zena 1.2.2 → 1.2.3

data/History.txt

@@ -1,3 +1,28 @@
+== 1.2.3 2013-03-11
+
+* Major changes
+ * Better support for Passenger (deploy receipt, asset host)
+ * Support for 'sortable' <== TODO: Document
+ * html_escape all properties by default
+ * Better support for Passenger (default deployment method now)
+ * Simplified caching (using cachestamp in filename)
+ * Added preview='dom_id' to [form]. (Use preview_node to show preview content.) <== TODO: Document
+ * Added "in_group" zafu method on visitor. <== TODO: Document
+ * Added [upload_field] method to zafu to allow custom upload forms. <== TODO: Document
+ * Added support for custom images on nodes with the "img_tag_{mode}" string attribute or the 'img_tag' hash attribute. <== TODO: Document
+ * Added support for tag clouds through sqliss (<r:void do='tag_cloud from nodes in site' do='each' join=', '><r:name/> (<r:link_count/>)</r:void>). <== TODO: Document
+
+* Minor changes
+ * Support for 'lang_list' when creating vhost file <== TODO: Document
+ * Support for Range in zafu. <== TODO: Document
+ * Added options to query_parse to ignore unwanted parameters <== TODO: Document
+ * Added 'hparams' option to only return Hash parameters from params. <== TODO: Document
+ * Fixed query_parse to convert dates to UTC.
+ * Fixed form preview inside block.
+ * Added unique id to img_tag_{mode} code generated 'UUID'. <== TODO: Document
+ * Added PATH_mode.format and [JS] marker to img_tag_{mode}.
+ * Fixed form preview with long text (use POST).
+
 == 1.2.2 2012-08-30
 
 * Major changes

data/app/controllers/documents_controller.rb

@@ -52,30 +52,8 @@ class DocumentsController < ApplicationController
   # Create a document with upload progression (upload in mongrel)
   def upload
     create_document
-
-    responds_to_parent do # execute the redirect in the iframe's parent window
-      render :update do |page|
-        if @node.new_record?
-          page.replace_html 'form_errors', error_messages_for(:node, :object => @node)
-          page.call 'UploadProgress.setAsError'
-        else
-          page.call 'UploadProgress.setAsFinished'
-          page.delay(1) do # allow the progress bar fade to complete
-            if params[:js]
-              page << params[:js]
-            end
-            if params[:reload]
-              page << "Zena.t().Zena.reload(#{params[:reload].inspect})"
-            end
-            if params[:redir]
-              page << "Zena.reload_and_close(#{params[:redir].inspect})"
-            else
-              page.redirect_to document_url(@node[:zip], :reload => params[:reload], :js => params[:js])
-            end
-          end
-        end
-      end
-    end
+    
+    render_upload
   end
 
   def upload_progress
@@ -109,7 +87,7 @@ class DocumentsController < ApplicationController
         raise ActiveRecord::RecordNotFound
       end
     end
-
+    
     def create_document
       attrs = params['node']
       file, error = get_attachment

data/app/controllers/nodes_controller.rb

@@ -20,9 +20,13 @@ Examples:
 class NodesController < ApplicationController
   before_filter :check_is_admin,  :only => [:export]
   before_filter :check_api_group
+  if Bricks.raw_config['passenger']
+    before_filter :escape_path, :only => [:index, :show]
+  end
   before_filter :find_node, :except => [:index, :create, :not_found, :catch_all, :search]
   before_filter :check_can_drive, :only => [:edit]
   before_filter :check_path,      :only => [:index, :show]
+
   layout :popup_layout,           :only => [:edit, :import]
 
   def index
@@ -49,7 +53,7 @@ class NodesController < ApplicationController
     query_params_list = []
     query_params.each do |k,v|
       next if v.kind_of?(Hash) # FIXME: we should support nested hashes. Can't we use something in rails here ?
-      query_params_list << "#{k}=#{CGI.escape(v)}"
+      query_params_list << "#{k}=#{CGI.escape(v.to_s)}"
     end
     redirect_to "/" + ([prefix]+params[:path]).flatten.join('/') + (query_params_list == [] ? '' : "?#{query_params_list.join('&')}")
   end
@@ -170,7 +174,7 @@ class NodesController < ApplicationController
           content_path = @node.asset_path(filename)
           content_type = (Zena::EXT_TO_TYPE[params[:format]] || ['application/octet-stream'])[0]
           send_file(content_path, :filename=>filename, :type => content_type, :disposition=>'inline', :x_sendfile => ENABLE_XSENDFILE)
-          cache_page(:content_path => content_path, :authenticated => @node.public?) # content_path is used to cache by creating a symlink
+          cache_page(:content_path => content_path, :authenticated => @node.v_public?) # content_path is used to cache by creating a symlink
         elsif @node.kind_of?(Document) && params[:format] == @node.ext
           # Get document data (inline if possible)
           content_path = nil
@@ -192,7 +196,8 @@ class NodesController < ApplicationController
             send_file(content_path, :filename => @node.filename, :type => @node.content_type, :disposition => 'inline', :stream => false, :x_sendfile => ENABLE_XSENDFILE)
           end
 
-          cache_page(:content_path => content_path, :authenticated => @node.public?) # content_path is used to cache by creating a symlink
+          # content_path is used to cache by creating a symlink
+          cache_page(:content_path => content_path, :authenticated => @node.v_public?)
         else
           render_and_cache
           # FIXME: redirect to document format should occur in render_and_cache
@@ -213,7 +218,7 @@ class NodesController < ApplicationController
     file, file_error = get_attachment
     if file
       attrs['file'] = file
-      attrs['klass'] = 'Document'
+      attrs['klass'] ||= 'Document'
     end
 
     attrs = secure(Node) { Node.transform_attributes(attrs) }
@@ -229,6 +234,11 @@ class NodesController < ApplicationController
     end
     @node.errors.add('file', file_error) if file_error
 
+    if params[Zena::Use::Upload::UPLOAD_KEY]
+      # Respond in parent from iframe.
+      return render_upload
+    end
+    
     respond_to do |format|
       if @node.errors.empty?
         flash.now[:notice] = 'Node was successfully created.'
@@ -574,6 +584,7 @@ class NodesController < ApplicationController
     #  archive-1    ---> fullpath
     #  archive      ---> fullpath
     def find_node
+      
       if path = params[:path]
         # We do not use params[:path] because Rails does url unescape
         # and we want to do this ourselves.
@@ -592,13 +603,14 @@ class NodesController < ApplicationController
         if path.last =~ Zena::Use::Urls::ALLOWED_REGEXP
           zip    = $3
           name   = $4
-          params[:mode] = $5 == '' ? nil : $5[1..-1]
-          asset_and_format = $6 == '' ? '' : $6[1..-1]
-          if asset_and_format =~ /(\w+)\.(\w+)/
-            params[:asset ] = $1
+          params[:mode]    = $5 == '' ? nil : $5[1..-1]
+          params[:asset]   = $6 == '' ? nil : $6[1..-1]
+          stamp_and_format = $7 == '' ? '' : $7[1..-1]
+          if stamp_and_format =~ /(\w+)\.(\w+)/
+            @cachestamp = $1
             set_format($2)
           else
-            set_format(asset_and_format)
+            set_format(stamp_and_format)
           end
 
           # We use the visitor to find the node in order to ease implementation
@@ -618,6 +630,15 @@ class NodesController < ApplicationController
       end
     end
 
+    # Passenger unescapes url before passing it to Rails. We escape it back.
+    # FIXME: Performance: reverse this code (consider unescaped urls the norm and unescape if not using Passenger).
+    def escape_path
+      if params[:path]
+        params[:path].map! {|p| URI.escape(p) }
+      end
+      true
+    end
+    
     def set_format(format)
       request.instance_eval do
         parameters[:format] = format
@@ -647,37 +668,26 @@ class NodesController < ApplicationController
         end
       when 'show'
 
-        if params[:format] != 'html' && params[:cachestamp].nil?
-          # maybe not seen, try to find it
-          params.each do |k,v|
-            if k =~ /\A\d+\Z/ && v.nil?
-              params[:cachestamp] = k
-              params.delete(k)
-              break
-            end
-          end
-        end
-
         if params[:prefix] != prefix && !avoid_prefix_redirect
           # lang changed
           set_visitor_lang(params[:prefix])
           redirect_to zen_path(@node, path_params) and return false
         end
 
-        current_url  = append_query_params("/#{params[:prefix]}/#{params[:path].join('/')}", :cachestamp => params[:cachestamp])
+        current_url  = "/#{params[:prefix]}/#{params[:path].join('/')}"
         base_url     = zen_path(@node,
           :prefix => params[:prefix],
           :format => params[:format],
           :mode   => params[:mode],
           :asset  => params[:asset])
-
+        
         if current_url != base_url
           # Badly formed url, redirect
           redirect_to zen_path(@node, path_params) and return false
         end
-
+        
         if should_cachestamp?(@node, params[:format], params[:asset]) &&
-           params[:cachestamp] != make_cachestamp(@node, params[:mode])
+           @cachestamp != make_cachestamp(@node, params[:mode])
           # Invalid cachestamp, redirect
           redirect_to zen_path(@node, path_params) and return false
         end

data/app/controllers/user_sessions_controller.rb

@@ -3,7 +3,8 @@
 Create, destroy sessions by letting users login and logout. When the user does not login, he/she is considered to be the anonymous user.
 =end
 class UserSessionsController < ApplicationController
-  skip_before_filter :set_after_login, :force_authentication?
+  skip_before_filter :set_after_login, :force_authentication?, :redirect_to_https
+  before_filter :session_redirect_to_https
 
   # /login
   def new
@@ -33,9 +34,9 @@ class UserSessionsController < ApplicationController
       @user_session.destroy
       reset_session
       #flash.now[:notice] = _("Successfully logged out.")
-      redirect_to "http://#{current_site.host}#{port}#{params[:redirect] || home_path(:prefix => prefix)}"
+      redirect_to "http://#{current_site.host}#{params[:redirect] || home_path(:prefix => prefix)}"
     else
-      redirect_to "http://#{current_site.host}#{port}#{home_path(:prefix => prefix)}"
+      redirect_to "http://#{current_site.host}#{home_path(:prefix => prefix)}"
     end
   end
 
@@ -55,7 +56,7 @@ class UserSessionsController < ApplicationController
     end
     
     # Overwrite redirect on https rules for this controller
-    def redirect_to_https
+    def session_redirect_to_https
       if params[:action] == 'destroy'
         # ignore
       else

data/app/controllers/versions_controller.rb

@@ -89,29 +89,56 @@ class VersionsController < ApplicationController
   end
 
   # TODO: test/improve or remove (experiments)
+  # https://github.com/samg/diffy
   def diff
-    # source
-    source = @node.version.prop
+    if false
+      # FULL PAGE DIFF
+      
+      # Render with source
+      source_html = render_and_cache :as_string => true
+
+      # target
+      if params[:to].to_i > 0
+        version = secure!(Version) { Version.find(:first, :conditions => ['node_id = ? AND number = ?', @node.id, params[:to]])}
+        # Reload prop
+        @node.prop = version.prop
+      else
+        # default
+        @node.instance_variable_set(:@version, nil)
+      end
 
-    # target
-    if params[:to].to_i > 0
-      version = secure!(Version) { Version.find(:first, :conditions => ['node_id = ? AND number = ?', @node.id, params[:to]])}
-      @node.version = version
+      # Render with target
+      target_html = render_and_cache :as_string => true
+      
+      result = Differ.diff_by_word(target_html, source_html).format_as(:html)
+      
+      render :inline => result # Broken because Differ does not understand html...
     else
-      # default
-      @node.instance_variable_set(:@version, nil)
-    end
-    target = @node.prop
+      # PROP DIFF
 
-    keys = (target.keys + source.keys).uniq
+      # source
+      source = @node.version.prop
 
-    keys.each do |k|
-      target[k] = Differ.diff_by_word(
-        target[k] || '',
-        source[k] || '').format_as(:html).gsub(/(\s+)<\/del>/, '</del>\1')
-    end
+      # target
+      if params[:to].to_i > 0
+        version = secure!(Version) { Version.find(:first, :conditions => ['node_id = ? AND number = ?', @node.id, params[:to]])}
+        @node.version = version
+      else
+        # default
+        @node.instance_variable_set(:@version, nil)
+      end
+      target = @node.prop
+
+      keys = (target.keys + source.keys).uniq
 
-    show
+      keys.each do |k|
+        target[k] = Differ.diff_by_word(
+          target[k] || '',
+          source[k] || '').format_as(:html).gsub(/(\s+)<\/del>/, '</del>\1')
+      end
+
+      show
+    end
   end
 
   # preview when editing node

data/app/models/acl.rb

@@ -15,7 +15,7 @@ class Acl < ActiveRecord::Base
   include RubyLess
 
   safe_method :params  => Zena::Use::ZafuSafeDefinitions::ParamsDictionary
-  safe_method :asset_host?  => Boolean
+  safe_method :asset_host? => {:class => Boolean, :method => 'visitor.asset_host?'}
   safe_method :visitor => User
 
   def safe_method_type(signature, receiver = nil)
@@ -45,11 +45,6 @@ class Acl < ActiveRecord::Base
     @exec_skin ||= secure(Skin) { Skin.find(exec_skin_id) }
   end
 
-  # Returns true if we are on the asset host.
-  def asset_host?
-    @asset_host
-  end
-
   # Make visitor public so that we can use 'visitor' in queries.
   def visitor
     super
@@ -76,7 +71,7 @@ class Acl < ActiveRecord::Base
     def make_query(node, params = {}, request = nil)
       @node   = node
       @params = params
-      @asset_host = request ? request.port.to_i == Zena::ASSET_PORT : false
+      
       query_str = safe_eval(self.query)
 
       # We add a stupid order clause to avoid the 'order by title' thing.

data/app/models/group.rb

@@ -50,7 +50,11 @@ class Group < ActiveRecord::Base
   end
 
   def user_ids=(list)
-    @defined_user_ids = list
+    if public_group? || site_group?
+      # ignore
+    else
+      @defined_user_ids = list
+    end
   end
 
   alias o_users users
@@ -92,7 +96,7 @@ class Group < ActiveRecord::Base
     # Public and admin groups are special. They cannot be destroyed.
     def check_can_destroy
       # do not destroy admin or public groups
-      raise Zena::AccessViolation.new("'admin', 'site' or 'public' groups cannot be destroyed") if visitor.site.protected_group_ids.include?( id )
+      raise Zena::AccessViolation.new("'admin', 'logged-in' or 'public' groups cannot be destroyed") if visitor.site.protected_group_ids.include?( id )
       return can_destroy?
     end
 

data/app/models/link.rb

@@ -1,6 +1,11 @@
 class Link < ActiveRecord::Base
+  include Zena::Use::QueryLink::ModelMethods
+  
   include RubyLess
   safe_attribute :status, :comment, :date
+  # Used in tag cloud
+  safe_method :name  => String
+  safe_method :link_count => Number
 
   attr_reader :relation
   attr_accessor :start, :side
@@ -118,4 +123,13 @@ class Link < ActiveRecord::Base
   def role
     relation_proxy.other_role
   end
+  
+  # Used by tags
+  def name
+    comment
+  end
+  
+  def link_count
+    read_attribute('link_count') || 0
+  end
 end

data/app/models/node.rb

@@ -1487,8 +1487,8 @@ class Node < ActiveRecord::Base
     export_keys[:dates].each do |k, v|
       hash[k] = visitor.tz.utc_to_local(v).strftime("%Y-%m-%d %H:%M:%S")
     end
-
-    hash.merge!('class' => self.klass)
+    
+    hash.merge!('class' => self.klass, 'position' => self.position)
     hash.to_yaml
   end
 

data/app/models/site.rb

@@ -50,6 +50,9 @@ class Site < ActiveRecord::Base
     ['nodes'               , 'site_id = ?'],
   ]
   ACTIONS = %w{clear_cache rebuild_index}
+  PUBLIC_PATH = Bricks.raw_config['public_path'] || '/public'
+  CACHE_PATH  = Bricks.raw_config['cache_path']  || '/public'
+  
   include RubyLess
   safe_method  :host => String, :lang_list => [String], :default_lang => String
   safe_method  :root => Proc.new {|h, r, s| {:method => 'root_node', :class => VirtualClass['Project'], :nil => true}}
@@ -136,8 +139,8 @@ class Site < ActiveRecord::Base
       editors.users << admin_user
 
       # create site group
-      sgroup = site.send(:secure,Group) { Group.create( :name => 'site') }
-      raise Exception.new("Could not create site group for site [#{host}] (site#{site[:id]})\n#{sgroup.errors.map{|k,v| "[#{k}] #{v}"}.join("\n")}") if sgroup.new_record?
+      sgroup = site.send(:secure,Group) { Group.create( :name => 'logged-in') }
+      raise Exception.new("Could not create logged-in group for site [#{host}] (site#{site[:id]})\n#{sgroup.errors.map{|k,v| "[#{k}] #{v}"}.join("\n")}") if sgroup.new_record?
 
       site.public_group_id = pub[:id]
       site.site_group_id   = sgroup[:id]
@@ -231,7 +234,13 @@ class Site < ActiveRecord::Base
   # If you need to serve from another directory, we do not store the path into the sites table
   # for security reasons. The easiest way around this limitation is to symlink the 'public' directory.
   def public_path
-    "/#{self[:host]}/public"
+    "/#{self[:host]}#{PUBLIC_PATH}"
+  end
+  
+  # This is the place where cached files should be stored in case we do not want
+  # to store the cached file inside the public directory.
+  def cache_path
+    "/#{self[:host]}#{CACHE_PATH}"
   end
 
   # Return path for documents data: RAILS_ROOT/sites/_host_/data
@@ -374,7 +383,7 @@ class Site < ActiveRecord::Base
   end
 
   def clear_cache(clear_zafu = true)
-    path = "#{SITES_ROOT}#{self.public_path}"
+    path = "#{SITES_ROOT}#{self.cache_path}"
     Site.logger.error("\n-----------------\nCLEAR CACHE FOR SITE #{host}\n-----------------\n")
 
     if File.exist?(path)

data/app/models/text_document.rb

@@ -15,7 +15,7 @@ class TextDocument < Document
   class << self
     # Return true if a new text document can be created with the content_type. Used by the superclass Document to choose the corret subclass when creating a new object.
     def accept_content_type?(content_type)
-      (content_type =~ /(^text|^image\/svg\+xml|x-javascript)/) && 
+      (content_type =~ /(^text|^image\/svg\+xml|javascript)/) && 
       (Zena::TYPE_TO_EXT[content_type.chomp] != ['rtf'])
     end
 

data/app/models/user.rb

@@ -24,7 +24,7 @@ things they can/cannot do :
 TODO: when a user is 'destroyed', pass everything he owns to another user or just mark the user as 'deleted'...
 =end
 class User < ActiveRecord::Base
-  attr_accessor :zafu_cache
+  attr_accessor :zafu_cache, :asset_host
   
   include Property
   RESCUE_SKIN_ID = -1
@@ -66,7 +66,7 @@ class User < ActiveRecord::Base
   safe_attribute          :login, :time_zone, :created_at, :updated_at, :lang, :id
   safe_method             :initials => String, :status => Number, :status_name => String,
                           :is_anon? => Boolean, :is_admin? => Boolean, :user? => Boolean, :commentator? => Boolean,
-                          :moderated? => Boolean
+                          :moderated? => Boolean, :asset_host? => Boolean, [:in_group?, String] => Boolean
 
   safe_context            :node => node_user_proc,
                           :to_publish => ['Version'], :redactions => ['Version'], :proposed => ['Version'],
@@ -215,6 +215,15 @@ class User < ActiveRecord::Base
     # tested in site_test
     user_site.anon_id == self[:id] && (!new_record? || self[:login].nil?) # (when creating a new site, anon_id == nil)
   end
+  
+  # This is set on the user during login.
+  alias asset_host? asset_host
+  
+  def in_group?(name)
+    @group_names ||= begin
+      groups.all(:order=>'name').map(&:name)
+    end.include?(name)
+  end
 
   # Return true if the user's status is high enough to start editing nodes.
   def user?

data/app/models/virtual_class.rb

@@ -597,7 +597,7 @@ class VirtualClass < Role
         Zena::Db.execute "UPDATE roles SET kpath = '#{new_kpath}' WHERE kpath = '#{old_kpath}' AND site_id = #{current_site.id} AND (type = 'Role' or type IS NULL)"
         # ========================================= Update templates
         idx_templates = IdxTemplate.all(
-          :conditions => ['tkpath = ? AND site_id = ?', old_kpath, site_id]
+          :conditions => ['tkpath = ? AND site_id = ? AND node_id IS NOT NULL', old_kpath, site_id]
         )
 
         if !idx_templates.empty?

data/app/views/groups/_form.rhtml

@@ -33,12 +33,12 @@
       <tr><td class='label'><%= _('replace by') %></td><td><%= select('group', 'replace_by', @groups.map{|g| [g[:name], g[:id]]} , {:include_blank => true}) %></td></tr>
       <% end -%>
       <tr>
-	    <td class='label'><%= _('auto_publish') %></td>
-		<td>
-		  <input type='hidden' name='group[auto_publish]' value=''/>
-		  <input type='checkbox' name='group[auto_publish]' value='1'<%= @group.auto_publish? ? " checked='checked'" : '' %>/> <%= _('auto_publish') %>
-		</td>
-	  </tr>
+      <td class='label'><%= _('auto_publish') %></td>
+    <td>
+      <input type='hidden' name='group[auto_publish]' value=''/>
+      <input type='checkbox' name='group[auto_publish]' value='1'<%= @group.auto_publish? ? " checked='checked'" : '' %>/> <%= _('auto_publish') %>
+    </td>
+    </tr>
       <tr><td colspan='2'><input type='submit' class='btn_validate' value='<%= _('validate') %>'/></td></tr>
     </table>
   </form>

data/app/views/nodes/render_error.rhtml

@@ -0,0 +1,15 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
+  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+
+<html lang='en' xmlns='http://www.w3.org/1999/xhtml'>
+<head>
+  <title>500 Error</title>
+</head>
+
+<body style='font-family:Helvetica, Arial, sans-serif; background:#eee;'>
+  <!-- The zena_error500 is used we running automated tests. Do not change -->
+  <div id='zena_error500' style='display:table; margin:50px auto; background:#aaa; height:200px; width:600px; border:1px solid black; border-radius:8px;'>
+  <%= @render_error %>
+  </div>
+</body>
+</html>

data/app/views/templates/document_create_tabs/_file.rhtml

@@ -1,7 +1,7 @@
 <%= upload_form_tag(:action => 'upload') %>
 <%= hidden_field 'node', 'parent_id', :value=>@node.parent_zip  %>
 <% [:redir, :js, :reload].each do |p|; next unless params[p] %>
-<input type='hidden' name='<%= p %>' value='<%= h params[p] %>'/>
+<input type='hidden' name='<%= p %>' value='<%=h params[p] %>'/>
 <% end %>
 <p class="btn_validate"><input type="submit" value='<%= _('validate') %>'/></p>
 

data/app/views/templates/document_create_tabs/_import.rhtml

@@ -1,7 +1,7 @@
 <%= upload_form_tag( :controller => 'nodes', :action => 'import', :id => @node.parent_zip ) %>
 <p class="btn_validate"><input type="submit" value='<%= _('validate') %>'/></p>
 <% [:redir, :js, :reload].each do |p|; next unless params[p] %>
-<input type='hidden' name='<%= p %>' value='<%= h params[p] %>'/>
+<input type='hidden' name='<%= p %>' value='<%=h params[p] %>'/>
 <% end %>
 
 <%= upload_field %>

data/app/views/templates/document_create_tabs/_template.rhtml

@@ -2,7 +2,7 @@
 <%= hidden_field 'node', 'parent_id', :value => @node.parent_zip  %>
 <p class="btn_validate"><input type="submit" onclick="$('loader').style.visibility = 'visible';" value='<%= _('validate') %>'/></p>
 <% [:redir, :js, :reload].each do |p|; next unless params[p] %>
-<input type='hidden' name='<%= p %>' value='<%= h params[p] %>'/>
+<input type='hidden' name='<%= p %>' value='<%=h params[p] %>'/>
 <% end %>
 
 <input type='hidden' name='node[klass]' value='Template'/>

data/app/views/templates/document_create_tabs/_text_document.rhtml

@@ -2,7 +2,7 @@
 <%= hidden_field 'node', 'parent_id', :value=>@node.parent_zip  %>
 <p class="btn_validate"><input type="submit" onclick="$('loader').style.visibility = 'visible';" value='<%= _('validate') %>'/></p>
 <% [:redir, :js, :reload].each do |p|; next unless params[p] %>
-<input type='hidden' name='<%= p %>' value='<%= h params[p] %>'/>
+<input type='hidden' name='<%= p %>' value='<%=h params[p] %>'/>
 <% end %>
 
 <label for='node_content_type'><%= _('content type') %></label>

data/app/views/templates/edit_tabs/_title.rhtml

@@ -7,7 +7,7 @@
 <label for='v_lang'><%= _("language") %></label>
 <% if @node.vclass.monolingual?
   if @node.new_record?
-	selected = current_site.default_lang
+  selected = current_site.default_lang
   else
     selected = @node.v_lang == visitor.lang ? @node.v_lang : current_site.default_lang
   end

data/app/views/zafu/default/Node-admin.zafu

@@ -88,7 +88,7 @@
       <div id='form' do='form'>
         <r:if test='can_edit?' do='default' label='t'>
           <r:input type='submit'/>
-          <input type='hidden' name='redir' value='#{path(this, :mode =&gt; "admin")}'/>
+          <input type='hidden' name='redir' value='#{path(this, :mode => "admin")}'/>
           <div do='vclass' do='roles'>
             <fieldset do='each'>
               <legend do='name'/>

data/bricks/acls/zena/test/integration/acl_integration_test.rb

@@ -16,7 +16,7 @@ class AclIntegrationTest < Zena::Integration::TestCase
       should 'find nodes' do
         get "http://erebus.host/oo/project#{nodes_zip(:over_zeus)}.html"
         assert_response :success
-        assert_match %r{there is "A plan to overrule Zeus"}, response.body
+        assert_match %r{there is &quot;A plan to overrule Zeus&quot;}, response.body
       end
     end # with normal access
 
@@ -48,7 +48,7 @@ class AclIntegrationTest < Zena::Integration::TestCase
 
         should 'render with forced skin' do
           get "http://erebus.host/oo/project#{nodes_zip(:queen)}.html"
-          assert_match %r{you can see \"My Queen\"}, response.body
+          assert_match %r{you can see &quot;My Queen&quot;}, response.body
         end
 
         should 'find items in view with exec_group' do

data/bricks/acls/zena/test/unit/acl_test.rb

@@ -61,7 +61,8 @@ class AclTest < Zena::Unit::TestCase
         end
         assert subject.update_attributes(:query => "'nodes where 1 = \#{asset_host? ? 1 : 0} in site'")
         assert_nil subject.authorize?(base_node, {:id => nodes_zip(:over_zeus)}, mock_request)
-        assert_equal 'A plan to overrule Zeus', subject.authorize?(base_node, {:id => nodes_zip(:over_zeus)}, mock_request(:get, {}, 80)).title
+        visitor.asset_host = true
+        assert_equal 'A plan to overrule Zeus', subject.authorize?(base_node, {:id => nodes_zip(:over_zeus)}, mock_request).title
       end
     end # saving an acl with asset_host in query
 

data/bricks/fs_skin/zena/migrate/20110702010330_add_fs_skin_to_idx_templates.rb

@@ -8,5 +8,6 @@ class AddFsSkinToIdxTemplates < ActiveRecord::Migration
   def self.down
     remove_index  :idx_templates, :name => "index_idx_templates_on_fs_skin"
     remove_column :idx_templates, :fs_skin
+    remove_column :idx_templates, :path
   end
 end