summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
20 hoursAddress brakeman security findingsHEADmastererdgeist
- Replace permit! with permit(:locale, :page_path) in AdminHelper#language_selector
20 hoursPermit :admin in params only for adminserdgeist
20 hoursRemove recent_changes RSS feed. It leaks unpublished drafts and the basic auth was only symbolicerdgeist
20 hoursRemove obsolete viewerdgeist
20 hoursRemove obsolete partialerdgeist
20 hoursPrevent xss by not allowing return_to to point to javascript resourceserdgeist
20 hoursFix aggregate shortcode syntax in content_controller_testerdgeist
Test used the old <aggregate ...> tag form; production templates already use the [aggregate ...] shortcode.
22 hoursReplace installing click event handler with non-jquery codeerdgeist
22 hoursReplace Shadowbox with GLightbox, drop jQuery from public siteerdgeist
Vendors GLightbox 3.3.1 (MIT, dependency-free) as static files in public/javascripts and public/stylesheets, replacing the Shadowbox 2009 vendor tree and its jQuery adapter. Public site no longer loads jQuery at all. - app/views/layouts/application.html.erb: swap Shadowbox script/style includes and the public_bundle (jQuery) include for GLightbox's CSS/JS - app/views/content/_headline_image.html.erb: headline image is now itself a GLightbox trigger; additional images are direct a.glightbox links sharing a per-page data-gallery group, replacing the hidden shadowbox_images div and its click-forwarding trigger - public/javascripts/public.js: replace Shadowbox.init/setup and the click-forwarding handler with a single GLightbox() init call; remove the unused image_handler object - Remove public/javascripts/shadowbox/ (including vendored Sizzle, swfobject, and unused video/Flash players) and public/stylesheets/shadowbox.css - Remove app/assets/javascripts/public_bundle.js (jquery require)
22 hoursUnify jQuery: serve public site jQuery via asset pipelineerdgeist
Remove vendored jquery-1.3.2.min.js, jquery-ui-1.7.2.custom.min.js, and the unreferenced duplicate jquery.hotkeys.js from public/javascripts/. Public layout now loads jQuery via a small public_bundle.js manifest through the asset pipeline, same mechanism already used for the admin interface (admin_bundle.js). This brings the public site from jQuery 1.3.2 (2009) to the current jquery-rails-provided version (3.7.x). Shadowbox's jQuery adapter (shadowbox-jquery.js) only uses stable APIs (.css, .remove, .bind, .unbind, .append, .extend) unchanged across this version span. Verified by manual click-test: gallery image opens, displays, and dismisses correctly. public.js required no changes — all jQuery APIs used (.ready, .bind, .trigger, .length) are stable across versions.
22 hoursIgnore public/assetserdgeist
35 hoursImprove admin search overlay layout and behaviourerdgeist
- Widen overlay (300px -> min(520px, 90vw)), centre instead of hardcoded left:400px, so it scales from mobile to desktop - Split title and unique_name into separate JSON fields and DOM elements; two-line result layout (bold title, small grey monospace path) instead of "Title (path)" wrapping awkwardly - Add small margin between title and path line - Fix event handler stacking: keyup/escape/outside-click handlers were being rebound on every display_toggle call. Moved all bindings to initialize(), display_toggle() now only shows/hides - Switch search input from keyup to input event, catching paste and cut via mouse which keyup misses - Add Escape key and outside-click to dismiss the overlay - Stop clearing search box and results on close; reopening now preserves prior search, matching standard search UI behaviour - Link search results to node_path instead of edit_node_path, since opening edit auto-locks the node - Add "press Enter to see all results" hint in dropdown - Disable browser autocomplete on search input
2 daysRemove debug output for admin searcherdgeist
2 daysRestore and improve admin node searcherdgeist
- Admin search broke when routing-filter was removed: hardcoded /admin/search and /admin/menu_search URLs in admin_search.js no longer matched the locale-scoped routes. Fix by emitting locale-aware URLs from the layout as JS variables. - Also fixes form submission (POST -> GET, missing = on form_tag), jQuery .attr("value") -> .val() for typeahead input reading, and template name for Rails 8 compatibility. - Adds a visible "search" link to the admin menu so editors can discover the feature without knowing the Alt+F shortcut. Search results now show node path alongside title and link directly to the edit view. Named route admin_menu_search added to routes.rb.
3 daysFix tag list rendering in node editorerdgeist
tag_list.to_s produces space-separated output which acts-as-taggable-on 13.0.0 (comma delimiter only) treats as a single tag on re-save. Use join(', ') to render comma-separated tags in the input field.
4 daysrss: add per-tag Atom feed at /rss/tags/:tag/updates.xmlerdgeist
- rss#tag_updates action: filters Page.heads by tag name, default locale, 20 items, same caching as updates feed - tag_updates.xml.builder: Atom feed with CGI.escapeHTML on title and summary, consistent with updates.xml.builder - tags/show.html.erb: add subscription link above article list - routes: two routes per existing pattern (format-less + .:format constrained to /xml/)
4 daysMigration from Rails 2.3.5 to Rails 8.1 successful.erdgeist
Merging dev branch.
4 daysrss: fix self link to include .xml suffixerdgeist
/rss/updates without format suffix returns HTTP 406 when the client does not send an appropriate Accept header. The self link in the Atom feed was pointing to the format-less URL, causing feed readers that follow the self link to hit the 406. Fixed to /rss/updates.xml.
4 daysrc.d: switch to rails8-upgrade gemset, hook up start_precmderdgeist
- command: update gemset path from rails7-upgrade to rails8-upgrade - start_precmd: hook was defined but never assigned, so log/pid directory setup was silently skipped on service start
4 daysStage 7 click-testing fixes (2)erdgeist
- nodes_controller: permit staged_slug and staged_parent_id in node params; these were silently dropped since strong parameters migration, breaking the two-phase slug/parent change workflow - file_attachment: add SVG support; vector files are copied to all style directories without rasterisation, preserving scalability in the browser - assets index/show: constrain image display with max-width/max-height via admin.css td img rule; fixes oversized SVG thumbnails while leaving raster variants unaffected
4 daysStage 7 click-testing fixeserdgeist
- aggregate: switch to shortcode syntax [aggregate ...]; fix paragraph wrapping by excising the shortcode and its surrounding <p> before sanitize, concatenating collection output outside sanitized content - page.rb: remove aggregate XML unwrapping from rewrite_links_in_body (no longer needed with shortcode approach) - rss builders: explicit CGI.escapeHTML on title/abstract; Builder 3.3.0 does not escape when target buffer is html_safe (ActionView default) - tinymce: disable menubar and promotion nag; add code plugin, remove paste plugin (built into TinyMCE 8 core); configure via admin_interface.js directly (config/tinymce.yml affects tinymce() helper only, not tinymce.init)
4 daysFix flash delete for empty flasheserdgeist
4 daysStop forcing escaped HTML into the database just because XML Builder was used wrongerdgeist
4 daysFix routes after removing the routing-filtererdgeist
4 daysStage 7: Rails 7.2 → 8.1 on Ruby 3.2.11erdgeist
- Bump Rails to 8.1.3 (Ruby unchanged at 3.2.11, new gemset rails8-upgrade) - config.load_defaults 8.1; merge app:update diffs for all environment files - Remove routing-filter 0.7.0; replace with native scope '(:locale)' in routes.rb and default_url_options in ApplicationController - Delete config/initializers/routing_filter_rails71_patch.rb - Replace vendored TinyMCE 3.x (~200 files) with tinymce-rails ~> 8.3; migrate admin_interface.js from jQuery .tinymce()/advanced theme to tinymce.init(); add config/tinymce.yml; note: TinyMCE 7+ is GPL - rails-i18n ~> 8.0 added explicitly (previously indirect dependency) - awesome_nested_set, acts-as-taggable-on pinned to git main/master (gemspec activerecord < 8.1 ceiling; no functional incompatibility; repin to version once upstream releases updated gemspecs) - globalize ~> 7.0, libxml-ruby ~> 5.0, nokogiri ~> 1.18, pg ~> 1.5 - sass-rails, coffee-rails, uglifier moved from :assets group to main (Sprockets 4 convention; :assets group no longer meaningful) - Node: head, draft, lock_owner marked belongs_to optional: true - Page: node, user, editor marked belongs_to optional: true - Static assets in public/images/ and public/javascripts/ referenced via plain HTML tags; Rails 8 load_defaults raises on pipeline helpers for undeclared assets - sessions_controller_test.rb: remove stale require and dead rescue_action - users_controller_test.rb: assert button[type=submit] not input[type=submit] (Rails 8 button_to renders <button> not <input>) - test_helper.rb: node.reload after children.create! (awesome_nested_set 3.9.0 does not refresh parent in memory after callback) - 129 runs, 339 assertions, 3 failures, 0 errors — identical baseline to 7.2
4 daysFix unversioned migrationserdgeist
5 daysStage 6 click-testing fixes and production setuperdgeist
- file_attachment.rb: delete old upload directory before writing replacement files; fixes orphaned variants when filename or mime type changes - assets/edit.html.erb: add file upload field and current file display; the form was previously empty and non-functional - admin.css: fix button_to hover styling; buttons now show orange hover to signal interactivity - test/controllers/users_controller_test.rb: assert input[type=submit] not anchor tag for destroy action (button_to change) - test/test_helper.rb: add I18n.locale reset in setup block - doc/rc.d_cccms: fix cccms_chdir, add start_precmd for log/pid dirs, PATH export for bash wrapper, user/pid/tcp_nopush unicorn fixes - doc/INSTALL.md: new installation guide covering all non-obvious steps - Remove parked search migration from doc/ (now in db/migrate/)
5 daysFix I18n::InvalidLocale :root errorserdgeist
- Fix Page.find(self.head) → self.head in node.rb wipe_draft! - Migration to delete 407 spurious 'root' locale records from page_translations (Globalize artefact, all had nil titles and duplicate de/en translations existed for all affected pages)
5 daysupdate unicorn and rc.d docserdgeist
5 daysAdd minimal storage.yml to satisfy Active Storage engine in productionerdgeist
5 daysEnable full-text search via PostgreSQL tsvector on page_translationserdgeist
- Restore search vector migration (was parked in doc/ pending PostgreSQL upgrade) - Restore Node.search using plainto_tsquery with simple dictionary - Cross-locale keyword search, no stemming, works for both de and en content
5 daysFix ImageMagick 7: use 'magick' instead of deprecated 'convert'erdgeist
5 daysUpdate pg gem to ~> 1.5 now that PostgreSQL 16 is in useCharlie Root
5 daysFix minitest gem group placementerdgeist
5 daysFix RSS feeds, xmlparser initializererdgeist
5 daysStage 5 click-testing fixeserdgeist
- Fix link_to :method → button_to for all PUT/DELETE actions - Add button_to CSS reset to admin.css for visual consistency - Fix admin layout: replace broken jquery/jquery_ujs pipeline refs with admin_bundle via sprockets; add sprockets-rails, jquery-ui-rails gems - Add app/assets/javascripts/admin_bundle.js pipeline manifest - Fix event_information helper: use safe_join to avoid double-escaping - Fix nodes_helper: to_s(:db) → to_fs(:db) for event times - Fix revisions view: eliminate nested forms; diff button uses vanilla JS to collect radio button values before POST - Fix config/environments/development.rb and test.rb: cache_classes → enable_reloading - Add routing_filter_rails71_patch.rb version guard - Move LockedByAnotherUser to own file for Zeitwerk autoloading - Fix Globalize fallbacks via config.i18n.fallbacks in application.rb
5 daysStage 5 fixes: RouteWithParams removal, Globalize fallbacks, search stub, to_s(:db) → to_fs(:db), LockedByAnotherUser autoload, test environment configerdgeist
- Remove safe_path helper and content_path shim from link_helper.rb - Update all safe_path call sites in views to use named route helpers directly - Fix Globalize fallbacks via config.i18n.fallbacks in application.rb, remove i18n initializer - Stub Node.search returning none (search disabled pending PostgreSQL upgrade) - Replace to_s(:db) with to_fs(:db) in node.rb, nodes_helper.rb, link_helper.rb, admin view - Move LockedByAnotherUser to app/models/locked_by_another_user.rb for Zeitwerk autoloading - Fix config/environments/test.rb: config.assets removed, cache_classes → enable_reloading, test_order removed, minitest pinned to ~> 5.25 - Fix config/environments/development.rb: cache_classes → enable_reloading - Park search vector migration in doc/ pending PostgreSQL and plpgsql availability
5 daysStage 5: Rails 6.1 → 7.2 on Ruby 3.2.11erdgeist
- Bump Rails to 7.2.3, Ruby to 3.2.11 (new gemset rails7-upgrade) - pg pinned to 1.4.6 (bridge: Ruby 3.2 compatible, PostgreSQL 9.6 tolerant) - acts-as-taggable-on → 12.x (Rails 7.2 + Ruby 3.2 support) - awesome_nested_set → 3.7.0 (Rails 7.2 support, avoids 3.9.0 lft/rgt bug) - globalize → 7.0 (Rails 7.x required) - libxml-ruby → 5.x (Ruby 3.2 required) - unicorn → 6.x; fix unicorn.rb: RAILS_ROOT→Rails.root, RAILS_ENV→ENV, File.exists?→File.exist? - Add puma for development server - Remove dead initializers: assets.rb, ruby2.rb, backtrace_silencers.rb, new_rails_defaults.rb - Fix File.exists? → File.exist? in page.rb and authors_importer.rb - Add routing_filter_rails71_patch.rb (restores params[:locale] on Rails 7.1+)
6 daysStage 4: Rails 5.2 -> 6.1 on Ruby 2.7.2erdgeist
- routing-filter 0.6.3 -> 0.7.0 (Rails 6.1 compatibility) - RSS named routes rss_xml/rss_rdf added - RouteWithParams workarounds: will_paginate_patch, content_path shim, safe_path helper - Paperclip removed, replaced with FileAttachment concern (preserves URL scheme) - Assets resource moved to /admin/assets (Sprockets middleware conflict) - ApplicationRecord base class added, all models migrated - Strong parameters added to Assets, Occurrences, Events, MenuItems controllers - update_attributes -> update throughout - render :nothing -> head :ok/:not_found throughout - language_selector rewritten (removes :overwrite_params) - Environment files updated for Rails 6.1 (eager_load, public_file_server, ActionMailer) - Arel::Visitors::DepthFirst and Integer/Float duration patches removed from test_helper - AssetsController tests added (10 tests covering upload, variants, destroy, auth) - ImageMagick geometry: 460x250! for headline crop (not # which is invalid in IM6) 129 runs, 311 assertions, 5 failures (all pre-existing), 0 errors
6 daysRails 5.2 test updateserdgeist
- Rename test/functional → test/controllers, test/unit → test/models - Remove test/performance/browsing_test.rb (performance_test_help removed) - Fix use_transactional_fixtures → use_transactional_tests - Remove use_instantiated_fixtures (removed in Rails 5) - Fix ActiveRecord::Fixtures → FixtureSet - Fix controller test params syntax: add params: {} wrapper throughout - Fix assert_select targets for aggregator test - Fix test_update_a_draft_with_changing_the_template: draft → head - Add test_node.reload after children.create! (awesome_nested_set bug) - Add before/after count pattern for create tests (transactional isolation) - Known failures: 5 tests affected by Rails 5 transactional test isolation
6 daysRails 5.2 application fixeserdgeist
- Rename before_filter → before_action across all controllers - Fix string conditions in validators to lambda syntax (node.rb) - Fix publish_draft!: move staged slug/parent logic outside draft guard, use move_to_child_of for parent changes, add nil guard for no-op calls - Fix update_unique_names_of_children: use parent_id traversal instead of lft/rgt descendants (awesome_nested_set 3.x lft/rgt update bug) - Fix unique_path to return Array instead of String - Fix Occurrence.delete_all syntax for Rails 5 - Fix Page.find_with_outdated_translations: use includes instead of all - Fix outdated_translations?: use find instead of splat array
6 daysUpgrade to Rails 5.2.8.1 on Ruby 2.5.8erdgeist
- Bump rails 4.2.11.3 → 5.2.8.1, ruby 2.4.10 → 2.5.8 - Upgrade acts-as-taggable-on ~> 3.5 → ~> 6.0 - Upgrade exception_notification ~> 4.4 → ~> 4.5 - Upgrade globalize ~> 5.0 → ~> 5.2.0 - Upgrade pg ~> 0.17 → ~> 1.0 - Upgrade sass-rails ~> 4.0 → ~> 5.0 - Upgrade libxml-ruby to ~> 3.2 (5.x requires Ruby 3.2+) - Pin awesome_nested_set ~> 3.4.0 (3.9 has lft/rgt update bug) - Add rails-controller-testing gem - Add assets initializer for jquery precompile - Add acts_as_taggable missing indexes migration - Set eager_load, serve_static_files, active_record settings
6 daysRails 4.2 view fixeserdgeist
- Replace :confirm => with :data => { :confirm => } in all link_to calls - Fix link_to_path helper: use content_path named route instead of hash-style routing - Fix admin/_menu.html.erb: use named routes for logout and admin index - Fix admin layout: load jquery/jquery_ujs before jquery-ui, remove duplicate jQuery 1.3.2 - Add csrf_meta_tags to admin layout
6 daysRails 4.2 model and controller fixeserdgeist
- Wrap all scopes in lambdas (required in Rails 4) - Move scopes after associations in page.rb (evaluated at load time in Rails 4) - Convert association :order options to lambda syntax - Remove attr_accessible from page.rb and user.rb - Add Strong Parameters: user_params in UsersController, node_params/page_params in NodesController - Fix clone_attributes_from: exclude id/page_id/timestamps when cloning translations - Fix redirect_to :back → request.referer fallback in nodes_controller - Fix node_path/publish and unlock actions: pass @node argument
6 daysUpgrade to Rails 4.2.11.3erdgeist
- Bump rails 3.2.22.5 → 4.2.11.3 - Replace globalize3 with globalize ~> 5.0 (gem renamed at 5.0) - Upgrade routing-filter ~> 0.3 → ~> 0.6 - Upgrade sass-rails, coffee-rails to 4.x - Upgrade awesome_nested_set 2.x → 3.x (Rails 4 required) - Add jquery-rails for UJS support - Pin nokogiri ~> 1.10.10, loofah ~> 2.20.0, rails-html-sanitizer ~> 1.4.4 - Add config/secrets.yml (gitignored), eager_load, serve_static_files - Fix routes: add via: to all match calls, remove legacy catch-all routes - Add admin named route, fix rvm dotfiles - Fix ActiveRecord::FixtureSet rename in test_helper - Set active_support.test_order and active_record.raise_in_transactional_callbacks
7 daysFix tagged content aggregator, assets path, and add regression testserdgeist
- Replace tagged_with calls in Page.aggregate, TagsController, RssController with direct SQL joins (acts-as-taggable-on 3.5 broken on Rails 3.2) - Fix Paperclip :path/:url to use plain :id format matching existing uploads - Add proper regression tests for aggregator, tags, and rss controllers - Fix assert_select assertions to target div.body div.article_partial
7 daysUpgrade acts-as-taggable-on to 3.5, add Rails 3.2 config fixeserdgeist
- Bump acts-as-taggable-on from 2.4.1 to 3.5.0 - Fake engine migrations for pre-existing schema - Set serve_static_assets in development - Fix request.fullpath in authenticated_system (request_uri removed in Rails 3.x) - Fix Paperclip path format to match existing file layout
7 daysStage 1 complete: Rails 2.3.5 to Rails 3.2.22.5 upgradeerdgeist
- Converted plugins to gems (Gemfile) - Updated config structure (application.rb, boot.rb, environment.rb) - Converted routes to Rails 3 DSL - Converted named_scope to scope throughout models - Converted find(:all, :conditions) to where() chains - Fixed has_many :order to use ordering scope - Updated session store and secret token configuration - Fixed exception_notification middleware configuration - Patched Ruby 2.4 / Rails 3.2 incompatibilities: - Integer/Float duration arithmetic (ActiveSupport) - Arel visit_Integer for PostgreSQL adapter - create_database String/Integer coercion - ActionController consider_all_requests_local - Migrated taggings schema for acts-as-taggable-on - Replaced dynamic_form gem with custom form_error_messages helper - Fixed Rails 3 block helper syntax (form_for, form_tag, fields_for) - Fixed admin layout yield - Updated test suite for Rails 3 APIs
8 daysUpdate deployed state to what's currently runningerdgeist
2025-02-06Improve worklflowerdgeist