<feed xmlns='http://www.w3.org/2005/Atom'>
<title>cccms/app/helpers, branch master</title>
<subtitle>[no description]</subtitle>
<id>https://erdgeist.org/gitweb/cccms/atom?h=master</id>
<link rel='self' href='https://erdgeist.org/gitweb/cccms/atom?h=master'/>
<link rel='alternate' type='text/html' href='https://erdgeist.org/gitweb/cccms/'/>
<updated>2026-06-30T17:21:25Z</updated>
<entry>
<title>Address brakeman security findings</title>
<updated>2026-06-30T17:21:25Z</updated>
<author>
<name>erdgeist</name>
<email>erdgeist@erdgeist.org</email>
</author>
<published>2026-06-29T19:39:49Z</published>
<link rel='alternate' type='text/html' href='https://erdgeist.org/gitweb/cccms/commit/?id=31ca8e93efa860d73918b57ddddeaedf9917b22d'/>
<id>urn:sha1:31ca8e93efa860d73918b57ddddeaedf9917b22d</id>
<content type='text'>
- Replace permit! with permit(:locale, :page_path) in
  AdminHelper#language_selector
</content>
</entry>
<entry>
<title>Prevent xss by not allowing return_to to point to javascript resources</title>
<updated>2026-06-30T17:19:06Z</updated>
<author>
<name>erdgeist</name>
<email>erdgeist@erdgeist.org</email>
</author>
<published>2026-06-29T19:25:22Z</published>
<link rel='alternate' type='text/html' href='https://erdgeist.org/gitweb/cccms/commit/?id=e6f59af64c7645cae130a92a4b7afd908a84c983'/>
<id>urn:sha1:e6f59af64c7645cae130a92a4b7afd908a84c983</id>
<content type='text'>
</content>
</entry>
<entry>
<title>Stage 7 click-testing fixes</title>
<updated>2026-06-27T19:14:48Z</updated>
<author>
<name>erdgeist</name>
<email>erdgeist@erdgeist.org</email>
</author>
<published>2026-06-27T19:14:48Z</published>
<link rel='alternate' type='text/html' href='https://erdgeist.org/gitweb/cccms/commit/?id=a627a650fda4e22107245a3269465347bb778258'/>
<id>urn:sha1:a627a650fda4e22107245a3269465347bb778258</id>
<content type='text'>
- aggregate: switch to shortcode syntax [aggregate ...]; fix paragraph
  wrapping by excising the shortcode and its surrounding &lt;p&gt; before
  sanitize, concatenating collection output outside sanitized content
- page.rb: remove aggregate XML unwrapping from rewrite_links_in_body
  (no longer needed with shortcode approach)
- rss builders: explicit CGI.escapeHTML on title/abstract; Builder 3.3.0
  does not escape when target buffer is html_safe (ActionView default)
- tinymce: disable menubar and promotion nag; add code plugin, remove
  paste plugin (built into TinyMCE 8 core); configure via admin_interface.js
  directly (config/tinymce.yml affects tinymce() helper only, not tinymce.init)
</content>
</entry>
<entry>
<title>Fix routes after removing the routing-filter</title>
<updated>2026-06-27T18:28:00Z</updated>
<author>
<name>erdgeist</name>
<email>erdgeist@erdgeist.org</email>
</author>
<published>2026-06-27T18:28:00Z</published>
<link rel='alternate' type='text/html' href='https://erdgeist.org/gitweb/cccms/commit/?id=4c22631a5a85b3082f0525cc2454d2bd2251922a'/>
<id>urn:sha1:4c22631a5a85b3082f0525cc2454d2bd2251922a</id>
<content type='text'>
</content>
</entry>
<entry>
<title>Stage 5 click-testing fixes</title>
<updated>2026-06-26T11:40:55Z</updated>
<author>
<name>erdgeist</name>
<email>erdgeist@erdgeist.org</email>
</author>
<published>2026-06-26T11:40:55Z</published>
<link rel='alternate' type='text/html' href='https://erdgeist.org/gitweb/cccms/commit/?id=811bb04649365b0faaa00b1e0810bb101a4d19b1'/>
<id>urn:sha1:811bb04649365b0faaa00b1e0810bb101a4d19b1</id>
<content type='text'>
- Fix link_to :method → button_to for all PUT/DELETE actions
- Add button_to CSS reset to admin.css for visual consistency
- Fix admin layout: replace broken jquery/jquery_ujs pipeline refs with
  admin_bundle via sprockets; add sprockets-rails, jquery-ui-rails gems
- Add app/assets/javascripts/admin_bundle.js pipeline manifest
- Fix event_information helper: use safe_join to avoid double-escaping
- Fix nodes_helper: to_s(:db) → to_fs(:db) for event times
- Fix revisions view: eliminate nested forms; diff button uses vanilla JS
  to collect radio button values before POST
- Fix config/environments/development.rb and test.rb: cache_classes →
  enable_reloading
- Add routing_filter_rails71_patch.rb version guard
- Move LockedByAnotherUser to own file for Zeitwerk autoloading
- Fix Globalize fallbacks via config.i18n.fallbacks in application.rb
</content>
</entry>
<entry>
<title>Stage 5 fixes: RouteWithParams removal, Globalize fallbacks, search stub, to_s(:db) → to_fs(:db), LockedByAnotherUser autoload, test environment config</title>
<updated>2026-06-26T03:19:28Z</updated>
<author>
<name>erdgeist</name>
<email>erdgeist@erdgeist.org</email>
</author>
<published>2026-06-26T03:19:28Z</published>
<link rel='alternate' type='text/html' href='https://erdgeist.org/gitweb/cccms/commit/?id=a1ddc25da0d2aa79a4d9216ef7792f26233bd38e'/>
<id>urn:sha1:a1ddc25da0d2aa79a4d9216ef7792f26233bd38e</id>
<content type='text'>
- Remove safe_path helper and content_path shim from link_helper.rb
- Update all safe_path call sites in views to use named route helpers directly
- Fix Globalize fallbacks via config.i18n.fallbacks in application.rb, remove i18n initializer
- Stub Node.search returning none (search disabled pending PostgreSQL upgrade)
- Replace to_s(:db) with to_fs(:db) in node.rb, nodes_helper.rb, link_helper.rb, admin view
- Move LockedByAnotherUser to app/models/locked_by_another_user.rb for Zeitwerk autoloading
- Fix config/environments/test.rb: config.assets removed, cache_classes → enable_reloading,
  test_order removed, minitest pinned to ~&gt; 5.25
- Fix config/environments/development.rb: cache_classes → enable_reloading
- Park search vector migration in doc/ pending PostgreSQL and plpgsql availability
</content>
</entry>
<entry>
<title>Stage 4: Rails 5.2 -&gt; 6.1 on Ruby 2.7.2</title>
<updated>2026-06-25T23:59:57Z</updated>
<author>
<name>erdgeist</name>
<email>erdgeist@erdgeist.org</email>
</author>
<published>2026-06-25T23:59:57Z</published>
<link rel='alternate' type='text/html' href='https://erdgeist.org/gitweb/cccms/commit/?id=c06723ee715512c2033c7786c48f15674585b56b'/>
<id>urn:sha1:c06723ee715512c2033c7786c48f15674585b56b</id>
<content type='text'>
- routing-filter 0.6.3 -&gt; 0.7.0 (Rails 6.1 compatibility)
- RSS named routes rss_xml/rss_rdf added
- RouteWithParams workarounds: will_paginate_patch, content_path shim, safe_path helper
- Paperclip removed, replaced with FileAttachment concern (preserves URL scheme)
- Assets resource moved to /admin/assets (Sprockets middleware conflict)
- ApplicationRecord base class added, all models migrated
- Strong parameters added to Assets, Occurrences, Events, MenuItems controllers
- update_attributes -&gt; update throughout
- render :nothing -&gt; head :ok/:not_found throughout
- language_selector rewritten (removes :overwrite_params)
- Environment files updated for Rails 6.1 (eager_load, public_file_server, ActionMailer)
- Arel::Visitors::DepthFirst and Integer/Float duration patches removed from test_helper
- AssetsController tests added (10 tests covering upload, variants, destroy, auth)
- ImageMagick geometry: 460x250! for headline crop (not # which is invalid in IM6)

129 runs, 311 assertions, 5 failures (all pre-existing), 0 errors
</content>
</entry>
<entry>
<title>Rails 4.2 view fixes</title>
<updated>2026-06-25T02:35:21Z</updated>
<author>
<name>erdgeist</name>
<email>erdgeist@erdgeist.org</email>
</author>
<published>2026-06-25T02:35:21Z</published>
<link rel='alternate' type='text/html' href='https://erdgeist.org/gitweb/cccms/commit/?id=5f8cc4fa269dadc895d99eec9ef3a82b17c5890a'/>
<id>urn:sha1:5f8cc4fa269dadc895d99eec9ef3a82b17c5890a</id>
<content type='text'>
- Replace :confirm =&gt; with :data =&gt; { :confirm =&gt; } in all link_to calls
- Fix link_to_path helper: use content_path named route instead of hash-style routing
- Fix admin/_menu.html.erb: use named routes for logout and admin index
- Fix admin layout: load jquery/jquery_ujs before jquery-ui, remove duplicate jQuery 1.3.2
- Add csrf_meta_tags to admin layout
</content>
</entry>
<entry>
<title>Fix tagged content aggregator, assets path, and add regression tests</title>
<updated>2026-06-24T14:17:16Z</updated>
<author>
<name>erdgeist</name>
<email>erdgeist@erdgeist.org</email>
</author>
<published>2026-06-24T14:17:16Z</published>
<link rel='alternate' type='text/html' href='https://erdgeist.org/gitweb/cccms/commit/?id=75670df5b8a5700c48ac8cb41f8d1732b5738402'/>
<id>urn:sha1:75670df5b8a5700c48ac8cb41f8d1732b5738402</id>
<content type='text'>
- Replace tagged_with calls in Page.aggregate, TagsController, RssController
  with direct SQL joins (acts-as-taggable-on 3.5 broken on Rails 3.2)
- Fix Paperclip :path/:url to use plain :id format matching existing uploads
- Add proper regression tests for aggregator, tags, and rss controllers
- Fix assert_select assertions to target div.body div.article_partial
</content>
</entry>
<entry>
<title>Stage 1 complete: Rails 2.3.5 to Rails 3.2.22.5 upgrade</title>
<updated>2026-06-24T02:13:16Z</updated>
<author>
<name>erdgeist</name>
<email>erdgeist@erdgeist.org</email>
</author>
<published>2026-06-24T02:13:16Z</published>
<link rel='alternate' type='text/html' href='https://erdgeist.org/gitweb/cccms/commit/?id=e0a7e0fec760ba12c8067a37e10c96f1f05876e2'/>
<id>urn:sha1:e0a7e0fec760ba12c8067a37e10c96f1f05876e2</id>
<content type='text'>
- Converted plugins to gems (Gemfile)
- Updated config structure (application.rb, boot.rb, environment.rb)
- Converted routes to Rails 3 DSL
- Converted named_scope to scope throughout models
- Converted find(:all, :conditions) to where() chains
- Fixed has_many :order to use ordering scope
- Updated session store and secret token configuration
- Fixed exception_notification middleware configuration
- Patched Ruby 2.4 / Rails 3.2 incompatibilities:
  - Integer/Float duration arithmetic (ActiveSupport)
  - Arel visit_Integer for PostgreSQL adapter
  - create_database String/Integer coercion
  - ActionController consider_all_requests_local
- Migrated taggings schema for acts-as-taggable-on
- Replaced dynamic_form gem with custom form_error_messages helper
- Fixed Rails 3 block helper syntax (form_for, form_tag, fields_for)
- Fixed admin layout yield
- Updated test suite for Rails 3 APIs
</content>
</entry>
</feed>
