decidim-core 0.25.2 → 0.26.0.rc1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of decidim-core might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/app/cells/decidim/activity_cell.rb +2 -1
- data/app/cells/decidim/author/flag_user.erb +1 -1
- data/app/cells/decidim/author/profile_inline.erb +1 -1
- data/app/cells/decidim/author/withdraw.erb +2 -2
- data/app/cells/decidim/author_cell.rb +32 -0
- data/app/cells/decidim/card_m_cell.rb +1 -1
- data/app/cells/decidim/content_blocks/cta_cell.rb +1 -1
- data/app/cells/decidim/content_blocks/hero_cell.rb +1 -1
- data/app/cells/decidim/content_blocks/highlighted_content_banner/show.erb +1 -1
- data/app/cells/decidim/content_blocks/last_activity_cell.rb +1 -1
- data/app/cells/decidim/content_blocks/stats_cell.rb +12 -0
- data/app/cells/decidim/endorsers_list_cell.rb +3 -1
- data/app/cells/decidim/flag_modal/flag_user.erb +2 -2
- data/app/cells/decidim/flag_modal/show.erb +2 -2
- data/app/cells/decidim/flag_modal_cell.rb +10 -0
- data/app/cells/decidim/notification/show.erb +31 -0
- data/app/cells/decidim/notification_cell.rb +20 -0
- data/app/cells/decidim/notifications/show.erb +1 -24
- data/app/cells/decidim/notifications_cell.rb +0 -1
- data/app/cells/decidim/user_conversation/conversation_header.erb +1 -1
- data/app/cells/decidim/user_conversation/show.erb +4 -2
- data/app/cells/decidim/user_conversations/conversation_item.erb +1 -1
- data/app/commands/decidim/create_editor_image.rb +41 -0
- data/app/controllers/decidim/cookie_policy_controller.rb +2 -0
- data/app/controllers/decidim/editor_images_controller.rb +47 -0
- data/app/controllers/decidim/user_activities_controller.rb +2 -1
- data/app/forms/decidim/editor_image_form.rb +16 -0
- data/app/helpers/decidim/amendments_helper.rb +1 -1
- data/app/helpers/decidim/application_helper.rb +2 -2
- data/app/helpers/decidim/messaging/conversation_helper.rb +32 -3
- data/app/helpers/decidim/resource_versions_helper.rb +1 -1
- data/app/helpers/decidim/sanitize_helper.rb +65 -0
- data/app/models/decidim/editor_image.rb +14 -0
- data/app/models/decidim/messaging/conversation.rb +9 -0
- data/app/models/decidim/participatory_space_private_user.rb +16 -0
- data/app/models/decidim/user.rb +3 -3
- data/app/models/decidim/user_group.rb +40 -0
- data/app/packs/entrypoints/decidim_core.js +1 -0
- data/app/packs/src/decidim/dialog_mode.js +143 -0
- data/app/packs/src/decidim/dialog_mode.test.js +168 -0
- data/app/packs/src/decidim/editor.js +56 -14
- data/app/packs/src/decidim/form_attachments.js +5 -0
- data/app/packs/src/decidim/index.js +4 -0
- data/app/packs/src/decidim/vendor/image-resize.min.js +3 -0
- data/app/packs/src/decidim/vendor/image-upload.min.js +8 -0
- data/app/packs/stylesheets/decidim/extras/_extras.scss +0 -1
- data/app/packs/stylesheets/decidim/extras/_quill.scss +7 -0
- data/app/packs/stylesheets/decidim/modules/_buttons.scss +11 -4
- data/app/packs/stylesheets/decidim/modules/_cards.scss +4 -0
- data/app/packs/stylesheets/decidim/modules/_layout.scss +1 -1
- data/app/presenters/decidim/nil_presenter.rb +2 -2
- data/app/presenters/decidim/notification_presenter.rb +25 -0
- data/app/presenters/decidim/official_author_presenter.rb +1 -1
- data/app/presenters/decidim/validation_errors_presenter.rb +27 -0
- data/app/queries/decidim/similar_emendations.rb +1 -1
- data/app/resolvers/decidim/core/metric_resolver.rb +1 -1
- data/app/services/decidim/activity_search.rb +2 -2
- data/app/services/decidim/email_notification_generator.rb +4 -1
- data/app/services/decidim/html_truncation.rb +130 -0
- data/app/services/decidim/open_data_exporter.rb +29 -5
- data/app/services/decidim/resource_search.rb +1 -1
- data/app/uploaders/decidim/editor_image_uploader.rb +6 -0
- data/app/validators/password_validator.rb +123 -0
- data/app/views/decidim/account/_password_fields.html.erb +1 -1
- data/app/views/decidim/devise/passwords/edit.html.erb +1 -1
- data/app/views/decidim/devise/registrations/new.html.erb +1 -1
- data/app/views/decidim/devise/shared/_omniauth_buttons_mini.html.erb +6 -4
- data/app/views/decidim/messaging/conversations/_conversation.html.erb +3 -3
- data/app/views/decidim/messaging/conversations/_messages.html.erb +8 -2
- data/app/views/decidim/messaging/conversations/_show.html.erb +10 -12
- data/app/views/decidim/messaging/conversations/show.html.erb +4 -2
- data/app/views/decidim/newsletters/show.html.erb +1 -1
- data/app/views/decidim/notification_mailer/event_received.html.erb +17 -0
- data/app/views/decidim/pages/_tabbed.html.erb +1 -1
- data/app/views/decidim/searches/_filters_small_view.html.erb +3 -3
- data/app/views/decidim/shared/_login_modal.html.erb +5 -5
- data/app/views/decidim/shared/_orders.html.erb +1 -1
- data/app/views/decidim/shared/_results_per_page.html.erb +1 -1
- data/app/views/decidim/shared/participatory_space_filters/_filters_small_view.html.erb +3 -3
- data/app/views/layouts/decidim/_application.html.erb +1 -12
- data/app/views/layouts/decidim/_head.html.erb +4 -0
- data/app/views/layouts/decidim/_language_chooser.html.erb +1 -1
- data/app/views/layouts/decidim/_meta_tags_config.html.erb +11 -0
- data/app/views/layouts/decidim/_wrapper.html.erb +1 -1
- data/config/brakeman.ignore +149 -0
- data/config/initializers/devise.rb +1 -1
- data/config/initializers/rack_attack.rb +23 -21
- data/config/locales/ca.yml +2 -0
- data/config/locales/cs.yml +60 -0
- data/config/locales/en.yml +45 -0
- data/config/locales/es.yml +45 -0
- data/config/locales/eu.yml +5 -0
- data/config/locales/fi-plain.yml +6 -0
- data/config/locales/fi.yml +45 -0
- data/config/locales/fr-CA.yml +38 -0
- data/config/locales/fr.yml +44 -6
- data/config/locales/gl.yml +5 -0
- data/config/locales/it.yml +11 -0
- data/config/locales/ja.yml +72 -36
- data/config/locales/lb-LU.yml +1354 -0
- data/config/locales/lb.yml +1 -1
- data/config/locales/nl.yml +54 -0
- data/config/locales/pl.yml +5 -5
- data/config/locales/pt-BR.yml +1 -1
- data/config/locales/ro-RO.yml +8 -0
- data/config/locales/sv.yml +5 -0
- data/config/locales/val-ES.yml +1 -0
- data/config/routes.rb +2 -0
- data/db/migrate/20210730112319_create_decidim_editor_images.rb +12 -0
- data/db/migrate/20211126183540_add_timestamps_to_content_blocks.rb +14 -0
- data/db/seeds.rb +16 -14
- data/lib/decidim/api/functions/user_entity_list.rb +1 -0
- data/lib/decidim/api/input_sorts/component_input_sort.rb +1 -1
- data/lib/decidim/common_passwords.rb +56 -0
- data/lib/decidim/content_parsers/inline_images_parser.rb +68 -0
- data/lib/decidim/content_parsers.rb +1 -0
- data/lib/decidim/content_renderers/link_renderer.rb +85 -1
- data/lib/decidim/content_renderers/user_group_renderer.rb +1 -1
- data/lib/decidim/content_renderers/user_renderer.rb +1 -1
- data/lib/decidim/core/engine.rb +3 -12
- data/lib/decidim/core/test/factories.rb +7 -1
- data/lib/decidim/core/test/shared_examples/translated_event_examples.rb +131 -0
- data/lib/decidim/core/test.rb +1 -0
- data/lib/decidim/core/version.rb +1 -1
- data/lib/decidim/core.rb +22 -5
- data/lib/decidim/db/common-passwords.txt +128420 -0
- data/lib/decidim/etherpad/pad.rb +48 -0
- data/lib/decidim/etherpad.rb +7 -0
- data/lib/decidim/events/base_event.rb +18 -0
- data/lib/decidim/events/machine_translated_event.rb +36 -0
- data/lib/decidim/events/user_group_event.rb +1 -3
- data/lib/decidim/events.rb +1 -0
- data/lib/decidim/exporters/csv.rb +7 -7
- data/lib/decidim/faker/localized.rb +15 -6
- data/lib/decidim/form_builder.rb +14 -4
- data/lib/decidim/has_attachments.rb +11 -4
- data/lib/decidim/importers/import_manifest.rb +103 -3
- data/lib/decidim/paddable.rb +1 -9
- data/lib/decidim/searchable.rb +2 -2
- data/lib/decidim/settings_manifest.rb +2 -0
- data/lib/decidim/translatable_attributes.rb +6 -6
- data/lib/decidim/view_model.rb +10 -0
- data/lib/tasks/decidim_active_storage_migration_tasks.rake +68 -0
- metadata +56 -65
- data/app/packs/stylesheets/decidim/extras/_social_icons_mini.scss +0 -11
@@ -5,9 +5,11 @@
|
|
5
5
|
<% end %>
|
6
6
|
</div>
|
7
7
|
|
8
|
-
<% if conversation.
|
8
|
+
<% if conversation.with_deleted_users?(current_user) %>
|
9
|
+
<div class="callout warning margin-top-2"><%= t ".deleted_accounts" %></div>
|
10
|
+
<% elsif conversation.accept_user?(current_user) %>
|
9
11
|
<%= render "reply", form: @form, conversation: conversation %>
|
10
12
|
<% else %>
|
11
|
-
<
|
13
|
+
<div class="callout warning margin-top-2"><%= t ".not_allowed" %></div>
|
12
14
|
<% end %>
|
13
15
|
<% end %>
|
@@ -5,7 +5,7 @@
|
|
5
5
|
newsletter: newsletter,
|
6
6
|
recipient_user: @user
|
7
7
|
) %>
|
8
|
-
<%=
|
8
|
+
<%= decidim_sanitize_editor @cell.to_s %>
|
9
9
|
|
10
10
|
<% content_for :note do %>
|
11
11
|
<%== t "note", scope: "decidim.newsletter_mailer.newsletter", organization_name: h(@organization.name), link: decidim.notifications_settings_url(host: @organization.host) %>
|
@@ -9,6 +9,10 @@
|
|
9
9
|
<% end %>
|
10
10
|
|
11
11
|
<% if @event_instance.try(:safe_resource_text).present? %>
|
12
|
+
<% if @event_instance.perform_translation? %>
|
13
|
+
<p style="font-weight: bold"><%= t(".original_text") %></p>
|
14
|
+
<% end %>
|
15
|
+
|
12
16
|
<blockquote>
|
13
17
|
<p>
|
14
18
|
<%= @event_instance.safe_resource_text %>
|
@@ -16,6 +20,19 @@
|
|
16
20
|
</blockquote>
|
17
21
|
<% end %>
|
18
22
|
|
23
|
+
<% if @event_instance.content_in_same_language? %>
|
24
|
+
<p><%= t(".same_language", language: I18n.locale.to_s ) %></p>
|
25
|
+
<% elsif @event_instance.translation_missing? %>
|
26
|
+
<p><%= t(".no_translation_available", link: @event_instance.resource_url ) %></p>
|
27
|
+
<% elsif @event_instance.perform_translation? %>
|
28
|
+
<p style="font-weight: bold"><%= t(".translated_text") %></p>
|
29
|
+
<blockquote>
|
30
|
+
<p>
|
31
|
+
<%= @event_instance.safe_resource_translated_text %>
|
32
|
+
</p>
|
33
|
+
</blockquote>
|
34
|
+
<% end %>
|
35
|
+
|
19
36
|
<% if @event_instance.has_button? %>
|
20
37
|
<table class="button expanded radius">
|
21
38
|
<tr>
|
@@ -1,13 +1,13 @@
|
|
1
1
|
<div class="filters-controls hide-for-mediumlarge">
|
2
|
-
<button data-open="filter-box" class="filters-controls__trigger">
|
2
|
+
<button data-open="filter-box" class="filters-controls__trigger" aria-controls="filter-box" aria-haspopup="dialog">
|
3
3
|
<%= t ".filter" %>
|
4
4
|
<%= icon "caret-bottom", class: "icon--small float-right", aria_label: t(".unfold"), role: "img" %>
|
5
5
|
</button>
|
6
6
|
</div>
|
7
7
|
|
8
|
-
<div class="reveal" id="filter-box" data-reveal>
|
8
|
+
<div class="reveal" id="filter-box" data-reveal role="dialog" aria-modal="true" aria-labelledby="filter-box-label">
|
9
9
|
<div class="reveal__header">
|
10
|
-
<h3 class="reveal__title"><%= t ".filter_by" %>:</h3>
|
10
|
+
<h3 id="filter-box-label" class="reveal__title"><%= t ".filter_by" %>:</h3>
|
11
11
|
<button class="close-button" data-close aria-label="<%= t(".close_modal") %>" type="button">
|
12
12
|
<span aria-hidden="true">×</span>
|
13
13
|
</button>
|
@@ -1,12 +1,15 @@
|
|
1
|
-
<div class="reveal" id="loginModal" data-reveal>
|
1
|
+
<div class="reveal" id="loginModal" data-reveal role="dialog" aria-modal="true" aria-labelledby="loginModal-label">
|
2
2
|
<div class="reveal__header">
|
3
|
-
<h2 class="reveal__title"><%= t(".please_sign_in") %></h2>
|
3
|
+
<h2 id="loginModal-label" class="reveal__title"><%= t(".please_sign_in") %></h2>
|
4
4
|
<button class="close-button" data-close aria-label="<%= t(".close_modal") %>"
|
5
5
|
type="button">
|
6
6
|
<span aria-hidden="true">×</span>
|
7
7
|
</button>
|
8
8
|
</div>
|
9
9
|
<% if current_organization.sign_in_enabled? %>
|
10
|
+
<% cache current_organization do %>
|
11
|
+
<%= render "decidim/devise/shared/omniauth_buttons_mini" %>
|
12
|
+
<% end %>
|
10
13
|
<div class="row">
|
11
14
|
<div class="columns medium-8 medium-centered">
|
12
15
|
<%
|
@@ -39,9 +42,6 @@
|
|
39
42
|
</p>
|
40
43
|
</div>
|
41
44
|
</div>
|
42
|
-
<% cache current_organization do %>
|
43
|
-
<%= render "decidim/devise/shared/omniauth_buttons_mini" %>
|
44
|
-
<% end %>
|
45
45
|
<% else %>
|
46
46
|
<div class="row">
|
47
47
|
<div class="columns medium-8 medium-centered">
|
@@ -9,7 +9,7 @@
|
|
9
9
|
data-close-on-click="true"
|
10
10
|
role="menubar">
|
11
11
|
<li class="is-dropdown-submenu-parent" role="presentation">
|
12
|
-
<a href="#" id="<%= menu_id %>-control" aria-controls="<%= menu_id %>" aria-haspopup="
|
12
|
+
<a href="#" id="<%= menu_id %>-control" aria-controls="<%= menu_id %>" aria-haspopup="menu" title="<%= t("#{i18n_scope}.label") %>" role="menuitem"><%= t("#{i18n_scope}.#{order}") %></a>
|
13
13
|
|
14
14
|
<ul id="<%= menu_id %>" class="menu" role="menu" aria-labelledby="<%= menu_id %>-control">
|
15
15
|
<% orders.each do |order_name| %>
|
@@ -9,7 +9,7 @@
|
|
9
9
|
data-close-on-click="true"
|
10
10
|
role="menubar">
|
11
11
|
<li class="is-dropdown-submenu-parent" role="presentation">
|
12
|
-
<a href="#" id="<%= menu_id %>-control" aria-controls="<%= menu_id %>" aria-haspopup="
|
12
|
+
<a href="#" id="<%= menu_id %>-control" aria-controls="<%= menu_id %>" aria-haspopup="menu" title="<%= t("decidim.shared.results_per_page.title") %>" role="menuitem"><%= per_page %></a>
|
13
13
|
<ul id="<%= menu_id %>" class="menu" role="menu" aria-labelledby="<%= menu_id %>-control">
|
14
14
|
<% Decidim::Paginable::OPTIONS.each do |per_page_option| %>
|
15
15
|
<li role="presentation">
|
@@ -1,13 +1,13 @@
|
|
1
1
|
<div class="filters-controls hide-for-mediumlarge">
|
2
|
-
<button data-open="filter-box" class="filters-controls__trigger">
|
2
|
+
<button data-open="filter-box" class="filters-controls__trigger" aria-controls="filter-box" aria-haspopup="dialog">
|
3
3
|
<%= t("filter", scope: "decidim.searches.filters_small_view") %>
|
4
4
|
<%= icon "caret-bottom", class: "icon--small float-right", aria_label: t("unfold", scope: "decidim.searches.filters_small_view"), role: "img" %>
|
5
5
|
</button>
|
6
6
|
</div>
|
7
7
|
|
8
|
-
<div class="reveal" id="filter-box" data-reveal>
|
8
|
+
<div class="reveal" id="filter-box" data-reveal role="dialog" aria-modal="true" aria-labelledby="filter-box-label">
|
9
9
|
<div class="reveal__header">
|
10
|
-
<h3 class="reveal__title"><%= t("filter_by", scope: "decidim.searches.filters_small_view") %>:</h3>
|
10
|
+
<h3 id="filter-box-label" class="reveal__title"><%= t("filter_by", scope: "decidim.searches.filters_small_view") %>:</h3>
|
11
11
|
<button class="close-button" data-close aria-label="<%= 't("close_modal", scope: "decidim.searches.filters_small_view")' %>" type="button">
|
12
12
|
<span aria-hidden="true">×</span>
|
13
13
|
</button>
|
@@ -1,15 +1,4 @@
|
|
1
|
-
|
2
|
-
description: strip_tags(translated_attribute(current_organization.description)),
|
3
|
-
title: current_organization.name,
|
4
|
-
url: request.original_url,
|
5
|
-
twitter_handler: current_organization.twitter_handler,
|
6
|
-
image_url: Decidim::ContentBlock.published.find_by(
|
7
|
-
organization: current_organization,
|
8
|
-
scope_name: :homepage,
|
9
|
-
manifest_name: :hero
|
10
|
-
).try(:images_container).try(:attached_uploader, :background_image).try(:path)
|
11
|
-
}) %>
|
12
|
-
|
1
|
+
<%= render partial: "layouts/decidim/meta_tags_config" %>
|
13
2
|
<!DOCTYPE html>
|
14
3
|
<html lang="<%= I18n.locale %>" class="no-js">
|
15
4
|
<head>
|
@@ -17,6 +17,10 @@
|
|
17
17
|
<meta property="og:description" content="<%= decidim_meta_description %>">
|
18
18
|
<meta property="og:image" content="<%= decidim_meta_image_url %>">
|
19
19
|
|
20
|
+
<% if current_organization.colors["theme"] %>
|
21
|
+
<meta name="theme-color" content="<%= current_organization.colors["theme"] %>">
|
22
|
+
<% end %>
|
23
|
+
|
20
24
|
<%= favicon %>
|
21
25
|
<%= stylesheet_pack_tag "decidim_core", media: "all" %>
|
22
26
|
<%= invisible_captcha_styles %>
|
@@ -7,7 +7,7 @@
|
|
7
7
|
data-close-on-click="true"
|
8
8
|
role="menubar">
|
9
9
|
<li class="is-dropdown-submenu-parent" role="presentation">
|
10
|
-
<%= link_to t("name", scope: "locale"), "#language-chooser-menu", id: "language-chooser-control", "aria-label": t("layouts.decidim.language_chooser.choose_language"), "aria-controls": "language-chooser-menu", "aria-haspopup": "
|
10
|
+
<%= link_to t("name", scope: "locale"), "#language-chooser-menu", id: "language-chooser-control", "aria-label": t("layouts.decidim.language_chooser.choose_language"), "aria-controls": "language-chooser-menu", "aria-haspopup": "menu", role: "menuitem" %>
|
11
11
|
<ul class="menu is-dropdown-submenu" id="language-chooser-menu" role="menu" aria-labelledby="language-chooser-control">
|
12
12
|
<% (available_locales - [I18n.locale.to_s]).each do |locale| %>
|
13
13
|
<li lang="<%= locale %>" role="presentation"><%= link_to locale_name(locale), decidim.locale_path(locale: locale), method: :post, role: "menuitem" %></li>
|
@@ -0,0 +1,11 @@
|
|
1
|
+
<% add_decidim_meta_tags({
|
2
|
+
description: strip_tags(translated_attribute(current_organization.description)),
|
3
|
+
title: current_organization.name,
|
4
|
+
url: request.original_url,
|
5
|
+
twitter_handler: current_organization.twitter_handler,
|
6
|
+
image_url: Decidim::ContentBlock.published.find_by(
|
7
|
+
organization: current_organization,
|
8
|
+
scope_name: :homepage,
|
9
|
+
manifest_name: :hero
|
10
|
+
).try(:images_container).try(:attached_uploader, :background_image).try(:path)
|
11
|
+
}) %>
|
@@ -66,7 +66,7 @@ end
|
|
66
66
|
data-close-on-click="true"
|
67
67
|
role="menubar">
|
68
68
|
<li class="is-dropdown-submenu-parent show-for-medium" role="presentation">
|
69
|
-
<%= link_to current_user.name, decidim.account_path, id: "user-menu-control", "aria-controls": "user-menu", "aria-haspopup": "
|
69
|
+
<%= link_to current_user.name, decidim.account_path, id: "user-menu-control", "aria-controls": "user-menu", "aria-haspopup": "menu", "aria-label": t("layouts.decidim.user_menu.account", name: current_user.name), "role": "menuitem" %>
|
70
70
|
<ul class="menu is-dropdown-submenu" id="user-menu" role="menu" aria-labelledby="user-menu-control">
|
71
71
|
<%= render partial: "layouts/decidim/user_menu" %>
|
72
72
|
</ul>
|
@@ -0,0 +1,149 @@
|
|
1
|
+
{
|
2
|
+
"ignored_warnings": [
|
3
|
+
{
|
4
|
+
"warning_type": "Cross-Site Scripting",
|
5
|
+
"warning_code": 2,
|
6
|
+
"fingerprint": "211ff4b5e0d738e40e3c7f6d27b6905f23b1ed4e20347c179af3df40f6e5694d",
|
7
|
+
"check_name": "CrossSiteScripting",
|
8
|
+
"message": "Unescaped model attribute",
|
9
|
+
"file": "app/views/decidim/messaging/conversations/_conversation.html.erb",
|
10
|
+
"line": 20,
|
11
|
+
"link": "https://brakemanscanner.org/docs/warning_types/cross_site_scripting",
|
12
|
+
"code": "username_list((Unresolved Model).new.interlocutors(current_user), :shorten => true)",
|
13
|
+
"render_path": [
|
14
|
+
{
|
15
|
+
"type": "template",
|
16
|
+
"name": "decidim/messaging/conversations/index",
|
17
|
+
"line": 25,
|
18
|
+
"file": "app/views/decidim/messaging/conversations/index.html.erb",
|
19
|
+
"rendered": {
|
20
|
+
"name": "decidim/messaging/conversations/_conversation",
|
21
|
+
"file": "app/views/decidim/messaging/conversations/_conversation.html.erb"
|
22
|
+
}
|
23
|
+
}
|
24
|
+
],
|
25
|
+
"location": {
|
26
|
+
"type": "template",
|
27
|
+
"template": "decidim/messaging/conversations/_conversation"
|
28
|
+
},
|
29
|
+
"user_input": "(Unresolved Model).new.interlocutors(current_user)",
|
30
|
+
"confidence": "Weak",
|
31
|
+
"note": ""
|
32
|
+
},
|
33
|
+
{
|
34
|
+
"warning_type": "Cross-Site Scripting",
|
35
|
+
"warning_code": 4,
|
36
|
+
"fingerprint": "2c7f1da812b5d4b350d2260b604e9061ef082ecae90073ae09fe2eb46c1b9a08",
|
37
|
+
"check_name": "LinkToHref",
|
38
|
+
"message": "Unsafe parameter value in `link_to` href",
|
39
|
+
"file": "app/views/decidim/links/_modal.html.erb",
|
40
|
+
"line": 16,
|
41
|
+
"link": "https://brakemanscanner.org/docs/warning_types/link_to_href",
|
42
|
+
"code": "link_to(t(\"decidim.links.warning.proceed\"), params[:external_url], :target => \"_blank\", :data => ({ :close => \"\" }), :class => \"button primary button--nomargin\")",
|
43
|
+
"render_path": [
|
44
|
+
{
|
45
|
+
"type": "controller",
|
46
|
+
"class": "Decidim::LinksController",
|
47
|
+
"method": "new",
|
48
|
+
"line": 16,
|
49
|
+
"file": "app/controllers/decidim/links_controller.rb",
|
50
|
+
"rendered": {
|
51
|
+
"name": "decidim/links/new",
|
52
|
+
"file": "app/views/decidim/links/new.js.erb"
|
53
|
+
}
|
54
|
+
},
|
55
|
+
{
|
56
|
+
"type": "template",
|
57
|
+
"name": "decidim/links/new",
|
58
|
+
"line": 3,
|
59
|
+
"file": "app/views/decidim/links/new.js.erb",
|
60
|
+
"rendered": {
|
61
|
+
"name": "decidim/links/_modal",
|
62
|
+
"file": "app/views/decidim/links/_modal.html.erb"
|
63
|
+
}
|
64
|
+
}
|
65
|
+
],
|
66
|
+
"location": {
|
67
|
+
"type": "template",
|
68
|
+
"template": "decidim/links/_modal"
|
69
|
+
},
|
70
|
+
"user_input": "params[:external_url]",
|
71
|
+
"confidence": "High",
|
72
|
+
"note": ""
|
73
|
+
},
|
74
|
+
{
|
75
|
+
"warning_type": "Cross-Site Scripting",
|
76
|
+
"warning_code": 2,
|
77
|
+
"fingerprint": "2d9910c9250df37f9cf9ddd225d4541ab9c411c61e74562b9a4b7b188e44cc47",
|
78
|
+
"check_name": "CrossSiteScripting",
|
79
|
+
"message": "Unescaped parameter value",
|
80
|
+
"file": "app/views/decidim/searches/index.js.erb",
|
81
|
+
"line": 5,
|
82
|
+
"link": "https://brakemanscanner.org/docs/warning_types/cross_site_scripting",
|
83
|
+
"code": "j(cell(\"decidim/search_results\", @sections, :params => (params)).show).strip",
|
84
|
+
"render_path": [
|
85
|
+
{
|
86
|
+
"type": "controller",
|
87
|
+
"class": "Decidim::SearchesController",
|
88
|
+
"method": "index",
|
89
|
+
"line": 15,
|
90
|
+
"file": "app/controllers/decidim/searches_controller.rb",
|
91
|
+
"rendered": {
|
92
|
+
"name": "decidim/searches/index",
|
93
|
+
"file": "app/views/decidim/searches/index.js.erb"
|
94
|
+
}
|
95
|
+
}
|
96
|
+
],
|
97
|
+
"location": {
|
98
|
+
"type": "template",
|
99
|
+
"template": "decidim/searches/index"
|
100
|
+
},
|
101
|
+
"user_input": "params",
|
102
|
+
"confidence": "Weak",
|
103
|
+
"note": ""
|
104
|
+
},
|
105
|
+
{
|
106
|
+
"warning_type": "Cross-Site Scripting",
|
107
|
+
"warning_code": 2,
|
108
|
+
"fingerprint": "b46eb40178db883a8a9065d3affe7fb7868369084048fd88321f887d8618eea5",
|
109
|
+
"check_name": "CrossSiteScripting",
|
110
|
+
"message": "Unescaped parameter value",
|
111
|
+
"file": "app/views/decidim/messaging/conversations/_show.html.erb",
|
112
|
+
"line": 29,
|
113
|
+
"link": "https://brakemanscanner.org/docs/warning_types/cross_site_scripting",
|
114
|
+
"code": "t(\".title\", :usernames => username_list(form(ConversationForm).from_params(params, :sender => current_user).recipient.to_a))",
|
115
|
+
"render_path": [
|
116
|
+
{
|
117
|
+
"type": "controller",
|
118
|
+
"class": "Decidim::Messaging::ConversationsController",
|
119
|
+
"method": "new",
|
120
|
+
"line": 35,
|
121
|
+
"file": "app/controllers/decidim/messaging/conversations_controller.rb",
|
122
|
+
"rendered": {
|
123
|
+
"name": "decidim/messaging/conversations/new",
|
124
|
+
"file": "app/views/decidim/messaging/conversations/new.html.erb"
|
125
|
+
}
|
126
|
+
},
|
127
|
+
{
|
128
|
+
"type": "template",
|
129
|
+
"name": "decidim/messaging/conversations/new",
|
130
|
+
"line": 1,
|
131
|
+
"file": "app/views/decidim/messaging/conversations/new.html.erb",
|
132
|
+
"rendered": {
|
133
|
+
"name": "decidim/messaging/conversations/_show",
|
134
|
+
"file": "app/views/decidim/messaging/conversations/_show.html.erb"
|
135
|
+
}
|
136
|
+
}
|
137
|
+
],
|
138
|
+
"location": {
|
139
|
+
"type": "template",
|
140
|
+
"template": "decidim/messaging/conversations/_show"
|
141
|
+
},
|
142
|
+
"user_input": "params",
|
143
|
+
"confidence": "Weak",
|
144
|
+
"note": ""
|
145
|
+
}
|
146
|
+
],
|
147
|
+
"updated": "2021-12-22 09:55:40 +0000",
|
148
|
+
"brakeman_version": "5.1.2"
|
149
|
+
}
|
@@ -88,7 +88,7 @@ Devise.setup do |config|
|
|
88
88
|
# It will change confirmation, password recovery and other workflows
|
89
89
|
# to behave the same regardless if the e-mail provided was right or wrong.
|
90
90
|
# Does not affect registerable.
|
91
|
-
|
91
|
+
config.paranoid = true
|
92
92
|
|
93
93
|
# By default Devise will store the user in session. You can skip storage for
|
94
94
|
# particular strategies by setting this option.
|
@@ -7,31 +7,33 @@ if Rails.env.production? || Rails.env.test?
|
|
7
7
|
config.middleware.use Rack::Attack
|
8
8
|
end
|
9
9
|
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
10
|
+
ActiveSupport::Reloader.to_prepare do
|
11
|
+
Rack::Attack.blocklist("block all access to system") do |request|
|
12
|
+
# Requests are blocked if the return value is truthy
|
13
|
+
if request.path.start_with?("/system")
|
14
|
+
Decidim.system_accesslist_ips.any? && Decidim.system_accesslist_ips.map { |ip_address| IPAddr.new(ip_address).include?(IPAddr.new(request.ip)) }.any?
|
15
|
+
end
|
14
16
|
end
|
15
|
-
end
|
16
17
|
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
18
|
+
unless Rails.env.test?
|
19
|
+
Rack::Attack.throttle(
|
20
|
+
"requests by ip",
|
21
|
+
limit: Decidim.throttling_max_requests,
|
22
|
+
period: Decidim.throttling_period,
|
23
|
+
&:ip
|
24
|
+
)
|
24
25
|
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
26
|
+
# Throttle login attempts for a given email parameter to 6 reqs/minute
|
27
|
+
# Return the email as a discriminator on POST /users/sign_in requests
|
28
|
+
Rack::Attack.throttle("limit logins per email", limit: 5, period: 60.seconds) do |request|
|
29
|
+
request.params["user"]["email"] if request.path == "/users/sign_in" && request.post?
|
30
|
+
end
|
30
31
|
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
|
32
|
+
# Throttle login attempts for a given email parameter to 6 reqs/minute
|
33
|
+
# Return the email as a discriminator on POST /users/sign_in requests
|
34
|
+
Rack::Attack.throttle("limit password recovery attempts per email", limit: 5, period: 60.seconds) do |request|
|
35
|
+
request.params["user"]["email"] if request.path == "/users/password" && request.post?
|
36
|
+
end
|
35
37
|
end
|
36
38
|
end
|
37
39
|
end
|
data/config/locales/ca.yml
CHANGED
@@ -967,6 +967,7 @@ ca:
|
|
967
967
|
show:
|
968
968
|
back: Tornar a totes les converses
|
969
969
|
chat_with: Conversa amb
|
970
|
+
deleted_accounts: No podeu tenir una conversa amb un compte d'usuari eliminat.
|
970
971
|
not_allowed: Aquesta participant no accepta missatges directes.
|
971
972
|
title: Conversa amb %{usernames}
|
972
973
|
start:
|
@@ -1331,6 +1332,7 @@ ca:
|
|
1331
1332
|
title_reply: Respondre
|
1332
1333
|
show:
|
1333
1334
|
back: Mostra totes les converses
|
1335
|
+
deleted_accounts: No podeu tenir una conversa amb un compte d'usuari eliminat.
|
1334
1336
|
not_allowed: Aquesta participant no accepta missatges directes.
|
1335
1337
|
title: Conversa amb %{usernames}
|
1336
1338
|
update:
|
data/config/locales/cs.yml
CHANGED
@@ -84,6 +84,49 @@ cs:
|
|
84
84
|
decidim_with_day_and_month_name: "%A %d %b %Y"
|
85
85
|
decidim_with_month_name: "%d %B %Y"
|
86
86
|
decidim_with_month_name_short: "%d %b"
|
87
|
+
datetime:
|
88
|
+
distance_in_words:
|
89
|
+
about_x_hours:
|
90
|
+
one: asi 1 hodina
|
91
|
+
few: asi %{count} hodiny
|
92
|
+
many: asi %{count} hodin
|
93
|
+
other: asi %{count} hodin
|
94
|
+
about_x_months:
|
95
|
+
one: asi 1 měsíc
|
96
|
+
few: asi %{count} měsíce
|
97
|
+
many: asi %{count} měsíců
|
98
|
+
other: asi %{count} měsíců
|
99
|
+
half_a_minute: půl minuty
|
100
|
+
less_than_x_minutes:
|
101
|
+
one: méně než minutu.
|
102
|
+
few: méně než %{count} minuty.
|
103
|
+
many: méně než %{count} minut.
|
104
|
+
other: méně než %{count} minut.
|
105
|
+
less_than_x_seconds:
|
106
|
+
one: právě teď
|
107
|
+
few: méně než %{count} vteřiny.
|
108
|
+
many: méně než %{count} vteřin.
|
109
|
+
other: méně než %{count} vteřin.
|
110
|
+
x_days:
|
111
|
+
one: před 1 dnem
|
112
|
+
few: "před %{count} dny"
|
113
|
+
many: "před %{count} ti dny"
|
114
|
+
other: "před %{count} ti dny"
|
115
|
+
x_hours:
|
116
|
+
one: před 1 hodinou
|
117
|
+
few: "před %{count} hodinami"
|
118
|
+
many: "před %{count} hodinami"
|
119
|
+
other: "před %{count} hodinami"
|
120
|
+
x_minutes:
|
121
|
+
one: před 1 minutou
|
122
|
+
few: "před %{count} minutami"
|
123
|
+
many: "před %{count} minutami"
|
124
|
+
other: "před %{count} minutami"
|
125
|
+
x_seconds:
|
126
|
+
one: před 1 vteřinou
|
127
|
+
few: "před %{count} vteřinami"
|
128
|
+
many: "před %{count} vteřinami"
|
129
|
+
other: "před %{count} vteřinami"
|
87
130
|
decidim:
|
88
131
|
accessibility:
|
89
132
|
external_link: Externí odkaz
|
@@ -527,6 +570,11 @@ cs:
|
|
527
570
|
this_application_will_not_be_able_to: 'Tato aplikace nebude moci:'
|
528
571
|
update_profile: Aktualizujte svůj profil
|
529
572
|
wants_to_use_your_account_html: "<strong>%{application_name}</strong> chce používat váš účet"
|
573
|
+
editor_images:
|
574
|
+
create:
|
575
|
+
error: Chyba při nahrávání obrázku
|
576
|
+
success: Obrázek byl úspěšně nahrán
|
577
|
+
drag_and_drop_help: Přidejte obrázky přetažením nebo vložením.
|
530
578
|
endorsable:
|
531
579
|
endorsements: Schválení
|
532
580
|
endorsements_count: Počet schvalování
|
@@ -992,6 +1040,7 @@ cs:
|
|
992
1040
|
show:
|
993
1041
|
back: Zpět ke všem konverzacím
|
994
1042
|
chat_with: Konverzace s
|
1043
|
+
deleted_accounts: Nemůžete mít konverzaci s odstraněnými účty.
|
995
1044
|
not_allowed: Tento uživatel nepřijímá přímé zprávy.
|
996
1045
|
title: Konverzace s číslem %{usernames}
|
997
1046
|
start:
|
@@ -1059,6 +1108,12 @@ cs:
|
|
1059
1108
|
greetings: Zdravím,<br/>%{organization_name}<br/><a href="%{organization_url}">%{organization_url}</a>
|
1060
1109
|
hello: Ahoj,
|
1061
1110
|
subject: Chcete nadále dostávat příslušné informace o %{organization_name}?
|
1111
|
+
notification_mailer:
|
1112
|
+
event_received:
|
1113
|
+
no_translation_available: Omlouváme se, po odeslání e-mailu nelze získat automatický překlad. Překlad původního textu můžete zkontrolovat na následujícím odkazu %{link}.
|
1114
|
+
original_text: 'Původní text:'
|
1115
|
+
same_language: Obsah byl zveřejněn ve vašem preferovaném jazyce (%{language}), proto se v tomto e-mailu nezobrazuje automatický překlad.
|
1116
|
+
translated_text: 'Automaticky přeložený text:'
|
1062
1117
|
notifications:
|
1063
1118
|
no_notifications: Zatím žádné oznámení.
|
1064
1119
|
notifications_settings:
|
@@ -1358,6 +1413,7 @@ cs:
|
|
1358
1413
|
title_reply: Odpovědět
|
1359
1414
|
show:
|
1360
1415
|
back: Zobrazit všechny konverzace
|
1416
|
+
deleted_accounts: Nemůžete mít konverzaci s odstraněnými účty.
|
1361
1417
|
not_allowed: Tento uživatel již nepřijímá žádné přímé zprávy.
|
1362
1418
|
title: Konverzace s %{usernames}
|
1363
1419
|
update:
|
@@ -1661,10 +1717,12 @@ cs:
|
|
1661
1717
|
name: Čeština
|
1662
1718
|
name_with_error: Čeština
|
1663
1719
|
password_validator:
|
1720
|
+
blacklisted: je na černé listině
|
1664
1721
|
domain_included_in_password: je příliš podobné tomuto názvu domény
|
1665
1722
|
email_included_in_password: je příliš podobný e-mailu
|
1666
1723
|
fallback: není platný
|
1667
1724
|
name_included_in_password: je příliš podobné vašemu jménu
|
1725
|
+
nickname_included_in_password: je příliš podobné vaší přezdívce
|
1668
1726
|
not_enough_unique_characters: nemá dostatek jedinečných znaků
|
1669
1727
|
password_not_allowed: není povoleno
|
1670
1728
|
password_too_common: je příliš běžné
|
@@ -1699,6 +1757,8 @@ cs:
|
|
1699
1757
|
day_of_week: "%a"
|
1700
1758
|
day_of_week_long: "%a %e"
|
1701
1759
|
day_of_year: "%d.%m.%y"
|
1760
|
+
ddmm: "%d.%m"
|
1761
|
+
ddmmyyyy: "%d.%m.%Y"
|
1702
1762
|
decidim_day_of_year: "%d %B %Y"
|
1703
1763
|
decidim_short: "%d/%m/%Y %H:%M"
|
1704
1764
|
default: "%a, %d %b %Y %H:%M:%S %z"
|