diff --git a/CHANGELOG.md b/CHANGELOG.md index 338ce9c63..d4776c376 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,17 +1,22 @@ # Changelog Fab-manager +## v5.1.10 2021 October 04 +- Fix a bug: the image of the about page is not using the image set in backoffice +- Fix a bug: updated sassc to 2.4.0 to fix ruby runtime error on some CPU architectures (#270) +- Fix a security issue: prevent HTML code edition in projects, to prevent XSS vulnerability (#293) + ## v5.1.9 2021 September 21 - Add a setting for the purchase and use of a prepaid pack is only possible for the user with a valid subscription - Fix a bug: unable to show plan name in calendar reservations -- Fix a bug: book overlapping slot setting labal name +- Fix a bug: book overlapping slot setting label name ## v5.1.8 2021 September 13 - Improved stripe 3D secure payment on payment schedules - Disable monthly payment for the subscription with interval 1 month - Fix a bug: unable to show statistics module in nav menu after login -- Fix a bug: plans page show an error if admin dont create any plans +- Fix a bug: plans page show an error if admin don't create any plans ## v5.1.7 2021 August 24 @@ -20,12 +25,12 @@ ## v5.1.6 2021 August 6 -- Adjuste packs pricing popover position +- Adjust packs pricing popover position - Updated Norwegian language - Updated addressable from 2.7.0 to 2.8.0 - Updated tar from 6.1.0 to 6.1.4 - Fix a bug: unable to generate avoir of wallet -- Fix a bug: manager cant reserve training for user +- Fix a bug: managers can't reserve trainings for users ## v5.1.5 2021 August 2 @@ -66,6 +71,22 @@ - [TODO DEPLOY] `rails db:seed` - [TODO DEPLOY] `rails fablab:maintenance:rebuild_stylesheet` +## v5.0.14 2021 September 30 + +- Fix a bug: unable to show plan name in calendar reservations +- Fix a bug: book overlapping slot setting labal name + +## v5.0.13 2021 September 13 + +- Improved stripe 3D secure payment on payment schedules +- Disable monthly payment for the subscription with interval 1 month +- Fix a bug: unable to show statistics module in nav menu after login +- Fix a bug: plans page show an error if admin dont create any plans + +## v5.0.12 2021 August 24 + +- Fix a bug: unable to show plans page + ## v5.0.11 2021 August 6 - Fix a bug: unable to generate avoir of wallet diff --git a/Gemfile.lock b/Gemfile.lock index 00d4392af..731af7df2 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -140,7 +140,7 @@ GEM i18n (>= 1.6, < 2) faraday (0.17.3) multipart-post (>= 1.2, < 3) - ffi (1.15.1) + ffi (1.15.4) foreman (0.87.0) forgery (0.7.0) friendly_id (5.1.0) @@ -341,7 +341,7 @@ GEM rubyzip (>= 1.3.0) rubyzip (2.3.0) safe_yaml (1.0.5) - sassc (2.2.1) + sassc (2.4.0) ffi (~> 1.9) seed_dump (3.3.1) activerecord (>= 4) diff --git a/app/frontend/src/javascript/controllers/projects.js b/app/frontend/src/javascript/controllers/projects.js index afb313737..46bb5ab7d 100644 --- a/app/frontend/src/javascript/controllers/projects.js +++ b/app/frontend/src/javascript/controllers/projects.js @@ -22,6 +22,7 @@ * in the various projects' admin controllers. * * Provides : + * - $scope.summernoteOptsProject * - $scope.totalSteps * - $scope.machines = [{Machine}] * - $scope.components = [{Component}] @@ -42,7 +43,11 @@ * - $state (Ui-Router) [ 'app.public.projects_show', 'app.public.projects_list' ] */ class ProjectsController { - constructor ($scope, $state, Project, Machine, Member, Component, Theme, Licence, $document, Diacritics, dialogs, allowedExtensions, _t) { + constructor ($rootScope, $scope, $state, Project, Machine, Member, Component, Theme, Licence, $document, Diacritics, dialogs, allowedExtensions, _t) { + // remove codeview from summernote editor + $scope.summernoteOptsProject = angular.copy($rootScope.summernoteOpts); + $scope.summernoteOptsProject.toolbar[6][1].splice(1, 1); + // Retrieve the list of machines from the server Machine.query().$promise.then(function (data) { $scope.machines = data.map(function (d) { @@ -449,8 +454,8 @@ Application.Controllers.controller('ProjectsController', ['$scope', '$state', 'P /** * Controller used in the project creation page */ -Application.Controllers.controller('NewProjectController', ['$scope', '$state', 'Project', 'Machine', 'Member', 'Component', 'Theme', 'Licence', '$document', 'CSRF', 'Diacritics', 'dialogs', 'allowedExtensions', '_t', - function ($scope, $state, Project, Machine, Member, Component, Theme, Licence, $document, CSRF, Diacritics, dialogs, allowedExtensions, _t) { +Application.Controllers.controller('NewProjectController', ['$rootScope', '$scope', '$state', 'Project', 'Machine', 'Member', 'Component', 'Theme', 'Licence', '$document', 'CSRF', 'Diacritics', 'dialogs', 'allowedExtensions', '_t', + function ($rootScope, $scope, $state, Project, Machine, Member, Component, Theme, Licence, $document, CSRF, Diacritics, dialogs, allowedExtensions, _t) { CSRF.setMetaTags(); // API URL where the form will be posted @@ -468,7 +473,7 @@ Application.Controllers.controller('NewProjectController', ['$scope', '$state', $scope.matchingMembers = []; // Using the ProjectsController - return new ProjectsController($scope, $state, Project, Machine, Member, Component, Theme, Licence, $document, Diacritics, dialogs, allowedExtensions, _t); + return new ProjectsController($rootScope, $scope, $state, Project, Machine, Member, Component, Theme, Licence, $document, Diacritics, dialogs, allowedExtensions, _t); } ]); @@ -509,7 +514,7 @@ Application.Controllers.controller('EditProjectController', ['$rootScope', '$sco } // Using the ProjectsController - return new ProjectsController($scope, $state, Project, Machine, Member, Component, Theme, Licence, $document, Diacritics, dialogs, allowedExtensions, _t); + return new ProjectsController($rootScope, $scope, $state, Project, Machine, Member, Component, Theme, Licence, $document, Diacritics, dialogs, allowedExtensions, _t); }; // !!! MUST BE CALLED AT THE END of the controller diff --git a/app/frontend/src/javascript/filters/filters.js b/app/frontend/src/javascript/filters/filters.js index e6cb02e7c..466a5fb6a 100644 --- a/app/frontend/src/javascript/filters/filters.js +++ b/app/frontend/src/javascript/filters/filters.js @@ -166,7 +166,7 @@ Application.Filters.filter('simpleText', [function () { }]); Application.Filters.filter('toTrusted', ['$sce', function ($sce) { - return text => $sce.trustAsHtml(text); + return text => $sce.getTrustedHtml(text); }]); Application.Filters.filter('planIntervalFilter', [function () { diff --git a/app/frontend/templates/machines/_form.html b/app/frontend/templates/machines/_form.html index 47ae75cf2..76cf91140 100644 --- a/app/frontend/templates/machines/_form.html +++ b/app/frontend/templates/machines/_form.html @@ -49,7 +49,7 @@ required bs-jasny-fileinput> - {{ 'app.shared.buttons.delete' }} + diff --git a/app/frontend/templates/projects/_form.html b/app/frontend/templates/projects/_form.html index 029ad7deb..c4b643f64 100644 --- a/app/frontend/templates/projects/_form.html +++ b/app/frontend/templates/projects/_form.html @@ -71,7 +71,7 @@
- + {{ 'app.shared.project.description_is_required' }}
diff --git a/app/themes/casemate/style.scss.erb b/app/themes/casemate/style.scss.erb index cee1dcadf..ca75da0a8 100644 --- a/app/themes/casemate/style.scss.erb +++ b/app/themes/casemate/style.scss.erb @@ -279,9 +279,6 @@ a.label:focus, } .about-picture { - background: linear-gradient( rgba(255,255,255,0.12), rgba(255,255,255,0.13) ), - linear-gradient(<%=Stylesheet.primary_with_alpha(0.78)%>, <%=Stylesheet.primary_with_alpha(0.82)%>), - url('/about-fablab.jpg') no-repeat; } .social-icons > div:hover { @@ -289,7 +286,7 @@ a.label:focus, color: $secondary-text-color; } -.profile-top { +.profile-top, .about-picture { background: linear-gradient( rgba(255,255,255,0.12), rgba(255,255,255,0.13) ), linear-gradient(<%=Stylesheet.primary_with_alpha(0.78)%>, <%=Stylesheet.primary_with_alpha(0.82)%>), url("<%=CustomAsset.get_url('profile-image-file') || '/about-fablab.jpg'%>") no-repeat; diff --git a/config/locales/app.admin.en.yml b/config/locales/app.admin.en.yml index 245719753..93c05fd35 100644 --- a/config/locales/app.admin.en.yml +++ b/config/locales/app.admin.en.yml @@ -1154,7 +1154,6 @@ en: error_SETTING_locked: "Unable to update the setting: {SETTING} is locked. Please contact your system administrator." an_error_occurred_saving_the_setting: "An error occurred while saving the setting. Please try again later." book_overlapping_slots_info: "Allow / prevent the reservation of overlapping slots" - prevent_booking: "Prevent booking" allow_booking: "Allow booking" default_slot_duration: "Default duration for slots" duration_minutes: "Duration (in minutes)" diff --git a/package.json b/package.json index f9eb1af61..1561dc5db 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "fab-manager", - "version": "5.1.9", + "version": "5.1.10", "description": "Fab-manager is the FabLab management solution. It provides a comprehensive, web-based, open-source tool to simplify your administrative tasks and your marker's projects.", "keywords": [ "fablab",