From: Tom Hughes Date: Mon, 7 Dec 2015 14:57:19 +0000 (+0000) Subject: Merge remote-tracking branch 'openstreetmap/pull/1099' X-Git-Tag: live~3992 X-Git-Url: https://git.openstreetmap.org/rails.git/commitdiff_plain/8368f903101031389c7153623c8858a7a6f2de84?hp=d02ea8a1332fc7c32749ab479d68d44e2e76cdfa Merge remote-tracking branch 'openstreetmap/pull/1099' --- diff --git a/.travis.yml b/.travis.yml index 1af422452..441bdf6da 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,7 +1,7 @@ sudo: false language: ruby rvm: - - 1.9.3 + - 2.1.7 cache: bundler addons: postgresql: 9.1 diff --git a/Gemfile b/Gemfile index 8f81ab3ec..3789c9fb8 100644 --- a/Gemfile +++ b/Gemfile @@ -54,6 +54,9 @@ gem "i18n-js", ">= 3.0.0.rc10" gem "rack-cors" gem "actionpack-page_caching" +# Sanitise URIs +gem "rack-uri_sanitizer" + # Omniauth for authentication gem "omniauth" gem "omniauth-openid" diff --git a/Gemfile.lock b/Gemfile.lock index 18015c244..83d9ae473 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -39,12 +39,12 @@ GEM minitest (~> 5.1) thread_safe (~> 0.3, >= 0.3.4) tzinfo (~> 1.1) - addressable (2.3.8) + addressable (2.4.0) arel (6.0.3) ast (2.1.0) astrolabe (1.3.1) parser (~> 2.2) - autoprefixer-rails (6.1.0.1) + autoprefixer-rails (6.1.2) execjs json bigdecimal (1.1.0) @@ -70,10 +70,11 @@ GEM colorize (0.7.7) composite_primary_keys (8.1.1) activerecord (~> 4.2.0) - coveralls (0.8.9) + concurrent-ruby (1.0.0) + coveralls (0.8.10) json (~> 1.8) rest-client (>= 1.6.8, < 2) - simplecov (~> 0.10.0) + simplecov (~> 0.11.0) term-ansicolor (~> 1.3) thor (~> 0.19.1) tins (~> 1.6.0) @@ -146,14 +147,14 @@ GEM mime-types (>= 1.16, < 3) mime-types (2.99) mimemagic (0.3.0) - mini_portile (0.6.2) + mini_portile2 (2.0.0) minitest (5.8.3) multi_json (1.11.2) multi_xml (0.5.5) multipart-post (2.0.0) netrc (0.11.0) - nokogiri (1.6.6.4) - mini_portile (~> 0.6.0) + nokogiri (1.6.7) + mini_portile2 (~> 2.0.0.rc2) nokogumbo (1.4.1) nokogiri oauth (0.4.7) @@ -197,7 +198,7 @@ GEM parser (2.2.3.0) ast (>= 1.1, < 3.0) pg (0.18.4) - poltergeist (1.8.0) + poltergeist (1.8.1) capybara (~> 2.1) cliver (~> 0.3.1) multi_json (~> 1.0) @@ -213,6 +214,7 @@ GEM ruby-openid (>= 2.1.8) rack-test (0.6.3) rack (>= 1.0) + rack-uri_sanitizer (0.0.2) rails (4.2.5) actionmailer (= 4.2.5) actionpack (= 4.2.5) @@ -270,13 +272,14 @@ GEM sprockets (>= 2.8, < 4.0) sprockets-rails (>= 2.0, < 4.0) tilt (>= 1.1, < 3) - simplecov (0.10.0) + simplecov (0.11.1) docile (~> 1.1.0) json (~> 1.8) simplecov-html (~> 0.10.0) simplecov-html (0.10.0) soap4r-ruby1.9 (2.0.5) - sprockets (3.4.0) + sprockets (3.5.1) + concurrent-ruby (~> 1.0) rack (> 1, < 3) sprockets-rails (2.3.3) actionpack (>= 3.0) @@ -350,6 +353,7 @@ DEPENDENCIES psych r2 rack-cors + rack-uri_sanitizer rails (= 4.2.5) rails-i18n (~> 4.0.0) redcarpet diff --git a/app/assets/images/browse/shop_car_parts.16.png b/app/assets/images/browse/shop_car_parts.16.png new file mode 100644 index 000000000..6c07e4d0e Binary files /dev/null and b/app/assets/images/browse/shop_car_parts.16.png differ diff --git a/app/assets/javascripts/index/search.js b/app/assets/javascripts/index/search.js index 485920c8e..9481e271e 100644 --- a/app/assets/javascripts/index/search.js +++ b/app/assets/javascripts/index/search.js @@ -119,6 +119,7 @@ OSM.Search = function(map) { page.pushstate = page.popstate = function(path) { var params = querystring.parse(path.substring(path.indexOf('?') + 1)); $(".search_form input[name=query]").val(params.query); + $(".describe_location").hide(); OSM.loadSidebarContent(path, page.load); }; diff --git a/app/assets/javascripts/osm.js.erb b/app/assets/javascripts/osm.js.erb index 0f044c24f..6a8b856be 100644 --- a/app/assets/javascripts/osm.js.erb +++ b/app/assets/javascripts/osm.js.erb @@ -53,7 +53,12 @@ OSM = { j = pair.indexOf('='), key = pair.slice(0, j), val = pair.slice(++j); - params[key] = decodeURIComponent(val); + + try { + params[key] = decodeURIComponent(val); + } catch (e) { + // Ignore parse exceptions + } } return params; diff --git a/app/assets/stylesheets/browse.scss b/app/assets/stylesheets/browse.scss index f2241b4cf..f497a22d8 100644 --- a/app/assets/stylesheets/browse.scss +++ b/app/assets/stylesheets/browse.scss @@ -98,6 +98,7 @@ .shop.books::before { content: image-url('browse/shop_books.16.png'); } .shop.butcher::before { content: image-url('browse/shop_butcher.p.16.png'); } .shop.clothes::before { content: image-url('browse/shop_clothes.16.png'); } + .shop.car_parts::before { content: image-url('browse/shop_car_parts.16.png'); } .shop.car_repair::before { content: image-url('browse/shop_car_repair.16.png'); } .shop.convenience::before { content: image-url('browse/shop_convenience.p.16.png'); } .shop.diy::before { content: image-url('browse/shop_doityourself.16.png'); } diff --git a/app/controllers/user_controller.rb b/app/controllers/user_controller.rb index fca0e3be7..6390ff19e 100644 --- a/app/controllers/user_controller.rb +++ b/app/controllers/user_controller.rb @@ -497,7 +497,7 @@ class UserController < ApplicationController when "openid" email_verified = uid.match(%r{https://www.google.com/accounts/o8/id?(.*)}) || uid.match(%r{https://me.yahoo.com/(.*)}) - when "google" + when "google", "facebook" email_verified = true else email_verified = false diff --git a/config/initializers/uri_sanitizer.rb b/config/initializers/uri_sanitizer.rb new file mode 100644 index 000000000..7f3f3d06a --- /dev/null +++ b/config/initializers/uri_sanitizer.rb @@ -0,0 +1,2 @@ +# Add URI sanitizer to rack middleware +Rails.configuration.middleware.insert_before Rack::Runtime, Rack::URISanitizer