From 2e72e1f73fe03b3257758682e55122fda1163f49 Mon Sep 17 00:00:00 2001 From: kidhab Date: Mon, 18 Sep 2023 18:05:57 +0200 Subject: [PATCH 1/8] Fix: Server error on logout if redirect to other host --- app/controllers/sessions_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb index 22750360..e69bb18a 100644 --- a/app/controllers/sessions_controller.rb +++ b/app/controllers/sessions_controller.rb @@ -22,7 +22,7 @@ class SessionsController < ApplicationController def destroy logout if FoodsoftConfig[:logout_redirect_url].present? - redirect_to FoodsoftConfig[:logout_redirect_url] + redirect_to FoodsoftConfig[:logout_redirect_url], allow_other_host: true else redirect_to login_url, notice: I18n.t('sessions.logged_out') end From d9e4af29d8ab7694ee6f631bf41fb2bc5683db69 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 18 Sep 2023 18:47:27 +0200 Subject: [PATCH 2/8] Bump puma from 6.0.2 to 6.3.1 (#1020) Bumps [puma](https://github.com/puma/puma) from 6.0.2 to 6.3.1. - [Release notes](https://github.com/puma/puma/releases) - [Changelog](https://github.com/puma/puma/blob/master/History.md) - [Commits](https://github.com/puma/puma/compare/v6.0.2...v6.3.1) --- updated-dependencies: - dependency-name: puma dependency-type: direct:production ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Gemfile.lock | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index c66901cf..32d395f1 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -341,7 +341,7 @@ GEM timeout net-smtp (0.3.3) net-protocol - nio4r (2.5.8) + nio4r (2.5.9) nokogiri (1.15.2-x86_64-linux) racc (~> 1.4) parallel (1.23.0) @@ -364,7 +364,7 @@ GEM binding_of_caller (~> 1.0) pry (~> 0.13) public_suffix (5.0.1) - puma (6.0.2) + puma (6.3.1) nio4r (~> 2.0) racc (1.7.0) rack (2.2.7) @@ -600,7 +600,6 @@ GEM zeitwerk (2.6.8) PLATFORMS - ruby x86_64-linux DEPENDENCIES From 8dbb888f0fb91c4bddc07c347f2467dac190013d Mon Sep 17 00:00:00 2001 From: kidhab Date: Mon, 18 Sep 2023 18:50:41 +0200 Subject: [PATCH 3/8] Remove sd_notify gem Functionality is included in in puma since 6.1.0 --- Gemfile | 1 - Gemfile.lock | 2 -- 2 files changed, 3 deletions(-) diff --git a/Gemfile b/Gemfile index 97422021..4166504c 100644 --- a/Gemfile +++ b/Gemfile @@ -38,7 +38,6 @@ gem 'rails-settings-cached', '= 0.4.3' # caching breaks tests until Rails 5 http gem 'ransack' gem 'resque' gem 'ruby-units' -gem 'sd_notify' gem 'simple_form' gem 'simple-navigation', '~> 3.14.0' # 3.x for simple_navigation_bootstrap gem 'simple-navigation-bootstrap' diff --git a/Gemfile.lock b/Gemfile.lock index 32d395f1..81d73a9f 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -513,7 +513,6 @@ GEM sprockets (> 3.0) sprockets-rails tilt - sd_notify (0.1.1) select2-rails (4.0.13) simple-navigation (3.14.0) activesupport (>= 2.3.2) @@ -676,7 +675,6 @@ DEPENDENCIES ruby-prof ruby-units sassc-rails - sd_notify select2-rails simple-navigation (~> 3.14.0) simple-navigation-bootstrap From 52942f5846d2180bedddb1dd4957769bd44e9ac0 Mon Sep 17 00:00:00 2001 From: kidhab Date: Mon, 18 Sep 2023 20:48:46 +0200 Subject: [PATCH 4/8] Update Rails version to fix security vulnerabilities --- Gemfile | 2 +- Gemfile.lock | 110 +++++++++++++++++++++++++-------------------------- 2 files changed, 56 insertions(+), 56 deletions(-) diff --git a/Gemfile b/Gemfile index 4166504c..50c9d0b6 100644 --- a/Gemfile +++ b/Gemfile @@ -1,7 +1,7 @@ # A sample Gemfile source 'https://rubygems.org' -gem 'rails', '~> 7.0' +gem 'rails', '~> 7.0', '>=7.0.4.1' gem 'less-rails' gem 'sassc-rails' diff --git a/Gemfile.lock b/Gemfile.lock index 81d73a9f..b45a3e0e 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -70,47 +70,47 @@ PATH GEM remote: https://rubygems.org/ specs: - actioncable (7.0.4) - actionpack (= 7.0.4) - activesupport (= 7.0.4) + actioncable (7.0.8) + actionpack (= 7.0.8) + activesupport (= 7.0.8) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailbox (7.0.4) - actionpack (= 7.0.4) - activejob (= 7.0.4) - activerecord (= 7.0.4) - activestorage (= 7.0.4) - activesupport (= 7.0.4) + actionmailbox (7.0.8) + actionpack (= 7.0.8) + activejob (= 7.0.8) + activerecord (= 7.0.8) + activestorage (= 7.0.8) + activesupport (= 7.0.8) mail (>= 2.7.1) net-imap net-pop net-smtp - actionmailer (7.0.4) - actionpack (= 7.0.4) - actionview (= 7.0.4) - activejob (= 7.0.4) - activesupport (= 7.0.4) + actionmailer (7.0.8) + actionpack (= 7.0.8) + actionview (= 7.0.8) + activejob (= 7.0.8) + activesupport (= 7.0.8) mail (~> 2.5, >= 2.5.4) net-imap net-pop net-smtp rails-dom-testing (~> 2.0) - actionpack (7.0.4) - actionview (= 7.0.4) - activesupport (= 7.0.4) - rack (~> 2.0, >= 2.2.0) + actionpack (7.0.8) + actionview (= 7.0.8) + activesupport (= 7.0.8) + rack (~> 2.0, >= 2.2.4) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.2.0) - actiontext (7.0.4) - actionpack (= 7.0.4) - activerecord (= 7.0.4) - activestorage (= 7.0.4) - activesupport (= 7.0.4) + actiontext (7.0.8) + actionpack (= 7.0.8) + activerecord (= 7.0.8) + activestorage (= 7.0.8) + activesupport (= 7.0.8) globalid (>= 0.6.0) nokogiri (>= 1.8.5) - actionview (7.0.4) - activesupport (= 7.0.4) + actionview (7.0.8) + activesupport (= 7.0.8) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) @@ -120,22 +120,22 @@ GEM activemodel (>= 4.1, < 7.1) case_transform (>= 0.2) jsonapi-renderer (>= 0.1.1.beta1, < 0.3) - activejob (7.0.4) - activesupport (= 7.0.4) + activejob (7.0.8) + activesupport (= 7.0.8) globalid (>= 0.3.6) - activemodel (7.0.4) - activesupport (= 7.0.4) - activerecord (7.0.4) - activemodel (= 7.0.4) - activesupport (= 7.0.4) - activestorage (7.0.4) - actionpack (= 7.0.4) - activejob (= 7.0.4) - activerecord (= 7.0.4) - activesupport (= 7.0.4) + activemodel (7.0.8) + activesupport (= 7.0.8) + activerecord (7.0.8) + activemodel (= 7.0.8) + activesupport (= 7.0.8) + activestorage (7.0.8) + actionpack (= 7.0.8) + activejob (= 7.0.8) + activerecord (= 7.0.8) + activesupport (= 7.0.8) marcel (~> 1.0) mini_mime (>= 1.1.0) - activesupport (7.0.4) + activesupport (7.0.8) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 1.6, < 2) minitest (>= 5.1) @@ -374,20 +374,20 @@ GEM rack rack-test (2.1.0) rack (>= 1.3) - rails (7.0.4) - actioncable (= 7.0.4) - actionmailbox (= 7.0.4) - actionmailer (= 7.0.4) - actionpack (= 7.0.4) - actiontext (= 7.0.4) - actionview (= 7.0.4) - activejob (= 7.0.4) - activemodel (= 7.0.4) - activerecord (= 7.0.4) - activestorage (= 7.0.4) - activesupport (= 7.0.4) + rails (7.0.8) + actioncable (= 7.0.8) + actionmailbox (= 7.0.8) + actionmailer (= 7.0.8) + actionpack (= 7.0.8) + actiontext (= 7.0.8) + actionview (= 7.0.8) + activejob (= 7.0.8) + activemodel (= 7.0.8) + activerecord (= 7.0.8) + activestorage (= 7.0.8) + activesupport (= 7.0.8) bundler (>= 1.15.0) - railties (= 7.0.4) + railties (= 7.0.8) rails-assets-listjs (0.2.0.beta.4) railties (>= 3.1) rails-dom-testing (2.0.3) @@ -403,9 +403,9 @@ GEM rails (>= 4.2.0) rails_tokeninput (1.7.0) railties (>= 3.1.0) - railties (7.0.4) - actionpack (= 7.0.4) - activesupport (= 7.0.4) + railties (7.0.8) + actionpack (= 7.0.8) + activesupport (= 7.0.8) method_source rake (>= 12.2) thor (~> 1.0) @@ -652,7 +652,7 @@ DEPENDENCIES pry-stack_explorer puma rack-cors - rails (~> 7.0) + rails (~> 7.0, >= 7.0.4.1) rails-assets-listjs (= 0.2.0.beta.4) rails-i18n rails-settings-cached (= 0.4.3) From 86db9ef96b714a35f5527d1d5e3ca0c47761bf75 Mon Sep 17 00:00:00 2001 From: kidhab Date: Mon, 18 Sep 2023 21:32:58 +0200 Subject: [PATCH 5/8] Unify select field (remove dots) --- config/locales/de.yml | 2 +- config/locales/en.yml | 2 +- config/locales/es.yml | 2 +- config/locales/fr.yml | 2 +- config/locales/nl.yml | 2 +- config/locales/tr.yml | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/config/locales/de.yml b/config/locales/de.yml index 6a957ec2..4aadc284 100644 --- a/config/locales/de.yml +++ b/config/locales/de.yml @@ -514,7 +514,7 @@ de: already_imported: schon importiert not_found: Keine Artikel gefunden index: - change_supplier: Lieferant wechseln ... + change_supplier: Lieferant wechseln download: Artikel herunterladen edit_all: Alle bearbeiten ext_db: diff --git a/config/locales/en.yml b/config/locales/en.yml index b4f41c5c..14229105 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -514,7 +514,7 @@ en: already_imported: imported not_found: No articles found index: - change_supplier: Change supplier ... + change_supplier: Change supplier download: Download articles edit_all: Edit all ext_db: diff --git a/config/locales/es.yml b/config/locales/es.yml index d722a872..9e78b6ed 100644 --- a/config/locales/es.yml +++ b/config/locales/es.yml @@ -514,7 +514,7 @@ es: already_imported: importado not_found: No se han encontrado articulos index: - change_supplier: Cambiar proveedor ... + change_supplier: Cambiar proveedor download: Descargar artículos edit_all: Editar todos ext_db: diff --git a/config/locales/fr.yml b/config/locales/fr.yml index dd79dab3..b21a8d24 100644 --- a/config/locales/fr.yml +++ b/config/locales/fr.yml @@ -347,7 +347,7 @@ fr: already_imported: déjà importé not_found: Aucun produit correspondant n'a été trouvé index: - change_supplier: Changer de fournisseur-e... + change_supplier: Changer de fournisseur-e edit_all: Tout modifier ext_db: import: Rechercher/Importer diff --git a/config/locales/nl.yml b/config/locales/nl.yml index 1faaea62..8597d2b7 100644 --- a/config/locales/nl.yml +++ b/config/locales/nl.yml @@ -514,7 +514,7 @@ nl: already_imported: geïmporteerd not_found: Geen artikelen gevonden index: - change_supplier: Leverancier wisselen… + change_supplier: Leverancier wisselen download: Artikelen downloaden edit_all: Alles bewerken ext_db: diff --git a/config/locales/tr.yml b/config/locales/tr.yml index 76408463..bbc325bd 100644 --- a/config/locales/tr.yml +++ b/config/locales/tr.yml @@ -514,7 +514,7 @@ tr: already_imported: içe aktarıldı not_found: Ürün bulunamadı index: - change_supplier: Tedarikçi değiştir ... + change_supplier: Tedarikçi değiştir download: Ürünleri indir edit_all: Tümünü düzenle ext_db: From bca4576b0f15c5dc2073560b26ea7642382cfada Mon Sep 17 00:00:00 2001 From: kidhab <32387157+kidhab@users.noreply.github.com> Date: Tue, 19 Sep 2023 10:54:04 +0200 Subject: [PATCH 6/8] Suppress net protocol errors (#1015) --- Gemfile | 2 ++ Gemfile.lock | 10 ++++++++++ 2 files changed, 12 insertions(+) diff --git a/Gemfile b/Gemfile index 50c9d0b6..5dc92369 100644 --- a/Gemfile +++ b/Gemfile @@ -30,6 +30,8 @@ gem 'ice_cube' gem 'inherited_resources' gem 'kaminari' gem 'mysql2' +gem 'net-ftp' +gem 'net-http' gem 'prawn' gem 'prawn-table' gem 'puma' diff --git a/Gemfile.lock b/Gemfile.lock index b45a3e0e..7665a67f 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -332,6 +332,11 @@ GEM mustermann (3.0.0) ruby2_keywords (~> 0.0.1) mysql2 (0.5.4) + net-ftp (0.2.0) + net-protocol + time + net-http (0.3.2) + uri net-imap (0.3.4) date net-protocol @@ -562,6 +567,8 @@ GEM rack (>= 1.0.0) thor (1.2.2) tilt (2.0.11) + time (0.2.2) + date timeout (0.3.1) ttfunk (1.7.0) twitter-bootstrap-rails (2.2.8) @@ -578,6 +585,7 @@ GEM unf_ext (0.0.8.2) unicode-display_width (2.4.2) uniform_notifier (1.16.0) + uri (0.10.0.2) web-console (4.2.0) actionview (>= 6.0.0) activemodel (>= 6.0.0) @@ -646,6 +654,8 @@ DEPENDENCIES midi-smtp-server mime-types mysql2 + net-ftp + net-http prawn prawn-table pry-rescue From 37fb489125202e7ae039b38ad5989ee757701bff Mon Sep 17 00:00:00 2001 From: Philipp Rothmann Date: Sat, 9 Sep 2023 17:01:48 +0200 Subject: [PATCH 7/8] continue development after release --- VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION b/VERSION index 88f18119..5003783a 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -4.8.0 +4.8.99 From 4df78def01fc395f7902deb6f0d11d1d8b8efda7 Mon Sep 17 00:00:00 2001 From: Philipp Rothmann Date: Mon, 2 Oct 2023 22:48:24 +0200 Subject: [PATCH 8/8] fix: documents sort sql needs Arel.sql --- plugins/documents/app/controllers/documents_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/documents/app/controllers/documents_controller.rb b/plugins/documents/app/controllers/documents_controller.rb index 7290ef3c..8950f347 100644 --- a/plugins/documents/app/controllers/documents_controller.rb +++ b/plugins/documents/app/controllers/documents_controller.rb @@ -14,7 +14,7 @@ class DocumentsController < ApplicationController else 'data IS NULL DESC, name' end - + sort = Arel.sql(sort) # this is okay as we don't use user params directly @documents = Document.where(parent: @document).page(params[:page]).per(@per_page).order(sort) end