Merge branch 'master' into new-gui

Conflicts:
	Gemfile.lock

app/controllers/data_controller.rb

@@ -16,16 +16,29 @@ class DataController < ApplicationController
       redirect_to :back
     else  
       @import_to = params[:import_to]
-     
-      #get column headers and formart as [['name', column_number]...]
-      i = -1
-      @headers = import_headers(params[:file].path).collect { |v| [v, i+=1] }
-      @headers.unshift ['',i] 
+
+      begin      
+        #get column headers and format as [['name', column_number]...]
+        i = -1
+        @headers = import_headers(params[:file].path).collect { |v| [v, i+=1] }
+        @headers.unshift ['',i] 
+      rescue Exception => e
+        flash[:error] = "Invalid CVS: could not read headers: #{e}"
+        redirect_to :back
+        return
+      end
       
       #save file for later
-      directory = "public/uploads/csv"
-      @path = File.join(directory, params[:file].original_filename)
-      File.open(@path, "wb") { |f| f.write(params[:file].read) }
+      begin
+        uploaded_file = params[:file]
+        @filename = Tracks::Utils.sanitize_filename(uploaded_file.original_filename)
+        path_and_file = Rails.root.join('public', 'uploads', 'csv', @filename)
+        File.open(path_and_file, "wb") { |f| f.write(uploaded_file.read) }
+      rescue Exception => e
+        flash[:error] = "Could not save uploaded CSV (#{path_and_file}). Can Tracks write to the upload directory? #{e}"
+        redirect_to :back
+        return
+      end
 
       case @import_to
       when 'projects'
@@ -44,12 +57,14 @@ class DataController < ApplicationController
 
   def csv_import
     begin
+      filename = Tracks::Utils.sanitize_filename(params[:file])
+      path_and_file = Rails.root.join('public', 'uploads', 'csv', filename)
       case params[:import_to]
       when 'projects'
-        count = Project.import params, current_user
+        count = Project.import path_and_file, params, current_user
         flash[:notice] = "#{count} Projects imported"
       when 'todos'
-        count = Todo.import params, current_user
+        count = Todo.import path_and_file, params, current_user
         flash[:notice] = "#{count} Todos imported"
       else
         flash[:error] = t('data.invalid_import_destination')
@@ -57,11 +72,11 @@ class DataController < ApplicationController
     rescue Exception => e
       flash[:error] = t('data.invalid_import_destination') + ": #{e}"
     end
-    File.delete(params[:file])
+    File.delete(path_and_file)
     redirect_to import_data_path
   end
 
-  def import_headers file
+  def import_headers(file)
     CSV.foreach(file, headers: false) do |row|
       return row
     end
@@ -105,13 +120,14 @@ class DataController < ApplicationController
     send_data(result, :filename => "tracks_backup.yml", :type => 'text/plain')
   end
   
+  # export all actions as csv
   def csv_actions
     content_type = 'text/csv'
-    CSV::Writer.generate(result = "") do |csv|
+    CSV.generate(result = "") do |csv|
       csv << ["id", "Context", "Project", "Description", "Notes", "Tags",
         "Created at", "Due", "Completed at", "User ID", "Show from",
         "state"]
-      current_user.todos.include(:context, :project).all.each do |todo|
+      current_user.todos.includes(:context, :project, :taggings, :tags).each do |todo|
         csv << [todo.id, todo.context.name,
           todo.project_id.nil? ? "" : todo.project.name,
           todo.description,
@@ -127,7 +143,7 @@ class DataController < ApplicationController
     send_data(result, :filename => "todos.csv", :type => content_type)
   end
 
-  
+  # export all notes as csv
   def csv_notes
     content_type = 'text/csv'
     CSV.generate(result = "") do |csv|

app/controllers/mailgun_controller.rb

@@ -0,0 +1,38 @@
+require 'openssl'
+
+class MailgunController < ApplicationController
+
+  skip_before_filter :login_required, :only => [:mailgun]
+  before_filter :verify, :only => [:mailgun]
+  protect_from_forgery with: :null_session
+
+  def mailgun
+    unless params.include? 'body-mime'
+      Rails.logger.info "Cannot process Mailgun request, no body-mime sent"
+      render_failure "Unacceptable body-mime", 406
+      return
+    end
+
+    todo = MessageGateway.receive(params['body-mime'])
+    if todo
+      render :xml => todo.to_xml( *todo_xml_params )
+    else
+      render_failure "Todo not saved", 406
+    end
+  end
+
+  private
+
+  def verify
+    unless params['signature'] == OpenSSL::HMAC.hexdigest(
+            OpenSSL::Digest::Digest.new('sha256'),
+            SITE_CONFIG['mailgun_api_key'],
+            '%s%s' % [params['timestamp'], params['token']]
+         )
+      Rails.logger.info "Cannot verify Mailgun signature"
+      render_failure "Access denied", 406
+      return
+    end
+  end
+
+end

app/controllers/projects_controller.rb

@@ -137,8 +137,8 @@ class ProjectsController < ApplicationController
       limit(current_user.prefs.show_number_completed).
       includes(Todo::DEFAULT_INCLUDES) unless @max_completed == 0
 
-    @count = @not_done_todos.size
-    @down_count = @count + @deferred_todos.size + @pending_todos.size
+    @down_count = @not_done_todos.size + @deferred_todos.size + @pending_todos.size
+    @count=@down_count
     @next_project = current_user.projects.next_from(@project)
     @previous_project = current_user.projects.previous_from(@project)
     @default_tags = @project.default_tags

app/controllers/todos_controller.rb

@@ -87,7 +87,8 @@ class TodosController < ApplicationController
       p.parse_dates() unless mobile?
       tag_list = p.tag_list
 
-      @todo = current_user.todos.build(p.attributes)
+      @todo = current_user.todos.build
+      @todo.assign_attributes(p.attributes)
       p.add_errors(@todo)
 
       if @todo.errors.empty?
@@ -125,6 +126,8 @@ class TodosController < ApplicationController
             determine_down_count
             @contexts = current_user.contexts
             @projects = current_user.projects
+            @context = @todo.context
+            @project = @todo.project
             @initial_context_name = params['default_context_name']
             @initial_project_name = params['default_project_name']
             @initial_tags = params['initial_tag_list']
@@ -1170,18 +1173,18 @@ end
   def update_context
     @context_changed = false
     if params['todo']['context_id'].blank? && params['context_name'].present?
-      context = current_user.contexts.where(:name => params['context_name'].strip).first
-      unless context
+      @context = current_user.contexts.where(:name => params['context_name'].strip).first
+      if @context.nil?
         @new_context = current_user.contexts.build
         @new_context.name = params['context_name'].strip
         @new_context.save
         @new_context_created = true
         @new_container = @new_context
         @not_done_todos = [@todo]
-        context = @new_context
+        @context = @new_context
       end
-      params["todo"]["context_id"] = context.id
-      @context_changed = @original_item_context_id != params["todo"]["context_id"] = context.id
+      params["todo"]["context_id"] = @context.id
+      @context_changed = @original_item_context_id != params["todo"]["context_id"] = @context.id
     end
   end