activeadmin 3.1.0 → 3.2.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of activeadmin might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CHANGELOG.md +21 -0
- data/lib/active_admin/csv_builder.rb +23 -2
- data/lib/active_admin/filters/forms.rb +1 -1
- data/lib/active_admin/filters/formtastic_addons.rb +1 -1
- data/lib/active_admin/inputs/filters/select_input.rb +2 -0
- data/lib/active_admin/menu.rb +1 -0
- data/lib/active_admin/version.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 500a0615ecf1635299471dcbc309082815a82d24f03528b7c5926c4a5449fb64
|
4
|
+
data.tar.gz: 7ee23a9a3f4658eef536dec2032b40a9d60b054272a09b5e5a833ee51fae4430
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 62b6e4f0a45f0d1d102dd3753de0fdddd4b661e6f53af9caebf37fcdda1924e769ed932027f517147f0db2e0c9724bcff49ca5640130a524ae48701c3ae1551b
|
7
|
+
data.tar.gz: eb0a26b263ed3cb17e8157581ac30a182467649b622807a4af9fccc2618ddb6b392307e4ec16abca591ed6f3b039c451868c7d9a6869ea89de68893672962455
|
data/CHANGELOG.md
CHANGED
@@ -2,6 +2,22 @@
|
|
2
2
|
|
3
3
|
## Unreleased
|
4
4
|
|
5
|
+
## 3.2.0 [☰](https://github.com/activeadmin/activeadmin/compare/v3.1.0..v3.2.0)
|
6
|
+
|
7
|
+
### Security Fixes
|
8
|
+
|
9
|
+
* Backport protect against CSV Injection. [#8167] by [@mgrunberg]
|
10
|
+
|
11
|
+
### Enhancements
|
12
|
+
|
13
|
+
* Backport support citext column type in string filter. [#8165] by [@mgrunberg]
|
14
|
+
* Backport provide detail in DB statement timeout error for filters. [#8163] by [@mgrunberg]
|
15
|
+
|
16
|
+
### Bug Fixes
|
17
|
+
|
18
|
+
* Backport make sure menu creation does not modify menu options. [#8166] by [@mgrunberg]
|
19
|
+
* Backport ransack error with filters when ActiveStorage is used. [#8164] by [@mgrunberg]
|
20
|
+
|
5
21
|
## 3.1.0 [☰](https://github.com/activeadmin/activeadmin/compare/v3.0.0..v3.1.0)
|
6
22
|
|
7
23
|
### Enhancements
|
@@ -877,6 +893,11 @@ Please check [0-6-stable] for previous changes.
|
|
877
893
|
[#8102]: https://github.com/activeadmin/activeadmin/pull/8102
|
878
894
|
[#8105]: https://github.com/activeadmin/activeadmin/pull/8105
|
879
895
|
[#8106]: https://github.com/activeadmin/activeadmin/pull/8106
|
896
|
+
[#8163]: https://github.com/activeadmin/activeadmin/pull/8163
|
897
|
+
[#8164]: https://github.com/activeadmin/activeadmin/pull/8164
|
898
|
+
[#8165]: https://github.com/activeadmin/activeadmin/pull/8165
|
899
|
+
[#8166]: https://github.com/activeadmin/activeadmin/pull/8166
|
900
|
+
[#8167]: https://github.com/activeadmin/activeadmin/pull/8167
|
880
901
|
|
881
902
|
[@1000ship]: https://github.com/1000ship
|
882
903
|
[@5t111111]: https://github.com/5t111111
|
@@ -51,7 +51,7 @@ module ActiveAdmin
|
|
51
51
|
csv << bom if bom
|
52
52
|
|
53
53
|
if column_names
|
54
|
-
csv << CSV.generate_line(columns.map { |c| encode
|
54
|
+
csv << CSV.generate_line(columns.map { |c| sanitize(encode(c.name, options)) }, **csv_options)
|
55
55
|
end
|
56
56
|
|
57
57
|
controller.send(:in_paginated_batches) do |resource|
|
@@ -70,7 +70,7 @@ module ActiveAdmin
|
|
70
70
|
|
71
71
|
def build_row(resource, columns, options)
|
72
72
|
columns.map do |column|
|
73
|
-
encode
|
73
|
+
sanitize(encode(call_method_or_proc_on(resource, column.data), options))
|
74
74
|
end
|
75
75
|
end
|
76
76
|
|
@@ -86,6 +86,10 @@ module ActiveAdmin
|
|
86
86
|
end
|
87
87
|
end
|
88
88
|
|
89
|
+
def sanitize(content)
|
90
|
+
Sanitizer.sanitize(content)
|
91
|
+
end
|
92
|
+
|
89
93
|
def method_missing(method, *args, &block)
|
90
94
|
if @view_context.respond_to? method
|
91
95
|
@view_context.public_send method, *args, &block
|
@@ -120,4 +124,21 @@ module ActiveAdmin
|
|
120
124
|
@column_transitive_options ||= @options.slice(*COLUMN_TRANSITIVE_OPTIONS)
|
121
125
|
end
|
122
126
|
end
|
127
|
+
|
128
|
+
# Prevents CSV Injection according to https://owasp.org/www-community/attacks/CSV_Injection
|
129
|
+
module Sanitizer
|
130
|
+
extend self
|
131
|
+
|
132
|
+
ATTACK_CHARACTERS = ["=", "+", "-", "@", "\t", "\r"].freeze
|
133
|
+
|
134
|
+
def sanitize(value)
|
135
|
+
return "'#{value}" if require_sanitization?(value)
|
136
|
+
|
137
|
+
value
|
138
|
+
end
|
139
|
+
|
140
|
+
def require_sanitization?(value)
|
141
|
+
value.is_a?(String) && value.starts_with?(*ATTACK_CHARACTERS)
|
142
|
+
end
|
143
|
+
end
|
123
144
|
end
|
@@ -47,7 +47,7 @@ module ActiveAdmin
|
|
47
47
|
#
|
48
48
|
|
49
49
|
def searchable_has_many_through?
|
50
|
-
if reflection && reflection.options[:through]
|
50
|
+
if klass.ransackable_associations.include?(method.to_s) && reflection && reflection.options[:through]
|
51
51
|
reflection.through_reflection.klass.ransackable_attributes.include? reflection.foreign_key
|
52
52
|
else
|
53
53
|
false
|
data/lib/active_admin/menu.rb
CHANGED
@@ -48,6 +48,7 @@ module ActiveAdmin
|
|
48
48
|
# menu.add parent: 'Dashboard', label: 'My Child Dashboard'
|
49
49
|
#
|
50
50
|
def add(options)
|
51
|
+
options = options.dup # Make sure parameter is not modified
|
51
52
|
parent_chain = Array.wrap(options.delete(:parent))
|
52
53
|
|
53
54
|
item = if parent = parent_chain.shift
|
data/lib/active_admin/version.rb
CHANGED
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: activeadmin
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 3.
|
4
|
+
version: 3.2.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Charles Maresh
|
@@ -15,7 +15,7 @@ authors:
|
|
15
15
|
autorequire:
|
16
16
|
bindir: bin
|
17
17
|
cert_chain: []
|
18
|
-
date: 2023-
|
18
|
+
date: 2023-12-11 00:00:00.000000000 Z
|
19
19
|
dependencies:
|
20
20
|
- !ruby/object:Gem::Dependency
|
21
21
|
name: arbre
|
@@ -520,7 +520,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
520
520
|
- !ruby/object:Gem::Version
|
521
521
|
version: '0'
|
522
522
|
requirements: []
|
523
|
-
rubygems_version: 3.4.
|
523
|
+
rubygems_version: 3.4.21
|
524
524
|
signing_key:
|
525
525
|
specification_version: 4
|
526
526
|
summary: Active Admin is a Ruby on Rails plugin for generating administration style
|