Permalink
Browse files

Merge branch 'release/5.0' into stable/5

  • Loading branch information...
2 parents cbc4e7d + d030c76 commit c96bb31d947ccaf486e91f598490b0d13f74258b @oliverguenther oliverguenther committed Jun 20, 2016
Showing with 627 additions and 284 deletions.
  1. +4 −1 Gemfile
  2. +73 −69 Gemfile.lock
  3. +53 −0 app/middleware/reset_current_user.rb
  4. +5 −0 app/models/principal.rb
  5. +18 −11 app/models/work_package.rb
  6. +73 −0 app/models/work_package/pdf_export/common.rb
  7. +22 −15 app/models/work_package/pdf_export/work_package_list_to_pdf.rb
  8. +60 −21 app/models/work_package/pdf_export/work_package_to_pdf.rb
  9. +14 −4 app/services/user_search_service.rb
  10. +1 −0 config/application.rb
  11. +6 −5 config/initializers/10-patches.rb
  12. +7 −0 config/settings.yml
  13. +1 −1 doc/operation_guides/manual/installation-guide.md
  14. +0 −108 features/timelines/timeline_comparison_view.feature
  15. +2 −0 frontend/.gitignore
  16. +3 −3 frontend/app/components/work-packages/work-package.service.js
  17. +5 −0 frontend/app/openproject-app.js
  18. +1 −1 lib/api/errors/error_base.rb
  19. +1 −1 lib/open_project/version.rb
  20. +5 −2 lib/plugins/acts_as_customizable/lib/acts_as_customizable.rb
  21. +15 −0 spec/controllers/api/v2/users_controller_spec.rb
  22. +71 −0 spec/features/security/angular_xss_spec.rb
  23. +23 −0 spec/models/work_package/work_package_custom_fields_spec.rb
  24. +22 −0 spec/models/work_package_spec.rb
  25. +73 −0 spec/requests/current_user_spec.rb
  26. +1 −1 vendored-plugins/openproject-announcements/lib/open_project/announcements/version.rb
  27. +1 −1 vendored-plugins/openproject-auth_plugins/lib/open_project/auth_plugins/version.rb
  28. +9 −1 vendored-plugins/openproject-backlogs/app/helpers/burndown_charts_helper.rb
  29. +5 −2 vendored-plugins/openproject-backlogs/app/helpers/rb_master_backlogs_helper.rb
  30. +1 −1 vendored-plugins/openproject-backlogs/app/views/rb_burndown_charts/_burndown.html.erb
  31. +2 −2 vendored-plugins/openproject-backlogs/app/views/shared/_server_variables.js.erb
  32. +1 −1 vendored-plugins/openproject-backlogs/lib/open_project/backlogs/version.rb
  33. +2 −7 vendored-plugins/openproject-costs/app/helpers/costlog_helper.rb
  34. +1 −2 vendored-plugins/openproject-costs/app/models/cost_object.rb
  35. +2 −0 vendored-plugins/openproject-costs/app/models/labor_budget_item.rb
  36. +5 −5 vendored-plugins/openproject-costs/app/views/cost_objects/_show_variable_cost_object.html.erb
  37. +5 −2 vendored-plugins/openproject-costs/app/views/costlog/edit.html.erb
  38. +1 −1 vendored-plugins/openproject-costs/lib/open_project/costs/version.rb
  39. +13 −0 vendored-plugins/openproject-costs/spec/models/labor_budget_item_spec.rb
  40. +1 −1 vendored-plugins/openproject-documents/lib/open_project/documents/version.rb
  41. +1 −1 vendored-plugins/openproject-github_integration/lib/open_project/github_integration/version.rb
  42. +1 −1 vendored-plugins/openproject-global_roles/lib/open_project/global_roles/version.rb
  43. +1 −1 vendored-plugins/openproject-help_link/lib/open_project/help_link/version.rb
  44. +1 −1 vendored-plugins/openproject-local_avatars/lib/open_project/local_avatars/version.rb
  45. +1 −1 vendored-plugins/openproject-meeting/lib/open_project/meeting/version.rb
  46. +1 −1 vendored-plugins/openproject-my_project_page/lib/open_project/my_project_page/version.rb
  47. +1 −1 vendored-plugins/openproject-openid_connect/lib/open_project/openid_connect/version.rb
  48. +1 −1 vendored-plugins/openproject-pdf_export/lib/open_project/pdf_export/version.rb
  49. +2 −2 vendored-plugins/openproject-reporting/Gemfile.plugins
  50. +4 −0 vendored-plugins/openproject-reporting/app/controllers/cost_reports_controller.rb
  51. +1 −1 vendored-plugins/openproject-reporting/lib/open_project/reporting/version.rb
  52. +1 −1 vendored-plugins/openproject-themes-dark/lib/open_project/themes/dark/version.rb
  53. +1 −1 vendored-plugins/openproject-webhooks/lib/open_project/webhooks/version.rb
  54. +1 −1 vendored-plugins/openproject-xls_export/lib/open_project/xls_export/version.rb
  55. +1 −1 vendored-plugins/reporting_engine/lib/reporting_engine/version.rb
View
@@ -95,6 +95,9 @@ gem 'rack-protection', git: 'https://github.com/finnlabs/rack-protection.git', r
# https://github.com/kickstarter/rack-attack
gem 'rack-attack'
+# Patch Rails HTML whitelisting for Angular curly braces
+gem 'rails-angular-xss', github: 'opf/rails-angular-xss'
+
gem "syck", '~> 1.0.5', require: false
gem 'gon', '~> 4.0'
@@ -134,7 +137,7 @@ gem 'cocaine'
# also, better than thin since we can control worker concurrency.
gem 'unicorn'
-gem 'nokogiri', '~> 1.6.7'
+gem 'nokogiri', '~> 1.6.8'
gem 'carrierwave', '~> 0.10.0'
gem 'fog', '~> 1.23.0', require: 'fog/aws/storage'
View
@@ -24,13 +24,20 @@ GIT
GIT
remote: git://github.com/omniauth/omniauth-saml.git
- revision: c0f02d2ca4f7f8ed16a8a5d1299d35781626060e
+ revision: 146e46987bccd17343f96bb8b408fb1c8c84ec8d
specs:
omniauth-saml (1.5.0)
omniauth (~> 1.3)
ruby-saml (~> 1.1, >= 1.1.1)
GIT
+ remote: git://github.com/opf/rails-angular-xss.git
+ revision: 13f8443cc3e1944743cba578685904b826515177
+ specs:
+ rails-angular-xss (0.1.0)
+ rails (>= 4.2.0, < 5.0)
+
+GIT
remote: git://github.com/why-el/svg-graph.git
revision: e79abffa66639ab203d099250c5d2656a4ebf917
branch: silence-class-access-warning
@@ -87,10 +94,10 @@ GIT
GIT
remote: https://github.com/opf/openproject-translations.git
- revision: 4e532704b9930069807af4e7cb9ad44673b0edff
+ revision: 31f5157005783b91d58c1cb4fb808e9934bfe06a
branch: stable/5
specs:
- openproject-translations (5.0.18)
+ openproject-translations (5.0.19)
crowdin-api (~> 0.4.0)
mixlib-shellout (~> 2.1.0)
rails (~> 4.2.3)
@@ -122,78 +129,78 @@ GIT
PATH
remote: vendored-plugins/openproject-announcements
specs:
- openproject-announcements (5.0.18)
+ openproject-announcements (5.0.19)
rails (~> 4.2.4)
PATH
remote: vendored-plugins/openproject-auth_plugins
specs:
- openproject-auth_plugins (5.0.18)
+ openproject-auth_plugins (5.0.19)
omniauth (~> 1.0)
rails (~> 4.2.4)
PATH
remote: vendored-plugins/openproject-backlogs
specs:
- openproject-backlogs (5.0.18)
+ openproject-backlogs (5.0.19)
acts_as_silent_list (~> 2.0.0)
openproject-pdf_export
rails (~> 4.2.4)
PATH
remote: vendored-plugins/openproject-costs
specs:
- openproject-costs (5.0.18)
+ openproject-costs (5.0.19)
rails (~> 4.2.4)
PATH
remote: vendored-plugins/openproject-documents
specs:
- openproject-documents (5.0.18)
+ openproject-documents (5.0.19)
rails (~> 4.2.4)
PATH
remote: vendored-plugins/openproject-github_integration
specs:
- openproject-github_integration (5.0.18)
+ openproject-github_integration (5.0.19)
openproject-webhooks (~> 5.0.1)
rails (~> 4.2.4)
PATH
remote: vendored-plugins/openproject-global_roles
specs:
- openproject-global_roles (5.0.18)
+ openproject-global_roles (5.0.19)
rails (~> 4.2.4)
PATH
remote: vendored-plugins/openproject-help_link
specs:
- openproject-help_link (5.0.18)
+ openproject-help_link (5.0.19)
rails (~> 4.2.4)
PATH
remote: vendored-plugins/openproject-local_avatars
specs:
- openproject-local_avatars (5.0.18)
+ openproject-local_avatars (5.0.19)
rails (~> 4.2.4)
rmagick (~> 2.15.4)
PATH
remote: vendored-plugins/openproject-meeting
specs:
- openproject-meeting (5.0.18)
+ openproject-meeting (5.0.19)
rails (~> 4.2.4)
PATH
remote: vendored-plugins/openproject-my_project_page
specs:
- openproject-my_project_page (5.0.18)
+ openproject-my_project_page (5.0.19)
rails (~> 4.2.4)
PATH
remote: vendored-plugins/openproject-openid_connect
specs:
- openproject-openid_connect (5.0.18)
+ openproject-openid_connect (5.0.19)
lobby_boy (~> 0.1)
omniauth-openid_connect-providers (~> 0.1)
openproject-auth_plugins (~> 5.0.1)
@@ -202,57 +209,57 @@ PATH
PATH
remote: vendored-plugins/openproject-pdf_export
specs:
- openproject-pdf_export (5.0.18)
+ openproject-pdf_export (5.0.19)
prawn (~> 2.1.0)
rails (~> 4.2.4)
PATH
remote: vendored-plugins/openproject-reporting
specs:
- openproject-reporting (5.0.18)
+ openproject-reporting (5.0.19)
openproject-costs (>= 5.0.1)
rails (~> 4.2.4)
reporting_engine (>= 1.1.0)
PATH
remote: vendored-plugins/openproject-themes-dark
specs:
- openproject-themes-dark (5.0.18)
+ openproject-themes-dark (5.0.19)
rails (~> 4.2.4)
PATH
remote: vendored-plugins/openproject-webhooks
specs:
- openproject-webhooks (5.0.18)
+ openproject-webhooks (5.0.19)
rails (~> 4.2.4)
PATH
remote: vendored-plugins/openproject-xls_export
specs:
- openproject-xls_export (5.0.18)
+ openproject-xls_export (5.0.19)
rails (~> 4.2.4)
spreadsheet (~> 0.8.9)
PATH
remote: vendored-plugins/reporting_engine
specs:
- reporting_engine (5.0.18)
+ reporting_engine (5.0.19)
json
rails (~> 4.2.4)
GEM
remote: https://rubygems.org/
specs:
Ascii85 (1.0.2)
- actionmailer (4.2.5.2)
- actionpack (= 4.2.5.2)
- actionview (= 4.2.5.2)
- activejob (= 4.2.5.2)
+ actionmailer (4.2.6)
+ actionpack (= 4.2.6)
+ actionview (= 4.2.6)
+ activejob (= 4.2.6)
mail (~> 2.5, >= 2.5.4)
rails-dom-testing (~> 1.0, >= 1.0.5)
- actionpack (4.2.5.2)
- actionview (= 4.2.5.2)
- activesupport (= 4.2.5.2)
+ actionpack (4.2.6)
+ actionview (= 4.2.6)
+ activesupport (= 4.2.6)
rack (~> 1.6)
rack-test (~> 0.6.2)
rails-dom-testing (~> 1.0, >= 1.0.5)
@@ -261,29 +268,29 @@ GEM
actionpack (>= 4.0.0, < 5.0)
actionpack-xml_parser (1.0.2)
actionpack (>= 4.0.0, < 5)
- actionview (4.2.5.2)
- activesupport (= 4.2.5.2)
+ actionview (4.2.6)
+ activesupport (= 4.2.6)
builder (~> 3.1)
erubis (~> 2.7.0)
rails-dom-testing (~> 1.0, >= 1.0.5)
rails-html-sanitizer (~> 1.0, >= 1.0.2)
- activejob (4.2.5.2)
- activesupport (= 4.2.5.2)
+ activejob (4.2.6)
+ activesupport (= 4.2.6)
globalid (>= 0.3.0)
- activemodel (4.2.5.2)
- activesupport (= 4.2.5.2)
+ activemodel (4.2.6)
+ activesupport (= 4.2.6)
builder (~> 3.1)
- activerecord (4.2.5.2)
- activemodel (= 4.2.5.2)
- activesupport (= 4.2.5.2)
+ activerecord (4.2.6)
+ activemodel (= 4.2.6)
+ activesupport (= 4.2.6)
arel (~> 6.0)
activerecord-session_store (0.1.1)
actionpack (>= 4.0.0, < 5)
activerecord (>= 4.0.0, < 5)
railties (>= 4.0.0, < 5)
activerecord-tableless (1.3.4)
activerecord (>= 2.3.0)
- activesupport (4.2.5.2)
+ activesupport (4.2.6)
i18n (~> 0.7)
json (~> 1.7, >= 1.7.7)
minitest (~> 5.1)
@@ -382,7 +389,7 @@ GEM
disposable (0.0.9)
representable (~> 2.0)
uber
- domain_name (0.5.20160310)
+ domain_name (0.5.20160615)
unf (>= 0.0.5, < 1.0.0)
equalizer (0.0.11)
equivalent-xml (0.5.1)
@@ -483,14 +490,12 @@ GEM
rails (>= 3.2.21)
loofah (2.0.3)
nokogiri (>= 1.5.9)
- macaddr (1.7.1)
- systemu (~> 2.6.2)
- mail (2.6.3)
- mime-types (>= 1.16, < 3)
+ mail (2.6.4)
+ mime-types (>= 1.16, < 4)
method_source (0.8.2)
- mime-types (1.25.1)
- mini_portile2 (2.0.0)
- minitest (5.8.0)
+ mime-types (2.99.2)
+ mini_portile2 (2.1.0)
+ minitest (5.9.0)
mixlib-shellout (2.1.0)
multi_json (1.11.3)
multi_test (0.1.2)
@@ -502,8 +507,9 @@ GEM
net-ssh (2.9.2)
netrc (0.11.0)
newrelic_rpm (3.14.1.311)
- nokogiri (1.6.7.2)
- mini_portile2 (~> 2.0.0.rc2)
+ nokogiri (1.6.8)
+ mini_portile2 (~> 2.1.0)
+ pkg-config (~> 1.1.7)
non-stupid-digest-assets (1.0.4)
oj (2.11.5)
openid_connect (0.8.3)
@@ -535,6 +541,7 @@ GEM
ruby-rc4
ttfunk
pg (0.18.3)
+ pkg-config (1.1.7)
poltergeist (1.7.0)
capybara (~> 2.1)
cliver (~> 0.3.1)
@@ -586,16 +593,16 @@ GEM
rack_session_access (0.1.1)
builder (>= 2.0.0)
rack (>= 1.0.0)
- rails (4.2.5.2)
- actionmailer (= 4.2.5.2)
- actionpack (= 4.2.5.2)
- actionview (= 4.2.5.2)
- activejob (= 4.2.5.2)
- activemodel (= 4.2.5.2)
- activerecord (= 4.2.5.2)
- activesupport (= 4.2.5.2)
+ rails (4.2.6)
+ actionmailer (= 4.2.6)
+ actionpack (= 4.2.6)
+ actionview (= 4.2.6)
+ activejob (= 4.2.6)
+ activemodel (= 4.2.6)
+ activerecord (= 4.2.6)
+ activesupport (= 4.2.6)
bundler (>= 1.3.0, < 2.0)
- railties (= 4.2.5.2)
+ railties (= 4.2.6)
sprockets-rails
rails-deprecated_sanitizer (1.0.3)
activesupport (>= 4.2.0.alpha)
@@ -612,16 +619,16 @@ GEM
rails_stdout_logging
rails_autolink (1.1.6)
rails (> 3.1)
- rails_serve_static_assets (0.0.4)
- rails_stdout_logging (0.0.4)
- railties (4.2.5.2)
- actionpack (= 4.2.5.2)
- activesupport (= 4.2.5.2)
+ rails_serve_static_assets (0.0.5)
+ rails_stdout_logging (0.0.5)
+ railties (4.2.6)
+ actionpack (= 4.2.6)
+ activesupport (= 4.2.6)
rake (>= 0.8.7)
thor (>= 0.18.1, < 2.0)
rainbow (2.0.0)
raindrops (0.13.0)
- rake (10.5.0)
+ rake (11.2.2)
rb-readline (0.5.2)
rdoc (4.2.0)
json (~> 1.4)
@@ -682,9 +689,8 @@ GEM
ruby-prof (0.15.8)
ruby-progressbar (1.7.5)
ruby-rc4 (0.1.5)
- ruby-saml (1.1.2)
+ ruby-saml (1.2.0)
nokogiri (>= 1.5.10)
- uuid (~> 2.3)
rubytree (0.8.3)
json (>= 1.7.5)
structured_warnings (>= 0.1.3)
@@ -733,7 +739,6 @@ GEM
syck (1.0.5)
sys-filesystem (1.1.4)
ffi
- systemu (2.6.5)
thin (1.6.3)
daemons (~> 1.0, >= 1.0.9)
eventmachine (~> 1.0)
@@ -757,8 +762,6 @@ GEM
raindrops (~> 0.7)
url (0.3.2)
url_safe_base64 (0.2.2)
- uuid (2.3.8)
- macaddr (~> 1.0)
validate_email (0.1.6)
activemodel (>= 3.0)
mail (>= 2.2.5)
@@ -842,7 +845,7 @@ DEPENDENCIES
mysql2 (~> 0.3.20)
net-ldap (~> 0.8.0)
newrelic_rpm
- nokogiri (~> 1.6.7)
+ nokogiri (~> 1.6.8)
non-stupid-digest-assets
oj (~> 2.11.4)
omniauth!
@@ -889,6 +892,7 @@ DEPENDENCIES
rack-test (~> 0.6.2)
rack_session_access
rails (~> 4.2.5)
+ rails-angular-xss!
rails-observers
rails_12factor
rails_autolink (~> 1.1.6)
Oops, something went wrong.

0 comments on commit c96bb31

Please sign in to comment.