[Git][noosfero/noosfero][master] 3 commits: Fixing html_safe for noosfero core
Bráulio Bhavamitra
gitlab at mg.gitlab.com
Fri Apr 22 16:46:55 BRT 2016
Bráulio Bhavamitra pushed to branch master at Noosfero / noosfero
Commits:
dab58951 by Carlos Purificacao at 2016-04-18T07:50:07-03:00
Fixing html_safe for noosfero core
Signed-off-by: Alexandre Barbosa <alexandreab at live.com>
Signed-off-by: Arthur Jahn <stutrzbecher at gmail.com>
Signed-off-by: David Carlos <ddavidcarlos1392 at gmail.com>
Signed-off-by: Marcos Ronaldo <marcos.rpj2 at gmail.com>
Signed-off-by: Victor Costa <vfcosta at gmail.com>
- - - - -
9172bf4b by Alexandre Barbosa at 2016-04-18T07:50:14-03:00
Fix plugins tests for html_safe
Signed-off-by: Alexandre Barbosa <alexandreab at live.com>
- - - - -
8df1c088 by Bráulio Bhavamitra at 2016-04-22T19:46:42+00:00
Merge branch 'new_security' into 'master'
Fixing html_safe for noosfero
This MR treats of Noosfero's safe strings (with html_safe), because at the moment Noosfero treats all strings as safe, which allows users to inject malicious code.
See merge request !859
- - - - -
100 changed files:
- app/controllers/my_profile/cms_controller.rb
- app/controllers/my_profile/profile_editor_controller.rb
- app/helpers/action_tracker_helper.rb
- app/helpers/application_helper.rb
- app/helpers/block_helper.rb
- app/helpers/blog_helper.rb
- app/helpers/box_organizer_helper.rb
- app/helpers/boxes_helper.rb
- app/helpers/buttons_helper.rb
- app/helpers/catalog_helper.rb
- app/helpers/content_viewer_helper.rb
- app/helpers/display_helper.rb
- app/helpers/events_helper.rb
- app/helpers/forms_helper.rb
- app/helpers/forum_helper.rb
- app/helpers/language_helper.rb
- app/helpers/layout_helper.rb
- app/helpers/manage_products_helper.rb
- app/helpers/profile_editor_helper.rb
- app/helpers/profile_image_helper.rb
- app/helpers/search_helper.rb
- app/helpers/tags_helper.rb
- app/helpers/tinymce_helper.rb
- app/models/approve_article.rb
- app/models/create_community.rb
- app/models/create_enterprise.rb
- app/models/doc_item.rb
- app/models/environment.rb
- app/models/invite_friend.rb
- app/models/invite_member.rb
- app/models/profile.rb
- app/models/suggest_article.rb
- app/views/account/_signup_form.html.erb
- app/views/account/activate_enterprise.html.erb
- app/views/account/invalid_change_password_code.html.erb
- app/views/account/login.html.erb
- app/views/account/login_block.html.erb
- app/views/account/new_password_ok.html.erb
- app/views/blocks/blog_archives.html.erb
- app/views/blocks/link_list.html.erb
- app/views/blocks/login.html.erb
- app/views/blocks/profile_list.html.erb
- app/views/box_organizer/_article_block.html.erb
- app/views/catalog/index.html.erb
- app/views/cms/_blog.html.erb
- app/views/cms/_textile_quick_reference.html.erb
- app/views/cms/edit.html.erb
- app/views/cms/select_article_type.html.erb
- app/views/cms/upload_files.html.erb
- app/views/cms/view.html.erb
- app/views/comment/_comment.html.erb
- app/views/comment/_comment_form.html.erb
- app/views/content_viewer/_article_toolbar.html.erb
- app/views/content_viewer/_publishing_info.html.erb
- app/views/content_viewer/event_page.html.erb
- app/views/content_viewer/versions_diff.html.erb
- app/views/content_viewer/view_page.html.erb
- app/views/doc/_toc.html.erb
- app/views/features/index.html.erb
- app/views/home/index.html.erb
- app/views/invite/_select_address_book.html.erb
- app/views/layouts/_user.html.erb
- app/views/layouts/application-ng.html.erb
- app/views/mailconf/index.html.erb
- app/views/mailing/sender/notification.html.erb
- app/views/manage_products/show.html.erb
- app/views/memberships/new_community.html.erb
- app/views/pending_task_notifier/notification.text.erb
- app/views/profile/content_tagged.html.erb
- app/views/profile/index.html.erb
- app/views/profile_editor/_moderation.html.erb
- app/views/profile_editor/_organization.html.erb
- app/views/profile_editor/_pending_tasks.html.erb
- app/views/profile_editor/_person.html.erb
- app/views/profile_editor/edit.html.erb
- app/views/profile_members/_members_filter.erb
- app/views/search/_article_last_change.html.erb
- app/views/search/_full_product.html.erb
- app/views/search/tag.html.erb
- app/views/shared/_list_groups.html.erb
- app/views/tasks/_add_member_accept_details.html.erb
- app/views/tasks/_task_icon.html.erb
- app/views/tasks/list_requested.html.erb
- − config/initializers/html_safe.rb
- lib/noosfero/plugin.rb
- plugins/breadcrumbs/lib/breadcrumbs_plugin/content_breadcrumbs_block.rb
- plugins/community_block/views/blocks/community.html.erb
- plugins/context_content/lib/context_content_plugin/context_content_block.rb
- plugins/custom_forms/views/custom_forms_plugin_profile/show.html.erb
- plugins/display_content/lib/display_content_block.rb
- plugins/event/views/event_plugin/event_block_item.html.erb
- plugins/metadata/lib/metadata_plugin/base.rb
- plugins/newsletter/lib/newsletter_plugin/newsletter.rb
- plugins/profile_members_headlines/views/blocks/headlines.html.erb
- plugins/relevant_content/lib/relevant_content_plugin/relevant_content_block.rb
- plugins/require_auth_to_comment/lib/require_auth_to_comment_plugin.rb
- plugins/site_tour/views/tour_actions.html.erb
- plugins/sniffer/views/sniffer_plugin_myprofile/search.html.erb
- public/designs/themes/base/footer.html.erb
- public/designs/themes/profile-base/footer.html.erb
The diff was not included because it is too large.
View it on GitLab: https://gitlab.com/noosfero/noosfero/compare/05c93013813701736ba53ce2838c44533aad6c7e...8df1c088a12e350ccf8cf263ab2543128fc3cd9f
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listas.softwarelivre.org/pipermail/noosfero-dev/attachments/20160422/1996acd4/attachment.html>
More information about the Noosfero-dev
mailing list