activeadmin 3.0.0 → 3.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of activeadmin might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CHANGELOG.md +34 -0
- data/CONTRIBUTING.md +0 -7
- data/lib/active_admin/csv_builder.rb +23 -2
- data/lib/active_admin/engine.rb +4 -0
- data/lib/active_admin/filters/forms.rb +1 -1
- data/lib/active_admin/filters/formtastic_addons.rb +1 -1
- data/lib/active_admin/inputs/filters/select_input.rb +2 -0
- data/lib/active_admin/menu.rb +1 -0
- data/lib/active_admin/namespace.rb +1 -1
- data/lib/active_admin/pundit_adapter.rb +1 -1
- data/lib/active_admin/resource_controller/streaming.rb +1 -1
- data/lib/active_admin/version.rb +1 -1
- data/lib/active_admin.rb +4 -1
- metadata +14 -32
- data/lib/active_admin/deprecation.rb +0 -11
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 500a0615ecf1635299471dcbc309082815a82d24f03528b7c5926c4a5449fb64
|
|
4
|
+
data.tar.gz: 7ee23a9a3f4658eef536dec2032b40a9d60b054272a09b5e5a833ee51fae4430
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 62b6e4f0a45f0d1d102dd3753de0fdddd4b661e6f53af9caebf37fcdda1924e769ed932027f517147f0db2e0c9724bcff49ca5640130a524ae48701c3ae1551b
|
|
7
|
+
data.tar.gz: eb0a26b263ed3cb17e8157581ac30a182467649b622807a4af9fccc2618ddb6b392307e4ec16abca591ed6f3b039c451868c7d9a6869ea89de68893672962455
|
data/CHANGELOG.md
CHANGED
|
@@ -2,6 +2,31 @@
|
|
|
2
2
|
|
|
3
3
|
## Unreleased
|
|
4
4
|
|
|
5
|
+
## 3.2.0 [☰](https://github.com/activeadmin/activeadmin/compare/v3.1.0..v3.2.0)
|
|
6
|
+
|
|
7
|
+
### Security Fixes
|
|
8
|
+
|
|
9
|
+
* Backport protect against CSV Injection. [#8167] by [@mgrunberg]
|
|
10
|
+
|
|
11
|
+
### Enhancements
|
|
12
|
+
|
|
13
|
+
* Backport support citext column type in string filter. [#8165] by [@mgrunberg]
|
|
14
|
+
* Backport provide detail in DB statement timeout error for filters. [#8163] by [@mgrunberg]
|
|
15
|
+
|
|
16
|
+
### Bug Fixes
|
|
17
|
+
|
|
18
|
+
* Backport make sure menu creation does not modify menu options. [#8166] by [@mgrunberg]
|
|
19
|
+
* Backport ransack error with filters when ActiveStorage is used. [#8164] by [@mgrunberg]
|
|
20
|
+
|
|
21
|
+
## 3.1.0 [☰](https://github.com/activeadmin/activeadmin/compare/v3.0.0..v3.1.0)
|
|
22
|
+
|
|
23
|
+
### Enhancements
|
|
24
|
+
|
|
25
|
+
* Support Rails 7.1. [#8102] by [@mgrunberg]
|
|
26
|
+
* Remove deprecated usage of ActiveSupport::Deprecation singleton. [#8106] by [@mgrunberg]
|
|
27
|
+
* Replace to_formatted_s with to_s to convert date to string. [#8105] by [@mgrunberg]
|
|
28
|
+
* Remove upper bound dependency limits from gemspec. [#8098] by [@javierjulio]
|
|
29
|
+
|
|
5
30
|
## 3.0.0 [☰](https://github.com/activeadmin/activeadmin/compare/v2.14.0..v3.0.0)
|
|
6
31
|
|
|
7
32
|
### Breaking Changes
|
|
@@ -864,6 +889,15 @@ Please check [0-6-stable] for previous changes.
|
|
|
864
889
|
[#7993]: https://github.com/activeadmin/activeadmin/pull/7993
|
|
865
890
|
[#8009]: https://github.com/activeadmin/activeadmin/pull/8009
|
|
866
891
|
[#8010]: https://github.com/activeadmin/activeadmin/pull/8010
|
|
892
|
+
[#8098]: https://github.com/activeadmin/activeadmin/pull/8098
|
|
893
|
+
[#8102]: https://github.com/activeadmin/activeadmin/pull/8102
|
|
894
|
+
[#8105]: https://github.com/activeadmin/activeadmin/pull/8105
|
|
895
|
+
[#8106]: https://github.com/activeadmin/activeadmin/pull/8106
|
|
896
|
+
[#8163]: https://github.com/activeadmin/activeadmin/pull/8163
|
|
897
|
+
[#8164]: https://github.com/activeadmin/activeadmin/pull/8164
|
|
898
|
+
[#8165]: https://github.com/activeadmin/activeadmin/pull/8165
|
|
899
|
+
[#8166]: https://github.com/activeadmin/activeadmin/pull/8166
|
|
900
|
+
[#8167]: https://github.com/activeadmin/activeadmin/pull/8167
|
|
867
901
|
|
|
868
902
|
[@1000ship]: https://github.com/1000ship
|
|
869
903
|
[@5t111111]: https://github.com/5t111111
|
data/CONTRIBUTING.md
CHANGED
|
@@ -107,13 +107,6 @@ with the db:
|
|
|
107
107
|
bin/rake local db:migrate
|
|
108
108
|
```
|
|
109
109
|
|
|
110
|
-
### Get the style right
|
|
111
|
-
|
|
112
|
-
Your patch should follow the same conventions & pass the same code quality
|
|
113
|
-
checks as the rest of the project. `bin/rake lint` will give you feedback in
|
|
114
|
-
this regard. You can check & fix style issues by running each linter
|
|
115
|
-
individually. Run `bin/rake -T lint` to see the available linters.
|
|
116
|
-
|
|
117
110
|
### Make a Pull Request
|
|
118
111
|
|
|
119
112
|
At this point, you should switch back to your master branch and make sure it's
|
|
@@ -51,7 +51,7 @@ module ActiveAdmin
|
|
|
51
51
|
csv << bom if bom
|
|
52
52
|
|
|
53
53
|
if column_names
|
|
54
|
-
csv << CSV.generate_line(columns.map { |c| encode
|
|
54
|
+
csv << CSV.generate_line(columns.map { |c| sanitize(encode(c.name, options)) }, **csv_options)
|
|
55
55
|
end
|
|
56
56
|
|
|
57
57
|
controller.send(:in_paginated_batches) do |resource|
|
|
@@ -70,7 +70,7 @@ module ActiveAdmin
|
|
|
70
70
|
|
|
71
71
|
def build_row(resource, columns, options)
|
|
72
72
|
columns.map do |column|
|
|
73
|
-
encode
|
|
73
|
+
sanitize(encode(call_method_or_proc_on(resource, column.data), options))
|
|
74
74
|
end
|
|
75
75
|
end
|
|
76
76
|
|
|
@@ -86,6 +86,10 @@ module ActiveAdmin
|
|
|
86
86
|
end
|
|
87
87
|
end
|
|
88
88
|
|
|
89
|
+
def sanitize(content)
|
|
90
|
+
Sanitizer.sanitize(content)
|
|
91
|
+
end
|
|
92
|
+
|
|
89
93
|
def method_missing(method, *args, &block)
|
|
90
94
|
if @view_context.respond_to? method
|
|
91
95
|
@view_context.public_send method, *args, &block
|
|
@@ -120,4 +124,21 @@ module ActiveAdmin
|
|
|
120
124
|
@column_transitive_options ||= @options.slice(*COLUMN_TRANSITIVE_OPTIONS)
|
|
121
125
|
end
|
|
122
126
|
end
|
|
127
|
+
|
|
128
|
+
# Prevents CSV Injection according to https://owasp.org/www-community/attacks/CSV_Injection
|
|
129
|
+
module Sanitizer
|
|
130
|
+
extend self
|
|
131
|
+
|
|
132
|
+
ATTACK_CHARACTERS = ["=", "+", "-", "@", "\t", "\r"].freeze
|
|
133
|
+
|
|
134
|
+
def sanitize(value)
|
|
135
|
+
return "'#{value}" if require_sanitization?(value)
|
|
136
|
+
|
|
137
|
+
value
|
|
138
|
+
end
|
|
139
|
+
|
|
140
|
+
def require_sanitization?(value)
|
|
141
|
+
value.is_a?(String) && value.starts_with?(*ATTACK_CHARACTERS)
|
|
142
|
+
end
|
|
143
|
+
end
|
|
123
144
|
end
|
data/lib/active_admin/engine.rb
CHANGED
|
@@ -21,5 +21,9 @@ module ActiveAdmin
|
|
|
21
21
|
initializer "active_admin.routes" do
|
|
22
22
|
require "active_admin/helpers/routes/url_helpers"
|
|
23
23
|
end
|
|
24
|
+
|
|
25
|
+
initializer "active_admin.deprecator" do |app|
|
|
26
|
+
app.deprecators[:activeadmin] = ActiveAdmin.deprecator if app.respond_to?(:deprecators)
|
|
27
|
+
end
|
|
24
28
|
end
|
|
25
29
|
end
|
|
@@ -47,7 +47,7 @@ module ActiveAdmin
|
|
|
47
47
|
#
|
|
48
48
|
|
|
49
49
|
def searchable_has_many_through?
|
|
50
|
-
if reflection && reflection.options[:through]
|
|
50
|
+
if klass.ransackable_associations.include?(method.to_s) && reflection && reflection.options[:through]
|
|
51
51
|
reflection.through_reflection.klass.ransackable_attributes.include? reflection.foreign_key
|
|
52
52
|
else
|
|
53
53
|
false
|
data/lib/active_admin/menu.rb
CHANGED
|
@@ -48,6 +48,7 @@ module ActiveAdmin
|
|
|
48
48
|
# menu.add parent: 'Dashboard', label: 'My Child Dashboard'
|
|
49
49
|
#
|
|
50
50
|
def add(options)
|
|
51
|
+
options = options.dup # Make sure parameter is not modified
|
|
51
52
|
parent_chain = Array.wrap(options.delete(:parent))
|
|
52
53
|
|
|
53
54
|
item = if parent = parent_chain.shift
|
|
@@ -28,7 +28,7 @@ module ActiveAdmin
|
|
|
28
28
|
class Namespace
|
|
29
29
|
class << self
|
|
30
30
|
def setting(name, default)
|
|
31
|
-
|
|
31
|
+
ActiveAdmin.deprecator.warn "This method does not do anything and will be removed."
|
|
32
32
|
end
|
|
33
33
|
end
|
|
34
34
|
|
|
@@ -77,7 +77,7 @@ module ActiveAdmin
|
|
|
77
77
|
|
|
78
78
|
policy_name = policy.class.to_s
|
|
79
79
|
|
|
80
|
-
|
|
80
|
+
ActiveAdmin.deprecator.warn "You have `pundit_policy_namespace` configured as `#{default_policy_namespace}`, " \
|
|
81
81
|
"but ActiveAdmin was unable to find policy #{default_policy_module}::#{policy_name}. " \
|
|
82
82
|
"#{policy_name} will be used instead. " \
|
|
83
83
|
"This behavior will be removed in future versions of ActiveAdmin. " \
|
|
@@ -31,7 +31,7 @@ module ActiveAdmin
|
|
|
31
31
|
end
|
|
32
32
|
|
|
33
33
|
def csv_filename
|
|
34
|
-
"#{resource_collection_name.to_s.gsub('_', '-')}-#{Time.zone.now.to_date.
|
|
34
|
+
"#{resource_collection_name.to_s.gsub('_', '-')}-#{Time.zone.now.to_date.to_s}.csv"
|
|
35
35
|
end
|
|
36
36
|
|
|
37
37
|
def stream_csv
|
data/lib/active_admin/version.rb
CHANGED
data/lib/active_admin.rb
CHANGED
|
@@ -26,7 +26,6 @@ module ActiveAdmin
|
|
|
26
26
|
autoload :ControllerAction, "active_admin/controller_action"
|
|
27
27
|
autoload :CSVBuilder, "active_admin/csv_builder"
|
|
28
28
|
autoload :Dependency, "active_admin/dependency"
|
|
29
|
-
autoload :Deprecation, "active_admin/deprecation"
|
|
30
29
|
autoload :Devise, "active_admin/devise"
|
|
31
30
|
autoload :DSL, "active_admin/dsl"
|
|
32
31
|
autoload :FormBuilder, "active_admin/form_builder"
|
|
@@ -61,6 +60,10 @@ module ActiveAdmin
|
|
|
61
60
|
@application ||= ::ActiveAdmin::Application.new
|
|
62
61
|
end
|
|
63
62
|
|
|
63
|
+
def deprecator
|
|
64
|
+
@deprecator ||= ActiveSupport::Deprecation.new("4.0", "active-admin")
|
|
65
|
+
end
|
|
66
|
+
|
|
64
67
|
# Gets called within the initializer
|
|
65
68
|
def setup
|
|
66
69
|
application.setup!
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: activeadmin
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.
|
|
4
|
+
version: 3.2.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Charles Maresh
|
|
@@ -15,7 +15,7 @@ authors:
|
|
|
15
15
|
autorequire:
|
|
16
16
|
bindir: bin
|
|
17
17
|
cert_chain: []
|
|
18
|
-
date: 2023-
|
|
18
|
+
date: 2023-12-11 00:00:00.000000000 Z
|
|
19
19
|
dependencies:
|
|
20
20
|
- !ruby/object:Gem::Dependency
|
|
21
21
|
name: arbre
|
|
@@ -44,9 +44,6 @@ dependencies:
|
|
|
44
44
|
- - ">="
|
|
45
45
|
- !ruby/object:Gem::Version
|
|
46
46
|
version: '3.1'
|
|
47
|
-
- - "<"
|
|
48
|
-
- !ruby/object:Gem::Version
|
|
49
|
-
version: '5.0'
|
|
50
47
|
type: :runtime
|
|
51
48
|
prerelease: false
|
|
52
49
|
version_requirements: !ruby/object:Gem::Requirement
|
|
@@ -54,21 +51,18 @@ dependencies:
|
|
|
54
51
|
- - ">="
|
|
55
52
|
- !ruby/object:Gem::Version
|
|
56
53
|
version: '3.1'
|
|
57
|
-
- - "<"
|
|
58
|
-
- !ruby/object:Gem::Version
|
|
59
|
-
version: '5.0'
|
|
60
54
|
- !ruby/object:Gem::Dependency
|
|
61
55
|
name: formtastic_i18n
|
|
62
56
|
requirement: !ruby/object:Gem::Requirement
|
|
63
57
|
requirements:
|
|
64
|
-
- - "
|
|
58
|
+
- - ">="
|
|
65
59
|
- !ruby/object:Gem::Version
|
|
66
60
|
version: '0.4'
|
|
67
61
|
type: :runtime
|
|
68
62
|
prerelease: false
|
|
69
63
|
version_requirements: !ruby/object:Gem::Requirement
|
|
70
64
|
requirements:
|
|
71
|
-
- - "
|
|
65
|
+
- - ">="
|
|
72
66
|
- !ruby/object:Gem::Version
|
|
73
67
|
version: '0.4'
|
|
74
68
|
- !ruby/object:Gem::Dependency
|
|
@@ -89,23 +83,20 @@ dependencies:
|
|
|
89
83
|
name: jquery-rails
|
|
90
84
|
requirement: !ruby/object:Gem::Requirement
|
|
91
85
|
requirements:
|
|
92
|
-
- - "
|
|
86
|
+
- - ">="
|
|
93
87
|
- !ruby/object:Gem::Version
|
|
94
88
|
version: '4.2'
|
|
95
89
|
type: :runtime
|
|
96
90
|
prerelease: false
|
|
97
91
|
version_requirements: !ruby/object:Gem::Requirement
|
|
98
92
|
requirements:
|
|
99
|
-
- - "
|
|
93
|
+
- - ">="
|
|
100
94
|
- !ruby/object:Gem::Version
|
|
101
95
|
version: '4.2'
|
|
102
96
|
- !ruby/object:Gem::Dependency
|
|
103
97
|
name: kaminari
|
|
104
98
|
requirement: !ruby/object:Gem::Requirement
|
|
105
99
|
requirements:
|
|
106
|
-
- - "~>"
|
|
107
|
-
- !ruby/object:Gem::Version
|
|
108
|
-
version: '1.0'
|
|
109
100
|
- - ">="
|
|
110
101
|
- !ruby/object:Gem::Version
|
|
111
102
|
version: 1.2.1
|
|
@@ -113,9 +104,6 @@ dependencies:
|
|
|
113
104
|
prerelease: false
|
|
114
105
|
version_requirements: !ruby/object:Gem::Requirement
|
|
115
106
|
requirements:
|
|
116
|
-
- - "~>"
|
|
117
|
-
- !ruby/object:Gem::Version
|
|
118
|
-
version: '1.0'
|
|
119
107
|
- - ">="
|
|
120
108
|
- !ruby/object:Gem::Version
|
|
121
109
|
version: 1.2.1
|
|
@@ -126,9 +114,6 @@ dependencies:
|
|
|
126
114
|
- - ">="
|
|
127
115
|
- !ruby/object:Gem::Version
|
|
128
116
|
version: '6.1'
|
|
129
|
-
- - "<"
|
|
130
|
-
- !ruby/object:Gem::Version
|
|
131
|
-
version: '7.1'
|
|
132
117
|
type: :runtime
|
|
133
118
|
prerelease: false
|
|
134
119
|
version_requirements: !ruby/object:Gem::Requirement
|
|
@@ -136,9 +121,6 @@ dependencies:
|
|
|
136
121
|
- - ">="
|
|
137
122
|
- !ruby/object:Gem::Version
|
|
138
123
|
version: '6.1'
|
|
139
|
-
- - "<"
|
|
140
|
-
- !ruby/object:Gem::Version
|
|
141
|
-
version: '7.1'
|
|
142
124
|
- !ruby/object:Gem::Dependency
|
|
143
125
|
name: ransack
|
|
144
126
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -146,9 +128,6 @@ dependencies:
|
|
|
146
128
|
- - ">="
|
|
147
129
|
- !ruby/object:Gem::Version
|
|
148
130
|
version: '4.0'
|
|
149
|
-
- - "<"
|
|
150
|
-
- !ruby/object:Gem::Version
|
|
151
|
-
version: '5'
|
|
152
131
|
type: :runtime
|
|
153
132
|
prerelease: false
|
|
154
133
|
version_requirements: !ruby/object:Gem::Requirement
|
|
@@ -156,9 +135,6 @@ dependencies:
|
|
|
156
135
|
- - ">="
|
|
157
136
|
- !ruby/object:Gem::Version
|
|
158
137
|
version: '4.0'
|
|
159
|
-
- - "<"
|
|
160
|
-
- !ruby/object:Gem::Version
|
|
161
|
-
version: '5'
|
|
162
138
|
description: The administration framework for Ruby on Rails.
|
|
163
139
|
email:
|
|
164
140
|
- deivid.rodriguez@riseup.net
|
|
@@ -331,7 +307,6 @@ files:
|
|
|
331
307
|
- lib/active_admin/controller_action.rb
|
|
332
308
|
- lib/active_admin/csv_builder.rb
|
|
333
309
|
- lib/active_admin/dependency.rb
|
|
334
|
-
- lib/active_admin/deprecation.rb
|
|
335
310
|
- lib/active_admin/devise.rb
|
|
336
311
|
- lib/active_admin/dsl.rb
|
|
337
312
|
- lib/active_admin/dynamic_setting.rb
|
|
@@ -522,7 +497,14 @@ homepage: https://activeadmin.info
|
|
|
522
497
|
licenses:
|
|
523
498
|
- MIT
|
|
524
499
|
metadata:
|
|
500
|
+
bug_tracker_uri: https://github.com/activeadmin/activeadmin/issues
|
|
501
|
+
changelog_uri: https://github.com/activeadmin/activeadmin/blob/master/CHANGELOG.md
|
|
502
|
+
documentation_uri: https://activeadmin.info
|
|
503
|
+
homepage_uri: https://activeadmin.info
|
|
504
|
+
mailing_list_uri: https://groups.google.com/group/activeadmin
|
|
525
505
|
rubygems_mfa_required: 'true'
|
|
506
|
+
source_code_uri: https://github.com/activeadmin/activeadmin
|
|
507
|
+
wiki_uri: https://github.com/activeadmin/activeadmin/wiki
|
|
526
508
|
post_install_message:
|
|
527
509
|
rdoc_options: []
|
|
528
510
|
require_paths:
|
|
@@ -538,7 +520,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
538
520
|
- !ruby/object:Gem::Version
|
|
539
521
|
version: '0'
|
|
540
522
|
requirements: []
|
|
541
|
-
rubygems_version: 3.4.
|
|
523
|
+
rubygems_version: 3.4.21
|
|
542
524
|
signing_key:
|
|
543
525
|
specification_version: 4
|
|
544
526
|
summary: Active Admin is a Ruby on Rails plugin for generating administration style
|