Merge pull request #3143 from TracksApp/dependabot/bundler/nokogiri-1.18.9

Bump nokogiri from 1.18.8 to 1.18.9
Merge pull request #3142 from TracksApp/dependabot/bundler/thor-1.4.0
2025-09-22 05:50:47 +02:00 · 2025-09-20 18:18:25 +03:00 · 2025-09-20 18:18:09 +03:00 · 2025-09-20 18:17:55 +03:00 · 2025-09-20 18:17:41 +03:00 · 2025-09-20 18:16:41 +03:00
266 changed files with 11962 additions and 6408 deletions
--- a/.codeclimate.yml
+++ b/.codeclimate.yml
@ -0,0 +1,25 @@
+version: "2"
+checks:
+  file-lines:
+    config:
+      threshold: 300
+  method-complexity:
+    config:
+      threshold: 50
+  method-count:
+    config:
+      threshold: 20
+  method-lines:
+    config:
+      threshold: 100
+plugins:
+  brakeman:
+    enabled: true
+  fixme:
+    enabled: true
+  flog:
+    enabled: true
+  reek:
+    enabled: true
+#exclude_patterns:
+#- app/assets/javascripts-jquery-ui
--- a/.dockerignore
+++ b/.dockerignore
@ -1,12 +1,9 @@
 .bundle
-.git
 config/database.yml
 config/site.yml
 coverage
 db/*.sqlite3
-doc
 features
 log
 public/assets
-test
 tmp
--- a/.github/FUNDING.yml
+++ b/.github/FUNDING.yml
@ -0,0 +1,3 @@
+# Replace with up to 4 custom sponsorship URLs e.g., ['link1', 'link2']
+custom: ['https://www.taskitin.fi/']
+github: zeip
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@ -0,0 +1,12 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+  - package-ecosystem: "bundler"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    open-pull-requests-limit: 10
--- a/.github/workflows/build-custom-release.yml
+++ b/.github/workflows/build-custom-release.yml
@ -0,0 +1,55 @@
+---
+name: 'Build custom release'
+on:
+  workflow_dispatch:
+    inputs:
+      tag:
+        description: 'Tag to release'
+        required: true
+        type: string
+      name:
+        description: 'Name of the release'
+        required: true
+        type: string
+
+jobs:
+  build-and-publish-release:
+    name: 'Build custom release'
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: Checkout the code
+        uses: actions/checkout@v2
+        with:
+          ref: ${{ inputs.tag }}
+      -
+        name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+      -
+        name: Login to DockerHub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      -
+        name: Login to GitHub Container Registry
+        uses: docker/login-action@v2
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      -
+        name: Build and push
+        uses: docker/build-push-action@v3
+        with:
+          context: .
+          target: production
+          push: true
+          tags: |
+            tracksapp/tracks:${{ inputs.name }}
+            ghcr.io/tracksapp/tracks:${{ inputs.name }}
+
+#          platforms: linux/amd64,linux/arm64
--- a/.github/workflows/build-latest.yml
+++ b/.github/workflows/build-latest.yml
@ -0,0 +1,45 @@
+---
+name: 'Build latest'
+on:
+  push:
+    branches:
+    - master
+
+jobs:
+  build-and-publish-latest:
+    name: 'Build latest'
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2 # Checking out the repo
+      -
+        name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+      -
+        name: Login to DockerHub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      -
+        name: Login to GitHub Container Registry
+        uses: docker/login-action@v2
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      -
+        name: Build and push
+        uses: docker/build-push-action@v3
+        with:
+          context: .
+          target: production
+          push: true
+          tags: |
+            tracksapp/tracks:latest
+            tracksapp/tracks:master
+            ghcr.io/tracksapp/tracks:latest
+
+#          platforms: linux/amd64,linux/arm64
--- a/.github/workflows/build-release.yml
+++ b/.github/workflows/build-release.yml
@ -0,0 +1,44 @@
+---
+name: 'Build release'
+on:
+  release:
+    types:
+      - published
+
+jobs:
+  build-and-publish-release:
+    name: 'Build release'
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2 # Checking out the repo
+      -
+        name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+      -
+        name: Login to DockerHub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      -
+        name: Login to GitHub Container Registry
+        uses: docker/login-action@v2
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      -
+        name: Build and push
+        uses: docker/build-push-action@v3
+        with:
+          context: .
+          target: production
+          push: true
+          tags: |
+            tracksapp/tracks:${{ github.event.release.name }}
+            ghcr.io/tracksapp/tracks:${{ github.event.release.name }}
+
+#          platforms: linux/amd64,linux/arm64
--- a/.github/workflows/continuous-integration.yml
+++ b/.github/workflows/continuous-integration.yml
@ -1,11 +1,13 @@
 ---
-name: Continuous Integration
-
-on: [push, pull_request]
-
+name: Automated tests
+on: pull_request
 jobs:
-  test:
+  build:
    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        ruby: ["3.2", "3.3"]
+        db: [sqlite, mysql, postgres]
    steps:
      - uses: actions/checkout@v1
-      - run: bash -x script/cibuild
+      - run: bash -x script/cibuild ${{ matrix.ruby }} ${{ matrix.db }}
--- a/.gitignore
+++ b/.gitignore
@ -21,8 +21,9 @@
 /tmp
 config/deploy.rb
 config/site.yml
+config/database.yml
 db/data.yml
 nbproject
 rerun.txt
 tags
-.skip-docker
+.use-docker
--- a/.rubocop.yml
+++ b/.rubocop.yml
@ -13,3 +13,23 @@ Style/Documentation:

 Style/StringLiterals:
  EnforcedStyle: double_quotes
+
+Layout/AlignParameters:
+  EnforcedStyle: with_fixed_indentation
+
+Metrics/AbcSize:
+  Max: 100
+Metrics/CyclomaticComplexity:
+  Max: 100
+Metrics/MethodLength:
+  Max: 100
+  CountAsOne: ['array', 'hash', 'heredoc']
+Metrics/ModuleLength:
+  Max: 300
+  CountAsOne: ['array', 'hash', 'heredoc']
+Metrics/ClassLength:
+  Max: 300
+Metrics/ParameterLists:
+  Max: 20
+Metrics/PerceivedComplexity:
+  Max: 100
--- a/.ruby-version
+++ b/.ruby-version
@ -0,0 +1 @@
+3.3
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@ -19,13 +19,15 @@ It would be great to first discuss them on the [mailing list](https://groups.goo
 If you want to contribute an enhancement or a fix, you can:

 1. [fork the project](https://help.github.com/articles/fork-a-repo) 
-1. [create a topic branch](http://learn.github.com/p/branching.html).
-1. install [docker-compose](https://docs.docker.com/compose/)
-1. copy `app/config/site.yml.tmpl` to `app/config/site.yml` and customize as needed
-1. then with `./bin/setup` you will prepare for the first run
-1. start the server with `./script/server` which will start everything you need in Docker and present Tracks at [http://0.0.0.0:3000](http://0.0.0.0:3000)
-1. if you need, you can launch a Rails console with `./bin/rails c` (will run inside Docker)
-1. make your changes and add/update relevant tests
-1. run the test suite with `./bin/rake test` (will run inside Docker)
-1. commit the changes
-1. send a pull request.
+2. [create a topic branch](http://learn.github.com/p/branching.html).
+3. install [docker-compose](https://docs.docker.com/compose/)
+4. copy `app/config/site.yml.tmpl` to `app/config/site.yml` and customize as needed
+5. then with `./bin/setup` you will prepare for the first run
+6. start the server with `./script/server` which will start everything you need in Docker and present Tracks at [http://0.0.0.0:3000](http://0.0.0.0:3000)
+7. if you need, you can launch a Rails console with `./bin/rails c` (will run inside Docker)
+8. make your changes and add/update relevant tests
+9. run the test suite with `./bin/rake test` (will run inside Docker)
+10. commit the changes
+11. send a pull request.
+
+Make sure that you've added the necessary tests for any new functionality and preferably also for any bugs and that your contribution conforms to the coding style defined by the CodeClimate checks. The coding style definition should be approximately the same as the [Shopify Ruby Style Guide](https://ruby-style-guide.shopify.dev/).
--- a/61
+++ b/61
@ -1,15 +1,66 @@
-FROM ruby:2.4
+ARG RUBY_VERSION=3.3
+FROM ruby:${RUBY_VERSION} AS base

 WORKDIR /app
-
 RUN touch /etc/app-env

-COPY Gemfile* /app/
+RUN apt-get update && apt-get install -y npm netcat-openbsd
+RUN npm install -g yarn
 RUN gem install bundler
-RUN bundle install --jobs 4

 RUN mkdir /app/log

-COPY . /app/
+COPY COPYING /app/
+COPY config /app/config/
+COPY config/database.docker.yml /app/config/database.yml
+COPY config/site.docker.yml /app/config/site.yml

+COPY bin /app/bin/
+COPY script /app/script/
+COPY public /app/public/
+COPY vendor /app/vendor/
+
+COPY .yardopts /app/
+COPY Rakefile /app/
+COPY config.ru /app/
+COPY docker-entrypoint.sh /app/
+
+COPY lib /app/lib/
+COPY app /app/app/
+COPY db /app/db/
+
+# Use glob to omit error if the .git directory doesn't exists (in case the
+# code is from a release archive, not a Git clone)
+COPY .gi[t] /app/.git
+
+COPY Gemfile* /app/
+
+ENTRYPOINT ["/app/docker-entrypoint.sh"]
 EXPOSE 3000
+CMD ["./bin/rails", "server", "-b", "0.0.0.0"]
+
+FROM base AS precompile
+RUN bundle config set deployment true
+RUN bundle install --jobs 4
+RUN RAILS_GROUPS=assets bundle exec rake assets:precompile
+
+# Build the environment-specific stuff
+FROM base AS production
+RUN bundle config set without assets
+RUN bundle config --global frozen 1
+RUN bundle install --jobs 4
+COPY --from=precompile /app/public/assets /app/public/assets
+
+FROM base AS test
+COPY test /app/test/
+# For testing the API client
+COPY doc /app/doc/
+RUN bundle config set without assets
+RUN bundle config set with development test
+RUN bundle config --global frozen 1
+RUN bundle install --jobs 4
+COPY --from=precompile /app/public/assets /app/public/assets
+
+FROM base AS development
+RUN bundle config set with development test
+RUN bundle install --jobs 4
--- a/137
+++ b/137
@ -1,91 +1,72 @@
 source 'https://rubygems.org'

-gem 'rails', '~> 5.2.3'
-gem 'sass-rails', '~> 5.0'
-gem 'coffee-rails', '~> 4.2.0'
+gem 'actionpack-xml_parser', '~> 2.0'
+gem 'activemodel-serializers-xml', '~> 1.0.3'

-#gem 'json'
+gem 'rails', '~> 7.1'

-# todo: remove xml api
-gem "actionpack-xml_parser", "~> 2.0"
-gem "activemodel-serializers-xml", "~> 1.0.1"
+gem 'font-awesome-sass', '~> 6.7.2'
+gem 'jquery-rails', '~> 4.6'
+gem 'jquery-ui-rails', '~>8.0.0'
+gem 'aasm', '~> 5.5.1'
+gem 'acts_as_list'
+gem 'bcrypt', '~> 3.1.20'
+gem 'htmlentities'
+gem "kt-paperclip", "~> 7.2"
+gem 'puma', '~> 6.6'
+gem 'rails_autolink'
+gem 'RedCloth'
+gem 'sanitize', '~> 7.0'
+gem 'tracks-chartjs-ror'
+gem 'will_paginate'
+
+gem 'rexml'
+
+# Use --without <group> argument to skip unnecessary drivers
+gem 'sqlite3', '~> 2.7', group: :sqlite
+gem 'mysql2', '~> 0.5', group: :mysql
+gem 'pg', '~> 1.5', group: :postgresql

 # See https://github.com/sstephenson/execjs#readme for more supported runtimes
-gem 'therubyracer', group: :therubyracer
+gem 'mini_racer', group: :therubyracer

-gem 'uglifier', '>=1.3.0'
-
-gem 'jquery-rails' , '~> 4.3'
-gem 'jquery-ui-rails' , '~>5.0.5'
-
-# you may comment out the database driver(s) you will not be using.
-# This will prevent a native build of the driver. Building native drivers is not
-# always possible on all platforms
-# Alternatively use --without <group> arguments to bundler to not install that group
-gem "sqlite3", group: :sqlite
-gem "mysql2", "~> 0.5.2", group: :mysql
-
-gem "RedCloth"
-gem "sanitize", "~> 5.0"
-gem "will_paginate"
-gem "acts_as_list"
-gem "aasm", '~> 3.4.0'
-gem "htmlentities"
-gem "rails_autolink"
-gem 'puma', '~> 4.1'
-gem 'paperclip'
-
-# To use ActiveModel has_secure_password
-gem 'bcrypt', '~> 3.1.13'
-
-gem 'chartjs-ror'
-
-# Turbolinks makes following links in your web application faster. Read more: https://github.com/rails/turbolinks
-# gem 'turbolinks'
-
-# Build JSON APIs with ease. Read more: https://github.com/rails/jbuilder
-# gem 'jbuilder', '~> 1.2'
-
-gem "bootstrap-sass", "3.4.1"
-gem "font-awesome-sass", "~> 4.5.0"
-
-group :development do
-  gem "spring"
-  gem "yard"
-
-  gem 'tolk', '~> 3.2.1'
-
-  gem "bullet"
-  gem "rack-mini-profiler"
-end
-
-group :development, :test do
-  gem 'byebug'
+gem 'sprockets-rails'
+gem 'coffee-rails', '~> 5.0.0'
+gem 'dartsass-sprockets'
+gem 'bootstrap-sass', '3.4.1'
+gem 'terser'
 gem 'listen'
-  gem "rubocop", "~> 0.74", require: false
+gem 'tolk', '~> 6.0.0'
+
+group :development, :optional => true do
+  gem 'spring', '~> 4'
+  gem 'yard'
+
+  gem 'bullet'
+  gem 'rack-mini-profiler'
+  gem 'solargraph'
+
+  gem 'i18n-tasks', '~> 1.0.15'
 end

-group :test do
-  gem 'rails-controller-testing'
-  gem 'rails-dom-testing', '~> 2.0.0'
+group :development, :test, :optional => true do
+  gem 'byebug'
+  gem 'rubocop', '~> 1.78'
+end

-
-  gem "factory_bot_rails"
-  gem "rspec-expectations"
-  gem "database_cleaner"
-  gem "mocha", :require => false
-  gem "minitest-stub-const"
-
-  gem "selenium-webdriver", "~> 3.142"
-
-  # uncomment to use the webkit option. This depends on Qt being installed
-  # gem "capybara-webkit"
-
-  # uncomment to be able to make screenshots from scenarios
-  #gem "capybara-screenshot"
-  #gem "launchy"
-
-  gem "simplecov"
+group :test, :optional => true do
  # get test coverage info on codeclimate
-  gem "codeclimate-test-reporter", "1.0.7", group: :test, require: nil
+  gem 'codeclimate-test-reporter', '1.0.9'
+  gem 'database_cleaner', '~> 2'
+  gem 'factory_bot_rails'
+  gem 'minitest-stub-const'
+  gem 'mocha'
+  gem 'rails-controller-testing'
+  gem 'rails-dom-testing', '~> 2.3.0'
+  gem 'rspec-expectations'
+  gem 'simplecov'
+end
+
+group :stripe, :optional => true do
+  gem 'stripe'
 end
--- a/Gemfile.lock
+++ b/Gemfile.lock
@ -1,315 +1,471 @@
 GEM
  remote: https://rubygems.org/
  specs:
-    RedCloth (4.3.2)
-    aasm (3.4.0)
-    actioncable (5.2.3)
-      actionpack (= 5.2.3)
+    RedCloth (4.3.4)
+    aasm (5.5.1)
+      concurrent-ruby (~> 1.0)
+    actioncable (7.1.5.1)
+      actionpack (= 7.1.5.1)
+      activesupport (= 7.1.5.1)
      nio4r (~> 2.0)
      websocket-driver (>= 0.6.1)
-    actionmailer (5.2.3)
-      actionpack (= 5.2.3)
-      actionview (= 5.2.3)
-      activejob (= 5.2.3)
+      zeitwerk (~> 2.6)
+    actionmailbox (7.1.5.1)
+      actionpack (= 7.1.5.1)
+      activejob (= 7.1.5.1)
+      activerecord (= 7.1.5.1)
+      activestorage (= 7.1.5.1)
+      activesupport (= 7.1.5.1)
+      mail (>= 2.7.1)
+      net-imap
+      net-pop
+      net-smtp
+    actionmailer (7.1.5.1)
+      actionpack (= 7.1.5.1)
+      actionview (= 7.1.5.1)
+      activejob (= 7.1.5.1)
+      activesupport (= 7.1.5.1)
      mail (~> 2.5, >= 2.5.4)
-      rails-dom-testing (~> 2.0)
-    actionpack (5.2.3)
-      actionview (= 5.2.3)
-      activesupport (= 5.2.3)
-      rack (~> 2.0)
+      net-imap
+      net-pop
+      net-smtp
+      rails-dom-testing (~> 2.2)
+    actionpack (7.1.5.1)
+      actionview (= 7.1.5.1)
+      activesupport (= 7.1.5.1)
+      nokogiri (>= 1.8.5)
+      racc
+      rack (>= 2.2.4)
+      rack-session (>= 1.0.1)
      rack-test (>= 0.6.3)
-      rails-dom-testing (~> 2.0)
-      rails-html-sanitizer (~> 1.0, >= 1.0.2)
+      rails-dom-testing (~> 2.2)
+      rails-html-sanitizer (~> 1.6)
    actionpack-xml_parser (2.0.1)
      actionpack (>= 5.0)
      railties (>= 5.0)
-    actionview (5.2.3)
-      activesupport (= 5.2.3)
+    actiontext (7.1.5.1)
+      actionpack (= 7.1.5.1)
+      activerecord (= 7.1.5.1)
+      activestorage (= 7.1.5.1)
+      activesupport (= 7.1.5.1)
+      globalid (>= 0.6.0)
+      nokogiri (>= 1.8.5)
+    actionview (7.1.5.1)
+      activesupport (= 7.1.5.1)
      builder (~> 3.1)
-      erubi (~> 1.4)
-      rails-dom-testing (~> 2.0)
-      rails-html-sanitizer (~> 1.0, >= 1.0.3)
-    activejob (5.2.3)
-      activesupport (= 5.2.3)
+      erubi (~> 1.11)
+      rails-dom-testing (~> 2.2)
+      rails-html-sanitizer (~> 1.6)
+    activejob (7.1.5.1)
+      activesupport (= 7.1.5.1)
      globalid (>= 0.3.6)
-    activemodel (5.2.3)
-      activesupport (= 5.2.3)
-    activemodel-serializers-xml (1.0.2)
-      activemodel (> 5.x)
-      activesupport (> 5.x)
+    activemodel (7.1.5.1)
+      activesupport (= 7.1.5.1)
+    activemodel-serializers-xml (1.0.3)
+      activemodel (>= 5.0.0.a)
+      activesupport (>= 5.0.0.a)
      builder (~> 3.1)
-    activerecord (5.2.3)
-      activemodel (= 5.2.3)
-      activesupport (= 5.2.3)
-      arel (>= 9.0)
-    activestorage (5.2.3)
-      actionpack (= 5.2.3)
-      activerecord (= 5.2.3)
-      marcel (~> 0.3.1)
-    activesupport (5.2.3)
+    activerecord (7.1.5.1)
+      activemodel (= 7.1.5.1)
+      activesupport (= 7.1.5.1)
+      timeout (>= 0.4.0)
+    activestorage (7.1.5.1)
+      actionpack (= 7.1.5.1)
+      activejob (= 7.1.5.1)
+      activerecord (= 7.1.5.1)
+      activesupport (= 7.1.5.1)
+      marcel (~> 1.0)
+    activesupport (7.1.5.1)
+      base64
+      benchmark (>= 0.3)
+      bigdecimal
      concurrent-ruby (~> 1.0, >= 1.0.2)
-      i18n (>= 0.7, < 2)
-      minitest (~> 5.1)
-      tzinfo (~> 1.1)
-    acts_as_list (0.9.19)
-      activerecord (>= 3.0)
-    arel (9.0.0)
-    ast (2.4.0)
-    autoprefixer-rails (9.4.7)
-      execjs
-    bcrypt (3.1.13)
+      connection_pool (>= 2.2.5)
+      drb
+      i18n (>= 1.6, < 2)
+      logger (>= 1.4.2)
+      minitest (>= 5.1)
+      mutex_m
+      securerandom (>= 0.3)
+      tzinfo (~> 2.0)
+    acts_as_list (1.2.4)
+      activerecord (>= 6.1)
+      activesupport (>= 6.1)
+    ast (2.4.3)
+    autoprefixer-rails (10.4.21.0)
+      execjs (~> 2)
+    backport (1.2.0)
+    base64 (0.3.0)
+    bcrypt (3.1.20)
+    benchmark (0.4.1)
+    bigdecimal (3.2.2)
    bootstrap-sass (3.4.1)
      autoprefixer-rails (>= 5.2.1)
      sassc (>= 2.0.0)
-    builder (3.2.3)
-    bullet (6.0.1)
+    builder (3.3.0)
+    bullet (8.0.8)
      activesupport (>= 3.0.0)
      uniform_notifier (~> 1.11)
-    byebug (11.0.1)
-    chartjs-ror (3.6.4)
-      rails (>= 3.1)
-    childprocess (2.0.0)
-      rake (< 13.0)
+    byebug (12.0.0)
    climate_control (0.2.0)
-    codeclimate-test-reporter (1.0.7)
-      simplecov
-    coffee-rails (4.2.2)
+    codeclimate-test-reporter (1.0.9)
+      simplecov (<= 0.13)
+    coffee-rails (5.0.0)
      coffee-script (>= 2.2.0)
-      railties (>= 4.0.0)
+      railties (>= 5.2.0)
    coffee-script (2.4.1)
      coffee-script-source
      execjs
    coffee-script-source (1.12.2)
-    concurrent-ruby (1.1.5)
-    crass (1.0.5)
-    database_cleaner (1.7.0)
-    diff-lcs (1.3)
-    docile (1.3.2)
-    erubi (1.8.0)
-    execjs (2.7.0)
-    factory_bot (4.11.1)
-      activesupport (>= 3.0.0)
-    factory_bot_rails (4.11.1)
-      factory_bot (~> 4.11.1)
-      railties (>= 3.0.0)
-    ffi (1.9.25)
-    font-awesome-sass (4.5.0)
-      sass (>= 3.2)
-    globalid (0.4.2)
-      activesupport (>= 4.2.0)
+    concurrent-ruby (1.3.5)
+    connection_pool (2.5.3)
+    crass (1.0.6)
+    dartsass-sprockets (3.2.1)
+      railties (>= 4.0.0)
+      sassc-embedded (~> 1.80.1)
+      sprockets (> 3.0)
+      sprockets-rails
+      tilt
+    database_cleaner (2.1.0)
+      database_cleaner-active_record (>= 2, < 3)
+    database_cleaner-active_record (2.2.0)
+      activerecord (>= 5.a)
+      database_cleaner-core (~> 2.0.0)
+    database_cleaner-core (2.0.1)
+    date (3.4.1)
+    diff-lcs (1.6.2)
+    docile (1.1.5)
+    drb (2.2.3)
+    erb (5.0.1)
+    erubi (1.13.1)
+    execjs (2.10.0)
+    factory_bot (6.5.4)
+      activesupport (>= 6.1.0)
+    factory_bot_rails (6.5.0)
+      factory_bot (~> 6.5)
+      railties (>= 6.1.0)
+    ffi (1.17.0)
+    font-awesome-sass (6.7.2)
+      sassc (~> 2.0)
+    globalid (1.2.1)
+      activesupport (>= 6.1)
+    google-protobuf (4.31.1)
+      bigdecimal
+      rake (>= 13)
+    highline (3.1.2)
+      reline
    htmlentities (4.3.4)
-    i18n (1.6.0)
+    i18n (1.14.7)
      concurrent-ruby (~> 1.0)
-    jaro_winkler (1.5.3)
-    jquery-rails (4.3.5)
+    i18n-tasks (1.0.15)
+      activesupport (>= 4.0.2)
+      ast (>= 2.1.0)
+      erubi
+      highline (>= 2.0.0)
+      i18n
+      parser (>= 3.2.2.1)
+      rails-i18n
+      rainbow (>= 2.2.2, < 4.0)
+      ruby-progressbar (~> 1.8, >= 1.8.1)
+      terminal-table (>= 1.5.1)
+    io-console (0.8.0)
+    irb (1.15.2)
+      pp (>= 0.6.0)
+      rdoc (>= 4.0.0)
+      reline (>= 0.4.2)
+    jaro_winkler (1.6.1)
+    jquery-rails (4.6.0)
      rails-dom-testing (>= 1, < 3)
      railties (>= 4.2.0)
      thor (>= 0.14, < 2.0)
-    jquery-ui-rails (5.0.5)
+    jquery-ui-rails (8.0.0)
      railties (>= 3.2.16)
-    json (2.2.0)
-    libv8 (3.16.14.19)
-    listen (3.1.5)
-      rb-fsevent (~> 0.9, >= 0.9.4)
-      rb-inotify (~> 0.9, >= 0.9.7)
-      ruby_dep (~> 1.2)
-    loofah (2.3.1)
-      crass (~> 1.0.2)
-      nokogiri (>= 1.5.9)
-    mail (2.7.1)
-      mini_mime (>= 0.1.1)
-    marcel (0.3.3)
-      mimemagic (~> 0.3.2)
-    metaclass (0.0.4)
-    method_source (0.9.2)
-    mime-types (3.1)
-      mime-types-data (~> 3.2015)
-    mime-types-data (3.2016.0521)
-    mimemagic (0.3.3)
-    mini_mime (1.0.2)
-    mini_portile2 (2.4.0)
-    minitest (5.11.3)
-    minitest-stub-const (0.6)
-    mocha (1.9.0)
-      metaclass (~> 0.0.1)
-    mysql2 (0.5.2)
-    nio4r (2.5.1)
-    nokogiri (1.10.4)
-      mini_portile2 (~> 2.4.0)
-    nokogumbo (2.0.1)
-      nokogiri (~> 1.8, >= 1.8.4)
-    paperclip (6.1.0)
+    json (2.12.2)
+    kramdown (2.5.1)
+      rexml (>= 3.3.9)
+    kramdown-parser-gfm (1.1.0)
+      kramdown (~> 2.0)
+    kt-paperclip (7.2.0)
      activemodel (>= 4.2.0)
      activesupport (>= 4.2.0)
+      marcel (~> 1.0.1)
      mime-types
-      mimemagic (~> 0.3.0)
      terrapin (~> 0.6.0)
-    parallel (1.17.0)
-    parser (2.6.3.0)
-      ast (~> 2.4.0)
-    puma (4.1.1)
-      nio4r (~> 2.0)
-    rack (2.0.7)
-    rack-mini-profiler (1.0.2)
-      rack (>= 1.2.0)
-    rack-test (1.1.0)
-      rack (>= 1.0, < 3)
-    rails (5.2.3)
-      actioncable (= 5.2.3)
-      actionmailer (= 5.2.3)
-      actionpack (= 5.2.3)
-      actionview (= 5.2.3)
-      activejob (= 5.2.3)
-      activemodel (= 5.2.3)
-      activerecord (= 5.2.3)
-      activestorage (= 5.2.3)
-      activesupport (= 5.2.3)
-      bundler (>= 1.3.0)
-      railties (= 5.2.3)
-      sprockets-rails (>= 2.0.0)
-    rails-controller-testing (1.0.4)
-      actionpack (>= 5.0.1.x)
-      actionview (>= 5.0.1.x)
-      activesupport (>= 5.0.1.x)
-    rails-dom-testing (2.0.3)
-      activesupport (>= 4.2.0)
-      nokogiri (>= 1.6)
-    rails-html-sanitizer (1.2.0)
-      loofah (~> 2.2, >= 2.2.2)
-    rails_autolink (1.1.6)
-      rails (> 3.1)
-    railties (5.2.3)
-      actionpack (= 5.2.3)
-      activesupport (= 5.2.3)
-      method_source
-      rake (>= 0.8.7)
-      thor (>= 0.19.0, < 2.0)
-    rainbow (3.0.0)
-    rake (12.3.3)
-    rb-fsevent (0.10.3)
-    rb-inotify (0.10.0)
-      ffi (~> 1.0)
-    ref (2.0.0)
-    rspec-expectations (3.8.4)
-      diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.8.0)
-    rspec-support (3.8.2)
-    rubocop (0.74.0)
-      jaro_winkler (~> 1.5.1)
-      parallel (~> 1.10)
-      parser (>= 2.6)
-      rainbow (>= 2.2.2, < 4.0)
-      ruby-progressbar (~> 1.7)
-      unicode-display_width (>= 1.4.0, < 1.7)
-    ruby-progressbar (1.10.1)
-    ruby_dep (1.5.0)
-    rubyzip (1.2.4)
-    safe_yaml (1.0.5)
-    sanitize (5.0.0)
+    language_server-protocol (3.17.0.5)
+    libv8-node (24.1.0.0)
+    lint_roller (1.1.0)
+    listen (3.9.0)
+      rb-fsevent (~> 0.10, >= 0.10.3)
+      rb-inotify (~> 0.9, >= 0.9.10)
+    logger (1.7.0)
+    loofah (2.24.1)
      crass (~> 1.0.2)
-      nokogiri (>= 1.8.0)
-      nokogumbo (~> 2.0)
-    sass (3.7.4)
-      sass-listen (~> 4.0.0)
-    sass-listen (4.0.0)
-      rb-fsevent (~> 0.9, >= 0.9.4)
-      rb-inotify (~> 0.9, >= 0.9.7)
-    sass-rails (5.0.7)
-      railties (>= 4.0.0, < 6)
-      sass (~> 3.1)
-      sprockets (>= 2.8, < 4.0)
-      sprockets-rails (>= 2.0, < 4.0)
-      tilt (>= 1.1, < 3)
-    sassc (2.0.0)
-      ffi (~> 1.9.6)
-      rake
-    selenium-webdriver (3.142.4)
-      childprocess (>= 0.5, < 3.0)
-      rubyzip (~> 1.2, >= 1.2.2)
-    simplecov (0.17.0)
-      docile (~> 1.1)
+      nokogiri (>= 1.12.0)
+    mail (2.8.1)
+      mini_mime (>= 0.1.1)
+      net-imap
+      net-pop
+      net-smtp
+    marcel (1.0.4)
+    mime-types (3.4.1)
+      mime-types-data (~> 3.2015)
+    mime-types-data (3.2023.0218.1)
+    mini_mime (1.1.5)
+    mini_portile2 (2.8.9)
+    mini_racer (0.19.0)
+      libv8-node (~> 24.1.0.0)
+    minitest (5.25.5)
+    minitest-stub-const (0.6)
+    mocha (2.7.1)
+      ruby2_keywords (>= 0.0.5)
+    mutex_m (0.3.0)
+    mysql2 (0.5.6)
+    net-imap (0.5.9)
+      date
+      net-protocol
+    net-pop (0.1.2)
+      net-protocol
+    net-protocol (0.2.2)
+      timeout
+    net-smtp (0.5.1)
+      net-protocol
+    nio4r (2.7.4)
+    nokogiri (1.18.9)
+      mini_portile2 (~> 2.8.2)
+      racc (~> 1.4)
+    observer (0.1.2)
+    ostruct (0.6.2)
+    parallel (1.27.0)
+    parser (3.3.8.0)
+      ast (~> 2.4.1)
+      racc
+    pg (1.5.9)
+    pp (0.6.2)
+      prettyprint
+    prettyprint (0.2.0)
+    prism (1.4.0)
+    psych (5.2.6)
+      date
+      stringio
+    puma (6.6.0)
+      nio4r (~> 2.0)
+    racc (1.8.1)
+    rack (3.2.0)
+    rack-mini-profiler (4.0.1)
+      rack (>= 1.2.0)
+    rack-session (2.1.1)
+      base64 (>= 0.1.0)
+      rack (>= 3.0.0)
+    rack-test (2.2.0)
+      rack (>= 1.3)
+    rackup (2.2.1)
+      rack (>= 3)
+    rails (7.1.5.1)
+      actioncable (= 7.1.5.1)
+      actionmailbox (= 7.1.5.1)
+      actionmailer (= 7.1.5.1)
+      actionpack (= 7.1.5.1)
+      actiontext (= 7.1.5.1)
+      actionview (= 7.1.5.1)
+      activejob (= 7.1.5.1)
+      activemodel (= 7.1.5.1)
+      activerecord (= 7.1.5.1)
+      activestorage (= 7.1.5.1)
+      activesupport (= 7.1.5.1)
+      bundler (>= 1.15.0)
+      railties (= 7.1.5.1)
+    rails-controller-testing (1.0.5)
+      actionpack (>= 5.0.1.rc1)
+      actionview (>= 5.0.1.rc1)
+      activesupport (>= 5.0.1.rc1)
+    rails-dom-testing (2.3.0)
+      activesupport (>= 5.0.0)
+      minitest
+      nokogiri (>= 1.6)
+    rails-html-sanitizer (1.6.2)
+      loofah (~> 2.21)
+      nokogiri (>= 1.15.7, != 1.16.7, != 1.16.6, != 1.16.5, != 1.16.4, != 1.16.3, != 1.16.2, != 1.16.1, != 1.16.0.rc1, != 1.16.0)
+    rails-i18n (7.0.10)
+      i18n (>= 0.7, < 2)
+      railties (>= 6.0.0, < 8)
+    rails_autolink (1.1.8)
+      actionview (> 3.1)
+      activesupport (> 3.1)
+      railties (> 3.1)
+    railties (7.1.5.1)
+      actionpack (= 7.1.5.1)
+      activesupport (= 7.1.5.1)
+      irb
+      rackup (>= 1.0.0)
+      rake (>= 12.2)
+      thor (~> 1.0, >= 1.2.2)
+      zeitwerk (~> 2.6)
+    rainbow (3.1.1)
+    rake (13.3.0)
+    rb-fsevent (0.11.2)
+    rb-inotify (0.11.1)
+      ffi (~> 1.0)
+    rbs (3.9.4)
+      logger
+    rdoc (6.14.1)
+      erb
+      psych (>= 4.0.0)
+    regexp_parser (2.10.0)
+    reline (0.6.1)
+      io-console (~> 0.5)
+    reverse_markdown (3.0.0)
+      nokogiri
+    rexml (3.4.1)
+    rspec-expectations (3.13.5)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.13.0)
+    rspec-support (3.13.4)
+    rubocop (1.78.0)
+      json (~> 2.3)
+      language_server-protocol (~> 3.17.0.2)
+      lint_roller (~> 1.1.0)
+      parallel (~> 1.10)
+      parser (>= 3.3.0.2)
+      rainbow (>= 2.2.2, < 4.0)
+      regexp_parser (>= 2.9.3, < 3.0)
+      rubocop-ast (>= 1.45.1, < 2.0)
+      ruby-progressbar (~> 1.7)
+      unicode-display_width (>= 2.4.0, < 4.0)
+    rubocop-ast (1.45.1)
+      parser (>= 3.3.7.2)
+      prism (~> 1.4)
+    ruby-progressbar (1.13.0)
+    ruby2_keywords (0.0.5)
+    sanitize (7.0.0)
+      crass (~> 1.0.2)
+      nokogiri (>= 1.16.8)
+    sass-embedded (1.89.2)
+      google-protobuf (~> 4.31)
+      rake (>= 13)
+    sassc (2.4.0)
+      ffi (~> 1.9)
+    sassc-embedded (1.80.4)
+      sass-embedded (~> 1.80)
+    securerandom (0.4.1)
+    simplecov (0.13.0)
+      docile (~> 1.1.0)
      json (>= 1.8, < 3)
      simplecov-html (~> 0.10.0)
    simplecov-html (0.10.2)
-    spring (2.1.0)
-    sprockets (3.7.2)
+    solargraph (0.56.0)
+      backport (~> 1.2)
+      benchmark (~> 0.4)
+      bundler (~> 2.0)
+      diff-lcs (~> 1.4)
+      jaro_winkler (~> 1.6, >= 1.6.1)
+      kramdown (~> 2.3)
+      kramdown-parser-gfm (~> 1.1)
+      logger (~> 1.6)
+      observer (~> 0.1)
+      ostruct (~> 0.6)
+      parser (~> 3.0)
+      prism (~> 1.4)
+      rbs (~> 3.3)
+      reverse_markdown (~> 3.0)
+      rubocop (~> 1.38)
+      thor (~> 1.0)
+      tilt (~> 2.0)
+      yard (~> 0.9, >= 0.9.24)
+      yard-solargraph (~> 0.1)
+    spring (4.3.0)
+    sprockets (4.2.2)
      concurrent-ruby (~> 1.0)
-      rack (> 1, < 3)
-    sprockets-rails (3.2.1)
-      actionpack (>= 4.0)
-      activesupport (>= 4.0)
+      logger
+      rack (>= 2.2.4, < 4)
+    sprockets-rails (3.5.2)
+      actionpack (>= 6.1)
+      activesupport (>= 6.1)
      sprockets (>= 3.0.0)
-    sqlite3 (1.4.1)
+    sqlite3 (2.7.3)
+      mini_portile2 (~> 2.8.0)
+    stringio (3.1.7)
+    stripe (15.5.0)
+    terminal-table (4.0.0)
+      unicode-display_width (>= 1.1.1, < 4)
    terrapin (0.6.0)
      climate_control (>= 0.0.3, < 1.0)
-    therubyracer (0.12.3)
-      libv8 (~> 3.16.14.15)
-      ref
-    thor (0.20.3)
-    thread_safe (0.3.6)
-    tilt (2.0.8)
-    tolk (3.2.1)
-      rails (>= 5.0)
-      safe_yaml (>= 0.8.6)
-      sass
-    tzinfo (1.2.5)
-      thread_safe (~> 0.1)
-    uglifier (4.1.20)
+    terser (1.2.6)
      execjs (>= 0.3.0, < 3)
-    unicode-display_width (1.6.0)
-    uniform_notifier (1.12.1)
-    websocket-driver (0.7.1)
+    thor (1.4.0)
+    tilt (2.6.0)
+    timeout (0.4.3)
+    tolk (6.0.0)
+      rails (>= 7.0, < 7.3)
+      sprockets-rails (~> 3.4)
+    tracks-chartjs-ror (3.6.4)
+      rails (>= 3.1)
+    tzinfo (2.0.6)
+      concurrent-ruby (~> 1.0)
+    unicode-display_width (3.1.4)
+      unicode-emoji (~> 4.0, >= 4.0.4)
+    unicode-emoji (4.0.4)
+    uniform_notifier (1.17.0)
+    websocket-driver (0.8.0)
+      base64
      websocket-extensions (>= 0.1.0)
-    websocket-extensions (0.1.4)
-    will_paginate (3.1.8)
-    yard (0.9.20)
+    websocket-extensions (0.1.5)
+    will_paginate (4.0.1)
+    yard (0.9.37)
+    yard-solargraph (0.1.0)
+      yard (~> 0.9)
+    zeitwerk (2.7.3)

 PLATFORMS
  ruby

 DEPENDENCIES
  RedCloth
-  aasm (~> 3.4.0)
+  aasm (~> 5.5.1)
  actionpack-xml_parser (~> 2.0)
-  activemodel-serializers-xml (~> 1.0.1)
+  activemodel-serializers-xml (~> 1.0.3)
  acts_as_list
-  bcrypt (~> 3.1.13)
+  bcrypt (~> 3.1.20)
  bootstrap-sass (= 3.4.1)
  bullet
  byebug
-  chartjs-ror
-  codeclimate-test-reporter (= 1.0.7)
-  coffee-rails (~> 4.2.0)
-  database_cleaner
+  codeclimate-test-reporter (= 1.0.9)
+  coffee-rails (~> 5.0.0)
+  dartsass-sprockets
+  database_cleaner (~> 2)
  factory_bot_rails
-  font-awesome-sass (~> 4.5.0)
+  font-awesome-sass (~> 6.7.2)
  htmlentities
-  jquery-rails (~> 4.3)
-  jquery-ui-rails (~> 5.0.5)
+  i18n-tasks (~> 1.0.15)
+  jquery-rails (~> 4.6)
+  jquery-ui-rails (~> 8.0.0)
+  kt-paperclip (~> 7.2)
  listen
+  mini_racer
  minitest-stub-const
  mocha
-  mysql2 (~> 0.5.2)
-  paperclip
-  puma (~> 4.1)
+  mysql2 (~> 0.5)
+  pg (~> 1.5)
+  puma (~> 6.6)
  rack-mini-profiler
-  rails (~> 5.2.3)
+  rails (~> 7.1)
  rails-controller-testing
-  rails-dom-testing (~> 2.0.0)
+  rails-dom-testing (~> 2.3.0)
  rails_autolink
+  rexml
  rspec-expectations
-  rubocop (~> 0.74)
-  sanitize (~> 5.0)
-  sass-rails (~> 5.0)
-  selenium-webdriver (~> 3.142)
+  rubocop (~> 1.78)
+  sanitize (~> 7.0)
  simplecov
-  spring
-  sqlite3
-  therubyracer
-  tolk (~> 3.2.1)
-  uglifier (>= 1.3.0)
+  solargraph
+  spring (~> 4)
+  sprockets-rails
+  sqlite3 (~> 2.7)
+  stripe
+  terser
+  tolk (~> 6.0.0)
+  tracks-chartjs-ror
  will_paginate
  yard

 BUNDLED WITH
-   2.0.1
+   2.4.19
--- a/README.md
+++ b/README.md
@ -1,57 +1,37 @@
-# Tracks: a GTD(TM) web application, built with Ruby on Rails
+# Tracks: a GTD™ compatible web application built with Ruby on Rails
+
+[![Build Status](https://github.com/TracksApp/tracks/workflows/Continuous%20Integration/badge.svg)](https://github.com/TracksApp/tracks/actions)
+[![Code Climate](https://codeclimate.com/github/TracksApp/tracks/badges/gpa.svg)](https://codeclimate.com/github/TracksApp/tracks)
+[![Translation status](https://hosted.weblate.org/widgets/tracks/-/tracks/svg-badge.svg)](https://hosted.weblate.org/engage/tracks/)
+[![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/6459/badge)](https://bestpractices.coreinfrastructure.org/projects/6459)
+
+## About

 * Project homepage: http://www.getontracks.org/
 * Manual: http://www.getontracks.org/manual/
 * Source at GitHub: https://github.com/TracksApp/tracks
+* Hosted services: https://github.com/TracksApp/tracks/wiki/Hosted-Tracks
 * Bug reports and feature requests: https://github.com/TracksApp/tracks/issues
-* Wiki (community contributed information): https://github.com/TracksApp/tracks/wiki
 * Mailing list: http://groups.google.com/group/TracksApp
-* IRC channel: #tracks on Freenode
-* Original developer: bsag (http://www.rousette.org.uk/)
-* Contributors: https://github.com/TracksApp/tracks/wiki/Contributors
-* Version: 2.4.1
+* License: See COPYING

-[![Build Status](https://github.com/TracksApp/tracks/workflows/Continuous%20Integration/badge.svg)](https://github.com/TracksApp/tracks/actions)
-[![Code Climate](https://codeclimate.com/github/TracksApp/tracks/badges/gpa.svg)](https://codeclimate.com/github/TracksApp/tracks)
+Full instructions for both new installations and upgrades from older installations
+of Tracks can be found in the [wiki](https://github.com/TracksApp/tracks/wiki/Installation).

-Full instructions for both new installations and upgrades from older installations of Tracks
-can be found within the /doc directory.
-
-The instructions might appear long and intimidatingly complex, but that is
-mostly because of the number of different platforms supported, and the
-different configurations which can be used (e.g. running Tracks on your local
-computer or on a remote server). If you choose the appropriate section for your
-situation (installation vs. upgrade), and use the easiest (recommended) method,
-you should find the instructions easy to follow. If you encounter problems, try
-searching the wiki or mailing list (URLs above), and ask a question if
-you cannot find a solution to your problem.
-
-The wiki has a lot of user contributed installation HOWTOs for various webhosts, specific OS's and more.
-
-If you are thinking about contributing towards the development of Tracks,
-please read /CONTRIBUTING.md for general information. Also you can find
-some information on development, testing and contributing on the wiki.
-
-While fully usable for everyday use, Tracks is still a work in progress. Make
-sure that you take sensible precautions and back up all your data frequently,
+As always, make sure that you take sensible precautions and back up all your data frequently,
 taking particular care when you are upgrading.

 Enjoy being productive!

--------------------------------------------------------------------------------
+## Contributors and consulting

-Copyright (C) 2004-2016 rousette.org.uk
+* Original developer: bsag (http://www.rousette.org.uk/)
+* Principal maintainer: [Jyri-Petteri ”ZeiP” Paloposki](https://github.com/ZeiP)
+  (sponsored by [Ardcoras oy](https://www.ardcoras.fi/), also available for paid consulting)
+  * If you want to support the maintainer's work, subscribe to the
+    [hosted version](https://www.taskitin.fi/).
+* Contributors: https://github.com/TracksApp/tracks/wiki/Contributors

-This program is free software; you can redistribute it and/or
-modify it under the terms of the GNU General Public License
-as published by the Free Software Foundation; either version 2
-of the License, or (at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program; if not, write to the Free Software
-Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+If you are thinking about contributing towards the development of Tracks,
+please read /CONTRIBUTING.md for general information. Also you can find
+some information on development, testing and contributing on the wiki.
--- a/SECURITY.md
+++ b/SECURITY.md
@ -0,0 +1,60 @@
+# Security policy
+
+## Supported versions
+
+Only the most recent stable version is supported.
+
+## Reporting a vulnerability
+
+Please report any security issues via email to security@getontracks.org.
+If you don't get a reply for your email, resend the email after one week.
+If there's still no reply, open an issue in the issue queue but *do not
+disclose the details* in the issue, only ask about the reply and status.
+
+You can (and should) encrypt the email you send with OpenGPG key
+0x8af45b6854414d2d, which you can find for example in pool.sks-keyservers.net.
+
+Unfortunately Tracks is not part of a bug bounty program, but we do provide
+appropriate credits for disclosing security issues.
+
+## Evaluating and fixing a vulnerability
+
+When a security vulnerability is reported to the maintainers, the
+maintainers first validate the vulnerability and preliminarily estimate
+the risk caused by the vulnerability.
+
+Any security issue is kept strictly confidential until a fix is made and
+validated by the maintainers and, if necessary, the reporter. Any fixes
+are not committed to the public repository before publishing.
+
+When a fix has been validated, the final risk assessment of the issue is
+done based on the latest version of the CVSS system and the criteria below.
+
+## Security advisories
+
+A security advisory is a public announcement managed by the maintainers
+which informs instance maintainers about a security problem in the software
+and the steps instance maintainers should take to address it. On release it
+is published widely so that instance maintainers can address it quickly.
+
+If necessary, the maintainers can decide to issue a pre-announcement
+informing the instance maintainers of an upcoming security advisory. This
+is done when timely addressing of the vulnerability is very important due
+to the high risk caused by it.
+
+Security advisories are published for security vulnerabilities that
+
+* Are caused by code included in the software repository (not any libraries
+  or other code not itself in the repository),
+* Exist in stable or release candidate releases (not alpha or beta
+  releases or unreleased code),
+* Are exploitable either without logging in or without admin privileges, and
+* Affect either the whole instance or other users than the one running the
+  exploit.
+
+## Other vulnerabilities
+
+If the vulnerability does not warrant a security advisory, the vulnerability
+is fixed and released with a note in the release notes of the release.
+Details of the vulnerability as well as the risk assessment and grounds for
+not publishing a security advisory are included.
--- a/app/assets/config/manifest.js
+++ b/app/assets/config/manifest.js
@ -0,0 +1,14 @@
+//= link_tree ../images
+//= link_directory ../javascripts .js
+//= link_directory ../stylesheets .css
+//= link datepicker-cs.js
+//= link datepicker-de.js
+//= link datepicker-es.js
+//= link datepicker-fi.js
+//= link datepicker-fr.js
+//= link datepicker-he.js
+//= link datepicker-nb_NO.js
+//= link datepicker-nl.js
+//= link datepicker-ru.js
+//= link datepicker-sv.js
+//= link datepicker-tr.js
--- a/app/assets/javascripts-jquery-ui/datepicker-cs.js
+++ b/app/assets/javascripts-jquery-ui/datepicker-cs.js
@ -0,0 +1,40 @@
+/* Czech initialisation for the jQuery UI date picker plugin. */
+/* Written by Tomas Muller (tomas@tomas-muller.net). */
+( function( factory ) {
+	"use strict";
+
+	if ( typeof define === "function" && define.amd ) {
+
+		// AMD. Register as an anonymous module.
+		define( [ "../widgets/datepicker" ], factory );
+	} else {
+
+		// Browser globals
+		factory( jQuery.datepicker );
+	}
+} )( function( datepicker ) {
+"use strict";
+
+datepicker.regional.cs = {
+	closeText: "Zavřít",
+	prevText: "Dříve",
+	nextText: "Později",
+	currentText: "Nyní",
+	monthNames: [ "leden", "únor", "březen", "duben", "květen", "červen",
+	"červenec", "srpen", "září", "říjen", "listopad", "prosinec" ],
+	monthNamesShort: [ "led", "úno", "bře", "dub", "kvě", "čer",
+	"čvc", "srp", "zář", "říj", "lis", "pro" ],
+	dayNames: [ "neděle", "pondělí", "úterý", "středa", "čtvrtek", "pátek", "sobota" ],
+	dayNamesShort: [ "ne", "po", "út", "st", "čt", "pá", "so" ],
+	dayNamesMin: [ "ne", "po", "út", "st", "čt", "pá", "so" ],
+	weekHeader: "Týd",
+	dateFormat: "dd.mm.yy",
+	firstDay: 1,
+	isRTL: false,
+	showMonthAfterYear: false,
+	yearSuffix: "" };
+datepicker.setDefaults( datepicker.regional.cs );
+
+return datepicker.regional.cs;
+
+} );
--- a/app/assets/javascripts-jquery-ui/datepicker-de.js
+++ b/app/assets/javascripts-jquery-ui/datepicker-de.js
@ -0,0 +1,40 @@
+/* German initialisation for the jQuery UI date picker plugin. */
+/* Written by Milian Wolff (mail@milianw.de). */
+( function( factory ) {
+	"use strict";
+
+	if ( typeof define === "function" && define.amd ) {
+
+		// AMD. Register as an anonymous module.
+		define( [ "../widgets/datepicker" ], factory );
+	} else {
+
+		// Browser globals
+		factory( jQuery.datepicker );
+	}
+} )( function( datepicker ) {
+"use strict";
+
+datepicker.regional.de = {
+	closeText: "Schließen",
+	prevText: "Zurück",
+	nextText: "Vor",
+	currentText: "Heute",
+	monthNames: [ "Januar", "Februar", "März", "April", "Mai", "Juni",
+	"Juli", "August", "September", "Oktober", "November", "Dezember" ],
+	monthNamesShort: [ "Jan", "Feb", "Mär", "Apr", "Mai", "Jun",
+	"Jul", "Aug", "Sep", "Okt", "Nov", "Dez" ],
+	dayNames: [ "Sonntag", "Montag", "Dienstag", "Mittwoch", "Donnerstag", "Freitag", "Samstag" ],
+	dayNamesShort: [ "So", "Mo", "Di", "Mi", "Do", "Fr", "Sa" ],
+	dayNamesMin: [ "So", "Mo", "Di", "Mi", "Do", "Fr", "Sa" ],
+	weekHeader: "KW",
+	dateFormat: "dd.mm.yy",
+	firstDay: 1,
+	isRTL: false,
+	showMonthAfterYear: false,
+	yearSuffix: "" };
+datepicker.setDefaults( datepicker.regional.de );
+
+return datepicker.regional.de;
+
+} );
--- a/app/assets/javascripts-jquery-ui/datepicker-es.js
+++ b/app/assets/javascripts-jquery-ui/datepicker-es.js
@ -0,0 +1,40 @@
+/* Inicialización en español para la extensión 'UI date picker' para jQuery. */
+/* Traducido por Vester (xvester@gmail.com). */
+( function( factory ) {
+	"use strict";
+
+	if ( typeof define === "function" && define.amd ) {
+
+		// AMD. Register as an anonymous module.
+		define( [ "../widgets/datepicker" ], factory );
+	} else {
+
+		// Browser globals
+		factory( jQuery.datepicker );
+	}
+} )( function( datepicker ) {
+"use strict";
+
+datepicker.regional.es = {
+	closeText: "Cerrar",
+	prevText: "Ant",
+	nextText: "Sig",
+	currentText: "Hoy",
+	monthNames: [ "enero", "febrero", "marzo", "abril", "mayo", "junio",
+	"julio", "agosto", "septiembre", "octubre", "noviembre", "diciembre" ],
+	monthNamesShort: [ "ene", "feb", "mar", "abr", "may", "jun",
+	"jul", "ago", "sep", "oct", "nov", "dic" ],
+	dayNames: [ "domingo", "lunes", "martes", "miércoles", "jueves", "viernes", "sábado" ],
+	dayNamesShort: [ "dom", "lun", "mar", "mié", "jue", "vie", "sáb" ],
+	dayNamesMin: [ "D", "L", "M", "X", "J", "V", "S" ],
+	weekHeader: "Sm",
+	dateFormat: "dd/mm/yy",
+	firstDay: 1,
+	isRTL: false,
+	showMonthAfterYear: false,
+	yearSuffix: "" };
+datepicker.setDefaults( datepicker.regional.es );
+
+return datepicker.regional.es;
+
+} );
--- a/app/assets/javascripts-jquery-ui/datepicker-fi.js
+++ b/app/assets/javascripts-jquery-ui/datepicker-fi.js
@ -0,0 +1,40 @@
+/* Finnish initialisation for the jQuery UI date picker plugin. */
+/* Written by Harri Kilpiö (harrikilpio@gmail.com). */
+( function( factory ) {
+	"use strict";
+
+	if ( typeof define === "function" && define.amd ) {
+
+		// AMD. Register as an anonymous module.
+		define( [ "../widgets/datepicker" ], factory );
+	} else {
+
+		// Browser globals
+		factory( jQuery.datepicker );
+	}
+} )( function( datepicker ) {
+"use strict";
+
+datepicker.regional.fi = {
+	closeText: "Sulje",
+	prevText: "Edellinen",
+	nextText: "Seuraava",
+	currentText: "Tänään",
+	monthNames: [ "Tammikuu", "Helmikuu", "Maaliskuu", "Huhtikuu", "Toukokuu", "Kesäkuu",
+	"Heinäkuu", "Elokuu", "Syyskuu", "Lokakuu", "Marraskuu", "Joulukuu" ],
+	monthNamesShort: [ "Tammi", "Helmi", "Maalis", "Huhti", "Touko", "Kesä",
+	"Heinä", "Elo", "Syys", "Loka", "Marras", "Joulu" ],
+	dayNamesShort: [ "Su", "Ma", "Ti", "Ke", "To", "Pe", "La" ],
+	dayNames: [ "Sunnuntai", "Maanantai", "Tiistai", "Keskiviikko", "Torstai", "Perjantai", "Lauantai" ],
+	dayNamesMin: [ "Su", "Ma", "Ti", "Ke", "To", "Pe", "La" ],
+	weekHeader: "Vk",
+	dateFormat: "d.m.yy",
+	firstDay: 1,
+	isRTL: false,
+	showMonthAfterYear: false,
+	yearSuffix: "" };
+datepicker.setDefaults( datepicker.regional.fi );
+
+return datepicker.regional.fi;
+
+} );
--- a/app/assets/javascripts-jquery-ui/datepicker-fr.js
+++ b/app/assets/javascripts-jquery-ui/datepicker-fr.js
@ -0,0 +1,42 @@
+/* French initialisation for the jQuery UI date picker plugin. */
+/* Written by Keith Wood (kbwood{at}iinet.com.au),
+			  Stéphane Nahmani (sholby@sholby.net),
+			  Stéphane Raimbault <stephane.raimbault@gmail.com> */
+( function( factory ) {
+	"use strict";
+
+	if ( typeof define === "function" && define.amd ) {
+
+		// AMD. Register as an anonymous module.
+		define( [ "../widgets/datepicker" ], factory );
+	} else {
+
+		// Browser globals
+		factory( jQuery.datepicker );
+	}
+} )( function( datepicker ) {
+"use strict";
+
+datepicker.regional.fr = {
+	closeText: "Fermer",
+	prevText: "Précédent",
+	nextText: "Suivant",
+	currentText: "Aujourd'hui",
+	monthNames: [ "janvier", "février", "mars", "avril", "mai", "juin",
+		"juillet", "août", "septembre", "octobre", "novembre", "décembre" ],
+	monthNamesShort: [ "janv.", "févr.", "mars", "avr.", "mai", "juin",
+		"juil.", "août", "sept.", "oct.", "nov.", "déc." ],
+	dayNames: [ "dimanche", "lundi", "mardi", "mercredi", "jeudi", "vendredi", "samedi" ],
+	dayNamesShort: [ "dim.", "lun.", "mar.", "mer.", "jeu.", "ven.", "sam." ],
+	dayNamesMin: [ "D", "L", "M", "M", "J", "V", "S" ],
+	weekHeader: "Sem.",
+	dateFormat: "dd/mm/yy",
+	firstDay: 1,
+	isRTL: false,
+	showMonthAfterYear: false,
+	yearSuffix: "" };
+datepicker.setDefaults( datepicker.regional.fr );
+
+return datepicker.regional.fr;
+
+} );
--- a/app/assets/javascripts-jquery-ui/datepicker-he.js
+++ b/app/assets/javascripts-jquery-ui/datepicker-he.js
@ -0,0 +1,40 @@
+/* Hebrew initialisation for the UI Datepicker extension. */
+/* Written by Amir Hardon (ahardon at gmail dot com). */
+( function( factory ) {
+	"use strict";
+
+	if ( typeof define === "function" && define.amd ) {
+
+		// AMD. Register as an anonymous module.
+		define( [ "../widgets/datepicker" ], factory );
+	} else {
+
+		// Browser globals
+		factory( jQuery.datepicker );
+	}
+} )( function( datepicker ) {
+"use strict";
+
+datepicker.regional.he = {
+	closeText: "סגור",
+	prevText: "הקודם",
+	nextText: "הבא",
+	currentText: "היום",
+	monthNames: [ "ינואר", "פברואר", "מרץ", "אפריל", "מאי", "יוני",
+	"יולי", "אוגוסט", "ספטמבר", "אוקטובר", "נובמבר", "דצמבר" ],
+	monthNamesShort: [ "ינו", "פבר", "מרץ", "אפר", "מאי", "יוני",
+	"יולי", "אוג", "ספט", "אוק", "נוב", "דצמ" ],
+	dayNames: [ "ראשון", "שני", "שלישי", "רביעי", "חמישי", "שישי", "שבת" ],
+	dayNamesShort: [ "א'", "ב'", "ג'", "ד'", "ה'", "ו'", "שבת" ],
+	dayNamesMin: [ "א'", "ב'", "ג'", "ד'", "ה'", "ו'", "שבת" ],
+	weekHeader: "Wk",
+	dateFormat: "dd/mm/yy",
+	firstDay: 0,
+	isRTL: true,
+	showMonthAfterYear: false,
+	yearSuffix: "" };
+datepicker.setDefaults( datepicker.regional.he );
+
+return datepicker.regional.he;
+
+} );
--- a/app/assets/javascripts-jquery-ui/datepicker-nb_NO.js
+++ b/app/assets/javascripts-jquery-ui/datepicker-nb_NO.js
@ -0,0 +1,52 @@
+/* Norwegian Bokmål initialisation for the jQuery UI date picker plugin. */
+/* Written by Bjørn Johansen (post@bjornjohansen.no). */
+( function( factory ) {
+	"use strict";
+
+	if ( typeof define === "function" && define.amd ) {
+
+		// AMD. Register as an anonymous module.
+		define( [ "../widgets/datepicker" ], factory );
+	} else {
+
+		// Browser globals
+		factory( jQuery.datepicker );
+	}
+} )( function( datepicker ) {
+"use strict";
+
+datepicker.regional.nb = {
+	closeText: "Lukk",
+	prevText: "Forrige",
+	nextText: "Neste",
+	currentText: "I dag",
+	monthNames: [
+		"januar",
+		"februar",
+		"mars",
+		"april",
+		"mai",
+		"juni",
+		"juli",
+		"august",
+		"september",
+		"oktober",
+		"november",
+		"desember"
+	],
+	monthNamesShort: [ "jan", "feb", "mar", "apr", "mai", "jun", "jul", "aug", "sep", "okt", "nov", "des" ],
+	dayNamesShort: [ "søn", "man", "tir", "ons", "tor", "fre", "lør" ],
+	dayNames: [ "søndag", "mandag", "tirsdag", "onsdag", "torsdag", "fredag", "lørdag" ],
+	dayNamesMin: [ "sø", "ma", "ti", "on", "to", "fr", "lø" ],
+	weekHeader: "Uke",
+	dateFormat: "dd.mm.yy",
+	firstDay: 1,
+	isRTL: false,
+	showMonthAfterYear: false,
+	yearSuffix: ""
+};
+datepicker.setDefaults( datepicker.regional.nb );
+
+return datepicker.regional.nb;
+
+} );
--- a/app/assets/javascripts-jquery-ui/datepicker-nl.js
+++ b/app/assets/javascripts-jquery-ui/datepicker-nl.js
@ -0,0 +1,40 @@
+/* Dutch (UTF-8) initialisation for the jQuery UI date picker plugin. */
+/* Written by Mathias Bynens <http://mathiasbynens.be/> */
+( function( factory ) {
+	"use strict";
+
+	if ( typeof define === "function" && define.amd ) {
+
+		// AMD. Register as an anonymous module.
+		define( [ "../widgets/datepicker" ], factory );
+	} else {
+
+		// Browser globals
+		factory( jQuery.datepicker );
+	}
+} )( function( datepicker ) {
+"use strict";
+
+datepicker.regional.nl = {
+	closeText: "Sluiten",
+	prevText: "Vorig",
+	nextText: "Volgende",
+	currentText: "Vandaag",
+	monthNames: [ "januari", "februari", "maart", "april", "mei", "juni",
+	"juli", "augustus", "september", "oktober", "november", "december" ],
+	monthNamesShort: [ "jan", "feb", "mrt", "apr", "mei", "jun",
+	"jul", "aug", "sep", "okt", "nov", "dec" ],
+	dayNames: [ "zondag", "maandag", "dinsdag", "woensdag", "donderdag", "vrijdag", "zaterdag" ],
+	dayNamesShort: [ "zon", "maa", "din", "woe", "don", "vri", "zat" ],
+	dayNamesMin: [ "zo", "ma", "di", "wo", "do", "vr", "za" ],
+	weekHeader: "Wk",
+	dateFormat: "dd-mm-yy",
+	firstDay: 1,
+	isRTL: false,
+	showMonthAfterYear: false,
+	yearSuffix: "" };
+datepicker.setDefaults( datepicker.regional.nl );
+
+return datepicker.regional.nl;
+
+} );
--- a/app/assets/javascripts-jquery-ui/datepicker-ru.js
+++ b/app/assets/javascripts-jquery-ui/datepicker-ru.js
@ -0,0 +1,40 @@
+/* Russian (UTF-8) initialisation for the jQuery UI date picker plugin. */
+/* Written by Andrew Stromnov (stromnov@gmail.com). */
+( function( factory ) {
+	"use strict";
+
+	if ( typeof define === "function" && define.amd ) {
+
+		// AMD. Register as an anonymous module.
+		define( [ "../widgets/datepicker" ], factory );
+	} else {
+
+		// Browser globals
+		factory( jQuery.datepicker );
+	}
+} )( function( datepicker ) {
+"use strict";
+
+datepicker.regional.ru = {
+	closeText: "Закрыть",
+	prevText: "Пред",
+	nextText: "След",
+	currentText: "Сегодня",
+	monthNames: [ "Январь", "Февраль", "Март", "Апрель", "Май", "Июнь",
+	"Июль", "Август", "Сентябрь", "Октябрь", "Ноябрь", "Декабрь" ],
+	monthNamesShort: [ "Янв", "Фев", "Мар", "Апр", "Май", "Июн",
+	"Июл", "Авг", "Сен", "Окт", "Ноя", "Дек" ],
+	dayNames: [ "воскресенье", "понедельник", "вторник", "среда", "четверг", "пятница", "суббота" ],
+	dayNamesShort: [ "вск", "пнд", "втр", "срд", "чтв", "птн", "сбт" ],
+	dayNamesMin: [ "Вс", "Пн", "Вт", "Ср", "Чт", "Пт", "Сб" ],
+	weekHeader: "Нед",
+	dateFormat: "dd.mm.yy",
+	firstDay: 1,
+	isRTL: false,
+	showMonthAfterYear: false,
+	yearSuffix: "" };
+datepicker.setDefaults( datepicker.regional.ru );
+
+return datepicker.regional.ru;
+
+} );
--- a/app/assets/javascripts-jquery-ui/datepicker-sv.js
+++ b/app/assets/javascripts-jquery-ui/datepicker-sv.js
@ -0,0 +1,40 @@
+/* Swedish initialisation for the jQuery UI date picker plugin. */
+/* Written by Anders Ekdahl ( anders@nomadiz.se). */
+( function( factory ) {
+	"use strict";
+
+	if ( typeof define === "function" && define.amd ) {
+
+		// AMD. Register as an anonymous module.
+		define( [ "../widgets/datepicker" ], factory );
+	} else {
+
+		// Browser globals
+		factory( jQuery.datepicker );
+	}
+} )( function( datepicker ) {
+"use strict";
+
+datepicker.regional.sv = {
+	closeText: "Stäng",
+	prevText: "Förra",
+	nextText: "Nästa",
+	currentText: "Idag",
+	monthNames: [ "januari", "februari", "mars", "april", "maj", "juni",
+	"juli", "augusti", "september", "oktober", "november", "december" ],
+	monthNamesShort: [ "jan.", "feb.", "mars", "apr.", "maj", "juni",
+	"juli", "aug.", "sep.", "okt.", "nov.", "dec." ],
+	dayNamesShort: [ "sön", "mån", "tis", "ons", "tor", "fre", "lör" ],
+	dayNames: [ "söndag", "måndag", "tisdag", "onsdag", "torsdag", "fredag", "lördag" ],
+	dayNamesMin: [ "sö", "må", "ti", "on", "to", "fr", "lö" ],
+	weekHeader: "Ve",
+	dateFormat: "yy-mm-dd",
+	firstDay: 1,
+	isRTL: false,
+	showMonthAfterYear: false,
+	yearSuffix: "" };
+datepicker.setDefaults( datepicker.regional.sv );
+
+return datepicker.regional.sv;
+
+} );
--- a/app/assets/javascripts-jquery-ui/datepicker-tr.js
+++ b/app/assets/javascripts-jquery-ui/datepicker-tr.js
@ -0,0 +1,40 @@
+/* Turkish initialisation for the jQuery UI date picker plugin. */
+/* Written by Izzet Emre Erkan (kara@karalamalar.net). */
+( function( factory ) {
+	"use strict";
+
+	if ( typeof define === "function" && define.amd ) {
+
+		// AMD. Register as an anonymous module.
+		define( [ "../widgets/datepicker" ], factory );
+	} else {
+
+		// Browser globals
+		factory( jQuery.datepicker );
+	}
+} )( function( datepicker ) {
+"use strict";
+
+datepicker.regional.tr = {
+	closeText: "kapat",
+	prevText: "geri",
+	nextText: "ileri",
+	currentText: "bugün",
+	monthNames: [ "Ocak", "Şubat", "Mart", "Nisan", "Mayıs", "Haziran",
+	"Temmuz", "Ağustos", "Eylül", "Ekim", "Kasım", "Aralık" ],
+	monthNamesShort: [ "Oca", "Şub", "Mar", "Nis", "May", "Haz",
+	"Tem", "Ağu", "Eyl", "Eki", "Kas", "Ara" ],
+	dayNames: [ "Pazar", "Pazartesi", "Salı", "Çarşamba", "Perşembe", "Cuma", "Cumartesi" ],
+	dayNamesShort: [ "Pz", "Pt", "Sa", "Ça", "Pe", "Cu", "Ct" ],
+	dayNamesMin: [ "Pz", "Pt", "Sa", "Ça", "Pe", "Cu", "Ct" ],
+	weekHeader: "Hf",
+	dateFormat: "dd.mm.yy",
+	firstDay: 1,
+	isRTL: false,
+	showMonthAfterYear: false,
+	yearSuffix: "" };
+datepicker.setDefaults( datepicker.regional.tr );
+
+return datepicker.regional.tr;
+
+} );
--- a/app/assets/javascripts-jquery-ui/datepicker-zh-TW.js
+++ b/app/assets/javascripts-jquery-ui/datepicker-zh-TW.js
@ -0,0 +1,40 @@
+/* Traditional Chinese (Taiwan) initialisation for the jQuery UI date picker plugin. */
+/* Written by Claude Code for Tracks application. */
+( function( factory ) {
+	"use strict";
+
+	if ( typeof define === "function" && define.amd ) {
+
+		// AMD. Register as an anonymous module.
+		define( [ "../widgets/datepicker" ], factory );
+	} else {
+
+		// Browser globals
+		factory( jQuery.datepicker );
+	}
+} )( function( datepicker ) {
+"use strict";
+
+datepicker.regional["zh-TW"] = {
+	closeText: "關閉",
+	prevText: "上一月",
+	nextText: "下一月",
+	currentText: "今天",
+	monthNames: [ "一月", "二月", "三月", "四月", "五月", "六月",
+	"七月", "八月", "九月", "十月", "十一月", "十二月" ],
+	monthNamesShort: [ "1月", "2月", "3月", "4月", "5月", "6月",
+	"7月", "8月", "9月", "10月", "11月", "12月" ],
+	dayNames: [ "星期日", "星期一", "星期二", "星期三", "星期四", "星期五", "星期六" ],
+	dayNamesShort: [ "日", "一", "二", "三", "四", "五", "六" ],
+	dayNamesMin: [ "日", "一", "二", "三", "四", "五", "六" ],
+	weekHeader: "週",
+	dateFormat: "yy/mm/dd",
+	firstDay: 0,
+	isRTL: false,
+	showMonthAfterYear: true,
+	yearSuffix: "年" };
+datepicker.setDefaults( datepicker.regional["zh-TW"] );
+
+return datepicker.regional["zh-TW"];
+
+} );
--- a/app/assets/javascripts/application.js
+++ b/app/assets/javascripts/application.js
@ -10,16 +10,16 @@
 // Read Sprockets README (https://github.com/sstephenson/sprockets#sprockets-directives) for details
 // about supported directives.
 //
-//= require jquery
 //= require jquery_ujs
-//= require bootstrap-sprockets
+//= require jquery3
+//= require bootstrap

-//= require jquery-ui/autocomplete
-//= require jquery-ui/datepicker
-//= require jquery-ui/dialog
-//= require jquery-ui/droppable
-//= require jquery-ui/effect-highlight
-//= require jquery-ui/sortable
+//= require jquery-ui/widgets/autocomplete
+//= require jquery-ui/widgets/datepicker
+//= require jquery-ui/widgets/dialog
+//= require jquery-ui/widgets/droppable
+//= require jquery-ui/effects/effect-highlight
+//= require jquery-ui/widgets/sortable

 // Stuff in app/assets
 //= require tracks
--- a/app/assets/javascripts/tracks.js.erb
+++ b/app/assets/javascripts/tracks.js.erb
@ -841,6 +841,7 @@ var RecurringTodosPage = {
          RecurringTodosPage.reset_radio();
          $('#recurring_daily').show();
        },
+        closeText: 'X',
        appendTo: "#content"
      });

@ -1134,15 +1135,6 @@ function enable_rich_interaction(){

 $(document).ready(function() {

-    // fix for IE7/8. Without this checkboxes don't work AJAXy. See #1152
-    var msie8 = /MSIE 8.0/.test(navigator.userAgent);
-    var msie7 = /MSIE 7.0/.test(navigator.userAgent);
-    if(msie8 || msie7) {
-        $('body').bind('change', function() {
-            return true;
-        });
-    }
-
    TodoItemsContainer.setup_container_toggles();

    /* enable page specific behavior */
--- a/app/assets/stylesheets/black.scss
+++ b/app/assets/stylesheets/black.scss
@ -0,0 +1,25 @@
+/*
+ * Apparently the requires need to be in the "root" stylesheet file, not
+ * the imported manifest.
+ *
+ *= require jquery-ui
+ *= require jquery-ui/menu
+ *= require jquery-ui/autocomplete
+ *= require jquery-ui/datepicker
+ *= require jquery-ui/dialog
+ *= require jquery-ui/sortable
+ *= require_self
+ */
+
+$gray-lighter: #EEE;
+$brand-primary: rgba(0, 0, 0, 0.75);
+$navbar-inverse-bg: $brand_primary;
+$navbar-inverse-color: $gray-lighter;
+$navbar-inverse-link-color: $gray-lighter;
+$link-color: #CC3334;
+$link-hover-color: #FFF;
+$link-bgcolor: $link-color;
+$box-tablink-color: unset;
+
+// Import all components
+@import 'include/manifest';
--- a/app/assets/stylesheets/icons.scss
+++ b/app/assets/stylesheets/icons.scss
@ -1,2 +0,0 @@
-@import "font-awesome-sprockets";
-@import "font-awesome";
--- a/app/assets/stylesheets/include/icons.scss
+++ b/app/assets/stylesheets/include/icons.scss
@ -0,0 +1 @@
+@import "font-awesome";
--- a/app/assets/stylesheets/include/legacy.scss
+++ b/app/assets/stylesheets/include/legacy.scss
@ -14,7 +14,7 @@ div.depends_on label {
    float: left;
 }

-div#input_box div#todo_new_action_container div#todo_multi_add form#todo-form-multi-new-action.inline-form label {
+div#input_box div#todo_multi_add form#todo-form-multi-new-action.inline-form label {
    float: center;
 }

@ -75,15 +75,15 @@ p {
 }

 a, a:link, a:active, a:visited {
-    color: #cc3334;
+    color: $link-color;
    text-decoration: none;
    padding-left: 1px;
    padding-right: 1px;
 }

 a:hover {
-    color: #fff;
-    background-color: #cc3334;
+    color: $link-hover-color;
+    background-color: $link-bgcolor;
 }

 h1 {
@ -820,12 +820,14 @@ form {
 }

 #todo_new_action_container, #project_new_project_container, #context_new_container, #recurring_new_container {
-    background: #ddd;
    width: 270px;
    padding: 5px 10px;
-    background-color: #000;
-    color: #eee;
+    background-color: $brand-primary;
+    color: $gray-lighter;
    border-radius: 5px;
+    a {
+        color: $box-tablink-color;
+    }
 }

 #recurring_new_container img {
@ -900,11 +902,13 @@ input#go_to_project, input#context_hide {
    text-align:right;
 }

-#todo-form-new-action label, .edit_todo_form label {
+.edit_todo_form label {
    display: block;
    padding-bottom: 3px;
 }

+
+
 form.button-to {
    border: none;
    padding: 0px;
@ -1347,10 +1351,6 @@ div.auto_complete {
    }
 }

-.ui-datepicker {
-    z-index: 1000 !important;
-}
-
 .ui-autocomplete-loading {
    background: white image-url('ui-anim_basic_16x16.gif') right center no-repeat;
 }
@ -1384,3 +1384,7 @@ ul.todo-submenu > li > a {
        background: image-url('to_project_off.png') no-repeat;
    }
 }
+
+.recurring_todos .ui-dialog .ui-dialog-title {
+  float: inherit;
+}
--- a/app/assets/stylesheets/include/login.scss
+++ b/app/assets/stylesheets/include/login.scss
@ -11,6 +11,9 @@ body {

 .login-wrapper {
  @include make-row();
+  .footer {
+    z-index: 1;
+  }
 }

 .login-box {
@ -18,12 +21,22 @@ body {
  @include make-sm-column(6);
  @include make-sm-column-offset(3);
  margin: 2em auto 1em;
-  background-color: rgba(0, 0, 0, 0.75);
-  color: #eaeaea;
+  background-color: $brand-primary;
  padding: 0 0 1em 0;
  box-shadow: 0 2px 6px rgba(0, 0, 0, 0.5), 0 2px 3px rgba(0, 0, 0, 0.3);
+  color: #eaeaea;
+
+  a {
+    color: #eaeaea;
+    text-decoration: underline;
  }

+  .signup-prompt {
+    text-align: right;
+  }
+}
+
+
@media(min-width: $screen-sm-min) {
  .login-box {
    border-radius: 5px;
@ -34,7 +47,7 @@ body {
  padding: 1em 0;
 }

-.login-form {
+.login-form, .signup-form {
  @include make-xs-column(12);
  @include make-sm-column(8);
  @include make-sm-column-offset(2)
--- a/app/assets/stylesheets/include/manifest.scss
+++ b/app/assets/stylesheets/include/manifest.scss
@ -9,12 +9,6 @@
 * compiled file so the styles you add here take precedence over styles defined in any styles
 * defined in the other CSS/SCSS files in this directory. It is generally better to create a new
 * file per style scope.
- *
- *= require jquery-ui/autocomplete
- *= require jquery-ui/datepicker
- *= require jquery-ui/dialog
- *= require jquery-ui/sortable
- *= require_self
 */

@import "icons";
@ -27,7 +21,6 @@
 }

 .bootstrap {
-  @import "bootstrap-sprockets";
  @import "bootstrap";
  @import "tracks-logo";
  @import "login";
@ -53,3 +46,7 @@ body {
  color: $text-color;
  background-color: $body-bg;
 }
+
+.ui-datepicker {
+  z-index: 999999 !important;
+}
--- a/app/assets/stylesheets/include/tracks-logo.scss
+++ b/app/assets/stylesheets/include/tracks-logo.scss
--- a/app/assets/stylesheets/include/tracks.scss
+++ b/app/assets/stylesheets/include/tracks.scss
@ -1,5 +1,5 @@
 .navbar {
-  /* Shows the number of undone next action */
+  /* Shows the count of undone next actions */
  .badge {
    color: #fff;
    background: #f00;
--- a/app/assets/stylesheets/light_blue.scss
+++ b/app/assets/stylesheets/light_blue.scss
@ -0,0 +1,25 @@
+/*
+ * Apparently the requires need to be in the "root" stylesheet file, not
+ * the imported manifest.
+ *
+ *= require jquery-ui
+ *= require jquery-ui/menu
+ *= require jquery-ui/autocomplete
+ *= require jquery-ui/datepicker
+ *= require jquery-ui/dialog
+ *= require jquery-ui/sortable
+ *= require_self
+ */
+
+$gray-lighter: lighten(#000, 93.5%);
+$brand-primary: #3C6997;
+$navbar-inverse-bg: $brand_primary;
+$navbar-inverse-color: $gray-lighter;
+$navbar-inverse-link-color: $gray-lighter;
+$link-color: unset;
+$link-hover-color: unset;
+$link-bgcolor: unset;
+$box-tablink-color: lighten(#000, 85%);
+
+// Import all components
+@import 'include/manifest';
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@ -1,5 +1,5 @@
 require_dependency "login_system"
-require_dependency "tracks/source_view"
+require_dependency "tracks/source_view_switching"

 class ApplicationController < ActionController::Base
  # Prevent CSRF attacks by raising an exception.
@ -7,6 +7,7 @@ class ApplicationController < ActionController::Base
  protect_from_forgery with: :exception

  include LoginSystem
+  include Common
  helper_method :current_user, :prefs, :format_date

  layout proc { |controller| controller.mobile? ? "mobile" : "application" }
@ -16,16 +17,17 @@ class ApplicationController < ActionController::Base
  before_action :set_time_zone
  before_action :set_zindex_counter
  before_action :set_locale
+  before_action :set_theme
  append_before_action :set_group_view_by
  prepend_before_action :login_required
  prepend_before_action :enable_mobile_content_negotiation

  def set_locale
    locale = params[:locale] # specifying a locale in the request takes precedence
-    locale = locale || prefs.locale unless current_user.nil? # otherwise, the locale of the currently logged in user takes over
-    locale = locale || request.env['HTTP_ACCEPT_LANGUAGE'].scan(/^[a-z]{2}/).first if request.env['HTTP_ACCEPT_LANGUAGE']
+    locale ||= prefs.locale unless current_user.nil? # otherwise, the locale of the currently logged in user takes over
+    locale ||= request.env['HTTP_ACCEPT_LANGUAGE'].scan(/^[a-z]{2}/).first if request.env['HTTP_ACCEPT_LANGUAGE']

-    if locale && I18n::available_locales.map(&:to_s).include?(locale.to_s)
+    if locale && I18n.available_locales.map(&:to_s).include?(locale.to_s)
      I18n.locale = locale
    else
      I18n.locale = I18n.default_locale
@ -37,28 +39,28 @@ class ApplicationController < ActionController::Base
    # If the method is called by the feed controller (which we don't have
    # under session control) or if we checked the box to keep logged in on
    # login don't set the session expiry time.
-    return if session.nil? || self.controller_name == 'feed' || session['noexpiry'] == "on"
+    return if session.nil? || controller_name == 'feed' || session['noexpiry'] == "on"

    # Get expiry time (allow ten seconds window for the case where we have
    # none)
-    expiry_time = session['expiry_time'] || Time.now + 10
-    if expiry_time < Time.now
+    now = Time.zone.now
+    expiry_time = session['expiry_time'] || now + 10
+    if expiry_time < now
      # Too late, matey...  bang goes your session!
      reset_session
    else
      # Okay, you get another hour
-      session['expiry_time'] = Time.now + (60*60)
+      session['expiry_time'] = now + (60 * 60)
    end
  end

-  def render_failure message, status = 404
+  def render_failure(message, status = 404)
    render :body => message, :status => status
  end

  # Returns a count of next actions in the given context or project The result
  # is count and a string descriptor, correctly pluralised if there are no
  # actions or multiple actions
-  #
  def count_undone_todos_phrase(todos_parent)
    count = count_undone_todos(todos_parent)
    deferred_count = count_deferred_todos(todos_parent)
@ -81,13 +83,13 @@ class ApplicationController < ActionController::Base
      init_hidden_todo_counts(['context']) if !@context_hidden_todo_counts
      count = @context_hidden_todo_counts[todos_parent.id]
    else
-      count = eval "@#{todos_parent.class.to_s.downcase}_not_done_counts[#{todos_parent.id}]"
+      count = eval("@#{todos_parent.class.to_s.downcase}_not_done_counts[#{todos_parent.id}]", binding, __FILE__, __LINE__)
    end
    count || 0
  end

  def count_deferred_todos(todos_parent)
-    return todos_parent.nil? ? 0 : eval("@#{todos_parent.class.to_s.downcase}_deferred_counts[#{todos_parent.id}]") || 0
+    return todos_parent.nil? ? 0 : eval("@#{todos_parent.class.to_s.downcase}_deferred_counts[#{todos_parent.id}]", binding, __FILE__, __LINE__) || 0
  end

  # Convert a date object to the format specified in the user's preferences in
@ -154,6 +156,13 @@ class ApplicationController < ActionController::Base
    end
  end

+  def admin_or_self_login_required
+    unless User.find(session['user_id']).is_admin || session['user_id'] == params[:id].to_i
+      render :body => t('errors.user_unauthorized'), :status => 401
+      return false
+    end
+  end
+
  def redirect_back_or_home
    respond_to do |format|
      format.html { redirect_back_or_default root_url }
@ -213,14 +222,14 @@ class ApplicationController < ActionController::Base

  def init_not_done_counts(parents = ['project', 'context'])
    parents.each do |parent|
-      eval("@#{parent}_not_done_counts ||= current_user.todos.active.count_by_group('#{parent}_id')")
-      eval("@#{parent}_deferred_counts ||= current_user.todos.deferred.count_by_group('#{parent}_id')")
+      eval("@#{parent}_not_done_counts ||= current_user.todos.active.count_by_group('#{parent}_id')", binding, __FILE__, __LINE__)
+      eval("@#{parent}_deferred_counts ||= current_user.todos.deferred.count_by_group('#{parent}_id')", binding, __FILE__, __LINE__)
    end
  end

  def init_hidden_todo_counts(parents = ['project', 'context'])
    parents.each do |parent|
-      eval("@#{parent}_hidden_todo_counts ||= current_user.todos.active_or_hidden.count_by_group('#{parent}_id')")
+      eval("@#{parent}_hidden_todo_counts ||= current_user.todos.active_or_hidden.count_by_group('#{parent}_id')", binding, __FILE__, __LINE__)
    end
  end

@ -254,8 +263,8 @@ class ApplicationController < ActionController::Base
    @source_view = "all_done"
    @page_title = t("#{object_name.pluralize}.all_completed_tasks_title", "#{object_name}_name".to_sym => object.name)

-    @done = object.todos.completed.reorder('completed_at DESC').includes(Todo::DEFAULT_INCLUDES).
-      paginate(:page => params[:page], :per_page => 20)
+    @done = object.todos.completed.reorder('completed_at DESC').includes(Todo::DEFAULT_INCLUDES)
+      .paginate(:page => params[:page], :per_page => 20)
    @count = @done.size
    render :template => 'todos/all_done'
  end
@ -263,7 +272,7 @@ class ApplicationController < ActionController::Base
  def done_todos_for(object)
    object_name = object.class.name.downcase # context or project
    @source_view = "done"
-    eval("@#{object_name} = object")
+    eval("@#{object_name} = object", binding, __FILE__, __LINE__)
    @page_title = t("#{object_name.pluralize}.completed_tasks_title", "#{object_name}_name".to_sym => object.name)

    @done_today, @done_rest_of_week, @done_rest_of_month = DoneTodos.done_todos_for_container(object.todos)
@ -275,5 +284,4 @@ class ApplicationController < ActionController::Base
  def set_group_view_by
    @group_view_by = params['_group_view_by'] || cookies['group_view_by'] || 'context'
  end
-
 end
--- a/app/controllers/calendar_controller.rb
+++ b/app/controllers/calendar_controller.rb
@ -13,15 +13,9 @@ class CalendarController < ApplicationController

    respond_to do |format|
      format.html
-      format.m {
-        cookies[:mobile_url]= {:value => request.fullpath, :secure => SITE_CONFIG['secure_cookies']}
-      }
-      format.ics   {
-        render :action => 'show', :layout => false, :content_type => Mime[:ics]
-      }
-      format.xml {
-        render :xml => @due_all.to_xml( *[todo_xml_params[0].merge({:root => :todos})] )
-      }
+      format.m { cookies[:mobile_url] = { :value => request.fullpath, :secure => SITE_CONFIG['secure_cookies'] } }
+      format.ics { render :action => 'show', :layout => false, :content_type => Mime[:ics] }
+      format.xml { render :xml => @due_all.to_xml(*[todo_xml_params[0].merge({ :root => :todos })]) }
    end
  end
 end
--- a/app/controllers/contexts_controller.rb
+++ b/app/controllers/contexts_controller.rb
@ -1,5 +1,4 @@
 class ContextsController < ApplicationController
-
  helper :todos

  before_action :init, :except => [:index, :create, :destroy, :order]
@ -84,7 +83,7 @@ class ContextsController < ApplicationController
      end
      format.xml do
        if @context.new_record?
-          render_failure @context.errors.to_xml.html_safe, 409
+          render_failure @context.errors.full_messages.to_xml(root: "errors", skip_types: true).html_safe, 409
        else
          head :created, :location => context_url(@context)
        end
@ -93,14 +92,13 @@ class ContextsController < ApplicationController
  end

  # Edit the details of the context
-  #
  def update
    process_params_for_update

    @context.attributes = context_params
    @saved = @context.save
    @state_saved = set_state_for_update(@new_state)
-    @saved = @saved && @state_saved
+    @saved &&= @state_saved

    if @saved
      @state_changed = (@original_context_state != @context.state)
@ -112,13 +110,13 @@ class ContextsController < ApplicationController

    respond_to do |format|
      format.js
-      format.xml {
+      format.xml do
        if @saved
          render :xml => @context.to_xml(:except => :user_id)
        else
          render :body => "Error on update: #{@context.errors.full_messages.inject("") { |v, e| v + e + " " }}", :status => 409
        end
-        }
+      end
    end
  end

@ -270,5 +268,4 @@ class ContextsController < ApplicationController
      return false
    end
  end
-
 end
--- a/app/controllers/data_controller.rb
+++ b/app/controllers/data_controller.rb
@ -1,42 +1,39 @@
 class DataController < ApplicationController
-
  require 'csv'

  def index
-    @page_title = "TRACKS::Export"
+    @page_title = t('data.export.page_title')
  end

-  def import
-
-  end
+  def import; end

  def csv_map
    if params[:file].blank?
-      flash[:notice] = "File can't be blank"
-      redirect_to :back
+      flash[:notice] = t "data.import.errors.file_blank"
+      redirect_back fallback_location: root_path
    else
      @import_to = params[:import_to]

      begin
-        #get column headers and format as [['name', column_number]...]
+        # Get column headers and format as [['name', column_number]...]
        i = -1
        @headers = import_headers(params[:file].path).collect { |v| [v, i += 1] }
        @headers.unshift ['', i]
      rescue Exception => e
-        flash[:error] = "Invalid CVS: could not read headers: #{e}"
-        redirect_to :back
+        flash[:error] = t "data.import.errors.invalid_csv", e: e
+        redirect_back fallback_location: root_path
        return
      end

-      #save file for later
+      # Save file for later
      begin
        uploaded_file = params[:file]
        @filename = sanitize_filename(uploaded_file.original_filename)
        path_and_file = Rails.root.join('public', 'uploads', 'csv', @filename)
        File.open(path_and_file, "wb") { |f| f.write(uploaded_file.read) }
      rescue Exception => e
-        flash[:error] = "Could not save uploaded CSV (#{path_and_file}). Can Tracks write to the upload directory? #{e}"
-        redirect_to :back
+        flash[:error] = t "data.import.errors.save_error", path_and_file: path_and_file, e: e
+        redirect_back fallback_location: root_path
        return
      end

@ -46,8 +43,8 @@ class DataController < ApplicationController
      when 'todos'
        @labels = [:description, :context, :project, :notes, :created_at, :due, :completed_at]
      else
-        flash[:error] = "Invalid import destination"
-        redirect_to :back
+        flash[:error] = t "data.import.errors.invalid_destination"
+        redirect_back fallback_location: root_path
      end
      respond_to do |format|
        format.html
@ -62,15 +59,19 @@ class DataController < ApplicationController
      case params[:import_to]
      when 'projects'
        count = Project.import path_and_file, params, current_user
-        flash[:notice] = "#{count} Projects imported"
+        flash[:notice] = t 'data.import.projects_count', count: count
      when 'todos'
        count = Todo.import path_and_file, params, current_user
-        flash[:notice] = "#{count} Todos imported"
+        if !count
+          flash[:error] = t('data.import.errors.no_context')
        else
-        flash[:error] = t('data.invalid_import_destination')
+          flash[:notice] = t 'data.import.todos_count', count: count
+        end
+      else
+        flash[:error] = t('data.import.errors.invalid_destination')
      end
    rescue Exception => e
-      flash[:error] = t('data.invalid_import_destination') + ": #{e}"
+      flash[:error] = t 'data.import.errors.invalid_destination', e: e
    end
    File.delete(path_and_file)
    redirect_to import_data_path
@ -96,17 +97,17 @@ class DataController < ApplicationController
    all_tables['projects'] = current_user.projects.load

    todo_tag_ids = Tag.find_by_sql([
-        "SELECT DISTINCT tags.id "+
-          "FROM tags, taggings, todos "+
-          "WHERE todos.user_id=? "+
-          "AND tags.id = taggings.tag_id " +
-          "AND taggings.taggable_id = todos.id ", current_user.id])
+        "SELECT DISTINCT tags.id
+         FROM tags, taggings, todos
+         WHERE todos.user_id = ?
+         AND tags.id = taggings.tag_id
+         AND taggings.taggable_id = todos.id", current_user.id])
    rec_todo_tag_ids = Tag.find_by_sql([
-        "SELECT DISTINCT tags.id "+
-          "FROM tags, taggings, recurring_todos "+
-          "WHERE recurring_todos.user_id=? "+
-          "AND tags.id = taggings.tag_id " +
-          "AND taggings.taggable_id = recurring_todos.id ", current_user.id])
+        "SELECT DISTINCT tags.id
+         FROM tags, taggings, recurring_todos
+         WHERE recurring_todos.user_id = ?
+         AND tags.id = taggings.tag_id
+         AND taggings.taggable_id = recurring_todos.id", current_user.id])
    tags = Tag.where("id IN (?) OR id IN (?)", todo_tag_ids, rec_todo_tag_ids)
    taggings = Tagging.where("tag_id IN (?) OR tag_id IN(?)", todo_tag_ids, rec_todo_tag_ids)

@ -116,7 +117,8 @@ class DataController < ApplicationController
    all_tables['recurring_todos'] = current_user.recurring_todos.load

    result = all_tables.to_yaml
-    result.gsub!(/\n/, "\r\n")   # TODO: general functionality for line endings
+    # TODO: general functionality for line endings
+    result.gsub!(/\n/, "\r\n")
    send_data(result, :filename => "tracks_backup.yml", :type => 'text/plain')
  end

@ -147,8 +149,7 @@ class DataController < ApplicationController
  def csv_notes
    content_type = 'text/csv'
    CSV.generate(result = "") do |csv|
-      csv << ["id", "User ID", "Project", "Note",
-        "Created at", "Updated at"]
+      csv << ["id", "User ID", "Project", "Note", "Created at", "Updated at"]
      # had to remove project include because it's association order is leaking
      # through and causing an ambiguous column ref even with_exclusive_scope
      # didn't seem to help -JamesKebinger
@ -166,17 +167,17 @@ class DataController < ApplicationController

  def xml_export
    todo_tag_ids = Tag.find_by_sql([
-        "SELECT DISTINCT tags.id "+
-          "FROM tags, taggings, todos "+
-          "WHERE todos.user_id=? "+
-          "AND tags.id = taggings.tag_id " +
-          "AND taggings.taggable_id = todos.id ", current_user.id])
+        "SELECT DISTINCT tags.id
+         FROM tags, taggings, todos
+         WHERE todos.user_id = ?
+         AND tags.id = taggings.tag_id
+         AND taggings.taggable_id = todos.id", current_user.id])
    rec_todo_tag_ids = Tag.find_by_sql([
-        "SELECT DISTINCT tags.id "+
-          "FROM tags, taggings, recurring_todos "+
-          "WHERE recurring_todos.user_id=? "+
-          "AND tags.id = taggings.tag_id " +
-          "AND taggings.taggable_id = recurring_todos.id ", current_user.id])
+        "SELECT DISTINCT tags.id
+         FROM tags, taggings, recurring_todos
+         WHERE recurring_todos.user_id = ?
+         AND tags.id = taggings.tag_id
+         AND taggings.taggable_id = recurring_todos.id", current_user.id])
    tags = Tag.where("id IN (?) OR id IN (?)", todo_tag_ids, rec_todo_tag_ids)
    taggings = Tagging.where("tag_id IN (?) OR tag_id IN(?)", todo_tag_ids, rec_todo_tag_ids)

@ -198,7 +199,7 @@ class DataController < ApplicationController

  # adjusts time to utc
  def adjust_time(timestring)
-    if (timestring=='') or ( timestring == nil)
+    if (timestring == '') || (timestring == nil)
      return nil
    else
      return Time.parse(timestring + 'UTC')
@ -206,12 +207,12 @@ class DataController < ApplicationController
  end

  def yaml_import
-    raise "YAML loading is disabled"
+    raise t "data.import.yaml_disabled"
  end

  private
+
  def sanitize_filename(filename)
    filename.gsub(/[^0-9A-z.\-]/, '_')
  end
-
 end
--- a/app/controllers/feedlist_controller.rb
+++ b/app/controllers/feedlist_controller.rb
@ -1,5 +1,4 @@
 class FeedlistController < ApplicationController
-
  helper :feedlist

  def index
@ -37,9 +36,8 @@ class FeedlistController < ApplicationController

  def get_feeds_for(object)
    respond_to do |format|
-      format.html { render :file => "feedlist/get_feeds_for_#{object.class.name.downcase}"}
+      format.html { render :template => "feedlist/get_feeds_for_#{object.class.name.downcase}" }
      format.js
    end
  end
-
 end
--- a/app/controllers/integrations_controller.rb
+++ b/app/controllers/integrations_controller.rb
@ -1,8 +1,7 @@
 class IntegrationsController < ApplicationController
  require 'mail'

-  skip_before_action :login_required, :only => [:cloudmailin, :search_plugin]
-  skip_before_action :verify_authenticity_token, only: [:cloudmailin]
+  skip_before_action :login_required, :only => [:search_plugin]

  def index
    @page_title = 'TRACKS::Integrations'
@ -12,39 +11,20 @@ class IntegrationsController < ApplicationController
    @page_title = 'TRACKS::REST API Documentation'
  end

+  def help
+    @page_title = 'TRACKS::Help'
+  end
+
  def search_plugin
-    @icon_data = [File.open(File.join(Rails.root, 'app', 'assets', 'images', 'done.png')).read].
-      pack('m').gsub(/\n/, '')
-  end
-
-  def cloudmailin
-    if !verify_cloudmailin_signature
-      render :body => "Message signature verification failed.", :status => 403
-      return false
-    end
-
-    if process_message(params[:message])
-      render :body => 'success', :status => 200
-    else
-      render :body => "No user found or other error", :status => 404
-    end
+    @icon_data = [File.open(File.join(Rails.root, 'app', 'assets', 'images', 'done.png')).read]
+      .pack('m').gsub(/\n/, '')
  end

  private

-  def process_message(message)
-    MessageGateway::receive(Mail.new(message))
-  end
-
-  def verify_cloudmailin_signature
-    provided = request.request_parameters.delete(:signature)
-    signature = Digest::MD5.hexdigest(flatten_params(request.request_parameters).sort.map{|k,v| v}.join + SITE_CONFIG['cloudmailin'])
-    return provided == signature
-  end
-
  def flatten_params(params, title = nil, result = {})
    params.each do |key, value|
-      if value.kind_of?(Hash)
+      if value.is_a? Hash
        key_name = title ? "#{title}[#{key}]" : key
        flatten_params(value, key_name, result)
      else
@ -55,6 +35,4 @@ class IntegrationsController < ApplicationController

    return result
  end
-
 end
-
--- a/app/controllers/login_controller.rb
+++ b/app/controllers/login_controller.rb
@ -1,10 +1,12 @@
 class LoginController < ApplicationController
+  include Common

  layout 'login'
  skip_before_action :set_session_expiration
  skip_before_action :login_required
  before_action :login_optional
  before_action :get_current_user
+  before_action :set_theme

  protect_from_forgery :except => [:check_expiry, :login]

@ -13,7 +15,8 @@ class LoginController < ApplicationController
    cookies[:preferred_auth] = prefered_auth? unless cookies[:preferred_auth]
    case request.method
    when 'POST'
-      if @user = User.authenticate(params['user_login'], params['user_password'])
+      if (@user = User.authenticate(params['user_login'], params['user_password']))
+        @user.update_attribute(:last_login_at, Time.zone.now)
        return handle_post_success
      else
        handle_post_failure
@ -40,8 +43,7 @@ class LoginController < ApplicationController
      if session
        return unless should_expire_sessions?
        # Get expiry time (allow ten seconds window for the case where we have none)
-        expiry_time = session['expiry_time'] || Time.now + 10
-        time_left = expiry_time - Time.now
+        time_left = expiry_time - Time.zone.now
        @session_expired = (time_left < (10 * 60)) # Session will time out before the next check
      end
    end
@ -59,7 +61,7 @@ class LoginController < ApplicationController
    session['noexpiry'] = params['user_noexpiry']
    msg = (should_expire_sessions?) ? "will expire after 1 hour of inactivity." : "will not expire."
    notify :notice, "Login successful: session #{msg}"
-      cookies[:tracks_login] = { :value => @user.login, :expires => Time.now + 1.year, :secure => SITE_CONFIG['secure_cookies'] }
+    cookies[:tracks_login] = { :value => @user.login, :expires => Time.zone.now + 1.year, :secure => SITE_CONFIG['secure_cookies'] }
    unless should_expire_sessions?
      @user.remember_me
      cookies[:auth_token] = { :value => @user.remember_token, :expires => @user.remember_token_expires_at, :secure => SITE_CONFIG['secure_cookies'] }
@ -76,4 +78,8 @@ class LoginController < ApplicationController
    session['noexpiry'] != "on"
  end

+  def expiry_time
+    return Time.zone.now + 10 unless session['expiry_time']
+    Time.zone.parse(session['expiry_time'])
+  end
 end
--- a/app/controllers/mailgun_controller.rb
+++ b/app/controllers/mailgun_controller.rb
@ -1,38 +0,0 @@
-require 'openssl'
-
-class MailgunController < ApplicationController
-
-  skip_before_action :login_required, :only => [:mailgun]
-  before_action :verify, :only => [:mailgun]
-  protect_from_forgery with: :null_session
-
-  def mailgun
-    unless params.include? 'body-mime'
-      Rails.logger.info "Cannot process Mailgun request, no body-mime sent"
-      render_failure "Unacceptable body-mime", 406
-      return
-    end
-
-    todo = MessageGateway.receive(params['body-mime'])
-    if todo
-      render :xml => todo.to_xml( *todo_xml_params )
-    else
-      render_failure "Todo not saved", 406
-    end
-  end
-
-  private
-
-  def verify
-    unless params['signature'] == OpenSSL::HMAC.hexdigest(
-            OpenSSL::Digest.new('sha256'),
-            SITE_CONFIG['mailgun_api_key'],
-            '%s%s' % [params['timestamp'], params['token']]
-         )
-      Rails.logger.info "Cannot verify Mailgun signature"
-      render_failure "Access denied", 406
-      return
-    end
-  end
-
-end
--- a/app/controllers/notes_controller.rb
+++ b/app/controllers/notes_controller.rb
@ -1,5 +1,4 @@
 class NotesController < ApplicationController
-
  before_action :set_source_view

  def index
@ -75,5 +74,4 @@ class NotesController < ApplicationController
  def note_params
    params.require(:note).permit(:project_id, :body)
  end
-
 end
--- a/app/controllers/preferences_controller.rb
+++ b/app/controllers/preferences_controller.rb
@ -1,5 +1,4 @@
 class PreferencesController < ApplicationController
-
  def index
    @page_title = t('preferences.page_title')
    @prefs = current_user.prefs
@ -9,8 +8,8 @@ class PreferencesController < ApplicationController
  def update
    @prefs = current_user.prefs
    @user = current_user
-    user_updated = current_user.update_attributes(user_params)
-    prefs_updated = current_user.preference.update_attributes(prefs_params)
+    user_updated = current_user.update(user_params)
+    prefs_updated = current_user.preference.update(prefs_params)
    if (user_updated && prefs_updated)
      if params['user']['password'].present? # password updated?
        logout_user t('preferences.password_changed')
@ -40,11 +39,11 @@ private
      :staleness_starts, :due_style, :locale, :title_date_format, :time_zone,
      :show_hidden_projects_in_sidebar, :show_project_on_todo_done,
      :review_period, :refresh, :verbose_action_descriptors,
-      :mobile_todos_per_page, :sms_email, :sms_context_id)
+      :mobile_todos_per_page, :sms_email, :sms_context_id, :theme)
  end

  def user_params
-    params.require(:user).permit(:login, :first_name, :last_name, :password_confirmation, :password, :auth_type, :open_id_url)
+    params.require(:user).permit(:login, :first_name, :last_name, :email, :password_confirmation, :password, :auth_type, :open_id_url)
  end

  # Display notification if preferences are successful updated
@ -52,5 +51,4 @@ private
    notify :notice, t('preferences.updated')
    redirect_to :action => 'index'
  end
-
 end
--- a/app/controllers/projects_controller.rb
+++ b/app/controllers/projects_controller.rb
@ -1,5 +1,4 @@
 class ProjectsController < ApplicationController
-
  helper :application, :todos, :notes
  before_action :set_source_view
  before_action :set_project_from_params, :only => [:update, :destroy, :show, :edit, :set_reviewed]
@ -61,7 +60,7 @@ class ProjectsController < ApplicationController
    @projects_to_review = projects.select { |p| p.needs_review?(current_user) }
    @stalled_projects = projects.select { |p| p.stalled? }
    @blocked_projects = projects.select { |p| p.blocked? }
-    @current_projects = projects.uncompleted.select { |p| not (p.needs_review?(current_user)) }.sort_by { |p| p.last_reviewed || Time.zone.at(0) }
+    @current_projects = projects.uncompleted.select { |p| not p.needs_review?(current_user) }.sort_by { |p| p.last_reviewed || Time.zone.at(0) }

    init_not_done_counts(['project'])
    init_hidden_todo_counts(['project'])
@ -113,11 +112,11 @@ class ProjectsController < ApplicationController
  def projects_and_actions
    @projects = current_user.projects.active
    respond_to do |format|
-      format.text  {
+      format.text do
        # somehow passing Mime[:text] using content_type to render does not work
        headers['Content-Type'] = Mime[:text].to_s
        render :action => 'index_text_projects_and_actions', :layout => false, :content_type => Mime[:text]
-      }
+      end
    end
  end

@ -133,10 +132,10 @@ class ProjectsController < ApplicationController
    @projects_to_show = [@project]

    @done = {}
-    @done = @project.todos.completed.
-      reorder("todos.completed_at DESC").
-      limit(current_user.prefs.show_number_completed).
-      includes(Todo::DEFAULT_INCLUDES) unless @max_completed == 0
+    @done = @project.todos.completed
+      .reorder("todos.completed_at DESC")
+      .limit(current_user.prefs.show_number_completed)
+      .includes(Todo::DEFAULT_INCLUDES) unless @max_completed == 0

    @down_count = @not_done_todos.size + @deferred_todos.size + @pending_todos.size
    @count = @down_count
@ -187,7 +186,7 @@ class ProjectsController < ApplicationController
      end
      format.xml do
        if @project.new_record?
-          render_failure @project.errors.to_xml.html_safe, 409
+          render_failure @project.errors.full_messages.to_xml(root: "errors", skip_types: true).html_safe, 409
        else
          head :created, :location => project_url(@project), :text => @project.id
        end
@ -197,7 +196,6 @@ class ProjectsController < ApplicationController
  end

  # Edit the details of the project
-  #
  def update
    template = ""

@ -248,15 +246,14 @@ class ProjectsController < ApplicationController
    respond_to do |format|
      format.js { render :template => template }
      format.html { redirect_to :action => 'index' }
-      format.xml {
+      format.xml do
        if @saved
          render :xml => @project.to_xml(:except => :user_id)
        else
          render :body => "Error on update: #{@project.errors.full_messages.inject("") { |v, e| v + e + " " }}", :status => 409
        end
-      }
      end
-
+    end
  end

  def edit
@ -270,10 +267,10 @@ class ProjectsController < ApplicationController
    @project.destroy

    respond_to do |format|
-      format.js {
+      format.js do
        @down_count = current_user.projects.size
        update_state_counts
-      }
+      end
      format.xml { render :body => "Deleted project #{@project.name}" }
    end
  end
@ -350,5 +347,4 @@ class ProjectsController < ApplicationController
  def project_params
    params.require(:project).permit(:name, :position, :user_id, :description, :state, :default_context_id, :default_tags)
  end
-
 end
--- a/app/controllers/recurring_todos/form_helper.rb
+++ b/app/controllers/recurring_todos/form_helper.rb
@ -1,7 +1,5 @@
 module RecurringTodos
-
  class FormHelper
-
    def initialize(recurring_todo)
      @recurring_todo = recurring_todo

@ -47,7 +45,5 @@ module RecurringTodos
      # no match, let @recurring_todo handle it, or fail
      @recurring_todo.send(method, *args)
    end
-
  end
-
 end
--- a/app/controllers/recurring_todos_controller.rb
+++ b/app/controllers/recurring_todos_controller.rb
@ -1,5 +1,4 @@
 class RecurringTodosController < ApplicationController
-
  helper :todos, :recurring_todos

  append_before_action :init, :only => [:index, :new, :edit, :create]
@ -12,18 +11,16 @@ class RecurringTodosController < ApplicationController
    @recurring_todos = current_user.recurring_todos.active.includes(:tags, :taggings)
    @completed_recurring_todos = current_user.recurring_todos.completed.limit(10).includes(:tags, :taggings)

-    @no_recurring_todos = @recurring_todos.exists?
-    @no_completed_recurring_todos = @completed_recurring_todos.exists?
+    @no_recurring_todos = !@recurring_todos.exists?
+    @no_completed_recurring_todos = !@completed_recurring_todos.exists?
    @count = @recurring_todos.count

    @new_recurring_todo = RecurringTodo.new
  end

-  def new
-  end
+  def new; end

-  def show
-  end
+  def show; end

  def done
    @source_view = params['_source_view'] || 'recurring_todo'
@ -98,7 +95,6 @@ class RecurringTodosController < ApplicationController
    @completed_remaining = current_user.recurring_todos.completed.count

    respond_to do |format|
-
      format.html do
        if @saved
          notify :notice, t('todos.recurring_deleted_success')
@ -107,7 +103,6 @@ class RecurringTodosController < ApplicationController
        end
        redirect_to :action => 'index'
      end
-
      format.js do
        render
      end
@ -212,7 +207,13 @@ class RecurringTodosController < ApplicationController
  def init
    @days_of_week = (0..6).map { |i| [t('date.day_names')[i], i] }
    @months_of_year = (1..12).map { |i| [t('date.month_names')[i], i] }
-    @xth_day = [[t('common.first'),1],[t('common.second'),2],[t('common.third'),3],[t('common.fourth'),4],[t('common.last'),5]]
+    @xth_day = [
+      [t('common.first'), 1],
+      [t('common.second'), 2],
+      [t('common.third'), 3],
+      [t('common.fourth'), 4],
+      [t('common.last'),5]
+    ]
    @projects = current_user.projects.includes(:default_context)
    @contexts = current_user.contexts
  end
@ -224,11 +225,10 @@ class RecurringTodosController < ApplicationController
  def find_and_inactivate
    # find active recurring todos without active todos and inactivate them

-    current_user.recurring_todos.active.
-      select("recurring_todos.id, recurring_todos.state").
-      joins("LEFT JOIN todos fai_todos ON (recurring_todos.id = fai_todos.recurring_todo_id) AND (NOT fai_todos.state='completed')").
-      where("fai_todos.id IS NULL").
-      each { |rt| current_user.recurring_todos.find(rt.id).toggle_completion! }
+    current_user.recurring_todos.active
+      .select("recurring_todos.id, recurring_todos.state")
+      .joins("LEFT JOIN todos fai_todos ON (recurring_todos.id = fai_todos.recurring_todo_id) AND (NOT fai_todos.state='completed')")
+      .where("fai_todos.id IS NULL")
+      .each { |rt| current_user.recurring_todos.find(rt.id).toggle_completion! }
  end
-
 end
--- a/app/controllers/search_controller.rb
+++ b/app/controllers/search_controller.rb
@ -1,5 +1,4 @@
 class SearchController < ApplicationController
-
  helper :todos, :application, :notes, :projects, :contexts

  def results
--- a/app/controllers/stats_controller.rb
+++ b/app/controllers/stats_controller.rb
@ -1,6 +1,5 @@
 class StatsController < ApplicationController
-
-  SECONDS_PER_DAY = 86400;
+  SECONDS_PER_DAY = 86_400

  helper :todos, :projects, :recurring_todos
  append_before_action :init, :except => :index
@ -52,7 +51,6 @@ class StatsController < ApplicationController

    case params['id']
    when 'avrt', 'avrt_end' # actions_visible_running_time
-
      # HACK: because open flash chart uses & to denote the end of a parameter,
      # we cannot use URLs with multiple parameters (that would use &). So we
      # revert to using two id's for the same selection. avtr_end means that the
@ -72,9 +70,9 @@ class StatsController < ApplicationController
      end

      # get all running actions that are visible
-      @actions_running_time = current_user.todos.not_completed.not_hidden.not_deferred_or_blocked.
-        select("todos.id, todos.created_at").
-        reorder("todos.created_at DESC")
+      @actions_running_time = current_user.todos.not_completed.not_hidden.not_deferred_or_blocked
+        .select("todos.id, todos.created_at")
+        .reorder("todos.created_at DESC")

      selected_todo_ids = get_ids_from(@actions_running_time, week_from, week_to, params['id'] == 'avrt_end')
      @selected_actions = selected_todo_ids.size == 0 ? [] : current_user.todos.where("id in (" + selected_todo_ids.join(",") + ")")
--- a/app/controllers/todos/todo_create_params_helper.rb
+++ b/app/controllers/todos/todo_create_params_helper.rb
@ -1,6 +1,5 @@
 module Todos
  class TodoCreateParamsHelper
-
    attr_reader :new_project_created, :new_context_created, :attributes

    def initialize(params, user)
@ -26,7 +25,8 @@ module Todos
      elsif params[:todo]
        @attributes = todo_params(params)
      end
-      @attributes = {} if @attributes.nil?  # make sure there is at least an empty hash
+      # Make sure there is at least an empty hash
+      @attributes = {} if @attributes.nil?
    end

    def filter_tags
@ -78,7 +78,7 @@ module Todos
      @params['predecessor_list']
    end

-    def parse_dates()
+    def parse_dates
      @attributes['show_from'] = @user.prefs.parse_date(show_from)
      @attributes['due'] = @user.prefs.parse_date(due)
      @attributes['due'] ||= ''
@ -160,6 +160,5 @@ module Todos
      rescue
        @errors << { :attribute => group_type, :message => "unknown" }
    end
-
  end
 end
--- a/app/controllers/todos_controller.rb
+++ b/app/controllers/todos_controller.rb
@ -1,5 +1,4 @@
 class TodosController < ApplicationController
-
  skip_before_action :login_required, :only => [:index, :tag, :list_deferred, :show, :list_hidden, :done]
  prepend_before_action :login_or_feed_token_required, :only => [:index, :tag, :list_deferred, :show, :list_hidden, :done]
  append_before_action :find_and_activate_ready, :only => [:index, :list_deferred]
@ -71,7 +70,7 @@ class TodosController < ApplicationController
    @projects = current_user.projects.active
    @contexts = current_user.contexts
    respond_to do |format|
-      format.m {
+      format.m do
        @new_mobile = true
        @return_path = cookies[:mobile_url] ? cookies[:mobile_url] : mobile_path
        @mobile_from_context = current_user.contexts.find(params[:from_context]) if params[:from_context]
@ -80,7 +79,7 @@ class TodosController < ApplicationController
          # we have a project but not a context -> use the default context
          @mobile_from_context = @mobile_from_project.default_context
        end
-      }
+      end
    end
  end

@ -155,7 +154,7 @@ class TodosController < ApplicationController
          if @saved
            head :created, :location => todo_url(@todo)
          else
-            render_failure @todo.errors.to_xml.html_safe, 409
+            render_failure @todo.errors.full_messages.to_xml(root: "errors", skip_types: true).html_safe, 409
          end
        end
      end
@ -175,7 +174,8 @@ class TodosController < ApplicationController

    # first build all todos and check if they would validate on save
    params[:todo][:multiple_todos].split("\n").map do |line|
-      if line.present? #ignore blank lines
+      # Ignore blank lines
+      if line.present?
        @todo = current_user.todos.build({ :description => line, :context_id => p.context_id, :project_id => p.project_id })
        validates &&= @todo.valid?

@ -246,12 +246,12 @@ class TodosController < ApplicationController
    @tag_name = params['_tag_name']
    respond_to do |format|
      format.js
-      format.m {
+      format.m do
        @projects = current_user.projects.active
        @contexts = current_user.contexts
        @edit_mobile = true
        @return_path = cookies[:mobile_url] ? cookies[:mobile_url] : mobile_path
-      }
+      end
    end
  end

@ -301,28 +301,27 @@ class TodosController < ApplicationController
    end
  end

+  ##
  # Toggles the 'done' status of the action
-  #
  def toggle_check
    @todo = current_user.todos.find(params['id'])

    @source_view = params['_source_view'] || 'todo'

-    @original_item = current_user.todos.build(@todo.attributes)  # create a (unsaved) copy of the original todo
-    @original_item_due = @todo.due
-    @original_item_was_deferred = @todo.deferred?
-    @original_item_was_pending = @todo.pending?
-    @original_item_was_hidden = @todo.hidden?
-    @original_item_context_id = @todo.context_id
-    @original_item_project_id = @todo.project_id
+    # Create a (unsaved) copy of the original todo, before it was toggled
+    @original_item = current_user.todos.build(@todo.attributes)
    @original_completed_period = DoneTodos.completed_period(@todo.completed_at)
-    @todo_was_completed_from_deferred_or_blocked_state = @original_item_was_deferred || @original_item_was_pending
+
+    @todo_was_completed_from_deferred_or_blocked_state =
+      @original_item.deferred? || @original_item.pending?

    @saved = @todo.toggle_completion!

-    @todo_was_blocked_from_completed_state = @todo.pending? # since we toggled_completion the previous state was completed
+    # As a result of toggling the done status of the todo, have we shifted from
+    # "Done" to "Blocked"?
+    @todo_was_blocked_from_completed_state = @todo.pending?

-    # check if this todo has a related recurring_todo. If so, create next todo
+    # Check if this todo has a related recurring_todo. If so, create next todo
    @new_recurring_todo = check_for_next_todo(@todo) if @saved

    @predecessors = @todo.uncompleted_predecessors
@ -343,7 +342,7 @@ class TodosController < ApplicationController
          determine_deferred_tag_count(params['_tag_name']) if source_view_is(:tag)
          @wants_redirect_after_complete = @todo.completed? && !@todo.project_id.nil? && current_user.prefs.show_project_on_todo_done && !source_view_is(:project)
          if source_view_is :calendar
-            @original_item_due_id = get_due_id_for_calendar(@original_item_due)
+            @original_item_due_id = get_due_id_for_calendar(@original_item.due)
            @old_due_empty = is_old_due_empty(@original_item_due_id)
          end
        end
@ -360,7 +359,7 @@ class TodosController < ApplicationController
          redirect_to :action => "index"
        end
      end
-      format.m {
+      format.m do
        if @saved
          if cookies[:mobile_url]
            old_path = cookies[:mobile_url]
@ -374,7 +373,7 @@ class TodosController < ApplicationController
        else
          render :action => "edit", :format => :m
        end
-      }
+      end
    end
  end

@ -386,7 +385,7 @@ class TodosController < ApplicationController
      format.js
      format.xml { render :xml => @todo.to_xml(*todo_xml_params) }
      format.html { redirect_to request.referrer }
-      format.m {
+      format.m do
        if cookies[:mobile_url]
          old_path = cookies[:mobile_url]
          cookies[:mobile_url] = { :value => nil, :secure => SITE_CONFIG['secure_cookies'] }
@ -396,14 +395,13 @@ class TodosController < ApplicationController
          notify(:notice, "Star toggled")
          onsite_redirect_to todos_path(:format => 'm')
        end
-      }
+      end
    end
  end

  def change_context
    # change context if you drag a todo to another context
    @todo = current_user.todos.find(params[:id])
-    @original_item_context_id = @todo.context_id
    @original_item = current_user.todos.build(@todo.attributes)  # create a (unsaved) copy of the original todo
    @context = current_user.contexts.find(params[:todo][:context_id])
    @todo.context = @context
@ -425,8 +423,7 @@ class TodosController < ApplicationController

    @todo = current_user.todos.find(params['id'])
    @original_item = current_user.todos.build(@todo.attributes)  # create a (unsaved) copy of the original todo
-
-    cache_attributes_from_before_update # TODO: remove in favor of @original_item
+    @original_item_due_id = get_due_id_for_calendar(@original_item.due)

    update_tags
    update_project
@ -441,12 +438,11 @@ class TodosController < ApplicationController
    rescue ActiveRecord::RecordInvalid => exception
      record = exception.record
      if record.is_a?(Dependency)
-        record.errors.each { |key,value| @todo.errors[key] << value }
+        record.errors.each { |key, value| @todo.errors.add(key, value) }
      end
      @saved = false
    end

-
    provide_project_or_context_for_view

    # this is set after save and cleared after reload, so save it here
@ -456,7 +452,7 @@ class TodosController < ApplicationController

    update_dependency_state
    if @project_changed
-      @remaining_undone_in_project = current_user.projects.find(@original_item_project_id).todos.active.count if source_view_is :project
+      @remaining_undone_in_project = current_user.projects.find(@original_item.project_id).todos.active.count if source_view_is :project
    end

    determine_changes_by_this_update
@ -464,14 +460,14 @@ class TodosController < ApplicationController
    determine_down_count
    determine_deferred_tag_count(sanitize(params['_tag_name'])) if source_view_is(:tag)

-    @todo.touch_predecessors if @original_item_description != @todo.description
+    @todo.touch_predecessors if @original_item.description != @todo.description

    respond_to do |format|
-      format.js {
+      format.js do
        @status_message = @todo.deferred? ? t('todos.action_saved_to_tickler') : t('todos.action_saved')
        @status_message = t('todos.added_new_project') + ' / ' + @status_message if @new_project_created
        @status_message = t('todos.added_new_context') + ' / ' + @status_message if @new_context_created
-      }
+      end
      format.xml { render :xml => @todo.to_xml(*todo_xml_params) }
      format.m do
        if @saved
@ -495,8 +491,8 @@ class TodosController < ApplicationController
  def destroy
    @source_view = params['_source_view'] || 'todo'
    @todo = current_user.todos.find(params['id'])
-    @original_item = current_user.todos.build(@todo.attributes)  # create a (unsaved) copy of the original todo
-    @original_item_due = @todo.due
+    # Create a (unsaved) copy of the original todo
+    @original_item = current_user.todos.build(@todo.attributes)
    @context_id = @todo.context_id
    @project_id = @todo.project_id
    @todo_was_destroyed = true
@ -524,7 +520,6 @@ class TodosController < ApplicationController
    @new_recurring_todo = check_for_next_todo(@todo) if @saved

    respond_to do |format|
-
      format.html do
        if @saved
          message = t('todos.action_deleted_success')
@ -538,22 +533,19 @@ class TodosController < ApplicationController
          redirect_to :action => 'index'
        end
      end
-
      format.js do
        if @saved
          determine_down_count
          if source_view_is_one_of(:todo, :deferred, :project, :context, :tag)
            determine_remaining_in_container_count(@todo)
          elsif source_view_is :calendar
-            @original_item_due_id = get_due_id_for_calendar(@original_item_due)
+            @original_item_due_id = get_due_id_for_calendar(@original_item.due)
            @old_due_empty = is_old_due_empty(@original_item_due_id)
          end
        end
        render
      end
-
      format.xml { render :body => '200 OK. Action deleted.', :status => 200 }
-
    end
  end

@ -635,30 +627,30 @@ class TodosController < ApplicationController

    todos_with_tag_ids = find_todos_with_tag_expr(@tag_expr)

-    @not_done_todos = todos_with_tag_ids.
-      active.not_hidden.
-      reorder(Arel.sql('todos.due IS NULL, todos.due ASC, todos.created_at ASC')).
-      includes(Todo::DEFAULT_INCLUDES)
-    @hidden_todos = todos_with_tag_ids.
-      hidden.
-      reorder(Arel.sql('todos.completed_at DESC, todos.created_at DESC')).
-      includes(Todo::DEFAULT_INCLUDES)
-    @deferred_todos = todos_with_tag_ids.
-      deferred.
-      reorder(Arel.sql('todos.show_from ASC, todos.created_at DESC')).
-      includes(Todo::DEFAULT_INCLUDES)
-    @pending_todos = todos_with_tag_ids.
-      blocked.
-      reorder(Arel.sql('todos.show_from ASC, todos.created_at DESC')).
-      includes(Todo::DEFAULT_INCLUDES)
+    @not_done_todos = todos_with_tag_ids
+      .active.not_hidden
+      .reorder(Arel.sql('todos.due IS NULL, todos.due ASC, todos.created_at ASC'))
+      .includes(Todo::DEFAULT_INCLUDES)
+    @hidden_todos = todos_with_tag_ids
+      .hidden
+      .reorder(Arel.sql('todos.completed_at DESC, todos.created_at DESC'))
+      .includes(Todo::DEFAULT_INCLUDES)
+    @deferred_todos = todos_with_tag_ids
+      .deferred
+      .reorder(Arel.sql('todos.show_from ASC, todos.created_at DESC'))
+      .includes(Todo::DEFAULT_INCLUDES)
+    @pending_todos = todos_with_tag_ids
+      .blocked
+      .reorder(Arel.sql('todos.show_from ASC, todos.created_at DESC'))
+      .includes(Todo::DEFAULT_INCLUDES)
    @todos_without_project = @not_done_todos.select { |t| t.project.nil? }

    # If you've set no_completed to zero, the completed items box isn't shown on
    # the tag page
-    @done = todos_with_tag_ids.completed.
-      limit(current_user.prefs.show_number_completed).
-      reorder('todos.completed_at DESC').
-      includes(Todo::DEFAULT_INCLUDES)
+    @done = todos_with_tag_ids.completed
+      .limit(current_user.prefs.show_number_completed)
+      .reorder('todos.completed_at DESC')
+      .includes(Todo::DEFAULT_INCLUDES)

    @projects = current_user.projects
    @contexts = current_user.contexts
@ -674,12 +666,8 @@ class TodosController < ApplicationController

    respond_to do |format|
      format.html
-      format.m {
-        cookies[:mobile_url]= {:value => request.fullpath, :secure => SITE_CONFIG['secure_cookies']}
-      }
-      format.text {
-        render :action => 'index', :layout => false, :content_type => Mime[:text]
-      }
+      format.m { cookies[:mobile_url] = { :value => request.fullpath, :secure => SITE_CONFIG['secure_cookies'] } }
+      format.text { render :action => 'index', :layout => false, :content_type => Mime[:text] }
    end
  end

@ -710,11 +698,10 @@ class TodosController < ApplicationController
    @tag = Tag.where(:name => @tag_name).first_or_create
  end

-
  def tags
    tags_beginning = current_user.tags.where(Tag.arel_table[:name].matches("#{params[:term]}%"))
    tags_all = current_user.tags.where(Tag.arel_table[:name].matches("%#{params[:term]}%"))
-    tags_all = tags_all - tags_beginning
+    tags_all -= tags_beginning

    respond_to do |format|
      format.autocomplete { render :body => for_autocomplete(tags_beginning + tags_all, params[:term]) }
@ -726,9 +713,9 @@ class TodosController < ApplicationController
    numdays = params['days'].to_i

    @todo = current_user.todos.find(params[:id])
-    @original_item = current_user.todos.build(@todo.attributes)  # create a (unsaved) copy of the original todo
+    # Create a (unsaved) copy of the original todo
+    @original_item = current_user.todos.build(@todo.attributes)

-    @original_item_context_id = @todo.context_id
    @todo_deferred_state_changed = true
    @new_context_created = false
    @due_date_changed = false
@ -743,43 +730,38 @@ class TodosController < ApplicationController
    determine_down_count
    determine_remaining_in_container_count(@todo)
    source_view do |page|
-      page.project {
+      page.project do
        @remaining_undone_in_project = current_user.projects.find(@todo.project_id).todos.not_completed.count
-        @original_item_project_id = @todo.project_id
-      }
-      page.tag {
-        determine_deferred_tag_count(params['_tag_name'])
-      }
+      end
+      page.tag { determine_deferred_tag_count(params['_tag_name']) }
    end

    respond_to do |format|
      format.html { redirect_to :back }
      format.js { render :action => 'update' }
-      format.m {
+      format.m do
        notify(:notice, t("todos.action_deferred", :description => @todo.description))
        do_mobile_todo_redirection
-      }
+      end
    end
  end

  def list_hidden
    @hidden = current_user.todos.hidden
    respond_to do |format|
-      format.xml {
-        render :xml => @hidden.to_xml( *[todo_xml_params[0].merge({:root => :todos})] )
-      }
+      format.xml { render :xml => @hidden.to_xml(*[todo_xml_params[0].merge({ :root => :todos })]) }
    end
  end

  def get_not_completed_for_predecessor(relation, todo_id = nil)
-    items = relation.todos.not_completed.
-      where('(LOWER(todos.description) LIKE ?)', "%#{params[:term].downcase}%")
+    items = relation.todos.not_completed
+      .where('(LOWER(todos.description) ' + Common.like_operator + '?)', "%#{params[:term].downcase}%")
    items = items.where("AND NOT(todos.id=?)", todo_id) unless todo_id.nil?

-    items.
-      includes(:context, :project).
-      reorder('description ASC').
-      limit(10)
+    items
+      .includes(:context, :project)
+      .reorder('description ASC')
+      .limit(10)
  end

  def auto_complete_for_predecessor
@ -814,12 +796,8 @@ class TodosController < ApplicationController
    @todo = current_user.todos.find(params['id'])
    @return_path = cookies[:mobile_url] ? cookies[:mobile_url] : mobile_path
    respond_to do |format|
-      format.html {
-        redirect_to home_path, "Viewing note of todo is not implemented"
-      }
-      format.m   {
-        render :action => "show_notes"
-      }
+      format.html { redirect_to home_path, "Viewing note of todo is not implemented" }
+      format.m { render :action => "show_notes" }
    end
  end

@ -871,20 +849,24 @@ class TodosController < ApplicationController
  def get_params_for_tag_view
    filter_format_for_tag_view

-    # use sanitize to prevent XSS attacks
+    # Don't use sanitize here because these are only used for a DB query.
    @tag_expr = []
-    @tag_expr << sanitize(params[:name]).split(',')
-    @tag_expr << sanitize(params[:and]).split(',') if params[:and]
+    # Tag conditions handled as OR.
+    @tag_expr << params[:name].split(',')

+    # Additional tag condition(s) handled as AND.
+    @tag_expr << params[:and].split(',') if params[:and]
    i = 1
    while params['and' + i.to_s]
-      @tag_expr << sanitize(params['and'+i.to_s]).split(',')
-      i=i+1
+      @tag_expr << params['and' + i.to_s].split(',')
+      i += 1
    end

    @single_tag = @tag_expr.size == 1 && @tag_expr[0].size == 1
-    @tag_name = @tag_expr[0][0]
-    @tag_title = @single_tag ? @tag_name : tag_title(@tag_expr)
+
+    # These are used in the templates, sanitise to prevent XSS.
+    @tag_name = sanitize(@tag_expr[0][0])
+    @tag_title = sanitize(@single_tag ? @tag_name : tag_title(@tag_expr))
  end

  def filter_format_for_tag_view
@ -924,9 +906,9 @@ end
  end

  def find_todos_with_tag_expr(tag_expr)
-    # optimize for the common case: selecting only one tag
+    # Optimize for the common case of selecting only one tag
    if @single_tag
-      tag = Tag.where(:name => @tag_name).first
+      tag = current_user.tags.where(:name => @tag_name).first
      tag_id = tag.nil? ? -1 : tag.id
      return current_user.todos.with_tag(tag_id)
    end
@ -945,7 +927,7 @@ end
        @down_count = current_user.todos.active.not_hidden.count
      end
      from.context do
-        context_id = @original_item_context_id || @todo.context_id
+        context_id = @original_item ? @original_item.context_id || @todo.context_id : @todo.context_id
        todos = current_user.contexts.find(context_id).todos.not_completed

        if @todo.context.hidden?
@ -997,17 +979,17 @@ end

  def determine_remaining_in_container_count(todo = @todo)
    source_view do |from|
-      from.deferred {
+      from.deferred do
        todos_in_container, todos_in_target_container = find_todos_in_container_and_target_container(todo, @todo)
        @remaining_in_context = todos_in_container.deferred_or_blocked.count
        @target_context_count = todos_in_target_container.deferred_or_blocked.count
-      }
-      from.todo {
+      end
+      from.todo do
        todos_in_container, todos_in_target_container = find_todos_in_container_and_target_container(todo, @todo)
        @remaining_in_context = todos_in_container.active.not_hidden.count
        @target_context_count = todos_in_target_container.active.not_hidden.count
-      }
-      from.tag {
+      end
+      from.tag do
        tag = Tag.where(:name => params['_tag_name']).first
        tag = Tag.new(:name => params['tag']) if tag.nil?

@ -1017,9 +999,9 @@ end
        @target_context_count = todos_in_target_container.active.not_hidden.with_tag(tag.id).count
        @remaining_hidden_count = current_user.todos.hidden.with_tag(tag.id).count
        @remaining_deferred_or_pending_count = current_user.todos.with_tag(tag.id).deferred_or_blocked.count
-      }
-      from.project {
-        project_id = @project_changed ? @original_item_project_id : @todo.project_id
+      end
+      from.project do
+        project_id = @project_changed ? @original_item.project_id : @todo.project_id
        @remaining_deferred_or_pending_count = current_user.projects.find(project_id).todos.deferred_or_blocked.count

        if @todo_was_completed_from_deferred_or_blocked_state
@ -1029,11 +1011,11 @@ end
        end

        @target_context_count = current_user.projects.find(project_id).todos.active.count
-      }
-      from.calendar {
+      end
+      from.calendar do
        @target_context_count = @new_due_id.blank? ? 0 : count_old_due_empty(@new_due_id)
-      }
-      from.context {
+      end
+      from.context do
        context = current_user.contexts.find(todo.context_id)
        @remaining_deferred_or_pending_count = context.todos.deferred_or_blocked.count

@ -1048,13 +1030,11 @@ end
          actions_in_target = @todo.context.todos.deferred_or_blocked
        end
        @target_context_count = actions_in_target.count
-      }
-      from.done {
+      end
+      from.done do
        @remaining_in_context = DoneTodos.remaining_in_container(current_user.todos, @original_completed_period)
-      }
-      from.all_done {
-        @remaining_in_context = current_user.todos.completed.count
-      }
+      end
+      from.all_done { @remaining_in_context = current_user.todos.completed.count }
    end
  end

@ -1101,7 +1081,6 @@ end
        date_to_check ||= Time.zone.now

        if recurring_todo.active? && recurring_todo.continues_recurring?(date_to_check)
-
          # shift the reference date to yesterday if date_to_check is furher in
          # the past. This is to make sure we do not get older todos for overdue
          # todos. I.e. checking a daily todo that is overdue with 5 days will
@ -1147,6 +1126,7 @@ end
    due_this_week_date = Time.zone.now.end_of_week
    due_next_week_date = due_this_week_date + 7.days
    due_this_month_date = Time.zone.now.end_of_month
+
    case id
    when "due_today"
      return current_user.todos.not_completed.where('todos.due <= ?', due_today_date).count
@ -1163,19 +1143,6 @@ end
    end
  end

-  def cache_attributes_from_before_update
-    @original_item_context_id = @todo.context_id
-    @original_item_project_id = @todo.project_id
-    @original_item_was_deferred = @todo.deferred?
-    @original_item_was_hidden = @todo.hidden?
-    @original_item_was_pending = @todo.pending?
-    @original_item_due = @todo.due
-    @original_item_due_id = get_due_id_for_calendar(@todo.due)
-    @original_item_predecessor_list = @todo.predecessors.map{|t| t.specification}.join(', ')
-    @original_item_description = @todo.description
-    @todo_was_deferred_or_blocked = @todo.deferred? || @todo.pending?
-  end
-
  def update_project
    @project_changed = false
    if params['todo']['project_id'].blank? && !params['project_name'].nil?
@ -1193,11 +1160,10 @@ end
        end
      end
      params["todo"]["project_id"] = project.id
-      @project_changed = @original_item_project_id != params["todo"]["project_id"] = project.id
+      @project_changed = @original_item.project_id != params["todo"]["project_id"] = project.id
    end
  end

-
  def update_context
    @context_changed = false
    if params['todo']['context_id'].blank? && params['context_name'].present?
@ -1212,14 +1178,15 @@ end
        @context = @new_context
      end
      params["todo"]["context_id"] = @context.id
-      @context_changed = @original_item_context_id != params["todo"]["context_id"] = @context.id
+      @context_changed = @original_item.context_id != params["todo"]["context_id"] = @context.id
    end
  end

  def update_tags
    if params[:tag_list]
      @todo.tag_with(params[:tag_list])
-      @todo.tags.reload #force a reload for proper rendering
+      # Force a reload for proper rendering
+      @todo.tags.reload
    end
  end

@ -1227,12 +1194,12 @@ end
    begin
      parse_date_per_user_prefs(date)
    rescue
-      @todo.errors[:base] << error_msg
+      @todo.errors.add(:base, error_msg)
    end
  end

  def update_date_for_update(key)
-    params['todo'][key] = params["todo"].has_key?(key) ? parse_date_for_update(params["todo"][key], t("todos.error.invalid_#{key}_date")) : ""
+    params['todo'][key] = params["todo"].key?(key) ? parse_date_for_update(params["todo"][key], t("todos.error.invalid_#{key}_date")) : ""
  end

  def update_due_and_show_from_dates
@ -1258,7 +1225,12 @@ end

  def update_dependency_state
    # assumes @todo.save was called so that the predecessor_list is persistent
-    if @original_item_predecessor_list != params[:predecessor_list]
+    original_item_predecessor_list =
+      @original_item.predecessors
+        .map { |t| t.specification }
+        .join(', ')
+
+    if original_item_predecessor_list != params[:predecessor_list]
      # Possible state change with new dependencies
      if @todo.uncompleted_predecessors.empty?
        @todo.activate! if @todo.state == 'pending' # Activate pending if no uncompleted predecessors
@ -1276,16 +1248,16 @@ end
  end

  def determine_changes_by_this_update
-    @todo_was_activated_from_deferred_state = @todo.active? && @original_item_was_deferred
-    @todo_was_activated_from_pending_state = @todo.active? && @original_item_was_pending
-    @todo_was_deferred_from_active_state = @todo.deferred? && !@original_item_was_deferred
-    @todo_was_blocked_from_active_state = @todo.pending? && !@original_item_was_pending
+    @todo_was_activated_from_deferred_state = @todo.active? && @original_item.deferred?
+    @todo_was_activated_from_pending_state = @todo.active? && @original_item.pending?
+    @todo_was_deferred_from_active_state = @todo.deferred? && !@original_item.deferred?
+    @todo_was_blocked_from_active_state = @todo.pending? && !@original_item.pending?

-    @todo_deferred_state_changed = @original_item_was_deferred != @todo.deferred?
-    @todo_pending_state_changed = @original_item_was_pending != @todo.pending?
-    @todo_hidden_state_changed = @original_item_was_hidden != @todo.hidden?
+    @todo_deferred_state_changed = @original_item.deferred? != @todo.deferred?
+    @todo_pending_state_changed = @original_item.pending? != @todo.pending?
+    @todo_hidden_state_changed = @original_item.hidden? != @todo.hidden?

-    @due_date_changed = @original_item_due != @todo.due
+    @due_date_changed = @original_item.due != @todo.due

    source_view do |page|
      page.calendar do
@ -1335,5 +1307,4 @@ end
      redirect_to(uri.path)
    end
  end
-
 end
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@ -1,22 +1,26 @@
 class UsersController < ApplicationController
-
-  before_action :admin_login_required, :only => [ :index, :show, :destroy ]
+  before_action :admin_login_required, :only => [:index, :show]
+  before_action :admin_or_self_login_required, :only => [:destroy]
  skip_before_action :login_required, :only => [:new, :create]
  prepend_before_action :login_optional, :only => [:new, :create]

  # GET /users GET /users.xml
  def index
    respond_to do |format|
+      order_by = 'login'
+      if params[:order] && User.column_names.include?(params[:order])
+        order_by = params[:order]
+      end
      format.html do
-        @page_title = "TRACKS::Manage Users"
-        @users = User.order('login ASC').paginate :page => params[:page]
+        @page_title = t('users.manage_users_title')
+        @users = User.order(order_by + ' ASC').paginate :page => params[:page]
        @total_users = User.count
        # When we call users/signup from the admin page we store the URL so that
        # we get returned here when signup is successful
        store_location
      end
      format.xml do
-        @users  = User.order('login')
+        @users = User.order(order_by)
        render :xml => @users.to_xml(:root => :users, :except => [:password])
      end
    end
@ -76,20 +80,26 @@ class UsersController < ApplicationController
          return
        end

-        user = User.new(user_params)
-
-        unless user.valid?
-          session['new_user'] = user
+        unless params['approve_tos'] == 'on' || SITE_CONFIG['tos_link'].blank?
+          notify :error,  t('users.tos_error')
          redirect_to signup_path
          return
        end

-        signup_by_admin = true if (@user && @user.is_admin?)
+        user = User.new(user_params)
+
+        unless user.valid?
+          notify :error,  t('users.create_error')
+          redirect_to signup_path
+          return
+        end
+
+        signup_by_admin = true if @user && @user.is_admin?
        first_user_signing_up = User.no_users_yet?
        user.is_admin = true if first_user_signing_up
        if user.save
          @user = User.authenticate(user.login, params['user']['password'])
-          @user.create_preference({:locale => I18n.locale})
+          @user.create_preference(:locale => I18n.locale)
          @user.save
          session['user_id'] = @user.id unless signup_by_admin
          notify :notice, t('users.signup_successful', :username => @user.login)
@ -99,20 +109,25 @@ class UsersController < ApplicationController
      end
      format.xml do
        unless current_user && current_user.is_admin
-          render :body => "401 Unauthorized: Only admin users are allowed access to this function.", :status => 401
+          render :body => t('errors.user_unauthorized'), :status => 401
          return
        end
        unless check_create_user_params
          render_failure "Expected post format is valid xml like so: <user><login>username</login><password>abc123</password></user>.", 400
          return
        end
+        unless user_params['approve_tos'] == 'on' || SITE_CONFIG['tos_link'].blank?
+          render_failure "You have to accept the terms of service to sign up!"
+          return
+        end
+
        user = User.new(user_params)
        user.password_confirmation = user_params[:password]
        saved = user.save
        unless user.new_record?
          render :body => t('users.user_created'), :status => 200
        else
-          render_failure user.errors.to_xml, 409
+          render_failure user.errors.full_messages.to_xml(root: "errors", skip_types: true), 409
        end
        return
      end
@ -122,8 +137,14 @@ class UsersController < ApplicationController
  # DELETE /users/id DELETE /users/id.xml
  def destroy
    @deleted_user = User.find(params[:id])
+
+    # Remove the user
    @saved = @deleted_user.destroy
-    @total_users = User.count
+
+    # Log out the user if they've deleted their own user and it succeeded.
+    if @saved && current_user == @deleted_user
+      logout_user
+    end

    respond_to do |format|
      format.html do
@ -132,10 +153,18 @@ class UsersController < ApplicationController
        else
          notify :error, t('users.failed_to_delete_user', :username => @deleted_user.login)
        end
+        if current_user == @deleted_user
+          redirect_to login
+        else
          redirect_to users_url
        end
-      format.js
-      format.xml { head :ok }
+      end
+      format.js do
+        @total_users = User.count
+      end
+      format.xml do
+        head :ok
+      end
    end
  end

@ -178,7 +207,7 @@ class UsersController < ApplicationController
  private

  def user_params
-    params.require(:user).permit(:login, :first_name, :last_name, :password_confirmation, :password, :auth_type, :open_id_url)
+    params.require(:user).permit(:login, :first_name, :last_name, :email, :password_confirmation, :password, :auth_type, :open_id_url)
  end

  def get_new_user
@ -192,12 +221,11 @@ class UsersController < ApplicationController
  end

  def check_create_user_params
-    return false unless params.has_key?(:user)
-    return false unless params[:user].has_key?(:login)
+    return false unless params.key?(:user)
+    return false unless params[:user].key?(:login)
    return false if params[:user][:login].empty?
-    return false unless params[:user].has_key?(:password)
+    return false unless params[:user].key?(:password)
    return false if params[:user][:password].empty?
    return true
  end
-
 end
--- a/app/helpers/application_helper.rb
+++ b/app/helpers/application_helper.rb
@ -1,5 +1,4 @@
 module ApplicationHelper
-
  def group_view_by_menu_entry
    # not set, no menu entry
    return "" if @group_view_by.nil?
@ -55,28 +54,31 @@ module ApplicationHelper
  end

  def link_to_context(context, descriptor = sanitize(context.name))
-    link_to( descriptor, context, :title => "View context: #{context.name}" )
+    link_to(descriptor, context, :title => I18n.t("contexts.view_link", :name => context.name))
  end

  def link_to_project(project, descriptor = sanitize(project.name))
-    link_to( descriptor, project, :title => "View project: #{project.name}" )
+    link_to(descriptor, project, :title => I18n.t("projects.view_link", :name => project.name))
  end

  def link_to_edit_note(note, descriptor = sanitize(note.id.to_s))
    link_to(descriptor, edit_note_path(note),
-      {:id => "link_edit_#{dom_id(note)}", :class => "note_edit_settings"})
+      :id => "link_edit_#{dom_id(note)}", :class => "note_edit_settings")
  end

  def link_to_project_mobile(project, accesskey, descriptor = sanitize(project.name))
-    link_to( descriptor, project_path(project, :format => 'm'), {:title => "View project: #{project.name}", :accesskey => accesskey} )
+    link_to(descriptor, project_path(project, :format => 'm'),
+      :title => I18n.t("projects.view_link", :name => project.name), :accesskey => accesskey)
  end

  def item_link_to_context(item)
-    link_to_context( item.context, prefs.verbose_action_descriptors ? "[#{item.context.name}]" : "[C]" )
+    link_to_context(item.context,
+      prefs.verbose_action_descriptors ? "[#{item.context.name}]" : "[" + I18n.t("contexts.letter_abbreviation") + "]")
  end

  def item_link_to_project(item)
-    link_to_project( item.project, prefs.verbose_action_descriptors ? "[#{item.project.name}]" : "[P]" )
+    link_to_project(item.project,
+      prefs.verbose_action_descriptors ? "[#{item.project.name}]" : "[" + I18n.t("projects.letter_abbreviation") + "]")
  end

  def render_flash
@ -114,7 +116,7 @@ module ApplicationHelper
    recurring_target + recurrence_pattern + recurrence_time_span
  end

-  def date_format_for_date_picker()
+  def date_format_for_date_picker
    [
      ['%m', 'mm'],
      ['%b', 'M'],
@ -168,9 +170,7 @@ module ApplicationHelper
  def javascript_tag_for_i18n_datepicker
    locale = I18n.locale
    # do not include en as locale since this the available by default
-    if locale && locale != :en
-      javascript_include_tag("jquery-ui/datepicker-#{locale}")
-    end
+    javascript_include_tag("datepicker-#{locale}") if locale && locale != :en
  end

  def done_path(controller_name, type)
@ -209,9 +209,7 @@ module ApplicationHelper
  end

  def link_to_delete(type, object, descriptor = sanitize(object.name))
-    link_to(
-      descriptor,
-      self.send("#{type}_path", object, :format => 'js'),
+    link_to(descriptor, self.send("#{type}_path", object, :format => 'js'),
      {
        :id => "delete_#{type}_#{object.id}",
        :class => "delete_#{type}_button icon",
@ -222,7 +220,7 @@ module ApplicationHelper
  end

  def link_to_edit(type, object, descriptor)
-    link_to(descriptor, self.send("edit_#{type}_path", object),
+    link_to(descriptor, send("edit_#{type}_path", object),
      {
        :id => "link_edit_#{dom_id(object)}",
        :class => "#{type}_edit_settings icon"
@ -231,7 +229,7 @@ module ApplicationHelper

  def source_view_key
    # uses @project.id or @context.id depending on source_view
-    source_view_is_one_of(:project, :context) ? "#{@source_view}-#{eval("@#{@source_view}.id")}" : @source_view
+    source_view_is_one_of(:project, :context) ? "#{@source_view}-#{eval("@#{@source_view}.id", binding, __FILE__, __LINE__)}" : @source_view
  end

  # create a unique object name which can be used in ajax calls returning js
@ -251,5 +249,4 @@ module ApplicationHelper
  def js_error_messages_for(object)
    escape_javascript(get_list_of_error_messages_for(object))
  end
-
 end
--- a/app/helpers/bootstrap_flash_helper.rb
+++ b/app/helpers/bootstrap_flash_helper.rb
@ -5,7 +5,7 @@ module BootstrapFlashHelper
    :error => :danger,
    :info => :info,
    :warning => :warning
-  } unless const_defined?(:ALERT_MAPPING)
+  }.freeze unless const_defined?(:ALERT_MAPPING)

  def bootstrap_flash(options = { :close_button => true })
    flash_messages = []
@ -15,7 +15,6 @@ module BootstrapFlashHelper
      type = type.to_sym
      next unless ALERT_MAPPING.keys.include?(type)

-
      tag_class = options.extract!(:class)[:class]
      tag_options = {
        class: "alert fade in alert-#{ALERT_MAPPING[type]} #{tag_class}"
--- a/app/helpers/contexts_helper.rb
+++ b/app/helpers/contexts_helper.rb
@ -1,5 +1,4 @@
 module ContextsHelper
-
  def show_context_name(context)
    if source_view_is :context
      content_tag(:span, :id => "context_name"){ context.name }
@ -19,5 +18,4 @@ module ContextsHelper
  def context_summary(context, undone_todo_count)
    content_tag(:p, "#{undone_todo_count}. Context is #{context.hidden? ? 'Hidden' : 'Active'}.".html_safe)
  end
-
 end
--- a/app/helpers/date_label_helper.rb
+++ b/app/helpers/date_label_helper.rb
@ -1,5 +1,4 @@
 module DateLabelHelper
-
  class GenericDateView
    include ActionView::Context
    include ActionView::Helpers
@ -11,7 +10,7 @@ module DateLabelHelper
      :tomorrow                 => :amber,
      :this_week                => :orange,
      :more_than_a_week         => :green
-    }
+    }.freeze

    def initialize(date, prefs)
      @date = date
@ -53,24 +52,18 @@ module DateLabelHelper
      return "" if @date.nil?

      return content_tag(:a, { :title => @prefs.format_date(@date) }) {
-              content_tag(:span, {:class => get_color}) {
-                yield
-              }
+              content_tag(:span, { :class => get_color }) { yield }
            }
    end

    def date_mobile_html_wrapper
      return "" if @date.nil?

-      return content_tag(:span, {:class => get_color}) {
-        yield
-      }
+      return content_tag(:span, { :class => get_color }) { yield }
    end
-
  end

  class DueDateView < GenericDateView
-
    def due_text
      case @days_sym
      when :overdue_by_one
@ -100,11 +93,9 @@ module DateLabelHelper
    def due_date_mobile_html
      date_mobile_html_wrapper { @prefs.format_date(@due) }
    end
-
  end

  class ShowFromDateView < GenericDateView
-
    def show_from_text
      case @days_sym
      when :overdue_by_more_than_one, :overdue_by_one
@ -127,7 +118,5 @@ module DateLabelHelper
    def show_from_date_html
      date_html_wrapper { show_from_text }
    end
-
  end
-
 end
--- a/app/helpers/feedlist_helper.rb
+++ b/app/helpers/feedlist_helper.rb
@ -1,5 +1,4 @@
 module FeedlistHelper
-
  def linkoptions(format, options)
    merge_hashes({ :format => format }, options, user_token_hash)
  end
@ -42,12 +41,10 @@ module FeedlistHelper
  protected

  def merge_hashes(*hashes)
-    hashes.inject(Hash.new){ |result, h| result.merge(h) }
+    hashes.inject({}) { |result, h| result.merge(h) }
  end

  def user_token_hash
    { :token => current_user.token }
  end
-
-
 end
--- a/app/helpers/icon_helper.rb
+++ b/app/helpers/icon_helper.rb
@ -1,7 +1,7 @@
 module IconHelper
  include FontAwesome::Sass::Rails::ViewHelpers

-  def icon_fw(icon, text = nil, html_options = {})
+  def icon_fw(style, name, text = nil, html_options = {})
    text, html_options = nil, text if text.is_a?(Hash)

    if html_options.key?(:class)
@ -10,6 +10,6 @@ module IconHelper
      html_options[:class] = "fa-fw"
    end

-    icon(icon, text, html_options)
+    icon(style, name, text, html_options)
  end
 end
--- a/app/helpers/login_helper.rb
+++ b/app/helpers/login_helper.rb
@ -1,3 +1,2 @@
 module LoginHelper
-
 end
--- a/app/helpers/notes_helper.rb
+++ b/app/helpers/notes_helper.rb
@ -15,5 +15,4 @@ module NotesHelper
        :title => t('notes.delete_note_title', :id => note.id), :x_confirm_message => t('notes.delete_note_confirm', :id => note.id) }
    )
  end
-
 end
--- a/app/helpers/preferences_helper.rb
+++ b/app/helpers/preferences_helper.rb
@ -1,5 +1,4 @@
 module PreferencesHelper
-
  def pref(model, pref_name, &block)
    s = content_tag(:label, Preference.human_attribute_name(pref_name), :for => model + "_" + pref_name)
    s << yield
@ -18,4 +17,14 @@ module PreferencesHelper
    pref(model, pref_name) { text_field(model, pref_name, class: "form-control") }
  end

+  def profile_delete_user(user)
+    return link_to(
+      t('users.destroy_user'),
+      url_for({ :controller => 'users', :action => 'destroy', :id => user.id }),
+      { :id => "delete_user_#{user.id}",
+        :class => "delete_user_button btn btn-danger",
+        :title => t('users.destroy_user'),
+        :x_confirm_message => t('users.destroy_confirmation', :login => user.login)
+      })
+  end
 end
--- a/app/helpers/projects_helper.rb
+++ b/app/helpers/projects_helper.rb
@ -1,5 +1,4 @@
 module ProjectsHelper
-
  def show_project_name(project)
    if source_view_is :project
      content_tag(:span, :id => "project_name") { project.name }
@ -36,12 +35,11 @@ module ProjectsHelper
    project_description = ''
    project_description += render_text(project.description) if project.description.present?
    project_description += content_tag(:p,
-      "#{count_undone_todos_phrase(p)}. #{t('projects.project_state', :state => project.state)}".html_safe
-      )
+      "#{count_undone_todos_phrase(p)}. #{t('projects.project_state', :state => project.state)}".html_safe)
  end

  def needsreview_class(item)
-    raise "item must be a Project " unless item.kind_of? Project
+    raise "item must be a Project " unless item.is_a? Project
    return item.needs_review?(current_user) ? "needsreview" : "needsnoreview"
  end

@ -52,5 +50,4 @@ module ProjectsHelper
  def link_to_edit_project(project, descriptor = sanitize(project.name))
    link_to_edit(:project, project, descriptor)
  end
-
 end
--- a/app/helpers/recurring_todos_helper.rb
+++ b/app/helpers/recurring_todos_helper.rb
@ -1,16 +1,15 @@
 module RecurringTodosHelper
-
  def recurring_todo_tag_list
    tags_except_starred = @recurring_todo.tags.reject { |t| t.name == Todo::STARRED_TAG_NAME }
-    tag_list = tags_except_starred.
-      collect{|t| content_tag(:span,link_to(t.name, tag_path(t.name)), :class => "tag #{t.label}")}.
-      join('')
+    tag_list = tags_except_starred
+      .collect { |t| content_tag(:span, link_to(t.name, tag_path(t.name)), :class => "tag #{t.label}") }
+      .join('')
    return content_tag :span, tag_list.html_safe, :class => "tags"
  end

  def recurring_todo_remote_delete_icon
-    link_to( image_tag_for_delete,
-      recurring_todo_path(@recurring_todo), :id => "delete_icon_"+@recurring_todo.id.to_s,
+    link_to(image_tag_for_delete, recurring_todo_path(@recurring_todo),
+      :id => "delete_icon_" + @recurring_todo.id.to_s,
      :class => "icon delete_icon", :title => t('todos.delete_recurring_action_title'), :x_confirm_message => t('todos.delete_recurring_action_confirm', :description => @recurring_todo.description))
  end

--- a/app/helpers/rendering_helper.rb
+++ b/app/helpers/rendering_helper.rb
@ -13,7 +13,7 @@ module RenderingHelper
        # do not change string; URL is already linked
        href
      else
-        content_tag(:a, h(href), :href => URI.escape(href))
+        content_tag(:a, h(href), :href => href)
      end
    end
  end
@ -27,7 +27,7 @@ module RenderingHelper
    config = relaxed_config

    # add onenote and message protocols, allow a target
-    a_href_config = relaxed_config[:protocols]['a']['href'] + %w(onenote message)
+    a_href_config = relaxed_config[:protocols]['a']['href'] + %w[onenote message obsidian]
    a_attributes = relaxed_config[:attributes]['a'] + ['target']
    config = Sanitize::Config.merge(config, protocols: { 'a' => { 'href' => a_href_config } }, :attributes => { 'a' => a_attributes })

--- a/app/helpers/stats_helper.rb
+++ b/app/helpers/stats_helper.rb
@ -1,5 +1,4 @@
 module StatsHelper
-
  def font_size(cloud, tag)
    9 + 2 * cloud.relative_size(tag)
  end
@ -19,5 +18,4 @@ module StatsHelper
  def array_of_month_labels(count)
    Array.new(count) { |i| month_label(i) }
  end
-
 end
--- a/app/helpers/todos_helper.rb
+++ b/app/helpers/todos_helper.rb
@ -1,9 +1,7 @@
 require 'staleness'

 module TodosHelper
-
  # === helpers for rendering container
-
  def empty_message_holder(container_name, show, title_param = nil)
    content_tag(:div, :id => "no_todos_in_view", :class => "container #{container_name}", :style => "display:" + (show ? "block" : "none")) do
      content_tag(:h2) { t("todos.no_actions.title", :param => title_param) } +
@ -143,8 +141,7 @@ module TodosHelper
        :show_empty_containers => true,
        :container_name => "#{period}",
        :title => t("todos.calendar.#{period}", :month => l(Time.zone.now, :format => "%B"), :next_month => l(1.month.from_now, :format => "%B"))
-        }
-      }
+      } }
  end

  # === helpers for rendering a todo
@ -171,7 +168,8 @@ module TodosHelper
      :class => "icon_delete_item",
      :id => dom_id(todo, "delete"),
      :x_confirm_message => t('todos.confirm_delete', :description => todo.description),
-      :title => t('todos.delete_action'));
+      :title => t('todos.delete_action')
+    )
  end

  def remote_defer_menu_item(days, todo)
@ -321,7 +319,7 @@ module TodosHelper
  end

  def include_context_link(todo, parent_container_type)
-    return true if (['stats', 'search'].include?(parent_container_type))
+    return true if ['stats', 'search'].include?(parent_container_type)
    # TODO: remove next line if 'project' supports group_view_by
    return true if parent_container_type == 'project'
    return true if @group_view_by == 'project'
@ -330,7 +328,7 @@ module TodosHelper

  def include_project_link(todo, parent_container_type)
    return false unless todo.has_project?
-    return true if (['stats', 'search'].include?(parent_container_type))
+    return true if ['stats', 'search'].include?(parent_container_type)
    # TODO: remove next line if 'context' supports group_view_by
    return true if parent_container_type == 'context'
    return true if @group_view_by == 'context'
@ -395,7 +393,7 @@ module TodosHelper

  def formatted_pagination(total)
    s = will_paginate(@todos)
-    (s.gsub(/(<\/[^<]+>)/, '\1 ')).chomp(' ')
+    s.gsub(/(<\/[^<]+>)/, '\1 ').chomp(' ')
  end

  def format_ical_notes(notes)
@ -421,7 +419,8 @@ module TodosHelper
  # if the animation needs to be run inside the namespace of an object, set the
  # object_name to the name of the object and this name will be prepended to each step
  def render_animation(animation, object_name = nil)
-    object_name += "." unless object_name.nil?  # add dot if object_name is given
+    # Add dot if object_name is given
+    object_name += "." unless object_name.nil?

    # concatenate all steps into functions that call functions
    html = animation.map { |step| "#{object_name}#{step}({ go: function() {" }.join("\r\n")
@ -501,7 +500,13 @@ module TodosHelper
        @todo_was_deferred_from_active_state                                              ||
        @tag_was_removed                                                                  ||
        @todo_was_destroyed                                                               ||
-        (@todo.completed? && !(@original_item_was_deferred || @original_item_was_hidden || @original_item_was_pending))
+        (
+          @todo.completed? && !(
+            @original_item.deferred? ||
+            @original_item.hidden? ||
+            @original_item.pending?
+          )
+        )
      )
    end

@ -606,29 +611,25 @@ module TodosHelper
    raise Exception.new, "no @todo or @successor set" if !todo

    source_view do |page|
-      page.project  {
+      page.project do
        return "deferred_pending_container-empty-d" if empty_criteria_met
        return todo_container_empty_id(todo)
-      }
-      page.tag {
+      end
+      page.tag do
        return "deferred_pending_container-empty-d" if empty_criteria_met
        return "hidden_container-empty-d"           if @todo.hidden?
        return todo_container_empty_id(todo)
-      }
-      page.calendar {
+      end
+      page.calendar do
        return "deferred_pending_container-empty-d" if empty_criteria_met
        return "#{@new_due_id}_container-empty-d"
-      }
-      page.context {
+      end
+      page.context do
        return "deferred_pending_container-empty-d" if empty_criteria_met
        return todo_container_empty_id(todo)
-      }
-      page.todo {
-        return todo_container_empty_id(todo)
-      }
-      page.deferred {
-        return todo_container_empty_id(todo)
-      }
+      end
+      page.todo { return todo_container_empty_id(todo) }
+      page.deferred { return todo_container_empty_id(todo) }
    end

    return context_container_empty_id(todo)
@ -653,30 +654,29 @@ module TodosHelper
  def show_empty_message_in_source_container
    container_id = ""
    source_view do |page|
-      page.project  {
-        container_id = project_container_empty_id(@original_item) if @remaining_in_context == 0
-        container_id = "deferred_pending_container-empty-d" if todo_was_removed_from_deferred_or_blocked_container && @remaining_deferred_or_pending_count == 0
-        container_id = "completed_container-empty-d" if @completed_count && @completed_count == 0 && !@todo.completed?
-      }
      page.deferred { container_id = todo_container_empty_id(@original_item) if @remaining_in_context == 0 }
      page.calendar { container_id = "#{@original_item_due_id}_container-empty-d" if @old_due_empty }
-      page.tag      {
-        container_id = "hidden_container-empty-d" if (@remaining_hidden_count == 0 && !@todo.hidden? && @todo_hidden_state_changed) ||
-          (@remaining_hidden_count == 0 && @todo.completed? && @original_item_was_hidden)
-        container_id = "deferred_pending_container-empty-d" if (todo_was_removed_from_deferred_or_blocked_container && @remaining_deferred_or_pending_count == 0) ||
-          (@original_item_was_deferred && @remaining_deferred_or_pending_count == 0 && (@todo.completed? || @tag_was_removed))
-        container_id = "completed_container-empty-d" if @completed_count && @completed_count == 0 && !@todo.completed?
-      }
-      page.context  {
-        container_id = context_container_empty_id(@original_item) if @remaining_in_context == 0
-        container_id = "deferred_pending_container-empty-d" if todo_was_removed_from_deferred_or_blocked_container && @remaining_deferred_or_pending_count == 0
-        container_id = "completed_container-empty-d" if @completed_count && @completed_count == 0 && !@todo.completed?
-      }
      page.todo { container_id = context_container_empty_id(@original_item) if @remaining_in_context == 0 }
      page.done { container_id = "completed_#{@original_completed_period}_container-empty-d" if @remaining_in_context == 0 }
      page.all_done { container_id = "all-done-empty-nd" if @remaining_in_context == 0 }
+      page.project do
+        container_id = project_container_empty_id(@original_item) if @remaining_in_context == 0
+        container_id = "deferred_pending_container-empty-d" if todo_was_removed_from_deferred_or_blocked_container && @remaining_deferred_or_pending_count == 0
+        container_id = "completed_container-empty-d" if @completed_count && @completed_count == 0 && !@todo.completed?
+      end
+      page.tag do
+        container_id = "hidden_container-empty-d" if (@remaining_hidden_count == 0 && !@todo.hidden? && @todo_hidden_state_changed) ||
+          (@remaining_hidden_count == 0 && @todo.completed? && @original_item.hidden?)
+        container_id = "deferred_pending_container-empty-d" if (todo_was_removed_from_deferred_or_blocked_container && @remaining_deferred_or_pending_count == 0) ||
+          (@original_item.deferred? && @remaining_deferred_or_pending_count == 0 && (@todo.completed? || @tag_was_removed))
+        container_id = "completed_container-empty-d" if @completed_count && @completed_count == 0 && !@todo.completed?
+      end
+      page.context do
+        container_id = context_container_empty_id(@original_item) if @remaining_in_context == 0
+        container_id = "deferred_pending_container-empty-d" if todo_was_removed_from_deferred_or_blocked_container && @remaining_deferred_or_pending_count == 0
+        container_id = "completed_container-empty-d" if @completed_count && @completed_count == 0 && !@todo.completed?
+      end
    end
    return container_id.blank? ? "" : "$(\"##{container_id}\").slideDown(100);".html_safe
  end
-
 end
--- a/app/helpers/users_helper.rb
+++ b/app/helpers/users_helper.rb
@ -2,11 +2,12 @@ module UsersHelper
  def remote_delete_user(user)
    return link_to(
      image_tag("blank.png", :title => t('users.destroy_user'), :class => "delete_item"),
-      url_for({:controller => 'users', :action => 'destroy', :id => user.id}),
-      {:id => "delete_user_#{user.id}",
+      url_for(:controller => 'users', :action => 'destroy', :id => user.id), {
+        :id => "delete_user_#{user.id}",
        :class => "delete_user_button",
        :title => t('users.destroy_user'),
        :x_confirm_message => t('users.destroy_confirmation', :login => user.login)
-      })
+      }
+    )
  end
 end
--- a/app/models/context.rb
+++ b/app/models/context.rb
@ -1,5 +1,4 @@
 class Context < ApplicationRecord
-
  has_many :todos, -> { order(Arel.sql("todos.due IS NULL, todos.due ASC, todos.created_at ASC")).includes(:project) }, :dependent => :delete_all
  has_many :recurring_todos, :dependent => :delete_all
  belongs_to :user
@ -7,7 +6,7 @@ class Context < ApplicationRecord
  scope :active,    -> { where state: :active }
  scope :hidden,    -> { where state: :hidden }
  scope :closed,    -> { where state: :closed }
-  scope :with_name, lambda { |name| where("name LIKE ?", name) }
+  scope :with_name, lambda { |name| where("name " + Common.like_operator + " ?", name) }

  acts_as_list :scope => :user, :top_of_list => 0

@ -15,7 +14,6 @@ class Context < ApplicationRecord
  include AASM

  aasm :column => :state do
-
    state :active, :initial => true
    state :closed
    state :hidden
@ -33,9 +31,7 @@ class Context < ApplicationRecord
    end
  end

-  validates_presence_of :name, :message => "context must have a name"
-  validates_length_of :name, :maximum => 255, :message => "context name must be less than 256 characters"
-  validates_uniqueness_of :name, :message => "already exists", :scope => "user_id"
+  validates :name, presence: { message: "context must have a name" }, length: { maximum: 255, message: "context name must be less than 256 characters" }, uniqueness: { message: "already exists", scope: "user_id", case_sensitive: false }

  def self.null_object
    NullContext.new
@ -48,11 +44,9 @@ class Context < ApplicationRecord
  def no_active_todos?
    return todos.active.count == 0
  end
-
 end

 class NullContext
-
  def nil?
    true
  end
@ -64,5 +58,4 @@ class NullContext
  def name
    ''
  end
-
 end
--- a/app/models/dependency.rb
+++ b/app/models/dependency.rb
@ -1,17 +1,13 @@
 class Dependency < ApplicationRecord
-
  # touch to make sure todo caches for predecessor and successor are invalidated
-
  belongs_to :predecessor, :foreign_key => 'predecessor_id', :class_name => 'Todo', :touch => true
  belongs_to :successor, :foreign_key => 'successor_id', :class_name => 'Todo', :touch => true

  validate :check_circular_dependencies

  def check_circular_dependencies
-    unless predecessor.nil? or successor.nil?
+    unless predecessor.nil? || successor.nil?
      errors.add("Depends on:", "Adding '#{successor.specification}' would create a circular dependency") if successor.is_successor?(predecessor)
    end
  end
-
 end
-
--- a/app/models/message_gateway.rb
+++ b/app/models/message_gateway.rb
@ -1,142 +0,0 @@
-class MessageGateway < ActionMailer::Base
-
-  def receive(email)
-    user = get_receiving_user_from_email_address(email)
-    return false if user.nil?
-    return false unless check_sender_is_in_mailmap(user, email)
-
-    context = user.prefs.sms_context
-    todo_params = get_todo_params(email)
-
-    todo_builder = TodoFromRichMessage.new(user, context.id, todo_params[:description], todo_params[:notes])
-    todo = todo_builder.construct
-
-    if todo.save!
-      Rails.logger.info "Saved email as todo for user #{user.login} in context #{context.name}"
-
-      if attach_email_to_todo(todo, email)
-        Rails.logger.info "Saved email as attachment to todo for user #{user.login} in context #{context.name}"
-      end
-    end
-    todo
-  end
-
-  private
-
-  def attach_email_to_todo(todo, email)
-    attachment = todo.attachments.build
-
-    # create temp file
-    tmp = Tempfile.new(['attachment', '.eml'], {universal_newline: true})
-    tmp.write email.raw_source.gsub(/\r/, "")
-
-    # add temp file to attachment. paperclip will copy the file to the right location
-    Rails.logger.info "Saved received email to #{tmp.path}"
-    attachment.file = tmp
-    tmp.close
-    saved = attachment.save!
-
-    # enable write permissions on group, since MessageGateway could be run under different
-    # user than Tracks (i.e. apache versus mail)
-    dir = File.open(File.dirname(attachment.file.path))
-    dir.chmod(0770)
-
-    # delete temp file
-    tmp.unlink
-  end
-
-  def get_todo_params(email)
-    params = {}
-
-    if email.multipart?
-      params[:description] = get_text_or_nil(email.subject)
-      params[:notes]       = get_first_text_plain_part(email)
-    else
-      if email.subject.blank?
-        params[:description] = get_decoded_text_or_nil(email.body)
-        params[:notes]       = nil
-      else
-        params[:description] = get_text_or_nil(email.subject)
-        params[:notes]       = get_decoded_text_or_nil(email.body)
-      end
-    end
-    params
-  end
-
-  def get_receiving_user_from_email_address(email)
-    SITE_CONFIG['email_dispatch'] == 'single_user' ? get_receiving_user_from_env_setting : get_receiving_user_from_mail_header(email)
-  end
-
-  def get_receiving_user_from_env_setting
-    Rails.logger.info "All received email goes to #{ENV['TRACKS_MAIL_RECEIVER']}"
-    user = User.where(:login => ENV['TRACKS_MAIL_RECEIVER']).first
-    Rails.logger.info "WARNING: Unknown user set for TRACKS_MAIL_RECEIVER (#{ENV['TRACKS_MAIL_RECEIVER']})" if user.nil?
-    return user
-  end
-
-  def get_receiving_user_from_mail_header(email)
-    user = get_receiving_user_from_sms_email( get_address(email) )
-    Rails.logger.info(user.nil? ? "User unknown": "Email belongs to #{user.login}")
-    return user
-  end
-
-  def get_address(email)
-    return SITE_CONFIG['email_dispatch'] == 'to' ?  email.to[0] :  email.from[0]
-  end
-
-  def get_receiving_user_from_sms_email(address)
-    Rails.logger.info "Looking for user with email #{address}"
-    user = User.where("preferences.sms_email" => address.strip).includes(:preference).first
-    user = User.where("preferences.sms_email" => address.strip[1.100]).includes(:preference).first if user.nil?
-    return user
-  end
-
-  def check_sender_is_in_mailmap(user, email)
-    if user.present? and !sender_is_in_mailmap?(user,email)
-      Rails.logger.warn "#{email.from[0]} not found in mailmap for #{user.login}"
-      return false
-    end
-    return true
-  end
-
-  def sender_is_in_mailmap?(user,email)
-    if SITE_CONFIG['mailmap'].is_a? Hash and SITE_CONFIG['email_dispatch'] == 'to'
-      # Look for the sender in the map of allowed senders
-      SITE_CONFIG['mailmap'][user.preference.sms_email].include? email.from[0]
-    else
-      # We can't check the map if it's not defined, or if the lookup is the
-      # wrong way round, so just allow it
-      true
-    end
-  end
-
-  def get_text_or_nil(text)
-    return text ? text.strip : nil
-  end
-
-  def get_decoded_text_or_nil(text)
-    return text ? text.decoded.strip : nil
-  end
-
-  def get_first_text_plain_part(email)
-    # get all parts from multipart/alternative attachments
-    parts = get_all_parts(email.parts)
-
-    # remove all parts that are not text/plain
-    parts.reject{|part| !part.content_type.start_with?("text/plain") }
-
-    return parts.count > 0 ? parts[0].decoded.strip : ""
-  end
-
-  def get_all_parts(parts)
-    # return a flattened array of parts. If a multipart attachment is found, recurse over its parts
-    all_parts = parts.inject([]) do |set, elem|
-      if elem.content_type.start_with?("multipart/alternative")
-        # recurse to handle multiparts in this multipart
-        set += get_all_parts(elem.parts)
-      else
-        set << elem
-      end
-    end
-  end
-end
--- a/app/models/note.rb
+++ b/app/models/note.rb
@ -2,5 +2,5 @@ class Note < ApplicationRecord
  belongs_to :user
  belongs_to :project

-  scope :with_body, lambda { |terms| where("body LIKE ?", terms) }
+  scope :with_body, lambda { |terms| where("body " + Common.like_operator + " ?", terms) }
 end
--- a/app/models/preference.rb
+++ b/app/models/preference.rb
@ -2,6 +2,10 @@ class Preference < ApplicationRecord
  belongs_to :user
  belongs_to :sms_context, :class_name => 'Context'

+  def self.themes
+    { :black => 'black', :light_blue => 'light_blue' }
+  end
+
  def self.due_styles
    { :due_in_n_days => 0, :due_on => 1 }
  end
@ -28,5 +32,4 @@ class Preference < ApplicationRecord
  def format_date(date)
    return date ? date.in_time_zone(time_zone).strftime("#{date_format}") : ''
  end
-
 end
--- a/app/models/project.rb
+++ b/app/models/project.rb
@ -11,21 +11,18 @@ class Project < ApplicationRecord
  scope :completed,   -> { where state: 'completed' }
  scope :uncompleted, -> { where("NOT(state = ?)", 'completed') }

-  scope :with_name_or_description, lambda { |body| where("name LIKE ? OR description LIKE ?", body, body) }
-  scope :with_namepart, lambda { |body| where("name LIKE ?", body + '%') }
+  scope :with_name_or_description, lambda { |body| where("name " + Common.like_operator + " ? OR description " + Common.like_operator + " ?", body, body) }
+  scope :with_namepart, lambda { |body| where("name " + Common.like_operator + " ?", body + '%') }

  before_create :set_last_reviewed_now

-  validates_presence_of :name
-  validates_length_of :name, :maximum => 255
-  validates_uniqueness_of :name, :scope => "user_id"
+  validates :name, presence: true, length: { maximum: 255 }, uniqueness: { scope: :user_id }

  acts_as_list :scope => 'user_id = #{user_id} AND state = \'#{state}\'', :top_of_list => 0

  include AASM

  aasm :column => :state do
-
    state :active, :initial => true
    state :hidden
    state :completed, :enter => :set_completed_at_date, :exit => :clear_completed_at_date
@ -50,7 +47,7 @@ class Project < ApplicationRecord
  end

  def set_last_reviewed_now
-    self.last_reviewed = Time.now
+    self.last_reviewed = Time.zone.now
  end

  def set_completed_at_date
@ -96,14 +93,14 @@ class Project < ApplicationRecord
  def blocked?
    ## mutually exclusive for stalled and blocked
    # blocked is uncompleted project with deferred or pending todos, but no next actions
-    return false if self.completed?
-    return !self.todos.deferred_or_blocked.empty? && self.todos.active.empty?
+    return false if completed?
+    return !todos.deferred_or_blocked.empty? && todos.active.empty?
  end

  def stalled?
    # Stalled projects are active projects with no active next actions
-    return false if self.completed? || self.hidden?
-    return !self.todos.deferred_or_blocked.exists? && !self.todos.active.exists?
+    return false if completed? || hidden?
+    return !todos.deferred_or_blocked.exists? && !todos.active.exists?
  end

  def shortened_name(length = 40)
@ -145,11 +142,9 @@ class Project < ApplicationRecord
    end
    count
  end
-
 end

 class NullProject
-
  def hidden?
    false
  end
@ -169,5 +164,4 @@ class NullProject
  def persisted?
    false
  end
-
 end
--- a/app/models/recurring_todo.rb
+++ b/app/models/recurring_todo.rb
@ -12,8 +12,8 @@ class RecurringTodo < ApplicationRecord

  include AASM
  aasm :column => :state do
-    state :active, :initial => true, :before_enter => Proc.new { |t| t.occurrences_count = 0 }
-    state :completed, :before_enter => Proc.new { |t| t.completed_at = Time.zone.now }, :before_exit => Proc.new { |t| t.completed_at = nil }
+    state :active, :initial => true, :before_enter => Proc.new { self.occurrences_count = 0 }
+    state :completed, :before_enter => Proc.new { self.completed_at = Time.zone.now }, :before_exit => Proc.new { self.completed_at = nil }

    event :complete do
      transitions :to => :completed, :from => [:active]
@ -24,10 +24,12 @@ class RecurringTodo < ApplicationRecord
    end
  end

-  validates_presence_of :description, :recurring_period, :target, :ends_on, :context
-
-  validates_length_of :description, :maximum => 100
-  validates_length_of :notes, :maximum => 60000, :allow_nil => true
+  validates :description, presence: true, length: { maximum: 100 }
+  validates :notes, length: { maximum: 60_000, allow_nil: true }
+  validates :recurring_period, presence: true
+  validates :target, presence: true
+  validates :ends_on, presence: true
+  validates :context, presence: true

  validate :period_validation
  validate :pattern_specific_validations
@ -72,7 +74,7 @@ class RecurringTodo < ApplicationRecord

  def pattern
    if valid_period?
-      @pattern = eval("RecurringTodos::#{recurring_period.capitalize}RecurrencePattern.new(user)")
+      @pattern = eval("RecurringTodos::#{recurring_period.capitalize}RecurrencePattern.new(user)", binding, __FILE__, __LINE__)
      @pattern.build_from_recurring_todo(self)
    end
    @pattern
@ -118,12 +120,12 @@ class RecurringTodo < ApplicationRecord

  def remove_from_project!
    self.project = nil
-    self.save
+    save
  end

  def clear_todos_association
    unless todos.nil?
-      self.todos.each do |t|
+      todos.each do |t|
        t.recurring_todo = nil
        t.save
      end
@ -132,11 +134,10 @@ class RecurringTodo < ApplicationRecord

  def increment_occurrences
    self.occurrences_count += 1
-    self.save
+    save
  end

  def continues_recurring?(previous)
    pattern.continues_recurring?(previous)
  end
-
 end
--- a/app/models/recurring_todos/abstract_recurrence_pattern.rb
+++ b/app/models/recurring_todos/abstract_recurrence_pattern.rb
@ -1,7 +1,5 @@
 module RecurringTodos
-
  class AbstractRecurrencePattern
-
    attr_accessor :attributes

    def initialize(user)
@ -46,8 +44,12 @@ module RecurringTodos

    def xth(x)
      xth_day = [
-        I18n.t('todos.recurrence.pattern.first'),I18n.t('todos.recurrence.pattern.second'),I18n.t('todos.recurrence.pattern.third'),
-        I18n.t('todos.recurrence.pattern.fourth'),I18n.t('todos.recurrence.pattern.last')]
+        I18n.t('todos.recurrence.pattern.first'),
+        I18n.t('todos.recurrence.pattern.second'),
+        I18n.t('todos.recurrence.pattern.third'),
+        I18n.t('todos.recurrence.pattern.fourth'),
+        I18n.t('todos.recurrence.pattern.last'),
+      ]
      x.nil? ? '??' : xth_day[x - 1]
    end

@ -78,11 +80,11 @@ module RecurringTodos
    end

    def validate_not_blank(object, msg)
-      errors[:base] << msg if object.blank?
+      errors.add(:base, msg) if object.blank?
    end

    def validate_not_nil(object, msg)
-      errors[:base] << msg if object.nil?
+      errors.add(:base, msg) if object.nil?
    end

    def validate
@ -98,7 +100,7 @@ module RecurringTodos
      when "ends_on_end_date"
        validate_not_blank(end_date, "The end date needs to be filled in for 'Ends on'")
      else
-        errors[:base] << "The end of the recurrence is not selected" unless ends_on == "no_end_date"
+        errors.add(:base, "The end of the recurrence is not selected") unless ends_on == "no_end_date"
      end
    end

@ -111,7 +113,7 @@ module RecurringTodos
        validate_not_nil(show_always?, "Please select when to show the action")
        validate_not_blank(show_from_delta, "Please fill in the number of days to show the todo before the due date") unless show_always?
      else
-        errors[:base] << "Unexpected value of recurrence target selector '#{target}'"
+        errors.add(:base, "Unexpected value of recurrence target selector '#{target}'")
      end
    end

@ -156,13 +158,13 @@ module RecurringTodos

    def continues_recurring?(previous)
      return @recurring_todo.occurrences_count < @recurring_todo.number_of_occurrences unless @recurring_todo.number_of_occurrences.nil?
-      return true if self.end_date.nil? || self.ends_on == 'no_end_date'
+      return true if end_date.nil? || ends_on == 'no_end_date'

-      case self.target
+      case target
      when 'due_date'
-        get_due_date(previous) <= self.end_date
+        get_due_date(previous) <= end_date
      when 'show_from_date'
-        get_show_from_date(previous) <= self.end_date
+        get_show_from_date(previous) <= end_date
      end
    end

@ -173,7 +175,7 @@ module RecurringTodos
    # offset needs to be 1.day for daily patterns or the start will be the
    # same day as the previous
    def determine_start(previous, offset = 0.day)
-      start = self.start_from || NullTime.new
+      start = start_from || NullTime.new
      if previous
        # check if the start_from date is later than previous. If so, use
        # start_from as start to search for next date
--- a/app/models/recurring_todos/abstract_recurring_todos_builder.rb
+++ b/app/models/recurring_todos/abstract_recurring_todos_builder.rb
@ -1,7 +1,5 @@
 module RecurringTodos
-
  class AbstractRecurringTodosBuilder
-
    attr_reader :mapped_attributes, :pattern

    def initialize(user, attributes, pattern_class)
@ -10,8 +8,8 @@ module RecurringTodos

      @attributes          = attributes
      @selector            = get_selector(selector_key)
-      @filterred_attributes = filter_attributes(@attributes)
-      @mapped_attributes    = map_attributes(@filterred_attributes)
+      @filtered_attributes = filter_attributes(@attributes)
+      @mapped_attributes   = map_attributes(@filtered_attributes)

      @pattern             = pattern_class.new(user)
      @pattern.attributes  = @mapped_attributes
@ -60,11 +58,11 @@ module RecurringTodos

    def filter_attributes(attributes)
      # get pattern independend attributes
-      filterred_attributes = filter_generic_attributes(attributes)
+      filtered_attributes = filter_generic_attributes(attributes)
      # append pattern specific attributes
-      attributes_to_filter.each{|key| filterred_attributes[key]= attributes[key] if attributes.key?(key)}
+      attributes_to_filter.each { |key| filtered_attributes[key] = attributes[key] if attributes.key?(key) }

-      filterred_attributes
+      filtered_attributes
    end

    def filter_generic_attributes(attributes)
@ -89,7 +87,7 @@ module RecurringTodos

    def map_attributes
      # should be overwritten by subclasses to map attributes to activerecord model attributes
-      @filterred_attributes
+      @filtered_attributes
    end

    # helper method to be used in mapped_attributes in subclasses
@ -129,7 +127,7 @@ module RecurringTodos
    end

    def save_tags
-      @recurring_todo.tag_with(@filterred_attributes[:tag_list]) if @filterred_attributes[:tag_list].present?
+      @recurring_todo.tag_with(@filtered_attributes[:tag_list]) if @filtered_attributes[:tag_list].present?
      @recurring_todo.reload
    end

@ -145,7 +143,5 @@ module RecurringTodos
      # avoid nil
      attributes[:tag_list].blank? ? "" : attributes[:tag_list].strip
    end
-
  end
-
 end
--- a/app/models/recurring_todos/daily_recurrence_pattern.rb
+++ b/app/models/recurring_todos/daily_recurrence_pattern.rb
@ -1,7 +1,5 @@
 module RecurringTodos
-
  class DailyRecurrencePattern < AbstractRecurrencePattern
-
    def initialize(user)
      super user
    end
@ -26,7 +24,7 @@ module RecurringTodos

    def validate
      super
-      errors[:base] << "Every other nth day may not be empty for this daily recurrence setting" if (!only_work_days?) && every_x_days.blank?
+      errors.add(:base, "Every other nth day may not be empty for this daily recurrence setting") if (!only_work_days?) && every_x_days.blank?
    end

    def get_next_date(previous)
@ -38,8 +36,8 @@ module RecurringTodos

      if only_work_days?
        # jump over weekend if necessary
-        return start + 2.day if start.wday() == 6 # saturday
-        return start + 1.day if start.wday() == 0 # sunday
+        return start + 2.day if start.wday == 6 # saturday
+        return start + 1.day if start.wday == 0 # sunday
        return start
      else
        # if there was no previous todo, do not add n: the first todo starts on
@ -47,6 +45,5 @@ module RecurringTodos
        return previous == nil ? start : start + every_x_days.day - 1.day
      end
    end
-
  end
 end
--- a/app/models/recurring_todos/daily_recurring_todos_builder.rb
+++ b/app/models/recurring_todos/daily_recurring_todos_builder.rb
@ -1,5 +1,4 @@
 module RecurringTodos
-
  class DailyRecurringTodosBuilder < AbstractRecurringTodosBuilder
    attr_reader :recurring_todo, :pattern

@ -29,7 +28,5 @@ module RecurringTodos
    def valid_selector?(selector)
      %w{daily_every_x_day daily_every_work_day}.include?(selector)
    end
-
  end
-
 end
--- a/app/models/recurring_todos/monthly_recurrence_pattern.rb
+++ b/app/models/recurring_todos/monthly_recurrence_pattern.rb
@ -1,7 +1,5 @@
 module RecurringTodos
-
  class MonthlyRecurrencePattern < AbstractRecurrencePattern
-
    def initialize(user)
      super user
    end
--- a/app/models/recurring_todos/monthly_recurring_todos_builder.rb
+++ b/app/models/recurring_todos/monthly_recurring_todos_builder.rb
@ -1,5 +1,4 @@
 module RecurringTodos
-
  class MonthlyRecurringTodosBuilder < AbstractRecurringTodosBuilder
    attr_reader :recurring_todo

@ -40,7 +39,5 @@ module RecurringTodos
    def valid_selector?(selector)
      %w{monthly_every_x_day monthly_every_xth_day}.include?(selector)
    end
-
  end
-
 end
--- a/app/models/recurring_todos/recurring_todos_builder.rb
+++ b/app/models/recurring_todos/recurring_todos_builder.rb
@ -1,7 +1,5 @@
 module RecurringTodos
-
  class RecurringTodosBuilder
-
    attr_reader :builder, :project, :context, :tag_list, :user

    def initialize(user, attributes)
@ -17,7 +15,7 @@ module RecurringTodos

    def create_builder(selector)
      raise "Unknown recurrence selector in :recurring_period (#{selector})" unless valid_selector? selector
-      eval("RecurringTodos::#{selector.capitalize}RecurringTodosBuilder.new(@user, @attributes)")
+      eval("RecurringTodos::#{selector.capitalize}RecurringTodosBuilder.new(@user, @attributes)", binding, __FILE__, __LINE__)
    end

    def build
@ -72,7 +70,5 @@ module RecurringTodos
    def parse_context
      @context, @new_context_created = @attributes.parse_collection(:context, @user.contexts)
    end
-
  end
-
 end
--- a/app/models/recurring_todos/weekly_recurrence_pattern.rb
+++ b/app/models/recurring_todos/weekly_recurrence_pattern.rb
@ -1,7 +1,5 @@
 module RecurringTodos
-
  class WeeklyRecurrencePattern < AbstractRecurrencePattern
-
    def initialize(user)
      super user
    end
@ -31,8 +29,8 @@ module RecurringTodos
    def validate
      super
      validate_not_blank(every_x_week, "Every other nth week may not be empty for weekly recurrence setting")
-      something_set = %w{sunday monday tuesday wednesday thursday friday saturday}.inject(false) { |set, day| set || self.send("on_#{day}") }
-      errors[:base] << "You must specify at least one day on which the todo recurs" unless something_set
+      something_set = %w{ sunday monday tuesday wednesday thursday friday saturday }.inject(false) { |set, day| set || send("on_#{day}") }
+      errors.add(:base, "You must specify at least one day on which the todo recurs") unless something_set
    end

    def get_next_date(previous)
@ -43,30 +41,30 @@ module RecurringTodos

      # we did not find anything this week, so check the nth next, starting from
      # sunday
-      start = start + self.every_x_week.week - (start.wday()).days
+      start = start + every_x_week.week - (start.wday).days

      start = find_first_day_in_this_week(start)
      return start unless start == -1

-      raise Exception.new, "unable to find next weekly date (#{self.every_day})"
+      raise Exception.new, "unable to find next weekly date (#{every_day})"
    end

    private

    def determine_start_date(previous)
      if previous.nil?
-        return self.start_from || Time.zone.now
+        return start_from || Time.zone.now
      else
        start = previous + 1.day
-        if start.wday() == 0
+        if start.wday == 0
          # we went to a new week, go to the nth next week and find first match
          # that week. Note that we already went into the next week, so -1
          start += (every_x_week - 1).week
        end
-        unless self.start_from.nil?
+        unless start_from.nil?
          # check if the start_from date is later than previous. If so, use
          # start_from as start to search for next date
-          start = self.start_from if self.start_from > previous
+          start = start_from if start_from > previous
        end
        return start
      end
@ -74,13 +72,10 @@ module RecurringTodos

    def find_first_day_in_this_week(start)
      # check if there are any days left this week for the next todo
-      start.wday().upto 6 do |i|
-        return start + (i-start.wday()).days if on_xday(i)
+      start.wday.upto 6 do |i|
+        return start + (i - start.wday).days if on_xday(i)
      end
      -1
    end
-
-
  end
-
 end
--- a/app/models/recurring_todos/weekly_recurring_todos_builder.rb
+++ b/app/models/recurring_todos/weekly_recurring_todos_builder.rb
@ -1,5 +1,4 @@
 module RecurringTodos
-
  class WeeklyRecurringTodosBuilder < AbstractRecurringTodosBuilder
    attr_reader :recurring_todo

@ -37,7 +36,5 @@ module RecurringTodos
    def valid_selector?(key)
      true
    end
-
  end
-
 end
--- a/app/models/recurring_todos/yearly_recurrence_pattern.rb
+++ b/app/models/recurring_todos/yearly_recurrence_pattern.rb
@ -1,7 +1,5 @@
 module RecurringTodos
-
  class YearlyRecurrencePattern < AbstractRecurrencePattern
-
    def initialize(user)
      super user
    end
@ -33,7 +31,7 @@ module RecurringTodos
    end

    def recurrence_pattern
-      if self.recurrence_selector == 0
+      if recurrence_selector == 0
        I18n.t("todos.recurrence.pattern.every_year_on", :date => date_as_month_day)
      else
        I18n.t("todos.recurrence.pattern.every_year_on",
@ -96,14 +94,13 @@ module RecurringTodos
      the_next = start.month > month ? Time.zone.local(start.year + 1, month, 1) : start

      # get the xth day of the month
-      the_next = get_xth_day_of_month(self.every_xth_day, day_of_week, month, the_next.year)
+      the_next = get_xth_day_of_month(every_xth_day, day_of_week, month, the_next.year)

      # if the_next is before previous, we went back into the past, so try next
      # year
-      the_next = get_xth_day_of_month(self.every_xth_day, day_of_week, month, start.year+1) if the_next <= start
+      the_next = get_xth_day_of_month(every_xth_day, day_of_week, month, start.year + 1) if the_next <= start

      the_next
    end
-
  end
 end
--- a/app/models/recurring_todos/yearly_recurring_todos_builder.rb
+++ b/app/models/recurring_todos/yearly_recurring_todos_builder.rb
@ -1,5 +1,4 @@
 module RecurringTodos
-
  class YearlyRecurringTodosBuilder < AbstractRecurringTodosBuilder
    attr_reader :recurring_todo

@ -39,7 +38,5 @@ module RecurringTodos
    def get_every_other2
      { 0 => :yearly_month_of_year, 1 => :yearly_month_of_year2 }[get_recurrence_selector]
    end
-
  end
-
 end
--- a/app/models/search/search_results.rb
+++ b/app/models/search/search_results.rb
@ -1,5 +1,4 @@
 module Search
-
  class SearchResults
    attr_reader :results

@ -26,29 +25,27 @@ module Search
    private

    def incomplete_todos(terms)
-      @user.todos.
-        where("(todos.description LIKE ? OR todos.notes LIKE ?) AND todos.completed_at IS NULL", terms, terms).
-        includes(Todo::DEFAULT_INCLUDES).
-        reorder(Arel.sql("todos.due IS NULL, todos.due ASC, todos.created_at ASC"))
+      @user.todos
+        .where("(todos.description " + Common.like_operator + " ? OR todos.notes " + Common.like_operator + " ?) AND todos.completed_at IS NULL", terms, terms)
+        .includes(Todo::DEFAULT_INCLUDES)
+        .reorder(Arel.sql("todos.due IS NULL, todos.due ASC, todos.created_at ASC"))
    end

    def complete_todos(terms)
-      @user.todos.
-        where("(todos.description LIKE ? OR todos.notes LIKE ?) AND NOT (todos.completed_at IS NULL)", terms, terms).
-        includes(Todo::DEFAULT_INCLUDES).
-        reorder("todos.completed_at DESC")
+      @user.todos
+        .where("(todos.description " + Common.like_operator + " ? OR todos.notes " + Common.like_operator + " ?) AND NOT (todos.completed_at IS NULL)", terms, terms)
+        .includes(Todo::DEFAULT_INCLUDES)
+        .reorder("todos.completed_at DESC")
    end

    def todo_tags_by_name(terms)
-      Tagging.find_by_sql([
-          "SELECT DISTINCT tags.name as name "+
-            "FROM tags "+
-            "LEFT JOIN taggings ON tags.id = taggings.tag_id "+
-            "LEFT JOIN todos ON taggings.taggable_id = todos.id "+
-            "WHERE todos.user_id=? "+
-            "AND tags.name LIKE ? ", @user.id, terms])
+      Tagging.find_by_sql(["
+        SELECT DISTINCT tags.name as name
+        FROM tags
+        LEFT JOIN taggings ON tags.id = taggings.tag_id
+        LEFT JOIN todos ON taggings.taggable_id = todos.id
+        WHERE todos.user_id = ?
+        AND tags.name " + Common.like_operator + " ? ", @user.id, terms])
    end
-
  end
-
 end
--- a/app/models/stats/actions.rb
+++ b/app/models/stats/actions.rb
@ -1,9 +1,9 @@
 module Stats
  class Actions
-
-    SECONDS_PER_DAY = 86400;
+    SECONDS_PER_DAY = 86_400

    attr_reader :user
+
    def initialize(user)
      @user = user

@ -171,9 +171,9 @@ module Stats
      # - actions not deferred (show_from must be null)
      # - actions not pending/blocked

-      @actions_running_time = @user.todos.not_completed.not_hidden.not_deferred_or_blocked.
-        select("todos.created_at").
-        reorder("todos.created_at DESC")
+      @actions_running_time = @user.todos.not_completed.not_hidden.not_deferred_or_blocked
+        .select("todos.created_at")
+        .reorder("todos.created_at DESC")

      @max_weeks = difference_in_weeks(@today, @actions_running_time.last.created_at)
      @actions_running_per_week_array = convert_to_weeks_from_today_array(@actions_running_time, @max_weeks + 1, :created_at)
@ -202,9 +202,9 @@ module Stats
    end

    def open_per_week_data
-      @actions_started = @user.todos.created_after(@today-53.weeks).
-        select("todos.created_at, todos.completed_at").
-        reorder("todos.created_at DESC")
+      @actions_started = @user.todos.created_after(@today - 53.weeks)
+        .select("todos.created_at, todos.completed_at")
+        .reorder("todos.created_at DESC")

      @max_weeks = difference_in_weeks(@today, @actions_started.last.created_at)

@ -373,7 +373,7 @@ module Stats
      a = []
      start_week = difference_in_weeks(@today, record.created_at)
      end_week   = record.completed_at ? difference_in_weeks(@today, record.completed_at) : 0
-      end_week.upto(start_week) { |i| a << i };
+      end_week.upto(start_week) { |i| a << i }
      return a
    end

@ -422,7 +422,7 @@ module Stats
    def compute_running_avg_array(set, upper_bound)
      result = set_three_month_avg(set, upper_bound)
      result[upper_bound - 1] = result[upper_bound - 1] * 3 if upper_bound == set.length
-      result[upper_bound-2] = result[upper_bound-2] * 3 / 2 if upper_bound > 1 and upper_bound == set.length
+      result[upper_bound - 2] = result[upper_bound - 2] * 3 / 2 if upper_bound > 1 && upper_bound == set.length
      result[0] = "null"
      result
    end # unsolved, not triggered, edge case for set.length == upper_bound + 1
--- a/app/models/stats/chart.rb
+++ b/app/models/stats/chart.rb
@ -1,8 +1,7 @@
 module Stats
-
  class Chart
-
    attr_reader :action, :height, :width
+
    def initialize(action, dimensions = {})
      @action = action
      @height = dimensions.fetch(:height) { 250 }
@ -12,7 +11,5 @@ module Stats
    def dimensions
      "#{width}x#{height}"
    end
-
  end
-
 end
--- a/app/models/stats/contexts.rb
+++ b/app/models/stats/contexts.rb
@ -1,7 +1,7 @@
 module Stats
  class Contexts
-
    attr_reader :user
+
    def initialize(user)
      @user = user
    end
--- a/app/models/stats/projects.rb
+++ b/app/models/stats/projects.rb
@ -1,7 +1,7 @@
 module Stats
  class Projects
-
    attr_reader :user
+
    def initialize(user)
      @user = user
    end
@ -24,6 +24,5 @@ module Stats
      projects = user.projects.order('created_at ASC')
      projects.sort_by { |p| p.running_time }.reverse.take(10)
    end
-
  end
 end
--- a/app/models/stats/tag_cloud.rb
+++ b/app/models/stats/tag_cloud.rb
@ -2,8 +2,8 @@
 #  http://www.juixe.com/techknow/index.php/2006/07/15/acts-as-taggable-tag-cloud/
 module Stats
  class TagCloud
-
    attr_reader :levels, :tags
+
    def initialize(tags)
      @levels = 10
      @tags = tags.sort_by { |tag| tag.name.downcase }
@ -32,7 +32,7 @@ module Stats
    end

    def counts
-      @counts ||= tags.map {|t| t.count}
+      @counts ||= tags.map(&:count)
    end
  end
 end
--- a/app/models/stats/tag_cloud_query.rb
+++ b/app/models/stats/tag_cloud_query.rb
@ -1,7 +1,7 @@
 module Stats
  class TagCloudQuery
-
    attr_reader :user, :cutoff
+
    def initialize(user, cutoff = nil)
      @user = user
      @cutoff = cutoff
@ -19,7 +19,7 @@ module Stats

    def sql
      # TODO: parameterize limit
-      query = "SELECT tags.id, tags.name AS name, count(*) AS count"
+      query = "SELECT tags.id, tags.name AS name, COUNT(*) AS count"
      query << " FROM taggings, tags, todos"
      query << " WHERE tags.id = tag_id"
      query << " AND todos.user_id = ? "
@ -33,6 +33,5 @@ module Stats
      query << " ORDER BY count DESC, name "
      query << " LIMIT 100"
    end
-
  end
 end
--- a/app/models/stats/time_to_complete.rb
+++ b/app/models/stats/time_to_complete.rb
@ -1,9 +1,9 @@
 module Stats
  class TimeToComplete
-
-    SECONDS_PER_DAY = 86400;
+    SECONDS_PER_DAY = 86_400

    attr_reader :actions
+
    def initialize(actions)
      @actions = actions
    end
@ -58,6 +58,5 @@ module Stats
    def arbitrary_day
      @arbitrary_day ||= Time.utc(2000, 1, 1, 0, 0)
    end
-
  end
 end
--- a/Show more
+++ b/Show more