # Show a topic and its replies
  def show
    page = params[:page]
@@ -38,105 +39,111 @@ class MessagesController < ApplicationController
      offset = @topic.children.count(:conditions => ["#{Message.table_name}.id < ?", params[:r].to_i])
      page = 1 + offset / REPLIES_PER_PAGE
    end
-
+    
    @reply_count = @topic.children.count
-    @reply_pages = Paginator.new @reply_count, REPLIES_PER_PAGE, page
-    @replies =  @topic.children.
-      includes(:author, :attachments, {:board => :project}).
-      reorder("#{Message.table_name}.created_on ASC").
-      limit(@reply_pages.per_page).
-      offset(@reply_pages.offset).
-      all
-
+    @reply_pages = Paginator.new self, @reply_count, REPLIES_PER_PAGE, page
+    @replies =  @topic.children.find(:all, :include => [:author, :attachments, {:board => :project}],
+                                           :order => "#{Message.table_name}.created_on ASC",
+                                           :limit => @reply_pages.items_per_page,
+                                           :offset => @reply_pages.current.offset)
+    
    @reply = Message.new(:subject => "RE: #{@message.subject}")
    render :action => "show", :layout => false if request.xhr?
  end
-
+  
  # Create a new topic
  def new
-    @message = Message.new
+    @message = Message.new(params[:message])
    @message.author = User.current
    @message.board = @board
-    @message.safe_attributes = params[:message]
-    if request.post?
-      @message.save_attachments(params[:attachments])
-      if @message.save
-        call_hook(:controller_messages_new_after_save, { :params => params, :message => @message})
-        render_attachment_warning_if_needed(@message)
-        redirect_to board_message_path(@board, @message)
-      end
+    if params[:message] && User.current.allowed_to?(:edit_messages, @project)
+      @message.locked = params[:message]['locked']
+      @message.sticky = params[:message]['sticky']
+    end
+    if request.post? && @message.save
+      call_hook(:controller_messages_new_after_save, { :params => params, :message => @message})
+      attachments = Attachment.attach_files(@message, params[:attachments])
+      render_attachment_warning_if_needed(@message)
+      redirect_to :action => 'show', :id => @message
    end
  end

  # Reply to a topic
  def reply
-    @reply = Message.new
+    @reply = Message.new(params[:reply])
    @reply.author = User.current
    @reply.board = @board
-    @reply.safe_attributes = params[:reply]
    @topic.children << @reply
    if !@reply.new_record?
      call_hook(:controller_messages_reply_after_save, { :params => params, :message => @reply})
      attachments = Attachment.attach_files(@reply, params[:attachments])
      render_attachment_warning_if_needed(@reply)
    end
-    redirect_to board_message_path(@board, @topic, :r => @reply)
+    redirect_to :action => 'show', :id => @topic, :r => @reply
  end

  # Edit a message
  def edit
    (render_403; return false) unless @message.editable_by?(User.current)
-    @message.safe_attributes = params[:message]
-    if request.post? && @message.save
+    if params[:message]
+      @message.locked = params[:message]['locked']
+      @message.sticky = params[:message]['sticky']
+    end
+    if request.post? && @message.update_attributes(params[:message])
      attachments = Attachment.attach_files(@message, params[:attachments])
      render_attachment_warning_if_needed(@message)
      flash[:notice] = l(:notice_successful_update)
      @message.reload
-      redirect_to board_message_path(@message.board, @message.root, :r => (@message.parent_id && @message.id))
+      redirect_to :action => 'show', :board_id => @message.board, :id => @message.root, :r => (@message.parent_id && @message.id)
    end
  end
-
+  
  # Delete a messages
  def destroy
    (render_403; return false) unless @message.destroyable_by?(User.current)
-    r = @message.to_param
    @message.destroy
-    if @message.parent
-      redirect_to board_message_path(@board, @message.parent, :r => r)
-    else
-      redirect_to project_board_path(@project, @board)
-    end
+    redirect_to @message.parent.nil? ?
+      { :controller => 'boards', :action => 'show', :project_id => @project, :id => @board } :
+      { :action => 'show', :id => @message.parent, :r => @message }
  end
-
+  
  def quote
-    @subject = @message.subject
-    @subject = "RE: #{@subject}" unless @subject.starts_with?('RE:')
-
-    @content = "#{ll(Setting.default_language, :text_user_wrote, @message.author)}\n> "
-    @content << @message.content.to_s.strip.gsub(%r{<pre>((.|\s)*?)</pre>}m, '[...]').gsub(/(\r?\n|\r\n?)/, "\n> ") + "\n\n"
+    user = @message.author
+    text = @message.content
+    subject = @message.subject.gsub('"', '\"')
+    subject = "RE: #{subject}" unless subject.starts_with?('RE:')
+    content = "#{ll(Setting.default_language, :text_user_wrote, user)}\\n> "
+    content << text.to_s.strip.gsub(%r{<pre>((.|\s)*?)</pre>}m, '[...]').gsub('"', '\"').gsub(/(\r?\n|\r\n?)/, "\\n> ") + "\\n\\n"
+    render(:update) { |page|
+      page << "$('reply_subject').value = \"#{subject}\";"
+      page.<< "$('message_content').value = \"#{content}\";"
+      page.show 'reply'
+      page << "Form.Element.focus('message_content');"
+      page << "Element.scrollTo('reply');"
+      page << "$('message_content').scrollTop = $('message_content').scrollHeight - $('message_content').clientHeight;"
+    }
  end
-
+  
  def preview
    message = @board.messages.find_by_id(params[:id])
+    @attachements = message.attachments if message
    @text = (params[:message] || params[:reply])[:content]
-    @previewed = message
    render :partial => 'common/preview'
  end
-
+  
 private
  def find_message
-    return unless find_board
+    find_board
    @message = @board.messages.find(params[:id], :include => :parent)
    @topic = @message.root
  rescue ActiveRecord::RecordNotFound
    render_404
  end
-
+  
  def find_board
    @board = Board.find(params[:board_id], :include => :project)
    @project = @board.project
  rescue ActiveRecord::RecordNotFound
    render_404
-    nil
  end
 end
--- a/app/controllers/my_controller.rb
+++ b/app/controllers/my_controller.rb
@@ -1,16 +1,16 @@
 # Redmine - project management software
-# Copyright (C) 2006-2013  Jean-Philippe Lang
+# Copyright (C) 2006-2009  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
@@ -31,10 +31,13 @@ class MyController < ApplicationController
             'timelog' => :label_spent_time
           }.merge(Redmine::Views::MyPage::Block.additional_blocks).freeze

-  DEFAULT_LAYOUT = {  'left' => ['issuesassignedtome'],
-                      'right' => ['issuesreportedbyme']
+  DEFAULT_LAYOUT = {  'left' => ['issuesassignedtome'], 
+                      'right' => ['issuesreportedbyme'] 
                   }.freeze

+  verify :xhr => true,
+         :only => [:add_block, :remove_block, :order_blocks]
+
  def index
    page
    render :action => 'page'
@@ -53,41 +56,24 @@ class MyController < ApplicationController
    if request.post?
      @user.safe_attributes = params[:user]
      @user.pref.attributes = params[:pref]
+      @user.pref[:no_self_notified] = (params[:no_self_notified] == '1')
      if @user.save
        @user.pref.save
        @user.notified_project_ids = (@user.mail_notification == 'selected' ? params[:notified_project_ids] : [])
        set_language_if_valid @user.language
        flash[:notice] = l(:notice_account_updated)
-        redirect_to my_account_path
+        redirect_to :action => 'account'
        return
      end
    end
  end

-  # Destroys user's account
-  def destroy
-    @user = User.current
-    unless @user.own_account_deletable?
-      redirect_to my_account_path
-      return
-    end
-
-    if request.post? && params[:confirm]
-      @user.destroy
-      if @user.destroyed?
-        logout_user
-        flash[:notice] = l(:notice_account_deleted)
-      end
-      redirect_to home_path
-    end
-  end
-
  # Manage user's password
  def password
    @user = User.current
    unless @user.change_password_allowed?
      flash[:error] = l(:notice_can_t_change_password)
-      redirect_to my_account_path
+      redirect_to :action => 'account'
      return
    end
    if request.post?
@@ -95,14 +81,14 @@ class MyController < ApplicationController
        @user.password, @user.password_confirmation = params[:new_password], params[:new_password_confirmation]
        if @user.save
          flash[:notice] = l(:notice_account_password_updated)
-          redirect_to my_account_path
+          redirect_to :action => 'account'
        end
      else
        flash[:error] = l(:notice_account_wrong_password)
      end
    end
  end
-
+  
  # Create a new feeds key
  def reset_rss_key
    if request.post?
@@ -113,7 +99,7 @@ class MyController < ApplicationController
      User.current.rss_key
      flash[:notice] = l(:notice_feeds_access_key_reseted)
    end
-    redirect_to my_account_path
+    redirect_to :action => 'account'
  end

  # Create a new API key
@@ -126,7 +112,7 @@ class MyController < ApplicationController
      User.current.api_key
      flash[:notice] = l(:notice_api_access_key_reseted)
    end
-    redirect_to my_account_path
+    redirect_to :action => 'account'
  end

  # User's page layout configuration
@@ -134,31 +120,26 @@ class MyController < ApplicationController
    @user = User.current
    @blocks = @user.pref[:my_page_layout] || DEFAULT_LAYOUT.dup
    @block_options = []
-    BLOCKS.each do |k, v|
-      unless %w(top left right).detect {|f| (@blocks[f] ||= []).include?(k)}
-        @block_options << [l("my.blocks.#{v}", :default => [v, v.to_s.humanize]), k.dasherize]
-      end
-    end
+    BLOCKS.each {|k, v| @block_options << [l("my.blocks.#{v}", :default => [v, v.to_s.humanize]), k.dasherize]}
  end
-
+  
  # Add a block to user's page
  # The block is added on top of the page
  # params[:block] : id of the block to add
  def add_block
    block = params[:block].to_s.underscore
-    if block.present? && BLOCKS.key?(block)
-      @user = User.current
-      layout = @user.pref[:my_page_layout] || {}
-      # remove if already present in a group
-      %w(top left right).each {|f| (layout[f] ||= []).delete block }
-      # add it on top
-      layout['top'].unshift block
-      @user.pref[:my_page_layout] = layout
-      @user.pref.save
-    end
-    redirect_to my_page_layout_path
+    (render :nothing => true; return) unless block && (BLOCKS.keys.include? block)
+    @user = User.current
+    layout = @user.pref[:my_page_layout] || {}
+    # remove if already present in a group
+    %w(top left right).each {|f| (layout[f] ||= []).delete block }
+    # add it on top
+    layout['top'].unshift block
+    @user.pref[:my_page_layout] = layout
+    @user.pref.save 
+    render :partial => "block", :locals => {:user => @user, :block_name => block}
  end
-
+  
  # Remove a block to user's page
  # params[:block] : id of the block to remove
  def remove_block
@@ -168,8 +149,8 @@ class MyController < ApplicationController
    layout = @user.pref[:my_page_layout] || {}
    %w(top left right).each {|f| (layout[f] ||= []).delete block }
    @user.pref[:my_page_layout] = layout
-    @user.pref.save
-    redirect_to my_page_layout_path
+    @user.pref.save 
+    render :nothing => true
  end

  # Change blocks order on user's page
@@ -179,8 +160,7 @@ class MyController < ApplicationController
    group = params[:group]
    @user = User.current
    if group.is_a?(String)
-      group_items = (params["blocks"] || []).collect(&:underscore)
-      group_items.each {|s| s.sub!(/^block_/, '')}
+      group_items = (params["list-#{group}"] || []).collect(&:underscore)
      if group_items and group_items.is_a? Array
        layout = @user.pref[:my_page_layout] || {}
        # remove group blocks if they are presents in other groups
@@ -189,7 +169,7 @@ class MyController < ApplicationController
        }
        layout[group] = group_items
        @user.pref[:my_page_layout] = layout
-        @user.pref.save
+        @user.pref.save 
      end
    end
    render :nothing => true
--- a/app/controllers/news_controller.rb
+++ b/app/controllers/news_controller.rb
@@ -1,16 +1,16 @@
 # Redmine - project management software
-# Copyright (C) 2006-2013  Jean-Philippe Lang
+# Copyright (C) 2006-2011  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
@@ -20,15 +20,14 @@ class NewsController < ApplicationController
  model_object News
  before_filter :find_model_object, :except => [:new, :create, :index]
  before_filter :find_project_from_association, :except => [:new, :create, :index]
-  before_filter :find_project_by_project_id, :only => [:new, :create]
+  before_filter :find_project, :only => [:new, :create]
  before_filter :authorize, :except => [:index]
  before_filter :find_optional_project, :only => :index
  accept_rss_auth :index
  accept_api_auth :index
-
+  
  helper :watchers
-  helper :attachments
-
+  
  def index
    case params[:format]
    when 'xml', 'json'
@@ -36,27 +35,24 @@ class NewsController < ApplicationController
    else
      @limit =  10
    end
-
+    
    scope = @project ? @project.news.visible : News.visible
-
+    
    @news_count = scope.count
-    @news_pages = Paginator.new @news_count, @limit, params['page']
-    @offset ||= @news_pages.offset
+    @news_pages = Paginator.new self, @news_count, @limit, params['page']
+    @offset ||= @news_pages.current.offset
    @newss = scope.all(:include => [:author, :project],
                                       :order => "#{News.table_name}.created_on DESC",
                                       :offset => @offset,
                                       :limit => @limit)
-
+    
    respond_to do |format|
-      format.html {
-        @news = News.new # for adding news inline
-        render :layout => false if request.xhr?
-      }
+      format.html { render :layout => false if request.xhr? }
      format.api
      format.atom { render_feed(@newss, :title => (@project ? @project.name : Setting.app_title) + ": #{l(:label_news_plural)}") }
    end
  end
-
+  
  def show
    @comments = @news.comments
    @comments.reverse! if User.current.wants_comments_in_reverse_order?
@@ -68,27 +64,24 @@ class NewsController < ApplicationController

  def create
    @news = News.new(:project => @project, :author => User.current)
-    @news.safe_attributes = params[:news]
-    @news.save_attachments(params[:attachments])
-    if @news.save
-      render_attachment_warning_if_needed(@news)
-      flash[:notice] = l(:notice_successful_create)
-      redirect_to project_news_index_path(@project)
-    else
-      render :action => 'new'
+    if request.post?
+      @news.attributes = params[:news]
+      if @news.save
+        flash[:notice] = l(:notice_successful_create)
+        redirect_to :controller => 'news', :action => 'index', :project_id => @project
+      else
+        render :action => 'new'
+      end
    end
  end

  def edit
  end
-
+  
  def update
-    @news.safe_attributes = params[:news]
-    @news.save_attachments(params[:attachments])
-    if @news.save
-      render_attachment_warning_if_needed(@news)
+    if request.put? and @news.update_attributes(params[:news])
      flash[:notice] = l(:notice_successful_update)
-      redirect_to news_path(@news)
+      redirect_to :action => 'show', :id => @news
    else
      render :action => 'edit'
    end
@@ -96,11 +89,16 @@ class NewsController < ApplicationController

  def destroy
    @news.destroy
-    redirect_to project_news_index_path(@project)
+    redirect_to :action => 'index', :project_id => @project
  end
-
-  private
-
+  
+private
+  def find_project
+    @project = Project.find(params[:project_id])
+  rescue ActiveRecord::RecordNotFound
+    render_404
+  end
+  
  def find_optional_project
    return true unless params[:project_id]
    @project = Project.find(params[:project_id])
--- a/app/controllers/previews_controller.rb
+++ b/app/controllers/previews_controller.rb
@@ -1,32 +1,32 @@
 # Redmine - project management software
-# Copyright (C) 2006-2013  Jean-Philippe Lang
+# Copyright (C) 2006-2011  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 class PreviewsController < ApplicationController
-  before_filter :find_project, :find_attachments
+  before_filter :find_project

  def issue
    @issue = @project.issues.find_by_id(params[:id]) unless params[:id].blank?
    if @issue
+      @attachements = @issue.attachments
      @description = params[:issue] && params[:issue][:description]
      if @description && @description.gsub(/(\r?\n|\n\r?)/, "\n") == @issue.description.to_s.gsub(/(\r?\n|\n\r?)/, "\n")
        @description = nil
      end
-      # params[:notes] is useful for preview of notes in issue history
-      @notes = params[:notes] || (params[:issue] ? params[:issue][:notes] : nil)
+      @notes = params[:notes]
    else
      @description = (params[:issue] ? params[:issue][:description] : nil)
    end
@@ -34,20 +34,17 @@ class PreviewsController < ApplicationController
  end

  def news
-    if params[:id].present? && news = News.visible.find_by_id(params[:id])
-      @previewed = news
-    end
    @text = (params[:news] ? params[:news][:description] : nil)
    render :partial => 'common/preview'
  end

  private
-
+  
  def find_project
    project_id = (params[:issue] && params[:issue][:project_id]) || params[:project_id]
    @project = Project.find(project_id)
  rescue ActiveRecord::RecordNotFound
    render_404
  end
-
+  
 end
--- a/app/controllers/project_enumerations_controller.rb
+++ b/app/controllers/project_enumerations_controller.rb
@@ -1,24 +1,7 @@
-# Redmine - project management software
-# Copyright (C) 2006-2013  Jean-Philippe Lang
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
-# of the License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
-
 class ProjectEnumerationsController < ApplicationController
  before_filter :find_project_by_project_id
  before_filter :authorize
-
+  
  def update
    if request.put? && params[:enumerations]
      Project.transaction do
@@ -28,8 +11,8 @@ class ProjectEnumerationsController < ApplicationController
      end
      flash[:notice] = l(:notice_successful_update)
    end
-
-    redirect_to settings_project_path(@project, :tab => 'activities')
+    
+    redirect_to :controller => 'projects', :action => 'settings', :tab => 'activities', :id => @project
  end

  def destroy
@@ -37,6 +20,7 @@ class ProjectEnumerationsController < ApplicationController
      time_entry_activity.destroy(time_entry_activity.parent)
    end
    flash[:notice] = l(:notice_successful_update)
-    redirect_to settings_project_path(@project, :tab => 'activities')
+    redirect_to :controller => 'projects', :action => 'settings', :tab => 'activities', :id => @project
  end
+
 end
--- a/app/controllers/projects_controller.rb
+++ b/app/controllers/projects_controller.rb
@@ -1,16 +1,16 @@
 # Redmine - project management software
-# Copyright (C) 2006-2013  Jean-Philippe Lang
+# Copyright (C) 2006-2011  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
@@ -19,7 +19,7 @@ class ProjectsController < ApplicationController
  menu_item :overview
  menu_item :roadmap, :only => :roadmap
  menu_item :settings, :only => :settings
-
+  
  before_filter :find_project, :except => [ :index, :list, :new, :create, :copy ]
  before_filter :authorize, :except => [ :index, :list, :new, :create, :copy, :archive, :unarchive, :destroy]
  before_filter :authorize_global, :only => [:new, :create]
@@ -29,54 +29,50 @@ class ProjectsController < ApplicationController

  after_filter :only => [:create, :edit, :update, :archive, :unarchive, :destroy] do |controller|
    if controller.request.post?
-      controller.send :expire_action, :controller => 'welcome', :action => 'robots'
+      controller.send :expire_action, :controller => 'welcome', :action => 'robots.txt'
    end
  end

  helper :sort
  include SortHelper
  helper :custom_fields
-  include CustomFieldsHelper
+  include CustomFieldsHelper   
  helper :issues
  helper :queries
  include QueriesHelper
  helper :repositories
  include RepositoriesHelper
  include ProjectsHelper
-  helper :members
-
+  
  # Lists visible projects
  def index
    respond_to do |format|
-      format.html {
-        scope = Project
-        unless params[:closed]
-          scope = scope.active
-        end
-        @projects = scope.visible.order('lft').all
+      format.html { 
+        @projects = Project.visible.find(:all, :order => 'lft') 
      }
      format.api  {
        @offset, @limit = api_offset_and_limit
        @project_count = Project.visible.count
-        @projects = Project.visible.offset(@offset).limit(@limit).order('lft').all
+        @projects = Project.visible.all(:offset => @offset, :limit => @limit, :order => 'lft')
      }
      format.atom {
-        projects = Project.visible.order('created_on DESC').limit(Setting.feeds_limit.to_i).all
+        projects = Project.visible.find(:all, :order => 'created_on DESC',
+                                              :limit => Setting.feeds_limit.to_i)
        render_feed(projects, :title => "#{Setting.app_title}: #{l(:label_project_latest)}")
      }
    end
  end
-
+  
  def new
-    @issue_custom_fields = IssueCustomField.sorted.all
-    @trackers = Tracker.sorted.all
-    @project = Project.new
-    @project.safe_attributes = params[:project]
+    @issue_custom_fields = IssueCustomField.find(:all, :order => "#{CustomField.table_name}.position")
+    @trackers = Tracker.all
+    @project = Project.new(params[:project])
  end

+  verify :method => :post, :only => :create, :render => {:nothing => true, :status => :method_not_allowed }
  def create
-    @issue_custom_fields = IssueCustomField.sorted.all
-    @trackers = Tracker.sorted.all
+    @issue_custom_fields = IssueCustomField.find(:all, :order => "#{CustomField.table_name}.position")
+    @trackers = Tracker.all
    @project = Project.new
    @project.safe_attributes = params[:project]

@@ -89,14 +85,9 @@ class ProjectsController < ApplicationController
        @project.members << m
      end
      respond_to do |format|
-        format.html {
+        format.html { 
          flash[:notice] = l(:notice_successful_create)
-          if params[:continue]
-            attrs = {:parent_id => @project.parent_id}.reject {|k,v| v.nil?}
-            redirect_to new_project_path(attrs)
-          else
-            redirect_to settings_project_path(@project)
-          end
+          redirect_to :controller => 'projects', :action => 'settings', :id => @project
        }
        format.api  { render :action => 'show', :status => :created, :location => url_for(:controller => 'projects', :action => 'show', :id => @project.id) }
      end
@@ -106,15 +97,23 @@ class ProjectsController < ApplicationController
        format.api  { render_validation_errors(@project) }
      end
    end
+    
  end
-
+  
  def copy
-    @issue_custom_fields = IssueCustomField.sorted.all
-    @trackers = Tracker.sorted.all
+    @issue_custom_fields = IssueCustomField.find(:all, :order => "#{CustomField.table_name}.position")
+    @trackers = Tracker.all
+    @root_projects = Project.find(:all,
+                                  :conditions => "parent_id IS NULL AND status = #{Project::STATUS_ACTIVE}",
+                                  :order => 'name')
    @source_project = Project.find(params[:id])
    if request.get?
      @project = Project.copy_from(@source_project)
-      @project.identifier = Project.next_identifier if Setting.sequential_project_identifiers?
+      if @project
+        @project.identifier = Project.next_identifier if Setting.sequential_project_identifiers?
+      else
+        redirect_to :controller => 'admin', :action => 'projects'
+      end  
    else
      Mailer.with_deliveries(params[:notifications] == '1') do
        @project = Project.new
@@ -122,44 +121,47 @@ class ProjectsController < ApplicationController
        if validate_parent_id && @project.copy(@source_project, :only => params[:only])
          @project.set_allowed_parent!(params[:project]['parent_id']) if params[:project].has_key?('parent_id')
          flash[:notice] = l(:notice_successful_create)
-          redirect_to settings_project_path(@project)
+          redirect_to :controller => 'projects', :action => 'settings', :id => @project
        elsif !@project.new_record?
          # Project was created
          # But some objects were not copied due to validation failures
          # (eg. issues from disabled trackers)
          # TODO: inform about that
-          redirect_to settings_project_path(@project)
+          redirect_to :controller => 'projects', :action => 'settings', :id => @project
        end
      end
    end
  rescue ActiveRecord::RecordNotFound
-    # source_project not found
-    render_404
+    redirect_to :controller => 'admin', :action => 'projects'
  end
-
+	
  # Show @project
  def show
-    # try to redirect to the requested menu item
-    if params[:jump] && redirect_to_project_menu_item(@project, params[:jump])
-      return
+    if params[:jump]
+      # try to redirect to the requested menu item
+      redirect_to_project_menu_item(@project, params[:jump]) && return
    end
-
+    
    @users_by_role = @project.users_by_role
    @subprojects = @project.children.visible.all
-    @news = @project.news.limit(5).includes(:author, :project).reorder("#{News.table_name}.created_on DESC").all
+    @news = @project.news.find(:all, :limit => 5, :include => [ :author, :project ], :order => "#{News.table_name}.created_on DESC")
    @trackers = @project.rolled_up_trackers
-
+    
    cond = @project.project_condition(Setting.display_subprojects_issues?)
-
-    @open_issues_by_tracker = Issue.visible.open.where(cond).count(:group => :tracker)
-    @total_issues_by_tracker = Issue.visible.where(cond).count(:group => :tracker)
-
+    
+    @open_issues_by_tracker = Issue.visible.count(:group => :tracker,
+                                            :include => [:project, :status, :tracker],
+                                            :conditions => ["(#{cond}) AND #{IssueStatus.table_name}.is_closed=?", false])
+    @total_issues_by_tracker = Issue.visible.count(:group => :tracker,
+                                            :include => [:project, :status, :tracker],
+                                            :conditions => cond)
+    
    if User.current.allowed_to?(:view_time_entries, @project)
      @total_hours = TimeEntry.visible.sum(:hours, :include => :project, :conditions => cond).to_f
    end
-
+    
    @key = User.current.rss_key
-
+    
    respond_to do |format|
      format.html
      format.api
@@ -167,30 +169,33 @@ class ProjectsController < ApplicationController
  end

  def settings
-    @issue_custom_fields = IssueCustomField.sorted.all
+    @issue_custom_fields = IssueCustomField.find(:all, :order => "#{CustomField.table_name}.position")
    @issue_category ||= IssueCategory.new
    @member ||= @project.members.new
-    @trackers = Tracker.sorted.all
+    @trackers = Tracker.all
+    @repository ||= @project.repository
    @wiki ||= @project.wiki
  end
-
+  
  def edit
  end

+  # TODO: convert to PUT only
+  verify :method => [:post, :put], :only => :update, :render => {:nothing => true, :status => :method_not_allowed }
  def update
    @project.safe_attributes = params[:project]
    if validate_parent_id && @project.save
      @project.set_allowed_parent!(params[:project]['parent_id']) if params[:project].has_key?('parent_id')
      respond_to do |format|
-        format.html {
+        format.html { 
          flash[:notice] = l(:notice_successful_update)
-          redirect_to settings_project_path(@project)
+          redirect_to :action => 'settings', :id => @project
        }
-        format.api  { render_api_ok }
+        format.api  { head :ok }
      end
    else
      respond_to do |format|
-        format.html {
+        format.html { 
          settings
          render :action => 'settings'
        }
@@ -199,10 +204,11 @@ class ProjectsController < ApplicationController
    end
  end

+  verify :method => :post, :only => :modules, :render => {:nothing => true, :status => :method_not_allowed }
  def modules
    @project.enabled_module_names = params[:enabled_module_names]
    flash[:notice] = l(:notice_successful_update)
-    redirect_to settings_project_path(@project, :tab => 'modules')
+    redirect_to :action => 'settings', :id => @project, :tab => 'modules'
  end

  def archive
@@ -211,39 +217,40 @@ class ProjectsController < ApplicationController
        flash[:error] = l(:error_can_not_archive_project)
      end
    end
-    redirect_to admin_projects_path(:status => params[:status])
+    redirect_to(url_for(:controller => 'admin', :action => 'projects', :status => params[:status]))
  end
-
+  
  def unarchive
    @project.unarchive if request.post? && !@project.active?
-    redirect_to admin_projects_path(:status => params[:status])
+    redirect_to(url_for(:controller => 'admin', :action => 'projects', :status => params[:status]))
  end
-
-  def close
-    @project.close
-    redirect_to project_path(@project)
-  end
-
-  def reopen
-    @project.reopen
-    redirect_to project_path(@project)
-  end
-
+  
  # Delete @project
  def destroy
    @project_to_destroy = @project
-    if api_request? || params[:confirm]
-      @project_to_destroy.destroy
-      respond_to do |format|
-        format.html { redirect_to admin_projects_path }
-        format.api  { render_api_ok }
+    if request.get?
+      # display confirmation view
+    else
+      if api_request? || params[:confirm]
+        @project_to_destroy.destroy
+        respond_to do |format|
+          format.html { redirect_to :controller => 'admin', :action => 'projects' }
+          format.api  { head :ok }
+        end
      end
    end
    # hide project in layout
    @project = nil
  end

-  private
+private
+  def find_optional_project
+    return true unless params[:id]
+    @project = Project.find(params[:id])
+    authorize
+  rescue ActiveRecord::RecordNotFound
+    render_404
+  end

  # Validates parent_id param according to user's permissions
  # TODO: move it to Project model in a validation that depends on User.current
--- a/app/controllers/queries_controller.rb
+++ b/app/controllers/queries_controller.rb
@@ -1,102 +1,76 @@
-# Redmine - project management software
-# Copyright (C) 2006-2013  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006-2007  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 class QueriesController < ApplicationController
  menu_item :issues
-  before_filter :find_query, :except => [:new, :create, :index]
-  before_filter :find_optional_project, :only => [:new, :create]
-
-  accept_api_auth :index
-
-  include QueriesHelper
-
-  def index
-    case params[:format]
-    when 'xml', 'json'
-      @offset, @limit = api_offset_and_limit
-    else
-      @limit = per_page_option
-    end
-
-    @query_count = IssueQuery.visible.count
-    @query_pages = Paginator.new @query_count, @limit, params['page']
-    @queries = IssueQuery.visible.all(:limit => @limit, :offset => @offset, :order => "#{Query.table_name}.name")
-
-    respond_to do |format|
-      format.api
-    end
-  end
-
+  before_filter :find_query, :except => :new
+  before_filter :find_optional_project, :only => :new
+  
  def new
-    @query = IssueQuery.new
-    @query.user = User.current
-    @query.project = @project
-    @query.is_public = false unless User.current.allowed_to?(:manage_public_queries, @project) || User.current.admin?
-    @query.build_from_params(params)
-  end
-
-  def create
-    @query = IssueQuery.new(params[:query])
-    @query.user = User.current
+    @query = Query.new(params[:query])
    @query.project = params[:query_is_for_all] ? nil : @project
+    @query.user = User.current
    @query.is_public = false unless User.current.allowed_to?(:manage_public_queries, @project) || User.current.admin?
-    @query.build_from_params(params)
+    
+    @query.add_filters(params[:fields] || params[:f], params[:operators] || params[:op], params[:values] || params[:v]) if params[:fields] || params[:f]
+    @query.group_by ||= params[:group_by]
+    @query.column_names = params[:c] if params[:c]
    @query.column_names = nil if params[:default_columns]
-
-    if @query.save
+    
+    if request.post? && params[:confirm] && @query.save
      flash[:notice] = l(:notice_successful_create)
-      redirect_to _project_issues_path(@project, :query_id => @query)
-    else
-      render :action => 'new', :layout => !request.xhr?
+      redirect_to :controller => 'issues', :action => 'index', :project_id => @project, :query_id => @query
+      return
    end
+    render :layout => false if request.xhr?
  end
-
+  
  def edit
-  end
-
-  def update
-    @query.attributes = params[:query]
-    @query.project = nil if params[:query_is_for_all]
-    @query.is_public = false unless User.current.allowed_to?(:manage_public_queries, @project) || User.current.admin?
-    @query.build_from_params(params)
-    @query.column_names = nil if params[:default_columns]
-
-    if @query.save
-      flash[:notice] = l(:notice_successful_update)
-      redirect_to _project_issues_path(@project, :query_id => @query)
-    else
-      render :action => 'edit'
+    if request.post?
+      @query.filters = {}
+      @query.add_filters(params[:fields] || params[:f], params[:operators] || params[:op], params[:values] || params[:v]) if params[:fields] || params[:f]
+      @query.attributes = params[:query]
+      @query.project = nil if params[:query_is_for_all]
+      @query.is_public = false unless User.current.allowed_to?(:manage_public_queries, @project) || User.current.admin?
+      @query.group_by ||= params[:group_by]
+      @query.column_names = params[:c] if params[:c]
+      @query.column_names = nil if params[:default_columns]
+      
+      if @query.save
+        flash[:notice] = l(:notice_successful_update)
+        redirect_to :controller => 'issues', :action => 'index', :project_id => @project, :query_id => @query
+      end
    end
  end

  def destroy
-    @query.destroy
-    redirect_to _project_issues_path(@project, :set_filter => 1)
+    @query.destroy if request.post?
+    redirect_to :controller => 'issues', :action => 'index', :project_id => @project, :set_filter => 1
  end
-
+  
 private
  def find_query
-    @query = IssueQuery.find(params[:id])
+    @query = Query.find(params[:id])
    @project = @query.project
    render_403 unless @query.editable_by?(User.current)
  rescue ActiveRecord::RecordNotFound
    render_404
  end
-
+  
  def find_optional_project
    @project = Project.find(params[:project_id]) if params[:project_id]
    render_403 unless User.current.allowed_to?(:save_queries, @project, :global => true)
--- a/app/controllers/reports_controller.rb
+++ b/app/controllers/reports_controller.rb
@@ -1,16 +1,16 @@
-# Redmine - project management software
-# Copyright (C) 2006-2013  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
@@ -22,10 +22,10 @@ class ReportsController < ApplicationController
  def issue_report
    @trackers = @project.trackers
    @versions = @project.shared_versions.sort
-    @priorities = IssuePriority.all.reverse
+    @priorities = IssuePriority.all
    @categories = @project.issue_categories
-    @assignees = (Setting.issue_group_assignment? ? @project.principals : @project.users).sort
-    @authors = @project.users.sort
+    @assignees = @project.members.collect { |m| m.user }.sort
+    @authors = @project.members.collect { |m| m.user }.sort
    @subprojects = @project.descendants.visible

    @issues_by_tracker = Issue.by_tracker(@project)
@@ -37,7 +37,7 @@ class ReportsController < ApplicationController
    @issues_by_subproject = Issue.by_subproject(@project) || []

    render :template => "reports/issue_report"
-  end
+  end  

  def issue_report_details
    case params[:detail]
@@ -53,7 +53,7 @@ class ReportsController < ApplicationController
      @report_title = l(:field_version)
    when "priority"
      @field = "priority_id"
-      @rows = IssuePriority.all.reverse
+      @rows = IssuePriority.all
      @data = Issue.by_priority(@project)
      @report_title = l(:field_priority)
    when "category"
@@ -63,12 +63,12 @@ class ReportsController < ApplicationController
      @report_title = l(:field_category)
    when "assigned_to"
      @field = "assigned_to_id"
-      @rows = (Setting.issue_group_assignment? ? @project.principals : @project.users).sort
+      @rows = @project.members.collect { |m| m.user }.sort
      @data = Issue.by_assigned_to(@project)
      @report_title = l(:field_assigned_to)
    when "author"
      @field = "author_id"
-      @rows = @project.users.sort
+      @rows = @project.members.collect { |m| m.user }.sort
      @data = Issue.by_author(@project)
      @report_title = l(:field_author)
    when "subproject"
@@ -90,6 +90,6 @@ class ReportsController < ApplicationController
  private

  def find_issue_statuses
-    @statuses = IssueStatus.sorted.all
+    @statuses = IssueStatus.find(:all, :order => 'position')
  end
 end
--- a/app/controllers/repositories_controller.rb
+++ b/app/controllers/repositories_controller.rb
@@ -1,5 +1,5 @@
 # Redmine - project management software
-# Copyright (C) 2006-2013  Jean-Philippe Lang
+# Copyright (C) 2006-2011  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
@@ -18,77 +18,52 @@
 require 'SVG/Graph/Bar'
 require 'SVG/Graph/BarHorizontal'
 require 'digest/sha1'
-require 'redmine/scm/adapters/abstract_adapter'

 class ChangesetNotFound < Exception; end
 class InvalidRevisionParam < Exception; end

 class RepositoriesController < ApplicationController
  menu_item :repository
-  menu_item :settings, :only => [:new, :create, :edit, :update, :destroy, :committers]
+  menu_item :settings, :only => :edit
  default_search_scope :changesets

-  before_filter :find_project_by_project_id, :only => [:new, :create]
-  before_filter :find_repository, :only => [:edit, :update, :destroy, :committers]
-  before_filter :find_project_repository, :except => [:new, :create, :edit, :update, :destroy, :committers]
-  before_filter :find_changeset, :only => [:revision, :add_related_issue, :remove_related_issue]
+  before_filter :find_repository, :except => :edit
+  before_filter :find_project, :only => :edit
  before_filter :authorize
  accept_rss_auth :revisions

  rescue_from Redmine::Scm::Adapters::CommandFailed, :with => :show_error_command_failed

-  def new
-    scm = params[:repository_scm] || (Redmine::Scm::Base.all & Setting.enabled_scm).first
-    @repository = Repository.factory(scm)
-    @repository.is_default = @project.repository.nil?
-    @repository.project = @project
-  end
-
-  def create
-    attrs = pickup_extra_info
-    @repository = Repository.factory(params[:repository_scm])
-    @repository.safe_attributes = params[:repository]
-    if attrs[:attrs_extra].keys.any?
-      @repository.merge_extra_info(attrs[:attrs_extra])
-    end
-    @repository.project = @project
-    if request.post? && @repository.save
-      redirect_to settings_project_path(@project, :tab => 'repositories')
-    else
-      render :action => 'new'
-    end
-  end
-
  def edit
-  end
-
-  def update
-    attrs = pickup_extra_info
-    @repository.safe_attributes = attrs[:attrs]
-    if attrs[:attrs_extra].keys.any?
-      @repository.merge_extra_info(attrs[:attrs_extra])
+    @repository = @project.repository
+    if !@repository && !params[:repository_scm].blank?
+      @repository = Repository.factory(params[:repository_scm])
+      @repository.project = @project if @repository
    end
-    @repository.project = @project
-    if request.put? && @repository.save
-      redirect_to settings_project_path(@project, :tab => 'repositories')
-    else
-      render :action => 'edit'
+    if request.post? && @repository
+      p1 = params[:repository]
+      p       = {}
+      p_extra = {}
+      p1.each do |k, v|
+        if k =~ /^extra_/
+          p_extra[k] = v
+        else
+          p[k] = v
+        end
+      end
+      @repository.attributes = p
+      @repository.merge_extra_info(p_extra)
+      @repository.save
    end
-  end
-
-  def pickup_extra_info
-    p       = {}
-    p_extra = {}
-    params[:repository].each do |k, v|
-      if k =~ /^extra_/
-        p_extra[k] = v
-      else
-        p[k] = v
+    render(:update) do |page|
+      page.replace_html "tab-content-repository",
+                        :partial => 'projects/settings/repository'
+      if @repository && !@project.repository
+        @project.reload # needed to reload association
+        page.replace_html "main-menu", render_main_menu(@project)
      end
    end
-    {:attrs => p, :attrs_extra => p_extra}
  end
-  private :pickup_extra_info

  def committers
    @committers = @repository.committers
@@ -101,13 +76,16 @@ class RepositoriesController < ApplicationController
      # Build a hash with repository usernames as keys and corresponding user ids as values
      @repository.committer_ids = params[:committers].values.inject({}) {|h, c| h[c.first] = c.last; h}
      flash[:notice] = l(:notice_successful_update)
-      redirect_to settings_project_path(@project, :tab => 'repositories')
+      redirect_to :action => 'committers', :id => @project
    end
  end

  def destroy
-    @repository.destroy if request.delete?
-    redirect_to settings_project_path(@project, :tab => 'repositories')
+    @repository.destroy
+    redirect_to :controller => 'projects',
+                :action     => 'settings',
+                :id         => @project,
+                :tab        => 'repository'
  end

  def show
@@ -121,7 +99,6 @@ class RepositoriesController < ApplicationController
      (show_error_not_found; return) unless @entries
      @changesets = @repository.latest_changesets(@path, @rev)
      @properties = @repository.properties(@path, @rev)
-      @repositories = @project.repositories
      render :action => 'show'
    end
  end
@@ -138,14 +115,13 @@ class RepositoriesController < ApplicationController

  def revisions
    @changeset_count = @repository.changesets.count
-    @changeset_pages = Paginator.new @changeset_count,
+    @changeset_pages = Paginator.new self, @changeset_count,
                                     per_page_option,
                                     params['page']
-    @changesets = @repository.changesets.
-      limit(@changeset_pages.per_page).
-      offset(@changeset_pages.offset).
-      includes(:user, :repository, :parents).
-      all
+    @changesets = @repository.changesets.find(:all,
+                       :limit  =>  @changeset_pages.items_per_page,
+                       :offset =>  @changeset_pages.current.offset,
+                       :include => [:user, :repository])

    respond_to do |format|
      format.html { render :layout => false if request.xhr? }
@@ -153,15 +129,7 @@ class RepositoriesController < ApplicationController
    end
  end

-  def raw
-    entry_and_raw(true)
-  end
-
  def entry
-    entry_and_raw(false)
-  end
-
-  def entry_and_raw(is_raw)
    @entry = @repository.entry(@path, @rev)
    (show_error_not_found; return) unless @entry

@@ -170,14 +138,13 @@ class RepositoriesController < ApplicationController

    @content = @repository.cat(@path, @rev)
    (show_error_not_found; return) unless @content
-    if is_raw ||
+    if 'raw' == params[:format] ||
         (@content.size && @content.size > Setting.file_max_size_displayed.to_i.kilobyte) ||
         ! is_entry_text_data?(@content, @path)
      # Force the download
      send_opt = { :filename => filename_for_content_disposition(@path.split('/').last) }
      send_type = Redmine::MimeType.of(@path)
      send_opt[:type] = send_type.to_s if send_type
-      send_opt[:disposition] = (Redmine::MimeType.is_type?('image', @path) && !is_raw ? 'inline' : 'attachment')
      send_data @content, send_opt
    else
      # Prevent empty lines when displaying a file with Windows style eol
@@ -187,7 +154,6 @@ class RepositoriesController < ApplicationController
      @changeset = @repository.find_changeset_by_name(@rev)
    end
  end
-  private :entry_and_raw

  def is_entry_text_data?(ent, path)
    # UTF-16 contains "\x00".
@@ -206,46 +172,21 @@ class RepositoriesController < ApplicationController
    (show_error_not_found; return) unless @entry

    @annotate = @repository.scm.annotate(@path, @rev)
-    if @annotate.nil? || @annotate.empty?
-      (render_error l(:error_scm_annotate); return)
-    end
-    ann_buf_size = 0
-    @annotate.lines.each do |buf|
-      ann_buf_size += buf.size
-    end
-    if ann_buf_size > Setting.file_max_size_displayed.to_i.kilobyte
-      (render_error l(:error_scm_annotate_big_text_file); return)
-    end
+    (render_error l(:error_scm_annotate); return) if @annotate.nil? || @annotate.empty?
    @changeset = @repository.find_changeset_by_name(@rev)
  end

  def revision
+    raise ChangesetNotFound if @rev.blank?
+    @changeset = @repository.find_changeset_by_name(@rev)
+    raise ChangesetNotFound unless @changeset
+
    respond_to do |format|
      format.html
      format.js {render :layout => false}
    end
-  end
-
-  # Adds a related issue to a changeset
-  # POST /projects/:project_id/repository/(:repository_id/)revisions/:rev/issues
-  def add_related_issue
-    @issue = @changeset.find_referenced_issue_by_id(params[:issue_id])
-    if @issue && (!@issue.visible? || @changeset.issues.include?(@issue))
-      @issue = nil
-    end
-
-    if @issue
-      @changeset.issues << @issue
-    end
-  end
-
-  # Removes a related issue from a changeset
-  # DELETE /projects/:project_id/repository/(:repository_id/)revisions/:rev/issues/:issue_id
-  def remove_related_issue
-    @issue = Issue.visible.find_by_id(params[:issue_id])
-    if @issue
-      @changeset.issues.delete(@issue)
-    end
+  rescue ChangesetNotFound
+    show_error_not_found
  end

  def diff
@@ -266,7 +207,7 @@ class RepositoriesController < ApplicationController
        User.current.pref[:diff_type] = @diff_type
        User.current.preference.save
      end
-      @cache_key = "repositories/diff/#{@repository.id}/" +
+      @cache_key = "repositories/diff/#{@repository.id}/" + 
                      Digest::MD5.hexdigest("#{@path}-#{@rev}-#{@rev_to}-#{@diff_type}-#{current_language}")
      unless read_fragment(@cache_key)
        @diff = @repository.diff(@path, @rev, @rev_to)
@@ -300,25 +241,15 @@ class RepositoriesController < ApplicationController

  private

-  def find_repository
-    @repository = Repository.find(params[:id])
-    @project = @repository.project
-  rescue ActiveRecord::RecordNotFound
-    render_404
-  end
-
  REV_PARAM_RE = %r{\A[a-f0-9]*\Z}i

-  def find_project_repository
+  def find_repository
    @project = Project.find(params[:id])
-    if params[:repository_id].present?
-      @repository = @project.repositories.find_by_identifier_param(params[:repository_id])
-    else
-      @repository = @project.repository
-    end
+    @repository = @project.repository
    (render_404; return false) unless @repository
-    @path = params[:path].is_a?(Array) ? params[:path].join('/') : params[:path].to_s
-    @rev = params[:rev].blank? ? @repository.default_branch : params[:rev].to_s.strip
+    @path = params[:path].join('/') unless params[:path].nil?
+    @path ||= ''
+    @rev = params[:rev].blank? ? @repository.default_branch : params[:rev].strip
    @rev_to = params[:rev_to]

    unless @rev.to_s.match(REV_PARAM_RE) && @rev_to.to_s.match(REV_PARAM_RE)
@@ -332,13 +263,6 @@ class RepositoriesController < ApplicationController
    show_error_not_found
  end

-  def find_changeset
-    if @rev.present?
-      @changeset = @repository.find_changeset_by_name(@rev)
-    end
-    show_error_not_found unless @changeset
-  end
-
  def show_error_not_found
    render_error :message => l(:error_scm_not_found), :status => 404
  end
@@ -352,17 +276,17 @@ class RepositoriesController < ApplicationController
    @date_to = Date.today
    @date_from = @date_to << 11
    @date_from = Date.civil(@date_from.year, @date_from.month, 1)
-    commits_by_day = Changeset.count(
+    commits_by_day = repository.changesets.count(
                          :all, :group => :commit_date,
-                          :conditions => ["repository_id = ? AND commit_date BETWEEN ? AND ?", repository.id, @date_from, @date_to])
+                          :conditions => ["commit_date BETWEEN ? AND ?", @date_from, @date_to])
    commits_by_month = [0] * 12
-    commits_by_day.each {|c| commits_by_month[(@date_to.month - c.first.to_date.month) % 12] += c.last }
+    commits_by_day.each {|c| commits_by_month[c.first.to_date.months_ago] += c.last }

-    changes_by_day = Change.count(
-                          :all, :group => :commit_date, :include => :changeset,
-                          :conditions => ["#{Changeset.table_name}.repository_id = ? AND #{Changeset.table_name}.commit_date BETWEEN ? AND ?", repository.id, @date_from, @date_to])
+    changes_by_day = repository.changes.count(
+                          :all, :group => :commit_date,
+                          :conditions => ["commit_date BETWEEN ? AND ?", @date_from, @date_to])
    changes_by_month = [0] * 12
-    changes_by_day.each {|c| changes_by_month[(@date_to.month - c.first.to_date.month) % 12] += c.last }
+    changes_by_day.each {|c| changes_by_month[c.first.to_date.months_ago] += c.last }

    fields = []
    12.times {|m| fields << month_name(((Date.today.month - 1 - m) % 12) + 1)}
@@ -393,10 +317,10 @@ class RepositoriesController < ApplicationController
  end

  def graph_commits_per_author(repository)
-    commits_by_author = Changeset.count(:all, :group => :committer, :conditions => ["repository_id = ?", repository.id])
+    commits_by_author = repository.changesets.count(:all, :group => :committer)
    commits_by_author.to_a.sort! {|x, y| x.last <=> y.last}

-    changes_by_author = Change.count(:all, :group => :committer, :include => :changeset, :conditions => ["#{Changeset.table_name}.repository_id = ?", repository.id])
+    changes_by_author = repository.changes.count(:all, :group => :committer)
    h = changes_by_author.inject({}) {|o, i| o[i.first] = i.last; o}

    fields = commits_by_author.collect {|r| r.first}
@@ -432,3 +356,19 @@ class RepositoriesController < ApplicationController
    graph.burn
  end
 end
+
+class Date
+  def months_ago(date = Date.today)
+    (date.year - self.year)*12 + (date.month - self.month)
+  end
+
+  def weeks_ago(date = Date.today)
+    (date.year - self.year)*52 + (date.cweek - self.cweek)
+  end
+end
+
+class String
+  def with_leading_slash
+    starts_with?('/') ? self : "/#{self}"
+  end
+end
--- a/app/controllers/roles_controller.rb
+++ b/app/controllers/roles_controller.rb
@@ -1,92 +1,70 @@
-# Redmine - project management software
-# Copyright (C) 2006-2013  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 class RolesController < ApplicationController
  layout 'admin'
+  
+  before_filter :require_admin

-  before_filter :require_admin, :except => [:index, :show]
-  before_filter :require_admin_or_api_request, :only => [:index, :show]
-  before_filter :find_role, :only => [:show, :edit, :update, :destroy]
-  accept_api_auth :index, :show
+  verify :method => :post, :only => [ :destroy, :move ],
+         :redirect_to => { :action => :index }

  def index
-    respond_to do |format|
-      format.html {
-        @role_pages, @roles = paginate Role.sorted, :per_page => 25
-        render :action => "index", :layout => false if request.xhr?
-      }
-      format.api {
-        @roles = Role.givable.all
-      }
-    end
-  end
-
-  def show
-    respond_to do |format|
-      format.api
-    end
+    @role_pages, @roles = paginate :roles, :per_page => 25, :order => 'builtin, position'
+    render :action => "index", :layout => false if request.xhr?
  end

  def new
-    # Prefills the form with 'Non member' role permissions by default
+    # Prefills the form with 'Non member' role permissions
    @role = Role.new(params[:role] || {:permissions => Role.non_member.permissions})
-    if params[:copy].present? && @copy_from = Role.find_by_id(params[:copy])
-      @role.copy_from(@copy_from)
-    end
-    @roles = Role.sorted.all
-  end
-
-  def create
-    @role = Role.new(params[:role])
    if request.post? && @role.save
      # workflow copy
      if !params[:copy_workflow_from].blank? && (copy_from = Role.find_by_id(params[:copy_workflow_from]))
-        @role.workflow_rules.copy(copy_from)
+        @role.workflows.copy(copy_from)
      end
      flash[:notice] = l(:notice_successful_create)
-      redirect_to roles_path
+      redirect_to :action => 'index'
    else
-      @roles = Role.sorted.all
-      render :action => 'new'
+      @permissions = @role.setable_permissions
+      @roles = Role.find :all, :order => 'builtin, position'
    end
  end

  def edit
-  end
-
-  def update
-    if request.put? and @role.update_attributes(params[:role])
+    @role = Role.find(params[:id])
+    if request.post? and @role.update_attributes(params[:role])
      flash[:notice] = l(:notice_successful_update)
-      redirect_to roles_path
+      redirect_to :action => 'index'
    else
-      render :action => 'edit'
+      @permissions = @role.setable_permissions  
    end
  end

  def destroy
+    @role = Role.find(params[:id])
    @role.destroy
-    redirect_to roles_path
+    redirect_to :action => 'index'
  rescue
    flash[:error] =  l(:error_can_not_remove_role)
-    redirect_to roles_path
+    redirect_to :action => 'index'
  end
-
-  def permissions
-    @roles = Role.sorted.all
+  
+  def report    
+    @roles = Role.find(:all, :order => 'builtin, position')
    @permissions = Redmine::AccessControl.permissions.select { |p| !p.public? }
    if request.post?
      @roles.each do |role|
@@ -94,15 +72,7 @@ class RolesController < ApplicationController
        role.save
      end
      flash[:notice] = l(:notice_successful_update)
-      redirect_to roles_path
+      redirect_to :action => 'index'
    end
  end
-
-  private
-
-  def find_role
-    @role = Role.find(params[:id])
-  rescue ActiveRecord::RecordNotFound
-    render_404
-  end
 end
--- a/app/controllers/search_controller.rb
+++ b/app/controllers/search_controller.rb
@@ -1,16 +1,16 @@
 # Redmine - project management software
-# Copyright (C) 2006-2013  Jean-Philippe Lang
+# Copyright (C) 2006-2011  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
@@ -18,12 +18,15 @@
 class SearchController < ApplicationController
  before_filter :find_optional_project

+  helper :messages
+  include MessagesHelper
+
  def index
    @question = params[:q] || ""
    @question.strip!
    @all_words = params[:all_words] ? params[:all_words].present? : true
    @titles_only = params[:titles_only] ? params[:titles_only].present? : false
-
+    
    projects_to_search =
      case params[:scope]
      when 'all'
@@ -31,20 +34,20 @@ class SearchController < ApplicationController
      when 'my_projects'
        User.current.memberships.collect(&:project)
      when 'subprojects'
-        @project ? (@project.self_and_descendants.active.all) : nil
+        @project ? (@project.self_and_descendants.active) : nil
      else
        @project
      end
-
+          
    offset = nil
    begin; offset = params[:offset].to_time if params[:offset]; rescue; end
-
+    
    # quick jump to an issue
-    if (m = @question.match(/^#?(\d+)$/)) && (issue = Issue.visible.find_by_id(m[1].to_i))
-      redirect_to issue_path(issue)
+    if @question.match(/^#?(\d+)$/) && Issue.visible.find_by_id($1.to_i)
+      redirect_to :controller => "issues", :action => "show", :id => $1
      return
    end
-
+    
    @object_types = Redmine::Search.available_search_types.dup
    if projects_to_search.is_a? Project
      # don't search projects
@@ -52,23 +55,23 @@ class SearchController < ApplicationController
      # only show what the user is allowed to view
      @object_types = @object_types.select {|o| User.current.allowed_to?("view_#{o}".to_sym, projects_to_search)}
    end
-
+      
    @scope = @object_types.select {|t| params[t]}
    @scope = @object_types if @scope.empty?
-
+    
    # extract tokens from the question
    # eg. hello "bye bye" => ["hello", "bye bye"]
    @tokens = @question.scan(%r{((\s|^)"[\s\w]+"(\s|$)|\S+)}).collect {|m| m.first.gsub(%r{(^\s*"\s*|\s*"\s*$)}, '')}
    # tokens must be at least 2 characters long
    @tokens = @tokens.uniq.select {|w| w.length > 1 }
-
+    
    if !@tokens.empty?
      # no more than 5 tokens to search for
-      @tokens.slice! 5..-1 if @tokens.size > 5
-
+      @tokens.slice! 5..-1 if @tokens.size > 5  
+      
      @results = []
      @results_by_type = Hash.new {|h,k| h[k] = 0}
-
+      
      limit = 10
      @scope.each do |s|
        r, c = s.singularize.camelcase.constantize.search(@tokens, projects_to_search,
@@ -84,13 +87,13 @@ class SearchController < ApplicationController
      if params[:previous].nil?
        @pagination_previous_date = @results[0].event_datetime if offset && @results[0]
        if @results.size > limit
-          @pagination_next_date = @results[limit-1].event_datetime
+          @pagination_next_date = @results[limit-1].event_datetime 
          @results = @results[0, limit]
        end
      else
        @pagination_next_date = @results[-1].event_datetime if offset && @results[-1]
        if @results.size > limit
-          @pagination_previous_date = @results[-(limit)].event_datetime
+          @pagination_previous_date = @results[-(limit)].event_datetime 
          @results = @results[-(limit), limit]
        end
      end
@@ -100,7 +103,7 @@ class SearchController < ApplicationController
    render :layout => false if request.xhr?
  end

-private
+private  
  def find_optional_project
    return true unless params[:id]
    @project = Project.find(params[:id])
--- a/app/controllers/settings_controller.rb
+++ b/app/controllers/settings_controller.rb
@@ -1,5 +1,5 @@
 # Redmine - project management software
-# Copyright (C) 2006-2013  Jean-Philippe Lang
+# Copyright (C) 2006-2011  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
@@ -17,9 +17,6 @@

 class SettingsController < ApplicationController
  layout 'admin'
-  menu_item :plugins, :only => :plugin
-
-  helper :queries

  before_filter :require_admin

@@ -38,11 +35,10 @@ class SettingsController < ApplicationController
        Setting[name] = value
      end
      flash[:notice] = l(:notice_successful_update)
-      redirect_to settings_path(:tab => params[:tab])
+      redirect_to :action => 'edit', :tab => params[:tab]
    else
      @options = {}
-      user_format = User::USER_FORMATS.collect{|key, value| [key, value[:setting_order]]}.sort{|a, b| a[1] <=> b[1]}
-      @options[:user_format] = user_format.collect{|f| [User.current.name(f[0]), f[0].to_s]}
+      @options[:user_format] = User::USER_FORMATS.keys.collect {|f| [User.current.name(f), f.to_s] }
      @deliveries = ActionMailer::Base.perform_deliveries

      @guessed_host_and_path = request.host_with_port.dup
@@ -54,18 +50,13 @@ class SettingsController < ApplicationController

  def plugin
    @plugin = Redmine::Plugin.find(params[:id])
-    unless @plugin.configurable?
-      render_404
-      return
-    end
-
    if request.post?
-      Setting.send "plugin_#{@plugin.id}=", params[:settings]
+      Setting["plugin_#{@plugin.id}"] = params[:settings]
      flash[:notice] = l(:notice_successful_update)
-      redirect_to plugin_settings_path(@plugin)
+      redirect_to :action => 'plugin', :id => @plugin.id
    else
      @partial = @plugin.settings[:partial]
-      @settings = Setting.send "plugin_#{@plugin.id}"
+      @settings = Setting["plugin_#{@plugin.id}"]
    end
  rescue Redmine::PluginNotFound
    render_404
--- a/app/controllers/sys_controller.rb
+++ b/app/controllers/sys_controller.rb
@@ -1,70 +1,53 @@
 # Redmine - project management software
-# Copyright (C) 2006-2013  Jean-Philippe Lang
+# Copyright (C) 2006-2009  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 class SysController < ActionController::Base
  before_filter :check_enabled
-
+  
  def projects
-    p = Project.active.has_module(:repository).find(
-                   :all,
-                   :include => :repository,
-                   :order => "#{Project.table_name}.identifier"
-                 )
-    # extra_info attribute from repository breaks activeresource client
-    render :xml => p.to_xml(
-                       :only => [:id, :identifier, :name, :is_public, :status],
-                       :include => {:repository => {:only => [:id, :url]}}
-                     )
+    p = Project.active.has_module(:repository).find(:all, :include => :repository, :order => 'identifier')
+    render :xml => p.to_xml(:include => :repository)
  end
-
+  
  def create_project_repository
    project = Project.find(params[:id])
    if project.repository
      render :nothing => true, :status => 409
    else
      logger.info "Repository for #{project.name} was reported to be created by #{request.remote_ip}."
-      repository = Repository.factory(params[:vendor], params[:repository])
-      repository.project = project
-      if repository.save
-        render :xml => {repository.class.name.underscore.gsub('/', '-') => {:id => repository.id, :url => repository.url}}, :status => 201
+      project.repository = Repository.factory(params[:vendor], params[:repository])
+      if project.repository && project.repository.save
+        render :xml => project.repository, :status => 201
      else
        render :nothing => true, :status => 422
      end
    end
  end
-
+  
  def fetch_changesets
    projects = []
-    scope = Project.active.has_module(:repository)
    if params[:id]
-      project = nil
-      if params[:id].to_s =~ /^\d*$/
-        project = scope.find(params[:id])
-      else
-        project = scope.find_by_identifier(params[:id])
-      end
-      raise ActiveRecord::RecordNotFound unless project
-      projects << project
+      projects << Project.active.has_module(:repository).find(params[:id])
    else
-      projects = scope.all
+      projects = Project.active.has_module(:repository).find(:all, :include => :repository)
    end
    projects.each do |project|
-      project.repositories.each do |repository|
-        repository.fetch_changesets
+      if project.repository
+        project.repository.fetch_changesets
      end
    end
    render :nothing => true, :status => 200
--- a/app/controllers/time_entry_reports_controller.rb
+++ b/app/controllers/time_entry_reports_controller.rb
@@ -0,0 +1,209 @@
+class TimeEntryReportsController < ApplicationController
+  menu_item :issues
+  before_filter :find_optional_project
+  before_filter :load_available_criterias
+
+  helper :sort
+  include SortHelper
+  helper :issues
+  helper :timelog
+  include TimelogHelper
+  helper :custom_fields
+  include CustomFieldsHelper
+
+  def report
+    @criterias = params[:criterias] || []
+    @criterias = @criterias.select{|criteria| @available_criterias.has_key? criteria}
+    @criterias.uniq!
+    @criterias = @criterias[0,3]
+    
+    @columns = (params[:columns] && %w(year month week day).include?(params[:columns])) ? params[:columns] : 'month'
+    
+    retrieve_date_range
+    
+    unless @criterias.empty?
+      sql_select = @criterias.collect{|criteria| @available_criterias[criteria][:sql] + " AS " + criteria}.join(', ')
+      sql_group_by = @criterias.collect{|criteria| @available_criterias[criteria][:sql]}.join(', ')
+      sql_condition = ''
+      
+      if @project.nil?
+        sql_condition = Project.allowed_to_condition(User.current, :view_time_entries)
+      elsif @issue.nil?
+        sql_condition = @project.project_condition(Setting.display_subprojects_issues?)
+      else
+        sql_condition = "#{Issue.table_name}.root_id = #{@issue.root_id} AND #{Issue.table_name}.lft >= #{@issue.lft} AND #{Issue.table_name}.rgt <= #{@issue.rgt}"
+      end
+
+      sql = "SELECT #{sql_select}, tyear, tmonth, tweek, spent_on, SUM(hours) AS hours"
+      sql << " FROM #{TimeEntry.table_name}"
+      sql << time_report_joins
+      sql << " WHERE"
+      sql << " (%s) AND" % sql_condition
+      sql << " (spent_on BETWEEN '%s' AND '%s')" % [ActiveRecord::Base.connection.quoted_date(@from), ActiveRecord::Base.connection.quoted_date(@to)]
+      sql << " GROUP BY #{sql_group_by}, tyear, tmonth, tweek, spent_on"
+      
+      @hours = ActiveRecord::Base.connection.select_all(sql)
+      
+      @hours.each do |row|
+        case @columns
+        when 'year'
+          row['year'] = row['tyear']
+        when 'month'
+          row['month'] = "#{row['tyear']}-#{row['tmonth']}"
+        when 'week'
+          row['week'] = "#{row['tyear']}-#{row['tweek']}"
+        when 'day'
+          row['day'] = "#{row['spent_on']}"
+        end
+      end
+      
+      @total_hours = @hours.inject(0) {|s,k| s = s + k['hours'].to_f}
+      
+      @periods = []
+      # Date#at_beginning_of_ not supported in Rails 1.2.x
+      date_from = @from.to_time
+      # 100 columns max
+      while date_from <= @to.to_time && @periods.length < 100
+        case @columns
+        when 'year'
+          @periods << "#{date_from.year}"
+          date_from = (date_from + 1.year).at_beginning_of_year
+        when 'month'
+          @periods << "#{date_from.year}-#{date_from.month}"
+          date_from = (date_from + 1.month).at_beginning_of_month
+        when 'week'
+          @periods << "#{date_from.year}-#{date_from.to_date.cweek}"
+          date_from = (date_from + 7.day).at_beginning_of_week
+        when 'day'
+          @periods << "#{date_from.to_date}"
+          date_from = date_from + 1.day
+        end
+      end
+    end
+    
+    respond_to do |format|
+      format.html { render :layout => !request.xhr? }
+      format.csv  { send_data(report_to_csv(@criterias, @periods, @hours), :type => 'text/csv; header=present', :filename => 'timelog.csv') }
+    end
+  end
+  
+  private
+
+  # TODO: duplicated in TimelogController
+  def find_optional_project
+    if !params[:issue_id].blank?
+      @issue = Issue.find(params[:issue_id])
+      @project = @issue.project
+    elsif !params[:project_id].blank?
+      @project = Project.find(params[:project_id])
+    end
+    deny_access unless User.current.allowed_to?(:view_time_entries, @project, :global => true)
+  end
+
+  # Retrieves the date range based on predefined ranges or specific from/to param dates
+  # TODO: duplicated in TimelogController
+  def retrieve_date_range
+    @free_period = false
+    @from, @to = nil, nil
+
+    if params[:period_type] == '1' || (params[:period_type].nil? && !params[:period].nil?)
+      case params[:period].to_s
+      when 'today'
+        @from = @to = Date.today
+      when 'yesterday'
+        @from = @to = Date.today - 1
+      when 'current_week'
+        @from = Date.today - (Date.today.cwday - 1)%7
+        @to = @from + 6
+      when 'last_week'
+        @from = Date.today - 7 - (Date.today.cwday - 1)%7
+        @to = @from + 6
+      when '7_days'
+        @from = Date.today - 7
+        @to = Date.today
+      when 'current_month'
+        @from = Date.civil(Date.today.year, Date.today.month, 1)
+        @to = (@from >> 1) - 1
+      when 'last_month'
+        @from = Date.civil(Date.today.year, Date.today.month, 1) << 1
+        @to = (@from >> 1) - 1
+      when '30_days'
+        @from = Date.today - 30
+        @to = Date.today
+      when 'current_year'
+        @from = Date.civil(Date.today.year, 1, 1)
+        @to = Date.civil(Date.today.year, 12, 31)
+      end
+    elsif params[:period_type] == '2' || (params[:period_type].nil? && (!params[:from].nil? || !params[:to].nil?))
+      begin; @from = params[:from].to_s.to_date unless params[:from].blank?; rescue; end
+      begin; @to = params[:to].to_s.to_date unless params[:to].blank?; rescue; end
+      @free_period = true
+    else
+      # default
+    end
+    
+    @from, @to = @to, @from if @from && @to && @from > @to
+    @from ||= (TimeEntry.earilest_date_for_project(@project) || Date.today)
+    @to   ||= (TimeEntry.latest_date_for_project(@project) || Date.today)
+  end
+
+  def load_available_criterias
+    @available_criterias = { 'project' => {:sql => "#{TimeEntry.table_name}.project_id",
+                                          :klass => Project,
+                                          :label => :label_project},
+                             'version' => {:sql => "#{Issue.table_name}.fixed_version_id",
+                                          :klass => Version,
+                                          :label => :label_version},
+                             'category' => {:sql => "#{Issue.table_name}.category_id",
+                                            :klass => IssueCategory,
+                                            :label => :field_category},
+                             'member' => {:sql => "#{TimeEntry.table_name}.user_id",
+                                         :klass => User,
+                                         :label => :label_member},
+                             'tracker' => {:sql => "#{Issue.table_name}.tracker_id",
+                                          :klass => Tracker,
+                                          :label => :label_tracker},
+                             'activity' => {:sql => "#{TimeEntry.table_name}.activity_id",
+                                           :klass => TimeEntryActivity,
+                                           :label => :label_activity},
+                             'issue' => {:sql => "#{TimeEntry.table_name}.issue_id",
+                                         :klass => Issue,
+                                         :label => :label_issue}
+                           }
+    
+    # Add list and boolean custom fields as available criterias
+    custom_fields = (@project.nil? ? IssueCustomField.for_all : @project.all_issue_custom_fields)
+    custom_fields.select {|cf| %w(list bool).include? cf.field_format }.each do |cf|
+      @available_criterias["cf_#{cf.id}"] = {:sql => "(SELECT c.value FROM #{CustomValue.table_name} c WHERE c.custom_field_id = #{cf.id} AND c.customized_type = 'Issue' AND c.customized_id = #{Issue.table_name}.id)",
+                                             :format => cf.field_format,
+                                             :label => cf.name}
+    end if @project
+    
+    # Add list and boolean time entry custom fields
+    TimeEntryCustomField.find(:all).select {|cf| %w(list bool).include? cf.field_format }.each do |cf|
+      @available_criterias["cf_#{cf.id}"] = {:sql => "(SELECT c.value FROM #{CustomValue.table_name} c WHERE c.custom_field_id = #{cf.id} AND c.customized_type = 'TimeEntry' AND c.customized_id = #{TimeEntry.table_name}.id)",
+                                             :format => cf.field_format,
+                                             :label => cf.name}
+    end
+
+    # Add list and boolean time entry activity custom fields
+    TimeEntryActivityCustomField.find(:all).select {|cf| %w(list bool).include? cf.field_format }.each do |cf|
+      @available_criterias["cf_#{cf.id}"] = {:sql => "(SELECT c.value FROM #{CustomValue.table_name} c WHERE c.custom_field_id = #{cf.id} AND c.customized_type = 'Enumeration' AND c.customized_id = #{TimeEntry.table_name}.activity_id)",
+                                             :format => cf.field_format,
+                                             :label => cf.name}
+    end
+
+    call_hook(:controller_timelog_available_criterias, { :available_criterias => @available_criterias, :project => @project })
+    @available_criterias
+  end
+
+  def time_report_joins
+    sql = ''
+    sql << " LEFT JOIN #{Issue.table_name} ON #{TimeEntry.table_name}.issue_id = #{Issue.table_name}.id"
+    sql << " LEFT JOIN #{Project.table_name} ON #{TimeEntry.table_name}.project_id = #{Project.table_name}.id"
+    # TODO: rename hook
+    call_hook(:controller_timelog_time_report_joins, {:sql => sql} )
+    sql
+  end
+
+end
--- a/app/controllers/timelog_controller.rb
+++ b/app/controllers/timelog_controller.rb
@@ -1,105 +1,100 @@
 # Redmine - project management software
-# Copyright (C) 2006-2013  Jean-Philippe Lang
+# Copyright (C) 2006-2011  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 class TimelogController < ApplicationController
  menu_item :issues
-
-  before_filter :find_project_for_new_time_entry, :only => [:create]
+  before_filter :find_project, :only => [:new, :create]
  before_filter :find_time_entry, :only => [:show, :edit, :update]
  before_filter :find_time_entries, :only => [:bulk_edit, :bulk_update, :destroy]
-  before_filter :authorize, :except => [:new, :index, :report]
-
-  before_filter :find_optional_project, :only => [:index, :report]
-  before_filter :find_optional_project_for_new_time_entry, :only => [:new]
-  before_filter :authorize_global, :only => [:new, :index, :report]
-
+  before_filter :authorize, :except => [:index]
+  before_filter :find_optional_project, :only => [:index]
  accept_rss_auth :index
  accept_api_auth :index, :show, :create, :update, :destroy
-
-  rescue_from Query::StatementInvalid, :with => :query_statement_invalid
-
+  
  helper :sort
  include SortHelper
  helper :issues
  include TimelogHelper
  helper :custom_fields
  include CustomFieldsHelper
-  helper :queries
-  include QueriesHelper
-
+  
  def index
-    @query = TimeEntryQuery.build_from_params(params, :project => @project, :name => '_')
-
-    sort_init(@query.sort_criteria.empty? ? [['spent_on', 'desc']] : @query.sort_criteria)
-    sort_update(@query.sortable_columns)
-    scope = time_entry_scope(:order => sort_clause)
+    sort_init 'spent_on', 'desc'
+    sort_update 'spent_on' => 'spent_on',
+                'user' => 'user_id',
+                'activity' => 'activity_id',
+                'project' => "#{Project.table_name}.name",
+                'issue' => 'issue_id',
+                'hours' => 'hours'
+    
+    cond = ARCondition.new
+    if @issue
+      cond << "#{Issue.table_name}.root_id = #{@issue.root_id} AND #{Issue.table_name}.lft >= #{@issue.lft} AND #{Issue.table_name}.rgt <= #{@issue.rgt}"
+    elsif @project
+      cond << @project.project_condition(Setting.display_subprojects_issues?)
+    end
+    
+    retrieve_date_range
+    cond << ['spent_on BETWEEN ? AND ?', @from, @to]

    respond_to do |format|
      format.html {
        # Paginate results
-        @entry_count = scope.count
-        @entry_pages = Paginator.new @entry_count, per_page_option, params['page']
-        @entries = scope.all(
-          :include => [:project, :activity, :user, {:issue => :tracker}],
-          :limit  =>  @entry_pages.per_page,
-          :offset =>  @entry_pages.offset
-        )
-        @total_hours = scope.sum(:hours).to_f
+        @entry_count = TimeEntry.visible.count(:include => [:project, :issue], :conditions => cond.conditions)
+        @entry_pages = Paginator.new self, @entry_count, per_page_option, params['page']
+        @entries = TimeEntry.visible.find(:all, 
+                                  :include => [:project, :activity, :user, {:issue => :tracker}],
+                                  :conditions => cond.conditions,
+                                  :order => sort_clause,
+                                  :limit  =>  @entry_pages.items_per_page,
+                                  :offset =>  @entry_pages.current.offset)
+        @total_hours = TimeEntry.visible.sum(:hours, :include => [:project, :issue], :conditions => cond.conditions).to_f

        render :layout => !request.xhr?
      }
      format.api  {
-        @entry_count = scope.count
+        @entry_count = TimeEntry.visible.count(:include => [:project, :issue], :conditions => cond.conditions)
        @offset, @limit = api_offset_and_limit
-        @entries = scope.all(
-          :include => [:project, :activity, :user, {:issue => :tracker}],
-          :limit  => @limit,
-          :offset => @offset
-        )
+        @entries = TimeEntry.visible.find(:all, 
+                                  :include => [:project, :activity, :user, {:issue => :tracker}],
+                                  :conditions => cond.conditions,
+                                  :order => sort_clause,
+                                  :limit  => @limit,
+                                  :offset => @offset)
      }
      format.atom {
-        entries = scope.reorder("#{TimeEntry.table_name}.created_on DESC").all(
-          :include => [:project, :activity, :user, {:issue => :tracker}],
-          :limit => Setting.feeds_limit.to_i
-        )
+        entries = TimeEntry.visible.find(:all,
+                                 :include => [:project, :activity, :user, {:issue => :tracker}],
+                                 :conditions => cond.conditions,
+                                 :order => "#{TimeEntry.table_name}.created_on DESC",
+                                 :limit => Setting.feeds_limit.to_i)
        render_feed(entries, :title => l(:label_spent_time))
      }
      format.csv {
        # Export all entries
-        @entries = scope.all(
-          :include => [:project, :activity, :user, {:issue => [:tracker, :assigned_to, :priority]}]
-        )
-        send_data(query_to_csv(@entries, @query, params), :type => 'text/csv; header=present', :filename => 'timelog.csv')
+        @entries = TimeEntry.visible.find(:all, 
+                                  :include => [:project, :activity, :user, {:issue => [:tracker, :assigned_to, :priority]}],
+                                  :conditions => cond.conditions,
+                                  :order => sort_clause)
+        send_data(entries_to_csv(@entries), :type => 'text/csv; header=present', :filename => 'timelog.csv')
      }
    end
  end
-
-  def report
-    @query = TimeEntryQuery.build_from_params(params, :project => @project, :name => '_')
-    scope = time_entry_scope
-
-    @report = Redmine::Helpers::TimeReport.new(@project, @issue, params[:criteria], params[:columns], scope)
-
-    respond_to do |format|
-      format.html { render :layout => !request.xhr? }
-      format.csv  { send_data(report_to_csv(@report), :type => 'text/csv; header=present', :filename => 'timelog.csv') }
-    end
-  end
-
+  
  def show
    respond_to do |format|
      # TODO: Implement html response
@@ -110,74 +105,61 @@ class TimelogController < ApplicationController

  def new
    @time_entry ||= TimeEntry.new(:project => @project, :issue => @issue, :user => User.current, :spent_on => User.current.today)
-    @time_entry.safe_attributes = params[:time_entry]
+    @time_entry.attributes = params[:time_entry]
+    
+    call_hook(:controller_timelog_edit_before_save, { :params => params, :time_entry => @time_entry })
+    render :action => 'edit'
  end

+  verify :method => :post, :only => :create, :render => {:nothing => true, :status => :method_not_allowed }
  def create
    @time_entry ||= TimeEntry.new(:project => @project, :issue => @issue, :user => User.current, :spent_on => User.current.today)
-    @time_entry.safe_attributes = params[:time_entry]
-
+    @time_entry.attributes = params[:time_entry]
+    
    call_hook(:controller_timelog_edit_before_save, { :params => params, :time_entry => @time_entry })
-
-    if @time_entry.save
-      respond_to do |format|
-        format.html {
-          flash[:notice] = l(:notice_successful_create)
-          if params[:continue]
-            if params[:project_id]
-              options = {
-                :time_entry => {:issue_id => @time_entry.issue_id, :activity_id => @time_entry.activity_id},
-                :back_url => params[:back_url]
-              }
-              if @time_entry.issue
-                redirect_to new_project_issue_time_entry_path(@time_entry.project, @time_entry.issue, options)
-              else
-                redirect_to new_project_time_entry_path(@time_entry.project, options)
-              end
-            else
-              options = {
-                :time_entry => {:project_id => @time_entry.project_id, :issue_id => @time_entry.issue_id, :activity_id => @time_entry.activity_id},
-                :back_url => params[:back_url]
-              }
-              redirect_to new_time_entry_path(options)
-            end
-          else
-            redirect_back_or_default project_time_entries_path(@time_entry.project)
-          end
-        }
-        format.api  { render :action => 'show', :status => :created, :location => time_entry_url(@time_entry) }
-      end
-    else
-      respond_to do |format|
-        format.html { render :action => 'new' }
-        format.api  { render_validation_errors(@time_entry) }
-      end
-    end
-  end
-
-  def edit
-    @time_entry.safe_attributes = params[:time_entry]
-  end
-
-  def update
-    @time_entry.safe_attributes = params[:time_entry]
-
-    call_hook(:controller_timelog_edit_before_save, { :params => params, :time_entry => @time_entry })
-
+    
    if @time_entry.save
      respond_to do |format|
        format.html {
          flash[:notice] = l(:notice_successful_update)
-          redirect_back_or_default project_time_entries_path(@time_entry.project)
+          redirect_back_or_default :action => 'index', :project_id => @time_entry.project
        }
-        format.api  { render_api_ok }
+        format.api  { render :action => 'show', :status => :created, :location => time_entry_url(@time_entry) }
      end
    else
      respond_to do |format|
        format.html { render :action => 'edit' }
        format.api  { render_validation_errors(@time_entry) }
      end
-    end
+    end    
+  end
+  
+  def edit
+    @time_entry.attributes = params[:time_entry]
+    
+    call_hook(:controller_timelog_edit_before_save, { :params => params, :time_entry => @time_entry })
+  end
+
+  verify :method => :put, :only => :update, :render => {:nothing => true, :status => :method_not_allowed }
+  def update
+    @time_entry.attributes = params[:time_entry]
+    
+    call_hook(:controller_timelog_edit_before_save, { :params => params, :time_entry => @time_entry })
+    
+    if @time_entry.save
+      respond_to do |format|
+        format.html {
+          flash[:notice] = l(:notice_successful_update)
+          redirect_back_or_default :action => 'index', :project_id => @time_entry.project
+        }
+        format.api  { head :ok }
+      end
+    else
+      respond_to do |format|
+        format.html { render :action => 'edit' }
+        format.api  { render_validation_errors(@time_entry) }
+      end
+    end    
  end

  def bulk_edit
@@ -191,7 +173,7 @@ class TimelogController < ApplicationController
    unsaved_time_entry_ids = []
    @time_entries.each do |time_entry|
      time_entry.reload
-      time_entry.safe_attributes = attributes
+      time_entry.attributes = attributes
      call_hook(:controller_time_entries_bulk_edit_before_save, { :params => params, :time_entry => time_entry })
      unless time_entry.save
        # Keep unsaved time_entry ids to display them in flash error
@@ -199,34 +181,35 @@ class TimelogController < ApplicationController
      end
    end
    set_flash_from_bulk_time_entry_save(@time_entries, unsaved_time_entry_ids)
-    redirect_back_or_default project_time_entries_path(@projects.first)
+    redirect_back_or_default({:controller => 'timelog', :action => 'index', :project_id => @projects.first})
  end

+  verify :method => :delete, :only => :destroy, :render => {:nothing => true, :status => :method_not_allowed }
  def destroy
-    destroyed = TimeEntry.transaction do
-      @time_entries.each do |t|
+    @time_entries.each do |t| 
+      begin
        unless t.destroy && t.destroyed?
-          raise ActiveRecord::Rollback
+          respond_to do |format|
+            format.html {
+              flash[:error] = l(:notice_unable_delete_time_entry)
+              redirect_to :back
+            }
+            format.api  { render_validation_errors(t) }
+          end
+          return
        end
+      rescue ::ActionController::RedirectBackError
+        redirect_to :action => 'index', :project_id => @projects.first
+        return
      end
    end

    respond_to do |format|
      format.html {
-        if destroyed
-          flash[:notice] = l(:notice_successful_delete)
-        else
-          flash[:error] = l(:notice_unable_delete_time_entry)
-        end
-        redirect_back_or_default project_time_entries_path(@projects.first)
-      }
-      format.api  {
-        if destroyed
-          render_api_ok
-        else
-          render_validation_errors(@time_entries)
-        end
+        flash[:notice] = l(:notice_successful_delete)
+        redirect_back_or_default(:action => 'index', :project_id => @projects.first)
      }
+      format.api  { head :ok }
    end
  end

@@ -262,25 +245,20 @@ private
    end
  end

-  def find_optional_project_for_new_time_entry
-    if (project_id = (params[:project_id] || params[:time_entry] && params[:time_entry][:project_id])).present?
-      @project = Project.find(project_id)
-    end
+  def find_project
    if (issue_id = (params[:issue_id] || params[:time_entry] && params[:time_entry][:issue_id])).present?
      @issue = Issue.find(issue_id)
-      @project ||= @issue.project
+      @project = @issue.project
+    elsif (project_id = (params[:project_id] || params[:time_entry] && params[:time_entry][:project_id])).present?
+      @project = Project.find(project_id)
+    else
+      render_404
+      return false
    end
  rescue ActiveRecord::RecordNotFound
    render_404
  end
-
-  def find_project_for_new_time_entry
-    find_optional_project_for_new_time_entry
-    if @project.nil?
-      render_404
-    end
-  end
-
+  
  def find_optional_project
    if !params[:issue_id].blank?
      @issue = Issue.find(params[:issue_id])
@@ -288,15 +266,53 @@ private
    elsif !params[:project_id].blank?
      @project = Project.find(params[:project_id])
    end
+    deny_access unless User.current.allowed_to?(:view_time_entries, @project, :global => true)
  end
+  
+  # Retrieves the date range based on predefined ranges or specific from/to param dates
+  def retrieve_date_range
+    @free_period = false
+    @from, @to = nil, nil

-  # Returns the TimeEntry scope for index and report actions
-  def time_entry_scope(options={})
-    scope = @query.results_scope(options)
-    if @issue
-      scope = scope.on_issue(@issue)
+    if params[:period_type] == '1' || (params[:period_type].nil? && !params[:period].nil?)
+      case params[:period].to_s
+      when 'today'
+        @from = @to = Date.today
+      when 'yesterday'
+        @from = @to = Date.today - 1
+      when 'current_week'
+        @from = Date.today - (Date.today.cwday - 1)%7
+        @to = @from + 6
+      when 'last_week'
+        @from = Date.today - 7 - (Date.today.cwday - 1)%7
+        @to = @from + 6
+      when '7_days'
+        @from = Date.today - 7
+        @to = Date.today
+      when 'current_month'
+        @from = Date.civil(Date.today.year, Date.today.month, 1)
+        @to = (@from >> 1) - 1
+      when 'last_month'
+        @from = Date.civil(Date.today.year, Date.today.month, 1) << 1
+        @to = (@from >> 1) - 1
+      when '30_days'
+        @from = Date.today - 30
+        @to = Date.today
+      when 'current_year'
+        @from = Date.civil(Date.today.year, 1, 1)
+        @to = Date.civil(Date.today.year, 12, 31)
+      end
+    elsif params[:period_type] == '2' || (params[:period_type].nil? && (!params[:from].nil? || !params[:to].nil?))
+      begin; @from = params[:from].to_s.to_date unless params[:from].blank?; rescue; end
+      begin; @to = params[:to].to_s.to_date unless params[:to].blank?; rescue; end
+      @free_period = true
+    else
+      # default
    end
-    scope
+    
+    @from, @to = @to, @from if @from && @to && @from > @to
+    @from ||= (TimeEntry.earilest_date_for_project(@project) || Date.today)
+    @to   ||= (TimeEntry.latest_date_for_project(@project) || Date.today)
  end

  def parse_params_for_bulk_time_entry_attributes(params)
--- a/app/controllers/trackers_controller.rb
+++ b/app/controllers/trackers_controller.rb
@@ -1,76 +1,57 @@
 # Redmine - project management software
-# Copyright (C) 2006-2013  Jean-Philippe Lang
+# Copyright (C) 2006-2009  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 class TrackersController < ApplicationController
  layout 'admin'
+  
+  before_filter :require_admin

-  before_filter :require_admin, :except => :index
-  before_filter :require_admin_or_api_request, :only => :index
-  accept_api_auth :index
+  verify :method => :post, :only => :destroy, :redirect_to => { :action => :index }

  def index
-    respond_to do |format|
-      format.html {
-        @tracker_pages, @trackers = paginate Tracker.sorted, :per_page => 25
-        render :action => "index", :layout => false if request.xhr?
-      }
-      format.api {
-        @trackers = Tracker.sorted.all
-      }
-    end
+    @tracker_pages, @trackers = paginate :trackers, :per_page => 10, :order => 'position'
+    render :action => "index", :layout => false if request.xhr?
  end

  def new
-    @tracker ||= Tracker.new(params[:tracker])
-    @trackers = Tracker.sorted.all
-    @projects = Project.all
-  end
-
-  def create
    @tracker = Tracker.new(params[:tracker])
-    if @tracker.save
+    if request.post? and @tracker.save
      # workflow copy
      if !params[:copy_workflow_from].blank? && (copy_from = Tracker.find_by_id(params[:copy_workflow_from]))
-        @tracker.workflow_rules.copy(copy_from)
+        @tracker.workflows.copy(copy_from)
      end
      flash[:notice] = l(:notice_successful_create)
-      redirect_to trackers_path
+      redirect_to :action => 'index'
      return
    end
-    new
-    render :action => 'new'
+    @trackers = Tracker.find :all, :order => 'position'
+    @projects = Project.find(:all)
  end

  def edit
-    @tracker ||= Tracker.find(params[:id])
-    @projects = Project.all
-  end
-
-  def update
    @tracker = Tracker.find(params[:id])
-    if @tracker.update_attributes(params[:tracker])
+    if request.post? and @tracker.update_attributes(params[:tracker])
      flash[:notice] = l(:notice_successful_update)
-      redirect_to trackers_path
+      redirect_to :action => 'index'
      return
    end
-    edit
-    render :action => 'edit'
+    @projects = Project.find(:all)
  end
-
+  
  def destroy
    @tracker = Tracker.find(params[:id])
    unless @tracker.issues.empty?
@@ -78,24 +59,6 @@ class TrackersController < ApplicationController
    else
      @tracker.destroy
    end
-    redirect_to trackers_path
-  end
-
-  def fields
-    if request.post? && params[:trackers]
-      params[:trackers].each do |tracker_id, tracker_params|
-        tracker = Tracker.find_by_id(tracker_id)
-        if tracker
-          tracker.core_fields = tracker_params[:core_fields]
-          tracker.custom_field_ids = tracker_params[:custom_field_ids]
-          tracker.save
-        end
-      end
-      flash[:notice] = l(:notice_successful_update)
-      redirect_to fields_trackers_path
-      return
-    end
-    @trackers = Tracker.sorted.all
-    @custom_fields = IssueCustomField.all.sort
-  end
+    redirect_to :action => 'index'
+  end  
 end
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -1,23 +1,23 @@
 # Redmine - project management software
-# Copyright (C) 2006-2013  Jean-Philippe Lang
+# Copyright (C) 2006-2011  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 class UsersController < ApplicationController
  layout 'admin'
-
+  
  before_filter :require_admin, :except => :show
  before_filter :find_user, :only => [:show, :edit, :update, :destroy, :edit_membership, :destroy_membership]
  accept_api_auth :index, :show, :create, :update, :destroy
@@ -25,29 +25,38 @@ class UsersController < ApplicationController
  helper :sort
  include SortHelper
  helper :custom_fields
-  include CustomFieldsHelper
+  include CustomFieldsHelper   

  def index
    sort_init 'login', 'asc'
    sort_update %w(login firstname lastname mail admin created_on last_login_on)
-
+    
    case params[:format]
    when 'xml', 'json'
      @offset, @limit = api_offset_and_limit
    else
      @limit = per_page_option
    end
+    
+    scope = User
+    scope = scope.in_group(params[:group_id].to_i) if params[:group_id].present?
+    
+    @status = params[:status] ? params[:status].to_i : 1
+    c = ARCondition.new(@status == 0 ? "status <> 0" : ["status = ?", @status])

-    @status = params[:status] || 1
-
-    scope = User.logged.status(@status)
-    scope = scope.like(params[:name]) if params[:name].present?
-    scope = scope.in_group(params[:group_id]) if params[:group_id].present?
-
-    @user_count = scope.count
-    @user_pages = Paginator.new @user_count, @limit, params['page']
-    @offset ||= @user_pages.offset
-    @users =  scope.order(sort_clause).limit(@limit).offset(@offset).all
+    unless params[:name].blank?
+      name = "%#{params[:name].strip.downcase}%"
+      c << ["LOWER(login) LIKE ? OR LOWER(firstname) LIKE ? OR LOWER(lastname) LIKE ? OR LOWER(mail) LIKE ?", name, name, name, name]
+    end
+    
+    @user_count = scope.count(:conditions => c.conditions)
+    @user_pages = Paginator.new self, @user_count, @limit, params['page']
+    @offset ||= @user_pages.current.offset
+    @users =  scope.find :all,
+                        :order => sort_clause,
+                        :conditions => c.conditions,
+                        :limit  =>  @limit,
+                        :offset =>  @offset

    respond_to do |format|
      format.html {
@@ -55,23 +64,23 @@ class UsersController < ApplicationController
        render :layout => !request.xhr?
      }
      format.api
-    end
+    end	
  end
-
+  
  def show
    # show projects based on current user visibility
    @memberships = @user.memberships.all(:conditions => Project.visible_condition(User.current))
-
+    
    events = Redmine::Activity::Fetcher.new(User.current, :author => @user).events(nil, nil, :limit => 10)
    @events_by_day = events.group_by(&:event_date)
-
+    
    unless User.current.admin?
      if !@user.active? || (@user != User.current  && @memberships.empty? && events.empty?)
        render_404
        return
      end
    end
-
+    
    respond_to do |format|
      format.html { render :layout => 'base' }
      format.api
@@ -80,9 +89,10 @@ class UsersController < ApplicationController

  def new
    @user = User.new(:language => Setting.default_language, :mail_notification => Setting.default_notification_option)
-    @auth_sources = AuthSource.all
+    @auth_sources = AuthSource.find(:all)
  end
-
+  
+  verify :method => :post, :only => :create, :render => {:nothing => true, :status => :method_not_allowed }
  def create
    @user = User.new(:language => Setting.default_language, :mail_notification => Setting.default_notification_option)
    @user.safe_attributes = params[:user]
@@ -90,26 +100,28 @@ class UsersController < ApplicationController
    @user.login = params[:user][:login]
    @user.password, @user.password_confirmation = params[:user][:password], params[:user][:password_confirmation] unless @user.auth_source_id

+    # TODO: Similar to My#account
+    @user.pref.attributes = params[:pref]
+    @user.pref[:no_self_notified] = (params[:no_self_notified] == '1')
+
    if @user.save
-      @user.pref.attributes = params[:pref]
      @user.pref.save
      @user.notified_project_ids = (@user.mail_notification == 'selected' ? params[:notified_project_ids] : [])

-      Mailer.account_information(@user, params[:user][:password]).deliver if params[:send_information]
-
+      Mailer.deliver_account_information(@user, params[:user][:password]) if params[:send_information]
+      
      respond_to do |format|
        format.html {
-          flash[:notice] = l(:notice_user_successful_create, :id => view_context.link_to(@user.login, user_path(@user)))
-          if params[:continue]
-            redirect_to new_user_path
-          else
-            redirect_to edit_user_path(@user)
-          end
+          flash[:notice] = l(:notice_successful_create)
+          redirect_to(params[:continue] ? 
+            {:controller => 'users', :action => 'new'} : 
+            {:controller => 'users', :action => 'edit', :id => @user}
+          )
        }
        format.api  { render :action => 'show', :status => :created, :location => user_url(@user) }
      end
    else
-      @auth_sources = AuthSource.all
+      @auth_sources = AuthSource.find(:all)
      # Clear password input
      @user.password = @user.password_confirmation = nil

@@ -121,10 +133,11 @@ class UsersController < ApplicationController
  end

  def edit
-    @auth_sources = AuthSource.all
+    @auth_sources = AuthSource.find(:all)
    @membership ||= Member.new
  end
-
+  
+  verify :method => :put, :only => :update, :render => {:nothing => true, :status => :method_not_allowed }
  def update
    @user.admin = params[:user][:admin] if params[:user][:admin]
    @user.login = params[:user][:login] if params[:user][:login]
@@ -136,26 +149,27 @@ class UsersController < ApplicationController
    was_activated = (@user.status_change == [User::STATUS_REGISTERED, User::STATUS_ACTIVE])
    # TODO: Similar to My#account
    @user.pref.attributes = params[:pref]
+    @user.pref[:no_self_notified] = (params[:no_self_notified] == '1')

    if @user.save
      @user.pref.save
      @user.notified_project_ids = (@user.mail_notification == 'selected' ? params[:notified_project_ids] : [])

      if was_activated
-        Mailer.account_activated(@user).deliver
+        Mailer.deliver_account_activated(@user)
      elsif @user.active? && params[:send_information] && !params[:user][:password].blank? && @user.auth_source_id.nil?
-        Mailer.account_information(@user, params[:user][:password]).deliver
+        Mailer.deliver_account_information(@user, params[:user][:password])
      end
-
+      
      respond_to do |format|
        format.html {
          flash[:notice] = l(:notice_successful_update)
-          redirect_to_referer_or edit_user_path(@user)
+          redirect_to :back
        }
-        format.api  { render_api_ok }
+        format.api  { head :ok }
      end
    else
-      @auth_sources = AuthSource.all
+      @auth_sources = AuthSource.find(:all)
      @membership ||= Member.new
      # Clear password input
      @user.password = @user.password_confirmation = nil
@@ -165,38 +179,54 @@ class UsersController < ApplicationController
        format.api  { render_validation_errors(@user) }
      end
    end
+  rescue ::ActionController::RedirectBackError
+    redirect_to :controller => 'users', :action => 'edit', :id => @user
  end

+  verify :method => :delete, :only => :destroy, :render => {:nothing => true, :status => :method_not_allowed }
  def destroy
    @user.destroy
    respond_to do |format|
-      format.html { redirect_back_or_default(users_path) }
-      format.api  { render_api_ok }
+      format.html { redirect_to(users_url) }
+      format.api  { head :ok }
    end
  end

  def edit_membership
    @membership = Member.edit_membership(params[:membership_id], params[:membership], @user)
-    @membership.save
+    @membership.save if request.post?
    respond_to do |format|
-      format.html { redirect_to edit_user_path(@user, :tab => 'memberships') }
-      format.js
+      if @membership.valid?
+        format.html { redirect_to :controller => 'users', :action => 'edit', :id => @user, :tab => 'memberships' }
+        format.js {
+          render(:update) {|page|
+            page.replace_html "tab-content-memberships", :partial => 'users/memberships'
+            page.visual_effect(:highlight, "member-#{@membership.id}")
+          }
+        }
+      else
+        format.js {
+          render(:update) {|page|
+            page.alert(l(:notice_failed_to_save_members, :errors => @membership.errors.full_messages.join(', ')))
+          }
+        }
+      end
    end
  end
-
+  
  def destroy_membership
    @membership = Member.find(params[:membership_id])
-    if @membership.deletable?
+    if request.post? && @membership.deletable?
      @membership.destroy
    end
    respond_to do |format|
-      format.html { redirect_to edit_user_path(@user, :tab => 'memberships') }
-      format.js
+      format.html { redirect_to :controller => 'users', :action => 'edit', :id => @user, :tab => 'memberships' }
+      format.js { render(:update) {|page| page.replace_html "tab-content-memberships", :partial => 'users/memberships'} }
    end
  end
-
+  
  private
-
+  
  def find_user
    if params[:id] == 'current'
      require_login || return
--- a/app/controllers/versions_controller.rb
+++ b/app/controllers/versions_controller.rb
@@ -1,16 +1,16 @@
-# Redmine - project management software
-# Copyright (C) 2006-2013  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
@@ -20,75 +20,58 @@ class VersionsController < ApplicationController
  model_object Version
  before_filter :find_model_object, :except => [:index, :new, :create, :close_completed]
  before_filter :find_project_from_association, :except => [:index, :new, :create, :close_completed]
-  before_filter :find_project_by_project_id, :only => [:index, :new, :create, :close_completed]
+  before_filter :find_project, :only => [:index, :new, :create, :close_completed]
  before_filter :authorize

-  accept_api_auth :index, :show, :create, :update, :destroy
-
  helper :custom_fields
  helper :projects

  def index
-    respond_to do |format|
-      format.html {
-        @trackers = @project.trackers.sorted.all
-        retrieve_selected_tracker_ids(@trackers, @trackers.select {|t| t.is_in_roadmap?})
-        @with_subprojects = params[:with_subprojects].nil? ? Setting.display_subprojects_issues? : (params[:with_subprojects] == '1')
-        project_ids = @with_subprojects ? @project.self_and_descendants.collect(&:id) : [@project.id]
-
-        @versions = @project.shared_versions || []
-        @versions += @project.rolled_up_versions.visible if @with_subprojects
-        @versions = @versions.uniq.sort
-        unless params[:completed]
-          @completed_versions = @versions.select {|version| version.closed? || version.completed? }
-          @versions -= @completed_versions
-        end
-
-        @issues_by_version = {}
-        if @selected_tracker_ids.any? && @versions.any?
-          issues = Issue.visible.all(
-            :include => [:project, :status, :tracker, :priority, :fixed_version],
-            :conditions => {:tracker_id => @selected_tracker_ids, :project_id => project_ids, :fixed_version_id => @versions.map(&:id)},
-            :order => "#{Project.table_name}.lft, #{Tracker.table_name}.position, #{Issue.table_name}.id"
-          )
-          @issues_by_version = issues.group_by(&:fixed_version)
-        end
-        @versions.reject! {|version| !project_ids.include?(version.project_id) && @issues_by_version[version].blank?}
-      }
-      format.api {
-        @versions = @project.shared_versions.all
-      }
+    @trackers = @project.trackers.find(:all, :order => 'position')
+    retrieve_selected_tracker_ids(@trackers, @trackers.select {|t| t.is_in_roadmap?})
+    @with_subprojects = params[:with_subprojects].nil? ? Setting.display_subprojects_issues? : (params[:with_subprojects] == '1')
+    project_ids = @with_subprojects ? @project.self_and_descendants.collect(&:id) : [@project.id]
+    
+    @versions = @project.shared_versions || []
+    @versions += @project.rolled_up_versions.visible if @with_subprojects
+    @versions = @versions.uniq.sort
+    @versions.reject! {|version| version.closed? || version.completed? } unless params[:completed]
+    
+    @issues_by_version = {}
+    unless @selected_tracker_ids.empty?
+      @versions.each do |version|
+        issues = version.fixed_issues.visible.find(:all,
+                                                   :include => [:project, :status, :tracker, :priority],
+                                                   :conditions => {:tracker_id => @selected_tracker_ids, :project_id => project_ids},
+                                                   :order => "#{Project.table_name}.lft, #{Tracker.table_name}.position, #{Issue.table_name}.id")
+        @issues_by_version[version] = issues
+      end
    end
+    @versions.reject! {|version| !project_ids.include?(version.project_id) && @issues_by_version[version].blank?}
  end
-
+  
  def show
-    respond_to do |format|
-      format.html {
-        @issues = @version.fixed_issues.visible.
-          includes(:status, :tracker, :priority).
-          reorder("#{Tracker.table_name}.position, #{Issue.table_name}.id").
-          all
-      }
-      format.api
-    end
+    @issues = @version.fixed_issues.visible.find(:all,
+      :include => [:status, :tracker, :priority],
+      :order => "#{Tracker.table_name}.position, #{Issue.table_name}.id")
  end
-
+  
  def new
-    @version = @project.versions.build
-    @version.safe_attributes = params[:version]
-
-    respond_to do |format|
-      format.html
-      format.js
-    end
-  end
-
-  def create
    @version = @project.versions.build
    if params[:version]
      attributes = params[:version].dup
      attributes.delete('sharing') unless attributes.nil? || @version.allowed_sharings.include?(attributes['sharing'])
-      @version.safe_attributes = attributes
+      @version.attributes = attributes
+    end
+  end
+
+  def create
+    # TODO: refactor with code above in #new
+    @version = @project.versions.build
+    if params[:version]
+      attributes = params[:version].dup
+      attributes.delete('sharing') unless attributes.nil? || @version.allowed_sharings.include?(attributes['sharing'])
+      @version.attributes = attributes
    end

    if request.post?
@@ -96,18 +79,21 @@ class VersionsController < ApplicationController
        respond_to do |format|
          format.html do
            flash[:notice] = l(:notice_successful_create)
-            redirect_back_or_default settings_project_path(@project, :tab => 'versions')
+            redirect_to :controller => 'projects', :action => 'settings', :tab => 'versions', :id => @project
          end
-          format.js
-          format.api do
-            render :action => 'show', :status => :created, :location => version_url(@version)
+          format.js do
+            # IE doesn't support the replace_html rjs method for select box options
+            render(:update) {|page| page.replace "issue_fixed_version_id",
+              content_tag('select', '<option></option>' + version_options_for_select(@project.shared_versions.open, @version), :id => 'issue_fixed_version_id', :name => 'issue[fixed_version_id]')
+            }
          end
        end
      else
        respond_to do |format|
          format.html { render :action => 'new' }
-          format.js   { render :action => 'new' }
-          format.api  { render_validation_errors(@version) }
+          format.js do
+            render(:update) {|page| page.alert(@version.errors.full_messages.join('\n')) }
+          end
        end
      end
    end
@@ -115,62 +101,52 @@ class VersionsController < ApplicationController

  def edit
  end
-
+  
  def update
    if request.put? && params[:version]
      attributes = params[:version].dup
      attributes.delete('sharing') unless @version.allowed_sharings.include?(attributes['sharing'])
-      @version.safe_attributes = attributes
-      if @version.save
-        respond_to do |format|
-          format.html {
-            flash[:notice] = l(:notice_successful_update)
-            redirect_back_or_default settings_project_path(@project, :tab => 'versions')
-          }
-          format.api  { render_api_ok }
-        end
+      if @version.update_attributes(attributes)
+        flash[:notice] = l(:notice_successful_update)
+        redirect_to :controller => 'projects', :action => 'settings', :tab => 'versions', :id => @project
      else
        respond_to do |format|
          format.html { render :action => 'edit' }
-          format.api  { render_validation_errors(@version) }
        end
      end
    end
  end
-
+  
  def close_completed
    if request.put?
      @project.close_completed_versions
    end
-    redirect_to settings_project_path(@project, :tab => 'versions')
+    redirect_to :controller => 'projects', :action => 'settings', :tab => 'versions', :id => @project
  end

  def destroy
    if @version.fixed_issues.empty?
      @version.destroy
-      respond_to do |format|
-        format.html { redirect_back_or_default settings_project_path(@project, :tab => 'versions') }
-        format.api  { render_api_ok }
-      end
+      redirect_to :controller => 'projects', :action => 'settings', :tab => 'versions', :id => @project
    else
-      respond_to do |format|
-        format.html {
-          flash[:error] = l(:notice_unable_delete_version)
-          redirect_to settings_project_path(@project, :tab => 'versions')
-        }
-        format.api  { head :unprocessable_entity }
-      end
+      flash[:error] = l(:notice_unable_delete_version)
+      redirect_to :controller => 'projects', :action => 'settings', :tab => 'versions', :id => @project
    end
  end
-
+  
  def status_by
    respond_to do |format|
      format.html { render :action => 'show' }
-      format.js
+      format.js { render(:update) {|page| page.replace_html 'status_by', render_issue_status_by(@version, params[:status_by])} }
    end
  end

-  private
+private
+  def find_project
+    @project = Project.find(params[:project_id])
+  rescue ActiveRecord::RecordNotFound
+    render_404
+  end

  def retrieve_selected_tracker_ids(selectable_trackers, default_trackers=nil)
    if ids = params[:tracker_ids]
@@ -179,4 +155,5 @@ class VersionsController < ApplicationController
      @selected_tracker_ids = (default_trackers || selectable_trackers).collect {|t| t.id.to_s }
    end
  end
+
 end
--- a/app/controllers/watchers_controller.rb
+++ b/app/controllers/watchers_controller.rb
@@ -1,109 +1,93 @@
 # Redmine - project management software
-# Copyright (C) 2006-2013  Jean-Philippe Lang
+# Copyright (C) 2006-2011  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 class WatchersController < ApplicationController
-  before_filter :require_login, :find_watchables, :only => [:watch, :unwatch]
-
+  before_filter :find_project
+  before_filter :require_login, :check_project_privacy, :only => [:watch, :unwatch]
+  before_filter :authorize, :only => [:new, :destroy]
+  
+  verify :method => :post,
+         :only => [ :watch, :unwatch ],
+         :render => { :nothing => true, :status => :method_not_allowed }
+  
  def watch
-    set_watcher(@watchables, User.current, true)
-  end
-
-  def unwatch
-    set_watcher(@watchables, User.current, false)
-  end
-
-  before_filter :find_project, :authorize, :only => [:new, :create, :append, :destroy, :autocomplete_for_user]
-  accept_api_auth :create, :destroy
-
-  def new
-  end
-
-  def create
-    user_ids = []
-    if params[:watcher].is_a?(Hash)
-      user_ids << (params[:watcher][:user_ids] || params[:watcher][:user_id])
+    if @watched.respond_to?(:visible?) && !@watched.visible?(User.current)
+      render_403
    else
-      user_ids << params[:user_id]
-    end
-    user_ids.flatten.compact.uniq.each do |user_id|
-      Watcher.create(:watchable => @watched, :user_id => user_id)
-    end
-    respond_to do |format|
-      format.html { redirect_to_referer_or {render :text => 'Watcher added.', :layout => true}}
-      format.js
-      format.api { render_api_ok }
+      set_watcher(User.current, true)
    end
  end
-
-  def append
-    if params[:watcher].is_a?(Hash)
-      user_ids = params[:watcher][:user_ids] || [params[:watcher][:user_id]]
-      @users = User.active.find_all_by_id(user_ids)
-    end
+  
+  def unwatch
+    set_watcher(User.current, false)
  end
-
-  def destroy
-    @watched.set_watcher(User.find(params[:user_id]), false)
+  
+  def new
+    @watcher = Watcher.new(params[:watcher])
+    @watcher.watchable = @watched
+    @watcher.save if request.post?
    respond_to do |format|
      format.html { redirect_to :back }
-      format.js
-      format.api { render_api_ok }
+      format.js do
+        render :update do |page|
+          page.replace_html 'watchers', :partial => 'watchers/watchers', :locals => {:watched => @watched}
+        end
+      end
+    end
+  rescue ::ActionController::RedirectBackError
+    render :text => 'Watcher added.', :layout => true
+  end
+  
+  def destroy
+    @watched.set_watcher(User.find(params[:user_id]), false) if request.post?
+    respond_to do |format|
+      format.html { redirect_to :back }
+      format.js do
+        render :update do |page|
+          page.replace_html 'watchers', :partial => 'watchers/watchers', :locals => {:watched => @watched}
+        end
+      end
    end
  end
-
-  def autocomplete_for_user
-    @users = User.active.sorted.like(params[:q]).limit(100).all
-    if @watched
-      @users -= @watched.watcher_users
-    end
-    render :layout => false
-  end
-
-  private
-
+  
+private
  def find_project
-    if params[:object_type] && params[:object_id]
-      klass = Object.const_get(params[:object_type].camelcase)
-      return false unless klass.respond_to?('watched_by')
-      @watched = klass.find(params[:object_id])
-      @project = @watched.project
-    elsif params[:project_id]
-      @project = Project.visible.find_by_param(params[:project_id])
-    end
+    klass = Object.const_get(params[:object_type].camelcase)
+    return false unless klass.respond_to?('watched_by')
+    @watched = klass.find(params[:object_id])
+    @project = @watched.project
  rescue
    render_404
  end
-
-  def find_watchables
-    klass = Object.const_get(params[:object_type].camelcase) rescue nil
-    if klass && klass.respond_to?('watched_by')
-      @watchables = klass.find_all_by_id(Array.wrap(params[:object_id]))
-      raise Unauthorized if @watchables.any? {|w| w.respond_to?(:visible?) && !w.visible?}
-    end
-    render_404 unless @watchables.present?
-  end
-
-  def set_watcher(watchables, user, watching)
-    watchables.each do |watchable|
-      watchable.set_watcher(user, watching)
-    end
+  
+  def set_watcher(user, watching)
+    @watched.set_watcher(user, watching)
    respond_to do |format|
-      format.html { redirect_to_referer_or {render :text => (watching ? 'Watcher added.' : 'Watcher removed.'), :layout => true}}
-      format.js { render :partial => 'set_watcher', :locals => {:user => user, :watched => watchables} }
+      format.html { redirect_to :back }
+      format.js do
+        render(:update) do |page|
+          c = watcher_css(@watched)
+          page.select(".#{c}").each do |item|
+            page.replace_html item, watcher_link(@watched, user)
+          end
+        end
+      end
    end
+  rescue ::ActionController::RedirectBackError
+    render :text => (watching ? 'Watcher added.' : 'Watcher removed.'), :layout => true
  end
 end
--- a/app/controllers/welcome_controller.rb
+++ b/app/controllers/welcome_controller.rb
@@ -1,16 +1,16 @@
-# Redmine - project management software
-# Copyright (C) 2006-2013  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
@@ -22,7 +22,7 @@ class WelcomeController < ApplicationController
    @news = News.latest User.current
    @projects = Project.latest User.current
  end
-
+  
  def robots
    @projects = Project.all_public.active
    render :layout => false, :content_type => 'text/plain'
--- a/app/controllers/wiki_controller.rb
+++ b/app/controllers/wiki_controller.rb
@@ -1,5 +1,5 @@
 # Redmine - project management software
-# Copyright (C) 2006-2013  Jean-Philippe Lang
+# Copyright (C) 2006-2011  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
@@ -35,25 +35,16 @@ class WikiController < ApplicationController
  default_search_scope :wiki_pages
  before_filter :find_wiki, :authorize
  before_filter :find_existing_or_new_page, :only => [:show, :edit, :update]
-  before_filter :find_existing_page, :only => [:rename, :protect, :history, :diff, :annotate, :add_attachment, :destroy, :destroy_version]
-  accept_api_auth :index, :show, :update, :destroy
-  before_filter :find_attachments, :only => [:preview]
+  before_filter :find_existing_page, :only => [:rename, :protect, :history, :diff, :annotate, :add_attachment, :destroy]

  helper :attachments
  include AttachmentsHelper
  helper :watchers
-  include Redmine::Export::PDF

  # List of pages, sorted alphabetically and by parent (hierarchy)
  def index
    load_pages_for_index
-
-    respond_to do |format|
-      format.html {
-        @pages_by_parent_id = @pages.group_by(&:parent_id)
-      }
-      format.api
-    end
+    @pages_by_parent_id = @pages.group_by(&:parent_id)
  end

  # List of page, by last update
@@ -65,7 +56,7 @@ class WikiController < ApplicationController
  # display a page (in editing mode if it doesn't exist)
  def show
    if @page.new_record?
-      if User.current.allowed_to?(:edit_wiki_pages, @project) && editable? && !api_request?
+      if User.current.allowed_to?(:edit_wiki_pages, @project) && editable?
        edit
        render :action => 'edit'
      else
@@ -74,15 +65,13 @@ class WikiController < ApplicationController
      return
    end
    if params[:version] && !User.current.allowed_to?(:view_wiki_edits, @project)
-      deny_access
+      # Redirects user to the current version if he's not allowed to view previous versions
+      redirect_to :version => nil
      return
    end
    @content = @page.content_for_version(params[:version])
    if User.current.allowed_to?(:export_wiki_pages, @project)
-      if params[:format] == 'pdf'
-        send_data(wiki_page_to_pdf(@page, @project), :type => 'application/pdf', :filename => "#{@page.title}.pdf")
-        return
-      elsif params[:format] == 'html'
+      if params[:format] == 'html'
        export = render_to_string :action => 'export', :layout => false
        send_data(export, :type => 'text/html', :filename => "#{@page.title}.html")
        return
@@ -92,25 +81,13 @@ class WikiController < ApplicationController
      end
    end
    @editable = editable?
-    @sections_editable = @editable && User.current.allowed_to?(:edit_wiki_pages, @page.project) &&
-      @content.current_version? &&
-      Redmine::WikiFormatting.supports_section_edit?
-
-    respond_to do |format|
-      format.html
-      format.api
-    end
+    render :action => 'show'
  end

  # edit an existing page or a new one
  def edit
    return render_403 unless editable?
-    if @page.new_record?
-      @page.content = WikiContent.new(:page => @page)
-      if params[:parent].present?
-        @page.parent = @page.wiki.find_page(params[:parent].to_s)
-      end
-    end
+    @page.content = WikiContent.new(:page => @page) if @page.new_record?

    @content = @page.content_for_version(params[:version])
    @content.text = initial_page_content(@page) if @content.text.blank?
@@ -119,77 +96,42 @@ class WikiController < ApplicationController

    # To prevent StaleObjectError exception when reverting to a previous version
    @content.version = @page.content.version
-
-    @text = @content.text
-    if params[:section].present? && Redmine::WikiFormatting.supports_section_edit?
-      @section = params[:section].to_i
-      @text, @section_hash = Redmine::WikiFormatting.formatter.new(@text).get_section(@section)
-      render_404 if @text.blank?
-    end
  end

+  verify :method => :put, :only => :update, :render => {:nothing => true, :status => :method_not_allowed }
  # Creates a new page or updates an existing one
  def update
    return render_403 unless editable?
-    was_new_page = @page.new_record?
    @page.content = WikiContent.new(:page => @page) if @page.new_record?
-    @page.safe_attributes = params[:wiki_page]

-    @content = @page.content
-    content_params = params[:content]
-    if content_params.nil? && params[:wiki_page].is_a?(Hash)
-      content_params = params[:wiki_page].slice(:text, :comments, :version)
-    end
-    content_params ||= {}
+    @content = @page.content_for_version(params[:version])
+    @content.text = initial_page_content(@page) if @content.text.blank?
+    # don't keep previous comment
+    @content.comments = nil

-    @content.comments = content_params[:comments]
-    @text = content_params[:text]
-    if params[:section].present? && Redmine::WikiFormatting.supports_section_edit?
-      @section = params[:section].to_i
-      @section_hash = params[:section_hash]
-      @content.text = Redmine::WikiFormatting.formatter.new(@content.text).update_section(params[:section].to_i, @text, @section_hash)
-    else
-      @content.version = content_params[:version] if content_params[:version]
-      @content.text = @text
+    if !@page.new_record? && params[:content].present? && @content.text == params[:content][:text]
+      attachments = Attachment.attach_files(@page, params[:attachments])
+      render_attachment_warning_if_needed(@page)
+      # don't save if text wasn't changed
+      redirect_to :action => 'show', :project_id => @project, :id => @page.title
+      return
    end
+    @content.attributes = params[:content]
    @content.author = User.current
-
-    if @page.save_with_content
+    # if page is new @page.save will also save content, but not if page isn't a new record
+    if (@page.new_record? ? @page.save : @content.save)
      attachments = Attachment.attach_files(@page, params[:attachments])
      render_attachment_warning_if_needed(@page)
      call_hook(:controller_wiki_edit_after_save, { :params => params, :page => @page})
-
-      respond_to do |format|
-        format.html { redirect_to project_wiki_page_path(@project, @page.title) }
-        format.api {
-          if was_new_page
-            render :action => 'show', :status => :created, :location => project_wiki_page_path(@project, @page.title)
-          else
-            render_api_ok
-          end
-        }
-      end
+      redirect_to :action => 'show', :project_id => @project, :id => @page.title
    else
-      respond_to do |format|
-        format.html { render :action => 'edit' }
-        format.api { render_validation_errors(@content) }
-      end
+      render :action => 'edit'
    end

-  rescue ActiveRecord::StaleObjectError, Redmine::WikiFormatting::StaleSectionError
+  rescue ActiveRecord::StaleObjectError
    # Optimistic locking exception
-    respond_to do |format|
-      format.html {
-        flash.now[:error] = l(:notice_locking_conflict)
-        render :action => 'edit'
-      }
-      format.api { render_api_head :conflict }
-    end
-  rescue ActiveRecord::RecordNotSaved
-    respond_to do |format|
-      format.html { render :action => 'edit' }
-      format.api { render_validation_errors(@content) }
-    end
+    flash.now[:error] = l(:notice_locking_conflict)
+    render :action => 'edit'
  end

  # rename a page
@@ -200,26 +142,26 @@ class WikiController < ApplicationController
    @original_title = @page.pretty_title
    if request.post? && @page.update_attributes(params[:wiki_page])
      flash[:notice] = l(:notice_successful_update)
-      redirect_to project_wiki_page_path(@project, @page.title)
+      redirect_to :action => 'show', :project_id => @project, :id => @page.title
    end
  end

+  verify :method => :post, :only => :protect, :redirect_to => { :action => :show }
  def protect
    @page.update_attribute :protected, params[:protected]
-    redirect_to project_wiki_page_path(@project, @page.title)
+    redirect_to :action => 'show', :project_id => @project, :id => @page.title
  end

  # show page history
  def history
    @version_count = @page.content.versions.count
-    @version_pages = Paginator.new @version_count, per_page_option, params['page']
+    @version_pages = Paginator.new self, @version_count, per_page_option, params['p']
    # don't load text
-    @versions = @page.content.versions.
-      select("id, author_id, comments, updated_on, version").
-      reorder('version DESC').
-      limit(@version_pages.per_page + 1).
-      offset(@version_pages.offset).
-      all
+    @versions = @page.content.versions.find :all,
+                                            :select => "id, author_id, comments, updated_on, version",
+                                            :order => 'version DESC',
+                                            :limit  =>  @version_pages.items_per_page + 1,
+                                            :offset =>  @version_pages.current.offset

    render :layout => false if request.xhr?
  end
@@ -234,6 +176,7 @@ class WikiController < ApplicationController
    render_404 unless @annotate
  end

+  verify :method => :delete, :only => [:destroy], :redirect_to => { :action => :show }
  # Removes a wiki page and its history
  # Children can be either set as root pages, removed or reassigned to another parent page
  def destroy
@@ -256,36 +199,21 @@ class WikiController < ApplicationController
        end
      else
        @reassignable_to = @wiki.pages - @page.self_and_descendants
-        # display the destroy form if it's a user request
-        return unless api_request?
+        return
      end
    end
    @page.destroy
-    respond_to do |format|
-      format.html { redirect_to project_wiki_index_path(@project) }
-      format.api { render_api_ok }
-    end
+    redirect_to :action => 'index', :project_id => @project
  end

-  def destroy_version
-    return render_403 unless editable?
-
-    @content = @page.content_for_version(params[:version])
-    @content.destroy
-    redirect_to_referer_or history_project_wiki_page_path(@project, @page.title)
-  end
-
-  # Export wiki to a single pdf or html file
+  # Export wiki to a single html file
  def export
-    @pages = @wiki.pages.all(:order => 'title', :include => [:content, {:attachments => :author}])
-    respond_to do |format|
-      format.html {
-        export = render_to_string :action => 'export_multiple', :layout => false
-        send_data(export, :type => 'text/html', :filename => "wiki.html")
-      }
-      format.pdf {
-        send_data(wiki_pages_to_pdf(@pages, @project), :type => 'application/pdf', :filename => "#{@project.identifier}.pdf")
-      }
+    if User.current.allowed_to?(:export_wiki_pages, @project)
+      @pages = @wiki.pages.find :all, :order => 'title'
+      export = render_to_string :action => 'export_multiple', :layout => false
+      send_data(export, :type => 'text/html', :filename => "wiki.html")
+    else
+      redirect_to :action => 'show', :project_id => @project, :id => nil
    end
  end

@@ -294,7 +222,7 @@ class WikiController < ApplicationController
    # page is nil when previewing a new page
    return render_403 unless page.nil? || editable?(page)
    if page
-      @attachments += page.attachments
+      @attachements = page.attachments
      @previewed = page.content
    end
    @text = params[:content][:text]
@@ -351,6 +279,6 @@ private
  end

  def load_pages_for_index
-    @pages = @wiki.pages.with_updated_on.reorder("#{WikiPage.table_name}.title").includes(:wiki => :project).includes(:parent).all
+    @pages = @wiki.pages.with_updated_on.all(:order => 'title', :include => {:wiki => :project})
  end
 end
--- a/app/controllers/wikis_controller.rb
+++ b/app/controllers/wikis_controller.rb
@@ -1,16 +1,16 @@
-# Redmine - project management software
-# Copyright (C) 2006-2013  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006-2007  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
@@ -18,19 +18,20 @@
 class WikisController < ApplicationController
  menu_item :settings
  before_filter :find_project, :authorize
-
+  
  # Create or update a project's wiki
  def edit
    @wiki = @project.wiki || Wiki.new(:project => @project)
-    @wiki.safe_attributes = params[:wiki]
+    @wiki.attributes = params[:wiki]
    @wiki.save if request.post?
+    render(:update) {|page| page.replace_html "tab-content-wiki", :partial => 'projects/settings/wiki'}
  end

  # Delete a project's wiki
  def destroy
    if request.post? && params[:confirm] && @project.wiki
      @project.wiki.destroy
-      redirect_to settings_project_path(@project, :tab => 'wiki')
-    end
+      redirect_to :controller => 'projects', :action => 'settings', :id => @project, :tab => 'wiki'
+    end    
  end
 end
--- a/app/controllers/workflows_controller.rb
+++ b/app/controllers/workflows_controller.rb
@@ -1,94 +1,68 @@
 # Redmine - project management software
-# Copyright (C) 2006-2013  Jean-Philippe Lang
+# Copyright (C) 2006-2008  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 class WorkflowsController < ApplicationController
  layout 'admin'
-
-  before_filter :require_admin, :find_roles, :find_trackers
-
+  
+  before_filter :require_admin
+  before_filter :find_roles
+  before_filter :find_trackers
+  
  def index
-    @workflow_counts = WorkflowTransition.count_by_tracker_and_role
+    @workflow_counts = Workflow.count_by_tracker_and_role
  end
-
+  
  def edit
-    @role = Role.find_by_id(params[:role_id]) if params[:role_id]
-    @tracker = Tracker.find_by_id(params[:tracker_id]) if params[:tracker_id]
-
+    @role = Role.find_by_id(params[:role_id])
+    @tracker = Tracker.find_by_id(params[:tracker_id])    
+    
    if request.post?
-      WorkflowTransition.destroy_all( ["role_id=? and tracker_id=?", @role.id, @tracker.id])
+      Workflow.destroy_all( ["role_id=? and tracker_id=?", @role.id, @tracker.id])
      (params[:issue_status] || []).each { |status_id, transitions|
        transitions.each { |new_status_id, options|
          author = options.is_a?(Array) && options.include?('author') && !options.include?('always')
          assignee = options.is_a?(Array) && options.include?('assignee') && !options.include?('always')
-          WorkflowTransition.create(:role_id => @role.id, :tracker_id => @tracker.id, :old_status_id => status_id, :new_status_id => new_status_id, :author => author, :assignee => assignee)
+          @role.workflows.build(:tracker_id => @tracker.id, :old_status_id => status_id, :new_status_id => new_status_id, :author => author, :assignee => assignee) 
        }
      }
      if @role.save
-        redirect_to workflows_edit_path(:role_id => @role, :tracker_id => @tracker, :used_statuses_only => params[:used_statuses_only])
+        flash[:notice] = l(:notice_successful_update)
+        redirect_to :action => 'edit', :role_id => @role, :tracker_id => @tracker
        return
      end
    end
-
+    
    @used_statuses_only = (params[:used_statuses_only] == '0' ? false : true)
    if @tracker && @used_statuses_only && @tracker.issue_statuses.any?
      @statuses = @tracker.issue_statuses
    end
-    @statuses ||= IssueStatus.sorted.all
-
+    @statuses ||= IssueStatus.find(:all, :order => 'position')
+    
    if @tracker && @role && @statuses.any?
-      workflows = WorkflowTransition.where(:role_id => @role.id, :tracker_id => @tracker.id).all
+      workflows = Workflow.all(:conditions => {:role_id => @role.id, :tracker_id => @tracker.id})
      @workflows = {}
      @workflows['always'] = workflows.select {|w| !w.author && !w.assignee}
      @workflows['author'] = workflows.select {|w| w.author}
      @workflows['assignee'] = workflows.select {|w| w.assignee}
    end
  end
-
-  def permissions
-    @role = Role.find_by_id(params[:role_id]) if params[:role_id]
-    @tracker = Tracker.find_by_id(params[:tracker_id]) if params[:tracker_id]
-
-    if request.post? && @role && @tracker
-      WorkflowPermission.replace_permissions(@tracker, @role, params[:permissions] || {})
-      redirect_to workflows_permissions_path(:role_id => @role, :tracker_id => @tracker, :used_statuses_only => params[:used_statuses_only])
-      return
-    end
-
-    @used_statuses_only = (params[:used_statuses_only] == '0' ? false : true)
-    if @tracker && @used_statuses_only && @tracker.issue_statuses.any?
-      @statuses = @tracker.issue_statuses
-    end
-    @statuses ||= IssueStatus.sorted.all
-
-    if @role && @tracker
-      @fields = (Tracker::CORE_FIELDS_ALL - @tracker.disabled_core_fields).map {|field| [field, l("field_"+field.sub(/_id$/, ''))]}
-      @custom_fields = @tracker.custom_fields
-
-      @permissions = WorkflowPermission.where(:tracker_id => @tracker.id, :role_id => @role.id).all.inject({}) do |h, w|
-        h[w.old_status_id] ||= {}
-        h[w.old_status_id][w.field_name] = w.rule
-        h
-      end
-      @statuses.each {|status| @permissions[status.id] ||= {}}
-    end
-  end
-
+  
  def copy
-
+    
    if params[:source_tracker_id].blank? || params[:source_tracker_id] == 'any'
      @source_tracker = nil
    else
@@ -99,19 +73,19 @@ class WorkflowsController < ApplicationController
    else
      @source_role = Role.find_by_id(params[:source_role_id].to_i)
    end
-
+    
    @target_trackers = params[:target_tracker_ids].blank? ? nil : Tracker.find_all_by_id(params[:target_tracker_ids])
    @target_roles = params[:target_role_ids].blank? ? nil : Role.find_all_by_id(params[:target_role_ids])
-
+     
    if request.post?
      if params[:source_tracker_id].blank? || params[:source_role_id].blank? || (@source_tracker.nil? && @source_role.nil?)
        flash.now[:error] = l(:error_workflow_copy_source)
-      elsif @target_trackers.blank? || @target_roles.blank?
+      elsif @target_trackers.nil? || @target_roles.nil?
        flash.now[:error] = l(:error_workflow_copy_target)
      else
-        WorkflowRule.copy(@source_tracker, @source_role, @target_trackers, @target_roles)
+        Workflow.copy(@source_tracker, @source_role, @target_trackers, @target_roles)
        flash[:notice] = l(:notice_successful_update)
-        redirect_to workflows_copy_path(:source_tracker_id => @source_tracker, :source_role_id => @source_role)
+        redirect_to :action => 'copy', :source_tracker_id => @source_tracker, :source_role_id => @source_role
      end
    end
  end
@@ -119,10 +93,10 @@ class WorkflowsController < ApplicationController
  private

  def find_roles
-    @roles = Role.sorted.all
+    @roles = Role.find(:all, :order => 'builtin, position')
  end
-
+  
  def find_trackers
-    @trackers = Tracker.sorted.all
+    @trackers = Tracker.find(:all, :order => 'position')
  end
 end
--- a/app/helpers/account_helper.rb
+++ b/app/helpers/account_helper.rb
@@ -1,18 +1,16 @@
-# encoding: utf-8
-#
-# Redmine - project management software
-# Copyright (C) 2006-2013  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
--- a/app/helpers/activities_helper.rb
+++ b/app/helpers/activities_helper.rb
@@ -1,33 +0,0 @@
-# encoding: utf-8
-#
-# Redmine - project management software
-# Copyright (C) 2006-2013  Jean-Philippe Lang
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
-# of the License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
-
-module ActivitiesHelper
-  def sort_activity_events(events)
-    events_by_group = events.group_by(&:event_group)
-    sorted_events = []
-    events.sort {|x, y| y.event_datetime <=> x.event_datetime}.each do |event|
-      if group_events = events_by_group.delete(event.event_group)
-        group_events.sort {|x, y| y.event_datetime <=> x.event_datetime}.each_with_index do |e, i|
-          sorted_events << [e, i > 0]
-        end
-      end
-    end
-    sorted_events
-  end
-end
--- a/app/helpers/admin_helper.rb
+++ b/app/helpers/admin_helper.rb
@@ -1,27 +1,23 @@
-# encoding: utf-8
-#
-# Redmine - project management software
-# Copyright (C) 2006-2013  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 module AdminHelper
  def project_status_options_for_select(selected)
-    options_for_select([[l(:label_all), ''],
-                        [l(:project_status_active), '1'],
-                        [l(:project_status_closed), '5'],
-                        [l(:project_status_archived), '9']], selected.to_s)
+    options_for_select([[l(:label_all), ''], 
+                        [l(:status_active), 1]], selected)
  end
 end
--- a/app/helpers/application_helper.rb
+++ b/app/helpers/application_helper.rb
--- a/app/helpers/attachments_helper.rb
+++ b/app/helpers/attachments_helper.rb
@@ -1,7 +1,5 @@
-# encoding: utf-8
-#
 # Redmine - project management software
-# Copyright (C) 2006-2013  Jean-Philippe Lang
+# Copyright (C) 2006-2011  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
@@ -21,27 +19,28 @@ module AttachmentsHelper
  # Displays view/delete links to the attachments of the given object
  # Options:
  #   :author -- author names are not displayed if set to false
-  #   :thumbails -- display thumbnails if enabled in settings
  def link_to_attachments(container, options = {})
-    options.assert_valid_keys(:author, :thumbnails)
+    options.assert_valid_keys(:author)

    if container.attachments.any?
      options = {:deletable => container.attachments_deletable?, :author => true}.merge(options)
-      render :partial => 'attachments/links',
-        :locals => {:attachments => container.attachments, :options => options, :thumbnails => (options[:thumbnails] && Setting.thumbnails_enabled?)}
+      render :partial => 'attachments/links', :locals => {:attachments => container.attachments, :options => options}
    end
  end

-  def render_api_attachment(attachment, api)
-    api.attachment do
-      api.id attachment.id
-      api.filename attachment.filename
-      api.filesize attachment.filesize
-      api.content_type attachment.content_type
-      api.description attachment.description
-      api.content_url url_for(:controller => 'attachments', :action => 'download', :id => attachment, :filename => attachment.filename, :only_path => false)
-      api.author(:id => attachment.author.id, :name => attachment.author.name) if attachment.author
-      api.created_on attachment.created_on
+  def to_utf8(str)
+    if str.respond_to?(:force_encoding)
+      str.force_encoding('UTF-8')
+      return str if str.valid_encoding?
+    else
+      return str if /\A[\r\n\t\x20-\x7e]*\Z/n.match(str) # for us-ascii
+    end
+
+    begin
+      Iconv.conv('UTF-8//IGNORE', 'UTF-8', str + '  ')[0..-3]
+    rescue Iconv::InvalidEncoding
+      # "UTF-8//IGNORE" is not supported on some OS
+      str
    end
  end
 end
--- a/app/helpers/auth_sources_helper.rb
+++ b/app/helpers/auth_sources_helper.rb
@@ -1,24 +1,19 @@
-# encoding: utf-8
-#
-# Redmine - project management software
-# Copyright (C) 2006-2013  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 module AuthSourcesHelper
-  def auth_source_partial_name(auth_source)
-    "form_#{auth_source.class.name.underscore}"
-  end
 end
--- a/app/helpers/boards_helper.rb
+++ b/app/helpers/boards_helper.rb
@@ -1,41 +1,19 @@
-# encoding: utf-8
-#
-# Redmine - project management software
-# Copyright (C) 2006-2013  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006-2007  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 module BoardsHelper
-  def board_breadcrumb(item)
-    board = item.is_a?(Message) ? item.board : item
-    links = [link_to(l(:label_board_plural), project_boards_path(item.project))]
-    boards = board.ancestors.reverse
-    if item.is_a?(Message)
-      boards << board
-    end
-    links += boards.map {|ancestor| link_to(h(ancestor.name), project_board_path(ancestor.project, ancestor))}
-    breadcrumb links
-  end
-
-  def boards_options_for_select(boards)
-    options = []
-    Board.board_tree(boards) do |board, level|
-      label = (level > 0 ? '&nbsp;' * 2 * level + '&#187; ' : '').html_safe
-      label << board.name
-      options << [label, board.id]
-    end
-    options
-  end
 end
--- a/app/helpers/calendars_helper.rb
+++ b/app/helpers/calendars_helper.rb
@@ -1,22 +1,3 @@
-# encoding: utf-8
-#
-# Redmine - project management software
-# Copyright (C) 2006-2013  Jean-Philippe Lang
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
-# of the License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
-
 module CalendarsHelper
  def link_to_previous_month(year, month, options={})
    target_year, target_month = if month == 1
@@ -24,15 +5,14 @@ module CalendarsHelper
                                else
                                  [year, month - 1]
                                end
-
+    
    name = if target_month == 12
             "#{month_name(target_month)} #{target_year}"
           else
             "#{month_name(target_month)}"
           end

-    # \xc2\xab(utf-8) = &#171;
-    link_to_month(("\xc2\xab " + name), target_year, target_month, options)
+    link_to_month(('&#171; ' + name), target_year, target_month, options)
  end

  def link_to_next_month(year, month, options={})
@@ -48,11 +28,10 @@ module CalendarsHelper
             "#{month_name(target_month)}"
           end

-    # \xc2\xbb(utf-8) = &#187;
-    link_to_month((name + " \xc2\xbb"), target_year, target_month, options)
+    link_to_month((name + ' &#187;'), target_year, target_month, options)
  end

  def link_to_month(link_name, year, month, options={})
-    link_to_content_update(h(link_name), params.merge(:year => year, :month => month))
+    link_to_content_update(link_name, params.merge(:year => year, :month => month))
  end
 end
--- a/app/helpers/context_menus_helper.rb
+++ b/app/helpers/context_menus_helper.rb
@@ -1,43 +0,0 @@
-# encoding: utf-8
-#
-# Redmine - project management software
-# Copyright (C) 2006-2013  Jean-Philippe Lang
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
-# of the License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
-
-module ContextMenusHelper
-  def context_menu_link(name, url, options={})
-    options[:class] ||= ''
-    if options.delete(:selected)
-      options[:class] << ' icon-checked disabled'
-      options[:disabled] = true
-    end
-    if options.delete(:disabled)
-      options.delete(:method)
-      options.delete(:data)
-      options[:onclick] = 'return false;'
-      options[:class] << ' disabled'
-      url = '#'
-    end
-    link_to h(name), url, options
-  end
-
-  def bulk_update_custom_field_context_menu_link(field, text, value)
-    context_menu_link h(text),
-      bulk_update_issues_path(:ids => @issue_ids, :issue => {'custom_field_values' => {field.id => value}}, :back_url => @back),
-      :method => :post,
-      :selected => (@issue && @issue.custom_field_value(field) == value)
-  end
-end
--- a/app/helpers/custom_fields_helper.rb
+++ b/app/helpers/custom_fields_helper.rb
@@ -1,18 +1,16 @@
-# encoding: utf-8
-#
 # Redmine - project management software
-# Copyright (C) 2006-2013  Jean-Philippe Lang
+# Copyright (C) 2006-2011  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
@@ -20,89 +18,74 @@
 module CustomFieldsHelper

  def custom_fields_tabs
-    CustomField::CUSTOM_FIELDS_TABS
+    tabs = [{:name => 'IssueCustomField', :partial => 'custom_fields/index', :label => :label_issue_plural},
+            {:name => 'TimeEntryCustomField', :partial => 'custom_fields/index', :label => :label_spent_time},
+            {:name => 'ProjectCustomField', :partial => 'custom_fields/index', :label => :label_project_plural},
+            {:name => 'VersionCustomField', :partial => 'custom_fields/index', :label => :label_version_plural},
+            {:name => 'UserCustomField', :partial => 'custom_fields/index', :label => :label_user_plural},
+            {:name => 'GroupCustomField', :partial => 'custom_fields/index', :label => :label_group_plural},
+            {:name => 'TimeEntryActivityCustomField', :partial => 'custom_fields/index', :label => TimeEntryActivity::OptionName},
+            {:name => 'IssuePriorityCustomField', :partial => 'custom_fields/index', :label => IssuePriority::OptionName},
+            {:name => 'DocumentCategoryCustomField', :partial => 'custom_fields/index', :label => DocumentCategory::OptionName}
+            ]
  end
-
+  
  # Return custom field html tag corresponding to its format
-  def custom_field_tag(name, custom_value)
+  def custom_field_tag(name, custom_value)	
    custom_field = custom_value.custom_field
    field_name = "#{name}[custom_field_values][#{custom_field.id}]"
-    field_name << "[]" if custom_field.multiple?
    field_id = "#{name}_custom_field_values_#{custom_field.id}"

-    tag_options = {:id => field_id, :class => "#{custom_field.field_format}_cf"}
-
    field_format = Redmine::CustomFieldFormat.find_by_name(custom_field.field_format)
    case field_format.try(:edit_as)
    when "date"
-      text_field_tag(field_name, custom_value.value, tag_options.merge(:size => 10)) +
+      text_field_tag(field_name, custom_value.value, :id => field_id, :size => 10) + 
      calendar_for(field_id)
    when "text"
-      text_area_tag(field_name, custom_value.value, tag_options.merge(:rows => 3))
+      text_area_tag(field_name, custom_value.value, :id => field_id, :rows => 3, :style => 'width:90%')
    when "bool"
-      hidden_field_tag(field_name, '0') + check_box_tag(field_name, '1', custom_value.true?, tag_options)
+      hidden_field_tag(field_name, '0') + check_box_tag(field_name, '1', custom_value.true?, :id => field_id)
    when "list"
-      blank_option = ''.html_safe
-      unless custom_field.multiple?
-        if custom_field.is_required?
-          unless custom_field.default_value.present?
-            blank_option = content_tag('option', "--- #{l(:actionview_instancetag_blank_option)} ---", :value => '')
-          end
-        else
-          blank_option = content_tag('option')
-        end
-      end
-      s = select_tag(field_name, blank_option + options_for_select(custom_field.possible_values_options(custom_value.customized), custom_value.value),
-        tag_options.merge(:multiple => custom_field.multiple?))
-      if custom_field.multiple?
-        s << hidden_field_tag(field_name, '')
-      end
-      s
+      blank_option = custom_field.is_required? ?
+                       (custom_field.default_value.blank? ? "<option value=\"\">--- #{l(:actionview_instancetag_blank_option)} ---</option>" : '') : 
+                       '<option></option>'
+      select_tag(field_name, blank_option + options_for_select(custom_field.possible_values_options(custom_value.customized), custom_value.value), :id => field_id)
    else
-      text_field_tag(field_name, custom_value.value, tag_options)
+      text_field_tag(field_name, custom_value.value, :id => field_id)
    end
  end
-
+  
  # Return custom field label tag
-  def custom_field_label_tag(name, custom_value, options={})
-    required = options[:required] || custom_value.custom_field.is_required?
-
-    content_tag "label", h(custom_value.custom_field.name) +
-      (required ? " <span class=\"required\">*</span>".html_safe : ""),
-      :for => "#{name}_custom_field_values_#{custom_value.custom_field.id}"
+  def custom_field_label_tag(name, custom_value)
+    content_tag "label", custom_value.custom_field.name +
+	(custom_value.custom_field.is_required? ? " <span class=\"required\">*</span>" : ""),
+	:for => "#{name}_custom_field_values_#{custom_value.custom_field.id}",
+	:class => (custom_value.errors.empty? ? nil : "error" )
  end
-
+  
  # Return custom field tag with its label tag
-  def custom_field_tag_with_label(name, custom_value, options={})
-    custom_field_label_tag(name, custom_value, options) + custom_field_tag(name, custom_value)
+  def custom_field_tag_with_label(name, custom_value)
+    custom_field_label_tag(name, custom_value) + custom_field_tag(name, custom_value)
  end
-
+  
  def custom_field_tag_for_bulk_edit(name, custom_field, projects=nil)
    field_name = "#{name}[custom_field_values][#{custom_field.id}]"
-    field_name << "[]" if custom_field.multiple?
    field_id = "#{name}_custom_field_values_#{custom_field.id}"
-
-    tag_options = {:id => field_id, :class => "#{custom_field.field_format}_cf"}
-
    field_format = Redmine::CustomFieldFormat.find_by_name(custom_field.field_format)
    case field_format.try(:edit_as)
      when "date"
-        text_field_tag(field_name, '', tag_options.merge(:size => 10)) +
+        text_field_tag(field_name, '', :id => field_id, :size => 10) + 
        calendar_for(field_id)
      when "text"
-        text_area_tag(field_name, '', tag_options.merge(:rows => 3))
+        text_area_tag(field_name, '', :id => field_id, :rows => 3, :style => 'width:90%')
      when "bool"
        select_tag(field_name, options_for_select([[l(:label_no_change_option), ''],
                                                   [l(:general_text_yes), '1'],
-                                                   [l(:general_text_no), '0']]), tag_options)
+                                                   [l(:general_text_no), '0']]), :id => field_id)
      when "list"
-        options = []
-        options << [l(:label_no_change_option), ''] unless custom_field.multiple?
-        options << [l(:label_none), '__none__'] unless custom_field.is_required?
-        options += custom_field.possible_values_options(projects)
-        select_tag(field_name, options_for_select(options), tag_options.merge(:multiple => custom_field.multiple?))
+        select_tag(field_name, options_for_select([[l(:label_no_change_option), '']] + custom_field.possible_values_options(projects)), :id => field_id)
      else
-        text_field_tag(field_name, '', tag_options)
+        text_field_tag(field_name, '', :id => field_id)
    end
  end

@@ -111,37 +94,23 @@ module CustomFieldsHelper
    return "" unless custom_value
    format_value(custom_value.value, custom_value.custom_field.field_format)
  end
-
+  
  # Return a string used to display a custom value
  def format_value(value, field_format)
-    if value.is_a?(Array)
-      value.collect {|v| format_value(v, field_format)}.compact.sort.join(', ')
-    else
-      Redmine::CustomFieldFormat.format_value(value, field_format)
-    end
+    Redmine::CustomFieldFormat.format_value(value, field_format) # Proxy
  end

  # Return an array of custom field formats which can be used in select_tag
  def custom_field_formats_for_select(custom_field)
    Redmine::CustomFieldFormat.as_select(custom_field.class.customized_class.name)
  end
-
+  
  # Renders the custom_values in api views
  def render_api_custom_values(custom_values, api)
    api.array :custom_fields do
      custom_values.each do |custom_value|
-        attrs = {:id => custom_value.custom_field_id, :name => custom_value.custom_field.name}
-        attrs.merge!(:multiple => true) if custom_value.custom_field.multiple?
-        api.custom_field attrs do
-          if custom_value.value.is_a?(Array)
-            api.array :value do
-              custom_value.value.each do |value|
-                api.value value unless value.blank?
-              end
-            end
-          else
-            api.value custom_value.value
-          end
+        api.custom_field :id => custom_value.custom_field_id, :name => custom_value.custom_field.name do
+          api.value custom_value.value
        end
      end
    end unless custom_values.empty?
--- a/app/helpers/documents_helper.rb
+++ b/app/helpers/documents_helper.rb
@@ -1,18 +1,16 @@
-# encoding: utf-8
-#
-# Redmine - project management software
-# Copyright (C) 2006-2013  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
--- a/app/helpers/enumerations_helper.rb
+++ b/app/helpers/enumerations_helper.rb
@@ -1,18 +1,16 @@
-# encoding: utf-8
-#
-# Redmine - project management software
-# Copyright (C) 2006-2013  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
--- a/app/helpers/gantt_helper.rb
+++ b/app/helpers/gantt_helper.rb
@@ -1,18 +1,16 @@
-# encoding: utf-8
-#
 # Redmine - project management software
-# Copyright (C) 2006-2013  Jean-Philippe Lang
+# Copyright (C) 2006-2011  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
@@ -24,19 +22,19 @@ module GanttHelper
    when :in
      if gantt.zoom < 4
        link_to_content_update l(:text_zoom_in),
-          params.merge(gantt.params.merge(:zoom => (gantt.zoom + 1))),
+          params.merge(gantt.params.merge(:zoom => (gantt.zoom+1))),
          :class => 'icon icon-zoom-in'
      else
-        content_tag(:span, l(:text_zoom_in), :class => 'icon icon-zoom-in').html_safe
+        content_tag('span', l(:text_zoom_in), :class => 'icon icon-zoom-in')
      end
-
+      
    when :out
      if gantt.zoom > 1
        link_to_content_update l(:text_zoom_out),
-          params.merge(gantt.params.merge(:zoom => (gantt.zoom - 1))),
+          params.merge(gantt.params.merge(:zoom => (gantt.zoom-1))),
          :class => 'icon icon-zoom-out'
      else
-        content_tag(:span, l(:text_zoom_out), :class => 'icon icon-zoom-out').html_safe
+        content_tag('span', l(:text_zoom_out), :class => 'icon icon-zoom-out')
      end
    end
  end
--- a/app/helpers/groups_helper.rb
+++ b/app/helpers/groups_helper.rb
@@ -1,42 +1,34 @@
-# encoding: utf-8
-#
 # Redmine - project management software
-# Copyright (C) 2006-2013  Jean-Philippe Lang
+# Copyright (C) 2006-2009  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 module GroupsHelper
+  # Options for the new membership projects combo-box
+  def options_for_membership_project_select(user, projects)
+    options = content_tag('option', "--- #{l(:actionview_instancetag_blank_option)} ---")
+    options << project_tree_options_for_select(projects) do |p|
+      {:disabled => (user.projects.include?(p))}
+    end
+    options
+  end
+  
  def group_settings_tabs
    tabs = [{:name => 'general', :partial => 'groups/general', :label => :label_general},
            {:name => 'users', :partial => 'groups/users', :label => :label_user_plural},
            {:name => 'memberships', :partial => 'groups/memberships', :label => :label_project_plural}
            ]
  end
-
-  def render_principals_for_new_group_users(group)
-    scope = User.active.sorted.not_in_group(group).like(params[:q])
-    principal_count = scope.count
-    principal_pages = Redmine::Pagination::Paginator.new principal_count, 100, params['page']
-    principals = scope.offset(principal_pages.offset).limit(principal_pages.per_page).all
-
-    s = content_tag('div', principals_check_box_tags('user_ids[]', principals), :id => 'principals')
-
-    links = pagination_links_full(principal_pages, principal_count, :per_page_links => false) {|text, parameters, options|
-      link_to text, autocomplete_for_user_group_path(group, parameters.merge(:q => params[:q], :format => 'js')), :remote => true
-    }
-
-    s + content_tag('p', links, :class => 'pagination')
-  end
 end
--- a/app/helpers/issue_categories_helper.rb
+++ b/app/helpers/issue_categories_helper.rb
@@ -1,18 +1,16 @@
-# encoding: utf-8
-#
-# Redmine - project management software
-# Copyright (C) 2006-2013  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
--- a/app/helpers/issue_moves_helper.rb
+++ b/app/helpers/issue_moves_helper.rb
@@ -0,0 +1,2 @@
+module IssueMovesHelper
+end
--- a/app/helpers/issue_relations_helper.rb
+++ b/app/helpers/issue_relations_helper.rb
@@ -1,18 +1,16 @@
-# encoding: utf-8
-#
-# Redmine - project management software
-# Copyright (C) 2006-2013  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006-2007  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
--- a/app/helpers/issue_statuses_helper.rb
+++ b/app/helpers/issue_statuses_helper.rb
@@ -1,18 +1,16 @@
-# encoding: utf-8
-#
-# Redmine - project management software
-# Copyright (C) 2006-2013  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
--- a/app/helpers/issues_helper.rb
+++ b/app/helpers/issues_helper.rb
@@ -1,7 +1,5 @@
-# encoding: utf-8
-#
 # Redmine - project management software
-# Copyright (C) 2006-2013  Jean-Philippe Lang
+# Copyright (C) 2006-2011  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
@@ -48,13 +46,13 @@ module IssuesHelper
    @cached_label_priority ||= l(:field_priority)
    @cached_label_project ||= l(:field_project)

-    link_to_issue(issue) + "<br /><br />".html_safe +
-      "<strong>#{@cached_label_project}</strong>: #{link_to_project(issue.project)}<br />".html_safe +
-      "<strong>#{@cached_label_status}</strong>: #{h(issue.status.name)}<br />".html_safe +
-      "<strong>#{@cached_label_start_date}</strong>: #{format_date(issue.start_date)}<br />".html_safe +
-      "<strong>#{@cached_label_due_date}</strong>: #{format_date(issue.due_date)}<br />".html_safe +
-      "<strong>#{@cached_label_assigned_to}</strong>: #{h(issue.assigned_to)}<br />".html_safe +
-      "<strong>#{@cached_label_priority}</strong>: #{h(issue.priority.name)}".html_safe
+    link_to_issue(issue) + "<br /><br />" +
+      "<strong>#{@cached_label_project}</strong>: #{link_to_project(issue.project)}<br />" +
+      "<strong>#{@cached_label_status}</strong>: #{issue.status.name}<br />" +
+      "<strong>#{@cached_label_start_date}</strong>: #{format_date(issue.start_date)}<br />" +
+      "<strong>#{@cached_label_due_date}</strong>: #{format_date(issue.due_date)}<br />" +
+      "<strong>#{@cached_label_assigned_to}</strong>: #{issue.assigned_to}<br />" +
+      "<strong>#{@cached_label_priority}</strong>: #{issue.priority.name}"
  end

  def issue_heading(issue)
@@ -65,7 +63,7 @@ module IssuesHelper
    s = ''
    ancestors = issue.root? ? [] : issue.ancestors.visible.all
    ancestors.each do |ancestor|
-      s << '<div>' + content_tag('p', link_to_issue(ancestor, :project => (issue.project_id != ancestor.project_id)))
+      s << '<div>' + content_tag('p', link_to_issue(ancestor))
    end
    s << '<div>'
    subject = h(issue.subject)
@@ -74,75 +72,22 @@ module IssuesHelper
    end
    s << content_tag('h3', subject)
    s << '</div>' * (ancestors.size + 1)
-    s.html_safe
+    s
  end

  def render_descendants_tree(issue)
    s = '<form><table class="list issues">'
    issue_list(issue.descendants.visible.sort_by(&:lft)) do |child, level|
-      css = "issue issue-#{child.id} hascontextmenu"
-      css << " idnt idnt-#{level}" if level > 0
      s << content_tag('tr',
             content_tag('td', check_box_tag("ids[]", child.id, false, :id => nil), :class => 'checkbox') +
-             content_tag('td', link_to_issue(child, :truncate => 60, :project => (issue.project_id != child.project_id)), :class => 'subject') +
+             content_tag('td', link_to_issue(child, :truncate => 60), :class => 'subject') +
             content_tag('td', h(child.status)) +
             content_tag('td', link_to_user(child.assigned_to)) +
             content_tag('td', progress_bar(child.done_ratio, :width => '80px')),
-             :class => css)
+             :class => "issue issue-#{child.id} hascontextmenu #{level > 0 ? "idnt idnt-#{level}" : nil}")
    end
-    s << '</table></form>'
-    s.html_safe
-  end
-
-  # Returns a link for adding a new subtask to the given issue
-  def link_to_new_subtask(issue)
-    attrs = {
-      :tracker_id => issue.tracker,
-      :parent_issue_id => issue
-    }
-    link_to(l(:button_add), new_project_issue_path(issue.project, :issue => attrs))
-  end
-
-  class IssueFieldsRows
-    include ActionView::Helpers::TagHelper
-
-    def initialize
-      @left = []
-      @right = []
-    end
-
-    def left(*args)
-      args.any? ? @left << cells(*args) : @left
-    end
-
-    def right(*args)
-      args.any? ? @right << cells(*args) : @right
-    end
-
-    def size
-      @left.size > @right.size ? @left.size : @right.size
-    end
-
-    def to_html
-      html = ''.html_safe
-      blank = content_tag('th', '') + content_tag('td', '')
-      size.times do |i|
-        left = @left[i] || blank
-        right = @right[i] || blank
-        html << content_tag('tr', left + right)
-      end
-      html
-    end
-
-    def cells(label, text, options={})
-      content_tag('th', "#{label}:", options) + content_tag('td', text, options)
-    end
-  end
-
-  def issue_fields_rows
-    r = IssueFieldsRows.new
-    yield r
-    r.to_html
+    s << '</form></table>'
+    s
  end

  def render_custom_fields_rows(issue)
@@ -161,7 +106,7 @@ module IssuesHelper
      n += 1
    end
    s << "</tr>\n"
-    s.html_safe
+    s
  end

  def issues_destroy_confirmation_message(issues)
@@ -184,11 +129,14 @@ module IssuesHelper

  def sidebar_queries
    unless @sidebar_queries
-      @sidebar_queries = IssueQuery.visible.all(
-        :order => "#{Query.table_name}.name ASC",
-        # Project specific queries and global queries
-        :conditions => (@project.nil? ? ["project_id IS NULL"] : ["project_id IS NULL OR project_id = ?", @project.id])
-      )
+      # User can see public queries and his own queries
+      visible = ARCondition.new(["is_public = ? OR user_id = ?", true, (User.current.logged? ? User.current.id : 0)])
+      # Project specific queries and global queries
+      visible << (@project.nil? ? ["project_id IS NULL"] : ["project_id IS NULL OR project_id = ?", @project.id])
+      @sidebar_queries = Query.find(:all,
+                                    :select => 'id, name, is_public',
+                                    :order => "name ASC",
+                                    :conditions => visible.conditions)
    end
    @sidebar_queries
  end
@@ -197,16 +145,14 @@ module IssuesHelper
    # links to #index on issues/show
    url_params = controller_name == 'issues' ? {:controller => 'issues', :action => 'index', :project_id => @project} : params

-    content_tag('h3', h(title)) +
+    content_tag('h3', title) +
      queries.collect {|query|
-          css = 'query'
-          css << ' selected' if query == @query
-          link_to(h(query.name), url_params.merge(:query_id => query), :class => css)
-        }.join('<br />').html_safe
+          link_to(h(query.name), url_params.merge(:query_id => query))
+        }.join('<br />')
  end

  def render_sidebar_queries
-    out = ''.html_safe
+    out = ''
    queries = sidebar_queries.select {|q| !q.is_public?}
    out << query_links(l(:label_my_queries), queries) if queries.any?
    queries = sidebar_queries.select {|q| q.is_public?}
@@ -214,98 +160,36 @@ module IssuesHelper
    out
  end

-  def email_issue_attributes(issue)
-    items = []
-    %w(author status priority assigned_to category fixed_version).each do |attribute|
-      unless issue.disabled_core_fields.include?(attribute+"_id")
-        items << "#{l("field_#{attribute}")}: #{issue.send attribute}"
-      end
-    end
-    issue.custom_field_values.each do |value|
-      items << "#{value.custom_field.name}: #{show_value(value)}"
-    end
-    items
-  end
-
-  def render_email_issue_attributes(issue, html=false)
-    items = email_issue_attributes(issue)
-    if html
-      content_tag('ul', items.map{|s| content_tag('li', s)}.join("\n").html_safe)
-    else
-      items.map{|s| "* #{s}"}.join("\n")
-    end
-  end
-
-  # Returns the textual representation of a journal details
-  # as an array of strings
-  def details_to_strings(details, no_html=false, options={})
-    options[:only_path] = (options[:only_path] == false ? false : true)
-    strings = []
-    values_by_field = {}
-    details.each do |detail|
-      if detail.property == 'cf'
-        field_id = detail.prop_key
-        field = CustomField.find_by_id(field_id)
-        if field && field.multiple?
-          values_by_field[field_id] ||= {:added => [], :deleted => []}
-          if detail.old_value
-            values_by_field[field_id][:deleted] << detail.old_value
-          end
-          if detail.value
-            values_by_field[field_id][:added] << detail.value
-          end
-          next
-        end
-      end
-      strings << show_detail(detail, no_html, options)
-    end
-    values_by_field.each do |field_id, changes|
-      detail = JournalDetail.new(:property => 'cf', :prop_key => field_id)
-      if changes[:added].any?
-        detail.value = changes[:added]
-        strings << show_detail(detail, no_html, options)
-      elsif changes[:deleted].any?
-        detail.old_value = changes[:deleted]
-        strings << show_detail(detail, no_html, options)
-      end
-    end
-    strings
-  end
-
-  # Returns the textual representation of a single journal detail
-  def show_detail(detail, no_html=false, options={})
-    multiple = false
+  def show_detail(detail, no_html=false)
    case detail.property
    when 'attr'
      field = detail.prop_key.to_s.gsub(/\_id$/, "")
      label = l(("field_" + field).to_sym)
-      case detail.prop_key
-      when 'due_date', 'start_date'
+      case
+      when ['due_date', 'start_date'].include?(detail.prop_key)
        value = format_date(detail.value.to_date) if detail.value
        old_value = format_date(detail.old_value.to_date) if detail.old_value

-      when 'project_id', 'status_id', 'tracker_id', 'assigned_to_id',
-            'priority_id', 'category_id', 'fixed_version_id'
+      when ['project_id', 'status_id', 'tracker_id', 'assigned_to_id', 'priority_id', 'category_id', 'fixed_version_id'].include?(detail.prop_key)
        value = find_name_by_reflection(field, detail.value)
        old_value = find_name_by_reflection(field, detail.old_value)

-      when 'estimated_hours'
+      when detail.prop_key == 'estimated_hours'
        value = "%0.02f" % detail.value.to_f unless detail.value.blank?
        old_value = "%0.02f" % detail.old_value.to_f unless detail.old_value.blank?

-      when 'parent_id'
+      when detail.prop_key == 'parent_id'
        label = l(:field_parent_issue)
        value = "##{detail.value}" unless detail.value.blank?
        old_value = "##{detail.old_value}" unless detail.old_value.blank?

-      when 'is_private'
+      when detail.prop_key == 'is_private'
        value = l(detail.value == "0" ? :general_text_No : :general_text_Yes) unless detail.value.blank?
        old_value = l(detail.old_value == "0" ? :general_text_No : :general_text_Yes) unless detail.old_value.blank?
      end
    when 'cf'
      custom_field = CustomField.find_by_id(detail.prop_key)
      if custom_field
-        multiple = custom_field.multiple?
        label = custom_field.name
        value = format_value(detail.value, custom_field.field_format) if detail.value
        old_value = format_value(detail.old_value, custom_field.field_format) if detail.old_value
@@ -313,8 +197,7 @@ module IssuesHelper
    when 'attachment'
      label = l(:label_attachment)
    end
-    call_hook(:helper_issues_show_detail_after_setting,
-              {:detail => detail, :label => label, :value => value, :old_value => old_value })
+    call_hook(:helper_issues_show_detail_after_setting, {:detail => detail, :label => label, :value => value, :old_value => old_value })

    label ||= detail.prop_key
    value ||= detail.value
@@ -323,17 +206,10 @@ module IssuesHelper
    unless no_html
      label = content_tag('strong', label)
      old_value = content_tag("i", h(old_value)) if detail.old_value
-      old_value = content_tag("del", old_value) if detail.old_value and detail.value.blank?
-      if detail.property == 'attachment' && !value.blank? && atta = Attachment.find_by_id(detail.prop_key)
+      old_value = content_tag("strike", old_value) if detail.old_value and (!detail.value or detail.value.empty?)
+      if detail.property == 'attachment' && !value.blank? && a = Attachment.find_by_id(detail.prop_key)
        # Link to the attachment if it has not been removed
-        value = link_to_attachment(atta, :download => true, :only_path => options[:only_path])
-        if options[:only_path] != false && atta.is_text?
-          value += link_to(
-                       image_tag('magnifier.png'),
-                       :controller => 'attachments', :action => 'show',
-                       :id => atta, :filename => atta.filename
-                     )
-        end
+        value = link_to_attachment(a)
      else
        value = content_tag("i", h(value)) if value
      end
@@ -343,42 +219,33 @@ module IssuesHelper
      s = l(:text_journal_changed_no_detail, :label => label)
      unless no_html
        diff_link = link_to 'diff',
-          {:controller => 'journals', :action => 'diff', :id => detail.journal_id,
-           :detail_id => detail.id, :only_path => options[:only_path]},
+          {:controller => 'journals', :action => 'diff', :id => detail.journal_id, :detail_id => detail.id},
          :title => l(:label_view_diff)
        s << " (#{ diff_link })"
      end
-      s.html_safe
-    elsif detail.value.present?
+      s
+    elsif !detail.value.blank?
      case detail.property
      when 'attr', 'cf'
-        if detail.old_value.present?
-          l(:text_journal_changed, :label => label, :old => old_value, :new => value).html_safe
-        elsif multiple
-          l(:text_journal_added, :label => label, :value => value).html_safe
+        if !detail.old_value.blank?
+          l(:text_journal_changed, :label => label, :old => old_value, :new => value)
        else
-          l(:text_journal_set_to, :label => label, :value => value).html_safe
+          l(:text_journal_set_to, :label => label, :value => value)
        end
      when 'attachment'
-        l(:text_journal_added, :label => label, :value => value).html_safe
+        l(:text_journal_added, :label => label, :value => value)
      end
    else
-      l(:text_journal_deleted, :label => label, :old => old_value).html_safe
+      l(:text_journal_deleted, :label => label, :old => old_value)
    end
  end

  # Find the name of an associated record stored in the field attribute
  def find_name_by_reflection(field, id)
-    unless id.present?
-      return nil
-    end
    association = Issue.reflect_on_association(field.to_sym)
    if association
      record = association.class_name.constantize.find_by_id(id)
-      if record
-        record.name.force_encoding('UTF-8') if record.name.respond_to?(:force_encoding)
-        return record.name
-      end
+      return record.name if record
    end
  end

@@ -395,4 +262,62 @@ module IssuesHelper
      end
    end
  end
+
+  def issues_to_csv(issues, project = nil)
+    ic = Iconv.new(l(:general_csv_encoding), 'UTF-8')
+    decimal_separator = l(:general_csv_decimal_separator)
+    export = FCSV.generate(:col_sep => l(:general_csv_separator)) do |csv|
+      # csv header fields
+      headers = [ "#",
+                  l(:field_status),
+                  l(:field_project),
+                  l(:field_tracker),
+                  l(:field_priority),
+                  l(:field_subject),
+                  l(:field_assigned_to),
+                  l(:field_category),
+                  l(:field_fixed_version),
+                  l(:field_author),
+                  l(:field_start_date),
+                  l(:field_due_date),
+                  l(:field_done_ratio),
+                  l(:field_estimated_hours),
+                  l(:field_parent_issue),
+                  l(:field_created_on),
+                  l(:field_updated_on)
+                  ]
+      # Export project custom fields if project is given
+      # otherwise export custom fields marked as "For all projects"
+      custom_fields = project.nil? ? IssueCustomField.for_all : project.all_issue_custom_fields
+      custom_fields.each {|f| headers << f.name}
+      # Description in the last column
+      headers << l(:field_description)
+      csv << headers.collect {|c| begin; ic.iconv(c.to_s); rescue; c.to_s; end }
+      # csv lines
+      issues.each do |issue|
+        fields = [issue.id,
+                  issue.status.name,
+                  issue.project.name,
+                  issue.tracker.name,
+                  issue.priority.name,
+                  issue.subject,
+                  issue.assigned_to,
+                  issue.category,
+                  issue.fixed_version,
+                  issue.author.name,
+                  format_date(issue.start_date),
+                  format_date(issue.due_date),
+                  issue.done_ratio,
+                  issue.estimated_hours.to_s.gsub('.', decimal_separator),
+                  issue.parent_id,
+                  format_time(issue.created_on),
+                  format_time(issue.updated_on)
+                  ]
+        custom_fields.each {|f| fields << show_value(issue.custom_value_for(f)) }
+        fields << issue.description
+        csv << fields.collect {|c| begin; ic.iconv(c.to_s); rescue; c.to_s; end }
+      end
+    end
+    export
+  end
 end
--- a/app/helpers/journals_helper.rb
+++ b/app/helpers/journals_helper.rb
@@ -1,18 +1,16 @@
-# encoding: utf-8
-#
-# Redmine - project management software
-# Copyright (C) 2006-2013  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006-2008  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
@@ -23,24 +21,22 @@ module JournalsHelper
    editable = User.current.logged? && (User.current.allowed_to?(:edit_issue_notes, issue.project) || (journal.user == User.current && User.current.allowed_to?(:edit_own_issue_notes, issue.project)))
    links = []
    if !journal.notes.blank?
-      links << link_to(image_tag('comment.png'),
-                       {:controller => 'journals', :action => 'new', :id => issue, :journal_id => journal},
-                       :remote => true,
-                       :method => 'post',
-                       :title => l(:button_quote)) if options[:reply_links]
-      links << link_to_in_place_notes_editor(image_tag('edit.png'), "journal-#{journal.id}-notes",
-                                             { :controller => 'journals', :action => 'edit', :id => journal, :format => 'js' },
+      links << link_to_remote(image_tag('comment.png'),
+                              { :url => {:controller => 'journals', :action => 'new', :id => issue, :journal_id => journal} },
+                              :title => l(:button_quote)) if options[:reply_links]
+      links << link_to_in_place_notes_editor(image_tag('edit.png'), "journal-#{journal.id}-notes", 
+                                             { :controller => 'journals', :action => 'edit', :id => journal },
                                                :title => l(:button_edit)) if editable
    end
-    content << content_tag('div', links.join(' ').html_safe, :class => 'contextual') unless links.empty?
+    content << content_tag('div', links.join(' '), :class => 'contextual') unless links.empty?
    content << textilizable(journal, :notes)
    css_classes = "wiki"
    css_classes << " editable" if editable
-    content_tag('div', content.html_safe, :id => "journal-#{journal.id}-notes", :class => css_classes)
+    content_tag('div', content, :id => "journal-#{journal.id}-notes", :class => css_classes)
  end
-
+  
  def link_to_in_place_notes_editor(text, field_id, url, options={})
-    onclick = "$.ajax({url: '#{url_for(url)}', type: 'get'}); return false;"
+    onclick = "new Ajax.Request('#{url_for(url)}', {asynchronous:true, evalScripts:true, method:'get'}); return false;"
    link_to text, '#', options.merge(:onclick => onclick)
  end
 end
--- a/app/helpers/mail_handler_helper.rb
+++ b/app/helpers/mail_handler_helper.rb
@@ -1,18 +1,16 @@
-# encoding: utf-8
-#
-# Redmine - project management software
-# Copyright (C) 2006-2013  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006-2008  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
--- a/app/helpers/members_helper.rb
+++ b/app/helpers/members_helper.rb
@@ -1,35 +1,19 @@
-# encoding: utf-8
-#
-# Redmine - project management software
-# Copyright (C) 2006-2013  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 module MembersHelper
-  def render_principals_for_new_members(project)
-    scope = Principal.active.sorted.not_member_of(project).like(params[:q])
-    principal_count = scope.count
-    principal_pages = Redmine::Pagination::Paginator.new principal_count, 100, params['page']
-    principals = scope.offset(principal_pages.offset).limit(principal_pages.per_page).all
-
-    s = content_tag('div', principals_check_box_tags('membership[user_ids][]', principals), :id => 'principals')
-
-    links = pagination_links_full(principal_pages, principal_count, :per_page_links => false) {|text, parameters, options|
-      link_to text, autocomplete_project_memberships_path(project, parameters.merge(:q => params[:q], :format => 'js')), :remote => true
-    }
-
-    s + content_tag('p', links, :class => 'pagination')
-  end
 end
--- a/app/helpers/messages_helper.rb
+++ b/app/helpers/messages_helper.rb
@@ -1,18 +1,16 @@
-# encoding: utf-8
-#
-# Redmine - project management software
-# Copyright (C) 2006-2013  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006-2007  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
--- a/app/helpers/my_helper.rb
+++ b/app/helpers/my_helper.rb
@@ -1,71 +1,19 @@
-# encoding: utf-8
-#
-# Redmine - project management software
-# Copyright (C) 2006-2013  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 module MyHelper
-  def calendar_items(startdt, enddt)
-    Issue.visible.
-      where(:project_id => User.current.projects.map(&:id)).
-      where("(start_date>=? and start_date<=?) or (due_date>=? and due_date<=?)", startdt, enddt, startdt, enddt).
-      includes(:project, :tracker, :priority, :assigned_to).
-      all
-  end
-
-  def documents_items
-    Document.visible.order("#{Document.table_name}.created_on DESC").limit(10).all
-  end
-
-  def issuesassignedtome_items
-    Issue.visible.open.
-      where(:assigned_to_id => ([User.current.id] + User.current.group_ids)).
-      limit(10).
-      includes(:status, :project, :tracker, :priority).
-      order("#{IssuePriority.table_name}.position DESC, #{Issue.table_name}.updated_on DESC").
-      all
-  end
-
-  def issuesreportedbyme_items
-    Issue.visible.
-      where(:author_id => User.current.id).
-      limit(10).
-      includes(:status, :project, :tracker).
-      order("#{Issue.table_name}.updated_on DESC").
-      all
-  end
-
-  def issueswatched_items
-    Issue.visible.on_active_project.watched_by(User.current.id).recently_updated.limit(10).all
-  end
-
-  def news_items
-    News.visible.
-      where(:project_id => User.current.projects.map(&:id)).
-      limit(10).
-      includes(:project, :author).
-      order("#{News.table_name}.created_on DESC").
-      all
-  end
-
-  def timelog_items
-    TimeEntry.
-      where("#{TimeEntry.table_name}.user_id = ? AND #{TimeEntry.table_name}.spent_on BETWEEN ? AND ?", User.current.id, Date.today - 6, Date.today).
-      includes(:activity, :project, {:issue => [:tracker, :status]}).
-      order("#{TimeEntry.table_name}.spent_on DESC, #{Project.table_name}.name ASC, #{Tracker.table_name}.position ASC, #{Issue.table_name}.id ASC").
-      all
-  end
 end
--- a/app/helpers/news_helper.rb
+++ b/app/helpers/news_helper.rb
@@ -1,18 +1,16 @@
-# encoding: utf-8
-#
-# Redmine - project management software
-# Copyright (C) 2006-2013  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
--- a/app/helpers/projects_helper.rb
+++ b/app/helpers/projects_helper.rb
@@ -1,7 +1,5 @@
-# encoding: utf-8
-#
 # Redmine - project management software
-# Copyright (C) 2006-2013  Jean-Philippe Lang
+# Copyright (C) 2006-2011  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
@@ -30,7 +28,7 @@ module ProjectsHelper
            {:name => 'versions', :action => :manage_versions, :partial => 'projects/settings/versions', :label => :label_version_plural},
            {:name => 'categories', :action => :manage_categories, :partial => 'projects/settings/issue_categories', :label => :label_issue_category_plural},
            {:name => 'wiki', :action => :manage_wiki, :partial => 'projects/settings/wiki', :label => :label_wiki},
-            {:name => 'repositories', :action => :manage_repository, :partial => 'projects/settings/repositories', :label => :label_repository_plural},
+            {:name => 'repository', :action => :manage_repository, :partial => 'projects/settings/repository', :label => :label_repository},
            {:name => 'boards', :action => :manage_boards, :partial => 'projects/settings/boards', :label => :label_board_plural},
            {:name => 'activities', :action => :manage_project_activities, :partial => 'projects/settings/activities', :label => :enumeration_activities}
            ]
@@ -48,18 +46,41 @@ module ProjectsHelper
    options = ''
    options << "<option value=''></option>" if project.allowed_parents.include?(nil)
    options << project_tree_options_for_select(project.allowed_parents.compact, :selected => selected)
-    content_tag('select', options.html_safe, :name => 'project[parent_id]', :id => 'project_parent_id')
+    content_tag('select', options, :name => 'project[parent_id]', :id => 'project_parent_id')
  end

-  # Renders the projects index
+  # Renders a tree of projects as a nested set of unordered lists
+  # The given collection may be a subset of the whole project tree
+  # (eg. some intermediate nodes are private and can not be seen)
  def render_project_hierarchy(projects)
-    render_project_nested_lists(projects) do |project|
-      s = link_to_project(project, {}, :class => "#{project.css_classes} #{User.current.member_of?(project) ? 'my-project' : nil}")
-      if project.description.present?
-        s << content_tag('div', textilizable(project.short_description, :project => project), :class => 'wiki description')
+    s = ''
+    if projects.any?
+      ancestors = []
+      original_project = @project
+      projects.each do |project|
+        # set the project environment to please macros.
+        @project = project
+        if (ancestors.empty? || project.is_descendant_of?(ancestors.last))
+          s << "<ul class='projects #{ ancestors.empty? ? 'root' : nil}'>\n"
+        else
+          ancestors.pop
+          s << "</li>"
+          while (ancestors.any? && !project.is_descendant_of?(ancestors.last))
+            ancestors.pop
+            s << "</ul></li>\n"
+          end
+        end
+        classes = (ancestors.empty? ? 'root' : 'child')
+        s << "<li class='#{classes}'><div class='#{classes}'>" +
+               link_to_project(project, {}, :class => "project #{User.current.member_of?(project) ? 'my-project' : nil}")
+        s << "<div class='wiki description'>#{textilizable(project.short_description, :project => project)}</div>" unless project.description.blank?
+        s << "</div>\n"
+        ancestors << project
      end
-      s
+      s << ("</li></ul>\n" * ancestors.size)
+      @project = original_project
    end
+    s
  end

  # Returns a set of options for a select field, grouped by project.
@@ -68,6 +89,10 @@ module ProjectsHelper
    versions.each do |version|
      grouped[version.project.name] << [version.name, version.id]
    end
+    # Add in the selected
+    if selected && !versions.include?(selected)
+      grouped[selected.project.name] << [selected.name, selected.id]
+    end

    if grouped.keys.size > 1
      grouped_options_for_select(grouped, selected && selected.id)
--- a/app/helpers/queries_helper.rb
+++ b/app/helpers/queries_helper.rb
@@ -1,101 +1,39 @@
-# encoding: utf-8
-#
 # Redmine - project management software
-# Copyright (C) 2006-2013  Jean-Philippe Lang
+# Copyright (C) 2006-2011  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 module QueriesHelper
-  def filters_options_for_select(query)
-    options_for_select(filters_options(query))
-  end
-
-  def filters_options(query)
-    options = [[]]
-    options += query.available_filters.map do |field, field_options|
-      [field_options[:name], field]
-    end
-  end
-
-  def query_filters_hidden_tags(query)
-    tags = ''.html_safe
-    query.filters.each do |field, options|
-      tags << hidden_field_tag("f[]", field, :id => nil)
-      tags << hidden_field_tag("op[#{field}]", options[:operator], :id => nil)
-      options[:values].each do |value|
-        tags << hidden_field_tag("v[#{field}][]", value, :id => nil)
-      end
-    end
-    tags
-  end
-
-  def query_columns_hidden_tags(query)
-    tags = ''.html_safe
-    query.columns.each do |column|
-      tags << hidden_field_tag("c[]", column.name, :id => nil)
-    end
-    tags
-  end
-
-  def query_hidden_tags(query)
-    query_filters_hidden_tags(query) + query_columns_hidden_tags(query)
-  end
-
-  def available_block_columns_tags(query)
-    tags = ''.html_safe
-    query.available_block_columns.each do |column|
-      tags << content_tag('label', check_box_tag('c[]', column.name.to_s, query.has_column?(column)) + " #{column.caption}", :class => 'inline')
-    end
-    tags
-  end
-
-  def query_available_inline_columns_options(query)
-    (query.available_inline_columns - query.columns).reject(&:frozen?).collect {|column| [column.caption, column.name]}
-  end
-
-  def query_selected_inline_columns_options(query)
-    (query.inline_columns & query.available_inline_columns).reject(&:frozen?).collect {|column| [column.caption, column.name]}
-  end
-
-  def render_query_columns_selection(query, options={})
-    tag_name = (options[:name] || 'c') + '[]'
-    render :partial => 'queries/columns', :locals => {:query => query, :tag_name => tag_name}
-  end
-
-  def column_header(column)
-    column.sortable ? sort_header_tag(column.name.to_s, :caption => column.caption,
-                                                        :default_order => column.default_order) :
-                      content_tag('th', h(column.caption))
-  end
-
-  def column_content(column, issue)
-    value = column.value(issue)
-    if value.is_a?(Array)
-      value.collect {|v| column_value(column, issue, v)}.compact.join(', ').html_safe
-    else
-      column_value(column, issue, value)
-    end
+  
+  def operators_for_select(filter_type)
+    Query.operators_by_filter_type[filter_type].collect {|o| [l(Query.operators[o]), o]}
  end
  
-  def column_value(column, issue, value)
+  def column_header(column)
+    column.sortable ? sort_header_tag(column.name.to_s, :caption => column.caption,
+                                                        :default_order => column.default_order) : 
+                      content_tag('th', column.caption)
+  end
+  
+  def column_content(column, issue)
+    value = column.value(issue)
+    
    case value.class.name
    when 'String'
      if column.name == :subject
        link_to(h(value), :controller => 'issues', :action => 'show', :id => issue)
-      elsif column.name == :description
-        issue.description? ? content_tag('div', textilizable(issue, :description), :class => "wiki") : ''
      else
        h(value)
      end
@@ -103,16 +41,12 @@ module QueriesHelper
      format_time(value)
    when 'Date'
      format_date(value)
-    when 'Fixnum'
-      if column.name == :id
-        link_to value, issue_path(issue)
-      elsif column.name == :done_ratio
+    when 'Fixnum', 'Float'
+      if column.name == :done_ratio
        progress_bar(value, :width => '80px')
      else
        value.to_s
      end
-    when 'Float'
-      sprintf "%.2f", value
    when 'User'
      link_to_user value
    when 'Project'
@@ -124,100 +58,43 @@ module QueriesHelper
    when 'FalseClass'
      l(:general_text_No)
    when 'Issue'
-      value.visible? ? link_to_issue(value) : "##{value.id}"
-    when 'IssueRelation'
-      other = value.other_issue(issue)
-      content_tag('span',
-        (l(value.label_for(issue)) + " " + link_to_issue(other, :subject => false, :tracker => false)).html_safe,
-        :class => value.css_classes_for(issue))
+      link_to_issue(value, :subject => false)
    else
      h(value)
    end
  end

-  def csv_content(column, issue)
-    value = column.value(issue)
-    if value.is_a?(Array)
-      value.collect {|v| csv_value(column, issue, v)}.compact.join(', ')
-    else
-      csv_value(column, issue, value)
-    end
-  end
-
-  def csv_value(column, issue, value)
-    case value.class.name
-    when 'Time'
-      format_time(value)
-    when 'Date'
-      format_date(value)
-    when 'Float'
-      sprintf("%.2f", value).gsub('.', l(:general_csv_decimal_separator))
-    when 'IssueRelation'
-      other = value.other_issue(issue)
-      l(value.label_for(issue)) + " ##{other.id}"
-    else
-      value.to_s
-    end
-  end
-
-  def query_to_csv(items, query, options={})
-    encoding = l(:general_csv_encoding)
-    columns = (options[:columns] == 'all' ? query.available_inline_columns : query.inline_columns)
-    query.available_block_columns.each do |column|
-      if options[column.name].present?
-        columns << column
-      end
-    end
-
-    export = FCSV.generate(:col_sep => l(:general_csv_separator)) do |csv|
-      # csv header fields
-      csv << columns.collect {|c| Redmine::CodesetUtil.from_utf8(c.caption.to_s, encoding) }
-      # csv lines
-      items.each do |item|
-        csv << columns.collect {|c| Redmine::CodesetUtil.from_utf8(csv_content(c, item), encoding) }
-      end
-    end
-    export
-  end
-
  # Retrieve query from session or build a new query
  def retrieve_query
    if !params[:query_id].blank?
      cond = "project_id IS NULL"
      cond << " OR project_id = #{@project.id}" if @project
-      @query = IssueQuery.find(params[:query_id], :conditions => cond)
+      @query = Query.find(params[:query_id], :conditions => cond)
      raise ::Unauthorized unless @query.visible?
      @query.project = @project
      session[:query] = {:id => @query.id, :project_id => @query.project_id}
      sort_clear
-    elsif api_request? || params[:set_filter] || session[:query].nil? || session[:query][:project_id] != (@project ? @project.id : nil)
-      # Give it a name, required to be valid
-      @query = IssueQuery.new(:name => "_")
-      @query.project = @project
-      @query.build_from_params(params)
-      session[:query] = {:project_id => @query.project_id, :filters => @query.filters, :group_by => @query.group_by, :column_names => @query.column_names}
    else
-      # retrieve from session
-      @query = IssueQuery.find_by_id(session[:query][:id]) if session[:query][:id]
-      @query ||= IssueQuery.new(:name => "_", :filters => session[:query][:filters], :group_by => session[:query][:group_by], :column_names => session[:query][:column_names])
-      @query.project = @project
-    end
-  end
-
-  def retrieve_query_from_session
-    if session[:query]
-      if session[:query][:id]
-        @query = IssueQuery.find_by_id(session[:query][:id])
-        return unless @query
-      else
-        @query = IssueQuery.new(:name => "_", :filters => session[:query][:filters], :group_by => session[:query][:group_by], :column_names => session[:query][:column_names])
-      end
-      if session[:query].has_key?(:project_id)
-        @query.project_id = session[:query][:project_id]
+      if api_request? || params[:set_filter] || session[:query].nil? || session[:query][:project_id] != (@project ? @project.id : nil)
+        # Give it a name, required to be valid
+        @query = Query.new(:name => "_")
+        @query.project = @project
+        if params[:fields] || params[:f]
+          @query.filters = {}
+          @query.add_filters(params[:fields] || params[:f], params[:operators] || params[:op], params[:values] || params[:v])
+        else
+          @query.available_filters.keys.each do |field|
+            @query.add_short_filter(field, params[field]) if params[field]
+          end
+        end
+        @query.group_by = params[:group_by]
+        @query.column_names = params[:c] || (params[:query] && params[:query][:column_names])
+        session[:query] = {:project_id => @query.project_id, :filters => @query.filters, :group_by => @query.group_by, :column_names => @query.column_names}
      else
+        @query = Query.find_by_id(session[:query][:id]) if session[:query][:id]
+        @query ||= Query.new(:name => "_", :project => @project, :filters => session[:query][:filters], :group_by => session[:query][:group_by], :column_names => session[:query][:column_names])
        @query.project = @project
      end
-      @query
    end
  end
 end
--- a/app/helpers/reports_helper.rb
+++ b/app/helpers/reports_helper.rb
@@ -1,7 +1,5 @@
-# encoding: utf-8
-#
 # Redmine - project management software
-# Copyright (C) 2006-2013  Jean-Philippe Lang
+# Copyright (C) 2006-2011  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
@@ -24,7 +22,7 @@ module ReportsHelper
    data.each { |row|
      match = 1
      criteria.each { |k, v|
-        match = 0 unless (row[k].to_s == v.to_s) || (k == 'closed' &&  (v == 0 ? ['f', false] : ['t', true]).include?(row[k]))
+        match = 0 unless (row[k].to_s == v.to_s) || (k == 'closed' && row[k] == (v == 0 ? "f" : "t"))
      } unless criteria.nil?
      a = a + row["total"].to_i if match == 1
    } unless data.nil?
@@ -33,11 +31,6 @@ module ReportsHelper

  def aggregate_link(data, criteria, *args)
    a = aggregate data, criteria
-    a > 0 ? link_to(h(a), *args) : '-'
-  end
-
-  def aggregate_path(project, field, row, options={})
-    parameters = {:set_filter => 1, :subproject_id => '!*', field => row.id}.merge(options)
-    project_issues_path(row.is_a?(Project) ? row : project, parameters)
+    a > 0 ? link_to(a, *args) : '-'
  end
 end
--- a/app/helpers/repositories_helper.rb
+++ b/app/helpers/repositories_helper.rb
@@ -1,7 +1,5 @@
-# encoding: utf-8
-#
 # Redmine - project management software
-# Copyright (C) 2006-2013  Jean-Philippe Lang
+# Copyright (C) 2006-2011  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
@@ -17,6 +15,9 @@
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

+require 'iconv'
+require 'redmine/codeset_util'
+
 module RepositoriesHelper
  def format_revision(revision)
    if revision.respond_to? :format_identifier
@@ -36,24 +37,24 @@ module RepositoriesHelper
    unless properties.nil? || properties.empty?
      content = ''
      properties.keys.sort.each do |property|
-        content << content_tag('li', "<b>#{h property}</b>: <span>#{h properties[property]}</span>".html_safe)
+        content << content_tag('li', "<b>#{h property}</b>: <span>#{h properties[property]}</span>")
      end
-      content_tag('ul', content.html_safe, :class => 'properties')
+      content_tag('ul', content, :class => 'properties')
    end
  end

  def render_changeset_changes
-    changes = @changeset.filechanges.limit(1000).reorder('path').all.collect do |change|
+    changes = @changeset.changes.find(:all, :limit => 1000, :order => 'path').collect do |change|
      case change.action
      when 'A'
        # Detects moved/copied files
        if !change.from_path.blank?
          change.action =
-             @changeset.filechanges.detect {|c| c.action == 'D' && c.path == change.from_path} ? 'R' : 'C'
+             @changeset.changes.detect {|c| c.action == 'D' && c.path == change.from_path} ? 'R' : 'C'
        end
        change
      when 'D'
-        @changeset.filechanges.detect {|c| c.from_path == change.path} ? nil : change
+        @changeset.changes.detect {|c| c.from_path == change.path} ? nil : change
      else
        change
      end
@@ -86,39 +87,66 @@ module RepositoriesHelper
      if s = tree[file][:s]
        style << ' folder'
        path_param = to_path_param(@repository.relative_path(file))
-        text = link_to(h(text), :controller => 'repositories',
+        text = link_to(text, :controller => 'repositories',
                             :action => 'show',
                             :id => @project,
-                             :repository_id => @repository.identifier_param,
                             :path => path_param,
                             :rev => @changeset.identifier)
-        output << "<li class='#{style}'>#{text}"
+        output << "<li class='#{style}'>#{text}</li>"
        output << render_changes_tree(s)
-        output << "</li>"
      elsif c = tree[file][:c]
        style << " change-#{c.action}"
        path_param = to_path_param(@repository.relative_path(c.path))
-        text = link_to(h(text), :controller => 'repositories',
+        text = link_to(text, :controller => 'repositories',
                             :action => 'entry',
                             :id => @project,
-                             :repository_id => @repository.identifier_param,
                             :path => path_param,
                             :rev => @changeset.identifier) unless c.action == 'D'
-        text << " - #{h(c.revision)}" unless c.revision.blank?
-        text << ' ('.html_safe + link_to(l(:label_diff), :controller => 'repositories',
+        text << " - #{c.revision}" unless c.revision.blank?
+        text << ' (' + link_to('diff', :controller => 'repositories',
                                       :action => 'diff',
                                       :id => @project,
-                                       :repository_id => @repository.identifier_param,
                                       :path => path_param,
-                                       :rev => @changeset.identifier) + ') '.html_safe if c.action == 'M'
-        text << ' '.html_safe + content_tag('span', h(c.from_path), :class => 'copied-from') unless c.from_path.blank?
+                                       :rev => @changeset.identifier) + ') ' if c.action == 'M'
+        text << ' ' + content_tag('span', c.from_path, :class => 'copied-from') unless c.from_path.blank?
        output << "<li class='#{style}'>#{text}</li>"
      end
    end
    output << '</ul>'
-    output.html_safe
+    output
  end

+  def to_utf8(str)
+    return str if str.nil?
+    str = to_utf8_internal(str)
+    if str.respond_to?(:force_encoding)
+      str.force_encoding('UTF-8')
+    end
+    str
+  end
+
+  def to_utf8_internal(str)
+    return str if str.nil?
+    if str.respond_to?(:force_encoding)
+      str.force_encoding('ASCII-8BIT')
+    end
+    return str if str.empty?
+    return str if /\A[\r\n\t\x20-\x7e]*\Z/n.match(str) # for us-ascii
+    if str.respond_to?(:force_encoding)
+      str.force_encoding('UTF-8')
+    end
+    @encodings ||= Setting.repositories_encodings.split(',').collect(&:strip)
+    @encodings.each do |encoding|
+      begin
+        return Iconv.conv('UTF-8', encoding, str)
+      rescue Iconv::Failure
+        # do nothing here and try the next encoding
+      end
+    end
+    str = Redmine::CodesetUtil.replace_invalid_utf8(str)
+  end
+  private :to_utf8_internal
+
  def repository_field_tags(form, repository)
    method = repository.class.name.demodulize.underscore + "_field_tags"
    if repository.is_a?(Repository) &&
@@ -138,7 +166,15 @@ module RepositoriesHelper
    select_tag('repository_scm',
               options_for_select(scm_options, repository.class.name.demodulize),
               :disabled => (repository && !repository.new_record?),
-               :data => {:remote => true, :method => 'get'})
+               :onchange => remote_function(
+                  :url => {
+                      :controller => 'repositories',
+                      :action     => 'edit',
+                      :id         => @project
+                   },
+               :method => :get,
+               :with   => "Form.serialize(this.form)")
+             )
  end

  def with_leading_slash(path)
@@ -151,9 +187,8 @@ module RepositoriesHelper

  def subversion_field_tags(form, repository)
      content_tag('p', form.text_field(:url, :size => 60, :required => true,
-                       :disabled => !repository.safe_attribute?('url')) +
-                       '<br />'.html_safe +
-                       '(file:///, http://, https://, svn://, svn+[tunnelscheme]://)') +
+                       :disabled => (repository && !repository.root_url.blank?)) +
+                       '<br />(file:///, http://, https://, svn://, svn+[tunnelscheme]://)') +
      content_tag('p', form.text_field(:login, :size => 30)) +
      content_tag('p', form.password_field(
                            :password, :size => 30, :name => 'ignore',
@@ -166,7 +201,7 @@ module RepositoriesHelper
    content_tag('p', form.text_field(
                     :url, :label => l(:field_path_to_repository),
                     :size => 60, :required => true,
-                     :disabled => !repository.safe_attribute?('url'))) +
+                     :disabled => (repository && !repository.new_record?))) +
    content_tag('p', form.select(
                     :log_encoding, [nil] + Setting::ENCODINGS,
                     :label => l(:field_commit_logs_encoding), :required => true))
@@ -176,29 +211,28 @@ module RepositoriesHelper
    content_tag('p', form.text_field(
                       :url, :label => l(:field_path_to_repository),
                       :size => 60, :required => true,
-                       :disabled => !repository.safe_attribute?('url')
+                       :disabled => (repository && !repository.root_url.blank?)
                         ) +
-                     '<br />'.html_safe + l(:text_mercurial_repository_note)) +
+                     '<br />' + l(:text_mercurial_repository_note)) +
    content_tag('p', form.select(
                        :path_encoding, [nil] + Setting::ENCODINGS,
                        :label => l(:field_scm_path_encoding)
                        ) +
-                     '<br />'.html_safe + l(:text_scm_path_encoding_note))
+                     '<br />' + l(:text_scm_path_encoding_note))
  end

  def git_field_tags(form, repository)
    content_tag('p', form.text_field(
                       :url, :label => l(:field_path_to_repository),
                       :size => 60, :required => true,
-                       :disabled => !repository.safe_attribute?('url')
+                       :disabled => (repository && !repository.root_url.blank?)
                         ) +
-                      '<br />'.html_safe +
-                      l(:text_git_repository_note)) +
+                      '<br />' + l(:text_git_repository_note)) +
    content_tag('p', form.select(
                        :path_encoding, [nil] + Setting::ENCODINGS,
                        :label => l(:field_scm_path_encoding)
                        ) +
-                     '<br />'.html_safe + l(:text_scm_path_encoding_note)) +
+                     '<br />' + l(:text_scm_path_encoding_note)) +
    content_tag('p', form.check_box(
                        :extra_report_last_commit,
                        :label => l(:label_git_report_last_commit)
@@ -210,12 +244,12 @@ module RepositoriesHelper
                     :root_url,
                     :label => l(:field_cvsroot),
                     :size => 60, :required => true,
-                     :disabled => !repository.safe_attribute?('root_url'))) +
+                     :disabled => !repository.new_record?)) +
    content_tag('p', form.text_field(
                     :url,
                     :label => l(:field_cvs_module),
                     :size => 30, :required => true,
-                     :disabled => !repository.safe_attribute?('url'))) +
+                     :disabled => !repository.new_record?)) +
    content_tag('p', form.select(
                     :log_encoding, [nil] + Setting::ENCODINGS,
                     :label => l(:field_commit_logs_encoding), :required => true)) +
@@ -223,14 +257,14 @@ module RepositoriesHelper
                        :path_encoding, [nil] + Setting::ENCODINGS,
                        :label => l(:field_scm_path_encoding)
                        ) +
-                     '<br />'.html_safe + l(:text_scm_path_encoding_note))
+                     '<br />' + l(:text_scm_path_encoding_note))
  end

  def bazaar_field_tags(form, repository)
    content_tag('p', form.text_field(
                     :url, :label => l(:field_path_to_repository),
                     :size => 60, :required => true,
-                     :disabled => !repository.safe_attribute?('url'))) +
+                     :disabled => (repository && !repository.new_record?))) +
    content_tag('p', form.select(
                     :log_encoding, [nil] + Setting::ENCODINGS,
                     :label => l(:field_commit_logs_encoding), :required => true))
@@ -240,58 +274,11 @@ module RepositoriesHelper
    content_tag('p', form.text_field(
                     :url, :label => l(:field_root_directory),
                     :size => 60, :required => true,
-                     :disabled => !repository.safe_attribute?('url'))) +
+                     :disabled => (repository && !repository.root_url.blank?))) +
    content_tag('p', form.select(
                        :path_encoding, [nil] + Setting::ENCODINGS,
                        :label => l(:field_scm_path_encoding)
                        ) +
-                     '<br />'.html_safe + l(:text_scm_path_encoding_note))
-  end
-
-  def index_commits(commits, heads)
-    return nil if commits.nil? or commits.first.parents.nil?
-    refs_map = {}
-    heads.each do |head|
-      refs_map[head.scmid] ||= []
-      refs_map[head.scmid] << head
-    end
-    commits_by_scmid = {}
-    commits.reverse.each_with_index do |commit, commit_index|
-      commits_by_scmid[commit.scmid] = {
-        :parent_scmids => commit.parents.collect { |parent| parent.scmid },
-        :rdmid => commit_index,
-        :refs  => refs_map.include?(commit.scmid) ? refs_map[commit.scmid].join(" ") : nil,
-        :scmid => commit.scmid,
-        :href  => block_given? ? yield(commit.scmid) : commit.scmid
-      }
-    end
-    heads.sort! { |head1, head2| head1.to_s <=> head2.to_s }
-    space = nil  
-    heads.each do |head|
-      if commits_by_scmid.include? head.scmid
-        space = index_head((space || -1) + 1, head, commits_by_scmid)
-      end
-    end
-    # when no head matched anything use first commit
-    space ||= index_head(0, commits.first, commits_by_scmid)
-    return commits_by_scmid, space
-  end
-
-  def index_head(space, commit, commits_by_scmid)
-    stack = [[space, commits_by_scmid[commit.scmid]]]
-    max_space = space
-    until stack.empty?
-      space, commit = stack.pop
-      commit[:space] = space if commit[:space].nil?
-      space -= 1
-      commit[:parent_scmids].each_with_index do |parent_scmid, parent_index|
-        parent_commit = commits_by_scmid[parent_scmid]
-        if parent_commit and parent_commit[:space].nil?
-          stack.unshift [space += 1, parent_commit]
-        end
-      end
-      max_space = space if max_space < space
-    end
-    max_space
+                     '<br />' + l(:text_scm_path_encoding_note))
  end
 end
--- a/app/helpers/roles_helper.rb
+++ b/app/helpers/roles_helper.rb
@@ -1,18 +1,16 @@
-# encoding: utf-8
-#
-# Redmine - project management software
-# Copyright (C) 2006-2013  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
--- a/app/helpers/search_helper.rb
+++ b/app/helpers/search_helper.rb
@@ -1,18 +1,16 @@
-# encoding: utf-8
-#
 # Redmine - project management software
-# Copyright (C) 2006-2013  Jean-Philippe Lang
+# Copyright (C) 2006-2011  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
@@ -21,7 +19,7 @@ module SearchHelper
  def highlight_tokens(text, tokens)
    return text unless text && tokens && !tokens.empty?
    re_tokens = tokens.collect {|t| Regexp.escape(t)}
-    regexp = Regexp.new "(#{re_tokens.join('|')})", Regexp::IGNORECASE
+    regexp = Regexp.new "(#{re_tokens.join('|')})", Regexp::IGNORECASE    
    result = ''
    text.split(regexp).each_with_index do |words, i|
      if result.length > 1200
@@ -37,22 +35,21 @@ module SearchHelper
        result << content_tag('span', h(words), :class => "highlight token-#{t}")
      end
    end
-    result.html_safe
+    result
  end
-
+  
  def type_label(t)
    l("label_#{t.singularize}_plural", :default => t.to_s.humanize)
  end
-
+  
  def project_select_tag
    options = [[l(:label_project_all), 'all']]
    options << [l(:label_my_projects), 'my_projects'] unless User.current.memberships.empty?
    options << [l(:label_and_its_subprojects, @project.name), 'subprojects'] unless @project.nil? || @project.descendants.active.empty?
    options << [@project.name, ''] unless @project.nil?
-    label_tag("scope", l(:description_project_scope), :class => "hidden-for-sighted") +
    select_tag('scope', options_for_select(options, params[:scope].to_s)) if options.size > 1
  end
-
+  
  def render_results_by_type(results_by_type)
    links = []
    # Sorts types by results count
@@ -60,11 +57,8 @@ module SearchHelper
      c = results_by_type[t]
      next if c == 0
      text = "#{type_label(t)} (#{c})"
-      links << link_to(h(text), :q => params[:q], :titles_only => params[:titles_only],
-                       :all_words => params[:all_words], :scope => params[:scope], t => 1)
+      links << link_to(text, :q => params[:q], :titles_only => params[:titles_only], :all_words => params[:all_words], :scope => params[:scope], t => 1)
    end
-    ('<ul>'.html_safe +
-        links.map {|link| content_tag('li', link)}.join(' ').html_safe + 
-        '</ul>'.html_safe) unless links.empty?
+    ('<ul>' + links.map {|link| content_tag('li', link)}.join(' ') + '</ul>') unless links.empty?
  end
 end
--- a/app/helpers/settings_helper.rb
+++ b/app/helpers/settings_helper.rb
@@ -1,7 +1,5 @@
-# encoding: utf-8
-#
 # Redmine - project management software
-# Copyright (C) 2006-2013  Jean-Philippe Lang
+# Copyright (C) 2006-2011  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
@@ -34,18 +32,18 @@ module SettingsHelper
    if blank_text = options.delete(:blank)
      choices = [[blank_text.is_a?(Symbol) ? l(blank_text) : blank_text, '']] + choices
    end
-    setting_label(setting, options).html_safe +
+    setting_label(setting, options) +
      select_tag("settings[#{setting}]",
                 options_for_select(choices, Setting.send(setting).to_s),
-                 options).html_safe
+                 options)
  end

  def setting_multiselect(setting, choices, options={})
    setting_values = Setting.send(setting)
    setting_values = [] unless setting_values.is_a?(Array)

-    content_tag("label", l(options[:label] || "setting_#{setting}")) +
-      hidden_field_tag("settings[#{setting}][]", '').html_safe +
+    setting_label(setting, options) +
+      hidden_field_tag("settings[#{setting}][]", '') +
      choices.collect do |choice|
        text, value = (choice.is_a?(Array) ? choice : [choice, choice])
        content_tag(
@@ -53,33 +51,32 @@ module SettingsHelper
          check_box_tag(
             "settings[#{setting}][]",
             value,
-             setting_values.include?(value),
-             :id => nil
+             Setting.send(setting).include?(value)
           ) + text.to_s,
-          :class => (options[:inline] ? 'inline' : 'block')
+          :class => 'block'
         )
-      end.join.html_safe
+      end.join
  end

  def setting_text_field(setting, options={})
-    setting_label(setting, options).html_safe +
-      text_field_tag("settings[#{setting}]", Setting.send(setting), options).html_safe
+    setting_label(setting, options) +
+      text_field_tag("settings[#{setting}]", Setting.send(setting), options)
  end

  def setting_text_area(setting, options={})
-    setting_label(setting, options).html_safe +
-      text_area_tag("settings[#{setting}]", Setting.send(setting), options).html_safe
+    setting_label(setting, options) +
+      text_area_tag("settings[#{setting}]", Setting.send(setting), options)
  end

  def setting_check_box(setting, options={})
-    setting_label(setting, options).html_safe +
-      hidden_field_tag("settings[#{setting}]", 0, :id => nil).html_safe +
-        check_box_tag("settings[#{setting}]", 1, Setting.send("#{setting}?"), options).html_safe
+    setting_label(setting, options) +
+      hidden_field_tag("settings[#{setting}]", 0) +
+        check_box_tag("settings[#{setting}]", 1, Setting.send("#{setting}?"), options)
  end

  def setting_label(setting, options={})
    label = options.delete(:label)
-    label != false ? label_tag("settings_#{setting}", l(label || "setting_#{setting}")).html_safe : ''
+    label != false ? content_tag("label", l(label || "setting_#{setting}")) : ''
  end

  # Renders a notification field for a Redmine::Notifiable option
@@ -87,20 +84,8 @@ module SettingsHelper
    return content_tag(:label,
                       check_box_tag('settings[notified_events][]',
                                     notifiable.name,
-                                     Setting.notified_events.include?(notifiable.name), :id => nil).html_safe +
-                         l_or_humanize(notifiable.name, :prefix => 'label_').html_safe,
-                       :class => notifiable.parent.present? ? "parent" : '').html_safe
-  end
-
-  def cross_project_subtasks_options
-    options = [
-      [:label_disabled, ''],
-      [:label_cross_project_system, 'system'],
-      [:label_cross_project_tree, 'tree'],
-      [:label_cross_project_hierarchy, 'hierarchy'],
-      [:label_cross_project_descendants, 'descendants']
-    ]
-
-    options.map {|label, value| [l(label), value.to_s]}
+                                     Setting.notified_events.include?(notifiable.name)) +
+                         l_or_humanize(notifiable.name, :prefix => 'label_'),
+                       :class => notifiable.parent.present? ? "parent" : '')
  end
 end
--- a/app/helpers/sort_helper.rb
+++ b/app/helpers/sort_helper.rb
@@ -1,5 +1,3 @@
-# encoding: utf-8
-#
 # Helpers to sort tables using clickable column headers.
 #
 # Author:  Stuart Rackham <srackham@methods.co.nz>, March 2005.
@@ -17,18 +15,18 @@
 #
 #   helper :sort
 #   include SortHelper
-#
+# 
 #   def list
 #     sort_init 'last_name'
 #     sort_update %w(first_name last_name)
 #     @items = Contact.find_all nil, sort_clause
 #   end
-#
+# 
 # Controller (using Pagination module):
 #
 #   helper :sort
 #   include SortHelper
-#
+# 
 #   def list
 #     sort_init 'last_name'
 #     sort_update %w(first_name last_name)
@@ -36,9 +34,9 @@
 #       :order_by => sort_clause,
 #       :per_page => 10
 #   end
-#
+# 
 # View (table header in list.rhtml):
-#
+# 
 #   <thead>
 #     <tr>
 #       <%= sort_header_tag('id', :title => 'Sort by contact ID') %>
@@ -54,72 +52,67 @@

 module SortHelper
  class SortCriteria
-
+    
    def initialize
      @criteria = []
    end
-
+    
    def available_criteria=(criteria)
      unless criteria.is_a?(Hash)
        criteria = criteria.inject({}) {|h,k| h[k] = k; h}
      end
      @available_criteria = criteria
    end
-
+    
    def from_param(param)
      @criteria = param.to_s.split(',').collect {|s| s.split(':')[0..1]}
      normalize!
    end
-
+    
    def criteria=(arg)
      @criteria = arg
      normalize!
    end
-
+    
    def to_param
      @criteria.collect {|k,o| k + (o ? '' : ':desc')}.join(',')
    end
-
-    # Returns an array of SQL fragments used to sort the list
+    
    def to_sql
      sql = @criteria.collect do |k,o|
        if s = @available_criteria[k]
-          (o ? s.to_a : s.to_a.collect {|c| append_desc(c)})
+          (o ? s.to_a : s.to_a.collect {|c| append_desc(c)}).join(', ')
        end
-      end.flatten.compact
+      end.compact.join(', ')
      sql.blank? ? nil : sql
    end
-
-    def to_a
-      @criteria.dup
-    end
-
+    
    def add!(key, asc)
      @criteria.delete_if {|k,o| k == key}
      @criteria = [[key, asc]] + @criteria
      normalize!
    end
-
+    
    def add(*args)
      r = self.class.new.from_param(to_param)
      r.add!(*args)
      r
    end
-
+    
    def first_key
      @criteria.first && @criteria.first.first
    end
-
+    
    def first_asc?
      @criteria.first && @criteria.first.last
    end
-
+    
    def empty?
      @criteria.empty?
    end
-
+    
    private
-
+    
    def normalize!
      @criteria ||= []
      @criteria = @criteria.collect {|s| s = s.to_a; [s.first, (s.last == false || s.last == 'desc') ? false : true]}
@@ -127,7 +120,7 @@ module SortHelper
      @criteria.slice!(3)
      self
    end
-
+    
    # Appends DESC to the sort criterion unless it has a fixed order
    def append_desc(criterion)
      if criterion =~ / (asc|desc)$/i
@@ -137,14 +130,14 @@ module SortHelper
      end
    end
  end
-
+  
  def sort_name
    controller_name + '_' + action_name + '_sort'
  end

  # Initializes the default sort.
  # Examples:
-  #
+  #   
  #   sort_init 'name'
  #   sort_init 'id', 'desc'
  #   sort_init ['name', ['id', 'desc']]
@@ -165,15 +158,14 @@ module SortHelper
  # sort_clause.
  # - criteria can be either an array or a hash of allowed keys
  #
-  def sort_update(criteria, sort_name=nil)
-    sort_name ||= self.sort_name
+  def sort_update(criteria)
    @sort_criteria = SortCriteria.new
    @sort_criteria.available_criteria = criteria
    @sort_criteria.from_param(params[:sort] || session[sort_name])
    @sort_criteria.criteria = @sort_default if @sort_criteria.empty?
    session[sort_name] = @sort_criteria.to_param
  end
-
+  
  # Clears the sort criteria session data
  #
  def sort_clear
@@ -187,10 +179,6 @@ module SortHelper
    @sort_criteria.to_sql
  end

-  def sort_criteria
-    @sort_criteria
-  end
-
  # Returns a link which sorts by the named column.
  #
  # - column is the name of an attribute in the sorted record collection.
@@ -199,7 +187,7 @@ module SortHelper
  #
  def sort_link(column, caption, default_order)
    css, order = nil, default_order
-
+    
    if column.to_s == @sort_criteria.first_key
      if @sort_criteria.first_asc?
        css = 'sort asc'
@@ -210,14 +198,14 @@ module SortHelper
      end
    end
    caption = column.to_s.humanize unless caption
-
+    
    sort_options = { :sort => @sort_criteria.add(column.to_s, order).to_param }
    url_options = params.merge(sort_options)
-
+    
     # Add project_id to url_options
    url_options = url_options.merge(:project_id => params[:project_id]) if params.has_key?(:project_id)

-    link_to_content_update(h(caption), url_options, :class => css)
+    link_to_content_update(caption, url_options, :class => css)
  end

  # Returns a table header <th> tag with a sort link for the named column
--- a/app/helpers/timelog_helper.rb
+++ b/app/helpers/timelog_helper.rb
@@ -1,25 +1,23 @@
-# encoding: utf-8
-#
-# Redmine - project management software
-# Copyright (C) 2006-2013  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 module TimelogHelper
  include ApplicationHelper
-
+  
  def render_timelog_breadcrumb
    links = []
    links << link_to(l(:label_project_all), {:project_id => nil, :issue_id => nil})
@@ -54,15 +52,15 @@ module TimelogHelper
    activities.each { |a| collection << [a.name, a.id] }
    collection
  end
-
+  
  def select_hours(data, criteria, value)
-    if value.to_s.empty?
-      data.select {|row| row[criteria].blank? }
-    else
-      data.select {|row| row[criteria].to_s == value.to_s}
+  	if value.to_s.empty?
+  		data.select {|row| row[criteria].blank? }
+    else 
+    	data.select {|row| row[criteria].to_s == value.to_s}
    end
  end
-
+  
  def sum_hours(data)
    sum = 0
    data.each do |row|
@@ -70,14 +68,13 @@ module TimelogHelper
    end
    sum
  end
-
+  
  def options_for_period_select(value)
    options_for_select([[l(:label_all_time), 'all'],
                        [l(:label_today), 'today'],
                        [l(:label_yesterday), 'yesterday'],
                        [l(:label_this_week), 'current_week'],
                        [l(:label_last_week), 'last_week'],
-                        [l(:label_last_n_weeks, 2), 'last_2_weeks'],
                        [l(:label_last_n_days, 7), '7_days'],
                        [l(:label_this_month), 'current_month'],
                        [l(:label_last_month), 'last_month'],
@@ -85,11 +82,51 @@ module TimelogHelper
                        [l(:label_this_year), 'current_year']],
                        value)
  end
-
-  def format_criteria_value(criteria_options, value)
+  
+  def entries_to_csv(entries)
+    ic = Iconv.new(l(:general_csv_encoding), 'UTF-8')    
+    decimal_separator = l(:general_csv_decimal_separator)
+    custom_fields = TimeEntryCustomField.find(:all)
+    export = FCSV.generate(:col_sep => l(:general_csv_separator)) do |csv|
+      # csv header fields
+      headers = [l(:field_spent_on),
+                 l(:field_user),
+                 l(:field_activity),
+                 l(:field_project),
+                 l(:field_issue),
+                 l(:field_tracker),
+                 l(:field_subject),
+                 l(:field_hours),
+                 l(:field_comments)
+                 ]
+      # Export custom fields
+      headers += custom_fields.collect(&:name)
+      
+      csv << headers.collect {|c| begin; ic.iconv(c.to_s); rescue; c.to_s; end }
+      # csv lines
+      entries.each do |entry|
+        fields = [format_date(entry.spent_on),
+                  entry.user,
+                  entry.activity,
+                  entry.project,
+                  (entry.issue ? entry.issue.id : nil),
+                  (entry.issue ? entry.issue.tracker : nil),
+                  (entry.issue ? entry.issue.subject : nil),
+                  entry.hours.to_s.gsub('.', decimal_separator),
+                  entry.comments
+                  ]
+        fields += custom_fields.collect {|f| show_value(entry.custom_value_for(f)) }
+                  
+        csv << fields.collect {|c| begin; ic.iconv(c.to_s); rescue; c.to_s; end }
+      end
+    end
+    export
+  end
+  
+  def format_criteria_value(criteria, value)
    if value.blank?
-      "[#{l(:label_none)}]"
-    elsif k = criteria_options[:klass]
+      l(:label_none)
+    elsif k = @available_criterias[criteria][:klass]
      obj = k.find_by_id(value.to_i)
      if obj.is_a?(Issue)
        obj.visible? ? "#{obj.tracker} ##{obj.id}: #{obj.subject}" : "##{obj.id}"
@@ -97,58 +134,57 @@ module TimelogHelper
        obj
      end
    else
-      format_value(value, criteria_options[:format])
+      format_value(value, @available_criterias[criteria][:format])
    end
  end
-
-  def report_to_csv(report)
-    decimal_separator = l(:general_csv_decimal_separator)
+  
+  def report_to_csv(criterias, periods, hours)
    export = FCSV.generate(:col_sep => l(:general_csv_separator)) do |csv|
      # Column headers
-      headers = report.criteria.collect {|criteria| l(report.available_criteria[criteria][:label]) }
-      headers += report.periods
-      headers << l(:label_total_time)
-      csv << headers.collect {|c| Redmine::CodesetUtil.from_utf8(
-                                    c.to_s,
-                                    l(:general_csv_encoding) ) }
+      headers = criterias.collect {|criteria| l(@available_criterias[criteria][:label]) }
+      headers += periods
+      headers << l(:label_total)
+      csv << headers.collect {|c| to_utf8(c) }
      # Content
-      report_criteria_to_csv(csv, report.available_criteria, report.columns, report.criteria, report.periods, report.hours)
+      report_criteria_to_csv(csv, criterias, periods, hours)
      # Total row
-      str_total = Redmine::CodesetUtil.from_utf8(l(:label_total_time), l(:general_csv_encoding))
-      row = [ str_total ] + [''] * (report.criteria.size - 1)
+      row = [ l(:label_total) ] + [''] * (criterias.size - 1)
      total = 0
-      report.periods.each do |period|
-        sum = sum_hours(select_hours(report.hours, report.columns, period.to_s))
+      periods.each do |period|
+        sum = sum_hours(select_hours(hours, @columns, period.to_s))
        total += sum
-        row << (sum > 0 ? ("%.2f" % sum).gsub('.',decimal_separator) : '')
+        row << (sum > 0 ? "%.2f" % sum : '')
      end
-      row << ("%.2f" % total).gsub('.',decimal_separator)
+      row << "%.2f" %total
      csv << row
    end
    export
  end
-
-  def report_criteria_to_csv(csv, available_criteria, columns, criteria, periods, hours, level=0)
-    decimal_separator = l(:general_csv_decimal_separator)
-    hours.collect {|h| h[criteria[level]].to_s}.uniq.each do |value|
-      hours_for_value = select_hours(hours, criteria[level], value)
+  
+  def report_criteria_to_csv(csv, criterias, periods, hours, level=0)
+    hours.collect {|h| h[criterias[level]].to_s}.uniq.each do |value|
+      hours_for_value = select_hours(hours, criterias[level], value)
      next if hours_for_value.empty?
      row = [''] * level
-      row << Redmine::CodesetUtil.from_utf8(
-                        format_criteria_value(available_criteria[criteria[level]], value).to_s,
-                        l(:general_csv_encoding) )
-      row += [''] * (criteria.length - level - 1)
+      row << to_utf8(format_criteria_value(criterias[level], value))
+      row += [''] * (criterias.length - level - 1)
      total = 0
      periods.each do |period|
-        sum = sum_hours(select_hours(hours_for_value, columns, period.to_s))
+        sum = sum_hours(select_hours(hours_for_value, @columns, period.to_s))
        total += sum
-        row << (sum > 0 ? ("%.2f" % sum).gsub('.',decimal_separator) : '')
+        row << (sum > 0 ? "%.2f" % sum : '')
      end
-      row << ("%.2f" % total).gsub('.',decimal_separator)
+      row << "%.2f" %total
      csv << row
-      if criteria.length > level + 1
-        report_criteria_to_csv(csv, available_criteria, columns, criteria, periods, hours_for_value, level + 1)
+      
+      if criterias.length > level + 1
+        report_criteria_to_csv(csv, criterias, periods, hours_for_value, level + 1)
      end
    end
  end
+  
+  def to_utf8(s)
+    @ic ||= Iconv.new(l(:general_csv_encoding), 'UTF-8')
+    begin; @ic.iconv(s.to_s); rescue; s.to_s; end
+  end
 end
--- a/app/helpers/trackers_helper.rb
+++ b/app/helpers/trackers_helper.rb
@@ -1,18 +1,16 @@
-# encoding: utf-8
-#
-# Redmine - project management software
-# Copyright (C) 2006-2013  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
--- a/app/helpers/users_helper.rb
+++ b/app/helpers/users_helper.rb
@@ -1,18 +1,16 @@
-# encoding: utf-8
-#
-# Redmine - project management software
-# Copyright (C) 2006-2013  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
@@ -20,19 +18,28 @@
 module UsersHelper
  def users_status_options_for_select(selected)
    user_count_by_status = User.count(:group => 'status').to_hash
-    options_for_select([[l(:label_all), ''],
-                        ["#{l(:status_active)} (#{user_count_by_status[1].to_i})", '1'],
-                        ["#{l(:status_registered)} (#{user_count_by_status[2].to_i})", '2'],
-                        ["#{l(:status_locked)} (#{user_count_by_status[3].to_i})", '3']], selected.to_s)
+    options_for_select([[l(:label_all), ''], 
+                        ["#{l(:status_active)} (#{user_count_by_status[1].to_i})", 1],
+                        ["#{l(:status_registered)} (#{user_count_by_status[2].to_i})", 2],
+                        ["#{l(:status_locked)} (#{user_count_by_status[3].to_i})", 3]], selected)
  end
-
+  
+  # Options for the new membership projects combo-box
+  def options_for_membership_project_select(user, projects)
+    options = content_tag('option', "--- #{l(:actionview_instancetag_blank_option)} ---")
+    options << project_tree_options_for_select(projects) do |p|
+      {:disabled => (user.projects.include?(p))}
+    end
+    options
+  end
+  
  def user_mail_notification_options(user)
    user.valid_notification_options.collect {|o| [l(o.last), o.first]}
  end
-
+  
  def change_status_link(user)
    url = {:controller => 'users', :action => 'update', :id => user, :page => params[:page], :status => params[:status], :tab => nil}
-
+    
    if user.locked?
      link_to l(:button_unlock), url.merge(:user => {:status => User::STATUS_ACTIVE}), :method => :put, :class => 'icon icon-unlock'
    elsif user.registered?
@@ -41,7 +48,7 @@ module UsersHelper
      link_to l(:button_lock), url.merge(:user => {:status => User::STATUS_LOCKED}), :method => :put, :class => 'icon icon-lock'
    end
  end
-
+  
  def user_settings_tabs
    tabs = [{:name => 'general', :partial => 'users/general', :label => :label_general},
            {:name => 'memberships', :partial => 'users/memberships', :label => :label_project_plural}
--- a/app/helpers/versions_helper.rb
+++ b/app/helpers/versions_helper.rb
@@ -1,37 +1,27 @@
-# encoding: utf-8
-#
 # Redmine - project management software
-# Copyright (C) 2006-2013  Jean-Philippe Lang
+# Copyright (C) 2006-2011  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 module VersionsHelper

-  def version_anchor(version)
-    if @project == version.project
-      anchor version.name
-    else
-      anchor "#{version.project.try(:identifier)}-#{version.name}"
-    end
-  end
-
-  STATUS_BY_CRITERIAS = %w(tracker status priority author assigned_to category)
-
+  STATUS_BY_CRITERIAS = %w(category tracker status priority author assigned_to)
+  
  def render_issue_status_by(version, criteria)
-    criteria = 'tracker' unless STATUS_BY_CRITERIAS.include?(criteria)
-
+    criteria = 'category' unless STATUS_BY_CRITERIAS.include?(criteria)
+    
    h = Hash.new {|k,v| k[v] = [0, 0]}
    begin
      # Total issue count
@@ -44,13 +34,12 @@ module VersionsHelper
    rescue ActiveRecord::RecordNotFound
    # When grouping by an association, Rails throws this exception if there's no result (bug)
    end
-    # Sort with nil keys in last position
-    counts = h.keys.sort {|a,b| a.nil? ? 1 : (b.nil? ? -1 : a <=> b)}.collect {|k| {:group => k, :total => h[k][0], :open => h[k][1], :closed => (h[k][0] - h[k][1])}}
+    counts = h.keys.compact.sort.collect {|k| {:group => k, :total => h[k][0], :open => h[k][1], :closed => (h[k][0] - h[k][1])}}
    max = counts.collect {|c| c[:total]}.max
-
+    
    render :partial => 'issue_counts', :locals => {:version => version, :criteria => criteria, :counts => counts, :max => max}
  end
-
+  
  def status_by_options_for_select(value)
    options_for_select(STATUS_BY_CRITERIAS.collect {|criteria| [l("field_#{criteria}".to_sym), criteria]}, value)
  end
--- a/app/helpers/watchers_helper.rb
+++ b/app/helpers/watchers_helper.rb
@@ -1,82 +1,64 @@
-# encoding: utf-8
-#
 # Redmine - project management software
-# Copyright (C) 2006-2013  Jean-Philippe Lang
+# Copyright (C) 2006-2011  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 module WatchersHelper
-
+  
  def watcher_tag(object, user, options={})
-    ActiveSupport::Deprecation.warn "#watcher_tag is deprecated and will be removed in Redmine 3.0. Use #watcher_link instead."
-    watcher_link(object, user)
+    content_tag("span", watcher_link(object, user), :class => watcher_css(object))
  end
-
-  def watcher_link(objects, user)
-    return '' unless user && user.logged?
-    objects = Array.wrap(objects)
-
-    watched = objects.any? {|object| object.watched_by?(user)}
-    css = [watcher_css(objects), watched ? 'icon icon-fav' : 'icon icon-fav-off'].join(' ')
-    text = watched ? l(:button_unwatch) : l(:button_watch)
-    url = watch_path(
-      :object_type => objects.first.class.to_s.underscore,
-      :object_id => (objects.size == 1 ? objects.first.id : objects.map(&:id).sort)
-    )
-    method = watched ? 'delete' : 'post'
-
-    link_to text, url, :remote => true, :method => method, :class => css
+  
+  def watcher_link(object, user)
+    return '' unless user && user.logged? && object.respond_to?('watched_by?')
+    watched = object.watched_by?(user)
+    url = {:controller => 'watchers',
+           :action => (watched ? 'unwatch' : 'watch'),
+           :object_type => object.class.to_s.underscore,
+           :object_id => object.id}
+    link_to_remote((watched ? l(:button_unwatch) : l(:button_watch)),
+                   {:url => url},
+                   :href => url_for(url),
+                   :class => (watched ? 'icon icon-fav' : 'icon icon-fav-off'))
+  
  end
-
+  
  # Returns the css class used to identify watch links for a given +object+
-  def watcher_css(objects)
-    objects = Array.wrap(objects)
-    id = (objects.size == 1 ? objects.first.id : 'bulk')
-    "#{objects.first.class.to_s.underscore}-#{id}-watcher"
+  def watcher_css(object)
+    "#{object.class.to_s.underscore}-#{object.id}-watcher"
  end
-
+  
  # Returns a comma separated list of users watching the given object
  def watchers_list(object)
    remove_allowed = User.current.allowed_to?("delete_#{object.class.name.underscore}_watchers".to_sym, object.project)
-    content = ''.html_safe
    lis = object.watcher_users.collect do |user|
-      s = ''.html_safe
-      s << avatar(user, :size => "16").to_s
-      s << link_to_user(user, :class => 'user')
+      s = avatar(user, :size => "16").to_s + link_to_user(user, :class => 'user').to_s
      if remove_allowed
        url = {:controller => 'watchers',
               :action => 'destroy',
               :object_type => object.class.to_s.underscore,
               :object_id => object.id,
               :user_id => user}
-        s << ' '
-        s << link_to(image_tag('delete.png'), url,
-                     :remote => true, :method => 'delete', :class => "delete")
+        s += ' ' + link_to_remote(image_tag('delete.png'),
+                                  {:url => url},
+                                  :href => url_for(url),
+                                  :style => "vertical-align: middle",
+                                  :class => "delete")
      end
-      content << content_tag('li', s, :class => "user-#{user.id}")
+      "<li>#{ s }</li>"
    end
-    content.present? ? content_tag('ul', content, :class => 'watchers') : content
-  end
-
-  def watchers_checkboxes(object, users, checked=nil)
-    users.map do |user|
-      c = checked.nil? ? object.watched_by?(user) : checked
-      tag = check_box_tag 'issue[watcher_user_ids][]', user.id, c, :id => nil
-      content_tag 'label', "#{tag} #{h(user)}".html_safe,
-                  :id => "issue_watcher_user_ids_#{user.id}",
-                  :class => "floating"
-    end.join.html_safe
+    lis.empty? ? "" : "<ul>#{ lis.join("\n") }</ul>"
  end
 end
--- a/app/helpers/welcome_helper.rb
+++ b/app/helpers/welcome_helper.rb
@@ -1,18 +1,16 @@
-# encoding: utf-8
-#
-# Redmine - project management software
-# Copyright (C) 2006-2013  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
--- a/app/helpers/wiki_helper.rb
+++ b/app/helpers/wiki_helper.rb
@@ -1,43 +1,35 @@
-# encoding: utf-8
-#
 # Redmine - project management software
-# Copyright (C) 2006-2013  Jean-Philippe Lang
+# Copyright (C) 2006-2011  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 module WikiHelper
-
+  
  def wiki_page_options_for_select(pages, selected = nil, parent = nil, level = 0)
    pages = pages.group_by(&:parent) unless pages.is_a?(Hash)
-    s = ''.html_safe
+    s = ''
    if pages.has_key?(parent)
      pages[parent].each do |page|
        attrs = "value='#{page.id}'"
        attrs << " selected='selected'" if selected == page
-        indent = (level > 0) ? ('&nbsp;' * level * 2 + '&#187; ') : ''
-
-        s << content_tag('option', (indent + h(page.pretty_title)).html_safe, :value => page.id.to_s, :selected => selected == page) +
+        indent = (level > 0) ? ('&nbsp;' * level * 2 + '&#187; ') : nil
+        
+        s << "<option #{attrs}>#{indent}#{h page.pretty_title}</option>\n" + 
               wiki_page_options_for_select(pages, selected, page, level + 1)
      end
    end
    s
  end
-
-  def wiki_page_breadcrumb(page)
-    breadcrumb(page.ancestors.reverse.collect {|parent|
-      link_to(h(parent.pretty_title), {:controller => 'wiki', :action => 'show', :id => parent.title, :project_id => parent.project, :version => nil})
-    })
-  end
 end
--- a/app/helpers/workflows_helper.rb
+++ b/app/helpers/workflows_helper.rb
@@ -1,32 +1,19 @@
-# encoding: utf-8
-#
 # Redmine - project management software
-# Copyright (C) 2006-2013  Jean-Philippe Lang
+# Copyright (C) 2006-2008  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 module WorkflowsHelper
-  def field_required?(field)
-    field.is_a?(CustomField) ? field.is_required? : %w(project_id tracker_id subject priority_id is_private).include?(field)
-  end
-
-  def field_permission_tag(permissions, status, field)
-    name = field.is_a?(CustomField) ? field.id.to_s : field
-    options = [["", ""], [l(:label_readonly), "readonly"]]
-    options << [l(:label_required), "required"] unless field_required?(field)
-
-    select_tag("permissions[#{name}][#{status.id}]", options_for_select(options, permissions[status.id][name]))
-  end
 end
--- a/app/models/attachment.rb
+++ b/app/models/attachment.rb
@@ -1,5 +1,5 @@
 # Redmine - project management software
-# Copyright (C) 2006-2013  Jean-Philippe Lang
+# Copyright (C) 2006-2011  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
@@ -16,17 +16,14 @@
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 require "digest/md5"
-require "fileutils"

 class Attachment < ActiveRecord::Base
  belongs_to :container, :polymorphic => true
  belongs_to :author, :class_name => "User", :foreign_key => "author_id"

-  validates_presence_of :filename, :author
+  validates_presence_of :container, :filename, :author
  validates_length_of :filename, :maximum => 255
  validates_length_of :disk_filename, :maximum => 255
-  validates_length_of :description, :maximum => 255
-  validate :validate_max_file_size

  acts_as_event :title => :filename,
                :url => Proc.new {|o| {:controller => 'attachments', :action => 'download', :id => o.id, :filename => o.filename}}
@@ -46,25 +43,11 @@ class Attachment < ActiveRecord::Base
                                                        "LEFT JOIN #{Project.table_name} ON #{Document.table_name}.project_id = #{Project.table_name}.id"}

  cattr_accessor :storage_path
-  @@storage_path = Redmine::Configuration['attachments_storage_path'] || File.join(Rails.root, "files")
+  @@storage_path = Redmine::Configuration['attachments_storage_path'] || "#{RAILS_ROOT}/files"

-  cattr_accessor :thumbnails_storage_path
-  @@thumbnails_storage_path = File.join(Rails.root, "tmp", "thumbnails")
-
-  before_save :files_to_final_location
-  after_destroy :delete_from_disk
-
-  # Returns an unsaved copy of the attachment
-  def copy(attributes=nil)
-    copy = self.class.new
-    copy.attributes = self.attributes.dup.except("id", "downloads")
-    copy.attributes = attributes if attributes
-    copy
-  end
-
-  def validate_max_file_size
-    if @temp_file && self.filesize > Setting.attachment_max_size.to_i.kilobytes
-      errors.add(:base, l(:error_attachment_too_big, :max_size => Setting.attachment_max_size.to_i.kilobytes))
+  def validate
+    if self.filesize > Setting.attachment_max_size.to_i.kilobytes
+      errors.add(:base, :too_long, :count => Setting.attachment_max_size.to_i.kilobytes)
    end
  end

@@ -72,81 +55,50 @@ class Attachment < ActiveRecord::Base
    unless incoming_file.nil?
      @temp_file = incoming_file
      if @temp_file.size > 0
-        if @temp_file.respond_to?(:original_filename)
-          self.filename = @temp_file.original_filename
-          self.filename.force_encoding("UTF-8") if filename.respond_to?(:force_encoding)
-        end
-        if @temp_file.respond_to?(:content_type)
-          self.content_type = @temp_file.content_type.to_s.chomp
-        end
-        if content_type.blank? && filename.present?
+        self.filename = sanitize_filename(@temp_file.original_filename)
+        self.disk_filename = Attachment.disk_filename(filename)
+        self.content_type = @temp_file.content_type.to_s.chomp
+        if content_type.blank?
          self.content_type = Redmine::MimeType.of(filename)
        end
        self.filesize = @temp_file.size
      end
    end
  end
-
+	
  def file
    nil
  end

-  def filename=(arg)
-    write_attribute :filename, sanitize_filename(arg.to_s)
-    filename
-  end
-
  # Copies the temporary file to its final location
  # and computes its MD5 hash
-  def files_to_final_location
+  def before_save
    if @temp_file && (@temp_file.size > 0)
-      self.disk_directory = target_directory
-      self.disk_filename = Attachment.disk_filename(filename, disk_directory)
-      logger.info("Saving attachment '#{self.diskfile}' (#{@temp_file.size} bytes)")
-      path = File.dirname(diskfile)
-      unless File.directory?(path)
-        FileUtils.mkdir_p(path)
-      end
+      logger.debug("saving '#{self.diskfile}'")
      md5 = Digest::MD5.new
      File.open(diskfile, "wb") do |f|
-        if @temp_file.respond_to?(:read)
-          buffer = ""
-          while (buffer = @temp_file.read(8192))
-            f.write(buffer)
-            md5.update(buffer)
-          end
-        else
-          f.write(@temp_file)
-          md5.update(@temp_file)
+        buffer = ""
+        while (buffer = @temp_file.read(8192))
+          f.write(buffer)
+          md5.update(buffer)
        end
      end
      self.digest = md5.hexdigest
    end
-    @temp_file = nil
    # Don't save the content type if it's longer than the authorized length
    if self.content_type && self.content_type.length > 255
      self.content_type = nil
    end
  end

-  # Deletes the file from the file system if it's not referenced by other attachments
-  def delete_from_disk
-    if Attachment.where("disk_filename = ? AND id <> ?", disk_filename, id).empty?
-      delete_from_disk!
-    end
+  # Deletes file on the disk
+  def after_destroy
+    File.delete(diskfile) if !filename.blank? && File.exist?(diskfile)
  end

  # Returns file's location on disk
  def diskfile
-    File.join(self.class.storage_path, disk_directory.to_s, disk_filename.to_s)
-  end
-
-  def title
-    title = filename.to_s
-    if description.present?
-      title << " (#{description})"
-    end
-    title
+    "#{@@storage_path}/#{self.disk_filename}"
  end

  def increment_download
@@ -154,63 +106,19 @@ class Attachment < ActiveRecord::Base
  end

  def project
-    container.try(:project)
+    container.project
  end

  def visible?(user=User.current)
-    if container_id
-      container && container.attachments_visible?(user)
-    else
-      author == user
-    end
+    container.attachments_visible?(user)
  end

  def deletable?(user=User.current)
-    if container_id
-      container && container.attachments_deletable?(user)
-    else
-      author == user
-    end
+    container.attachments_deletable?(user)
  end

  def image?
-    !!(self.filename =~ /\.(bmp|gif|jpg|jpe|jpeg|png)$/i)
-  end
-
-  def thumbnailable?
-    image?
-  end
-
-  # Returns the full path the attachment thumbnail, or nil
-  # if the thumbnail cannot be generated.
-  def thumbnail(options={})
-    if thumbnailable? && readable?
-      size = options[:size].to_i
-      if size > 0
-        # Limit the number of thumbnails per image
-        size = (size / 50) * 50
-        # Maximum thumbnail size
-        size = 800 if size > 800
-      else
-        size = Setting.thumbnails_size.to_i
-      end
-      size = 100 unless size > 0
-      target = File.join(self.class.thumbnails_storage_path, "#{id}_#{digest}_#{size}.thumb")
-
-      begin
-        Redmine::Thumbnail.generate(self.diskfile, target, size)
-      rescue => e
-        logger.error "An error occured while generating thumbnail for #{disk_filename} to #{target}\nException was: #{e.message}" if logger
-        return nil
-      end
-    end
-  end
-
-  # Deletes all thumbnails
-  def self.clear_thumbnails
-    Dir.glob(File.join(thumbnails_storage_path, "*.thumb")).each do |file|
-      File.delete file
-    end
+    self.filename =~ /\.(jpe?g|gif|png)$/i
  end

  def is_text?
@@ -226,89 +134,46 @@ class Attachment < ActiveRecord::Base
    File.readable?(diskfile)
  end

-  # Returns the attachment token
-  def token
-    "#{id}.#{digest}"
-  end
-
-  # Finds an attachment that matches the given token and that has no container
-  def self.find_by_token(token)
-    if token.to_s =~ /^(\d+)\.([0-9a-f]+)$/
-      attachment_id, attachment_digest = $1, $2
-      attachment = Attachment.where(:id => attachment_id, :digest => attachment_digest).first
-      if attachment && attachment.container.nil?
-        attachment
-      end
-    end
-  end
-
  # Bulk attaches a set of files to an object
  #
  # Returns a Hash of the results:
  # :files => array of the attached files
  # :unsaved => array of the files that could not be attached
  def self.attach_files(obj, attachments)
-    result = obj.save_attachments(attachments, User.current)
-    obj.attach_saved_attachments
-    result
-  end
+    attached = []
+    if attachments && attachments.is_a?(Hash)
+      attachments.each_value do |attachment|
+        file = attachment['file']
+        next unless file && file.size > 0
+        a = Attachment.create(:container => obj,
+                              :file => file,
+                              :description => attachment['description'].to_s.strip,
+                              :author => User.current)

-  def self.latest_attach(attachments, filename)
-    attachments.sort_by(&:created_on).reverse.detect {
-      |att| att.filename.downcase == filename.downcase
-     }
-  end
-
-  def self.prune(age=1.day)
-    Attachment.where("created_on < ? AND (container_type IS NULL OR container_type = '')", Time.now - age).destroy_all
-  end
-
-  # Moves an existing attachment to its target directory
-  def move_to_target_directory!
-    if !new_record? & readable?
-      src = diskfile
-      self.disk_directory = target_directory
-      dest = diskfile
-      if src != dest && FileUtils.mkdir_p(File.dirname(dest)) && FileUtils.mv(src, dest)
-        update_column :disk_directory, disk_directory
+        if a.new_record?
+          obj.unsaved_attachments ||= []
+          obj.unsaved_attachments << a
+        else
+          attached << a
+        end
      end
    end
+    {:files => attached, :unsaved => obj.unsaved_attachments}
  end

-  # Moves existing attachments that are stored at the root of the files
-  # directory (ie. created before Redmine 2.3) to their target subdirectories
-  def self.move_from_root_to_target_directory
-    Attachment.where("disk_directory IS NULL OR disk_directory = ''").find_each do |attachment|
-      attachment.move_to_target_directory!
-    end
-  end
-
-  private
-
-  # Physically deletes the file from the file system
-  def delete_from_disk!
-    if disk_filename.present? && File.exist?(diskfile)
-      File.delete(diskfile)
-    end
-  end
-
+private
  def sanitize_filename(value)
    # get only the filename, not the whole path
    just_filename = value.gsub(/^.*(\\|\/)/, '')
+    # NOTE: File.basename doesn't work right with Windows paths on Unix
+    # INCORRECT: just_filename = File.basename(value.gsub('\\\\', '/'))

-    # Finally, replace invalid characters with underscore
-    @filename = just_filename.gsub(/[\/\?\%\*\:\|\"\'<>]+/, '_')
+    # Finally, replace all non alphanumeric, hyphens or periods with underscore
+    @filename = just_filename.gsub(/[^\w\.\-]/,'_')
  end

-  # Returns the subdirectory in which the attachment will be saved
-  def target_directory
-    time = created_on || DateTime.now
-    time.strftime("%Y/%m")
-  end
-
-  # Returns an ASCII or hashed filename that do not
-  # exists yet in the given subdirectory
-  def self.disk_filename(filename, directory=nil)
+  # Returns an ASCII or hashed filename
+  def self.disk_filename(filename)
    timestamp = DateTime.now.strftime("%y%m%d%H%M%S")
    ascii = ''
    if filename =~ %r{^[a-zA-Z0-9_\.\-]*$}
@@ -318,7 +183,7 @@ class Attachment < ActiveRecord::Base
      # keep the extension if any
      ascii << $1 if filename =~ %r{(\.[a-zA-Z0-9]+)$}
    end
-    while File.exist?(File.join(storage_path, directory.to_s, "#{timestamp}_#{ascii}"))
+    while File.exist?(File.join(@@storage_path, "#{timestamp}_#{ascii}"))
      timestamp.succ!
    end
    "#{timestamp}_#{ascii}"
--- a/app/models/auth_source.rb
+++ b/app/models/auth_source.rb
@@ -1,71 +1,47 @@
-# Redmine - project management software
-# Copyright (C) 2006-2013  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

-# Generic exception for when the AuthSource can not be reached
-# (eg. can not connect to the LDAP)
-class AuthSourceException < Exception; end
-class AuthSourceTimeoutException < AuthSourceException; end
-
 class AuthSource < ActiveRecord::Base
-  include Redmine::SubclassFactory
  include Redmine::Ciphering
-
+  
  has_many :users
-
+  
  validates_presence_of :name
  validates_uniqueness_of :name
  validates_length_of :name, :maximum => 60

  def authenticate(login, password)
  end
-
+  
  def test_connection
  end
-
+  
  def auth_method_name
    "Abstract"
  end
-
+  
  def account_password
    read_ciphered_attribute(:account_password)
  end
-
+  
  def account_password=(arg)
    write_ciphered_attribute(:account_password, arg)
  end

-  def searchable?
-    false
-  end
-
-  def self.search(q)
-    results = []
-    AuthSource.all.each do |source|
-      begin
-        if source.searchable?
-          results += source.search(q)
-        end
-      rescue AuthSourceException => e
-        logger.error "Error while searching users in #{source.name}: #{e.message}"
-      end
-    end
-    results
-  end
-
  def allow_password_changes?
    self.class.allow_password_changes?
  end
@@ -77,7 +53,7 @@ class AuthSource < ActiveRecord::Base

  # Try to authenticate a user not yet registered against available sources
  def self.authenticate(login, password)
-    AuthSource.where(:onthefly_register => true).all.each do |source|
+    AuthSource.find(:all, :conditions => ["onthefly_register=?", true]).each do |source|
      begin
        logger.debug "Authenticating '#{login}' against '#{source.name}'" if logger && logger.debug?
        attrs = source.authenticate(login, password)
--- a/app/models/auth_source_ldap.rb
+++ b/app/models/auth_source_ldap.rb
@@ -1,134 +1,68 @@
-# Redmine - project management software
-# Copyright (C) 2006-2013  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 require 'net/ldap'
-require 'net/ldap/dn'
-require 'timeout'
+require 'iconv'

-class AuthSourceLdap < AuthSource
+class AuthSourceLdap < AuthSource 
  validates_presence_of :host, :port, :attr_login
  validates_length_of :name, :host, :maximum => 60, :allow_nil => true
-  validates_length_of :account, :account_password, :base_dn, :filter, :maximum => 255, :allow_blank => true
+  validates_length_of :account, :account_password, :base_dn, :maximum => 255, :allow_nil => true
  validates_length_of :attr_login, :attr_firstname, :attr_lastname, :attr_mail, :maximum => 30, :allow_nil => true
  validates_numericality_of :port, :only_integer => true
-  validates_numericality_of :timeout, :only_integer => true, :allow_blank => true
-  validate :validate_filter
-
+  
  before_validation :strip_ldap_attributes
-
-  def initialize(attributes=nil, *args)
-    super
+  
+  def after_initialize
    self.port = 389 if self.port == 0
  end
-
+  
  def authenticate(login, password)
    return nil if login.blank? || password.blank?
-
-    with_timeout do
-      attrs = get_user_dn(login, password)
-      if attrs && attrs[:dn] && authenticate_dn(attrs[:dn], password)
-        logger.debug "Authentication successful for '#{login}'" if logger && logger.debug?
-        return attrs.except(:dn)
-      end
+    attrs = get_user_dn(login)
+    
+    if attrs && attrs[:dn] && authenticate_dn(attrs[:dn], password)
+      logger.debug "Authentication successful for '#{login}'" if logger && logger.debug?
+      return attrs.except(:dn)
    end
-  rescue Net::LDAP::LdapError => e
-    raise AuthSourceException.new(e.message)
+  rescue  Net::LDAP::LdapError => text
+    raise "LdapError: " + text
  end

  # test the connection to the LDAP
  def test_connection
-    with_timeout do
-      ldap_con = initialize_ldap_con(self.account, self.account_password)
-      ldap_con.open { }
-    end
-  rescue Net::LDAP::LdapError => e
-    raise AuthSourceException.new(e.message)
+    ldap_con = initialize_ldap_con(self.account, self.account_password)
+    ldap_con.open { }
+  rescue  Net::LDAP::LdapError => text
+    raise "LdapError: " + text
  end
-
+ 
  def auth_method_name
    "LDAP"
  end
-
-  # Returns true if this source can be searched for users
-  def searchable?
-    !account.to_s.include?("$login") && %w(login firstname lastname mail).all? {|a| send("attr_#{a}?")}
-  end
-
-  # Searches the source for users and returns an array of results
-  def search(q)
-    q = q.to_s.strip
-    return [] unless searchable? && q.present?
-
-    results = []
-    search_filter = base_filter & Net::LDAP::Filter.begins(self.attr_login, q)
-    ldap_con = initialize_ldap_con(self.account, self.account_password)
-    ldap_con.search(:base => self.base_dn,
-                    :filter => search_filter,
-                    :attributes => ['dn', self.attr_login, self.attr_firstname, self.attr_lastname, self.attr_mail],
-                    :size => 10) do |entry|
-      attrs = get_user_attributes_from_ldap_entry(entry)
-      attrs[:login] = AuthSourceLdap.get_attr(entry, self.attr_login)
-      results << attrs
-    end
-    results
-  rescue Net::LDAP::LdapError => e
-    raise AuthSourceException.new(e.message)
-  end
-
+  
  private
-
-  def with_timeout(&block)
-    timeout = self.timeout
-    timeout = 20 unless timeout && timeout > 0
-    Timeout.timeout(timeout) do
-      return yield
-    end
-  rescue Timeout::Error => e
-    raise AuthSourceTimeoutException.new(e.message)
-  end
-
-  def ldap_filter
-    if filter.present?
-      Net::LDAP::Filter.construct(filter)
-    end
-  rescue Net::LDAP::LdapError
-    nil
-  end
-
-  def base_filter
-    filter = Net::LDAP::Filter.eq("objectClass", "*")
-    if f = ldap_filter
-      filter = filter & f
-    end
-    filter
-  end
-
-  def validate_filter
-    if filter.present? && ldap_filter.nil?
-      errors.add(:filter, :invalid)
-    end
-  end
-
+  
  def strip_ldap_attributes
    [:attr_login, :attr_firstname, :attr_lastname, :attr_mail].each do |attr|
      write_attribute(attr, read_attribute(attr).strip) unless read_attribute(attr).nil?
    end
  end
-
+  
  def initialize_ldap_con(ldap_user, ldap_password)
    options = { :host => self.host,
                :port => self.port,
@@ -166,18 +100,14 @@ class AuthSourceLdap < AuthSource
  end

  # Get the user's dn and any attributes for them, given their login
-  def get_user_dn(login, password)
-    ldap_con = nil
-    if self.account && self.account.include?("$login")
-      ldap_con = initialize_ldap_con(self.account.sub("$login", Net::LDAP::DN.escape(login)), password)
-    else
-      ldap_con = initialize_ldap_con(self.account, self.account_password)
-    end
+  def get_user_dn(login)
+    ldap_con = initialize_ldap_con(self.account, self.account_password)
+    login_filter = Net::LDAP::Filter.eq( self.attr_login, login ) 
+    object_filter = Net::LDAP::Filter.eq( "objectClass", "*" ) 
    attrs = {}
-    search_filter = base_filter & Net::LDAP::Filter.eq(self.attr_login, login)
-
-    ldap_con.search( :base => self.base_dn,
-                     :filter => search_filter,
+    
+    ldap_con.search( :base => self.base_dn, 
+                     :filter => object_filter & login_filter, 
                     :attributes=> search_attributes) do |entry|

      if onthefly_register?
@@ -191,7 +121,7 @@ class AuthSourceLdap < AuthSource

    attrs
  end
-
+  
  def self.get_attr(entry, attr_name)
    if !attr_name.blank?
      entry[attr_name].is_a?(Array) ? entry[attr_name].first : entry[attr_name]
--- a/app/models/board.rb
+++ b/app/models/board.rb
@@ -1,62 +1,44 @@
-# Redmine - project management software
-# Copyright (C) 2006-2013  Jean-Philippe Lang
+# redMine - project management software
+# Copyright (C) 2006-2007  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-#
+# 
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#
+# 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 class Board < ActiveRecord::Base
-  include Redmine::SafeAttributes
  belongs_to :project
  has_many :topics, :class_name => 'Message', :conditions => "#{Message.table_name}.parent_id IS NULL", :order => "#{Message.table_name}.created_on DESC"
  has_many :messages, :dependent => :destroy, :order => "#{Message.table_name}.created_on DESC"
  belongs_to :last_message, :class_name => 'Message', :foreign_key => :last_message_id
-  acts_as_tree :dependent => :nullify
-  acts_as_list :scope => '(project_id = #{project_id} AND parent_id #{parent_id ? "= #{parent_id}" : "IS NULL"})'
+  acts_as_list :scope => :project_id
  acts_as_watchable
-
+  
  validates_presence_of :name, :description
  validates_length_of :name, :maximum => 30
  validates_length_of :description, :maximum => 255
-  validate :validate_board
-
-  scope :visible, lambda {|*args|
-    includes(:project).where(Project.allowed_to_condition(args.shift || User.current, :view_messages, *args))
-  }
-
-  safe_attributes 'name', 'description', 'parent_id', 'move_to'
-
+  
  def visible?(user=User.current)
    !user.nil? && user.allowed_to?(:view_messages, project)
  end
-
-  def reload(*args)
-    @valid_parents = nil
-    super
-  end
-
+  
  def to_s
    name
  end
-
-  def valid_parents
-    @valid_parents ||= project.boards - self_and_descendants
-  end
-
+  
  def reset_counters!
    self.class.reset_counters!(id)
  end
-
+  
  # Updates topics_count, messages_count and last_message_id attributes for +board_id+
  def self.reset_counters!(board_id)
    board_id = board_id.to_i
@@ -65,26 +47,4 @@ class Board < ActiveRecord::Base
               " last_message_id = (SELECT MAX(id) FROM #{Message.table_name} WHERE board_id=#{board_id})",
               ["id = ?", board_id])
  end
-
-  def self.board_tree(boards, parent_id=nil, level=0)
-    tree = []
-    boards.select {|board| board.parent_id == parent_id}.sort_by(&:position).each do |board|
-      tree << [board, level]
-      tree += board_tree(boards, board.id, level+1)
-    end
-    if block_given?
-      tree.each do |board, level|
-        yield board, level
-      end
-    end
-    tree
-  end
-
-  protected
-
-  def validate_board
-    if parent_id && parent_id_changed?
-      errors.add(:parent_id, :invalid) unless valid_parents.include?(parent)
-    end
-  end
 end
--- a/app/models/change.rb
+++ b/app/models/change.rb
@@ -1,5 +1,5 @@
 # Redmine - project management software
-# Copyright (C) 2006-2013  Jean-Philippe Lang
+# Copyright (C) 2006-2011  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
@@ -20,13 +20,12 @@ class Change < ActiveRecord::Base

  validates_presence_of :changeset_id, :action, :path
  before_save :init_path
-  before_validation :replace_invalid_utf8_of_path

  def relative_path
    changeset.repository.relative_path(path)
  end

-  def replace_invalid_utf8_of_path
+  def before_validation
    self.path      = Redmine::CodesetUtil.replace_invalid_utf8(self.path)
    self.from_path = Redmine::CodesetUtil.replace_invalid_utf8(self.from_path)
  end
--- a/Show More
+++ b/Show More