Merge remote-tracking branch 'gitorious/master'

12 files changed, 46 insertions, 41 deletions

diff --git a/Gemfile b/Gemfile
index 7aef161..cbfbb09 100644
--- a/Gemfile
+++ b/Gemfile
@@ -1,6 +1,6 @@
 source "http://rubygems.org"
 
-gem "rails", "2.3.14"
+gem "rails", "2.3.16"
 gem "chronic", "0.3.0"
 gem "geoip", "0.8.9"
 gem "daemons", "1.1.0", :require => false
diff --git a/Gemfile.lock b/Gemfile.lock
index f74be46..12f7e01 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -8,22 +8,22 @@ GEM
   remote: http://rubygems.org/
   specs:
     SystemTimer (1.2.3)
-    actionmailer (2.3.14)
-      actionpack (= 2.3.14)
-    actionpack (2.3.14)
-      activesupport (= 2.3.14)
+    actionmailer (2.3.16)
+      actionpack (= 2.3.16)
+    actionpack (2.3.16)
+      activesupport (= 2.3.16)
       rack (~> 1.1.0)
     activemessaging (0.7.1)
       activesupport (>= 1.0.0)
-    activerecord (2.3.14)
-      activesupport (= 2.3.14)
+    activerecord (2.3.16)
+      activesupport (= 2.3.16)
     activerecord-jdbc-adapter (1.2.2.1)
     activerecord-jdbcmysql-adapter (1.2.2.1)
       activerecord-jdbc-adapter (~> 1.2.2.1)
       jdbc-mysql (~> 5.1.0)
-    activeresource (2.3.14)
-      activesupport (= 2.3.14)
-    activesupport (2.3.14)
+    activeresource (2.3.16)
+      activesupport (= 2.3.16)
+    activesupport (2.3.16)
     acts-as-taggable-on (2.0.6)
     addressable (2.2.8)
     after_commit (1.0.10)
@@ -90,15 +90,15 @@ GEM
       mime-types
     proxymachine (1.2.4)
       eventmachine (>= 0.12.10)
-    rack (1.1.3)
+    rack (1.1.5)
     rack-test (0.6.2)
       rack (>= 1.0)
-    rails (2.3.14)
-      actionmailer (= 2.3.14)
-      actionpack (= 2.3.14)
-      activerecord (= 2.3.14)
-      activeresource (= 2.3.14)
-      activesupport (= 2.3.14)
+    rails (2.3.16)
+      actionmailer (= 2.3.16)
+      actionpack (= 2.3.16)
+      activerecord (= 2.3.16)
+      activeresource (= 2.3.16)
+      activesupport (= 2.3.16)
       rake (>= 0.8.3)
     raindrops (0.10.0)
     rake (0.8.7)
@@ -192,7 +192,7 @@ DEPENDENCIES
   oauth (= 0.4.4)
   paperclip (~> 2.7.2)
   proxymachine (= 1.2.4)
-  rails (= 2.3.14)
+  rails (= 2.3.16)
   rake (= 0.8.7)
   rdiscount (= 1.3.1.1)
   resque (= 1.9.8)
diff --git a/app/controllers/blobs_controller.rb b/app/controllers/blobs_controller.rb
index 677bea7..df6dd9d 100644
--- a/app/controllers/blobs_controller.rb
+++ b/app/controllers/blobs_controller.rb
@@ -65,7 +65,7 @@ class BlobsController < ApplicationController
     @ref, @path = branch_and_path(params[:branch_and_path], @git)
     if @git.git.cat_file({:t => true}, @ref) == "blob"
       @blob = @git.blob(@ref)
-      if @blob.size > 500.kilobytes
+      if @blob.size > eval(GitoriousConfig["max_download_blob_size"] || '500.kilobytes')
         flash[:error] = I18n.t "blobs_controller.raw_error", :size => @blob.size
         redirect_to project_repository_path(@project, @repository) and return
       end
@@ -80,12 +80,12 @@ class BlobsController < ApplicationController
       if stale?(:etag => Digest::SHA1.hexdigest(@commit.id + params[:branch_and_path].join), :last_modified => @commit.committed_date.utc)
         @blob = @git.tree(@commit.tree.id, ["#{@path.join("/")}"]).contents.first
         render_not_found and return unless @blob
-        if @blob.size > 500.kilobytes
+        if @blob.size > eval(GitoriousConfig["max_download_blob_size"] || '500.kilobytes')
           flash[:error] = I18n.t "blobs_controller.raw_error", :size => @blob.size
           redirect_to project_repository_path(@project, @repository) and return
         end
         expires_in 30.minutes
-        headers["Content-Disposition"] = %[attachment;filename="#{@blob.name}"]
+#        headers["Content-Disposition"] = %[attachment;filename="#{@blob.name}"]
         render :text => @blob.data, :content_type => @blob.mime_type
       end
     end
diff --git a/app/helpers/blobs_helper.rb b/app/helpers/blobs_helper.rb
index 1649066..5d2c419 100644
--- a/app/helpers/blobs_helper.rb
+++ b/app/helpers/blobs_helper.rb
@@ -21,7 +21,7 @@
 module BlobsHelper
   include RepositoriesHelper
   include TreesHelper
-  
+
   HIGHLIGHTER_TO_EXT = {
     "apollo"=> /\.(apollo|agc|aea)$/,
     "css"   => /\.css$/,
@@ -37,21 +37,21 @@ module BlobsHelper
     "wiki"  => /\.(mediawiki|wikipedia|wiki)$/,
     "yaml"  => /\.(yaml|yml)$/,
   }
-  
+
   ASCII_MIME_TYPES_EXCEPTIONS = [ /^text/ ]
-  
+
   def textual?(blob)
     !binary?(blob)
   end
-  
+
   def binary?(blob)
     blob.binary?
   end
-  
+
   def image?(blob)
     blob.mime_type =~ /^image/
   end
-  
+
   def highlightable?(blob)
     if File.extname(blob.name) == ""
       return false
@@ -61,13 +61,13 @@ module BlobsHelper
     end
     true
   end
-  
+
   def language_of_file(filename)
     if lang_tuple = HIGHLIGHTER_TO_EXT.find{|lang, matcher| filename =~ matcher }
       return lang_tuple.first
     end
   end
-  
+
   def render_highlighted(text, filename, code_theme_class = nil)
     render_highlighted_list(text.to_s.split("\n"), filename, {:code_theme_class => code_theme_class})
   end
@@ -97,9 +97,9 @@ module BlobsHelper
     out << "</table>"
     out.join("\n")
   end
-  
+
   def too_big_to_render?(size)
-    size > 350.kilobytes
+    size > eval(GitoriousConfig["max_render_blob_size"] || '350.kilobytes')
   end
 
   class BlameRenderer
@@ -109,7 +109,7 @@ module BlobsHelper
       @project = project
       @repository = repository
     end
-    
+
     def blame_info_for_commit(commit)
       return %Q{<td class="blame_info unchanged"></td>} if commit.id == @previous_sha
       author = commit.author.name
@@ -120,6 +120,6 @@ module BlobsHelper
       first = ' first' if not @previous_sha
       @previous_sha = commit.id
       %Q{<td class="blame_info#{first}">#{commit_link}</td>}
-    end    
+    end
   end
 end
diff --git a/app/views/layouts/_common_head.html.erb b/app/views/layouts/_common_head.html.erb
index 4bb433c..c161371 100644
--- a/app/views/layouts/_common_head.html.erb
+++ b/app/views/layouts/_common_head.html.erb
@@ -30,4 +30,5 @@
 <%= yield :extra_head -%>
 <!--[if IE 8]><link rel="stylesheet" href="/stylesheets/ie8.css" type="text/css"><![endif]-->
 <!--[if IE 7]><link rel="stylesheet" href="/stylesheets/ie7.css" type="text/css"><![endif]-->
+<%= csrf_meta_tag %>
 <%= GitoriousConfig["extra_html_head_data"] -%>
diff --git a/app/views/users/show.html.erb b/app/views/users/show.html.erb
index 05723c5..43fec68 100644
--- a/app/views/users/show.html.erb
+++ b/app/views/users/show.html.erb
@@ -39,6 +39,7 @@
             </li><% end -%>
           <li>
             <%= t("views.users.member_for") %> <%= time_ago_in_words(@user.created_at) %>
+            <% if @user.suspended? -%>(suspended)<% end -%>
           </li>
         </ul>
       </div>
diff --git a/config/environment.rb b/config/environment.rb
index 7745b74..393eebc 100644
--- a/config/environment.rb
+++ b/config/environment.rb
@@ -4,7 +4,7 @@
 # you don't control web/app server and can't set it the proper way
 
 # Specifies gem version of Rails to use when vendor/rails is not present
-RAILS_GEM_VERSION = '2.3.14' unless defined? RAILS_GEM_VERSION
+RAILS_GEM_VERSION = '2.3.16' unless defined? RAILS_GEM_VERSION
 
 # Bootstrap the Rails environment, frameworks, and default configuration
 require File.join(File.dirname(__FILE__), 'boot')
diff --git a/config/gitorious.sample.yml b/config/gitorious.sample.yml
index 312bc30..c70dbfe 100644
--- a/config/gitorious.sample.yml
+++ b/config/gitorious.sample.yml
@@ -222,6 +222,12 @@ production:
   # Mangle visible e-mail addresses (spam protection)
   #mangle_email_addresses: true
 
+  # The maximum size of a raw blob that can be downloaded.
+  #max_download_blob_size: 500.kilobytes
+
+  # The maximum size of a text blob that can be rendered.
+  #max_render_blob_size: 350.kilobytes
+
   # Available project licenses. This can be configured as an array of licenses:
   #
   # licenses:
diff --git a/lib/gitorious.rb b/lib/gitorious.rb
index bcacdf3..2880d02 100644
--- a/lib/gitorious.rb
+++ b/lib/gitorious.rb
@@ -1,6 +1,6 @@
 # encoding: utf-8
 #--
-#   Copyright (C) 2011 Gitorious AS
+#   Copyright (C) 2011-2013 Gitorious AS
 #
 #   This program is free software: you can redistribute it and/or modify
 #   it under the terms of the GNU Affero General Public License as published by
@@ -16,5 +16,5 @@
 #   along with this program.  If not, see <http://www.gnu.org/licenses/>.
 #++
 module Gitorious
-  VERSION = "2.4.4"
+  VERSION = "2.4.6"
 end
diff --git a/public/javascripts/gitorious/jquery.js b/public/javascripts/gitorious/jquery.js
index e6c0ce4..0974456 100644
--- a/public/javascripts/gitorious/jquery.js
+++ b/public/javascripts/gitorious/jquery.js
@@ -25,6 +25,7 @@
 $.ajaxSetup({
     "beforeSend": function (xhr) {
         xhr.setRequestHeader("Accept", "text/javascript");
+	xhr.setRequestHeader('X-CSRF-Token', $('meta[name="csrf-token"]').attr('content'))
     },
 
     "complete": function () {
diff --git a/test/functional/blobs_controller_test.rb b/test/functional/blobs_controller_test.rb
index a37db1b..180a281 100644
--- a/test/functional/blobs_controller_test.rb
+++ b/test/functional/blobs_controller_test.rb
@@ -120,7 +120,6 @@ class BlobsControllerTest < ActionController::TestCase
         blob_mock.expects(:data).returns("blabla")
         blob_mock.expects(:size).returns(200.kilobytes)
         blob_mock.expects(:mime_type).returns("text/plain")
-        blob_mock.expects(:name).returns("README.doc")
         commit_stub = mock("commit")
         commit_stub.stubs(:id).returns("a"*40)
         commit_stub.stubs(:tree).returns(commit_stub)
@@ -139,7 +138,6 @@ class BlobsControllerTest < ActionController::TestCase
         assert_equal "blabla", @response.body
         assert_equal "text/plain", @response.content_type
         assert_equal "max-age=1800, private", @response.headers['Cache-Control']
-        assert_equal %[attachment;filename="README.doc"], @response.headers["Content-Disposition"]
       end
 
       should "get the blob data from a blob sha and render it as text/plain" do
@@ -255,7 +253,6 @@ class BlobsControllerTest < ActionController::TestCase
         blob_mock.expects(:data).returns("blabla")
         blob_mock.expects(:size).returns(200.kilobytes)
         blob_mock.expects(:mime_type).returns("text/plain")
-        blob_mock.expects(:name).returns("README.doc")
         commit_stub = mock("commit")
         commit_stub.stubs(:id).returns("a"*40)
         commit_stub.stubs(:tree).returns(commit_stub)
@@ -321,7 +318,6 @@ class BlobsControllerTest < ActionController::TestCase
         blob_mock.expects(:data).returns("blabla")
         blob_mock.expects(:size).returns(200.kilobytes)
         blob_mock.expects(:mime_type).returns("text/plain")
-        blob_mock.expects(:name).returns("README.doc")
         commit_stub = mock("commit")
         commit_stub.stubs(:id).returns("a"*40)
         commit_stub.stubs(:tree).returns(commit_stub)
diff --git a/test/unit/helpers/blobs_helper_test.rb b/test/unit/helpers/blobs_helper_test.rb
index f90e12d..20fb57f 100644
--- a/test/unit/helpers/blobs_helper_test.rb
+++ b/test/unit/helpers/blobs_helper_test.rb
@@ -36,7 +36,7 @@ class BlobsHelperTest < ActionView::TestCase
   context "render_highlighted()" do
     should "html escape the line & add the proper class" do
       res = render_highlighted("puts '<foo>'", "foo.rb")
-      assert res.include?(%Q{<td class="code"><pre class="prettyprint lang-rb">puts '&lt;foo&gt;'</pre></td>}), res
+      assert res.include?(%Q{<td class="code"><pre class="prettyprint lang-rb">puts &#x27;&lt;foo&gt;&#x27;</pre></td>}), res
     end
 
     should "add line numbers" do