1. 12 Aug, 2019 1 commit
    • azul's avatar
      feature: prevent creation of spam posts · 983c723e
      azul authored
      We have seen a lot of spam comments on public pages recently.
      They insert links - probably to increase search engine ranking of the linked sites.
      
      In order to prevent this we disallow comments with links on public pages
      for users who have no other access to the page than it being public.
      983c723e
  2. 19 Jun, 2019 1 commit
  3. 18 Jun, 2019 2 commits
  4. 24 May, 2019 1 commit
  5. 23 May, 2019 3 commits
  6. 15 May, 2019 1 commit
    • azul's avatar
      fix: return 409 when approving redundant requests · 5e50d4f3
      azul authored
      We were responding with 500 and an error popup
      when a request was approved for an action that had already been performed.
      
      For example when approving the removal of a former member
      that had already left the group on their own
      we responded with a 500.
      
      This changes the response to 409 - conflict:
      `    This response is sent when a request conflicts with the current state of the server.`
      
      I was also considering 404 - especially for requests
      to remove a non-member.
      However a 404 for an update on a request
      would seem more like the request itself could not be found.
      
      This commit introduces the Request::PointlessAction exception.
      It will be raised by requests whos action has already been performed.
      
      It allows us to unify error handling on the controller level
      and detect the different errors in each request class
      and reraise them with a common more semantic error class.
      5e50d4f3
  7. 13 May, 2019 1 commit
  8. 10 May, 2019 11 commits
  9. 08 May, 2019 2 commits
  10. 06 May, 2019 1 commit
    • azul's avatar
      log: hide cache hit lines · 662f5b56
      azul authored
      Lines like
      "Read fragment views/..."
      were cluttering the logs in production.
      
      There is no need to log every cache hit.
      662f5b56
  11. 05 May, 2019 2 commits
  12. 02 May, 2019 1 commit
  13. 20 Apr, 2019 1 commit
  14. 01 Apr, 2019 1 commit
    • azul's avatar
      fix: directory config for symlinks · 2e5fae50
      azul authored
      If one of the directories configured was a broken symlink
      we would attempt to create a directory in its place.
      
      Now we resolve the symlink and create a directory where it points.
      2e5fae50
  15. 26 Nov, 2018 1 commit
  16. 16 Nov, 2018 1 commit
    • dgt's avatar
      Switch to full unicode (utf8mb4) to display emojis · d456c4ef
      dgt authored
      switch to utf8mb4 which can store all unicode code points including
      emoticons (utf8 which we used before is an alias for utf8mb3 which only
      stores a maximum of three bytes).
      
      the rake task cg:convert_to_unicode converts the database into utf8mb4.
      it also sets a binary collation for our tags table, because we
      want to distinguish between olé and ole. there is no test for this
      feature (because it would fail).
      the schema_migrations table has to be excluded, because it has
      indexes which are to long
      
      the emoji tests work without database conversion, because database
      connection uses utf8mb4.
      d456c4ef
  17. 08 Nov, 2018 1 commit
  18. 18 Oct, 2018 1 commit
  19. 16 Oct, 2018 2 commits
  20. 11 Oct, 2018 1 commit
    • dgt's avatar
      Remove event pages code · 9d0288ce
      dgt authored
      events have not been used for a long time.
      this commit removes everything besides the icons
      9d0288ce
  21. 25 Jul, 2018 2 commits
  22. 24 Jul, 2018 1 commit
  23. 02 Jul, 2018 1 commit
    • azul's avatar
      fix: prevent 500 on invalid format urls · b83bc9bb
      azul authored
      during scans we often see requests for
        /test.xml
      and similar.
      
      Since a test group exists this request will trigger the Group::HomeController
      and attempt to render an xml version.
      This leads to a  template not found exception resulting in a 500 response.
      
      Instead we now only accept html requests to the context_urls (the ones without a prefix).
      This should deal with most of these requests.
      
      We might want to add format constraints to all routes
       - this would result in blocking requests
      b83bc9bb