proclaim 0.2.1 → 0.2.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: b0fa65204bd314dae948730f9a98faa94967d29f
-  data.tar.gz: fd5c1946614f5e5b5252a762e500d4d6d7118eaf
+  metadata.gz: 0f01a5d261bff3eb7daf30ba4bde79f074c20e58
+  data.tar.gz: 1519808eae64115a710a98131470e6b4fa61cd5f
 SHA512:
-  metadata.gz: e9b5098b7ede9acedb336fcb367af05dd553088d9b7fb056754d4c27a8339aaf334c090c7f7209fab696c751e099c8fd833779a20466aaa40571c2a5fc019d25
-  data.tar.gz: ff2b49ba432b3a00a092cc33eea9d9a0fcf9f08115cfb21156f3554fa15eb3951f3a3530f797abb758ae0e5d49e3f668d15b542f093193d6a2c4c149a63d4d39
+  metadata.gz: ef0e2bdf09f08125eaf80c8f7fd91c7831b8081b4414ba28b472463d8f29db4fb196772d01f10185261c3eb57b9a0d8bc3d9797591134ca803f707a499866f2b
+  data.tar.gz: ce8688fb5521fa7777645fb4fabdaa7ae7a75e95860974cd2c769f9eb91b6e19b0cf75518a527b3167a58f4df6a6643fa74e10fd625e703f3618d8231cf47e86

data/CHANGELOG

@@ -1,3 +1,7 @@
+v 0.2.2
+  - Fixed post titles showing HTML entities
+  - Fixed posts index to show published time instead of updated time
+
 v 0.2.1
   - Fixed out-of-date initializer template
 

data/README.md

@@ -28,7 +28,7 @@ scheme is given below.
 Proclaim 0.1 works with Rails 4.2 and on. Add it to your Gemfile with:
 
 ```ruby
-gem 'proclaim', "~> 0.2.1"
+gem 'proclaim', "~> 0.2.2"
 ```
 
 Run `bundle install` to install it.

data/VERSION

@@ -1 +1 @@
-0.2.1
+0.2.2

data/app/controllers/proclaim/posts_controller.rb

@@ -100,7 +100,7 @@ module Proclaim
 		def post_params
 			# Ensure post title is sanitized of all HTML
 			if params[:post].include? :title
-				params[:post][:title] = Rails::Html::FullSanitizer.new.sanitize(params[:post][:title])
+				params[:post][:title] = HTMLEntities.new.decode(Rails::Html::FullSanitizer.new.sanitize(params[:post][:title]))
 			end
 
 			params.require(:post).permit(:title,

data/app/models/proclaim/post.rb

@@ -49,7 +49,7 @@ module Proclaim
 		end
 
 		def body_plaintext
-			Rails::Html::FullSanitizer.new.sanitize(body.gsub(/\r\n?/, ' '))
+			HTMLEntities.new.decode(Rails::Html::FullSanitizer.new.sanitize(body.gsub(/\r\n?/, ' ')))
 		end
 
 		def excerpt

data/app/views/layouts/proclaim/subscription_mailer.html.erb

@@ -1,7 +1,7 @@
 <!DOCTYPE html>
 <html>
 	<head>
-		<meta content='text/html; charset=UTF-8' http-equiv='Content-Type' />
+		<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
 
 		<style>
 			* {

data/app/views/proclaim/posts/_form.html.erb

@@ -7,14 +7,14 @@
 		              $(document).find("form.new_post h1.editable"),
 		              $(document).find("input#post_body"),
 		              $(document).find("form.new_post div.editable"),
-		              <%= raw Proclaim.editor_toolbar_buttons.to_json %>);
+		              <%= Proclaim.editor_toolbar_buttons.to_json.html_safe %>);
 		<% else %>
 			new Editor($(document).find("form.edit_post"),
 		              $(document).find("input#post_title"),
 		              $(document).find("form.edit_post h1.editable"),
 		              $(document).find("input#post_body"),
 		              $(document).find("form.edit_post div.editable"),
-		              <%= raw Proclaim.editor_toolbar_buttons.to_json %>);
+		              <%= Proclaim.editor_toolbar_buttons.to_json.html_safe %>);
 		<% end %>
 	});
 </script>
@@ -36,7 +36,7 @@
 		<h1 class = "post_title editable" data-disable-return="true" data-disable-toolbar="true" data-placeholder="Post Title"><%= @post.title %></h1>
 
 		<div class = "post_body editable" data-placeholder = "Post Body" data-image-upload-path="<%= cache_image_path %>" data-image-delete-path="<%= discard_image_path %>">
-			<%= raw @post.body %>
+			<%= @post.body.html_safe %>
 		</div>
 
 		<div class = "post_information" style = "margin-bottom: 30px;">

data/app/views/proclaim/posts/index.html.erb

@@ -31,7 +31,7 @@
 						<% end %>
 					</div>
 					<%= post.author.send(Proclaim.author_name_method) %><br />
-					<%= timeago_tag post.updated_at, format: "%B %d, %Y" %>
+					<%= timeago_tag post.published_at, format: "%B %d, %Y" %>
 				</div>
 			<% end %>
 			</td>

data/app/views/proclaim/posts/show.html.erb

@@ -31,7 +31,7 @@
 	<h1 class = "post_title"><%= @post.title %></h1>
 
 	<div class = "post_body show">
-		<%= raw @post.body %>
+		<%= @post.body.html_safe %>
 	</div>
 
 	<div class = "post_information">

data/app/views/proclaim/subscription_mailer/new_post_notification_email.html.erb

@@ -4,7 +4,7 @@
 	</tr>
 
 	<tr>
-		<td class = "post_body"><%= raw @post.body %></td>
+		<td class = "post_body"><%= @post.body.html_safe %></td>
 	</tr>
 
 	<tr>

data/lib/generators/proclaim/templates/initialize_proclaim.rb

@@ -3,23 +3,23 @@ Proclaim.setup do |config|
 	# `current_author_method` and `authentication_method`. For example, setting
 	# `author_class = "Admin"` changes the default `current_author_method` to be
 	# `:current_admin`, etc.
-	#author_class = "User"
+	#config.author_class = "User"
 
 	# Method to obtain the name of the author. This should be a method on the
 	# author class.
-	#author_name_method = :name
+	#config.author_name_method = :name
 
 	# Method to obtain the currently-authenticated user. Should return nil if
 	# no user is currently authenticated.
-	#current_author_method = :current_user
+	#config.current_author_method = :current_user
 
 	# Method to verify that a user is authenticated, and if not, will redirect
 	# to some sort of authentication page.
-	#authentication_method = :authenticate_user!
+	#config.authentication_method = :authenticate_user!
 
 	# Maximum length for the excerpts shown on the posts index.
-	#excerpt_length = 500
+	#config.excerpt_length = 500
 
 	# Buttons to display on post editor toolbar
-	#editor_toolbar_buttons = ['bold', 'italic', 'underline', 'anchor', 'header1', 'header2', 'quote']
+	#config.editor_toolbar_buttons = ['bold', 'italic', 'underline', 'anchor', 'header1', 'header2', 'quote']
 end

data/lib/proclaim/version.rb

@@ -1,3 +1,3 @@
 module Proclaim
-  VERSION = "0.2.1"
+  VERSION = "0.2.2"
 end

data/test/integration/with_javascript/post_form_test.rb

@@ -33,17 +33,19 @@ class PostFormTest < ActionDispatch::IntegrationTest
 
 		within('#new_post') do
 			element = find('h1.editable')
-			element.click()
+			#element.click()
 			element.set("Post Title") # Set the title text
 			element = find('div.editable')
-			element.click() # Select the element
+			#element.click() # Select the element
 			element.set("Paragraph 1\nParagraph 2") # Set the body text
 		end
 
-		assert_difference('Proclaim::Post.count') do
+		assert_difference('Proclaim::Post.count', 1,
+		                  "A post should have been created") do
 			click_button "Create"
-			assert page.has_text? "Post Title"
-			assert page.has_text? "Paragraph 1\nParagraph 2"
+			assert page.has_text?("Post Title"), "Post title should be shown"
+			assert page.has_text?("Paragraph 1\nParagraph 2"),
+			       "Post body should be shown"
 			wait_for_ajax
 		end
 	end
@@ -137,6 +139,48 @@ class PostFormTest < ActionDispatch::IntegrationTest
 		assert File.exist?(saved_file_path), "File should still be saved: #{saved_file_path}"
 	end
 
+	test "form should not replace non-alphanumeric text in title with HTML entities" do
+		user = FactoryGirl.create(:user)
+		sign_in user
+
+		visit proclaim.new_post_path
+
+		within('#new_post') do
+			element = find('h1.editable')
+			#element.click()
+			element.set("\"quotes\"") # Set the title text
+			# Don't fill in body
+		end
+
+		click_button "Create"
+
+		assert page.has_css? "div#error_explanation"
+
+		assert page.has_text?("\"quotes\""), "Form should still be showing quotes in title!"
+		assert page.has_no_text?("&quot;quotes&quot;"), "Form should not be showing HTML entities in title!"
+	end
+
+	test "show should not replace non-alphanumeric text in title with HTML entities" do
+		user = FactoryGirl.create(:user)
+		sign_in user
+
+		visit proclaim.new_post_path
+
+		within('#new_post') do
+			element = find('h1.editable')
+			#element.click()
+			element.set("\"quotes\"") # Set the title text
+			element = find('div.editable')
+			#element.click() # Select the element
+			element.set("Paragraph 1\nParagraph 2") # Set the body text
+		end
+
+		click_button "Create"
+
+		assert page.has_text?("\"quotes\""), "Show page should be showing quotes in title!"
+		assert page.has_no_text?("&quot;quotes&quot;"), "Show page should not be showing HTML entities in title!"
+	end
+
 	test "should show error without title" do
 		user = FactoryGirl.create(:user)
 		sign_in user
@@ -146,13 +190,15 @@ class PostFormTest < ActionDispatch::IntegrationTest
 		within('#new_post') do
 			# Don't fill in title
 			element = find('div.editable')
-			element.click() # Select the element
+			#element.click() # Select the element
 			element.set("Paragraph 1\nParagraph 2") # Set the text
 		end
 
-		assert_no_difference('Proclaim::Post.count') do
+		assert_no_difference('Proclaim::Post.count',
+		                     "No post should have been created without a title") do
 			click_button "Create"
-			assert page.has_css? "div#error_explanation"
+			assert page.has_css?("div#error_explanation"),
+			       "Should show error complaining about lack of title"
 			wait_for_ajax
 		end
 	end
@@ -165,7 +211,7 @@ class PostFormTest < ActionDispatch::IntegrationTest
 
 		within('#new_post') do
 			element = find('h1.editable')
-			element.click()
+			#element.click()
 			element.set("Post Title") # Set the title text
 			# Don't fill in the body
 		end

data/test/integration/with_javascript/post_show_test.rb

@@ -0,0 +1,47 @@
+require 'test_helper'
+
+class PostShowTest < ActionDispatch::IntegrationTest
+	self.use_transactional_fixtures = false
+
+	setup do
+		ApplicationController.any_instance.stubs(:current_user).returns(nil)
+		ApplicationController.any_instance.stubs(:authenticate_user).returns(false)
+
+		DatabaseCleaner.strategy = :truncation
+		DatabaseCleaner.start
+
+		Capybara.current_driver = :selenium
+
+		@show_pag = ShowPage.new
+	end
+
+	teardown do
+		DatabaseCleaner.clean
+		Capybara.use_default_driver
+	end
+
+	test "show should include edit/delete buttons if logged in" do
+		user = FactoryGirl.create(:user)
+		sign_in user
+
+		post = FactoryGirl.create(:published_post)
+
+		visit proclaim.post_path(post)
+
+		assert page.has_css?('a', text: "Edit"),
+		       "The show page should include a link to edit if logged in!"
+		assert page.has_css?('a', text: "Delete"),
+		       "The show page should include a link to delete if logged in!"
+	end
+
+	test "show should not include edit/delete buttons if not logged in" do
+		post = FactoryGirl.create(:published_post)
+
+		visit proclaim.post_path(post)
+
+		assert page.has_no_css?('a', text: "Edit"),
+		       "The show page should not include a link to edit if not logged in!"
+		assert page.has_no_css?('a', text: "Delete"),
+		       "The show page should not include a link to delete if not logged in!"
+	end
+end

data/test/test_helper.rb

@@ -11,7 +11,6 @@ require 'database_cleaner'
 require 'test_after_commit'
 require 'coffee_script'
 require 'sass'
-#Capybara.app = Proclaim::Engine
 
 Rails.backtrace_cleaner.remove_silencers!
 
@@ -25,6 +24,12 @@ Dir["#{File.dirname(__FILE__)}/support/**/*.rb"].each { |f| require f }
 #	include Proclaim::Engine.routes.url_helpers
 #end
 
+# Selenium isn't working with Firefox 35 (01/16/14). Use Chrome instead, for
+# now. Too bad, really... I hate Chrome.
+Capybara.register_driver :selenium do |app|
+	Capybara::Selenium::Driver.new(app, :browser => :chrome)
+end
+
 class ActionDispatch::IntegrationTest
 	# Make the Capybara DSL available in all integration tests
 	include Capybara::DSL

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: proclaim
 version: !ruby/object:Gem::Version
-  version: 0.2.1
+  version: 0.2.2
 platform: ruby
 authors:
 - Kyle Fazzari
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-01-10 00:00:00.000000000 Z
+date: 2015-01-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -447,6 +447,7 @@ files:
 - test/helpers/proclaim/subscriptions_helper_test.rb
 - test/integration/with_javascript/comment_test.rb
 - test/integration/with_javascript/post_form_test.rb
+- test/integration/with_javascript/post_show_test.rb
 - test/integration/with_javascript/post_subscription_test.rb
 - test/integration/without_javascript/blog_subscription_test.rb
 - test/integration/without_javascript/post_test.rb
@@ -544,6 +545,7 @@ test_files:
 - test/integration/with_javascript/comment_test.rb
 - test/integration/with_javascript/post_subscription_test.rb
 - test/integration/with_javascript/post_form_test.rb
+- test/integration/with_javascript/post_show_test.rb
 - test/integration/without_javascript/post_test.rb
 - test/integration/without_javascript/subscription_email_test.rb
 - test/integration/without_javascript/unsubscribe_test.rb