From 0ca4dbf1467ed8d7f75e7d08d80452470aa8c47e Mon Sep 17 00:00:00 2001 From: Andrew Shu Date: Sat, 3 Dec 2022 16:18:55 -0800 Subject: [PATCH 01/20] fix tags selection dropdown on suggest page (#1135) --- app/views/stories/suggest.html.erb | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/app/views/stories/suggest.html.erb b/app/views/stories/suggest.html.erb index 33077582..7c192747 100644 --- a/app/views/stories/suggest.html.erb +++ b/app/views/stories/suggest.html.erb @@ -1,16 +1,18 @@
- <%= form_with model: @story, url: story_suggest_path(@story.short_id), method: :post, html: { id: 'edit_story' } do |f| %> - <%= render :partial => "stories/form", :locals => { :story => @story, - :f => f, :suggesting => true } %> +
+ <%= form_with model: @story, url: story_suggest_path(@story.short_id), method: :post, html: { id: 'edit_story' } do |f| %> + <%= render :partial => "stories/form", :locals => { :story => @story, + :f => f, :suggesting => true } %> -

+

-
-
- <%= f.submit "Suggest Changes" %> -  or cancel +
+
+ <%= f.submit "Suggest Changes" %> +  or cancel +
-
- <% end %> + <% end %> +
From fccb22679e77e8fb414d8c923951568ab8feeef7 Mon Sep 17 00:00:00 2001 From: Pipecraft Date: Sun, 4 Dec 2022 08:58:23 +0800 Subject: [PATCH 02/20] Fix subnav of Upvoted Comments (#1143) --- app/controllers/comments_controller.rb | 2 +- app/views/comments/index.html.erb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/app/controllers/comments_controller.rb b/app/controllers/comments_controller.rb index f37ef954..d63ca85a 100644 --- a/app/controllers/comments_controller.rb +++ b/app/controllers/comments_controller.rb @@ -286,7 +286,7 @@ class CommentsController < ApplicationController } @title = "Upvoted Comments" - @saved_subnav = true + @above = 'saved/subnav' @page = params[:page].to_i if @page == 0 diff --git a/app/views/comments/index.html.erb b/app/views/comments/index.html.erb index fdc39798..e1e7414b 100644 --- a/app/views/comments/index.html.erb +++ b/app/views/comments/index.html.erb @@ -1,4 +1,4 @@ -<% render partial: 'upvoted/subnav' if @upvoted %> +<%= render partial: @above if @above %>
    <% @comments.each do |comment| %> From 9ec9610a57d80321cf0898e1cc2275116fcf19cb Mon Sep 17 00:00:00 2001 From: Peter Bhat Harkins Date: Fri, 3 Feb 2023 09:03:26 -0600 Subject: [PATCH 03/20] don't nest forms on settings page Fixes #1142 and fixes #1144 by moving the external account forms out of the settings form, which also makes a bit more logical sense reading the form. Closes #1148, which approached this with js. --- app/views/settings/index.html.erb | 157 +++++++++++++++--------------- 1 file changed, 80 insertions(+), 77 deletions(-) diff --git a/app/views/settings/index.html.erb b/app/views/settings/index.html.erb index a8574b33..59cfd656 100644 --- a/app/views/settings/index.html.erb +++ b/app/views/settings/index.html.erb @@ -68,81 +68,6 @@
    -

    External Accounts

    - -
    - <%= f.label :gravatar, - raw("Gravatar:"), - :class => "required" %> - - Your avatar will be cached from the Gravatar icon for your e-mail address above. - <%= link_post "Expire cache", "/avatars/expire" %> - -
    - - <% if Pushover.enabled? %> -
    - <%= f.label :pushover_user_key, - raw("Pushover:"), - :class => "required" %> - - <%= link_post((@edit_user.pushover_user_key.present? ? - "Manage Pushover Subscription" : "Subscribe With Pushover"), - "/settings/pushover_auth", class_name: "pushover_button") %> - - For optional comment and message notifications below - - -
    - <% end %> - - <% if Github.enabled? %> -
    - - <%= f.label :github_username, - raw("GitHub:"), - :class => "required" %> - <% if @edit_user.github_username.present? %> - Linked to - <%= h(@edit_user.github_username) %> - <%= link_post "Disconnect", "/settings/github_disconnect" %> - <% else %> - Connect - <% end %> - -
    - <% end %> - - <% if Twitter.enabled? %> -
    - <%= f.label :twitter_username, - raw("Twitter:"), - :class => "required" %> - - <% if @edit_user.twitter_username.present? %> - Linked to - @<%= h(@edit_user.twitter_username) %> - <%= link_post "Disconnect", "/settings/twitter_disconnect" %> - <% else %> - Connect - <% end %> - -
    - <% end %> - - <% if Keybase.enabled? %> -
    - <%= f.label :kb_username, raw("Keybase:"), :class => "required" %> - - <%= render :partial => "keybase_proofs/proofs", locals: {user: @edit_user, for_self: true} %> - -
    - <% end %> - -
    -

    Security Settings

    @@ -275,7 +200,85 @@

    - <%= f.submit "Save All Settings" %> +
    + + <%= f.submit "Save Account Settings" %> + <% end %> + +
    +
    + +

    External Accounts

    + +
    + <%= label_tag :gravatar, + raw("Gravatar:"), + :class => "required" %> + + Your avatar will be cached from the Gravatar icon for your e-mail address above. + <%= link_post "Expire cache", "/avatars/expire" %> + +
    + + <% if Pushover.enabled? %> +
    + <%= label_tag :pushover_user_key, + raw("Pushover:"), + :class => "required" %> + + <%= link_post((@edit_user.pushover_user_key.present? ? + "Manage Pushover Subscription" : "Subscribe With Pushover"), + "/settings/pushover_auth", class_name: "pushover_button") %> + + For optional comment and message notifications below + + +
    + <% end %> + + <% if Github.enabled? %> +
    + + <%= label_tag :github_username, + raw("GitHub:"), + :class => "required" %> + <% if @edit_user.github_username.present? %> + Linked to + <%= h(@edit_user.github_username) %> + <%= link_post "Disconnect", "/settings/github_disconnect" %> + <% else %> + Connect + <% end %> + +
    + <% end %> + + <% if Twitter.enabled? %> +
    + <%= label_tag :twitter_username, + raw("Twitter:"), + :class => "required" %> + + <% if @edit_user.twitter_username.present? %> + Linked to + @<%= h(@edit_user.twitter_username) %> + <%= link_post "Disconnect", "/settings/twitter_disconnect" %> + <% else %> + Connect + <% end %> + +
    + <% end %> + + <% if Keybase.enabled? %> +
    + <%= label_tag :kb_username, raw("Keybase:"), :class => "required" %> + + <%= render :partial => "keybase_proofs/proofs", locals: {user: @edit_user, for_self: true} %> + +
    <% end %>
    @@ -293,7 +296,7 @@
    - <%= form_with model: @edit_user, url: delete_account_path, method: :post, id: 'delete_user' do |f| %> + <%= form_with model: @edit_user, url: delete_account_path, method: :post, id: 'delete_user' do |f| %>

    Delete Account

    From 73105f2934f3c71256e80f2128865c9ef39cb057 Mon Sep 17 00:00:00 2001 From: Peter Bhat Harkins Date: Fri, 3 Feb 2023 09:12:32 -0600 Subject: [PATCH 04/20] bump for CVEs --- Gemfile | 2 +- Gemfile.lock | 241 ++++++++++++++++++++++++++------------------------- 2 files changed, 125 insertions(+), 118 deletions(-) diff --git a/Gemfile b/Gemfile index 55170961..22dbe958 100644 --- a/Gemfile +++ b/Gemfile @@ -1,6 +1,6 @@ source "https://rubygems.org" -gem "rails", "~> 7.0.3.1" +gem "rails", "~> 7.0.4.2" gem "mysql2" diff --git a/Gemfile.lock b/Gemfile.lock index abb43275..1ec3df79 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -2,83 +2,83 @@ GEM remote: https://rubygems.org/ specs: Ascii85 (1.1.0) - actioncable (7.0.3.1) - actionpack (= 7.0.3.1) - activesupport (= 7.0.3.1) + actioncable (7.0.4.2) + actionpack (= 7.0.4.2) + activesupport (= 7.0.4.2) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailbox (7.0.3.1) - actionpack (= 7.0.3.1) - activejob (= 7.0.3.1) - activerecord (= 7.0.3.1) - activestorage (= 7.0.3.1) - activesupport (= 7.0.3.1) + actionmailbox (7.0.4.2) + actionpack (= 7.0.4.2) + activejob (= 7.0.4.2) + activerecord (= 7.0.4.2) + activestorage (= 7.0.4.2) + activesupport (= 7.0.4.2) mail (>= 2.7.1) net-imap net-pop net-smtp - actionmailer (7.0.3.1) - actionpack (= 7.0.3.1) - actionview (= 7.0.3.1) - activejob (= 7.0.3.1) - activesupport (= 7.0.3.1) + actionmailer (7.0.4.2) + actionpack (= 7.0.4.2) + actionview (= 7.0.4.2) + activejob (= 7.0.4.2) + activesupport (= 7.0.4.2) mail (~> 2.5, >= 2.5.4) net-imap net-pop net-smtp rails-dom-testing (~> 2.0) - actionpack (7.0.3.1) - actionview (= 7.0.3.1) - activesupport (= 7.0.3.1) + actionpack (7.0.4.2) + actionview (= 7.0.4.2) + activesupport (= 7.0.4.2) rack (~> 2.0, >= 2.2.0) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.2.0) actionpack-page_caching (1.2.4) actionpack (>= 4.0.0) - actiontext (7.0.3.1) - actionpack (= 7.0.3.1) - activerecord (= 7.0.3.1) - activestorage (= 7.0.3.1) - activesupport (= 7.0.3.1) + actiontext (7.0.4.2) + actionpack (= 7.0.4.2) + activerecord (= 7.0.4.2) + activestorage (= 7.0.4.2) + activesupport (= 7.0.4.2) globalid (>= 0.6.0) nokogiri (>= 1.8.5) - actionview (7.0.3.1) - activesupport (= 7.0.3.1) + actionview (7.0.4.2) + activesupport (= 7.0.4.2) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.1, >= 1.2.0) - activejob (7.0.3.1) - activesupport (= 7.0.3.1) + activejob (7.0.4.2) + activesupport (= 7.0.4.2) globalid (>= 0.3.6) - activemodel (7.0.3.1) - activesupport (= 7.0.3.1) - activerecord (7.0.3.1) - activemodel (= 7.0.3.1) - activesupport (= 7.0.3.1) - activerecord-typedstore (1.4.0) - activerecord (>= 5.2) - activestorage (7.0.3.1) - actionpack (= 7.0.3.1) - activejob (= 7.0.3.1) - activerecord (= 7.0.3.1) - activesupport (= 7.0.3.1) + activemodel (7.0.4.2) + activesupport (= 7.0.4.2) + activerecord (7.0.4.2) + activemodel (= 7.0.4.2) + activesupport (= 7.0.4.2) + activerecord-typedstore (1.5.1) + activerecord (>= 6.1) + activestorage (7.0.4.2) + actionpack (= 7.0.4.2) + activejob (= 7.0.4.2) + activerecord (= 7.0.4.2) + activesupport (= 7.0.4.2) marcel (~> 1.0) mini_mime (>= 1.1.0) - activesupport (7.0.3.1) + activesupport (7.0.4.2) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 1.6, < 2) minitest (>= 5.1) tzinfo (~> 2.0) - addressable (2.8.0) - public_suffix (>= 2.0.2, < 5.0) + addressable (2.8.1) + public_suffix (>= 2.0.2, < 6.0) afm (0.2.2) ast (2.4.2) bcrypt (3.1.18) builder (3.2.4) byebug (11.1.3) - capybara (3.37.1) + capybara (3.38.0) addressable matrix mini_mime (>= 0.1.3) @@ -88,8 +88,8 @@ GEM regexp_parser (>= 1.5, < 3.0) xpath (~> 3.2) chunky_png (1.4.0) - commonmarker (0.23.6) - concurrent-ruby (1.1.10) + commonmarker (0.23.8) + concurrent-ruby (1.2.0) crack (0.4.5) rexml crass (1.0.6) @@ -99,10 +99,10 @@ GEM activerecord (>= 5.a) database_cleaner-core (~> 2.0.0) database_cleaner-core (2.0.1) + date (3.3.3) diff-lcs (1.5.0) - digest (3.1.0) docile (1.4.0) - erubi (1.10.0) + erubi (1.12.0) exception_notification (4.5.0) actionmailer (>= 5.2, < 8) activesupport (>= 5.2, < 8) @@ -112,128 +112,132 @@ GEM factory_bot_rails (6.2.0) factory_bot (~> 6.2.0) railties (>= 5.0.0) - faker (2.21.0) + faker (3.1.0) i18n (>= 1.8.11, < 2) ffi (1.15.5) flamegraph (0.9.5) - globalid (1.0.0) + globalid (1.1.0) activesupport (>= 5.0) hashdiff (1.0.1) hashery (2.1.2) + hashie (5.0.0) htmlentities (4.3.4) - i18n (1.11.0) + i18n (1.12.0) concurrent-ruby (~> 1.0) jaro_winkler (1.5.4) - jquery-rails (4.4.0) + jquery-rails (4.5.1) rails-dom-testing (>= 1, < 3) railties (>= 4.2.0) thor (>= 0.14, < 2.0) - json (2.6.2) - listen (3.7.1) + json (2.6.3) + listen (3.8.0) rb-fsevent (~> 0.10, >= 0.10.3) rb-inotify (~> 0.9, >= 0.9.10) - loofah (2.18.0) + loofah (2.19.1) crass (~> 1.0.2) nokogiri (>= 1.5.9) - mail (2.7.1) + mail (2.8.1) mini_mime (>= 0.1.1) + net-imap + net-pop + net-smtp marcel (1.0.2) matrix (0.4.2) - memory_profiler (1.0.0) + memory_profiler (1.0.1) method_source (1.0.0) mini_mime (1.1.2) - mini_portile2 (2.8.0) - minitest (5.16.2) - mysql2 (0.5.4) - net-imap (0.2.3) - digest + mini_portile2 (2.8.1) + minitest (5.17.0) + mysql2 (0.5.5) + net-imap (0.3.4) + date net-protocol - strscan - net-pop (0.1.1) - digest + net-pop (0.1.2) net-protocol + net-protocol (0.2.1) timeout - net-protocol (0.1.3) - timeout - net-smtp (0.3.1) - digest + net-smtp (0.3.3) net-protocol - timeout nio4r (2.5.8) - nokogiri (1.13.9) + nokogiri (1.14.1) mini_portile2 (~> 2.8.0) racc (~> 1.4) - nokogiri (1.13.9-x86_64-linux) + nokogiri (1.14.1-x86_64-linux) racc (~> 1.4) - oauth (0.5.10) + oauth (1.1.0) + oauth-tty (~> 1.0, >= 1.0.1) + snaky_hash (~> 2.0) + version_gem (~> 1.1) + oauth-tty (1.0.5) + version_gem (~> 1.1, >= 1.1.1) parallel (1.22.1) - parser (3.1.2.0) + parser (3.2.0.0) ast (~> 2.4.1) - pdf-reader (2.10.0) + pdf-reader (2.11.0) Ascii85 (~> 1.0) afm (~> 0.2.1) hashery (~> 2.0) ruby-rc4 ttfunk - public_suffix (4.0.7) - puma (5.6.4) + public_suffix (5.0.1) + puma (6.0.2) nio4r (~> 2.0) - racc (1.6.0) - rack (2.2.4) + racc (1.6.2) + rack (2.2.6.2) rack-attack (6.6.1) rack (>= 1.0, < 3) rack-mini-profiler (3.0.0) rack (>= 1.2.0) rack-test (2.0.2) rack (>= 1.3) - rails (7.0.3.1) - actioncable (= 7.0.3.1) - actionmailbox (= 7.0.3.1) - actionmailer (= 7.0.3.1) - actionpack (= 7.0.3.1) - actiontext (= 7.0.3.1) - actionview (= 7.0.3.1) - activejob (= 7.0.3.1) - activemodel (= 7.0.3.1) - activerecord (= 7.0.3.1) - activestorage (= 7.0.3.1) - activesupport (= 7.0.3.1) + rails (7.0.4.2) + actioncable (= 7.0.4.2) + actionmailbox (= 7.0.4.2) + actionmailer (= 7.0.4.2) + actionpack (= 7.0.4.2) + actiontext (= 7.0.4.2) + actionview (= 7.0.4.2) + activejob (= 7.0.4.2) + activemodel (= 7.0.4.2) + activerecord (= 7.0.4.2) + activestorage (= 7.0.4.2) + activesupport (= 7.0.4.2) bundler (>= 1.15.0) - railties (= 7.0.3.1) + railties (= 7.0.4.2) rails-dom-testing (2.0.3) activesupport (>= 4.2.0) nokogiri (>= 1.6) - rails-html-sanitizer (1.4.3) - loofah (~> 2.3) - railties (7.0.3.1) - actionpack (= 7.0.3.1) - activesupport (= 7.0.3.1) + rails-html-sanitizer (1.5.0) + loofah (~> 2.19, >= 2.19.1) + railties (7.0.4.2) + actionpack (= 7.0.4.2) + activesupport (= 7.0.4.2) method_source rake (>= 12.2) thor (~> 1.0) zeitwerk (~> 2.5) rainbow (3.1.1) rake (13.0.6) - rb-fsevent (0.11.1) + rb-fsevent (0.11.2) rb-inotify (0.10.1) ffi (~> 1.0) rb-readline (0.5.5) - regexp_parser (2.4.0) + regexp_parser (2.6.2) rexml (3.2.5) - rotp (6.2.0) - rqrcode (2.1.1) + rotp (6.2.2) + rqrcode (2.1.2) chunky_png (~> 1.0) rqrcode_core (~> 1.0) rqrcode_core (1.2.0) - rspec-core (3.11.0) - rspec-support (~> 3.11.0) - rspec-expectations (3.11.0) + rspec-core (3.12.1) + rspec-support (~> 3.12.0) + rspec-expectations (3.12.2) diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.11.0) - rspec-mocks (3.11.1) + rspec-support (~> 3.12.0) + rspec-mocks (3.12.3) diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.11.0) - rspec-rails (6.0.0.rc1) + rspec-support (~> 3.12.0) + rspec-rails (6.0.1) actionpack (>= 6.1) activesupport (>= 6.1) railties (>= 6.1) @@ -241,7 +245,7 @@ GEM rspec-expectations (~> 3.11) rspec-mocks (~> 3.11) rspec-support (~> 3.11) - rspec-support (3.11.0) + rspec-support (3.12.0) rubocop (0.81.0) jaro_winkler (~> 1.5.1) parallel (~> 1.10) @@ -260,20 +264,23 @@ GEM ruby-rc4 (0.1.5) ruumba (0.1.17) rubocop - scenic (1.6.0) + scenic (1.7.0) activerecord (>= 4.0.0) railties (>= 4.0.0) scenic-mysql_adapter (1.0.1) mysql2 scenic (>= 1.4.0) - simplecov (0.21.2) + simplecov (0.22.0) docile (~> 1.1) simplecov-html (~> 0.11) simplecov_json_formatter (~> 0.1) simplecov-html (0.12.3) simplecov_json_formatter (0.1.4) - sitemap_generator (6.2.1) + sitemap_generator (6.3.0) builder (~> 3.0) + snaky_hash (2.0.1) + hashie + version_gem (~> 1.1, >= 1.1.1) sprockets (3.7.2) concurrent-ruby (~> 1.0) rack (> 1, < 3) @@ -281,24 +288,24 @@ GEM actionpack (>= 3.0) activesupport (>= 3.0) sprockets (>= 2.8, < 4.0) - stackprof (0.2.19) - strscan (3.0.3) + stackprof (0.2.23) svg-graph (2.2.1) thor (1.2.1) - timeout (0.3.0) + timeout (0.3.1) transaction_isolation (1.0.5) activerecord (>= 3.0.11) transaction_retry (1.0.3) activerecord (>= 3.0.11) transaction_isolation (>= 1.0.2) ttfunk (1.7.0) - tzinfo (2.0.4) + tzinfo (2.0.6) concurrent-ruby (~> 1.0) uglifier (4.2.0) execjs (>= 0.3.0, < 3) unicode-display_width (1.8.0) vcr (6.1.0) - webmock (3.14.0) + version_gem (1.1.1) + webmock (3.18.1) addressable (>= 2.8.0) crack (>= 0.3.2) hashdiff (>= 0.4.0, < 2.0.0) @@ -307,7 +314,7 @@ GEM websocket-extensions (0.1.5) xpath (3.2.0) nokogiri (~> 1.8) - zeitwerk (2.6.0) + zeitwerk (2.6.6) PLATFORMS ruby @@ -338,7 +345,7 @@ DEPENDENCIES puma (>= 5.6.2) rack-attack rack-mini-profiler - rails (~> 7.0.3.1) + rails (~> 7.0.4.2) rb-readline rotp rqrcode From 7c9dcc55a0f9e5422ed6c77150c98758641bdfd4 Mon Sep 17 00:00:00 2001 From: John Pash Date: Fri, 3 Feb 2023 15:33:48 +0000 Subject: [PATCH 05/20] fix unintentional scrolling when flagging a comment (#1153) --- app/assets/javascripts/application.js.erb | 1 + 1 file changed, 1 insertion(+) diff --git a/app/assets/javascripts/application.js.erb b/app/assets/javascripts/application.js.erb index 40c1b98a..335f450e 100644 --- a/app/assets/javascripts/application.js.erb +++ b/app/assets/javascripts/application.js.erb @@ -637,6 +637,7 @@ onPageLoad(() => { }); on('click', '.comment #flag_dropdown a', (event) => { + event.preventDefault(); if (event.target.getAttribute('data') != '') { Lobster.voteComment(parentSelector(event.target, '.comment'), -1, event.target.getAttribute('data')); } From 29b0f1a2430c67fc8e83523f95e19429afadfd0e Mon Sep 17 00:00:00 2001 From: Peter Bhat Harkins Date: Wed, 8 Feb 2023 08:12:56 -0600 Subject: [PATCH 06/20] /hats: don't list hats unavailable for use Fix #1160 --- app/controllers/hats_controller.rb | 2 +- app/models/hat.rb | 4 +++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/app/controllers/hats_controller.rb b/app/controllers/hats_controller.rb index ed31d41f..0ddc7143 100644 --- a/app/controllers/hats_controller.rb +++ b/app/controllers/hats_controller.rb @@ -14,7 +14,7 @@ class HatsController < ApplicationController @hat_groups = {} - Hat.all.includes(:user).each do |h| + Hat.active.includes(:user).each do |h| @hat_groups[h.hat] ||= [] @hat_groups[h.hat].push h end diff --git a/app/models/hat.rb b/app/models/hat.rb index 8fe40f15..847ee353 100644 --- a/app/models/hat.rb +++ b/app/models/hat.rb @@ -1,12 +1,14 @@ class Hat < ApplicationRecord belongs_to :user - belongs_to :granted_by_user, :class_name => "User", :inverse_of => false + belongs_to :granted_by_user, class_name: "User", inverse_of: false after_create :log_moderation validates :user, :granted_by_user, :hat, presence: true validates :hat, :link, length: { maximum: 255 } + scope :active, -> { joins(:user).where(doffed_at: nil).merge(User.active) } + def doff_by_user_with_reason(user, reason) m = Moderation.new m.user_id = self.user_id From 1d3ad81fc2c2f2a2d272ac08e41d7fcffcdffbb9 Mon Sep 17 00:00:00 2001 From: Robert Melton Date: Wed, 8 Feb 2023 11:47:40 -0500 Subject: [PATCH 07/20] Added aria role and levels for stories and comments (#1149) --- app/views/comments/_comment.html.erb | 2 +- app/views/stories/_listdetail.html.erb | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/app/views/comments/_comment.html.erb b/app/views/comments/_comment.html.erb index 04c7628b..9b5c1a22 100644 --- a/app/views/comments/_comment.html.erb +++ b/app/views/comments/_comment.html.erb @@ -134,7 +134,7 @@ class="comment <%= comment.current_vote ? (comment.current_vote[:vote] == 1 ? <% end %>

    -
    +
    <% if comment.is_gone? %>

    diff --git a/app/views/stories/_listdetail.html.erb b/app/views/stories/_listdetail.html.erb index ff6fac9c..19a9830b 100644 --- a/app/views/stories/_listdetail.html.erb +++ b/app/views/stories/_listdetail.html.erb @@ -24,7 +24,7 @@ class="story <%= story.vote && story.vote[:vote] == 1 ? "upvoted" : "" %>

    <%= story.show_score_to_user?(@user) ? story.score : '~' %>
    - + <% if story.can_be_seen_by_user?(@user) %> <%= story.title %> <% end %> @@ -173,7 +173,7 @@ class="story <%= story.vote && story.vote[:vote] == 1 ? "upvoted" : "" %> <% if !story.is_gone? || @user.try(:is_moderator?) %> | - + <% if story.comments_count == 0 %> no comments <% else %> From f06dafceddcbebe35e5ce39f089dc41a3ea55096 Mon Sep 17 00:00:00 2001 From: John Pash Date: Wed, 15 Feb 2023 17:10:07 +0000 Subject: [PATCH 08/20] Fix duplicate password, fix #1097 --- app/views/settings/index.html.erb | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/app/views/settings/index.html.erb b/app/views/settings/index.html.erb index 59cfd656..7a370ed4 100644 --- a/app/views/settings/index.html.erb +++ b/app/views/settings/index.html.erb @@ -5,7 +5,7 @@ <% end %>
    - <%= form_with model: @edit_user, url: settings_path, method: :post, id: 'edit_user' do |f| %> + <%= form_with model: @edit_user, url: settings_path, method: :post, id: 'edit_user', namespace: 'edit_user' do |f| %> <%= errors_for f.object %>
    @@ -19,7 +19,7 @@
    <%= f.label :current_password, "Current Password:", :class => "required" %> - <%= f.password_field :current_password, :name => "current_password", :size => 30 %> + <%= f.password_field :current_password, :name => "current_password", :size => 30, :autocomplete => "off" %>
    @@ -296,7 +296,8 @@
    - <%= form_with model: @edit_user, url: delete_account_path, method: :post, id: 'delete_user' do |f| %> + <%= form_with model: @edit_user, url: delete_account_path, method: :post, id: 'delete_user', namespace: 'delete_user' do |f| %> +

    Delete Account

    From 5b6b4349ab9f930afba528533b4fd0676ffa9a16 Mon Sep 17 00:00:00 2001 From: William Karsten Date: Thu, 16 Feb 2023 18:38:59 -0600 Subject: [PATCH 09/20] Prevent wrap at various zoom levels. Fix #1161 --- app/views/stories/_form.html.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/views/stories/_form.html.erb b/app/views/stories/_form.html.erb index f1358196..b1add752 100644 --- a/app/views/stories/_form.html.erb +++ b/app/views/stories/_form.html.erb @@ -6,7 +6,7 @@ <% if f.object.url_is_editable_by_user?(@user) %> <%= f.label :url, "URL:", :class => "required" %> <%= f.text_field :url, :autocomplete => "off" %> - <%= button_tag "Fetch Title", :id => "story_fetch_title", + <%= button_tag "Fetch Title", :id => "story_fetch_title", :type => "button" %> <% elsif !f.object.new_record? && !f.object.url.blank? %> <%= f.label :url, "URL:", :class => "required" %> From 7c999c37c8e2819d60cd97ae3d2f6c2b2e311a8d Mon Sep 17 00:00:00 2001 From: Peter Bhat Harkins Date: Tue, 21 Feb 2023 09:54:01 -0600 Subject: [PATCH 10/20] remove common GitHub title cruft --- app/models/story.rb | 3 +++ 1 file changed, 3 insertions(+) diff --git a/app/models/story.rb b/app/models/story.rb index b12b7b65..c4ad8c5a 100644 --- a/app/models/story.rb +++ b/app/models/story.rb @@ -999,6 +999,9 @@ class Story < ApplicationRecord @fetched_attributes[:title] = title + # strip off common GitHub site + repo owner + @fetched_attributes[:title].sub!(/GitHub - [a-z\d](?:[a-z\d]|-(?=[a-z\d])){0,38}\//i, '') + # attempt to get the canonical url if it can be parsed, # if it is not the domain root path, and if it # responds to GET with a 200-level code From 3d14ca77239a5521df7679a81a7636e72489ff5d Mon Sep 17 00:00:00 2001 From: John Pash Date: Fri, 3 Mar 2023 02:36:56 +0000 Subject: [PATCH 11/20] Feature: scroll to unread comments (#1156) --- app/assets/javascripts/application.js.erb | 8 ++++++++ app/assets/stylesheets/application.css.erb | 1 + 2 files changed, 9 insertions(+) diff --git a/app/assets/javascripts/application.js.erb b/app/assets/javascripts/application.js.erb index 335f450e..298d1c45 100644 --- a/app/assets/javascripts/application.js.erb +++ b/app/assets/javascripts/application.js.erb @@ -728,4 +728,12 @@ onPageLoad(() => { response.text().then(text => replace(comment, text)); }); }); + + on('click', '.comment_unread', (event) => { + const nodes = document.getElementsByClassName('comment_unread') + const foundIndex = Array.from(nodes).findIndex(node => node === event.target) + const targetIndex = (foundIndex + 1) % nodes.length; + const targetY = nodes[targetIndex].getBoundingClientRect().top + window.scrollY + window.scrollTo({ top: targetY, behavior: 'smooth' }) + }); }); diff --git a/app/assets/stylesheets/application.css.erb b/app/assets/stylesheets/application.css.erb index d29165a2..6f870ec7 100644 --- a/app/assets/stylesheets/application.css.erb +++ b/app/assets/stylesheets/application.css.erb @@ -1176,6 +1176,7 @@ div.comment_form_container textarea { span.comment_unread { color: var(--color-fg-accent); font-weight: 600; + cursor: pointer; } /* trees */ From b531a50aa87dd13a136de08c5d7323f3ba50ce49 Mon Sep 17 00:00:00 2001 From: William Karsten Date: Wed, 5 Apr 2023 07:22:49 -0500 Subject: [PATCH 12/20] Correct an erb html escape (#1164) --- app/views/stories/_form.html.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/views/stories/_form.html.erb b/app/views/stories/_form.html.erb index b1add752..7720d035 100644 --- a/app/views/stories/_form.html.erb +++ b/app/views/stories/_form.html.erb @@ -6,7 +6,7 @@ <% if f.object.url_is_editable_by_user?(@user) %> <%= f.label :url, "URL:", :class => "required" %> <%= f.text_field :url, :autocomplete => "off" %> - <%= button_tag "Fetch Title", :id => "story_fetch_title", + <%= button_tag raw("Fetch Title"), :id => "story_fetch_title", :type => "button" %> <% elsif !f.object.new_record? && !f.object.url.blank? %> <%= f.label :url, "URL:", :class => "required" %> From f40518f92b0e23522a8da583f6f3d25ae5c81317 Mon Sep 17 00:00:00 2001 From: William Karsten Date: Wed, 5 Apr 2023 07:28:25 -0500 Subject: [PATCH 13/20] fix colors on suggested tags in dark mode (#1166) --- app/assets/stylesheets/application.css.erb | 10 +- app/views/stories/edit.html.erb | 116 +++++++++++---------- 2 files changed, 65 insertions(+), 61 deletions(-) diff --git a/app/assets/stylesheets/application.css.erb b/app/assets/stylesheets/application.css.erb index 6f870ec7..d006acdd 100644 --- a/app/assets/stylesheets/application.css.erb +++ b/app/assets/stylesheets/application.css.erb @@ -59,6 +59,7 @@ light = <<-LIGHT --color-tag-bg: #fffcd7; --color-tag-border: #d5d458; --color-tag-media-bg: #ddebf9; + --color-tag-bg-img: -webkit-linear-gradient(top, #f4f4f4 20%, #f0f0f0 50%, #e8e8e8 52%, #eeeeee 100%); --color-tag-media-border: #b2ccf0; --color-tag-meta-bg: #e0e0e0; --color-tag-meta-border: #c8c8c8; @@ -135,6 +136,7 @@ dark = <<-DARK --color-table-row-border: #262626; --color-tag-bg: #3b320d; + --color-tag-bg-img: none; --color-tag-border: #665501; --color-tag-media-bg: #15293d; --color-tag-media-border: #214669; @@ -1482,11 +1484,11 @@ div.flash-success h2 { } #story_holder .ts-control .data-ts-item { /* item already selected by user*/ - background-color: #e4e4e4; - background-image: -webkit-linear-gradient(top, #f4f4f4 20%, #f0f0f0 50%, #e8e8e8 52%, #eeeeee 100%); - border: 1px solid #aaaaaa; + background-color: var(--color-tag-bg); + background-image: var(--color-tag-bg-img); + border: 1px solid var(--color-tagborder); border-radius: 3px; - color: #333; + color: var(--color-fgcontrast-10); line-height: 13px; margin: 3px 5px 3px 0; padding: 3px 0.5rem 3px 1rem !important; diff --git a/app/views/stories/edit.html.erb b/app/views/stories/edit.html.erb index 834f5e10..66d1ba6f 100644 --- a/app/views/stories/edit.html.erb +++ b/app/views/stories/edit.html.erb @@ -1,64 +1,66 @@

    - <%= form_with model: @story, id: 'edit_story' do |f| %> - <%= render :partial => "stories/form", :locals => { :story => @story, - :f => f } %> +
    + <%= form_with model: @story, id: 'edit_story' do |f| %> + <%= render :partial => "stories/form", :locals => { :story => @story, + :f => f } %> - <% if @user.is_moderator? %> -
    -
    -
    - <%= f.label :merge_story_short_id, "Merge Into:", - :class => "required" %> - <%= f.text_field :merge_story_short_id, :autocomplete => "off", - :placeholder => "Short id of story into which this story " << - "be merged" %> -
    -
    - <%= f.label :unavailable_at, "Unavailable:", - :class => "required" %> - <%= f.check_box :is_unavailable %> - <%= f.label :unavailable_at, "Source URL is unavailable, " << - "enable display of cached text", :class => "normal" %> -
    - <% if @story.user_id != @user.id %> + <% if @user.is_moderator? %> +
    +
    - <%= f.label :moderation_reason, "Mod Reason:", :class => "required" %> - <%= f.text_field :moderation_reason %> + <%= f.label :merge_story_short_id, "Merge Into:", + :class => "required" %> + <%= f.text_field :merge_story_short_id, :autocomplete => "off", + :placeholder => "Short id of story into which this story " << + "be merged" %>
    - <% end %> +
    + <%= f.label :unavailable_at, "Unavailable:", + :class => "required" %> + <%= f.check_box :is_unavailable %> + <%= f.label :unavailable_at, "Source URL is unavailable, " << + "enable display of cached text", :class => "normal" %> +
    + <% if @story.user_id != @user.id %> +
    + <%= f.label :moderation_reason, "Mod Reason:", :class => "required" %> + <%= f.text_field :moderation_reason %> +
    + <% end %> +
    + <% end %> + +

    + +
    +
    +
    + Markdown formatting available +
    + + <%= f.submit "Save" %> + + <% if @story.is_gone? && @story.is_undeletable_by_user?(@user) %> +   |   + <%= f.submit "Undelete", formaction: story_undelete_path(@story.short_id), + :data => { :confirm => "Undelete this story?" } %> + <% elsif !@story.is_gone? %> +   |   + <% if @story.user_id != @user.id && @user.is_moderator? %> + <%= f.submit "Delete", formaction: story_destroy_path(@story.short_id), + :class => "deletion", :data => { :confirm => "Delete this story?" } %> + <% else %> + <%= f.submit "Delete", formaction: story_destroy_path(@story.short_id), + :class => "deletion", :data => { :confirm => "Delete this story?" } %> + <% end %> + <% end %> + +
    + + <%= render :partial => "global/markdownhelp", + :locals => { allow_images: @story.can_have_images? } %> +
    <% end %> - -

    - -
    -
    -
    - Markdown formatting available -
    - - <%= f.submit "Save" %> - - <% if @story.is_gone? && @story.is_undeletable_by_user?(@user) %> -   |   - <%= f.submit "Undelete", formaction: story_undelete_path(@story.short_id), - :data => { :confirm => "Undelete this story?" } %> - <% elsif !@story.is_gone? %> -   |   - <% if @story.user_id != @user.id && @user.is_moderator? %> - <%= f.submit "Delete", formaction: story_destroy_path(@story.short_id), - :class => "deletion", :data => { :confirm => "Delete this story?" } %> - <% else %> - <%= f.submit "Delete", formaction: story_destroy_path(@story.short_id), - :class => "deletion", :data => { :confirm => "Delete this story?" } %> - <% end %> - <% end %> - -
    - - <%= render :partial => "global/markdownhelp", - :locals => { allow_images: @story.can_have_images? } %> -
    -
    - <% end %> +
    From 88ccacea6c224ca9f11b414534f1af559f99518b Mon Sep 17 00:00:00 2001 From: Kaspar Emanuel Date: Wed, 5 Apr 2023 13:31:58 +0100 Subject: [PATCH 14/20] Fix spec of bg in mobile comments speech bubble (#1169) --- app/assets/stylesheets/application.css.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/assets/stylesheets/application.css.erb b/app/assets/stylesheets/application.css.erb index d006acdd..354a1a72 100644 --- a/app/assets/stylesheets/application.css.erb +++ b/app/assets/stylesheets/application.css.erb @@ -1810,7 +1810,7 @@ input[type="submit"].link_post.pushover_button { height: 7px; left: 4px; position: absolute; - width: 5px; + width: 5.4px; z-index: 10; } ol.stories.list li.story .mobile_comments span:after { From de4220f38268d0bb42c8f1b40119fce749324782 Mon Sep 17 00:00:00 2001 From: Peter Bhat Harkins Date: Wed, 5 Apr 2023 07:33:03 -0500 Subject: [PATCH 15/20] handle missing user-agent #1168 --- config/initializers/rack_attack.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/initializers/rack_attack.rb b/config/initializers/rack_attack.rb index ceaf0ad4..24eeec0e 100644 --- a/config/initializers/rack_attack.rb +++ b/config/initializers/rack_attack.rb @@ -25,7 +25,7 @@ Rack::Attack.throttle("login", limit: 4, period: 60) do |request| end Rack::Attack.throttle("log4j probe", limit: 1, period: 1.week.to_i) do |request| - request.ip if request.user_agent.include? '${' + request.ip if request.user_agent.try(:include?, '${') end # explain the throttle From e0fe200d8a7f7d5efa5f420238bb4895d6eedcb9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 5 Apr 2023 07:42:06 -0500 Subject: [PATCH 16/20] Bump rack from 2.2.6.2 to 2.2.6.4 (#1170) Bumps [rack](https://github.com/rack/rack) from 2.2.6.2 to 2.2.6.4. - [Release notes](https://github.com/rack/rack/releases) - [Changelog](https://github.com/rack/rack/blob/main/CHANGELOG.md) - [Commits](https://github.com/rack/rack/compare/v2.2.6.2...v2.2.6.4) --- updated-dependencies: - dependency-name: rack dependency-type: indirect ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index 1ec3df79..5fe17646 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -183,7 +183,7 @@ GEM puma (6.0.2) nio4r (~> 2.0) racc (1.6.2) - rack (2.2.6.2) + rack (2.2.6.4) rack-attack (6.6.1) rack (>= 1.0, < 3) rack-mini-profiler (3.0.0) From 463f826f6edbb13b27468abd64bb781c007c8bba Mon Sep 17 00:00:00 2001 From: Peter Bhat Harkins Date: Wed, 5 Apr 2023 07:41:22 -0500 Subject: [PATCH 17/20] bump rails for CVE-2023-28120 --- Gemfile | 2 +- Gemfile.lock | 152 +++++++++++++++++++++++++-------------------------- 2 files changed, 77 insertions(+), 77 deletions(-) diff --git a/Gemfile b/Gemfile index 22dbe958..c203692d 100644 --- a/Gemfile +++ b/Gemfile @@ -1,6 +1,6 @@ source "https://rubygems.org" -gem "rails", "~> 7.0.4.2" +gem "rails", "~> 7.0.4.3" gem "mysql2" diff --git a/Gemfile.lock b/Gemfile.lock index 5fe17646..6afa8f28 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -2,83 +2,83 @@ GEM remote: https://rubygems.org/ specs: Ascii85 (1.1.0) - actioncable (7.0.4.2) - actionpack (= 7.0.4.2) - activesupport (= 7.0.4.2) + actioncable (7.0.4.3) + actionpack (= 7.0.4.3) + activesupport (= 7.0.4.3) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailbox (7.0.4.2) - actionpack (= 7.0.4.2) - activejob (= 7.0.4.2) - activerecord (= 7.0.4.2) - activestorage (= 7.0.4.2) - activesupport (= 7.0.4.2) + actionmailbox (7.0.4.3) + actionpack (= 7.0.4.3) + activejob (= 7.0.4.3) + activerecord (= 7.0.4.3) + activestorage (= 7.0.4.3) + activesupport (= 7.0.4.3) mail (>= 2.7.1) net-imap net-pop net-smtp - actionmailer (7.0.4.2) - actionpack (= 7.0.4.2) - actionview (= 7.0.4.2) - activejob (= 7.0.4.2) - activesupport (= 7.0.4.2) + actionmailer (7.0.4.3) + actionpack (= 7.0.4.3) + actionview (= 7.0.4.3) + activejob (= 7.0.4.3) + activesupport (= 7.0.4.3) mail (~> 2.5, >= 2.5.4) net-imap net-pop net-smtp rails-dom-testing (~> 2.0) - actionpack (7.0.4.2) - actionview (= 7.0.4.2) - activesupport (= 7.0.4.2) + actionpack (7.0.4.3) + actionview (= 7.0.4.3) + activesupport (= 7.0.4.3) rack (~> 2.0, >= 2.2.0) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.2.0) actionpack-page_caching (1.2.4) actionpack (>= 4.0.0) - actiontext (7.0.4.2) - actionpack (= 7.0.4.2) - activerecord (= 7.0.4.2) - activestorage (= 7.0.4.2) - activesupport (= 7.0.4.2) + actiontext (7.0.4.3) + actionpack (= 7.0.4.3) + activerecord (= 7.0.4.3) + activestorage (= 7.0.4.3) + activesupport (= 7.0.4.3) globalid (>= 0.6.0) nokogiri (>= 1.8.5) - actionview (7.0.4.2) - activesupport (= 7.0.4.2) + actionview (7.0.4.3) + activesupport (= 7.0.4.3) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.1, >= 1.2.0) - activejob (7.0.4.2) - activesupport (= 7.0.4.2) + activejob (7.0.4.3) + activesupport (= 7.0.4.3) globalid (>= 0.3.6) - activemodel (7.0.4.2) - activesupport (= 7.0.4.2) - activerecord (7.0.4.2) - activemodel (= 7.0.4.2) - activesupport (= 7.0.4.2) + activemodel (7.0.4.3) + activesupport (= 7.0.4.3) + activerecord (7.0.4.3) + activemodel (= 7.0.4.3) + activesupport (= 7.0.4.3) activerecord-typedstore (1.5.1) activerecord (>= 6.1) - activestorage (7.0.4.2) - actionpack (= 7.0.4.2) - activejob (= 7.0.4.2) - activerecord (= 7.0.4.2) - activesupport (= 7.0.4.2) + activestorage (7.0.4.3) + actionpack (= 7.0.4.3) + activejob (= 7.0.4.3) + activerecord (= 7.0.4.3) + activesupport (= 7.0.4.3) marcel (~> 1.0) mini_mime (>= 1.1.0) - activesupport (7.0.4.2) + activesupport (7.0.4.3) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 1.6, < 2) minitest (>= 5.1) tzinfo (~> 2.0) - addressable (2.8.1) + addressable (2.8.3) public_suffix (>= 2.0.2, < 6.0) afm (0.2.2) ast (2.4.2) bcrypt (3.1.18) builder (3.2.4) byebug (11.1.3) - capybara (3.38.0) + capybara (3.39.0) addressable matrix mini_mime (>= 0.1.3) @@ -89,13 +89,13 @@ GEM xpath (~> 3.2) chunky_png (1.4.0) commonmarker (0.23.8) - concurrent-ruby (1.2.0) + concurrent-ruby (1.2.2) crack (0.4.5) rexml crass (1.0.6) - database_cleaner (2.0.1) - database_cleaner-active_record (~> 2.0.0) - database_cleaner-active_record (2.0.1) + database_cleaner (2.0.2) + database_cleaner-active_record (>= 2, < 3) + database_cleaner-active_record (2.1.0) activerecord (>= 5.a) database_cleaner-core (~> 2.0.0) database_cleaner-core (2.0.1) @@ -112,7 +112,7 @@ GEM factory_bot_rails (6.2.0) factory_bot (~> 6.2.0) railties (>= 5.0.0) - faker (3.1.0) + faker (3.1.1) i18n (>= 1.8.11, < 2) ffi (1.15.5) flamegraph (0.9.5) @@ -133,7 +133,7 @@ GEM listen (3.8.0) rb-fsevent (~> 0.10, >= 0.10.3) rb-inotify (~> 0.9, >= 0.9.10) - loofah (2.19.1) + loofah (2.20.0) crass (~> 1.0.2) nokogiri (>= 1.5.9) mail (2.8.1) @@ -147,7 +147,7 @@ GEM method_source (1.0.0) mini_mime (1.1.2) mini_portile2 (2.8.1) - minitest (5.17.0) + minitest (5.18.0) mysql2 (0.5.5) net-imap (0.3.4) date @@ -158,11 +158,11 @@ GEM timeout net-smtp (0.3.3) net-protocol - nio4r (2.5.8) - nokogiri (1.14.1) + nio4r (2.5.9) + nokogiri (1.14.2) mini_portile2 (~> 2.8.0) racc (~> 1.4) - nokogiri (1.14.1-x86_64-linux) + nokogiri (1.14.2-x86_64-linux) racc (~> 1.4) oauth (1.1.0) oauth-tty (~> 1.0, >= 1.0.1) @@ -171,7 +171,7 @@ GEM oauth-tty (1.0.5) version_gem (~> 1.1, >= 1.1.1) parallel (1.22.1) - parser (3.2.0.0) + parser (3.2.2.0) ast (~> 2.4.1) pdf-reader (2.11.0) Ascii85 (~> 1.0) @@ -180,7 +180,7 @@ GEM ruby-rc4 ttfunk public_suffix (5.0.1) - puma (6.0.2) + puma (6.2.1) nio4r (~> 2.0) racc (1.6.2) rack (2.2.6.4) @@ -188,30 +188,30 @@ GEM rack (>= 1.0, < 3) rack-mini-profiler (3.0.0) rack (>= 1.2.0) - rack-test (2.0.2) + rack-test (2.1.0) rack (>= 1.3) - rails (7.0.4.2) - actioncable (= 7.0.4.2) - actionmailbox (= 7.0.4.2) - actionmailer (= 7.0.4.2) - actionpack (= 7.0.4.2) - actiontext (= 7.0.4.2) - actionview (= 7.0.4.2) - activejob (= 7.0.4.2) - activemodel (= 7.0.4.2) - activerecord (= 7.0.4.2) - activestorage (= 7.0.4.2) - activesupport (= 7.0.4.2) + rails (7.0.4.3) + actioncable (= 7.0.4.3) + actionmailbox (= 7.0.4.3) + actionmailer (= 7.0.4.3) + actionpack (= 7.0.4.3) + actiontext (= 7.0.4.3) + actionview (= 7.0.4.3) + activejob (= 7.0.4.3) + activemodel (= 7.0.4.3) + activerecord (= 7.0.4.3) + activestorage (= 7.0.4.3) + activesupport (= 7.0.4.3) bundler (>= 1.15.0) - railties (= 7.0.4.2) + railties (= 7.0.4.3) rails-dom-testing (2.0.3) activesupport (>= 4.2.0) nokogiri (>= 1.6) rails-html-sanitizer (1.5.0) loofah (~> 2.19, >= 2.19.1) - railties (7.0.4.2) - actionpack (= 7.0.4.2) - activesupport (= 7.0.4.2) + railties (7.0.4.3) + actionpack (= 7.0.4.3) + activesupport (= 7.0.4.3) method_source rake (>= 12.2) thor (~> 1.0) @@ -222,7 +222,7 @@ GEM rb-inotify (0.10.1) ffi (~> 1.0) rb-readline (0.5.5) - regexp_parser (2.6.2) + regexp_parser (2.7.0) rexml (3.2.5) rotp (6.2.2) rqrcode (2.1.2) @@ -234,7 +234,7 @@ GEM rspec-expectations (3.12.2) diff-lcs (>= 1.2.0, < 2.0) rspec-support (~> 3.12.0) - rspec-mocks (3.12.3) + rspec-mocks (3.12.5) diff-lcs (>= 1.2.0, < 2.0) rspec-support (~> 3.12.0) rspec-rails (6.0.1) @@ -260,7 +260,7 @@ GEM rubocop (>= 0.72.0) rubocop-rspec (1.41.0) rubocop (>= 0.68.1) - ruby-progressbar (1.11.0) + ruby-progressbar (1.13.0) ruby-rc4 (0.1.5) ruumba (0.1.17) rubocop @@ -288,10 +288,10 @@ GEM actionpack (>= 3.0) activesupport (>= 3.0) sprockets (>= 2.8, < 4.0) - stackprof (0.2.23) + stackprof (0.2.24) svg-graph (2.2.1) thor (1.2.1) - timeout (0.3.1) + timeout (0.3.2) transaction_isolation (1.0.5) activerecord (>= 3.0.11) transaction_retry (1.0.3) @@ -304,7 +304,7 @@ GEM execjs (>= 0.3.0, < 3) unicode-display_width (1.8.0) vcr (6.1.0) - version_gem (1.1.1) + version_gem (1.1.2) webmock (3.18.1) addressable (>= 2.8.0) crack (>= 0.3.2) @@ -314,7 +314,7 @@ GEM websocket-extensions (0.1.5) xpath (3.2.0) nokogiri (~> 1.8) - zeitwerk (2.6.6) + zeitwerk (2.6.7) PLATFORMS ruby @@ -345,7 +345,7 @@ DEPENDENCIES puma (>= 5.6.2) rack-attack rack-mini-profiler - rails (~> 7.0.4.2) + rails (~> 7.0.4.3) rb-readline rotp rqrcode From 64ba31c4d0e731d27e37098fe56e2c81edc849f3 Mon Sep 17 00:00:00 2001 From: Jon Charter Date: Sun, 23 Apr 2023 22:43:11 +0100 Subject: [PATCH 18/20] Add reveal for TOTP secret for manual entry (#1172) --- app/controllers/settings_controller.rb | 1 + app/views/settings/twofa_enroll.html.erb | 7 +++++++ 2 files changed, 8 insertions(+) diff --git a/app/controllers/settings_controller.rb b/app/controllers/settings_controller.rb index 622f36b3..8d1f5b60 100644 --- a/app/controllers/settings_controller.rb +++ b/app/controllers/settings_controller.rb @@ -101,6 +101,7 @@ class SettingsController < ApplicationController module_size: 5, shape_rendering: "crispEdges") + @qr_secret = totp.secret @qr_svg = "#{qr}" end diff --git a/app/views/settings/twofa_enroll.html.erb b/app/views/settings/twofa_enroll.html.erb index 23522856..fd04ed5a 100644 --- a/app/views/settings/twofa_enroll.html.erb +++ b/app/views/settings/twofa_enroll.html.erb @@ -10,6 +10,13 @@

    <%= raw @qr_svg %> +

    + Or to add to a device manually enter the secret: +

    + Reveal Secret + <%= raw @qr_secret %> +
    +

    Once you have finished registering with your TOTP application, proceed to From f3ab19ee1ce5067b3264dc1dd46225a092784e3a Mon Sep 17 00:00:00 2001 From: Patryk Date: Wed, 26 Apr 2023 15:21:05 +0200 Subject: [PATCH 19/20] Add youtube duplicate detection (#1174) --- app/models/story.rb | 22 ++++++++++++++++++++++ spec/models/story_spec.rb | 22 ++++++++++++++++++++++ 2 files changed, 44 insertions(+) diff --git a/app/models/story.rb b/app/models/story.rb index c4ad8c5a..7d4f3f15 100644 --- a/app/models/story.rb +++ b/app/models/story.rb @@ -237,6 +237,28 @@ class Story < ApplicationRecord urls = urls2.uniq end + # www.youtube.com + # m.youtube.com + # youtube.com redirects to www.youtube.com + # youtu.be redirects to www.youtube.com + # www.m.youtube.com doesn't work + # www.youtu.be doesn't exist + # m.youtu.be doesn't exist + if /^https?:\/\/((?:www\d*|m)\.)?(youtube\.com|youtu\.be)/i.match(url) + urls.each do |u| + id = /^https?:\/\/(?:(?:m|www)\.)?(?:youtube\.com\/watch\?v=|youtu\.be\/)([A-z0-9\-_]+)/i + .match(u)[1] + + urls2.push "https://www.youtube.com/watch?v=#{id}" + # In theory, youtube redirects https://youtube.com to https://www.youtube.com + # let's check it just in case + urls2.push "https://youtube.com/watch?v=#{id}" + urls2.push "https://youtu.be/#{id}" + urls2.push "https://m.youtube.com/watch?v=#{id}" + end + urls = urls2.uniq + end + # https urls.each do |u| urls2.push u.gsub(/^http:\/\//i, "https://") diff --git a/spec/models/story_spec.rb b/spec/models/story_spec.rb index 8e8f2702..071c74f5 100644 --- a/spec/models/story_spec.rb +++ b/spec/models/story_spec.rb @@ -327,6 +327,28 @@ describe Story do expect(s1.similar_stories).to eq([s2]) expect(s2.similar_stories).to eq([s1]) end + + it "finds similar www.youtube and youtu.be URLs" do + s1 = create(:story, + url: 'https://www.youtube.com/watch?v=7Pq-S557XQU', + created_at: (Story::RECENT_DAYS + 1).days.ago) + + s2 = create(:story, url: 'https://youtu.be/7Pq-S557XQU') + + expect(s1.similar_stories).to eq([s2]) + expect(s2.similar_stories).to eq([s1]) + end + + it "finds similar www.youtube and m.youtube URLs" do + s1 = create(:story, + url: 'https://www.youtube.com/watch?v=7Pq-S557XQU', + created_at: (Story::RECENT_DAYS + 1).days.ago) + + s2 = create(:story, url: 'https://m.youtube.com/watch?v=7Pq-S557XQU') + + expect(s1.similar_stories).to eq([s2]) + expect(s2.similar_stories).to eq([s1]) + end end describe "#calculated_hotness" do From 2981689c26a1bd2461fab123e6816c692f5d6b71 Mon Sep 17 00:00:00 2001 From: Three Planets Software Date: Mon, 1 May 2023 13:19:49 -0400 Subject: [PATCH 20/20] Update interval_helper to accept hours. (#960) --- app/helpers/interval_helper.rb | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/app/helpers/interval_helper.rb b/app/helpers/interval_helper.rb index eefe2971..76b6f535 100644 --- a/app/helpers/interval_helper.rb +++ b/app/helpers/interval_helper.rb @@ -1,5 +1,9 @@ module IntervalHelper - TIME_INTERVALS = { "d" => "Day", "w" => "Week", "m" => "Month", "y" => "Year" }.freeze + TIME_INTERVALS = { "h" => "Hour", + "d" => "Day", + "w" => "Week", + "m" => "Month", + "y" => "Year", }.freeze def time_interval(param) if (m = param.to_s.match(/\A(\d+)([#{TIME_INTERVALS.keys.join}])\z/))