]>
git.openstreetmap.org Git - rails.git/log
Tom Hughes [Wed, 5 Jan 2022 18:40:13 +0000 (18:40 +0000)]
Merge remote-tracking branch 'upstream/pull/3409'
Tom Hughes [Wed, 5 Jan 2022 11:11:14 +0000 (11:11 +0000)]
Attempt to avoid polynomial time matches on user supplied data
Andy Allan [Wed, 5 Jan 2022 18:14:30 +0000 (18:14 +0000)]
Fix display of suspension message when a user is suspended mid-session
Without the ability defined, the user is still logged out, but then
the deny_access check redirects to the login page. The re-login attempt
would then fail anyway, with an error message, but let's fix the abilities
and use the intended page.
Tom Hughes [Tue, 4 Jan 2022 19:10:16 +0000 (19:10 +0000)]
Re-enable the Performance/StringIdentifierArgument cop
Tom Hughes [Tue, 4 Jan 2022 19:05:13 +0000 (19:05 +0000)]
Update bundle
Tom Hughes [Tue, 4 Jan 2022 12:02:16 +0000 (12:02 +0000)]
Merge remote-tracking branch 'upstream/pull/3408'
Tom Hughes [Tue, 4 Jan 2022 12:01:16 +0000 (12:01 +0000)]
Remove redundant OpenID URL expansion code
It was only used for Google who have long since dropped OpenID support.
dependabot[bot] [Mon, 3 Jan 2022 23:00:41 +0000 (23:00 +0000)]
Bump eslint from 8.5.0 to 8.6.0
Bumps [eslint](https://github.com/eslint/eslint) from 8.5.0 to 8.6.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v8.5.0...v8.6.0)
---
updated-dependencies:
- dependency-name: eslint
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
translatewiki.net [Mon, 3 Jan 2022 12:08:20 +0000 (13:08 +0100)]
Localisation updates from https://translatewiki.net.
Tom Hughes [Thu, 30 Dec 2021 19:55:13 +0000 (19:55 +0000)]
Switch to 6.1 defaults as everything has been enabled for some time
translatewiki.net [Thu, 30 Dec 2021 12:09:01 +0000 (13:09 +0100)]
Localisation updates from https://translatewiki.net.
Tom Hughes [Wed, 29 Dec 2021 18:29:38 +0000 (18:29 +0000)]
Test redirect from settings page to OmniAuth
Tom Hughes [Tue, 28 Dec 2021 18:46:05 +0000 (18:46 +0000)]
Fix new rubocop warnings
Tom Hughes [Tue, 28 Dec 2021 18:25:02 +0000 (18:25 +0000)]
Update bundle
translatewiki.net [Mon, 27 Dec 2021 12:09:57 +0000 (13:09 +0100)]
Localisation updates from https://translatewiki.net.
Tom Hughes [Mon, 27 Dec 2021 10:25:44 +0000 (10:25 +0000)]
Allow PATCH for OmniAuth requests
This is required to allow the account settings screen, which now
uses the PATCH verb, to redirect to OmniAuth when the external
authentication provider is changed.
As PATCH still uses CSRF this doesn't impact CVE-2015-9284 which
is the reason for requiring POST and most importantly got not
allowing GET requests to OmniAuth.
translatewiki.net [Thu, 23 Dec 2021 12:09:28 +0000 (13:09 +0100)]
Localisation updates from https://translatewiki.net.
Tom Hughes [Wed, 22 Dec 2021 15:36:25 +0000 (15:36 +0000)]
Merge remote-tracking branch 'upstream/pull/3404'
Tom Hughes [Wed, 22 Dec 2021 15:26:23 +0000 (15:26 +0000)]
Merge remote-tracking branch 'upstream/pull/3403'
Tom Hughes [Wed, 22 Dec 2021 15:21:22 +0000 (15:21 +0000)]
Merge remote-tracking branch 'upstream/pull/3402'
Andy Allan [Wed, 22 Dec 2021 15:08:06 +0000 (15:08 +0000)]
Remove unused require statement
The corresponding code was removed in
a65cb8428867d92d76bbf051bbd4614966636cf5
Andy Allan [Wed, 22 Dec 2021 14:48:07 +0000 (14:48 +0000)]
Alias the user creation_time column
This allows rails to set the created_at automatically, and so avoids
us from having to do so in a callback. It also hides the unusual
db column name from the rest of the app.
Andy Allan [Wed, 22 Dec 2021 11:32:33 +0000 (11:32 +0000)]
Rename User#delete to User#destroy
"delete" is generally used for immediate SQL deletion without running
any callbacks or other ruby code, whereas "destroy" will trigger callbacks.
Although we don't currently use any callbacks, let's rename this method to
align better with the convention.
Tom Hughes [Tue, 21 Dec 2021 18:34:35 +0000 (18:34 +0000)]
Update bundle
translatewiki.net [Mon, 20 Dec 2021 12:11:17 +0000 (13:11 +0100)]
Localisation updates from https://translatewiki.net.
Tom Hughes [Sat, 18 Dec 2021 00:04:42 +0000 (00:04 +0000)]
Merge remote-tracking branch 'upstream/pull/3399'
dependabot[bot] [Fri, 17 Dec 2021 23:00:40 +0000 (23:00 +0000)]
Bump eslint from 8.4.1 to 8.5.0
Bumps [eslint](https://github.com/eslint/eslint) from 8.4.1 to 8.5.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v8.4.1...v8.5.0)
---
updated-dependencies:
- dependency-name: eslint
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Tom Hughes [Thu, 16 Dec 2021 18:33:53 +0000 (18:33 +0000)]
Update to rails 6.1.4.4
translatewiki.net [Thu, 16 Dec 2021 12:11:53 +0000 (13:11 +0100)]
Localisation updates from https://translatewiki.net.
Tom Hughes [Wed, 15 Dec 2021 18:28:18 +0000 (18:28 +0000)]
Merge remote-tracking branch 'upstream/pull/3397'
Tom Hughes [Wed, 15 Dec 2021 18:21:38 +0000 (18:21 +0000)]
Merge remote-tracking branch 'upstream/pull/3394'
Tom Hughes [Wed, 15 Dec 2021 18:13:00 +0000 (18:13 +0000)]
Update to rails 6.1.4.3
Tom Hughes [Tue, 14 Dec 2021 22:16:49 +0000 (22:16 +0000)]
Update to rails 6.1.4.2
Tom Hughes [Tue, 14 Dec 2021 22:13:25 +0000 (22:13 +0000)]
Update bundle
translatewiki.net [Mon, 13 Dec 2021 12:11:28 +0000 (13:11 +0100)]
Localisation updates from https://translatewiki.net.
translatewiki.net [Thu, 9 Dec 2021 12:11:53 +0000 (13:11 +0100)]
Localisation updates from https://translatewiki.net.
Andy Allan [Thu, 2 Dec 2021 11:51:04 +0000 (11:51 +0000)]
Refactor the account edit/update pages out into a separate accounts controller
dependabot[bot] [Wed, 8 Dec 2021 00:33:29 +0000 (00:33 +0000)]
Bump eslint from 8.4.0 to 8.4.1
Bumps [eslint](https://github.com/eslint/eslint) from 8.4.0 to 8.4.1.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v8.4.0...v8.4.1)
---
updated-dependencies:
- dependency-name: eslint
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Tom Hughes [Tue, 7 Dec 2021 18:16:37 +0000 (18:16 +0000)]
Update bundle
Tom Hughes [Tue, 7 Dec 2021 00:03:34 +0000 (00:03 +0000)]
Merge remote-tracking branch 'upstream/pull/3393'
Tom Hughes [Tue, 7 Dec 2021 00:03:30 +0000 (00:03 +0000)]
Merge remote-tracking branch 'upstream/pull/3392'
Tom Hughes [Tue, 7 Dec 2021 00:03:28 +0000 (00:03 +0000)]
Merge remote-tracking branch 'upstream/pull/3391'
dependabot[bot] [Mon, 6 Dec 2021 23:01:02 +0000 (23:01 +0000)]
Bump qs from 6.10.1 to 6.10.2
Bumps [qs](https://github.com/ljharb/qs) from 6.10.1 to 6.10.2.
- [Release notes](https://github.com/ljharb/qs/releases)
- [Changelog](https://github.com/ljharb/qs/blob/master/CHANGELOG.md)
- [Commits](https://github.com/ljharb/qs/compare/v6.10.1...v6.10.2)
---
updated-dependencies:
- dependency-name: qs
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
dependabot[bot] [Mon, 6 Dec 2021 23:00:53 +0000 (23:00 +0000)]
Bump eslint from 8.3.0 to 8.4.0
Bumps [eslint](https://github.com/eslint/eslint) from 8.3.0 to 8.4.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v8.3.0...v8.4.0)
---
updated-dependencies:
- dependency-name: eslint
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
translatewiki.net [Mon, 6 Dec 2021 12:10:46 +0000 (13:10 +0100)]
Localisation updates from https://translatewiki.net.
Morten Bruhn [Mon, 6 Dec 2021 00:08:56 +0000 (01:08 +0100)]
Added `highway=turning_circle`
translatewiki.net [Thu, 2 Dec 2021 12:11:11 +0000 (13:11 +0100)]
Localisation updates from https://translatewiki.net.
Tom Hughes [Wed, 1 Dec 2021 18:22:11 +0000 (18:22 +0000)]
Merge remote-tracking branch 'upstream/pull/3388'
Andy Allan [Wed, 1 Dec 2021 13:25:04 +0000 (13:25 +0000)]
Revert to the last es5-compatible version of locatecontrol
Refs #3387
Andy Allan [Wed, 1 Dec 2021 10:07:49 +0000 (10:07 +0000)]
Merge pull request #3384 from HolgerJeromin/patch-1
bug issue template: removed browsers
Tom Hughes [Tue, 30 Nov 2021 18:39:14 +0000 (18:39 +0000)]
Update bundle
Tom Hughes [Mon, 29 Nov 2021 18:47:43 +0000 (18:47 +0000)]
Merge remote-tracking branch 'upstream/pull/3385'
translatewiki.net [Mon, 29 Nov 2021 12:09:28 +0000 (13:09 +0100)]
Localisation updates from https://translatewiki.net.
dependabot[bot] [Fri, 26 Nov 2021 23:00:56 +0000 (23:00 +0000)]
Bump leaflet.locatecontrol from 0.74.1 to 0.76.0
Bumps [leaflet.locatecontrol](https://github.com/domoritz/leaflet-locatecontrol) from 0.74.1 to 0.76.0.
- [Release notes](https://github.com/domoritz/leaflet-locatecontrol/releases)
- [Changelog](https://github.com/domoritz/leaflet-locatecontrol/blob/gh-pages/CHANGELOG.md)
- [Commits](https://github.com/domoritz/leaflet-locatecontrol/compare/v0.74.1...v0.76.0)
---
updated-dependencies:
- dependency-name: leaflet.locatecontrol
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Holger Jeromin [Fri, 26 Nov 2021 14:17:47 +0000 (15:17 +0100)]
remove browser list
Holger Jeromin [Fri, 26 Nov 2021 12:16:06 +0000 (13:16 +0100)]
bug issue template: resorting browsers
Tom Hughes [Thu, 25 Nov 2021 17:26:30 +0000 (17:26 +0000)]
Merge remote-tracking branch 'upstream/pull/3379'
Tom Hughes [Thu, 25 Nov 2021 17:19:26 +0000 (17:19 +0000)]
Merge remote-tracking branch 'upstream/pull/3382'
Tom Hughes [Thu, 25 Nov 2021 17:18:02 +0000 (17:18 +0000)]
Merge remote-tracking branch 'upstream/pull/3381'
Tom Hughes [Thu, 25 Nov 2021 17:15:54 +0000 (17:15 +0000)]
Merge remote-tracking branch 'upstream/pull/3380'
Tom Hughes [Thu, 25 Nov 2021 17:15:10 +0000 (17:15 +0000)]
Merge remote-tracking branch 'upstream/pull/3378'
Tom Hughes [Thu, 25 Nov 2021 17:12:26 +0000 (17:12 +0000)]
Merge remote-tracking branch 'upstream/pull/3377'
Tom Hughes [Thu, 25 Nov 2021 17:11:02 +0000 (17:11 +0000)]
Merge remote-tracking branch 'upstream/pull/3376'
translatewiki.net [Thu, 25 Nov 2021 12:12:20 +0000 (13:12 +0100)]
Localisation updates from https://translatewiki.net.
Andy Allan [Wed, 24 Nov 2021 15:23:27 +0000 (15:23 +0000)]
Drop the trace_use_job_queue option
This has been set as true by default, and in production, for many
years. I don't think there's much use in keeping the setting around
any longer.
Andy Allan [Wed, 24 Nov 2021 14:59:27 +0000 (14:59 +0000)]
Remove emergency=yes fallback description
This leads to confusion on features otherwise tagged (e.g. roads)
while not being necessary for nominatim results.
Fixes #3170
Andy Allan [Wed, 24 Nov 2021 14:26:16 +0000 (14:26 +0000)]
Prevent flash messages from expanding offscreen
Because we are using an edge-to-edge layout for the flash messages,
the negative margins on the row were expanding the element offscreen.
Bootstrap provides a "no-gutter" class for removing these margins,
but that also drops the spacing between columns which we want to preserve.
So instead we use a margin override on the row only.
Additionally, drop some padding css in favour of a utility class
Fixes #3351
Bug was introduced in
3dd639c8d02677b773935aa982ba0c9f3cc209e5
Andy Allan [Wed, 24 Nov 2021 13:41:37 +0000 (13:41 +0000)]
Add some issue templates and links to other repositories
This should help new users find the right place to go with their issue,
while also letting people use the blank template if they prefer.
The templates are heavily inspired by similar templates in the iD repo.
Fixes #3358
Andy Allan [Wed, 17 Nov 2021 18:23:38 +0000 (18:23 +0000)]
Use flex grid to position changeset discussion subscribe button
This avoids needing any floats. Also remove buttons class from two
locations, since there is a min-width on that class and it affects
the button styling negatively for standalone buttons
Andy Allan [Wed, 17 Nov 2021 18:10:11 +0000 (18:10 +0000)]
Remove some unused thumbnail rules
These are all done with flex grids now, so no need to float the image anywhere
Andy Allan [Wed, 17 Nov 2021 18:07:24 +0000 (18:07 +0000)]
Simplify margins when showing diary entries
Andy Allan [Wed, 17 Nov 2021 17:55:35 +0000 (17:55 +0000)]
Remove unused browse-field style rules
Andy Allan [Wed, 17 Nov 2021 17:39:42 +0000 (17:39 +0000)]
Pass classes to override the default thumbnail_tiny style, rather than having another selector overriding
Andy Allan [Wed, 17 Nov 2021 17:33:14 +0000 (17:33 +0000)]
Replace CSS-driven borders with bootstrap borders
This makes future refactoring easier, since the elements will
retain their borders even if the hierarchy changes.
Also round some maps and the legale section since I think those now
look nicer.
Andy Allan [Wed, 17 Nov 2021 16:36:58 +0000 (16:36 +0000)]
Remove border-radius parameter
This overrides the same variable from bootstrap. Since bootstrap
also comes with -sm and -lg variants defined by rem, our px-based
override doesn't sit nicely with those.
Andy Allan [Wed, 17 Nov 2021 15:52:59 +0000 (15:52 +0000)]
Use flex grid instead of floating to position changeset element paging nav
This works much better when either the heading or the paging is long.
The heading was moved into the partial to avoid repetitive grid definitions
Andy Allan [Wed, 17 Nov 2021 11:51:41 +0000 (11:51 +0000)]
Remove the custom flash styling for sidebar flashes
The flash partial is now based on flexbox, so these positioning classes
are no longer required
Andy Allan [Wed, 17 Nov 2021 11:49:52 +0000 (11:49 +0000)]
Remove the floating from the sidebar close buttons
These are mostly positioned with flexbox, and those that aren't
are covered by the similar close-wrap selector elsewhere in this file
Andy Allan [Wed, 24 Nov 2021 10:51:58 +0000 (10:51 +0000)]
Add a user link to the heading of the diary comments page
Fixes #3369
This makes the heading match the layout of the user's Notes page,
which also has a short heading and a subheading with a link.
Additionally, add a page title, again for consistency
dependabot[bot] [Tue, 23 Nov 2021 23:05:29 +0000 (23:05 +0000)]
Bump actions/cache from 2.1.6 to 2.1.7
Bumps [actions/cache](https://github.com/actions/cache) from 2.1.6 to 2.1.7.
- [Release notes](https://github.com/actions/cache/releases)
- [Commits](https://github.com/actions/cache/compare/v2.1.6...v2.1.7)
---
updated-dependencies:
- dependency-name: actions/cache
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Tom Hughes [Tue, 23 Nov 2021 17:19:55 +0000 (17:19 +0000)]
Validate any origin passed the auth failure callback
Fixes #3375
Tom Hughes [Tue, 23 Nov 2021 17:12:19 +0000 (17:12 +0000)]
Improve fallback behaviour for unsafe referer redirects
Tom Hughes [Tue, 23 Nov 2021 17:01:06 +0000 (17:01 +0000)]
Handle authentication failure callbacks with no message
Tom Hughes [Tue, 23 Nov 2021 16:55:06 +0000 (16:55 +0000)]
Handle exceptions rendering flash messages
Tom Hughes [Tue, 23 Nov 2021 11:27:02 +0000 (11:27 +0000)]
Make safe_referer handle invalid URIs
Tom Hughes [Tue, 23 Nov 2021 00:09:19 +0000 (00:09 +0000)]
Merge remote-tracking branch 'upstream/pull/3373'
dependabot[bot] [Mon, 22 Nov 2021 23:00:38 +0000 (23:00 +0000)]
Bump eslint from 8.2.0 to 8.3.0
Bumps [eslint](https://github.com/eslint/eslint) from 8.2.0 to 8.3.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v8.2.0...v8.3.0)
---
updated-dependencies:
- dependency-name: eslint
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Tom Hughes [Mon, 22 Nov 2021 21:36:17 +0000 (21:36 +0000)]
Disable oxipng in image_optim config
Tom Hughes [Mon, 22 Nov 2021 20:52:16 +0000 (20:52 +0000)]
Update bundle
translatewiki.net [Mon, 22 Nov 2021 12:36:51 +0000 (13:36 +0100)]
Localisation updates from https://translatewiki.net.
Tom Hughes [Fri, 19 Nov 2021 18:10:50 +0000 (18:10 +0000)]
Drop unused browser feature predicates
Tom Hughes [Fri, 19 Nov 2021 18:09:49 +0000 (18:09 +0000)]
Drop es5 polyfill
Tom Hughes [Thu, 18 Nov 2021 17:20:07 +0000 (17:20 +0000)]
Drop use of html5shiv
Fixes #3367
translatewiki.net [Thu, 18 Nov 2021 12:14:19 +0000 (13:14 +0100)]
Localisation updates from https://translatewiki.net.
Tom Hughes [Tue, 16 Nov 2021 19:08:26 +0000 (19:08 +0000)]
Fix boot warnings for autoloaded constants in initializers
Tom Hughes [Tue, 16 Nov 2021 12:44:52 +0000 (12:44 +0000)]
Send plain errors for non HTML resources
Without this we throw a second error when we can't find a view
of the correct format and issue a 500 response.
Tom Hughes [Tue, 16 Nov 2021 08:30:04 +0000 (08:30 +0000)]
Fix new rubocop warnings
Tom Hughes [Tue, 16 Nov 2021 08:25:09 +0000 (08:25 +0000)]
Update bundle
Tom Hughes [Tue, 16 Nov 2021 08:21:17 +0000 (08:21 +0000)]
Merge remote-tracking branch 'upstream/pull/3353'
translatewiki.net [Mon, 15 Nov 2021 12:11:44 +0000 (13:11 +0100)]
Localisation updates from https://translatewiki.net.