decidim-proposals 0.26.5 → 0.26.7

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 4a4c8eb3005ae333b7e25070ab1fb36beba6ae7f2148fb1748457564e057ca73
4
- data.tar.gz: 8a80ce1a6549660c4dd5ed49f63fd9ddba9e8136e0f48f2e36155f9cb2f59c71
3
+ metadata.gz: a4fce0c0b6f6522f1a2b6d43d805c27ab18608f7d0c45694847da7dd8ae27026
4
+ data.tar.gz: f89485ecc409eae9d065db73bff545f583228968b3ff75dee69ed964694dca73
5
5
  SHA512:
6
- metadata.gz: 490fdb4bad6ce35bc944e3e7558cde07d3f711ebbbd6bdaf489296eae9e6d41f87d0703ba0ce43ab85d8bf302511f1dff1798619b1620f98972fac163a8fc54a
7
- data.tar.gz: ec6da6b3acfb109dd56ed7d0680c293290a2f9de5d3a28f52ac4d7aad983e56423a7ae5bc2abd6bc1b3d8496c9e51b83f14ca6df60d19ac16ed0fe00584d3185
6
+ metadata.gz: 8de8e50973686973c038f4a07de403c4a2d3eae6edd86031458a97cf1543ecd480f1d50e601ae4770a012960656c5670f10d99a588fd374f3964c7fd045d32b6
7
+ data.tar.gz: b1ef8c8a2c18d61d04fedf861ae5535425bb97215c0743906e40fd220f67c90cdca049be1b4733316caa579130b027007e3540c3e1583ddb45e7b8a53835e1cc
@@ -23,7 +23,7 @@ module Decidim
23
23
  end
24
24
 
25
25
  def description
26
- decidim_sanitize_editor(present(model).body.truncate(100, separator: /\s/))
26
+ decidim_sanitize_editor(present(model).body.truncate(100, separator: /\s/), strip_tags: true)
27
27
  end
28
28
 
29
29
  def has_badge?
@@ -21,6 +21,8 @@ module Decidim
21
21
  #
22
22
  # Returns nothing.
23
23
  def call
24
+ return broadcast(:invalid) if proposal.blank?
25
+
24
26
  if proposal.published_state? && state_changed?
25
27
  transaction do
26
28
  increment_score
@@ -96,13 +96,24 @@ module Decidim
96
96
  # frontend, the proposal body is considered as safe content; that's unless
97
97
  # the proposal comes from a collaborative_draft or a participatory_text.
98
98
  def safe_content?
99
- rich_text_editor_in_public_views? && not_from_collaborative_draft(@proposal) ||
100
- (@proposal.official? || @proposal.official_meeting?) && not_from_participatory_text(@proposal)
99
+ (rich_text_editor_in_public_views? && not_from_collaborative_draft(@proposal)) ||
100
+ safe_content_admin?
101
+ end
102
+
103
+ # For admin entered content, the proposal body can contain certain extra
104
+ # tags, such as iframes.
105
+ def safe_content_admin?
106
+ (@proposal.official? || @proposal.official_meeting?) && not_from_participatory_text(@proposal)
101
107
  end
102
108
 
103
109
  # If the content is safe, HTML tags are sanitized, otherwise, they are stripped.
104
110
  def render_proposal_body(proposal)
105
- Decidim::ContentProcessor.render(render_sanitized_content(proposal, :body), "div")
111
+ sanitized = render_sanitized_content(proposal, :body)
112
+ if safe_content?
113
+ Decidim::ContentProcessor.render_without_format(sanitized).html_safe
114
+ else
115
+ Decidim::ContentProcessor.render(sanitized, "div")
116
+ end
106
117
  end
107
118
 
108
119
  # Returns :text_area or :editor based on the organization' settings.
@@ -7,7 +7,7 @@ module Decidim
7
7
  def proposal_reason_callout_announcement
8
8
  {
9
9
  title: proposal_reason_callout_title,
10
- body: decidim_sanitize_editor(translated_attribute(@proposal.answer))
10
+ body: decidim_sanitize_editor_admin(translated_attribute(@proposal.answer))
11
11
  }
12
12
  end
13
13
 
@@ -1,13 +1,13 @@
1
1
  <div class="grid-x">
2
2
  <div class="cell">
3
3
  <%= form.hidden_field :position, class: "position" %>
4
- <%= form.text_field :title, optional: false %>
4
+ <%= form.text_field :title, required: true %>
5
5
  </div>
6
6
  </div>
7
7
  <% if proposal.article? %>
8
8
  <div class="grid-x">
9
9
  <div class="cell">
10
- <%= form.text_area :body, optional: false, rows: 5 %>
10
+ <%= form.text_area :body, required: true, rows: 5 %>
11
11
  </div>
12
12
  </div>
13
13
  <% end %>
@@ -5,7 +5,7 @@
5
5
  </div>
6
6
 
7
7
  <div class="field hashtags__container">
8
- <%= form.text_area :body, rows: 10, class: "js-hashtags", value: form_presenter.body(extras: false).strip %>
8
+ <%= text_editor_for_proposal_body(form) %>
9
9
  </div>
10
10
 
11
11
  <% if @form.component_automatic_hashtags.any? %>
@@ -33,7 +33,7 @@
33
33
  <div class="section">
34
34
  <%== cell("decidim/proposals/collaborative_draft_m", @collaborative_draft, full_badge: true).badge %>
35
35
 
36
- <%= simple_format(present(@collaborative_draft).body(links: true, strip_tags: true), nil, sanitize: false) %>
36
+ <%= decidim_sanitize_editor present(@collaborative_draft).body(links: true) %>
37
37
 
38
38
  <% if component_settings.geocoding_enabled? %>
39
39
  <%= render partial: "decidim/shared/static_map", locals: { icon_name: "proposals", geolocalizable: @collaborative_draft } %>
@@ -22,7 +22,8 @@
22
22
  <% end %>
23
23
  </div>
24
24
  </div>
25
- <% if !current_settings.try(:votes_hidden?) && !proposal.component.current_settings.votes_hidden? %>
25
+ <% if !current_settings.try(:votes_hidden?) && !proposal.component.current_settings.votes_hidden? &&
26
+ proposal.component.current_settings.votes_enabled? %>
26
27
  <div class="card--list__data">
27
28
  <span class="card--list__data__number">
28
29
  <%= proposal.votes.size %>