activeadmin 3.1.0 → 3.2.1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of activeadmin might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CHANGELOG.md +30 -0
- data/lib/active_admin/csv_builder.rb +23 -2
- data/lib/active_admin/filters/forms.rb +1 -1
- data/lib/active_admin/filters/formtastic_addons.rb +1 -1
- data/lib/active_admin/inputs/filters/select_input.rb +2 -0
- data/lib/active_admin/menu.rb +1 -0
- data/lib/active_admin/version.rb +1 -1
- data/lib/generators/active_admin/install/templates/active_admin.rb.erb +1 -1
- metadata +17 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: ff095f14bad831f14bf12c3da9123bae3311d3c94815a73ef3b8ab67d1ca985a
|
4
|
+
data.tar.gz: 1adb7fa85d65339b74b8a0c1ef45c6ba9be9031a743e144d0edf452064e31083
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 54c3193a35539aeb1c6e094cdd7e03b335168116db76a8ab07eb5991de70cba0931d400840815014ee96bad801723fa628962924d3314e3aa855adebaa3d256d
|
7
|
+
data.tar.gz: 2f51a5be0b992925a0b8a77f62e68812ae19ea3d5666f2df514bbbf4b9a6ccb1c09639853878a8e02e4b9b59077f18ad3041642b6abc5ad8e39f0eec359d0db3
|
data/CHANGELOG.md
CHANGED
@@ -2,6 +2,29 @@
|
|
2
2
|
|
3
3
|
## Unreleased
|
4
4
|
|
5
|
+
## 3.2.1 [☰](https://github.com/activeadmin/activeadmin/compare/v3.2.0..v3.2.1)
|
6
|
+
|
7
|
+
### Enhancements
|
8
|
+
|
9
|
+
* Backport Suppress ruby 3.3 warning [#8310] by [@mgrunberg]
|
10
|
+
* Backport Recommend using target="_blank" instead of target="blank" [#8311] by [@mgrunberg]
|
11
|
+
|
12
|
+
## 3.2.0 [☰](https://github.com/activeadmin/activeadmin/compare/v3.1.0..v3.2.0)
|
13
|
+
|
14
|
+
### Security Fixes
|
15
|
+
|
16
|
+
* Backport protect against CSV Injection. [#8167] by [@mgrunberg]
|
17
|
+
|
18
|
+
### Enhancements
|
19
|
+
|
20
|
+
* Backport support citext column type in string filter. [#8165] by [@mgrunberg]
|
21
|
+
* Backport provide detail in DB statement timeout error for filters. [#8163] by [@mgrunberg]
|
22
|
+
|
23
|
+
### Bug Fixes
|
24
|
+
|
25
|
+
* Backport make sure menu creation does not modify menu options. [#8166] by [@mgrunberg]
|
26
|
+
* Backport ransack error with filters when ActiveStorage is used. [#8164] by [@mgrunberg]
|
27
|
+
|
5
28
|
## 3.1.0 [☰](https://github.com/activeadmin/activeadmin/compare/v3.0.0..v3.1.0)
|
6
29
|
|
7
30
|
### Enhancements
|
@@ -877,6 +900,13 @@ Please check [0-6-stable] for previous changes.
|
|
877
900
|
[#8102]: https://github.com/activeadmin/activeadmin/pull/8102
|
878
901
|
[#8105]: https://github.com/activeadmin/activeadmin/pull/8105
|
879
902
|
[#8106]: https://github.com/activeadmin/activeadmin/pull/8106
|
903
|
+
[#8163]: https://github.com/activeadmin/activeadmin/pull/8163
|
904
|
+
[#8164]: https://github.com/activeadmin/activeadmin/pull/8164
|
905
|
+
[#8165]: https://github.com/activeadmin/activeadmin/pull/8165
|
906
|
+
[#8166]: https://github.com/activeadmin/activeadmin/pull/8166
|
907
|
+
[#8167]: https://github.com/activeadmin/activeadmin/pull/8167
|
908
|
+
[#8310]: https://github.com/activeadmin/activeadmin/pull/8310
|
909
|
+
[#8311]: https://github.com/activeadmin/activeadmin/pull/8311
|
880
910
|
|
881
911
|
[@1000ship]: https://github.com/1000ship
|
882
912
|
[@5t111111]: https://github.com/5t111111
|
@@ -51,7 +51,7 @@ module ActiveAdmin
|
|
51
51
|
csv << bom if bom
|
52
52
|
|
53
53
|
if column_names
|
54
|
-
csv << CSV.generate_line(columns.map { |c| encode
|
54
|
+
csv << CSV.generate_line(columns.map { |c| sanitize(encode(c.name, options)) }, **csv_options)
|
55
55
|
end
|
56
56
|
|
57
57
|
controller.send(:in_paginated_batches) do |resource|
|
@@ -70,7 +70,7 @@ module ActiveAdmin
|
|
70
70
|
|
71
71
|
def build_row(resource, columns, options)
|
72
72
|
columns.map do |column|
|
73
|
-
encode
|
73
|
+
sanitize(encode(call_method_or_proc_on(resource, column.data), options))
|
74
74
|
end
|
75
75
|
end
|
76
76
|
|
@@ -86,6 +86,10 @@ module ActiveAdmin
|
|
86
86
|
end
|
87
87
|
end
|
88
88
|
|
89
|
+
def sanitize(content)
|
90
|
+
Sanitizer.sanitize(content)
|
91
|
+
end
|
92
|
+
|
89
93
|
def method_missing(method, *args, &block)
|
90
94
|
if @view_context.respond_to? method
|
91
95
|
@view_context.public_send method, *args, &block
|
@@ -120,4 +124,21 @@ module ActiveAdmin
|
|
120
124
|
@column_transitive_options ||= @options.slice(*COLUMN_TRANSITIVE_OPTIONS)
|
121
125
|
end
|
122
126
|
end
|
127
|
+
|
128
|
+
# Prevents CSV Injection according to https://owasp.org/www-community/attacks/CSV_Injection
|
129
|
+
module Sanitizer
|
130
|
+
extend self
|
131
|
+
|
132
|
+
ATTACK_CHARACTERS = ["=", "+", "-", "@", "\t", "\r"].freeze
|
133
|
+
|
134
|
+
def sanitize(value)
|
135
|
+
return "'#{value}" if require_sanitization?(value)
|
136
|
+
|
137
|
+
value
|
138
|
+
end
|
139
|
+
|
140
|
+
def require_sanitization?(value)
|
141
|
+
value.is_a?(String) && value.starts_with?(*ATTACK_CHARACTERS)
|
142
|
+
end
|
143
|
+
end
|
123
144
|
end
|
@@ -47,7 +47,7 @@ module ActiveAdmin
|
|
47
47
|
#
|
48
48
|
|
49
49
|
def searchable_has_many_through?
|
50
|
-
if reflection && reflection.options[:through]
|
50
|
+
if klass.ransackable_associations.include?(method.to_s) && reflection && reflection.options[:through]
|
51
51
|
reflection.through_reflection.klass.ransackable_attributes.include? reflection.foreign_key
|
52
52
|
else
|
53
53
|
false
|
data/lib/active_admin/menu.rb
CHANGED
@@ -48,6 +48,7 @@ module ActiveAdmin
|
|
48
48
|
# menu.add parent: 'Dashboard', label: 'My Child Dashboard'
|
49
49
|
#
|
50
50
|
def add(options)
|
51
|
+
options = options.dup # Make sure parameter is not modified
|
51
52
|
parent_chain = Array.wrap(options.delete(:parent))
|
52
53
|
|
53
54
|
item = if parent = parent_chain.shift
|
data/lib/active_admin/version.rb
CHANGED
@@ -258,7 +258,7 @@ ActiveAdmin.setup do |config|
|
|
258
258
|
#
|
259
259
|
# config.namespace :admin do |admin|
|
260
260
|
# admin.build_menu :default do |menu|
|
261
|
-
# menu.add label: "My Great Website", url: "http://www.mygreatwebsite.com", html_options: { target:
|
261
|
+
# menu.add label: "My Great Website", url: "http://www.mygreatwebsite.com", html_options: { target: "_blank" }
|
262
262
|
# end
|
263
263
|
# end
|
264
264
|
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: activeadmin
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 3.1
|
4
|
+
version: 3.2.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Charles Maresh
|
@@ -15,7 +15,7 @@ authors:
|
|
15
15
|
autorequire:
|
16
16
|
bindir: bin
|
17
17
|
cert_chain: []
|
18
|
-
date:
|
18
|
+
date: 2024-05-02 00:00:00.000000000 Z
|
19
19
|
dependencies:
|
20
20
|
- !ruby/object:Gem::Dependency
|
21
21
|
name: arbre
|
@@ -37,6 +37,20 @@ dependencies:
|
|
37
37
|
- - ">="
|
38
38
|
- !ruby/object:Gem::Version
|
39
39
|
version: 1.2.1
|
40
|
+
- !ruby/object:Gem::Dependency
|
41
|
+
name: csv
|
42
|
+
requirement: !ruby/object:Gem::Requirement
|
43
|
+
requirements:
|
44
|
+
- - ">="
|
45
|
+
- !ruby/object:Gem::Version
|
46
|
+
version: '0'
|
47
|
+
type: :runtime
|
48
|
+
prerelease: false
|
49
|
+
version_requirements: !ruby/object:Gem::Requirement
|
50
|
+
requirements:
|
51
|
+
- - ">="
|
52
|
+
- !ruby/object:Gem::Version
|
53
|
+
version: '0'
|
40
54
|
- !ruby/object:Gem::Dependency
|
41
55
|
name: formtastic
|
42
56
|
requirement: !ruby/object:Gem::Requirement
|
@@ -520,7 +534,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
520
534
|
- !ruby/object:Gem::Version
|
521
535
|
version: '0'
|
522
536
|
requirements: []
|
523
|
-
rubygems_version: 3.4.
|
537
|
+
rubygems_version: 3.4.19
|
524
538
|
signing_key:
|
525
539
|
specification_version: 4
|
526
540
|
summary: Active Admin is a Ruby on Rails plugin for generating administration style
|