decidim-core 0.27.2 → 0.27.3
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of decidim-core might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/app/cells/decidim/upload_modal/files.erb +1 -0
- data/app/cells/decidim/upload_modal_cell.rb +14 -4
- data/app/commands/decidim/attachment_methods.rb +20 -2
- data/app/commands/decidim/create_registration.rb +1 -0
- data/app/commands/decidim/gallery_methods.rb +1 -1
- data/app/commands/decidim/update_account.rb +1 -0
- data/app/commands/decidim/update_password.rb +2 -0
- data/app/controllers/decidim/devise/sessions_controller.rb +18 -2
- data/app/controllers/decidim/links_controller.rb +8 -11
- data/app/helpers/decidim/cells_helper.rb +1 -0
- data/app/helpers/decidim/external_domain_helper.rb +14 -3
- data/app/helpers/decidim/sanitize_helper.rb +3 -2
- data/app/models/decidim/scope_type.rb +24 -0
- data/app/packs/src/decidim/direct_uploads/upload_modal.js +0 -1
- data/app/packs/src/decidim/editor/clipboard_override.js +6 -2
- data/app/packs/src/decidim/editor.js +63 -33
- data/app/packs/stylesheets/decidim/modules/_buttons.scss +10 -6
- data/app/packs/stylesheets/decidim/modules/_cards.scss +1 -1
- data/app/packs/stylesheets/decidim/modules/_comments.scss +24 -0
- data/app/packs/stylesheets/decidim/modules/_input-gallery.scss +2 -1
- data/app/packs/stylesheets/decidim/modules/_upload_modal.scss +0 -4
- data/app/packs/stylesheets/decidim/vizzs/_linechart.scss +2 -2
- data/app/packs/stylesheets/decidim/vizzs/_rowchart.scss +2 -2
- data/app/presenters/decidim/notification_presenter.rb +1 -1
- data/app/presenters/decidim/notification_to_mailer_presenter.rb +1 -0
- data/app/presenters/decidim/user_group_presenter.rb +1 -1
- data/app/presenters/decidim/user_presenter.rb +1 -1
- data/app/scrubbers/decidim/admin_input_scrubber.rb +3 -1
- data/app/scrubbers/decidim/user_input_scrubber.rb +30 -1
- data/app/services/decidim/traceability.rb +1 -0
- data/app/validators/uploader_image_dimensions_validator.rb +22 -2
- data/app/views/decidim/links/_invalid_url_modal.html.erb +17 -0
- data/app/views/decidim/links/_modal.html.erb +1 -1
- data/app/views/decidim/links/invalid_url.js.erb +24 -0
- data/app/views/decidim/links/new.html.erb +1 -1
- data/app/views/decidim/messaging/conversations/_conversation.html.erb +1 -5
- data/config/locales/ar.yml +566 -3
- data/config/locales/bg.yml +1 -4
- data/config/locales/ca.yml +21 -17
- data/config/locales/cs.yml +22 -30
- data/config/locales/da.yml +4 -0
- data/config/locales/de.yml +4 -22
- data/config/locales/el.yml +2 -4
- data/config/locales/en.yml +16 -13
- data/config/locales/eo.yml +2 -1
- data/config/locales/es-MX.yml +20 -16
- data/config/locales/es-PY.yml +20 -16
- data/config/locales/es.yml +21 -17
- data/config/locales/et.yml +4 -0
- data/config/locales/eu.yml +149 -58
- data/config/locales/fa-IR.yml +1 -0
- data/config/locales/fi-plain.yml +1 -18
- data/config/locales/fi.yml +19 -15
- data/config/locales/fr-CA.yml +23 -16
- data/config/locales/fr.yml +21 -14
- data/config/locales/ga-IE.yml +1 -0
- data/config/locales/gl.yml +0 -21
- data/config/locales/gn-PY.yml +4 -0
- data/config/locales/hr.yml +4 -0
- data/config/locales/hu.yml +64 -23
- data/config/locales/id-ID.yml +2 -4
- data/config/locales/is-IS.yml +2 -1
- data/config/locales/it.yml +1 -5
- data/config/locales/ja.yml +10 -21
- data/config/locales/ka-GE.yml +4 -0
- data/config/locales/kaa.yml +1 -0
- data/config/locales/lb.yml +0 -4
- data/config/locales/lt.yml +0 -34
- data/config/locales/lv.yml +0 -3
- data/config/locales/nl.yml +1 -23
- data/config/locales/no.yml +1 -23
- data/config/locales/oc-FR.yml +3 -0
- data/config/locales/pl.yml +0 -34
- data/config/locales/pt-BR.yml +2 -6
- data/config/locales/pt.yml +0 -4
- data/config/locales/ro-RO.yml +36 -4
- data/config/locales/ru.yml +1 -3
- data/config/locales/sk.yml +3 -5
- data/config/locales/sl.yml +1 -0
- data/config/locales/sr-CS.yml +2 -0
- data/config/locales/sv.yml +1 -23
- data/config/locales/tr-TR.yml +3 -7
- data/config/locales/uk.yml +1 -3
- data/config/locales/zh-CN.yml +0 -4
- data/config/locales/zh-TW.yml +1872 -0
- data/lib/decidim/asset_router/pipeline.rb +2 -0
- data/lib/decidim/core/test/shared_examples/comments_examples.rb +36 -0
- data/lib/decidim/core/test/shared_examples/digest_mail_examples.rb +33 -0
- data/lib/decidim/core/test/shared_examples/editor_shared_examples.rb +5 -4
- data/lib/decidim/core/test/shared_examples/rich_text_editor_examples.rb +7 -3
- data/lib/decidim/core/test.rb +1 -0
- data/lib/decidim/core/version.rb +1 -1
- data/lib/decidim/form_builder.rb +4 -3
- data/lib/decidim/publicable.rb +4 -0
- metadata +12 -7
|
@@ -18,12 +18,41 @@ module Decidim
|
|
|
18
18
|
|
|
19
19
|
private
|
|
20
20
|
|
|
21
|
+
RESTRICTED_TAGS = %w(
|
|
22
|
+
area
|
|
23
|
+
article
|
|
24
|
+
aside
|
|
25
|
+
audio
|
|
26
|
+
button
|
|
27
|
+
canvas
|
|
28
|
+
fieldset
|
|
29
|
+
figcaption
|
|
30
|
+
figure
|
|
31
|
+
font
|
|
32
|
+
footer
|
|
33
|
+
form
|
|
34
|
+
header
|
|
35
|
+
img
|
|
36
|
+
input
|
|
37
|
+
label
|
|
38
|
+
legend
|
|
39
|
+
main
|
|
40
|
+
map
|
|
41
|
+
menu
|
|
42
|
+
optgroup
|
|
43
|
+
option
|
|
44
|
+
output
|
|
45
|
+
select
|
|
46
|
+
textarea
|
|
47
|
+
video
|
|
48
|
+
).freeze
|
|
49
|
+
|
|
21
50
|
def custom_allowed_attributes
|
|
22
51
|
Loofah::HTML5::SafeList::ALLOWED_ATTRIBUTES
|
|
23
52
|
end
|
|
24
53
|
|
|
25
54
|
def custom_allowed_tags
|
|
26
|
-
Loofah::HTML5::SafeList::
|
|
55
|
+
Loofah::HTML5::SafeList::ACCEPTABLE_ELEMENTS - RESTRICTED_TAGS
|
|
27
56
|
end
|
|
28
57
|
end
|
|
29
58
|
end
|
|
@@ -117,6 +117,7 @@ module Decidim
|
|
|
117
117
|
return unless user.is_a?(Decidim::User)
|
|
118
118
|
# If the record is not valid, it may not yet have an ID causing an
|
|
119
119
|
# exception when trying to save the log record.
|
|
120
|
+
return if resource.nil?
|
|
120
121
|
return unless resource.valid?
|
|
121
122
|
|
|
122
123
|
Decidim::ActionLogger.log(
|
|
@@ -29,21 +29,41 @@ class UploaderImageDimensionsValidator < ActiveModel::Validations::FileContentTy
|
|
|
29
29
|
return if (image = extract_image(file)).blank?
|
|
30
30
|
|
|
31
31
|
record.errors.add attribute, I18n.t("carrierwave.errors.file_resolution_too_large") if image.dimensions.any? { |dimension| dimension > uploader.max_image_height_or_width }
|
|
32
|
+
rescue MiniMagick::Error, MiniMagick::Invalid
|
|
33
|
+
# The error may happen because of many reasons but most commonly the image
|
|
34
|
+
# exceeds the default maximum dimensions set for ImageMagick when the
|
|
35
|
+
# `identify` command fails to identify the image.
|
|
36
|
+
#
|
|
37
|
+
# To relax ImageMagick default limits, please refer to:
|
|
38
|
+
# https://imagemagick.org/script/security-policy.php
|
|
39
|
+
#
|
|
40
|
+
# Note that the error can also happen because of other reasons than only
|
|
41
|
+
# the image dimensions being too large. But as we do not really know the
|
|
42
|
+
# reason every time, we default to that error.
|
|
43
|
+
record.errors.add attribute, I18n.t("carrierwave.errors.file_cannot_be_processed")
|
|
32
44
|
end
|
|
33
45
|
|
|
34
46
|
def extract_image(file)
|
|
35
47
|
return unless file.try(:content_type).to_s.start_with?("image")
|
|
36
48
|
|
|
37
|
-
if
|
|
49
|
+
if uploaded_file?(file)
|
|
38
50
|
MiniMagick::Image.new(file.path)
|
|
39
51
|
elsif file.is_a?(ActiveStorage::Attached) && file.blob.persisted?
|
|
40
52
|
MiniMagick::Image.read(file.blob.download)
|
|
41
53
|
end
|
|
42
|
-
rescue ActiveStorage::FileNotFoundError
|
|
54
|
+
rescue ActiveStorage::FileNotFoundError, MiniMagick::Invalid
|
|
43
55
|
# Although the blob is persisted, the file is not available to download and analyze
|
|
44
56
|
# after committing the record
|
|
45
57
|
nil
|
|
46
58
|
end
|
|
47
59
|
|
|
48
60
|
def check_validity!; end
|
|
61
|
+
|
|
62
|
+
private
|
|
63
|
+
|
|
64
|
+
def uploaded_file?(file)
|
|
65
|
+
return true if defined?(Rack::Test::UploadedFile) && file.is_a?(Rack::Test::UploadedFile)
|
|
66
|
+
|
|
67
|
+
file.is_a?(ActionDispatch::Http::UploadedFile)
|
|
68
|
+
end
|
|
49
69
|
end
|
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
<%= decidim_modal id: "external-domain-warning" do %>
|
|
2
|
+
<div data-dialog-container>
|
|
3
|
+
<%= icon "external-link-line" %>
|
|
4
|
+
<h2 id="dialog-title-external-domain-warning" tabindex="-1" data-dialog-title><%= t("decidim.links.warning.title") %></h2>
|
|
5
|
+
<div>
|
|
6
|
+
|
|
7
|
+
<code class="mt-5 block break-all text-alert">
|
|
8
|
+
<%= flash[:alert] %>
|
|
9
|
+
</code>
|
|
10
|
+
</div>
|
|
11
|
+
</div>
|
|
12
|
+
<div data-dialog-actions>
|
|
13
|
+
<button class="button button__lg button__transparent-secondary" data-dialog-close="external-domain-warning">
|
|
14
|
+
<%= t("decidim.links.warning.cancel") %>
|
|
15
|
+
</button>
|
|
16
|
+
</div>
|
|
17
|
+
<% end %>
|
|
@@ -13,7 +13,7 @@
|
|
|
13
13
|
</div>
|
|
14
14
|
</div>
|
|
15
15
|
<div class="row buttons">
|
|
16
|
-
<%= link_to t("decidim.links.warning.proceed"),
|
|
16
|
+
<%= link_to t("decidim.links.warning.proceed"), external_url.to_s, target: "_blank", data: { close: "" }, class: "button primary button--nomargin" %>
|
|
17
17
|
<button class="button clear" data-close>
|
|
18
18
|
<%= t("decidim.links.warning.cancel") %>
|
|
19
19
|
</button>
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
(function() {
|
|
2
|
+
const create = (selector) => {
|
|
3
|
+
const element = document.createElement("div")
|
|
4
|
+
element.id = selector
|
|
5
|
+
document.body.append(element)
|
|
6
|
+
return element
|
|
7
|
+
}
|
|
8
|
+
|
|
9
|
+
const selector = "external-domain-warning"
|
|
10
|
+
const selectorContainer = `${selector}-container`
|
|
11
|
+
|
|
12
|
+
// if the container does not exist in the DOM, it creates a new one, otherwise, replace the content
|
|
13
|
+
const externalDomainWarning = document.getElementById(selectorContainer) || create(selectorContainer)
|
|
14
|
+
|
|
15
|
+
externalDomainWarning.innerHTML = ''
|
|
16
|
+
externalDomainWarning.innerHTML = '<%= j(render partial: "invalid_url_modal").strip.html_safe %>'
|
|
17
|
+
|
|
18
|
+
new window.Decidim.Dialogs(`#${selector}`, {
|
|
19
|
+
closingSelector: `[data-dialog-close="${selector}"]`,
|
|
20
|
+
backdropSelector: `[data-dialog="${selector}"]`,
|
|
21
|
+
labelledby: `dialog-title-${selector}`,
|
|
22
|
+
describedby: `dialog-desc-${selector}`
|
|
23
|
+
}).open()
|
|
24
|
+
})()
|
|
@@ -12,7 +12,7 @@
|
|
|
12
12
|
</div>
|
|
13
13
|
<div class="row">
|
|
14
14
|
<div class="columns large-12 text-center">
|
|
15
|
-
<%= link_to t("decidim.links.warning.proceed"),
|
|
15
|
+
<%= link_to t("decidim.links.warning.proceed"), external_url.to_s, class: "button expanded primary" %>
|
|
16
16
|
</div>
|
|
17
17
|
</div>
|
|
18
18
|
</div>
|
|
@@ -33,11 +33,7 @@
|
|
|
33
33
|
<span class="text-small">
|
|
34
34
|
<%= t("last_message", scope: "decidim.messaging.conversations.index") %>:
|
|
35
35
|
<strong>
|
|
36
|
-
|
|
37
|
-
<%= t("ago", scope: "decidim.messaging.conversations.index") %> <%= time_ago_in_words(Time.parse(conversation.last_message.created_at.to_s)) %>
|
|
38
|
-
<% else %>
|
|
39
|
-
<%= time_ago_in_words(Time.parse(conversation.last_message.created_at.to_s)) %> <%= t("ago", scope: "decidim.messaging.conversations.index") %>
|
|
40
|
-
<% end %>
|
|
36
|
+
<%= t("decidim.user_conversations.index.time_ago", time: time_ago_in_words(Time.zone.parse(conversation.last_message.created_at.to_s))) %>
|
|
41
37
|
</strong>
|
|
42
38
|
</span>
|
|
43
39
|
</div>
|