zena 1.2.3 → 1.2.4

data/bricks/acls/zena/test/unit/acl_test.rb

@@ -5,9 +5,9 @@ class AclTest < Zena::Unit::TestCase
   def base_node
     visitor.node_without_secure
   end
-  MockRequest = Struct.new(:method, :params, :port)
+  MockRequest = Struct.new(:method, :params, :port, :path)
 
-  def mock_request(method = :get, params = {}, port = 0)
+  def mock_request(method = :get, params = {}, port = 0, path = '/nodes/33')
     MockRequest.new(method, params, port)
   end
 
@@ -81,6 +81,21 @@ class AclTest < Zena::Unit::TestCase
       end
     end # saving an acl with asset_host in query
 
+    context 'saving an acl with a wrong create_kpath' do
+      subject do
+        acls(:rap)
+      end
+
+      should 'return an error' do
+        erebus_id = groups_id(:erebus)
+        visitor.instance_eval do
+          @group_ids = self.group_ids + [erebus_id]
+        end
+        assert !subject.update_attributes(:query => "nodes in site")
+        assert_equal 'parse error on value ["in", 1] (kIN)', subject.errors[:query]
+      end
+    end # saving an acl with asset_host in query
+
 
     context 'a visitor' do
       context 'with normal access' do
@@ -110,6 +125,24 @@ class AclTest < Zena::Unit::TestCase
                           nil, nodes_zip(:queen), nil, mock_request(:get)
                          ).id
           end
+          
+          context 'creating an object' do
+            
+            should 'not find node if kpath does not match' do
+              assert_raise(ActiveRecord::RecordNotFound) do
+                subject.find_node(
+                 nil, nodes_zip(:queen), nil, mock_request(:post, {'node' => {'klass' => 'Page'}})
+                ).id
+              end
+            end
+
+            should 'find node if kpath matches' do
+              assert_equal nodes(:queen).id,
+                           subject.find_node(
+                            nil, nodes_zip(:queen), nil, mock_request(:post, {'node' => {'klass' => 'Contact'}})
+                           ).id
+            end
+          end
 
           should 'not find node out of acl scope' do
             assert_raise(ActiveRecord::RecordNotFound) do

data/bricks/math/lib/bricks/math.rb

@@ -6,7 +6,7 @@ module Bricks
       def math_asset(opts)
         content    = opts[:content]
         node       = opts[:node]
-        if !(content =~ /^\s*\\begin\{(align|equation|itemize|equation)/)
+        if !(content =~ /^\s*\\begin\{(align|equation|itemize)/)
           pre = '\['
           post = '\]'
         else

data/bricks/sphinx/zena/tasks.rb

@@ -1,7 +1,7 @@
 # The ThinkingSphinx::Configuration needs RAILS_ROOT and RAILS_ENV in order to function. Only 'setup' needs the
 # environment since it needs to get configuration settings from the classes in zena.
 require 'tempfile'
-require 'yaml'
+require 'safe_yaml'
 require 'thinking_sphinx'
 require 'zlib'
 

data/bricks/spreadsheet/lib/bricks/spreadsheet.rb

@@ -84,6 +84,7 @@ module Bricks
       def render_html
         html = []
         @sheets.each do |s|
+          html << "<h3>#{s.name}</h3>"
           html << '<table>'
           s.rows.each do |r|
             html << '<tr>'
@@ -189,7 +190,6 @@ td{border:1px solid #444; padding:2px;}
 </style>
 </head>
 <body>
-<h1>Render as #{type}</h1>
 #{data}
 </body>
 </html>

data/bricks/worker/zena/worker

@@ -38,6 +38,31 @@ Daemons.run_proc('worker', daemon_options) do
   require File.join('config', 'environment')
 
   require 'delayed/worker'
+  class Delayed::Job
+    private
+      # FIX Delayed Job to work with safe_yaml
+      # TODO: Remove this when we upgrade to Ruby 1.9
+      def deserialize(source)
+        handler = YAML.load(source, :safe => false) rescue nil
+
+        unless handler.respond_to?(:perform)
+          if handler.nil? && source =~ ParseObjectFromYaml
+            handler_class = $1
+          end
+          attempt_to_load(handler_class || handler.class)
+          handler = YAML.load(source, :safe => false)
+        end
+
+        return handler if handler.respond_to?(:perform)
+
+        raise DeserializationError,
+          'Job failed to load: Unknown handler. Try to manually require the appropriate file.'
+      rescue TypeError, LoadError, NameError => e
+        raise DeserializationError,
+          "Job failed to load: #{e.message}. Try to manually require the required file."
+      end
+  end
+  
   begin
     require 'thinking_sphinx'
     require 'thinking_sphinx/deltas/delayed_delta'

data/config/environment.rb

@@ -1,5 +1,5 @@
 # Specifies gem version of Rails to use when vendor/rails is not present
-RAILS_GEM_VERSION = '2.3.11' unless defined? RAILS_GEM_VERSION
+RAILS_GEM_VERSION = '2.3.18' unless defined? RAILS_GEM_VERSION
 
 # Bootstrap the Rails environment, frameworks, and default configuration
 require File.join(File.dirname(__FILE__), 'boot')

data/config/environments/production.rb

@@ -1,5 +1,5 @@
 # Settings specified here will take precedence over those in config/environment.rb
-config.log_level = :info
+# config.log_level = :debug
 
 # The production environment is meant for finished, "live" apps.
 # Code is not reloaded between requests

data/config/gems.yml

@@ -4,23 +4,24 @@ ruby-recaptcha: '= 1.0.3'
 syntax:         '= 1.0.0'
 tzinfo:
 uuidtools:      '= 2.0.0'
-rails:          '= 2.3.11'
+rails:          '= 2.3.18'
 json:           '= 1.5.1'
 authlogic:      '= 2.1.3'
 fast_gettext:   '~> 0.4.16'
 will_paginate:  '~> 2.3.12'
 differ:         '= 0.1.2'
 shoulda:        '= 2.10.3'
-httparty:       '= 0.7.8'
+httmultiparty : '= 0.3.8'
 open4:
 daemons:        # upload progress
 gem_plugin:     # upload progress
 simple_xlsx_writer:    # spreadsheet
   lib:          'simple_xlsx'
 
-querybuilder:   '= 1.2.1'
+querybuilder:   '= 1.2.2'
 yamltest:       '= 0.7.0'
-rubyless:       '= 0.8.8'
+safe_yaml:      '= 0.8.0'
+rubyless:       '= 0.8.10'
 property:       '= 2.3.2'
 versions:       '= 0.3.1'
 
@@ -44,7 +45,7 @@ thinking-sphinx:
   optional:     yes
   brick:        sphinx
   lib:          'thinking_sphinx'
-  version:      '= 1.3.14'
+  version:      '~> 1.3.14'
 
 # needs riddle 1.0.10
 

data/lib/bricks/requirements_validation.rb

@@ -1,4 +1,4 @@
-require 'yaml'
+require 'safe_yaml'
 
 module Bricks
   module RequirementsValidation

data/lib/log_recorder/lib/log_recorder.rb

@@ -2,7 +2,7 @@
 # on debian install ?????
 require 'rubygems'
 require 'mysql' # to have Mysql class
-require 'yaml'
+require 'safe_yaml'
 require 'date'
 
 # Use this custom format (we do not record the logname or user):

data/lib/tasks/zena.rake

@@ -1,4 +1,4 @@
-require 'yaml'
+require 'safe_yaml'
 require 'fileutils'
 
 # We need to make sure the RAILS_ENV is set before brick activation or the wrong bricks will
@@ -373,7 +373,7 @@ namespace :zena do
         nodes = Node.find(:all,
           :conditions => ['site_id = ?', site.id]
         )
-        site.rebuild_index(secure_result(nodes))
+        site.rebuild_index(secure_result(nodes), 1)
       else
         # We try to use the site worker.
         site.rebuild_index
@@ -562,6 +562,14 @@ namespace :zena do
       exec cmd
     end
   end
+  
+  desc "Remove rdoc warning/error"
+  task :fix_rakefile do
+    # Fix Rakefile
+    path = "#{RAILS_ROOT}/Rakefile"
+    text = File.read(path)
+    File.open(path, 'wb') {|f| f.puts text.gsub("require 'rake/rdoctask'\n", '')}
+  end
 end # zena
 
 namespace :gettext do

data/lib/zena.rb

@@ -1,10 +1,11 @@
-# FIXME: ========== cleanup and remove ====================
-require 'yaml'
+require 'safe_yaml'
+SafeYAML::OPTIONS[:default_mode] = :safe
 require 'date'
 require 'fileutils'
 require 'zena/info'
 require 'bricks'
 
+# FIXME: ========== cleanup
 SITES_ROOT = "#{RAILS_ROOT}/sites"
 AUTHENTICATED_PREFIX = "oo"
 PASSWORD_SALT = "jf93jfnvnas09093nas0923" # type anything here (but change this line !)
@@ -303,8 +304,8 @@ EXT_TYPE = [
   [ "gz"        , "application/x-gzip"             ],
   [ "hdf"       , "application/x-hdf"              ],
   [ "hqx"       , "application/mac-binhex40"       ],
-  [ "htm"       , "text/html"                      ],
   [ "html"      , "text/html"                      ],
+  [ "htm"       , "text/html"                      ],
   [ "ice"       , "x-conference/x-cooltalk"        ],
   [ "ief"       , "image/ief"                      ],
   [ "iges"      , "model/iges"                     ],

data/lib/zena/app.rb

@@ -52,6 +52,7 @@ module Zena
         end
 
         helper_method :render_to_string
+        filter_parameter_logging :password
       end
       Bricks.apply_patches('application_controller.rb')
       Bricks.apply_patches('application_helper.rb')

data/lib/zena/deploy/httpd.rhtml

@@ -12,8 +12,8 @@ NameVirtualHost *
 <% end %>
 
 <% if config[:app_type] == :passenger  %>
-LoadModule passenger_module /usr/lib/ruby/gems/1.8/gems/<%= config[:passenger_version] || 'passenger-3.0.17' %>/ext/apache2/mod_passenger.so
-PassengerRoot /usr/lib/ruby/gems/1.8/gems/<%= config[:passenger_version] || 'passenger-3.0.17' %>
+LoadModule passenger_module /usr/lib/ruby/gems/1.8/gems/<%= config[:passenger_version] || 'passenger-3.0.19' %>/ext/apache2/mod_passenger.so
+PassengerRoot /usr/lib/ruby/gems/1.8/gems/<%= config[:passenger_version] || 'passenger-3.0.19' %>
 PassengerRuby /usr/bin/ruby1.8
 PassengerDefaultUser www-data
 <% elsif config[:app_type] == :mongrel %>

data/lib/zena/deploy/template.rb

@@ -9,7 +9,11 @@ else
 end
 
 gem 'zena', :version => Zena::VERSION
+route '# Insert custom routes here.'
+route ''
 route 'map.zen_routes'
+route ''
+route '# Routes below this are never reached.'
 
 rakefile("zena_tasks.rake") do
 <<-TASK
@@ -32,13 +36,19 @@ end
 end
 
 inside('app/controllers') do
-  app = File.read('application_controller.rb')
-  app.gsub!(/class\s+ApplicationController\s+<\s+ActionController::Base/, "class ApplicationController < ActionController::Base\n  include Zena::App")
-  app.gsub!(/^(\s+)protect_from_forgery/, '\1# protect_from_forgery')
   File.open('application_controller.rb', 'wb') do |f|
-    f.write(app)
+    f.write %q{
+  # Filters added to this controller apply to all controllers in the application.
+  # Likewise, all the methods added will be available for all controllers.
+
+  class ApplicationController < ActionController::Base
+    include Zena::App
+    helper :all # include all helpers, all the time
+    # protect_from_forgery # See ActionController::RequestForgeryProtection for details
+  end
+}
   end
 end
 
 rake 'zena:assets OVERWRITE_ASSETS=true'
-
+rake 'zena:fix_rakefile'

data/lib/zena/info.rb

@@ -1,4 +1,4 @@
 module Zena
-  VERSION        = '1.2.3'
+  VERSION        = '1.2.4'
   ROOT           = File.expand_path(File.join(File.dirname(__FILE__), '..', '..'))
 end

data/lib/zena/parser/zazen_rules.rb

@@ -334,11 +334,18 @@ module Zena
       def extract_code(fulltext)
         @escaped_code = []
         @block_counter = -1
-        fulltext.gsub!( /<code([^>]*)>(.*?)<\/code>/m ) do
+        fulltext.gsub!( /<(code|notextile|html)([^>]*)>(.*?)<\/\1>/m ) do
           if @translate_ids
             raw_content([nil, $&])
+          elsif $1 == 'notextile' || $1 == 'html'
+            # FIXME: SECURITY. How to avoid the use of notextile in comments and such ?
+            if @context[:notextile] == 'true'
+              raw_content($3)
+            else
+              ''
+            end
           else
-            params, text = $1, $2
+            params, text = $2, $3
             pre_params = []
             if params =~ /\A(.*)lang\s*=\s*("|')([^"']+)\2(.*)\Z/m
               pre, lang, post = $1.strip, $3, $4.strip

data/lib/zena/remote/connection.rb

@@ -1,4 +1,4 @@
-require 'httparty'
+require 'httmultiparty'
 
 module Zena
   module Remote
@@ -10,7 +10,7 @@ module Zena
       # We create a new class because HTTParty works this way (class globals).
       def self.connect(uri, token)
         Class.new(self) do
-          include HTTParty
+          include HTTMultiParty
           extend Zena::Remote::Interface::ConnectionMethods
 
           class << self

data/lib/zena/remote/interface.rb

@@ -284,7 +284,7 @@ module Zena
                 node
               elsif errors = result['errors']
                 @errors = errors
-                log_message errors
+                log_message errors.inspect
                 false
               else
                 log_message "Could not save:"
@@ -293,7 +293,7 @@ module Zena
               end
             elsif errors = result['errors']
               log_message "Could not save:"
-              log_message errors
+              log_message errors.inspect
               false
             else
               log_message "Could not save:"
@@ -305,6 +305,12 @@ module Zena
           def new_record?
             id.nil?
           end
+          
+          def save!
+            if !save
+              raise Exception.new("Could not save.")
+            end
+          end
         end
       end # Update
 

data/lib/zena/remote/node.rb

@@ -41,7 +41,7 @@ module Zena
         @attributes['tag_names'] = SerializableArray.new('tag_names', 'tag', list)
       end
 
-      def parent_id(v)
+      def parent_id=(v)
         if v then
           # Cannot have nil values here (root node special case).
           @attributes['parent_id'] = v

data/lib/zena/routes.rb

@@ -63,7 +63,8 @@ module Zena
 
       resources :columns
 
-      resources :sites, :member => { :action => :put, :jobs => :get }
+      resources :sites, :collection => { :clear_cache => :get },
+                        :member     => { :action => :put, :jobs => :get }
 
       resources :comments,
                     :collection => { :empty_bin => :delete },

data/lib/zena/use/action.rb

@@ -198,11 +198,14 @@ class #{node.klass}: #{Array(node.klass).first.columns.keys.join(', ')}
             else_markup.set_dyn_param('href', '<%= logout_path %>')
 
             markup.set_dyn_param('href', '<%= login_path %>')
+            unless markup.params[:rel]
+              markup.set_param(:rel, 'nofollow')
+            end
 
             out markup.wrap(expand_if("visitor.is_anon?", self.node, else_markup))
           else
             out "<% if visitor.is_anon? %>"
-            out "<%= link_to #{_('login').inspect}, login_path %>"
+            out "<%= link_to #{_('login').inspect}, login_path, :rel => 'nofollow' %>"
             out "<% else %>"
             out "<%= link_to #{_('logout').inspect}, logout_path %>"
             out "<% end %>"
@@ -265,7 +268,10 @@ class #{node.klass}: #{Array(node.klass).first.columns.keys.join(', ')}
             end
           end
         end
-
+        
+        def r_versions_list
+          out "<%= render :partial=>'versions/list' %>"
+        end
 
         # TODO: test
         def r_swap

data/lib/zena/use/ajax.rb

@@ -9,10 +9,13 @@ module Zena
         # to avoid the clash with Rails' dom_id method.
         def ndom_id(node = @node, append_form = true)
           if node.kind_of?(Node) && !node.new_record?
-            if params[:action] == 'create' && !params[:udom_id]
+            if params[:action] == 'create' && !params[:udom_id] && !params[:s]
+              # !params[:s] is to not use this when executing Zena.post
+              
+              # We cannot filter with params[:zadd] because this breaks when editing in lists.
               return "#{params[:dom_id]}_#{node.zip}"
             end
-          elsif append_form && node.kind_of?(Node) && params[:zadd]
+          elsif append_form && node.kind_of?(Node) && params[:zadd] 
             return "#{params[:dom_id]}_#{node.zip.to_i}"
           end
 
@@ -68,7 +71,7 @@ module Zena
                   end
                 end
               end
-              page.replace params[:udom_id], :file => template_path_from_template_url('', params[:u_url])
+              page.replace params[:udom_id], :file => template_path_from_template_url('', params[:u_url] || params[:t_url])
               if params[:upd_both]
                 @dom_id = params[:dom_id]
                 page.replace params[:dom_id], :file => template_path_from_template_url
@@ -92,19 +95,26 @@ module Zena
               page.replace params[:dom_id], :file => template_path_from_template_url
               page << "$('#{params[:dom_id]}_form_t').focusFirstElement();"
             when 'create'
-              pos = params[:position]  || :before
-              ref = params[:reference] || "#{params[:dom_id]}_add"
-              page.insert_html pos.to_sym, ref, :file => template_path_from_template_url
-              if obj.kind_of?(Node)
-                @node = obj.parent.new_child(:class => obj.class)
+              if params[:zadd]
+                # ADD WITH FORM...
+                pos = params[:position]  || :before
+                ref = params[:reference] || "#{params[:dom_id]}_add"
+                page.insert_html pos.to_sym, ref, :file => template_path_from_template_url
+                if obj.kind_of?(Node)
+                  @node = obj.parent.new_child(:class => obj.class)
+                else
+                  instance_variable_set("@#{base_class.to_s.underscore}", obj.clone)
+                end
+                page.replace ndom_id, :file => template_path_from_template_url('_form')
+                if params[:done]
+                  page << params[:done]
+                elsif params[:zadd]
+                  page.toggle "#{params[:dom_id]}_0", "#{params[:dom_id]}_add"
+                end
               else
-                instance_variable_set("@#{base_class.to_s.underscore}", obj.clone)
-              end
-              page.replace ndom_id, :file => template_path_from_template_url('_form')
-              if params[:done]
-                page << params[:done]
-              elsif params[:zadd]
-                page.toggle "#{params[:dom_id]}_0", "#{params[:dom_id]}_add"
+                # Zena.post operation
+                page.replace ndom_id, :file => template_path_from_template_url
+                page << params[:done] if params[:done]
               end
             when 'update'
               page.replace ndom_id, :file => template_path_from_template_url
@@ -410,6 +420,7 @@ module Zena
           return parser_error("Invalid class 'for' parameter: #{finder.klass}") unless finder.klass <= Node
 
           node.dom_prefix = dom_name
+          var = root.get_unique_name('tog')
           dom_id = node.dom_id(:erb => false)
           markup.set_id(node.dom_id)
           markup.append_param(:class, 'toggle')
@@ -453,16 +464,16 @@ module Zena
 
           markup.append_param(:class, 'toggle')
           
-          opts = {}
+          opts = []
           if arity = @params.delete(:arity)
-            opts[:arity] = arity
+            opts << ":arity => #{RubyLess.translate_string(self, arity)}"
           end
           
           if js = @params.delete(:js)
-            opts[:js] = js
+            opts << ":js => #{RubyLess.translate_string(self, js)}"
           end
-          
-          markup.pre_wrap[:toggle] = "<% add_toggle_id(\"#{dom_id}\", #{"#{var}_tog".inspect}, #{RubyLess.translate_string(self, role)},#{opts.inspect}) { #{finder} } %>"
+          var = root.get_unique_name('tog')
+          markup.pre_wrap[:toggle] = "<% add_toggle_id(\"#{dom_id}\", #{var.inspect}, #{RubyLess.translate_string(self, role)},{#{opts.join(', ')}}) { #{finder} } %>"
         end
 
         def r_unlink