activeadmin 3.0.0 → 3.2.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (16) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +34 -0
  3. data/CONTRIBUTING.md +0 -7
  4. data/lib/active_admin/csv_builder.rb +23 -2
  5. data/lib/active_admin/engine.rb +4 -0
  6. data/lib/active_admin/filters/forms.rb +1 -1
  7. data/lib/active_admin/filters/formtastic_addons.rb +1 -1
  8. data/lib/active_admin/inputs/filters/select_input.rb +2 -0
  9. data/lib/active_admin/menu.rb +1 -0
  10. data/lib/active_admin/namespace.rb +1 -1
  11. data/lib/active_admin/pundit_adapter.rb +1 -1
  12. data/lib/active_admin/resource_controller/streaming.rb +1 -1
  13. data/lib/active_admin/version.rb +1 -1
  14. data/lib/active_admin.rb +4 -1
  15. metadata +14 -32
  16. data/lib/active_admin/deprecation.rb +0 -11
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 79c4d32ec46b6d4de5bceb98519d5c8402ccbec03a653a132f3f32b85aa5d741
4
- data.tar.gz: edae8745a9f18c01cf2ba44de84fb915fd87c804ceb18879295dc9b52c5bd920
3
+ metadata.gz: 500a0615ecf1635299471dcbc309082815a82d24f03528b7c5926c4a5449fb64
4
+ data.tar.gz: 7ee23a9a3f4658eef536dec2032b40a9d60b054272a09b5e5a833ee51fae4430
5
5
  SHA512:
6
- metadata.gz: 9a0d6743ea067aa183840b9c85c8ab3273752e190ee4c2f2406ac3e0e0db9f0646d628d42c90e07494bff83c2118e2c6ae8df9c466d0b34f98e3e11dfe445013
7
- data.tar.gz: 3d6aa1a685ef21a44da6fd90195e1692ea82c8c53b584e31671babc16f735fcfa7faa9789682f3983fe562d4be442b66d289d21bda4cb10b472c4ac6157f5a8f
6
+ metadata.gz: 62b6e4f0a45f0d1d102dd3753de0fdddd4b661e6f53af9caebf37fcdda1924e769ed932027f517147f0db2e0c9724bcff49ca5640130a524ae48701c3ae1551b
7
+ data.tar.gz: eb0a26b263ed3cb17e8157581ac30a182467649b622807a4af9fccc2618ddb6b392307e4ec16abca591ed6f3b039c451868c7d9a6869ea89de68893672962455
data/CHANGELOG.md CHANGED
@@ -2,6 +2,31 @@
2
2
 
3
3
  ## Unreleased
4
4
 
5
+ ## 3.2.0 [☰](https://github.com/activeadmin/activeadmin/compare/v3.1.0..v3.2.0)
6
+
7
+ ### Security Fixes
8
+
9
+ * Backport protect against CSV Injection. [#8167] by [@mgrunberg]
10
+
11
+ ### Enhancements
12
+
13
+ * Backport support citext column type in string filter. [#8165] by [@mgrunberg]
14
+ * Backport provide detail in DB statement timeout error for filters. [#8163] by [@mgrunberg]
15
+
16
+ ### Bug Fixes
17
+
18
+ * Backport make sure menu creation does not modify menu options. [#8166] by [@mgrunberg]
19
+ * Backport ransack error with filters when ActiveStorage is used. [#8164] by [@mgrunberg]
20
+
21
+ ## 3.1.0 [☰](https://github.com/activeadmin/activeadmin/compare/v3.0.0..v3.1.0)
22
+
23
+ ### Enhancements
24
+
25
+ * Support Rails 7.1. [#8102] by [@mgrunberg]
26
+ * Remove deprecated usage of ActiveSupport::Deprecation singleton. [#8106] by [@mgrunberg]
27
+ * Replace to_formatted_s with to_s to convert date to string. [#8105] by [@mgrunberg]
28
+ * Remove upper bound dependency limits from gemspec. [#8098] by [@javierjulio]
29
+
5
30
  ## 3.0.0 [☰](https://github.com/activeadmin/activeadmin/compare/v2.14.0..v3.0.0)
6
31
 
7
32
  ### Breaking Changes
@@ -864,6 +889,15 @@ Please check [0-6-stable] for previous changes.
864
889
  [#7993]: https://github.com/activeadmin/activeadmin/pull/7993
865
890
  [#8009]: https://github.com/activeadmin/activeadmin/pull/8009
866
891
  [#8010]: https://github.com/activeadmin/activeadmin/pull/8010
892
+ [#8098]: https://github.com/activeadmin/activeadmin/pull/8098
893
+ [#8102]: https://github.com/activeadmin/activeadmin/pull/8102
894
+ [#8105]: https://github.com/activeadmin/activeadmin/pull/8105
895
+ [#8106]: https://github.com/activeadmin/activeadmin/pull/8106
896
+ [#8163]: https://github.com/activeadmin/activeadmin/pull/8163
897
+ [#8164]: https://github.com/activeadmin/activeadmin/pull/8164
898
+ [#8165]: https://github.com/activeadmin/activeadmin/pull/8165
899
+ [#8166]: https://github.com/activeadmin/activeadmin/pull/8166
900
+ [#8167]: https://github.com/activeadmin/activeadmin/pull/8167
867
901
 
868
902
  [@1000ship]: https://github.com/1000ship
869
903
  [@5t111111]: https://github.com/5t111111
data/CONTRIBUTING.md CHANGED
@@ -107,13 +107,6 @@ with the db:
107
107
  bin/rake local db:migrate
108
108
  ```
109
109
 
110
- ### Get the style right
111
-
112
- Your patch should follow the same conventions & pass the same code quality
113
- checks as the rest of the project. `bin/rake lint` will give you feedback in
114
- this regard. You can check & fix style issues by running each linter
115
- individually. Run `bin/rake -T lint` to see the available linters.
116
-
117
110
  ### Make a Pull Request
118
111
 
119
112
  At this point, you should switch back to your master branch and make sure it's
data/lib/active_admin/csv_builder.rb CHANGED
@@ -51,7 +51,7 @@ module ActiveAdmin
51
51
  csv << bom if bom
52
52
 
53
53
  if column_names
54
- csv << CSV.generate_line(columns.map { |c| encode c.name, options }, **csv_options)
54
+ csv << CSV.generate_line(columns.map { |c| sanitize(encode(c.name, options)) }, **csv_options)
55
55
  end
56
56
 
57
57
  controller.send(:in_paginated_batches) do |resource|
@@ -70,7 +70,7 @@ module ActiveAdmin
70
70
 
71
71
  def build_row(resource, columns, options)
72
72
  columns.map do |column|
73
- encode call_method_or_proc_on(resource, column.data), options
73
+ sanitize(encode(call_method_or_proc_on(resource, column.data), options))
74
74
  end
75
75
  end
76
76
 
@@ -86,6 +86,10 @@ module ActiveAdmin
86
86
  end
87
87
  end
88
88
 
89
+ def sanitize(content)
90
+ Sanitizer.sanitize(content)
91
+ end
92
+
89
93
  def method_missing(method, *args, &block)
90
94
  if @view_context.respond_to? method
91
95
  @view_context.public_send method, *args, &block
@@ -120,4 +124,21 @@ module ActiveAdmin
120
124
  @column_transitive_options ||= @options.slice(*COLUMN_TRANSITIVE_OPTIONS)
121
125
  end
122
126
  end
127
+
128
+ # Prevents CSV Injection according to https://owasp.org/www-community/attacks/CSV_Injection
129
+ module Sanitizer
130
+ extend self
131
+
132
+ ATTACK_CHARACTERS = ["=", "+", "-", "@", "\t", "\r"].freeze
133
+
134
+ def sanitize(value)
135
+ return "'#{value}" if require_sanitization?(value)
136
+
137
+ value
138
+ end
139
+
140
+ def require_sanitization?(value)
141
+ value.is_a?(String) && value.starts_with?(*ATTACK_CHARACTERS)
142
+ end
143
+ end
123
144
  end
data/lib/active_admin/engine.rb CHANGED
@@ -21,5 +21,9 @@ module ActiveAdmin
21
21
  initializer "active_admin.routes" do
22
22
  require "active_admin/helpers/routes/url_helpers"
23
23
  end
24
+
25
+ initializer "active_admin.deprecator" do |app|
26
+ app.deprecators[:activeadmin] = ActiveAdmin.deprecator if app.respond_to?(:deprecators)
27
+ end
24
28
  end
25
29
  end
data/lib/active_admin/filters/forms.rb CHANGED
@@ -31,7 +31,7 @@ module ActiveAdmin
31
31
  case column.type
32
32
  when :date, :datetime
33
33
  :date_range
34
- when :string, :text
34
+ when :string, :text, :citext
35
35
  :string
36
36
  when :integer, :float, :decimal
37
37
  :numeric
data/lib/active_admin/filters/formtastic_addons.rb CHANGED
@@ -47,7 +47,7 @@ module ActiveAdmin
47
47
  #
48
48
 
49
49
  def searchable_has_many_through?
50
- if reflection && reflection.options[:through]
50
+ if klass.ransackable_associations.include?(method.to_s) && reflection && reflection.options[:through]
51
51
  reflection.through_reflection.klass.ransackable_attributes.include? reflection.foreign_key
52
52
  else
53
53
  false
data/lib/active_admin/inputs/filters/select_input.rb CHANGED
@@ -43,6 +43,8 @@ module ActiveAdmin
43
43
  else
44
44
  super
45
45
  end
46
+ rescue ActiveRecord::QueryCanceled => error
47
+ raise ActiveRecord::QueryCanceled.new "#{error.message.strip} while querying the values for the ActiveAdmin :#{method} filter"
46
48
  end
47
49
 
48
50
  def pluck_column
data/lib/active_admin/menu.rb CHANGED
@@ -48,6 +48,7 @@ module ActiveAdmin
48
48
  # menu.add parent: 'Dashboard', label: 'My Child Dashboard'
49
49
  #
50
50
  def add(options)
51
+ options = options.dup # Make sure parameter is not modified
51
52
  parent_chain = Array.wrap(options.delete(:parent))
52
53
 
53
54
  item = if parent = parent_chain.shift
data/lib/active_admin/namespace.rb CHANGED
@@ -28,7 +28,7 @@ module ActiveAdmin
28
28
  class Namespace
29
29
  class << self
30
30
  def setting(name, default)
31
- Deprecation.warn "This method does not do anything and will be removed."
31
+ ActiveAdmin.deprecator.warn "This method does not do anything and will be removed."
32
32
  end
33
33
  end
34
34
 
data/lib/active_admin/pundit_adapter.rb CHANGED
@@ -77,7 +77,7 @@ module ActiveAdmin
77
77
 
78
78
  policy_name = policy.class.to_s
79
79
 
80
- Deprecation.warn "You have `pundit_policy_namespace` configured as `#{default_policy_namespace}`, " \
80
+ ActiveAdmin.deprecator.warn "You have `pundit_policy_namespace` configured as `#{default_policy_namespace}`, " \
81
81
  "but ActiveAdmin was unable to find policy #{default_policy_module}::#{policy_name}. " \
82
82
  "#{policy_name} will be used instead. " \
83
83
  "This behavior will be removed in future versions of ActiveAdmin. " \
data/lib/active_admin/resource_controller/streaming.rb CHANGED
@@ -31,7 +31,7 @@ module ActiveAdmin
31
31
  end
32
32
 
33
33
  def csv_filename
34
- "#{resource_collection_name.to_s.gsub('_', '-')}-#{Time.zone.now.to_date.to_formatted_s(:default)}.csv"
34
+ "#{resource_collection_name.to_s.gsub('_', '-')}-#{Time.zone.now.to_date.to_s}.csv"
35
35
  end
36
36
 
37
37
  def stream_csv
data/lib/active_admin/version.rb CHANGED
@@ -1,4 +1,4 @@
1
1
  # frozen_string_literal: true
2
2
  module ActiveAdmin
3
- VERSION = "3.0.0"
3
+ VERSION = "3.2.0"
4
4
  end
data/lib/active_admin.rb CHANGED
@@ -26,7 +26,6 @@ module ActiveAdmin
26
26
  autoload :ControllerAction, "active_admin/controller_action"
27
27
  autoload :CSVBuilder, "active_admin/csv_builder"
28
28
  autoload :Dependency, "active_admin/dependency"
29
- autoload :Deprecation, "active_admin/deprecation"
30
29
  autoload :Devise, "active_admin/devise"
31
30
  autoload :DSL, "active_admin/dsl"
32
31
  autoload :FormBuilder, "active_admin/form_builder"
@@ -61,6 +60,10 @@ module ActiveAdmin
61
60
  @application ||= ::ActiveAdmin::Application.new
62
61
  end
63
62
 
63
+ def deprecator
64
+ @deprecator ||= ActiveSupport::Deprecation.new("4.0", "active-admin")
65
+ end
66
+
64
67
  # Gets called within the initializer
65
68
  def setup
66
69
  application.setup!
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: activeadmin
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.0.0
4
+ version: 3.2.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Charles Maresh
@@ -15,7 +15,7 @@ authors:
15
15
  autorequire:
16
16
  bindir: bin
17
17
  cert_chain: []
18
- date: 2023-07-15 00:00:00.000000000 Z
18
+ date: 2023-12-11 00:00:00.000000000 Z
19
19
  dependencies:
20
20
  - !ruby/object:Gem::Dependency
21
21
  name: arbre
@@ -44,9 +44,6 @@ dependencies:
44
44
  - - ">="
45
45
  - !ruby/object:Gem::Version
46
46
  version: '3.1'
47
- - - "<"
48
- - !ruby/object:Gem::Version
49
- version: '5.0'
50
47
  type: :runtime
51
48
  prerelease: false
52
49
  version_requirements: !ruby/object:Gem::Requirement
@@ -54,21 +51,18 @@ dependencies:
54
51
  - - ">="
55
52
  - !ruby/object:Gem::Version
56
53
  version: '3.1'
57
- - - "<"
58
- - !ruby/object:Gem::Version
59
- version: '5.0'
60
54
  - !ruby/object:Gem::Dependency
61
55
  name: formtastic_i18n
62
56
  requirement: !ruby/object:Gem::Requirement
63
57
  requirements:
64
- - - "~>"
58
+ - - ">="
65
59
  - !ruby/object:Gem::Version
66
60
  version: '0.4'
67
61
  type: :runtime
68
62
  prerelease: false
69
63
  version_requirements: !ruby/object:Gem::Requirement
70
64
  requirements:
71
- - - "~>"
65
+ - - ">="
72
66
  - !ruby/object:Gem::Version
73
67
  version: '0.4'
74
68
  - !ruby/object:Gem::Dependency
@@ -89,23 +83,20 @@ dependencies:
89
83
  name: jquery-rails
90
84
  requirement: !ruby/object:Gem::Requirement
91
85
  requirements:
92
- - - "~>"
86
+ - - ">="
93
87
  - !ruby/object:Gem::Version
94
88
  version: '4.2'
95
89
  type: :runtime
96
90
  prerelease: false
97
91
  version_requirements: !ruby/object:Gem::Requirement
98
92
  requirements:
99
- - - "~>"
93
+ - - ">="
100
94
  - !ruby/object:Gem::Version
101
95
  version: '4.2'
102
96
  - !ruby/object:Gem::Dependency
103
97
  name: kaminari
104
98
  requirement: !ruby/object:Gem::Requirement
105
99
  requirements:
106
- - - "~>"
107
- - !ruby/object:Gem::Version
108
- version: '1.0'
109
100
  - - ">="
110
101
  - !ruby/object:Gem::Version
111
102
  version: 1.2.1
@@ -113,9 +104,6 @@ dependencies:
113
104
  prerelease: false
114
105
  version_requirements: !ruby/object:Gem::Requirement
115
106
  requirements:
116
- - - "~>"
117
- - !ruby/object:Gem::Version
118
- version: '1.0'
119
107
  - - ">="
120
108
  - !ruby/object:Gem::Version
121
109
  version: 1.2.1
@@ -126,9 +114,6 @@ dependencies:
126
114
  - - ">="
127
115
  - !ruby/object:Gem::Version
128
116
  version: '6.1'
129
- - - "<"
130
- - !ruby/object:Gem::Version
131
- version: '7.1'
132
117
  type: :runtime
133
118
  prerelease: false
134
119
  version_requirements: !ruby/object:Gem::Requirement
@@ -136,9 +121,6 @@ dependencies:
136
121
  - - ">="
137
122
  - !ruby/object:Gem::Version
138
123
  version: '6.1'
139
- - - "<"
140
- - !ruby/object:Gem::Version
141
- version: '7.1'
142
124
  - !ruby/object:Gem::Dependency
143
125
  name: ransack
144
126
  requirement: !ruby/object:Gem::Requirement
@@ -146,9 +128,6 @@ dependencies:
146
128
  - - ">="
147
129
  - !ruby/object:Gem::Version
148
130
  version: '4.0'
149
- - - "<"
150
- - !ruby/object:Gem::Version
151
- version: '5'
152
131
  type: :runtime
153
132
  prerelease: false
154
133
  version_requirements: !ruby/object:Gem::Requirement
@@ -156,9 +135,6 @@ dependencies:
156
135
  - - ">="
157
136
  - !ruby/object:Gem::Version
158
137
  version: '4.0'
159
- - - "<"
160
- - !ruby/object:Gem::Version
161
- version: '5'
162
138
  description: The administration framework for Ruby on Rails.
163
139
  email:
164
140
  - deivid.rodriguez@riseup.net
@@ -331,7 +307,6 @@ files:
331
307
  - lib/active_admin/controller_action.rb
332
308
  - lib/active_admin/csv_builder.rb
333
309
  - lib/active_admin/dependency.rb
334
- - lib/active_admin/deprecation.rb
335
310
  - lib/active_admin/devise.rb
336
311
  - lib/active_admin/dsl.rb
337
312
  - lib/active_admin/dynamic_setting.rb
@@ -522,7 +497,14 @@ homepage: https://activeadmin.info
522
497
  licenses:
523
498
  - MIT
524
499
  metadata:
500
+ bug_tracker_uri: https://github.com/activeadmin/activeadmin/issues
501
+ changelog_uri: https://github.com/activeadmin/activeadmin/blob/master/CHANGELOG.md
502
+ documentation_uri: https://activeadmin.info
503
+ homepage_uri: https://activeadmin.info
504
+ mailing_list_uri: https://groups.google.com/group/activeadmin
525
505
  rubygems_mfa_required: 'true'
506
+ source_code_uri: https://github.com/activeadmin/activeadmin
507
+ wiki_uri: https://github.com/activeadmin/activeadmin/wiki
526
508
  post_install_message:
527
509
  rdoc_options: []
528
510
  require_paths:
@@ -538,7 +520,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
538
520
  - !ruby/object:Gem::Version
539
521
  version: '0'
540
522
  requirements: []
541
- rubygems_version: 3.4.13
523
+ rubygems_version: 3.4.21
542
524
  signing_key:
543
525
  specification_version: 4
544
526
  summary: Active Admin is a Ruby on Rails plugin for generating administration style
data/lib/active_admin/deprecation.rb DELETED
@@ -1,11 +0,0 @@
1
- # frozen_string_literal: true
2
- module ActiveAdmin
3
- module Deprecation
4
- module_function
5
-
6
- def warn(message, callstack = caller)
7
- ActiveSupport::Deprecation.warn "Active Admin: #{message}", callstack
8
- end
9
-
10
- end
11
- end