activeadmin 3.0.0 → 3.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +34 -0
- data/CONTRIBUTING.md +0 -7
- data/lib/active_admin/csv_builder.rb +23 -2
- data/lib/active_admin/engine.rb +4 -0
- data/lib/active_admin/filters/forms.rb +1 -1
- data/lib/active_admin/filters/formtastic_addons.rb +1 -1
- data/lib/active_admin/inputs/filters/select_input.rb +2 -0
- data/lib/active_admin/menu.rb +1 -0
- data/lib/active_admin/namespace.rb +1 -1
- data/lib/active_admin/pundit_adapter.rb +1 -1
- data/lib/active_admin/resource_controller/streaming.rb +1 -1
- data/lib/active_admin/version.rb +1 -1
- data/lib/active_admin.rb +4 -1
- metadata +14 -32
- data/lib/active_admin/deprecation.rb +0 -11
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 500a0615ecf1635299471dcbc309082815a82d24f03528b7c5926c4a5449fb64
|
4
|
+
data.tar.gz: 7ee23a9a3f4658eef536dec2032b40a9d60b054272a09b5e5a833ee51fae4430
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 62b6e4f0a45f0d1d102dd3753de0fdddd4b661e6f53af9caebf37fcdda1924e769ed932027f517147f0db2e0c9724bcff49ca5640130a524ae48701c3ae1551b
|
7
|
+
data.tar.gz: eb0a26b263ed3cb17e8157581ac30a182467649b622807a4af9fccc2618ddb6b392307e4ec16abca591ed6f3b039c451868c7d9a6869ea89de68893672962455
|
data/CHANGELOG.md
CHANGED
@@ -2,6 +2,31 @@
|
|
2
2
|
|
3
3
|
## Unreleased
|
4
4
|
|
5
|
+
## 3.2.0 [☰](https://github.com/activeadmin/activeadmin/compare/v3.1.0..v3.2.0)
|
6
|
+
|
7
|
+
### Security Fixes
|
8
|
+
|
9
|
+
* Backport protect against CSV Injection. [#8167] by [@mgrunberg]
|
10
|
+
|
11
|
+
### Enhancements
|
12
|
+
|
13
|
+
* Backport support citext column type in string filter. [#8165] by [@mgrunberg]
|
14
|
+
* Backport provide detail in DB statement timeout error for filters. [#8163] by [@mgrunberg]
|
15
|
+
|
16
|
+
### Bug Fixes
|
17
|
+
|
18
|
+
* Backport make sure menu creation does not modify menu options. [#8166] by [@mgrunberg]
|
19
|
+
* Backport ransack error with filters when ActiveStorage is used. [#8164] by [@mgrunberg]
|
20
|
+
|
21
|
+
## 3.1.0 [☰](https://github.com/activeadmin/activeadmin/compare/v3.0.0..v3.1.0)
|
22
|
+
|
23
|
+
### Enhancements
|
24
|
+
|
25
|
+
* Support Rails 7.1. [#8102] by [@mgrunberg]
|
26
|
+
* Remove deprecated usage of ActiveSupport::Deprecation singleton. [#8106] by [@mgrunberg]
|
27
|
+
* Replace to_formatted_s with to_s to convert date to string. [#8105] by [@mgrunberg]
|
28
|
+
* Remove upper bound dependency limits from gemspec. [#8098] by [@javierjulio]
|
29
|
+
|
5
30
|
## 3.0.0 [☰](https://github.com/activeadmin/activeadmin/compare/v2.14.0..v3.0.0)
|
6
31
|
|
7
32
|
### Breaking Changes
|
@@ -864,6 +889,15 @@ Please check [0-6-stable] for previous changes.
|
|
864
889
|
[#7993]: https://github.com/activeadmin/activeadmin/pull/7993
|
865
890
|
[#8009]: https://github.com/activeadmin/activeadmin/pull/8009
|
866
891
|
[#8010]: https://github.com/activeadmin/activeadmin/pull/8010
|
892
|
+
[#8098]: https://github.com/activeadmin/activeadmin/pull/8098
|
893
|
+
[#8102]: https://github.com/activeadmin/activeadmin/pull/8102
|
894
|
+
[#8105]: https://github.com/activeadmin/activeadmin/pull/8105
|
895
|
+
[#8106]: https://github.com/activeadmin/activeadmin/pull/8106
|
896
|
+
[#8163]: https://github.com/activeadmin/activeadmin/pull/8163
|
897
|
+
[#8164]: https://github.com/activeadmin/activeadmin/pull/8164
|
898
|
+
[#8165]: https://github.com/activeadmin/activeadmin/pull/8165
|
899
|
+
[#8166]: https://github.com/activeadmin/activeadmin/pull/8166
|
900
|
+
[#8167]: https://github.com/activeadmin/activeadmin/pull/8167
|
867
901
|
|
868
902
|
[@1000ship]: https://github.com/1000ship
|
869
903
|
[@5t111111]: https://github.com/5t111111
|
data/CONTRIBUTING.md
CHANGED
@@ -107,13 +107,6 @@ with the db:
|
|
107
107
|
bin/rake local db:migrate
|
108
108
|
```
|
109
109
|
|
110
|
-
### Get the style right
|
111
|
-
|
112
|
-
Your patch should follow the same conventions & pass the same code quality
|
113
|
-
checks as the rest of the project. `bin/rake lint` will give you feedback in
|
114
|
-
this regard. You can check & fix style issues by running each linter
|
115
|
-
individually. Run `bin/rake -T lint` to see the available linters.
|
116
|
-
|
117
110
|
### Make a Pull Request
|
118
111
|
|
119
112
|
At this point, you should switch back to your master branch and make sure it's
|
@@ -51,7 +51,7 @@ module ActiveAdmin
|
|
51
51
|
csv << bom if bom
|
52
52
|
|
53
53
|
if column_names
|
54
|
-
csv << CSV.generate_line(columns.map { |c| encode
|
54
|
+
csv << CSV.generate_line(columns.map { |c| sanitize(encode(c.name, options)) }, **csv_options)
|
55
55
|
end
|
56
56
|
|
57
57
|
controller.send(:in_paginated_batches) do |resource|
|
@@ -70,7 +70,7 @@ module ActiveAdmin
|
|
70
70
|
|
71
71
|
def build_row(resource, columns, options)
|
72
72
|
columns.map do |column|
|
73
|
-
encode
|
73
|
+
sanitize(encode(call_method_or_proc_on(resource, column.data), options))
|
74
74
|
end
|
75
75
|
end
|
76
76
|
|
@@ -86,6 +86,10 @@ module ActiveAdmin
|
|
86
86
|
end
|
87
87
|
end
|
88
88
|
|
89
|
+
def sanitize(content)
|
90
|
+
Sanitizer.sanitize(content)
|
91
|
+
end
|
92
|
+
|
89
93
|
def method_missing(method, *args, &block)
|
90
94
|
if @view_context.respond_to? method
|
91
95
|
@view_context.public_send method, *args, &block
|
@@ -120,4 +124,21 @@ module ActiveAdmin
|
|
120
124
|
@column_transitive_options ||= @options.slice(*COLUMN_TRANSITIVE_OPTIONS)
|
121
125
|
end
|
122
126
|
end
|
127
|
+
|
128
|
+
# Prevents CSV Injection according to https://owasp.org/www-community/attacks/CSV_Injection
|
129
|
+
module Sanitizer
|
130
|
+
extend self
|
131
|
+
|
132
|
+
ATTACK_CHARACTERS = ["=", "+", "-", "@", "\t", "\r"].freeze
|
133
|
+
|
134
|
+
def sanitize(value)
|
135
|
+
return "'#{value}" if require_sanitization?(value)
|
136
|
+
|
137
|
+
value
|
138
|
+
end
|
139
|
+
|
140
|
+
def require_sanitization?(value)
|
141
|
+
value.is_a?(String) && value.starts_with?(*ATTACK_CHARACTERS)
|
142
|
+
end
|
143
|
+
end
|
123
144
|
end
|
data/lib/active_admin/engine.rb
CHANGED
@@ -21,5 +21,9 @@ module ActiveAdmin
|
|
21
21
|
initializer "active_admin.routes" do
|
22
22
|
require "active_admin/helpers/routes/url_helpers"
|
23
23
|
end
|
24
|
+
|
25
|
+
initializer "active_admin.deprecator" do |app|
|
26
|
+
app.deprecators[:activeadmin] = ActiveAdmin.deprecator if app.respond_to?(:deprecators)
|
27
|
+
end
|
24
28
|
end
|
25
29
|
end
|
@@ -47,7 +47,7 @@ module ActiveAdmin
|
|
47
47
|
#
|
48
48
|
|
49
49
|
def searchable_has_many_through?
|
50
|
-
if reflection && reflection.options[:through]
|
50
|
+
if klass.ransackable_associations.include?(method.to_s) && reflection && reflection.options[:through]
|
51
51
|
reflection.through_reflection.klass.ransackable_attributes.include? reflection.foreign_key
|
52
52
|
else
|
53
53
|
false
|
data/lib/active_admin/menu.rb
CHANGED
@@ -48,6 +48,7 @@ module ActiveAdmin
|
|
48
48
|
# menu.add parent: 'Dashboard', label: 'My Child Dashboard'
|
49
49
|
#
|
50
50
|
def add(options)
|
51
|
+
options = options.dup # Make sure parameter is not modified
|
51
52
|
parent_chain = Array.wrap(options.delete(:parent))
|
52
53
|
|
53
54
|
item = if parent = parent_chain.shift
|
@@ -28,7 +28,7 @@ module ActiveAdmin
|
|
28
28
|
class Namespace
|
29
29
|
class << self
|
30
30
|
def setting(name, default)
|
31
|
-
|
31
|
+
ActiveAdmin.deprecator.warn "This method does not do anything and will be removed."
|
32
32
|
end
|
33
33
|
end
|
34
34
|
|
@@ -77,7 +77,7 @@ module ActiveAdmin
|
|
77
77
|
|
78
78
|
policy_name = policy.class.to_s
|
79
79
|
|
80
|
-
|
80
|
+
ActiveAdmin.deprecator.warn "You have `pundit_policy_namespace` configured as `#{default_policy_namespace}`, " \
|
81
81
|
"but ActiveAdmin was unable to find policy #{default_policy_module}::#{policy_name}. " \
|
82
82
|
"#{policy_name} will be used instead. " \
|
83
83
|
"This behavior will be removed in future versions of ActiveAdmin. " \
|
@@ -31,7 +31,7 @@ module ActiveAdmin
|
|
31
31
|
end
|
32
32
|
|
33
33
|
def csv_filename
|
34
|
-
"#{resource_collection_name.to_s.gsub('_', '-')}-#{Time.zone.now.to_date.
|
34
|
+
"#{resource_collection_name.to_s.gsub('_', '-')}-#{Time.zone.now.to_date.to_s}.csv"
|
35
35
|
end
|
36
36
|
|
37
37
|
def stream_csv
|
data/lib/active_admin/version.rb
CHANGED
data/lib/active_admin.rb
CHANGED
@@ -26,7 +26,6 @@ module ActiveAdmin
|
|
26
26
|
autoload :ControllerAction, "active_admin/controller_action"
|
27
27
|
autoload :CSVBuilder, "active_admin/csv_builder"
|
28
28
|
autoload :Dependency, "active_admin/dependency"
|
29
|
-
autoload :Deprecation, "active_admin/deprecation"
|
30
29
|
autoload :Devise, "active_admin/devise"
|
31
30
|
autoload :DSL, "active_admin/dsl"
|
32
31
|
autoload :FormBuilder, "active_admin/form_builder"
|
@@ -61,6 +60,10 @@ module ActiveAdmin
|
|
61
60
|
@application ||= ::ActiveAdmin::Application.new
|
62
61
|
end
|
63
62
|
|
63
|
+
def deprecator
|
64
|
+
@deprecator ||= ActiveSupport::Deprecation.new("4.0", "active-admin")
|
65
|
+
end
|
66
|
+
|
64
67
|
# Gets called within the initializer
|
65
68
|
def setup
|
66
69
|
application.setup!
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: activeadmin
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 3.
|
4
|
+
version: 3.2.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Charles Maresh
|
@@ -15,7 +15,7 @@ authors:
|
|
15
15
|
autorequire:
|
16
16
|
bindir: bin
|
17
17
|
cert_chain: []
|
18
|
-
date: 2023-
|
18
|
+
date: 2023-12-11 00:00:00.000000000 Z
|
19
19
|
dependencies:
|
20
20
|
- !ruby/object:Gem::Dependency
|
21
21
|
name: arbre
|
@@ -44,9 +44,6 @@ dependencies:
|
|
44
44
|
- - ">="
|
45
45
|
- !ruby/object:Gem::Version
|
46
46
|
version: '3.1'
|
47
|
-
- - "<"
|
48
|
-
- !ruby/object:Gem::Version
|
49
|
-
version: '5.0'
|
50
47
|
type: :runtime
|
51
48
|
prerelease: false
|
52
49
|
version_requirements: !ruby/object:Gem::Requirement
|
@@ -54,21 +51,18 @@ dependencies:
|
|
54
51
|
- - ">="
|
55
52
|
- !ruby/object:Gem::Version
|
56
53
|
version: '3.1'
|
57
|
-
- - "<"
|
58
|
-
- !ruby/object:Gem::Version
|
59
|
-
version: '5.0'
|
60
54
|
- !ruby/object:Gem::Dependency
|
61
55
|
name: formtastic_i18n
|
62
56
|
requirement: !ruby/object:Gem::Requirement
|
63
57
|
requirements:
|
64
|
-
- - "
|
58
|
+
- - ">="
|
65
59
|
- !ruby/object:Gem::Version
|
66
60
|
version: '0.4'
|
67
61
|
type: :runtime
|
68
62
|
prerelease: false
|
69
63
|
version_requirements: !ruby/object:Gem::Requirement
|
70
64
|
requirements:
|
71
|
-
- - "
|
65
|
+
- - ">="
|
72
66
|
- !ruby/object:Gem::Version
|
73
67
|
version: '0.4'
|
74
68
|
- !ruby/object:Gem::Dependency
|
@@ -89,23 +83,20 @@ dependencies:
|
|
89
83
|
name: jquery-rails
|
90
84
|
requirement: !ruby/object:Gem::Requirement
|
91
85
|
requirements:
|
92
|
-
- - "
|
86
|
+
- - ">="
|
93
87
|
- !ruby/object:Gem::Version
|
94
88
|
version: '4.2'
|
95
89
|
type: :runtime
|
96
90
|
prerelease: false
|
97
91
|
version_requirements: !ruby/object:Gem::Requirement
|
98
92
|
requirements:
|
99
|
-
- - "
|
93
|
+
- - ">="
|
100
94
|
- !ruby/object:Gem::Version
|
101
95
|
version: '4.2'
|
102
96
|
- !ruby/object:Gem::Dependency
|
103
97
|
name: kaminari
|
104
98
|
requirement: !ruby/object:Gem::Requirement
|
105
99
|
requirements:
|
106
|
-
- - "~>"
|
107
|
-
- !ruby/object:Gem::Version
|
108
|
-
version: '1.0'
|
109
100
|
- - ">="
|
110
101
|
- !ruby/object:Gem::Version
|
111
102
|
version: 1.2.1
|
@@ -113,9 +104,6 @@ dependencies:
|
|
113
104
|
prerelease: false
|
114
105
|
version_requirements: !ruby/object:Gem::Requirement
|
115
106
|
requirements:
|
116
|
-
- - "~>"
|
117
|
-
- !ruby/object:Gem::Version
|
118
|
-
version: '1.0'
|
119
107
|
- - ">="
|
120
108
|
- !ruby/object:Gem::Version
|
121
109
|
version: 1.2.1
|
@@ -126,9 +114,6 @@ dependencies:
|
|
126
114
|
- - ">="
|
127
115
|
- !ruby/object:Gem::Version
|
128
116
|
version: '6.1'
|
129
|
-
- - "<"
|
130
|
-
- !ruby/object:Gem::Version
|
131
|
-
version: '7.1'
|
132
117
|
type: :runtime
|
133
118
|
prerelease: false
|
134
119
|
version_requirements: !ruby/object:Gem::Requirement
|
@@ -136,9 +121,6 @@ dependencies:
|
|
136
121
|
- - ">="
|
137
122
|
- !ruby/object:Gem::Version
|
138
123
|
version: '6.1'
|
139
|
-
- - "<"
|
140
|
-
- !ruby/object:Gem::Version
|
141
|
-
version: '7.1'
|
142
124
|
- !ruby/object:Gem::Dependency
|
143
125
|
name: ransack
|
144
126
|
requirement: !ruby/object:Gem::Requirement
|
@@ -146,9 +128,6 @@ dependencies:
|
|
146
128
|
- - ">="
|
147
129
|
- !ruby/object:Gem::Version
|
148
130
|
version: '4.0'
|
149
|
-
- - "<"
|
150
|
-
- !ruby/object:Gem::Version
|
151
|
-
version: '5'
|
152
131
|
type: :runtime
|
153
132
|
prerelease: false
|
154
133
|
version_requirements: !ruby/object:Gem::Requirement
|
@@ -156,9 +135,6 @@ dependencies:
|
|
156
135
|
- - ">="
|
157
136
|
- !ruby/object:Gem::Version
|
158
137
|
version: '4.0'
|
159
|
-
- - "<"
|
160
|
-
- !ruby/object:Gem::Version
|
161
|
-
version: '5'
|
162
138
|
description: The administration framework for Ruby on Rails.
|
163
139
|
email:
|
164
140
|
- deivid.rodriguez@riseup.net
|
@@ -331,7 +307,6 @@ files:
|
|
331
307
|
- lib/active_admin/controller_action.rb
|
332
308
|
- lib/active_admin/csv_builder.rb
|
333
309
|
- lib/active_admin/dependency.rb
|
334
|
-
- lib/active_admin/deprecation.rb
|
335
310
|
- lib/active_admin/devise.rb
|
336
311
|
- lib/active_admin/dsl.rb
|
337
312
|
- lib/active_admin/dynamic_setting.rb
|
@@ -522,7 +497,14 @@ homepage: https://activeadmin.info
|
|
522
497
|
licenses:
|
523
498
|
- MIT
|
524
499
|
metadata:
|
500
|
+
bug_tracker_uri: https://github.com/activeadmin/activeadmin/issues
|
501
|
+
changelog_uri: https://github.com/activeadmin/activeadmin/blob/master/CHANGELOG.md
|
502
|
+
documentation_uri: https://activeadmin.info
|
503
|
+
homepage_uri: https://activeadmin.info
|
504
|
+
mailing_list_uri: https://groups.google.com/group/activeadmin
|
525
505
|
rubygems_mfa_required: 'true'
|
506
|
+
source_code_uri: https://github.com/activeadmin/activeadmin
|
507
|
+
wiki_uri: https://github.com/activeadmin/activeadmin/wiki
|
526
508
|
post_install_message:
|
527
509
|
rdoc_options: []
|
528
510
|
require_paths:
|
@@ -538,7 +520,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
538
520
|
- !ruby/object:Gem::Version
|
539
521
|
version: '0'
|
540
522
|
requirements: []
|
541
|
-
rubygems_version: 3.4.
|
523
|
+
rubygems_version: 3.4.21
|
542
524
|
signing_key:
|
543
525
|
specification_version: 4
|
544
526
|
summary: Active Admin is a Ruby on Rails plugin for generating administration style
|