From 0bd8a2243e88db85da363ad2101056c9361aeec2 Mon Sep 17 00:00:00 2001 From: f Date: Wed, 11 Aug 2021 10:25:05 -0300 Subject: [PATCH 1/7] Solo permitir URLs web al sanitizar fixes #2382 --- app/models/metadata_content.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/models/metadata_content.rb b/app/models/metadata_content.rb index 437a0dd..9d3a104 100644 --- a/app/models/metadata_content.rb +++ b/app/models/metadata_content.rb @@ -56,7 +56,7 @@ class MetadataContent < MetadataTemplate uri = URI element['src'] # No permitimos recursos externos - element.remove unless uri.hostname.end_with? Site.domain + element.remove unless uri.scheme == 'https' && uri.hostname.end_with?(Site.domain) rescue URI::Error element.remove end From 1623ab73dea22fbc63abf759245627926b2a5b63 Mon Sep 17 00:00:00 2001 From: f Date: Sat, 11 Sep 2021 17:00:28 -0300 Subject: [PATCH 2/7] Soportar un campo con una lista de valores predefinidos y elegir uno --- app/models/metadata_predefined_value.rb | 24 +++++++++++++++++++ .../posts/attribute_ro/_predefined_value.haml | 3 +++ .../posts/attributes/_predefined_value.haml | 7 ++++++ 3 files changed, 34 insertions(+) create mode 100644 app/models/metadata_predefined_value.rb create mode 100644 app/views/posts/attribute_ro/_predefined_value.haml create mode 100644 app/views/posts/attributes/_predefined_value.haml diff --git a/app/models/metadata_predefined_value.rb b/app/models/metadata_predefined_value.rb new file mode 100644 index 0000000..9cf3638 --- /dev/null +++ b/app/models/metadata_predefined_value.rb @@ -0,0 +1,24 @@ +# frozen_string_literal: true + +# Un campo de texto seleccionado de una lista de valores posibles +class MetadataPredefinedValue < MetadataString + # Obtiene todos los valores desde el layout, en un formato compatible + # con options_for_select. + # + # @return [Hash] + def values + @values ||= layout.dig(:metadata, name, 'values', I18n.locale.to_s)&.invert || {} + end + + private + + # Solo permite almacenar los valores predefinidos. + # + # @return [String] + def sanitize(string) + v = super string + return '' unless values.values.include? v + + v + end +end diff --git a/app/views/posts/attribute_ro/_predefined_value.haml b/app/views/posts/attribute_ro/_predefined_value.haml new file mode 100644 index 0000000..67642e2 --- /dev/null +++ b/app/views/posts/attribute_ro/_predefined_value.haml @@ -0,0 +1,3 @@ +%tr{ id: attribute } + %th= post_label_t(attribute, post: post) + %td{ dir: dir, lang: locale }= metadata.value diff --git a/app/views/posts/attributes/_predefined_value.haml b/app/views/posts/attributes/_predefined_value.haml new file mode 100644 index 0000000..b0d21f3 --- /dev/null +++ b/app/views/posts/attributes/_predefined_value.haml @@ -0,0 +1,7 @@ +.form-group + = label_tag "#{base}_#{attribute}", post_label_t(attribute, post: post) + = select_tag(plain_field_name_for(base, attribute), + options_for_select(metadata.values, metadata.value), + **field_options(attribute, metadata), include_blank: t('.empty')) + = render 'posts/attribute_feedback', + post: post, attribute: attribute, metadata: metadata From 9b8c09cb004581d2add73638edb3e1b5f7825eda Mon Sep 17 00:00:00 2001 From: f Date: Sat, 11 Sep 2021 17:06:27 -0300 Subject: [PATCH 3/7] =?UTF-8?q?Soportar=20campos=20n=C3=BAmericos=20con=20?= =?UTF-8?q?decimales?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app/models/metadata_float.rb | 31 ++++++++++++++++++++++++ app/views/posts/attribute_ro/_float.haml | 3 +++ app/views/posts/attributes/_float.haml | 6 +++++ 3 files changed, 40 insertions(+) create mode 100644 app/models/metadata_float.rb create mode 100644 app/views/posts/attribute_ro/_float.haml create mode 100644 app/views/posts/attributes/_float.haml diff --git a/app/models/metadata_float.rb b/app/models/metadata_float.rb new file mode 100644 index 0000000..b4288a3 --- /dev/null +++ b/app/models/metadata_float.rb @@ -0,0 +1,31 @@ +# frozen_string_literal: true + +# Un campo numérico de punto flotante +class MetadataFloat < MetadataTemplate + # Nada + def default_value + super || nil + end + + def save + return true unless changed? + + self[:value] = value.to_f + self[:value] = encrypt(value) if private? + + true + end + + # Indicarle al navegador que acepte números decimales + # + # @return [Float] + def step + 0.05 + end + + private + + def decrypt(value) + super(value).to_f + end +end diff --git a/app/views/posts/attribute_ro/_float.haml b/app/views/posts/attribute_ro/_float.haml new file mode 100644 index 0000000..67642e2 --- /dev/null +++ b/app/views/posts/attribute_ro/_float.haml @@ -0,0 +1,3 @@ +%tr{ id: attribute } + %th= post_label_t(attribute, post: post) + %td{ dir: dir, lang: locale }= metadata.value diff --git a/app/views/posts/attributes/_float.haml b/app/views/posts/attributes/_float.haml new file mode 100644 index 0000000..6239c61 --- /dev/null +++ b/app/views/posts/attributes/_float.haml @@ -0,0 +1,6 @@ +.form-group + = label_tag "#{base}_#{attribute}", post_label_t(attribute, post: post) + = number_field base, attribute, value: metadata.value, step: metadata.step, + **field_options(attribute, metadata) + = render 'posts/attribute_feedback', + post: post, attribute: attribute, metadata: metadata From a242ceee68c7058ca55fa35eb3721b2cb104b364 Mon Sep 17 00:00:00 2001 From: f Date: Sat, 11 Sep 2021 17:26:44 -0300 Subject: [PATCH 4/7] Siempre guardar el valor de los campos booleanos --- app/models/metadata_boolean.rb | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/app/models/metadata_boolean.rb b/app/models/metadata_boolean.rb index 5e4b456..53a763f 100644 --- a/app/models/metadata_boolean.rb +++ b/app/models/metadata_boolean.rb @@ -31,6 +31,11 @@ class MetadataBoolean < MetadataTemplate self[:value] = true_values.include? self[:value] end + # Siempre guardar el valor de este campo a menos que sea nulo + def empty? + !value.nil? + end + private # Los valores que evalúan a verdadero From 47096f20b7dd8c96aaa8cdf334e3698d92d10f37 Mon Sep 17 00:00:00 2001 From: f Date: Sat, 11 Sep 2021 19:43:27 -0300 Subject: [PATCH 5/7] =?UTF-8?q?Traducci=C3=B3n=20de=20valores=20vac=C3=ADo?= =?UTF-8?q?s?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- config/locales/en.yml | 2 ++ config/locales/es.yml | 2 ++ 2 files changed, 4 insertions(+) diff --git a/config/locales/en.yml b/config/locales/en.yml index fc194ea..058456b 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -413,6 +413,8 @@ en: destroy: Remove image belongs_to: empty: "(Empty)" + predefined_value: + empty: "(Empty)" draft: label: Draft reorder: diff --git a/config/locales/es.yml b/config/locales/es.yml index e818539..f5c13c8 100644 --- a/config/locales/es.yml +++ b/config/locales/es.yml @@ -421,6 +421,8 @@ es: destroy: 'Eliminar imagen' belongs_to: empty: "(Vacío)" + predefined_value: + empty: "(Vacío)" draft: label: Borrador reorder: From 5c2e5fd62ee217880f8881f338a2db8130d37b06 Mon Sep 17 00:00:00 2001 From: f Date: Sun, 26 Sep 2021 19:29:03 -0300 Subject: [PATCH 6/7] =?UTF-8?q?Agregar=20=C3=ADndices=20=C3=BAnicos=20que?= =?UTF-8?q?=20pens=C3=A1bamos=20que=20ten=C3=ADamos?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit `unique: true` es un parámetro de `add_index` no de `add_column`. --- db/migrate/20210926205448_add_uniqueness.rb | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 db/migrate/20210926205448_add_uniqueness.rb diff --git a/db/migrate/20210926205448_add_uniqueness.rb b/db/migrate/20210926205448_add_uniqueness.rb new file mode 100644 index 0000000..7399ba4 --- /dev/null +++ b/db/migrate/20210926205448_add_uniqueness.rb @@ -0,0 +1,10 @@ +# frozen_string_literal: true + +# Agrega índices únicos que pensábamos que ya existían. +class AddUniqueness < ActiveRecord::Migration[6.1] + def change + add_index :designs, :name, unique: true + add_index :designs, :gem, unique: true + add_index :licencias, :name, unique: true + end +end From f8b1752c04f08e6599ffd461d6cce3e0f33e1643 Mon Sep 17 00:00:00 2001 From: Maki Date: Mon, 4 Oct 2021 14:49:14 -0300 Subject: [PATCH 7/7] cambio texto cerrar sesion #2896 --- config/locales/en.yml | 2 +- config/locales/es.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/config/locales/en.yml b/config/locales/en.yml index fc194ea..28678b2 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -163,7 +163,7 @@ en: signature: 'With love, Sutty' breadcrumb: title: 'Your location in Sutty' - logout: Exit + logout: Log out mutual_aid: Mutual aid collaborations: collaborate: diff --git a/config/locales/es.yml b/config/locales/es.yml index e818539..ee55d9e 100644 --- a/config/locales/es.yml +++ b/config/locales/es.yml @@ -163,7 +163,7 @@ es: signature: 'Con cariño, Sutty' breadcrumb: title: 'Tu ubicación en Sutty' - logout: Salir + logout: Cerrar sesión mutual_aid: Ayuda mutua collaborations: collaborate: