Merge branch 'release-v3.1.0' into stable

d61ad013 · Holger Just · 11e93ff3 · f681ed8c · d61ad013 · d61ad013
Commit d61ad013 authored Apr 04, 2012 by Holger Just
116 changed files
--- a/.gitignore
+++ b/.gitignore
@@ -29,3 +29,5 @@ doc/app
 /Gemfile.lock
 /Gemfile.local
 /.rvmrc*
+/*.iml
+/.idea
--- a/Gemfile
+++ b/Gemfile
@@ -11,6 +11,7 @@ gem "liquid", "~> 2.3.0"
 gem "acts-as-taggable-on", "= 2.1.0"
 # Needed only on RUBY_VERSION = 1.8, ruby 1.9+ compatible interpreters should bring their csv
 gem "fastercsv", "~> 1.5.0", :platforms => [:ruby_18, :jruby, :mingw_18]
+gem "tzinfo", "~> 0.3.31" # Fixes #903. Not required for Rails >= 3.2
 group :test do
  gem 'shoulda', '~> 2.10.3'
@@ -57,7 +58,7 @@ platforms :mri, :mingw do
  end
  group :postgres do
-    gem "pg", "~> 0.9.0"
+    gem "pg"
    #   gem "postgres-pr"
  end
 end

--- a/app/controllers/activities_controller.rb
+++ b/app/controllers/activities_controller.rb
@@ -33,7 +33,7 @@ class ActivitiesController < ApplicationController
                                                             :with_subprojects => @with_subprojects,
                                                             :author => @author)
    @activity.scope_select {|t| !params["show_#{t}"].nil?}
-    @activity.scope = (@author.nil? ? :default : :all) if @activity.scope.empty?
+    @activity.scope = (@author.nil? ? :default : :all) if @activity.scope.empty? unless params[:set_filter]
    events = @activity.events(@date_from, @date_to)

--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -64,7 +64,6 @@ class ApplicationController < ActionController::Base
  before_filter :user_setup, :check_if_login_required, :set_localization
  filter_parameter_logging :password
-  rescue_from ActionController::InvalidAuthenticityToken, :with => :invalid_authenticity_token
  # FIXME: This doesn't work with Rails >= 3.0 anymore
  # Possible workaround: https://github.com/rails/rails/issues/671#issuecomment-1780159
  rescue_from ActionController::RoutingError, :with => proc{render_404}
@@ -336,13 +335,6 @@ class ApplicationController < ActionController::Base
    request.xhr? ? false : 'base'
  end
-  def invalid_authenticity_token
-    if api_request?
-      logger.error "Form authenticity token is missing or is invalid. API calls must include a proper Content-type header (text/xml or text/json)."
-    end
-    render_error "Invalid form authenticity token."
-  end
  def render_feed(items, options={})
    @items = items || []
    @items.sort! {|x,y| y.event_datetime <=> x.event_datetime }

--- a/app/controllers/comments_controller.rb
+++ b/app/controllers/comments_controller.rb
@@ -21,7 +21,10 @@ class CommentsController < ApplicationController
  verify :method => :post, :only => :create, :render => {:nothing => true, :status => :method_not_allowed }
  def create
-    @comment = Comment.new(params[:comment])
+    raise Unauthorized unless @news.commentable?
+    @comment = Comment.new
+    @comment.safe_attributes = params[:comment]
    @comment.author = User.current
    if @news.comments << @comment
      flash[:notice] = l(:label_comment_added)

--- a/app/controllers/documents_controller.rb
+++ b/app/controllers/documents_controller.rb
@@ -43,7 +43,8 @@ class DocumentsController < ApplicationController
  end
  def new
-    @document = @project.documents.build(params[:document])
+    @document = @project.documents.build
+    @document.safe_attributes = params[:document]
    if request.post?
      if User.current.allowed_to?(:add_document_watchers, @project) && params[:document]['watcher_user_ids'].present?
        @document.watcher_user_ids = params[:document]['watcher_user_ids']

--- a/app/controllers/issue_categories_controller.rb
+++ b/app/controllers/issue_categories_controller.rb
@@ -23,7 +23,8 @@ class IssueCategoriesController < ApplicationController
  verify :method => :post, :only => :destroy
  def new
-    @category = @project.issue_categories.build(params[:category])
+    @category = @project.issue_categories.build
+    @category.safe_attributes = params[:category]
    if request.post?
      if @category.save
        respond_to do |format|
@@ -50,7 +51,8 @@ class IssueCategoriesController < ApplicationController
  end
  def edit
-    if request.post? and @category.update_attributes(params[:category])
+    @category.safe_attributes = params[:category]
+    if request.post? and @category.save
      flash[:notice] = l(:notice_successful_update)
      redirect_to :controller => 'projects', :action => 'settings', :tab => 'categories', :id => @project
    end

--- a/app/controllers/members_controller.rb
+++ b/app/controllers/members_controller.rb
@@ -21,17 +21,19 @@ class MembersController < ApplicationController
  def new
    members = []
-    if params[:member] && request.post?
+    if params[:member]
-      attrs = params[:member].dup
+      if params[:member][:user_ids]
-      if (user_ids = attrs.delete(:user_ids))
+        attrs = params[:member].dup
+        user_ids = attrs.delete(:user_ids)
        user_ids.each do |user_id|
-          members << Member.new(attrs.merge(:user_id => user_id))
+          members << Member.new(:role_ids => params[:member][:role_ids], :user_id => user_id)
        end
      else
-        members << Member.new(attrs)
+        members << Member.new(:role_ids => params[:member][:role_ids], :user_id => params[:member][:user_id])
      end
      @project.members << members
    end
    respond_to do |format|
      if members.present? && members.all? {|m| m.valid? }

--- a/app/controllers/messages_controller.rb
+++ b/app/controllers/messages_controller.rb
@@ -48,26 +48,26 @@ class MessagesController < ApplicationController
  # Create a new topic
  def new
-    @message = Message.new(params[:message])
+    @message = Message.new
    @message.author = User.current
    @message.board = @board
-    if params[:message] && User.current.allowed_to?(:edit_messages, @project)
+    @message.safe_attributes = params[:message]
-      @message.locked = params[:message]['locked']
+    if request.post?
-      @message.sticky = params[:message]['sticky']
+      if @message.save
-    end
+        call_hook(:controller_messages_new_after_save, { :params => params, :message => @message})
-    if request.post? && @message.save
+        attachments = Attachment.attach_files(@message, params[:attachments])
-      call_hook(:controller_messages_new_after_save, { :params => params, :message => @message})
+        render_attachment_warning_if_needed(@message)
-      attachments = Attachment.attach_files(@message, params[:attachments])
+        redirect_to :action => 'show', :id => @message
-      render_attachment_warning_if_needed(@message)
+      end
-      redirect_to :action => 'show', :id => @message
    end
  end
  # Reply to a topic
  def reply
-    @reply = Message.new(params[:reply])
+    @reply = Message.new
    @reply.author = User.current
    @reply.board = @board
+    @reply.safe_attributes = params[:reply]
    @topic.children << @reply
    if !@reply.new_record?
      call_hook(:controller_messages_reply_after_save, { :params => params, :message => @reply})
@@ -80,11 +80,8 @@ class MessagesController < ApplicationController
  # Edit a message
  def edit
    (render_403; return false) unless @message.editable_by?(User.current)
-    if params[:message]
+    @message.safe_attributes = params[:message]
-      @message.locked = params[:message]['locked']
+    if request.post? && @message.save
-      @message.sticky = params[:message]['sticky']
-    end
-    if request.post? && @message.update_attributes(params[:message])
      attachments = Attachment.attach_files(@message, params[:attachments])
      render_attachment_warning_if_needed(@message)
      flash[:notice] = l(:notice_successful_update)

--- a/app/controllers/news_controller.rb
+++ b/app/controllers/news_controller.rb
@@ -59,14 +59,12 @@ class NewsController < ApplicationController
  def create
    @news = News.new(:project => @project, :author => User.current)
-    if request.post?
+    @news.safe_attributes = params[:news]
-      @news.attributes = params[:news]
+    if @news.save
-      if @news.save
+      flash[:notice] = l(:notice_successful_create)
-        flash[:notice] = l(:notice_successful_create)
+      redirect_to :controller => 'news', :action => 'index', :project_id => @project
-        redirect_to :controller => 'news', :action => 'index', :project_id => @project
+    else
-      else
+      render :action => 'new'
-        render :action => 'new'
-      end
    end
  end
@@ -74,7 +72,8 @@ class NewsController < ApplicationController
  end
  def update
-    if request.put? and @news.update_attributes(params[:news])
+    @news.safe_attributes = params[:news]
+    if @news.save
      flash[:notice] = l(:notice_successful_update)
      redirect_to :action => 'show', :id => @news
    else

--- a/app/controllers/projects_controller.rb
+++ b/app/controllers/projects_controller.rb
@@ -59,7 +59,8 @@ class ProjectsController < ApplicationController
  def new
    @issue_custom_fields = IssueCustomField.find(:all, :order => "#{CustomField.table_name}.position")
    @trackers = Tracker.all
-    @project = Project.new(params[:project])
+    @project = Project.new
+    @project.safe_attributes = params[:project]
  end
  verify :method => :post, :only => :create, :render => {:nothing => true, :status => :method_not_allowed }

--- a/app/controllers/timelog_controller.rb
+++ b/app/controllers/timelog_controller.rb
@@ -97,7 +97,7 @@ class TimelogController < ApplicationController
  def new
    @time_entry ||= TimeEntry.new(:project => @project, :issue => @issue, :user => User.current, :spent_on => User.current.today)
-    @time_entry.attributes = params[:time_entry]
+    @time_entry.safe_attributes = params[:time_entry]
    call_hook(:controller_timelog_edit_before_save, { :params => params, :time_entry => @time_entry })
    render :action => 'edit'
@@ -106,7 +106,7 @@ class TimelogController < ApplicationController
  verify :method => :post, :only => :create, :render => {:nothing => true, :status => :method_not_allowed }
  def create
    @time_entry ||= TimeEntry.new(:project => @project, :issue => @issue, :user => User.current, :spent_on => User.current.today)
-    @time_entry.attributes = params[:time_entry]
+    @time_entry.safe_attributes = params[:time_entry]
    call_hook(:controller_timelog_edit_before_save, { :params => params, :time_entry => @time_entry })
@@ -127,14 +127,14 @@ class TimelogController < ApplicationController
  end
  def edit
-    @time_entry.attributes = params[:time_entry]
+    @time_entry.safe_attributes = params[:time_entry]
    call_hook(:controller_timelog_edit_before_save, { :params => params, :time_entry => @time_entry })
  end
  verify :method => :put, :only => :update, :render => {:nothing => true, :status => :method_not_allowed }
  def update
-    @time_entry.attributes = params[:time_entry]
+    @time_entry.safe_attributes = params[:time_entry]
    call_hook(:controller_timelog_edit_before_save, { :params => params, :time_entry => @time_entry })

--- a/app/controllers/versions_controller.rb
+++ b/app/controllers/versions_controller.rb
@@ -56,7 +56,7 @@ class VersionsController < ApplicationController
    if params[:version]
      attributes = params[:version].dup
      attributes.delete('sharing') unless attributes.nil? || @version.allowed_sharings.include?(attributes['sharing'])
-      @version.attributes = attributes
+      @version.safe_attributes = attributes
    end
  end
@@ -66,7 +66,7 @@ class VersionsController < ApplicationController
    if params[:version]
      attributes = params[:version].dup
      attributes.delete('sharing') unless attributes.nil? || @version.allowed_sharings.include?(attributes['sharing'])
-      @version.attributes = attributes
+      @version.safe_attributes = attributes
    end
    if request.post?
@@ -101,7 +101,8 @@ class VersionsController < ApplicationController
    if request.put? && params[:version]
      attributes = params[:version].dup
      attributes.delete('sharing') unless @version.allowed_sharings.include?(attributes['sharing'])
-      if @version.update_attributes(attributes)
+      @version.safe_attributes = attributes
+      if @version.save
        flash[:notice] = l(:notice_successful_update)
        redirect_to :controller => 'projects', :action => 'settings', :tab => 'versions', :id => @project
      else

--- a/app/controllers/wikis_controller.rb
+++ b/app/controllers/wikis_controller.rb
@@ -19,7 +19,7 @@ class WikisController < ApplicationController
  # Create or update a project's wiki
  def edit
    @wiki = @project.wiki || Wiki.new(:project => @project)
-    @wiki.attributes = params[:wiki]
+    @wiki.safe_attributes = params[:wiki]
    @wiki.save if request.post?
    render(:update) {|page| page.replace_html "tab-content-wiki", :partial => 'projects/settings/wiki'}
  end

--- a/app/helpers/application_helper.rb
+++ b/app/helpers/application_helper.rb
@@ -502,7 +502,7 @@ module ApplicationHelper
    @parsed_headings = []
    text = parse_non_pre_blocks(text) do |text|
-      [:parse_inline_attachments, :parse_wiki_links, :parse_redmine_links, :parse_headings].each do |method_name|
+      [:parse_inline_attachments, :parse_wiki_links, :parse_redmine_links, :parse_headings, :parse_relative_urls].each do |method_name|
        send method_name, text, project, obj, attr, only_path, options
      end
    end
@@ -543,6 +543,41 @@ module ApplicationHelper
    parsed
  end
+  RELATIVE_LINK_RE = %r{
+    <a
+    (?:
+      (\shref=
+        (?:                         # the href and link
+          (?:'(\/[^>]+?)')|
+          (?:"(\/[^>]+?)")
+        )
+      )|
+      [^>]
+    )*
+    >
+    [^<]*?<\/a>                     # content and closing link tag.
+  }x unless const_defined?(:RELATIVE_LINK_RE)
+  def parse_relative_urls(text, project, obj, attr, only_path, options)
+    return if only_path
+    text.gsub!(RELATIVE_LINK_RE) do |m|
+      href, relative_url = $1, $2 || $3
+      next m unless href.present?
+      if defined?(request) && request.present?
+        # we have a request!
+        protocol, host_with_port = request.protocol, request.host_with_port
+      elsif @controller
+        # use the same methods as url_for in the Mailer
+        url_opts = @controller.class.default_url_options
+        next m unless url_opts && url_opts[:protocol] && url_opts[:host]
+        protocol, host_with_port = "#{url_opts[:protocol]}://", url_opts[:host]
+      else
+        next m
+      end
+      m.sub href, " href=\"#{protocol}#{host_with_port}#{relative_url}\""
+    end
+  end
  def parse_inline_attachments(text, project, obj, attr, only_path, options)
    # when using an image link, try to use an attachment, if possible
    if options[:attachments] || (obj && obj.respond_to?(:attachments))
@@ -816,7 +851,7 @@ module ApplicationHelper
  def back_url_hidden_field_tag
    back_url = params[:back_url] || request.env['HTTP_REFERER']
    back_url = CGI.unescape(back_url.to_s)
-    hidden_field_tag('back_url', CGI.escape(back_url)) unless back_url.blank?
+    hidden_field_tag('back_url', CGI.escape(back_url), :id => nil) unless back_url.blank?
  end
  def check_all_links(form_name)
@@ -850,7 +885,7 @@ module ApplicationHelper
  def context_menu(url)
    unless @context_menu_included
      content_for :header_tags do
-        javascript_include_tag('context_menu') +
+        javascript_include_tag('context_menu.jquery') +
          stylesheet_link_tag('context_menu')
      end
      if l(:direction) == 'rtl'
@@ -860,7 +895,7 @@ module ApplicationHelper
      end
      @context_menu_included = true
    end
-    javascript_tag "new ContextMenu('#{ url_for(url) }')"
+    javascript_tag "jQuery(document).ContextMenu('#{ url_for(url) }')"
  end
  def context_menu_link(name, url, options={})

--- a/app/helpers/issues_helper.rb
+++ b/app/helpers/issues_helper.rb
@@ -79,6 +79,22 @@ module IssuesHelper
    s
  end
+  def render_parents_and_subtree(issue)
+    return if issue.leaf? && !issue.parent
+    s = '<form><table id="issue_tree" class="list">'
+    issue_list(issue.self_and_ancestors.sort_by(&:lft) + issue.descendants.sort_by(&:lft)) do |el, level|
+      s << content_tag('tr',
+             content_tag('td', check_box_tag("ids[]", el.id, false, :id => nil), :class => 'checkbox') +
+             content_tag('td', link_to_issue(el, :truncate => 60), :class => 'subject') +
+             content_tag('td', h(el.status)) +
+             content_tag('td', link_to_user(el.assigned_to)) +
+             content_tag('td', progress_bar(el.done_ratio, :width => '80px')),
+             :class => "issue issue-#{el.id} #{"self" if el == issue} hascontextmenu #{level > 0 ? "idnt idnt-#{level}" : nil}")
+    end
+    s << '</table></form>'
+    s
+  end
  def render_custom_fields_rows(issue)
    return if issue.custom_field_values.empty?
    ordered_values = []

--- a/app/models/comment.rb
+++ b/app/models/comment.rb
@@ -13,8 +13,11 @@
 #++
 class Comment < ActiveRecord::Base
+  include Redmine::SafeAttributes
  belongs_to :commented, :polymorphic => true, :counter_cache => true
  belongs_to :author, :class_name => 'User', :foreign_key => 'author_id'
  validates_presence_of :commented, :author, :comments
+  safe_attributes 'comments'
 end
--- a/app/models/document.rb
+++ b/app/models/document.rb
@@ -13,6 +13,7 @@
 #++
 class Document < ActiveRecord::Base
+  include Redmine::SafeAttributes
  belongs_to :project
  belongs_to :category, :class_name => "DocumentCategory", :foreign_key => "category_id"
  acts_as_attachable :delete_permission => :manage_documents
@@ -32,6 +33,8 @@ class Document < ActiveRecord::Base
  named_scope :visible, lambda {|*args| { :include => :project,
                                          :conditions => Project.allowed_to_condition(args.first || User.current, :view_documents) } }
+  safe_attributes 'category_id', 'title', 'description'
  def visible?(user=User.current)
    !user.nil? && user.allowed_to?(:view_documents, project)
  end

--- a/app/models/group.rb
+++ b/app/models/group.rb
@@ -48,4 +48,9 @@ class Group < Principal
                            :conditions => ["#{Member.table_name}.user_id = ? AND #{MemberRole.table_name}.inherited_from IN (?)", user.id, member.member_role_ids]).each(&:destroy)
    end
  end
+  def self.human_attribute_name(attribute_name)
+    attribute_name = "name" if attribute_name == "lastname"
+    super(attribute_name)
+  end
 end
--- a/app/models/issue.rb
+++ b/app/models/issue.rb
@@ -707,6 +707,15 @@ class Issue < ActiveRecord::Base
    projects
  end
+  # Overrides Redmine::Acts::Journalized::Permissions
+  #
+  # The default assumption is that journals have the same permissions
+  # as the journaled object, issue notes have separate permissions though
+  def journal_editable_by?(journal, user)
+    return true if journal.author == user && user.allowed_to?(:edit_own_issue_notes, project)
+    user.allowed_to? :edit_issue_notes, project
+  end
  private
  def update_nested_set_attributes

--- a/app/models/issue_category.rb
+++ b/app/models/issue_category.rb
@@ -13,6 +13,7 @@
 #++
 class IssueCategory < ActiveRecord::Base
+  include Redmine::SafeAttributes
  belongs_to :project
  belongs_to :assigned_to, :class_name => 'User', :foreign_key => 'assigned_to_id'
  has_many :issues, :foreign_key => 'category_id', :dependent => :nullify
@@ -21,6 +22,8 @@ class IssueCategory < ActiveRecord::Base
  validates_uniqueness_of :name, :scope => [:project_id]
  validates_length_of :name, :maximum => 30
+  safe_attributes 'name', 'assigned_to_id'
  alias :destroy_without_reassign :destroy
  # Destroy the category

--- a/app/models/journal.rb
+++ b/app/models/journal.rb
@@ -76,7 +76,7 @@ class Journal < ActiveRecord::Base
  end
  def editable_by?(user)
-    journaled.journal_editable_by?(user)
+    journaled.journal_editable_by?(self, user)
  end
  def details

--- a/app/models/message.rb
+++ b/app/models/message.rb
@@ -13,6 +13,7 @@
 #++
 class Message < ActiveRecord::Base
+  include Redmine::SafeAttributes
  belongs_to :board
  belongs_to :author, :class_name => 'User', :foreign_key => 'author_id'
  acts_as_tree :counter_cache => :replies_count, :order => "#{Message.table_name}.created_on ASC"
@@ -49,6 +50,12 @@ class Message < ActiveRecord::Base
  named_scope :visible, lambda {|*args| { :include => {:board => :project},
                                          :conditions => Project.allowed_to_condition(args.first || User.current, :view_messages) } }
+  safe_attributes 'subject', 'content'
+  safe_attributes 'locked', 'sticky',
+    :if => lambda {|message, user|
+      user.allowed_to?(:edit_messages, message.project)
+    }
  def visible?(user=User.current)
    !user.nil? && user.allowed_to?(:view_messages, project)
  end

--- a/app/models/news.rb
+++ b/app/models/news.rb
@@ -13,6 +13,7 @@
 #++
 class News < ActiveRecord::Base
+  include Redmine::SafeAttributes
  belongs_to :project
  belongs_to :author, :class_name => 'User', :foreign_key => 'author_id'
  has_many :comments, :as => :commented, :dependent => :delete_all, :order => "created_on"
@@ -21,7 +22,8 @@ class News < ActiveRecord::Base
  validates_length_of :title, :maximum => 60
  validates_length_of :summary, :maximum => 255
-  acts_as_journalized :event_url => Proc.new {|o| {:controller => 'news', :action => 'show', :id => o.journaled_id} }
+  acts_as_journalized :event_url => Proc.new {|o| {:controller => 'news', :action => 'show', :id => o.journaled_id} },
+    :event_description => :description
  acts_as_searchable :columns => ["#{table_name}.title", "#{table_name}.summary", "#{table_name}.description"], :include => :project
  acts_as_watchable
@@ -32,10 +34,17 @@ class News < ActiveRecord::Base
    :conditions => Project.allowed_to_condition(args.first || User.current, :view_news)
  }}
+  safe_attributes 'title', 'summary', 'description'
  def visible?(user=User.current)
    !user.nil? && user.allowed_to?(:view_news, project)
  end
+  # Returns true if the news can be commented by user
+  def commentable?(user=User.current)
+    user.allowed_to?(:comment_news, project)
+  end
  # returns latest news for projects visible by user
  def self.latest(user = User.current, count = 5)
    find(:all, :limit => count, :conditions => Project.allowed_to_condition(user, :view_news), :include => [ :author, :project ], :order => "#{News.table_name}.created_on DESC")

--- a/app/models/repository/bazaar.rb
+++ b/app/models/repository/bazaar.rb
@@ -12,7 +12,7 @@
 # See doc/COPYRIGHT.rdoc for more details.
 #++
-require 'redmine/scm/adapters/bazaar_adapter'
+require_dependency 'redmine/scm/adapters/bazaar_adapter'
 class Repository::Bazaar < Repository
  attr_protected :root_url

--- a/app/models/repository/cvs.rb
+++ b/app/models/repository/cvs.rb
@@ -12,7 +12,7 @@
 # See doc/COPYRIGHT.rdoc for more details.
 #++
-require 'redmine/scm/adapters/cvs_adapter'
+require_dependency 'redmine/scm/adapters/cvs_adapter'
 require 'digest/sha1'
 class Repository::Cvs < Repository

--- a/app/models/repository/darcs.rb
+++ b/app/models/repository/darcs.rb
@@ -12,7 +12,7 @@
 # See doc/COPYRIGHT.rdoc for more details.
 #++
-require 'redmine/scm/adapters/darcs_adapter'
+require_dependency 'redmine/scm/adapters/darcs_adapter'
 class Repository::Darcs < Repository
  validates_presence_of :url, :log_encoding

--- a/app/models/repository/filesystem.rb
+++ b/app/models/repository/filesystem.rb
@@ -12,7 +12,7 @@
 # See doc/COPYRIGHT.rdoc for more details.
 #++
-require 'redmine/scm/adapters/filesystem_adapter'
+require_dependency 'redmine/scm/adapters/filesystem_adapter'
 class Repository::Filesystem < Repository
  attr_protected :root_url

--- a/app/models/repository/git.rb
+++ b/app/models/repository/git.rb
@@ -12,7 +12,7 @@
 # See doc/COPYRIGHT.rdoc for more details.
 #++
-require 'redmine/scm/adapters/git_adapter'
+require_dependency 'redmine/scm/adapters/git_adapter'
 class Repository::Git < Repository
  attr_protected :root_url

--- a/app/models/repository/mercurial.rb
+++ b/app/models/repository/mercurial.rb
@@ -12,7 +12,7 @@
 # See doc/COPYRIGHT.rdoc for more details.
 #++
-require 'redmine/scm/adapters/mercurial_adapter'
+require_dependency 'redmine/scm/adapters/mercurial_adapter'
 class Repository::Mercurial < Repository
  # sort changesets by revision number

--- a/app/models/repository/subversion.rb
+++ b/app/models/repository/subversion.rb
@@ -12,7 +12,7 @@
 # See doc/COPYRIGHT.rdoc for more details.
 #++
-require 'redmine/scm/adapters/subversion_adapter'
+require_dependency 'redmine/scm/adapters/subversion_adapter'
 class Repository::Subversion < Repository
  attr_protected :root_url

--- a/app/models/time_entry.rb
+++ b/app/models/time_entry.rb
@@ -13,6 +13,7 @@
 #++
 class TimeEntry < ActiveRecord::Base
+  include Redmine::SafeAttributes
  # could have used polymorphic association
  # project association here allows easy loading of time entries at project level with one database trip
  belongs_to :project
@@ -37,6 +38,8 @@ class TimeEntry < ActiveRecord::Base
    :conditions => Project.allowed_to_condition(args.first || User.current, :view_time_entries)
  }}
+  safe_attributes 'hours', 'comments', 'issue_id', 'activity_id', 'spent_on', 'custom_field_values'
  def after_initialize
    if new_record? && self.activity.nil?
      if default_activity = TimeEntryActivity.default

--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -64,10 +64,9 @@ class User < Principal
  validates_uniqueness_of :mail, :if => Proc.new { |user| !user.mail.blank? }, :case_sensitive => false
  # Login must contain lettres, numbers, underscores only
  validates_format_of :login, :with => /^[a-z0-9_\-@\.]*$/i
-  validates_length_of :login, :maximum => 30
+  validates_length_of :login, :firstname, :lastname, :maximum => 255
-  validates_length_of :firstname, :lastname, :maximum => 30
  validates_format_of :mail, :with => /^([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})$/i, :allow_nil => true
-  validates_length_of :mail, :maximum => 60, :allow_nil => true
+  validates_length_of :mail, :maximum => 255, :allow_nil => true
  validates_confirmation_of :password, :allow_nil => true
  validates_inclusion_of :mail_notification, :in => MAIL_NOTIFICATION_OPTIONS.collect(&:first), :allow_blank => true
  validates_inclusion_of :status, :in => [STATUS_ANONYMOUS, STATUS_ACTIVE, STATUS_REGISTERED, STATUS_LOCKED]

--- a/app/models/user_preference.rb
+++ b/app/models/user_preference.rb
@@ -16,7 +16,7 @@ class UserPreference < ActiveRecord::Base
  belongs_to :user
  serialize :others
-  attr_protected :others
+  attr_protected :others, :user_id
  def initialize(attributes = nil)
    super

--- a/app/models/version.rb
+++ b/app/models/version.rb
@@ -13,6 +13,7 @@
 #++
 class Version < ActiveRecord::Base
+  include Redmine::SafeAttributes
  after_update :update_issues_from_sharing_change
  belongs_to :project
  has_many :fixed_issues, :class_name => 'Issue', :foreign_key => 'fixed_version_id', :dependent => :nullify
@@ -34,6 +35,15 @@ class Version < ActiveRecord::Base
  named_scope :visible, lambda {|*args| { :include => :project,
                                          :conditions => Project.allowed_to_condition(args.first || User.current, :view_issues) } }
+  safe_attributes 'name',
+    'description',
+    'effective_date',
+    'due_date',
+    'wiki_page_title',
+    'status',
+    'sharing',
+    'custom_field_values'
  # Returns true if +user+ or current user is allowed to view the version
  def visible?(user=User.current)
    user.allowed_to?(:view_issues, self.project)

--- a/app/models/wiki.rb
+++ b/app/models/wiki.rb
@@ -13,6 +13,7 @@
 #++
 class Wiki < ActiveRecord::Base
+  include Redmine::SafeAttributes
  belongs_to :project
  has_many :pages, :class_name => 'WikiPage', :dependent => :destroy, :order => 'title'
  has_many :redirects, :class_name => 'WikiRedirect', :dependent => :delete_all
@@ -22,6 +23,8 @@ class Wiki < ActiveRecord::Base
  validates_presence_of :start_page
  validates_format_of :start_page, :with => /^[^,\.\/\?\;\|\:]*$/
+  safe_attributes 'start_page'
  def visible?(user=User.current)
    !user.nil? && user.allowed_to?(:view_wiki_pages, project)
  end

--- a/app/views/account/_login.rhtml
+++ b/app/views/account/_login.rhtml
 <div id="nav-login-content">
  <% form_tag({:controller => "account", :action=> "login"}) do %>
-    <%= hidden_field_tag('back_url', CGI.escape(request.url))  %>
+    <%= hidden_field_tag 'back_url', CGI.escape(request.url), :id => nil  %>
    <table>
      <tr>
        <td><label for="username-pulldown"><%= l(:field_login) %></label></td>
        <td><label for="password-pulldown"><%= l(:field_password) %></label></td>
+        <td></td>
      </tr>
      <tr>
        <td><%= text_field_tag 'username', nil, :tabindex => '1', :id => 'username-pulldown' %></td>

--- a/app/views/activities/index.html.erb
+++ b/app/views/activities/index.html.erb
@@ -42,6 +42,7 @@
 <% content_for :sidebar do %>
 <% form_tag({}, :method => :get) do %>
 <h3><%= l(:label_activity) %></h3>
+<%= hidden_field_tag "set_filter", 1, :id => nil %>
 <p><% @activity.event_types.each do |t| %>
 <%= check_box_tag "show_#{t}", 1, @activity.scope.include?(t) %>
 <label for="show_<%=t%>"><%= link_to(l("label_#{t.singularize}_plural"), {"show_#{t}" => 1, :user_id => params[:user_id]})%></label>

--- a/app/views/gantts/show.html.erb
+++ b/app/views/gantts/show.html.erb
@@ -72,7 +72,7 @@ t_height = g_height + headers_height
 	<p class="warning"><%= l(:notice_gantt_chart_truncated, :max => @gantt.max_rows) %></p>
 <% end %>
-<table width="100%" style="border:0; border-collapse: collapse;">
+<table style="width:100%; border:0; border-collapse: collapse;">
 <tr>
 <td style="width:<%= subject_width %>px; padding:0px;">
@@ -98,7 +98,7 @@ month_f = @gantt.date_from
 left = 0
 height = (show_weeks ? header_heigth : header_heigth + g_height)
 @gantt.months.times do
-	width = ((month_f >> 1) - month_f) * zoom - 1
+	width = (((month_f >> 1) - month_f) * zoom - 1).to_i
 	%>
 	<div style="left:<%= left %>px;width:<%= width %>px;height:<%= height %>px;" class="gantt_hdr">
 	<%= link_to h("#{month_f.year}-#{month_f.month}"), @gantt.params.merge(:year => month_f.year, :month => month_f.month), :title => "#{month_name(month_f.month)} #{month_f.year}"%>
@@ -176,7 +176,7 @@ if Date.today >= @gantt.date_from and Date.today <= @gantt.date_to %>
 </tr>
 </table>
-<table width="100%">
+<table style="width:100%">
 <tr>
 <td align="left"><%= link_to_content_update('&#171; ' + l(:label_previous), params.merge(@gantt.params_previous)) %></td>
 <td align="right"><%= link_to_content_update(l(:label_next) + ' &#187;', params.merge(@gantt.params_next)) %></td>

--- a/app/views/help/wiki_syntax.html.erb
+++ b/app/views/help/wiki_syntax.html.erb
@@ -12,7 +12,7 @@
 <% html_title "Wiki Syntax Quick Reference" %>
 <h1>Wiki Syntax Quick Reference</h1>
-<table width="100%">
+<table style="width:100%">
 <tr><th colspan="3">Font Styles</th></tr>
 <tr><th><img src="../images/jstoolbar/bt_strong.png" style="border: 1px solid #bbb;" alt="Strong" /></th><td width="50%">*Strong*</td><td width="50%"><strong>Strong</strong></td></tr>
 <tr><th><img src="../images/jstoolbar/bt_em.png" style="border: 1px solid #bbb;" alt="Italic" /></th><td>_Italic_</td><td><em>Italic</em></td></tr>

--- a/app/views/issues/_list.rhtml
+++ b/app/views/issues/_list.rhtml
 <% form_tag({}) do -%>
-<%= hidden_field_tag 'back_url', url_for(params) %>
+<%= hidden_field_tag 'back_url', url_for(params), :id => nil %>
 <div class="autoscroll">
 <table class="list issues">
    <thead><tr>

--- a/app/views/issues/_tree_simple.html.erb
+++ b/app/views/issues/_tree_simple.html.erb
+<% if !@issue.leaf? || @issue.parent || User.current.allowed_to?(:manage_subtasks, @project) %>
+<hr />
+<p>
+  <strong><%= l(:label_issue_hierarchy) %></strong>
+  <% if User.current.allowed_to?(:manage_subtasks, @project) %>
+    (<%= link_to(l(:label_subtask_add), {:controller => 'issues', :action => 'new', :project_id => @project, :issue => {:parent_issue_id => @issue}}) %>)
+  <% end %>
+</p>
+<% end %>
+<%= render_parents_and_subtree @issue %>
--- a/app/views/issues/show.rhtml
+++ b/app/views/issues/show.rhtml
@@ -39,12 +39,16 @@
        <% if User.current.allowed_to?(:view_time_entries, @project) %>
        <th class="spent-time"><%=l(:label_spent_time)%>:</th>
        <td class="spent-time"><%= @issue.spent_hours > 0 ? (link_to l_hours(@issue.spent_hours), {:controller => 'timelog', :action => 'index', :project_id => @project, :issue_id => @issue}) : "-" %></td>
+        <% else %>
+        <th></th><td></td>
        <% end %>
    </tr>
    <tr>
        <th class="fixed-version"><%=l(:field_fixed_version)%>:</th><td class="fixed-version"><%= @issue.fixed_version ? link_to_version(@issue.fixed_version) : "-" %></td>
        <% if @issue.estimated_hours %>
        <th class="estimated-hours"><%=l(:field_estimated_hours)%>:</th><td class="estimated-hours"><%= l_hours(@issue.estimated_hours) %></td>
+        <% else %>
+        <th></th><td></td>
        <% end %>
    </tr>
    <%= render_custom_fields_rows(@issue) %>
@@ -74,26 +78,16 @@
 <%= call_hook(:view_issues_show_description_bottom, :issue => @issue) %>
-<% if !@issue.leaf? || User.current.allowed_to?(:manage_subtasks, @project) %>
+<%= render :partial => 'tree_simple' %>
-<hr />
-<div id="issue_tree">
-<p>
-  <strong><%=l(:label_subtask_plural)%></strong>
-  (<%= link_to(l(:button_add), {:controller => 'issues', :action => 'new', :project_id => @project, :issue => {:parent_issue_id => @issue}}) if User.current.allowed_to?(:manage_subtasks, @project) %>)
-</p>
-<%= render_descendants_tree(@issue) unless @issue.leaf? %>
-</div>
-<% end %>
 <% if authorize_for('issue_relations', 'new') || @issue.relations.present? %>
 <hr />
 <div id="relations">
 <%= render :partial => 'relations' %>
 </div>
-<hr />
 <% end %>
+<hr />
 </div>
 <% if @changesets.present? %>
@@ -148,9 +142,8 @@
 <% content_for :header_tags do %>
    <%= auto_discovery_link_tag(:atom, {:format => 'atom', :key => User.current.rss_key}, :title => "#{@issue.project} - #{@issue.tracker} ##{@issue.id}: #{@issue.subject}") %>
    <%= stylesheet_link_tag 'scm' %>
-    <%= javascript_include_tag 'context_menu' %>
+    <%= javascript_include_tag 'context_menu.jquery' %>
    <%= stylesheet_link_tag 'context_menu' %>
    <%= stylesheet_link_tag 'context_menu_rtl' if l(:direction) == 'rtl' %>
 <% end %>
-<div id="context-menu" style="display: none;"></div>
+<%= javascript_tag "jQuery(document).ContextMenu('#{issues_context_menu_path}')" %>
-<%= javascript_tag "new ContextMenu('#{issues_context_menu_path}')" %>
--- a/app/views/layouts/base.rhtml
+++ b/app/views/layouts/base.rhtml
@@ -74,7 +74,6 @@
          </ul>
        </li>
        <% end %>
-        <li>
          <%= render_menu_node(help_menu_item) %>
          <% unless User.current.logged? %>
            <% if Setting.self_registration? %>
@@ -98,7 +97,6 @@
            </ul>
            </li>
          <% end %>
-        </li>
      </ul>
      <% end %>
    </div>

--- a/app/views/queries/_columns.rhtml
+++ b/app/views/queries/_columns.rhtml
-<table style="border-collapse: collapse; border:0;">
+<table class="query-columns">
 	<tr>
 		<td style="padding-left:0">
                <%= label_tag "available_columns", l(:description_available_columns) %>
-                <br \>
+                <br />
                <%= select_tag 'available_columns',
 		          options_for_select((query.available_columns - query.columns).collect {|column| [column.caption, column.name]}),
 		          :multiple => true, :size => 10, :style => "width:150px" %>
 		</td>
-		<td align="center" valign="middle">
+        <td class="buttons">
 			<input type="button" value="&#8594;"
 			 onclick="moveOptions(this.form.available_columns, this.form.selected_columns);" /><br />
 			<input type="button" value="&#8592;"
@@ -15,12 +15,12 @@
 		</td>
 		<td>
                <%= label_tag "selected_columns", l(:description_selected_columns) %>
-                <br \>
+                <br />
                <%= select_tag 'c[]',
 		          options_for_select(query.columns.collect {|column| [column.caption, column.name]}),
 		          :id => 'selected_columns', :multiple => true, :size => 10, :style => "width:150px" %>
 		</td>
-		<td align="center" valign="middle">
+        <td class="buttons">
 			<input type="button" value="&#8593;" onclick="moveOptionUp(this.form.selected_columns);" /><br />
 			<input type="button" value="&#8595;" onclick="moveOptionDown(this.form.selected_columns);" />
 		</td>

--- a/app/views/queries/_filters.rhtml
+++ b/app/views/queries/_filters.rhtml
@@ -100,7 +100,7 @@ Event.observe(document,"dom:loaded", apply_filters_observer);
 //]]>
 </script>
-<table width="100%">
+<table style="width:100%">
 <tr>
 <td>
 <table>
@@ -113,7 +113,7 @@ Event.observe(document,"dom:loaded", apply_filters_observer);
        <label for="cb_<%= field %>"><%= filter[1][:name] || l(("field_"+field.to_s.gsub(/\_id$/, "")).to_sym) %></label>
    </td>
    <td style="width:150px;">
-        <%= label_tag "op_#{field}", l(:description_filter), :class => "hidden-for-sighted" %>
+        <%= label_tag "operators_#{field}", l(:description_filter), :class => "hidden-for-sighted" %>
        <%= select_tag "op[#{field}]", options_for_select(operators_for_select(options[:type]), query.operator_for(field)), :id => "operators_#{field}", :onchange => "toggle_operator('#{field}');", :class => "select-small", :style => "vertical-align: top;" %>
    </td>
    <td>

--- a/config/configuration.yml.example
+++ b/config/configuration.yml.example
@@ -53,17 +53,16 @@
 #
 # ==== SMTP server at using TLS (GMail)
 #
-# This requires some additional configuration.  See the article at:
+# This might require some additional configuration.  See the guides at:
-# http://redmineblog.com/articles/setup-redmine-to-send-email-using-gmail/
+# https://www.chiliproject.org/projects/chiliproject/wiki/Email_Delivery#SMTP-server-using-TLS-GMail
 #
 # production:
 #   email_delivery:
 #     delivery_method: :smtp
 #     smtp_settings:
-#       tls: true
+#       enable_starttls_auto: true
 #       address: "smtp.gmail.com"
 #       port: 587
-#       domain: "smtp.gmail.com" # 'your.domain.com' for GoogleApps
 #       authentication: :plain
 #       user_name: "your_email@gmail.com"
 #       password: "your_password"

--- a/config/locales/bg.yml
+++ b/config/locales/bg.yml
@@ -997,3 +997,8 @@ bg:
  label_mail_handler_failure: "Failed email submission: %{subject}"
  notice_not_authorized_action: You are not authorized to perform this action.
  text_mail_handler_confirmation_successful: Your email has been successful added at the following url
+  field_issue_summary: Issue summary
+  field_new_saved_query: New saved query
+  field_issue_view_all_open: View all open issues
+  label_subtask_add: Add a subtask
+  label_issue_hierarchy: Issue hierarchy
--- a/config/locales/bs.yml
+++ b/config/locales/bs.yml
@@ -1011,3 +1011,8 @@ bs:
  label_mail_handler_failure: "Failed email submission: %{subject}"
  notice_not_authorized_action: You are not authorized to perform this action.
  text_mail_handler_confirmation_successful: Your email has been successful added at the following url
+  field_issue_summary: Issue summary
+  field_new_saved_query: New saved query
+  field_issue_view_all_open: View all open issues
+  label_subtask_add: Add a subtask
+  label_issue_hierarchy: Issue hierarchy
--- a/config/locales/ca.yml
+++ b/config/locales/ca.yml
@@ -1000,3 +1000,8 @@ ca:
  label_mail_handler_failure: "Failed email submission: %{subject}"
  notice_not_authorized_action: You are not authorized to perform this action.
  text_mail_handler_confirmation_successful: Your email has been successful added at the following url
+  field_issue_summary: Issue summary
+  field_new_saved_query: New saved query
+  field_issue_view_all_open: View all open issues
+  label_subtask_add: Add a subtask
+  label_issue_hierarchy: Issue hierarchy
--- a/config/locales/cs.yml
+++ b/config/locales/cs.yml
@@ -1221,3 +1221,8 @@ cs:
  label_mail_handler_failure: "Failed email submission: %{subject}"
  notice_not_authorized_action: You are not authorized to perform this action.
  text_mail_handler_confirmation_successful: Your email has been successful added at the following url
+  field_issue_summary: Issue summary
+  field_new_saved_query: New saved query
+  field_issue_view_all_open: View all open issues
+  label_subtask_add: Add a subtask
+  label_issue_hierarchy: Issue hierarchy
--- a/config/locales/da.yml
+++ b/config/locales/da.yml
@@ -1013,3 +1013,8 @@ da:
  label_mail_handler_failure: "Failed email submission: %{subject}"
  notice_not_authorized_action: You are not authorized to perform this action.
  text_mail_handler_confirmation_successful: Your email has been successful added at the following url
+  field_issue_summary: Issue summary
+  field_new_saved_query: New saved query
+  field_issue_view_all_open: View all open issues
+  label_subtask_add: Add a subtask
+  label_issue_hierarchy: Issue hierarchy
--- a/config/locales/de.yml
+++ b/config/locales/de.yml
@@ -796,6 +796,8 @@ de:
  label_api_access_key_created_on: Der API-Zugriffsschlüssel wurde vor %{value} erstellt
  label_profile: Profil
  label_subtask_plural: Unteraufgaben
+  label_subtask_add: Unteraufgabe hinzufügen
+  label_issue_hierarchy: Tickethierarchie
  label_project_copy_notifications: Sende Mailbenachrichtigungen beim Kopieren des Projekts.
  label_principal_search: "Nach Benutzer oder Gruppe suchen:"
  label_user_search: "Nach Benutzer suchen:"
@@ -1014,3 +1016,6 @@ de:
  label_mail_handler_failure: "Failed email submission: %{subject}"
  notice_not_authorized_action: You are not authorized to perform this action.
  text_mail_handler_confirmation_successful: Your email has been successful added at the following url
+  field_issue_summary: Issue summary
+  field_new_saved_query: New saved query
+  field_issue_view_all_open: View all open issues
--- a/config/locales/el.yml
+++ b/config/locales/el.yml
@@ -997,3 +997,8 @@ el:
  label_mail_handler_failure: "Failed email submission: %{subject}"
  notice_not_authorized_action: You are not authorized to perform this action.
  text_mail_handler_confirmation_successful: Your email has been successful added at the following url
+  field_issue_summary: Issue summary
+  field_new_saved_query: New saved query
+  field_issue_view_all_open: View all open issues
+  label_subtask_add: Add a subtask
+  label_issue_hierarchy: Issue hierarchy
--- a/config/locales/en-GB.yml
+++ b/config/locales/en-GB.yml
@@ -1001,3 +1001,8 @@ en-GB:
  label_mail_handler_failure: "Failed email submission: %{subject}"
  notice_not_authorized_action: You are not authorized to perform this action.
  text_mail_handler_confirmation_successful: Your email has been successful added at the following url
+  field_issue_summary: Issue summary
+  field_new_saved_query: New saved query
+  field_issue_view_all_open: View all open issues
+  label_subtask_add: Add a subtask
+  label_issue_hierarchy: Issue hierarchy
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -309,6 +309,9 @@ en:
  field_visible: Visible
  field_warn_on_leaving_unsaved: "Warn me when leaving a page with unsaved text"
  field_custom_filter: Custom LDAP filter
+  field_issue_summary: Issue summary
+  field_new_saved_query: New saved query
+  field_issue_view_all_open: View all open issues
  setting_app_title: Application title
  setting_app_subtitle: Application subtitle
@@ -805,6 +808,8 @@ en:
  label_api_access_key_created_on: "API access key created %{value} ago"
  label_profile: Profile
  label_subtask_plural: Subtasks
+  label_subtask_add: Add a subtask
+  label_issue_hierarchy: Issue hierarchy
  label_project_copy_notifications: Send email notifications during the project copy
  label_principal_search: "Search for user or group:"
  label_user_search: "Search for user:"

--- a/config/locales/es.yml
+++ b/config/locales/es.yml
@@ -1034,3 +1034,8 @@ es:
  label_mail_handler_failure: "Failed email submission: %{subject}"
  notice_not_authorized_action: You are not authorized to perform this action.
  text_mail_handler_confirmation_successful: Your email has been successful added at the following url
+  field_issue_summary: Issue summary
+  field_new_saved_query: New saved query
+  field_issue_view_all_open: View all open issues
+  label_subtask_add: Add a subtask
+  label_issue_hierarchy: Issue hierarchy
--- a/config/locales/eu.yml
+++ b/config/locales/eu.yml
@@ -1001,3 +1001,8 @@ eu:
  label_mail_handler_failure: "Failed email submission: %{subject}"
  notice_not_authorized_action: You are not authorized to perform this action.
  text_mail_handler_confirmation_successful: Your email has been successful added at the following url
+  field_issue_summary: Issue summary
+  field_new_saved_query: New saved query
+  field_issue_view_all_open: View all open issues
+  label_subtask_add: Add a subtask
+  label_issue_hierarchy: Issue hierarchy
--- a/config/locales/fa.yml
+++ b/config/locales/fa.yml
@@ -1000,3 +1000,8 @@ fa:
  label_mail_handler_failure: "Failed email submission: %{subject}"
  notice_not_authorized_action: You are not authorized to perform this action.
  text_mail_handler_confirmation_successful: Your email has been successful added at the following url
+  field_issue_summary: Issue summary
+  field_new_saved_query: New saved query
+  field_issue_view_all_open: View all open issues
+  label_subtask_add: Add a subtask
+  label_issue_hierarchy: Issue hierarchy
--- a/config/locales/fi.yml
+++ b/config/locales/fi.yml
@@ -1018,3 +1018,8 @@ fi:
  label_mail_handler_failure: "Failed email submission: %{subject}"
  notice_not_authorized_action: You are not authorized to perform this action.
  text_mail_handler_confirmation_successful: Your email has been successful added at the following url
+  field_issue_summary: Issue summary
+  field_new_saved_query: New saved query
+  field_issue_view_all_open: View all open issues
+  label_subtask_add: Add a subtask
+  label_issue_hierarchy: Issue hierarchy
--- a/config/locales/fr.yml
+++ b/config/locales/fr.yml
@@ -1015,3 +1015,8 @@ fr:
  label_mail_handler_failure: "Failed email submission: %{subject}"
  notice_not_authorized_action: You are not authorized to perform this action.
  text_mail_handler_confirmation_successful: Your email has been successful added at the following url
+  field_issue_summary: Issue summary
+  field_new_saved_query: New saved query
+  field_issue_view_all_open: View all open issues
+  label_subtask_add: Add a subtask
+  label_issue_hierarchy: Issue hierarchy
--- a/config/locales/gl.yml
+++ b/config/locales/gl.yml
@@ -1009,3 +1009,8 @@ gl:
  label_mail_handler_failure: "Failed email submission: %{subject}"
  notice_not_authorized_action: You are not authorized to perform this action.
  text_mail_handler_confirmation_successful: Your email has been successful added at the following url
+  field_issue_summary: Issue summary
+  field_new_saved_query: New saved query
+  field_issue_view_all_open: View all open issues
+  label_subtask_add: Add a subtask
+  label_issue_hierarchy: Issue hierarchy
--- a/config/locales/he.yml
+++ b/config/locales/he.yml
@@ -1002,3 +1002,8 @@ he:
  label_mail_handler_failure: "Failed email submission: %{subject}"
  notice_not_authorized_action: You are not authorized to perform this action.
  text_mail_handler_confirmation_successful: Your email has been successful added at the following url
+  field_issue_summary: Issue summary
+  field_new_saved_query: New saved query
+  field_issue_view_all_open: View all open issues
+  label_subtask_add: Add a subtask
+  label_issue_hierarchy: Issue hierarchy
--- a/config/locales/hr.yml
+++ b/config/locales/hr.yml
@@ -1004,3 +1004,8 @@ hr:
  label_mail_handler_failure: "Failed email submission: %{subject}"
  notice_not_authorized_action: You are not authorized to perform this action.
  text_mail_handler_confirmation_successful: Your email has been successful added at the following url
+  field_issue_summary: Issue summary
+  field_new_saved_query: New saved query
+  field_issue_view_all_open: View all open issues
+  label_subtask_add: Add a subtask
+  label_issue_hierarchy: Issue hierarchy
--- a/config/locales/hu.yml
+++ b/config/locales/hu.yml
@@ -1016,3 +1016,8 @@
  label_mail_handler_failure: "Failed email submission: %{subject}"
  notice_not_authorized_action: You are not authorized to perform this action.
  text_mail_handler_confirmation_successful: Your email has been successful added at the following url
+  field_issue_summary: Issue summary
+  field_new_saved_query: New saved query
+  field_issue_view_all_open: View all open issues
+  label_subtask_add: Add a subtask
+  label_issue_hierarchy: Issue hierarchy
--- a/config/locales/id.yml
+++ b/config/locales/id.yml
@@ -1005,3 +1005,8 @@ id:
  label_mail_handler_failure: "Failed email submission: %{subject}"
  notice_not_authorized_action: You are not authorized to perform this action.
  text_mail_handler_confirmation_successful: Your email has been successful added at the following url
+  field_issue_summary: Issue summary
+  field_new_saved_query: New saved query
+  field_issue_view_all_open: View all open issues
+  label_subtask_add: Add a subtask
+  label_issue_hierarchy: Issue hierarchy
--- a/config/locales/it.yml
+++ b/config/locales/it.yml
@@ -998,3 +998,8 @@ it:
  label_mail_handler_failure: "Failed email submission: %{subject}"
  notice_not_authorized_action: You are not authorized to perform this action.
  text_mail_handler_confirmation_successful: Your email has been successful added at the following url
+  field_issue_summary: Issue summary
+  field_new_saved_query: New saved query
+  field_issue_view_all_open: View all open issues
+  label_subtask_add: Add a subtask
+  label_issue_hierarchy: Issue hierarchy
--- a/config/locales/ja.yml
+++ b/config/locales/ja.yml
@@ -1019,3 +1019,8 @@ ja:
  label_mail_handler_failure: "Failed email submission: %{subject}"
  notice_not_authorized_action: You are not authorized to perform this action.
  text_mail_handler_confirmation_successful: Your email has been successful added at the following url
+  field_issue_summary: Issue summary
+  field_new_saved_query: New saved query
+  field_issue_view_all_open: View all open issues
+  label_subtask_add: Add a subtask
+  label_issue_hierarchy: Issue hierarchy
--- a/config/locales/ko.yml
+++ b/config/locales/ko.yml
@@ -1049,3 +1049,8 @@ ko:
  label_mail_handler_failure: "Failed email submission: %{subject}"
  notice_not_authorized_action: You are not authorized to perform this action.
  text_mail_handler_confirmation_successful: Your email has been successful added at the following url
+  field_issue_summary: Issue summary
+  field_new_saved_query: New saved query
+  field_issue_view_all_open: View all open issues
+  label_subtask_add: Add a subtask
+  label_issue_hierarchy: Issue hierarchy
--- a/config/locales/lt.yml
+++ b/config/locales/lt.yml
@@ -1057,3 +1057,8 @@ lt:
  label_mail_handler_failure: "Failed email submission: %{subject}"
  notice_not_authorized_action: You are not authorized to perform this action.
  text_mail_handler_confirmation_successful: Your email has been successful added at the following url
+  field_issue_summary: Issue summary
+  field_new_saved_query: New saved query
+  field_issue_view_all_open: View all open issues
+  label_subtask_add: Add a subtask
+  label_issue_hierarchy: Issue hierarchy
--- a/config/locales/lv.yml
+++ b/config/locales/lv.yml
@@ -992,3 +992,8 @@ lv:
  label_mail_handler_failure: "Failed email submission: %{subject}"
  notice_not_authorized_action: You are not authorized to perform this action.
  text_mail_handler_confirmation_successful: Your email has been successful added at the following url
+  field_issue_summary: Issue summary
+  field_new_saved_query: New saved query
+  field_issue_view_all_open: View all open issues
+  label_subtask_add: Add a subtask
+  label_issue_hierarchy: Issue hierarchy
--- a/config/locales/mk.yml
+++ b/config/locales/mk.yml
@@ -997,3 +997,8 @@ mk:
  label_mail_handler_failure: "Failed email submission: %{subject}"
  notice_not_authorized_action: You are not authorized to perform this action.
  text_mail_handler_confirmation_successful: Your email has been successful added at the following url
+  field_issue_summary: Issue summary
+  field_new_saved_query: New saved query
+  field_issue_view_all_open: View all open issues
+  label_subtask_add: Add a subtask
+  label_issue_hierarchy: Issue hierarchy
--- a/config/locales/mn.yml
+++ b/config/locales/mn.yml
@@ -998,3 +998,8 @@ mn:
  label_mail_handler_failure: "Failed email submission: %{subject}"
  notice_not_authorized_action: You are not authorized to perform this action.
  text_mail_handler_confirmation_successful: Your email has been successful added at the following url
+  field_issue_summary: Issue summary
+  field_new_saved_query: New saved query
+  field_issue_view_all_open: View all open issues
+  label_subtask_add: Add a subtask
+  label_issue_hierarchy: Issue hierarchy
--- a/config/locales/nl.yml
+++ b/config/locales/nl.yml
@@ -979,3 +979,8 @@ nl:
  label_mail_handler_failure: "Failed email submission: %{subject}"
  notice_not_authorized_action: You are not authorized to perform this action.
  text_mail_handler_confirmation_successful: Your email has been successful added at the following url
+  field_issue_summary: Issue summary
+  field_new_saved_query: New saved query
+  field_issue_view_all_open: View all open issues
+  label_subtask_add: Add a subtask
+  label_issue_hierarchy: Issue hierarchy
--- a/config/locales/no.yml
+++ b/config/locales/no.yml
@@ -984,3 +984,8 @@
  label_mail_handler_failure: "Failed email submission: %{subject}"
  notice_not_authorized_action: You are not authorized to perform this action.
  text_mail_handler_confirmation_successful: Your email has been successful added at the following url
+  field_issue_summary: Issue summary
+  field_new_saved_query: New saved query
+  field_issue_view_all_open: View all open issues
+  label_subtask_add: Add a subtask
+  label_issue_hierarchy: Issue hierarchy
--- a/config/locales/pl.yml
+++ b/config/locales/pl.yml
@@ -1014,3 +1014,8 @@ pl:
  label_mail_handler_failure: "Failed email submission: %{subject}"
  notice_not_authorized_action: You are not authorized to perform this action.
  text_mail_handler_confirmation_successful: Your email has been successful added at the following url
+  field_issue_summary: Issue summary
+  field_new_saved_query: New saved query
+  field_issue_view_all_open: View all open issues
+  label_subtask_add: Add a subtask
+  label_issue_hierarchy: Issue hierarchy
--- a/config/locales/pt-BR.yml
+++ b/config/locales/pt-BR.yml
@@ -1021,3 +1021,8 @@ pt-BR:
  label_mail_handler_failure: "Failed email submission: %{subject}"
  notice_not_authorized_action: You are not authorized to perform this action.
  text_mail_handler_confirmation_successful: Your email has been successful added at the following url
+  field_issue_summary: Issue summary
+  field_new_saved_query: New saved query
+  field_issue_view_all_open: View all open issues
+  label_subtask_add: Add a subtask
+  label_issue_hierarchy: Issue hierarchy
--- a/config/locales/pt.yml
+++ b/config/locales/pt.yml
@@ -1001,3 +1001,8 @@ pt:
  label_mail_handler_failure: "Failed email submission: %{subject}"
  notice_not_authorized_action: You are not authorized to perform this action.
  text_mail_handler_confirmation_successful: Your email has been successful added at the following url
+  field_issue_summary: Issue summary
+  field_new_saved_query: New saved query
+  field_issue_view_all_open: View all open issues
+  label_subtask_add: Add a subtask
+  label_issue_hierarchy: Issue hierarchy
--- a/config/locales/ro.yml
+++ b/config/locales/ro.yml
@@ -990,3 +990,8 @@ ro:
  label_mail_handler_failure: "Failed email submission: %{subject}"
  notice_not_authorized_action: You are not authorized to perform this action.
  text_mail_handler_confirmation_successful: Your email has been successful added at the following url
+  field_issue_summary: Issue summary
+  field_new_saved_query: New saved query
+  field_issue_view_all_open: View all open issues
+  label_subtask_add: Add a subtask
+  label_issue_hierarchy: Issue hierarchy
--- a/config/locales/ru.yml
+++ b/config/locales/ru.yml
@@ -1110,3 +1110,8 @@ ru:
  label_mail_handler_failure: "Failed email submission: %{subject}"
  notice_not_authorized_action: You are not authorized to perform this action.
  text_mail_handler_confirmation_successful: Your email has been successful added at the following url
+  field_issue_summary: Issue summary
+  field_new_saved_query: New saved query
+  field_issue_view_all_open: View all open issues
+  label_subtask_add: Add a subtask
+  label_issue_hierarchy: Issue hierarchy
--- a/config/locales/sk.yml
+++ b/config/locales/sk.yml
@@ -992,3 +992,8 @@ sk:
  label_mail_handler_failure: "Failed email submission: %{subject}"
  notice_not_authorized_action: You are not authorized to perform this action.
  text_mail_handler_confirmation_successful: Your email has been successful added at the following url
+  field_issue_summary: Issue summary
+  field_new_saved_query: New saved query
+  field_issue_view_all_open: View all open issues
+  label_subtask_add: Add a subtask
+  label_issue_hierarchy: Issue hierarchy
--- a/config/locales/sl.yml
+++ b/config/locales/sl.yml
@@ -993,3 +993,8 @@ sl:
  label_mail_handler_failure: "Failed email submission: %{subject}"
  notice_not_authorized_action: You are not authorized to perform this action.
  text_mail_handler_confirmation_successful: Your email has been successful added at the following url
+  field_issue_summary: Issue summary
+  field_new_saved_query: New saved query
+  field_issue_view_all_open: View all open issues
+  label_subtask_add: Add a subtask
+  label_issue_hierarchy: Issue hierarchy
--- a/config/locales/sr-YU.yml
+++ b/config/locales/sr-YU.yml
@@ -997,3 +997,8 @@ sr-YU:
  label_mail_handler_failure: "Failed email submission: %{subject}"
  notice_not_authorized_action: You are not authorized to perform this action.
  text_mail_handler_confirmation_successful: Your email has been successful added at the following url
+  field_issue_summary: Issue summary
+  field_new_saved_query: New saved query
+  field_issue_view_all_open: View all open issues
+  label_subtask_add: Add a subtask
+  label_issue_hierarchy: Issue hierarchy
--- a/config/locales/sr.yml
+++ b/config/locales/sr.yml
@@ -998,3 +998,8 @@ sr:
  label_mail_handler_failure: "Failed email submission: %{subject}"
  notice_not_authorized_action: You are not authorized to perform this action.
  text_mail_handler_confirmation_successful: Your email has been successful added at the following url
+  field_issue_summary: Issue summary
+  field_new_saved_query: New saved query
+  field_issue_view_all_open: View all open issues
+  label_subtask_add: Add a subtask
+  label_issue_hierarchy: Issue hierarchy
--- a/config/locales/sv.yml
+++ b/config/locales/sv.yml
@@ -1039,3 +1039,8 @@ sv:
  label_mail_handler_failure: "Failed email submission: %{subject}"
  notice_not_authorized_action: You are not authorized to perform this action.
  text_mail_handler_confirmation_successful: Your email has been successful added at the following url
+  field_issue_summary: Issue summary
+  field_new_saved_query: New saved query
+  field_issue_view_all_open: View all open issues
+  label_subtask_add: Add a subtask
+  label_issue_hierarchy: Issue hierarchy
--- a/config/locales/th.yml
+++ b/config/locales/th.yml
@@ -994,3 +994,8 @@ th:
  label_mail_handler_failure: "Failed email submission: %{subject}"
  notice_not_authorized_action: You are not authorized to perform this action.
  text_mail_handler_confirmation_successful: Your email has been successful added at the following url
+  field_issue_summary: Issue summary
+  field_new_saved_query: New saved query
+  field_issue_view_all_open: View all open issues
+  label_subtask_add: Add a subtask
+  label_issue_hierarchy: Issue hierarchy
--- a/config/locales/tr.yml
+++ b/config/locales/tr.yml
@@ -1016,3 +1016,8 @@ tr:
  label_mail_handler_failure: "Failed email submission: %{subject}"
  notice_not_authorized_action: You are not authorized to perform this action.
  text_mail_handler_confirmation_successful: Your email has been successful added at the following url
+  field_issue_summary: Issue summary
+  field_new_saved_query: New saved query
+  field_issue_view_all_open: View all open issues
+  label_subtask_add: Add a subtask
+  label_issue_hierarchy: Issue hierarchy
--- a/config/locales/uk.yml
+++ b/config/locales/uk.yml
@@ -993,3 +993,8 @@ uk:
  label_mail_handler_failure: "Failed email submission: %{subject}"
  notice_not_authorized_action: You are not authorized to perform this action.
  text_mail_handler_confirmation_successful: Your email has been successful added at the following url
+  field_issue_summary: Issue summary
+  field_new_saved_query: New saved query
+  field_issue_view_all_open: View all open issues
+  label_subtask_add: Add a subtask
+  label_issue_hierarchy: Issue hierarchy
--- a/config/locales/vi.yml
+++ b/config/locales/vi.yml
@@ -1048,3 +1048,8 @@ vi:
  label_mail_handler_failure: "Failed email submission: %{subject}"
  notice_not_authorized_action: You are not authorized to perform this action.
  text_mail_handler_confirmation_successful: Your email has been successful added at the following url
+  field_issue_summary: Issue summary
+  field_new_saved_query: New saved query
+  field_issue_view_all_open: View all open issues
+  label_subtask_add: Add a subtask
+  label_issue_hierarchy: Issue hierarchy
--- a/config/locales/zh-TW.yml
+++ b/config/locales/zh-TW.yml
@@ -1079,3 +1079,8 @@
  label_mail_handler_failure: "Failed email submission: %{subject}"
  notice_not_authorized_action: You are not authorized to perform this action.
  text_mail_handler_confirmation_successful: Your email has been successful added at the following url
+  field_issue_summary: Issue summary
+  field_new_saved_query: New saved query
+  field_issue_view_all_open: View all open issues
+  label_subtask_add: Add a subtask
+  label_issue_hierarchy: Issue hierarchy
--- a/config/locales/zh.yml
+++ b/config/locales/zh.yml
@@ -1011,3 +1011,8 @@ zh:
  label_mail_handler_failure: "Failed email submission: %{subject}"
  notice_not_authorized_action: You are not authorized to perform this action.
  text_mail_handler_confirmation_successful: Your email has been successful added at the following url
+  field_issue_summary: Issue summary
+  field_new_saved_query: New saved query
+  field_issue_view_all_open: View all open issues
+  label_subtask_add: Add a subtask
+  label_issue_hierarchy: Issue hierarchy
--- a/db/migrate/20120320220031_up_user_fields_length_limits.rb
+++ b/db/migrate/20120320220031_up_user_fields_length_limits.rb
+#-- encoding: UTF-8
+#-- copyright
+# ChiliProject is a project management system.
+#
+# Copyright (C) 2010-2012 the ChiliProject Team
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# See doc/COPYRIGHT.rdoc for more details.
+#++
+class UpUserFieldsLengthLimits < ActiveRecord::Migration
+  def self.up
+    change_column :users, :login, :string, :limit => nil
+    change_column :users, :mail, :string, :limit => nil
+    change_column :users, :firstname, :string, :limit => nil
+    change_column :users, :lastname, :string, :limit => nil
+  end
+  def self.down
+    change_column :users, :login, :string, :limit => 30
+    change_column :users, :mail, :string, :limit => 60
+    change_column :users, :firstname, :string, :limit => 30
+    change_column :users, :lastname, :string, :limit => 30
+  end
+end
--- a/doc/CHANGELOG.rdoc
+++ b/doc/CHANGELOG.rdoc
 = ChiliProject Changelog
+== 2012-04-04 v3.1.0
+* Bug #739: Relative textile links not converted to full URLs in emails
+* Bug #828: uninitialized constant Redmine::Scm::Adapters::CommandFailed in RepositoryController
+* Bug #861: Apply Filter does not work on all-project-activities view
+* Bug #868: Done bar has no filling
+* Bug #869: Issue option list stacked vertically instead of horizontally
+* Bug #873: Incorrect error message text for groups
+* Bug #882: Right click context menu doesn't show submenu icon.
+* Bug #887: Stacked month (top row)
+* Bug #888: Cannot edit note
+* Bug #891: quotes around path when shelling out does not work on Windows
+* Bug #892: CP code or test assumes ordering where none is guaranteed
+* Bug #896: Enabling "Authentication required" mode returns 404s
+* Bug #903: ActionView::TemplateError (undefined method `new0' for DateTime:Class)
+* Bug #911: Sub-sub (and deeper) issues CSS rules are overridden
+* Bug #914: comments gets striked through, when description changes before
+* Bug #922: Mass assignment
+* Bug #927: Reposman script problem
+* Bug #929: Missing links in Issues section in left menu bar
+* Bug #933: News RSS Feed  tag not populating
+* Bug #939: GMail documentation in configuration.yml.default out of date
+* Feature #559: Group Menus
+* Feature #899: Create a jQuery verison of the context menu
+* Feature #906: Add Link back to Parent of Subtask
+* Feature #915: default bundle install installs old pg version
+* Feature #928: Increase username length limit from 30 to 60
 == 2012-02-06 v3.0.0
 * Bug #826: Top right toolbar items overlap for custom issues query

--- a/extra/svn/reposman.rb
+++ b/extra/svn/reposman.rb
@@ -199,6 +199,7 @@ end
 class Project < ActiveResource::Base
  self.headers["User-agent"] = "Redmine repository manager/#{Version}"
+  self.format = :xml
 end
 log("querying Redmine for projects...", :level => 1);

--- a/lib/chili_project/version.rb
+++ b/lib/chili_project/version.rb
@@ -18,7 +18,7 @@ module ChiliProject
  module VERSION #:nodoc:
    MAJOR = 3
-    MINOR = 0
+    MINOR = 1
    PATCH = 0
    TINY  = PATCH # Redmine compat
@@ -43,7 +43,7 @@ module ChiliProject
        git_dir = Rails.root.join('.git')
        if File.directory? git_dir
-          git.send(:shellout, "#{git.sq_bin} --git-dir='#{git_dir}' rev-parse --short=9 HEAD") { |io| io.read }.to_s.chomp
+          git.send(:shellout, "#{git.sq_bin} --git-dir=#{git.shell_quote git_dir.to_s} rev-parse --short=9 HEAD") { |io| io.read }.to_s.chomp
        end
      end
    end

--- a/lib/redmine.rb
+++ b/lib/redmine.rb
--- a/lib/redmine/scm/adapters/bazaar_adapter.rb
+++ b/lib/redmine/scm/adapters/bazaar_adapter.rb
@@ -12,7 +12,7 @@
 # See doc/COPYRIGHT.rdoc for more details.
 #++
-require 'redmine/scm/adapters/abstract_adapter'
+require_dependency 'redmine/scm/adapters/abstract_adapter'
 module Redmine
  module Scm

--- a/lib/redmine/scm/adapters/cvs_adapter.rb
+++ b/lib/redmine/scm/adapters/cvs_adapter.rb
@@ -12,7 +12,7 @@
 # See doc/COPYRIGHT.rdoc for more details.
 #++
-require 'redmine/scm/adapters/abstract_adapter'
+require_dependency 'redmine/scm/adapters/abstract_adapter'
 module Redmine
  module Scm

--- a/lib/redmine/scm/adapters/darcs_adapter.rb
+++ b/lib/redmine/scm/adapters/darcs_adapter.rb
@@ -12,7 +12,7 @@
 # See doc/COPYRIGHT.rdoc for more details.
 #++
-require 'redmine/scm/adapters/abstract_adapter'
+require_dependency 'redmine/scm/adapters/abstract_adapter'
 require 'rexml/document'
 module Redmine

--- a/lib/redmine/scm/adapters/filesystem_adapter.rb
+++ b/lib/redmine/scm/adapters/filesystem_adapter.rb
@@ -12,7 +12,7 @@
 # See doc/COPYRIGHT.rdoc for more details.
 #++
-require 'redmine/scm/adapters/abstract_adapter'
+require_dependency 'redmine/scm/adapters/abstract_adapter'
 require 'find'
 module Redmine

--- a/lib/redmine/scm/adapters/git_adapter.rb
+++ b/lib/redmine/scm/adapters/git_adapter.rb
--- a/lib/redmine/scm/adapters/mercurial_adapter.rb
+++ b/lib/redmine/scm/adapters/mercurial_adapter.rb
--- a/lib/redmine/scm/adapters/subversion_adapter.rb
+++ b/lib/redmine/scm/adapters/subversion_adapter.rb
--- a/public/javascripts/application.js
+++ b/public/javascripts/application.js
--- a/public/javascripts/context_menu.jquery.js
+++ b/public/javascripts/context_menu.jquery.js
--- a/public/stylesheets/application.css
+++ b/public/stylesheets/application.css
--- a/public/stylesheets/context_menu.css
+++ b/public/stylesheets/context_menu.css
--- a/test/functional/activities_controller_test.rb
+++ b/test/functional/activities_controller_test.rb
--- a/test/functional/trackers_controller_test.rb
+++ b/test/functional/trackers_controller_test.rb
--- a/test/functional/versions_controller_test.rb
+++ b/test/functional/versions_controller_test.rb
--- a/test/unit/group_test.rb
+++ b/test/unit/group_test.rb
--- a/test/unit/helpers/application_helper_test.rb
+++ b/test/unit/helpers/application_helper_test.rb
--- a/test/unit/lib/redmine_test.rb
+++ b/test/unit/lib/redmine_test.rb
--- a/vendor/plugins/acts_as_journalized/lib/acts_as_journalized.rb
+++ b/vendor/plugins/acts_as_journalized/lib/acts_as_journalized.rb
--- a/vendor/plugins/acts_as_journalized/lib/journal_formatter.rb
+++ b/vendor/plugins/acts_as_journalized/lib/journal_formatter.rb
--- a/vendor/plugins/acts_as_journalized/lib/redmine/acts/journalized/permissions.rb
+++ b/vendor/plugins/acts_as_journalized/lib/redmine/acts/journalized/permissions.rb