diff --git a/app/controllers/application.rb b/app/controllers/application.rb
index c328ef58..236c0df6 100644
--- a/app/controllers/application.rb
+++ b/app/controllers/application.rb
@@ -206,7 +206,7 @@ end
module Mime
# Fix HTML
#HTML = Type.new "text/html", :html, %w( application/xhtml+xml )
- HTML = Type.new "text/html", :html
+ self.class.const_set("HTML", Type.new("text/html", :html) )
# Add XHTML
XHTML = Type.new "application/xhtml+xml", :xhtml
diff --git a/app/helpers/wiki_helper.rb b/app/helpers/wiki_helper.rb
index 000acc05..07d614a8 100644
--- a/app/helpers/wiki_helper.rb
+++ b/app/helpers/wiki_helper.rb
@@ -24,23 +24,23 @@ module WikiHelper
def edit_page
link_text = (@page.name == "HomePage" ? 'Edit Page' : 'Edit')
link_to(link_text, {:web => @web.address, :action => 'edit', :id => @page.name},
- {:class => 'navlink', :accesskey => 'E', :id => 'edit'})
+ {:class => 'navlink', :accesskey => 'E', :id => 'edit', :rel => 'nofollow'})
end
def edit_web
link_to('Edit Web', {:web => @web.address, :action => 'edit_web'},
- {:class => 'navlink', :accesskey => 'W', :id => 'edit_web'})
+ {:class => 'navlink', :accesskey => 'W', :id => 'edit_web', :rel => 'nofollow'})
end
def forward
if @revision_number < @page.revisions.length - 1
link_to('Forward in time',
{:web => @web.address, :action => 'revision', :id => @page.name, :rev => @revision_number + 1},
- {:class => 'navlink', :accesskey => 'F', :id => 'to_next_revision'}) +
+ {:class => 'navlink', :accesskey => 'F', :id => 'to_next_revision', :rel => 'nofollow'}) +
" (#{@revision.page.revisions.length - @revision_number} more) "
else
link_to('Forward in time', {:web => @web.address, :action => 'show', :id => @page.name},
- {:class => 'navlink', :accesskey => 'F', :id => 'to_next_revision'}) +
+ {:class => 'navlink', :accesskey => 'F', :id => 'to_next_revision', :rel => 'nofollow'}) +
" (to current)"
end
end
@@ -48,7 +48,7 @@ module WikiHelper
def back_for_revision
link_to('Back in time',
{:web => @web.address, :action => 'revision', :id => @page.name, :rev => @revision_number - 1},
- {:class => 'navlink', :id => 'to_previous_revision'}) +
+ {:class => 'navlink', :id => 'to_previous_revision', :rel => 'nofollow'}) +
" (#{@revision_number - 1} more)"
end
@@ -56,7 +56,7 @@ module WikiHelper
link_to('Back in time',
{:web => @web.address, :action => 'revision', :id => @page.name,
:rev => @page.revisions.length - 1},
- {:class => 'navlink', :accesskey => 'B', :id => 'to_previous_revision'}) +
+ {:class => 'navlink', :accesskey => 'B', :id => 'to_previous_revision', :rel => 'nofollow'}) +
" (#{@page.revisions.length - 1} #{@page.revisions.length - 1 == 1 ? 'revision' : 'revisions'})"
end
@@ -69,19 +69,19 @@ module WikiHelper
link_to(@show_diff ? 'Hide changes' : 'See changes',
{:web => @web.address, :action => 'revision', :id => @page.name, :rev => @revision_number,
:mode => (@show_diff ? nil : 'diff') },
- {:class => 'navlink', :accesskey => 'C', :id => 'see_changes'})
+ {:class => 'navlink', :accesskey => 'C', :id => 'see_changes', :rel => 'nofollow'})
end
def see_or_hide_changes_for_page
link_to(@show_diff ? 'Hide changes' : 'See changes',
{:web => @web.address, :action => 'show', :id => @page.name, :mode => (@show_diff ? nil : 'diff') },
- {:class => 'navlink', :accesskey => 'C', :id => 'see_changes'})
+ {:class => 'navlink', :accesskey => 'C', :id => 'see_changes', :rel => 'nofollow'})
end
def rollback
link_to('Rollback',
{:web => @web.address, :action => 'rollback', :id => @page.name, :rev => @revision_number},
- {:class => 'navlink', :id => 'rollback'})
+ {:class => 'navlink', :id => 'rollback', :rel => 'nofollow'})
end
diff --git a/app/views/wiki/page.rhtml b/app/views/wiki/page.rhtml
index 277c1cae..86155e8e 100644
--- a/app/views/wiki/page.rhtml
+++ b/app/views/wiki/page.rhtml
@@ -34,11 +34,11 @@
| Views:
<%= link_to('Print',
{ :web => @web.address, :action => 'print', :id => @page.name },
- { :accesskey => 'p', :id => 'view_print' }) %>
+ { :accesskey => 'p', :id => 'view_print', :rel => 'nofollow' }) %>
<% if @web.markup == :markdownMML or @web.markup == :markdown %>
|
<%= link_to 'TeX', {:web => @web.address, :action => 'tex', :id => @page.name},
- {:id => 'view_tex'} %>
+ {:id => 'view_tex', :rel => 'nofollow' } %>
<% if WikiReference.pages_in_category(@web, 'S5-slideshow').map.include?(@page.name) %>
|
<%= link_to 'S5', {:web => @web.address, :action => 's5', :id => @page.name},
diff --git a/test/unit/chunks/category_test.rb b/test/unit/chunks/category_test.rb
index 6bc7627f..86c1ca51 100755
--- a/test/unit/chunks/category_test.rb
+++ b/test/unit/chunks/category_test.rb
@@ -19,4 +19,11 @@ class CategoryTest < Test::Unit::TestCase
)
end
+ def test_multiple_categories_sanitized
+ match(Category, 'category: test, multiple,a & b ', :list => ['test', 'multiple', '<span>a & b</span> <script>alert("XSS!");</script>'], :hidden => nil)
+ match(Category, 'category : chunk test , multi category,a & b ',
+ :list => ['chunk test','multi category','<span>a & b</span> <script>alert("XSS!");</script>'], :hidden => nil
+ )
+ end
+
end
diff --git a/test/unit/chunks/nowiki_test.rb b/test/unit/chunks/nowiki_test.rb
index 8af5a645..c1010922 100755
--- a/test/unit/chunks/nowiki_test.rb
+++ b/test/unit/chunks/nowiki_test.rb
@@ -12,4 +12,10 @@ class NoWikiTest < Test::Unit::TestCase
)
end
+ def test_sanitized_nowiki
+ match(NoWiki, 'This sentence contains a & b . Do not touch!',
+ :plain_text => 'a & b <script>alert("XSS!");</script>'
+ )
+ end
+
end
diff --git a/vendor/plugins/manage_fixtures/CHANGELOG b/vendor/plugins/manage_fixtures/CHANGELOG
new file mode 100644
index 00000000..6f4d2881
--- /dev/null
+++ b/vendor/plugins/manage_fixtures/CHANGELOG
@@ -0,0 +1,15 @@
+-----
+2.1.0
+- Added table import functionality
+ - Changed default db:fixtures:import_all to use tables instead of models
+ - db:fixtures:import_for_tables TABLES=foos,bars
+
+2.0.0
+- Added two new export tasks
+ - db:fixtures:import_all
+ - db:fixtures:import_for_models MODELS=Foo,Bar
+
+1.0.0
+
+- imported original code by Chris McGrath [octopod]
+- added namespace support for the tasks [nshb]
diff --git a/vendor/plugins/manage_fixtures/MIT-LICENSE b/vendor/plugins/manage_fixtures/MIT-LICENSE
new file mode 100644
index 00000000..24691313
--- /dev/null
+++ b/vendor/plugins/manage_fixtures/MIT-LICENSE
@@ -0,0 +1,21 @@
+Copyright (c) 2006 Chris McGrath
+
+The MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
\ No newline at end of file
diff --git a/vendor/plugins/manage_fixtures/README b/vendor/plugins/manage_fixtures/README
new file mode 100644
index 00000000..7f0068e7
--- /dev/null
+++ b/vendor/plugins/manage_fixtures/README
@@ -0,0 +1,68 @@
+= Description
+
+This plugin is a super lightweight tool used to manage all your fixtures, whether it is exporting or importing them.
+
+So if you want to export all your data from your production server into your development environment, this will simplify the process without having to load up your database manager.
+
+Similarly, if you want to import a selected set of Models, you can do that using the appropriate tasks.
+
+= INSTALLATION
+
+ [%] script/plugin discover
+ [%] script/plugin install manage_fixtures
+
+= USAGE
+
+Create YAML test fixtures from data in an existing database. Defaults to development database. Set RAILS_ENV to override.
+ [%] rake db:fixtures:export_all
+
+Create YAML test fixtures for a specific table(s) from data in an existing database. Defaults to development database. Set RAILS_ENV to override.
+ [%] rake db:fixtures:export_for_tables TABLES=foos[,bars]
+
+Create YAML text fixtures based on a specific SQL query
+ [%] rake db:fixtures:export_using_query SQL="select * from foo where id='bar'" FIXTURE_NAME=foo
+
+Import the YAML test fixtures for specific models from data in an existing database. Defaults to development database. Set RAILS_ENV to override.
+ [%] rake db:fixtures:import_for_models MODELS=Foo[,Bar,Land]
+
+Import all YAML test fixtures for all of the tables from data in an existing database. Defaults to development database. Set RAILS_ENV to override.
+ [%] rake db:fixtures:import_all
+
+Import all YAML test fixtures for all of the tables from data in an existing database. Defaults to development database. Set RAILS_ENV to override.
+ [%] rake db:fixtures:import_for_tables TABLES=foos[,bars,land]
+
+= AUTHORS
+
+Nathaniel Brown - nshb@inimit.com
+Chris McGrath
+
+= BUGS
+
+Please report any bugs or feature enhancements to http://dev.toolbocks.com
+
+= LICENSE
+
+Copyright (c) 2006 Nathaniel Brown
+Copyright (c) 2006 Chris McGrath
+
+This is the MIT license, the license Ruby on Rails itself is licensed
+under.
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to permit
+persons to whom the Software is furnished to do so, subject to the
+following conditions:
+
+The above copyright notice and this permission notice shall be included
+in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE
+OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/vendor/plugins/manage_fixtures/index.html b/vendor/plugins/manage_fixtures/index.html
new file mode 100644
index 00000000..fe03bde2
--- /dev/null
+++ b/vendor/plugins/manage_fixtures/index.html
@@ -0,0 +1,13 @@
+Revision 427: /plugins/manage_fixtures
+
+ Revision 427: /plugins/manage_fixtures
+
+
Powered by Subversion version 1.4.4 (r25188).
+
\ No newline at end of file
diff --git a/vendor/plugins/manage_fixtures/lib/index.html b/vendor/plugins/manage_fixtures/lib/index.html
new file mode 100644
index 00000000..6f0bdecf
--- /dev/null
+++ b/vendor/plugins/manage_fixtures/lib/index.html
@@ -0,0 +1,9 @@
+Revision 427: /plugins/manage_fixtures/lib
+
+ Revision 427: /plugins/manage_fixtures/lib
+
+
Powered by Subversion version 1.4.4 (r25188).
+
\ No newline at end of file
diff --git a/vendor/plugins/manage_fixtures/lib/manage_fixtures.rb b/vendor/plugins/manage_fixtures/lib/manage_fixtures.rb
new file mode 100644
index 00000000..b3340c56
--- /dev/null
+++ b/vendor/plugins/manage_fixtures/lib/manage_fixtures.rb
@@ -0,0 +1,76 @@
+def write_yaml_fixtures_to_file(sql, fixture_name)
+ i = "000"
+ File.open("#{RAILS_ROOT}/dump/fixtures/#{fixture_name}.yml", 'w' ) do |file|
+ data = ActiveRecord::Base.connection.select_all(sql)
+ file.write data.inject({}) { |hash, record|
+ hash["#{fixture_name}_#{i.succ!}"] = record
+ hash
+ }.to_yaml
+ end
+end
+
+def import_table_fixture(table)
+ filename = File.join(RAILS_ROOT,'dump','fixtures',table + '.yml')
+ success = Hash.new
+ records = YAML::load( File.open(filename))
+
+ records.sort.each do |r|
+ row = r[1]
+ columns = []
+ values = []
+
+ row.each_pair do |column, value|
+ if column.to_sym
+ columns << ActiveRecord::Base.connection.quote_column_name(column)
+ values << ActiveRecord::Base.connection.quote(value)
+ else
+ p "Column not found" + column.to_s
+ end
+ end
+
+ insert_sql = "INSERT INTO #{table} (" + columns.join(', ') + ") VALUES (" + values.join(', ') + ")"
+
+ begin
+ if ActiveRecord::Base.connection.execute(insert_sql)
+ success[table.to_sym] = (success[table.to_sym] ? success[table.to_sym] + 1 : 1)
+ end
+ rescue
+ p "#{table} failed to import: " + insert_sql
+ end
+ end
+
+ p "Total of #{success[table.to_sym]} #{table} records imported successfully"
+end
+
+def import_model_fixture(model)
+ filename = File.join(RAILS_ROOT,'dump','fixtures',model.tableize + '.yml')
+ success = Hash.new
+ records = YAML::load( File.open(filename))
+ @model = Class.const_get(model)
+ @model.transaction do
+ records.sort.each do |r|
+ row = r[1]
+ @new_model = @model.new
+
+ row.each_pair do |column, value|
+ if column.to_sym
+ @new_model.send(column + '=', value)
+ else
+ p "Column not found" + column.to_s
+ end
+ end
+
+
+ begin
+ if @new_model.save
+ success[model.to_sym] = (success[model.to_sym] ? success[model.to_sym] + 1 : 1)
+ end
+ rescue
+ p "#{@new_model.class.to_s} failed to import: " + r.inspect
+ p @new_model.errors.inspect
+ end
+ end
+
+ p "Total of #{success[model.to_sym]} #{@new_model.class.to_s} records imported successfully"
+ end
+end
diff --git a/vendor/plugins/manage_fixtures/tasks/fixtures.rake b/vendor/plugins/manage_fixtures/tasks/fixtures.rake
new file mode 100644
index 00000000..6a6438fd
--- /dev/null
+++ b/vendor/plugins/manage_fixtures/tasks/fixtures.rake
@@ -0,0 +1,83 @@
+require File.join(File.dirname(__FILE__), '..', 'lib', 'manage_fixtures.rb')
+
+desc "use rake db:fixtures:export_using_query SQL=\"select * from foo where id='bar'\" FIXTURE_NAME=foo"
+namespace :db do
+ namespace :fixtures do
+ task :export_using_query => :environment do
+ write_yaml_fixtures_to_file(ENV['SQL'], ENV['FIXTURE_NAME'])
+ end
+ end
+end
+
+desc 'use rake db:fixtures:export_for_tables TABLES=foos[,bars,lands] Create YAML test fixtures for a specific table(s) from data in an existing database. Defaults to development database. Set RAILS_ENV to override. '
+namespace :db do
+ namespace :fixtures do
+ task :export_for_tables => :environment do
+ sql = "SELECT * FROM %s"
+ tables = ENV['TABLES']
+ ActiveRecord::Base.establish_connection
+ tables.each do |table_name|
+ write_yaml_fixtures_to_file(sql % table_name, table_name)
+ end
+ end
+ end
+end
+
+
+desc ' Create YAML test fixtures from data in an existing database. Defaults to development database. Set RAILS_ENV to override. '
+namespace :db do
+ namespace :fixtures do
+ task :export_all => :environment do
+ sql = "SELECT * FROM %s"
+ skip_tables = ["schema_info"]
+ ActiveRecord::Base.establish_connection
+ (ActiveRecord::Base.connection.tables - skip_tables).each do |table_name|
+ i = "000"
+ File.open("#{RAILS_ROOT}/test/fixtures/#{table_name}.yml", 'w' ) do |file|
+ write_yaml_fixtures_to_file(sql % table_name, table_name)
+ end
+ end
+ end
+ end
+end
+
+desc 'use rake db:fixtures:import_for_models MODELS=Foo[,Bar,Land] to import the YAML test fixtures for a specific models from data in an existing database. Defaults to development database. Set RAILS_ENV to override. '
+namespace :db do
+ namespace :fixtures do
+ task :import_for_models => :environment do
+ models = ENV['MODELS']
+ ActiveRecord::Base.establish_connection
+ models.each do |model_name|
+ import_model_fixture(model_name)
+ end
+ end
+ end
+end
+
+
+desc 'use rake db:fixtures:import_for_tables TABLES=foos[,bars,lands] to import the YAML test fixtures for a specific tables from data in an existing database. Defaults to development database. Set RAILS_ENV to override. '
+namespace :db do
+ namespace :fixtures do
+ task :import_for_tables => :environment do
+ tables = ENV['TABLES']
+ ActiveRecord::Base.establish_connection
+ tables.each do |table_name|
+ import_table_fixture(table_name)
+ end
+ end
+ end
+end
+
+desc 'use rake db:fixtures:import_all to import all YAML test fixtures for all of the tables from data in an existing database. Defaults to development database. Set RAILS_ENV to override. '
+namespace :db do
+ namespace :fixtures do
+ task :import_all => :environment do
+ ActiveRecord::Base.establish_connection
+ Dir.glob(File.join(RAILS_ROOT,'test','fixtures',"*.yml")).each do |f|
+ table_name = f.gsub(File.join(RAILS_ROOT,'test','fixtures', ''), '').gsub('.yml', '')
+ import_table_fixture(table_name)
+ end
+ end
+ end
+end
+
diff --git a/vendor/plugins/manage_fixtures/tasks/index.html b/vendor/plugins/manage_fixtures/tasks/index.html
new file mode 100644
index 00000000..ad4524c2
--- /dev/null
+++ b/vendor/plugins/manage_fixtures/tasks/index.html
@@ -0,0 +1,9 @@
+Revision 427: /plugins/manage_fixtures/tasks
+
+ Revision 427: /plugins/manage_fixtures/tasks
+
+
Powered by Subversion version 1.4.4 (r25188).
+
\ No newline at end of file
diff --git a/vendor/rails/actionpack/lib/action_controller/base.rb b/vendor/rails/actionpack/lib/action_controller/base.rb
index 4c6ecd73..3c21c868 100755
--- a/vendor/rails/actionpack/lib/action_controller/base.rb
+++ b/vendor/rails/actionpack/lib/action_controller/base.rb
@@ -829,14 +829,6 @@ module ActionController #:nodoc:
else
response.body = text
end
- if response.headers['Status'] == "200 OK" && response.body.size > 0
- response.headers['Etag'] = "\"#{MD5.new(text).to_s}\""
-
- if request.headers['HTTP_IF_NONE_MATCH'] == response.headers['Etag']
- response.headers['Status'] = "304 Not Modified"
- response.body = ''
- end
- end
response.body
end
diff --git a/vendor/rails/railties/lib/webrick_server.rb b/vendor/rails/railties/lib/webrick_server.rb
index 5bd0b4e6..a04b664c 100644
--- a/vendor/rails/railties/lib/webrick_server.rb
+++ b/vendor/rails/railties/lib/webrick_server.rb
@@ -59,6 +59,7 @@ class DispatchServlet < WEBrick::HTTPServlet::AbstractServlet
server.mount('/', DispatchServlet, options)
trap("INT") { server.shutdown }
+ trap("TERM") { server.shutdown }
server.start
end