activeadmin 3.1.0 → 3.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +21 -0
- data/lib/active_admin/csv_builder.rb +23 -2
- data/lib/active_admin/filters/forms.rb +1 -1
- data/lib/active_admin/filters/formtastic_addons.rb +1 -1
- data/lib/active_admin/inputs/filters/select_input.rb +2 -0
- data/lib/active_admin/menu.rb +1 -0
- data/lib/active_admin/version.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 500a0615ecf1635299471dcbc309082815a82d24f03528b7c5926c4a5449fb64
|
4
|
+
data.tar.gz: 7ee23a9a3f4658eef536dec2032b40a9d60b054272a09b5e5a833ee51fae4430
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 62b6e4f0a45f0d1d102dd3753de0fdddd4b661e6f53af9caebf37fcdda1924e769ed932027f517147f0db2e0c9724bcff49ca5640130a524ae48701c3ae1551b
|
7
|
+
data.tar.gz: eb0a26b263ed3cb17e8157581ac30a182467649b622807a4af9fccc2618ddb6b392307e4ec16abca591ed6f3b039c451868c7d9a6869ea89de68893672962455
|
data/CHANGELOG.md
CHANGED
@@ -2,6 +2,22 @@
|
|
2
2
|
|
3
3
|
## Unreleased
|
4
4
|
|
5
|
+
## 3.2.0 [☰](https://github.com/activeadmin/activeadmin/compare/v3.1.0..v3.2.0)
|
6
|
+
|
7
|
+
### Security Fixes
|
8
|
+
|
9
|
+
* Backport protect against CSV Injection. [#8167] by [@mgrunberg]
|
10
|
+
|
11
|
+
### Enhancements
|
12
|
+
|
13
|
+
* Backport support citext column type in string filter. [#8165] by [@mgrunberg]
|
14
|
+
* Backport provide detail in DB statement timeout error for filters. [#8163] by [@mgrunberg]
|
15
|
+
|
16
|
+
### Bug Fixes
|
17
|
+
|
18
|
+
* Backport make sure menu creation does not modify menu options. [#8166] by [@mgrunberg]
|
19
|
+
* Backport ransack error with filters when ActiveStorage is used. [#8164] by [@mgrunberg]
|
20
|
+
|
5
21
|
## 3.1.0 [☰](https://github.com/activeadmin/activeadmin/compare/v3.0.0..v3.1.0)
|
6
22
|
|
7
23
|
### Enhancements
|
@@ -877,6 +893,11 @@ Please check [0-6-stable] for previous changes.
|
|
877
893
|
[#8102]: https://github.com/activeadmin/activeadmin/pull/8102
|
878
894
|
[#8105]: https://github.com/activeadmin/activeadmin/pull/8105
|
879
895
|
[#8106]: https://github.com/activeadmin/activeadmin/pull/8106
|
896
|
+
[#8163]: https://github.com/activeadmin/activeadmin/pull/8163
|
897
|
+
[#8164]: https://github.com/activeadmin/activeadmin/pull/8164
|
898
|
+
[#8165]: https://github.com/activeadmin/activeadmin/pull/8165
|
899
|
+
[#8166]: https://github.com/activeadmin/activeadmin/pull/8166
|
900
|
+
[#8167]: https://github.com/activeadmin/activeadmin/pull/8167
|
880
901
|
|
881
902
|
[@1000ship]: https://github.com/1000ship
|
882
903
|
[@5t111111]: https://github.com/5t111111
|
@@ -51,7 +51,7 @@ module ActiveAdmin
|
|
51
51
|
csv << bom if bom
|
52
52
|
|
53
53
|
if column_names
|
54
|
-
csv << CSV.generate_line(columns.map { |c| encode
|
54
|
+
csv << CSV.generate_line(columns.map { |c| sanitize(encode(c.name, options)) }, **csv_options)
|
55
55
|
end
|
56
56
|
|
57
57
|
controller.send(:in_paginated_batches) do |resource|
|
@@ -70,7 +70,7 @@ module ActiveAdmin
|
|
70
70
|
|
71
71
|
def build_row(resource, columns, options)
|
72
72
|
columns.map do |column|
|
73
|
-
encode
|
73
|
+
sanitize(encode(call_method_or_proc_on(resource, column.data), options))
|
74
74
|
end
|
75
75
|
end
|
76
76
|
|
@@ -86,6 +86,10 @@ module ActiveAdmin
|
|
86
86
|
end
|
87
87
|
end
|
88
88
|
|
89
|
+
def sanitize(content)
|
90
|
+
Sanitizer.sanitize(content)
|
91
|
+
end
|
92
|
+
|
89
93
|
def method_missing(method, *args, &block)
|
90
94
|
if @view_context.respond_to? method
|
91
95
|
@view_context.public_send method, *args, &block
|
@@ -120,4 +124,21 @@ module ActiveAdmin
|
|
120
124
|
@column_transitive_options ||= @options.slice(*COLUMN_TRANSITIVE_OPTIONS)
|
121
125
|
end
|
122
126
|
end
|
127
|
+
|
128
|
+
# Prevents CSV Injection according to https://owasp.org/www-community/attacks/CSV_Injection
|
129
|
+
module Sanitizer
|
130
|
+
extend self
|
131
|
+
|
132
|
+
ATTACK_CHARACTERS = ["=", "+", "-", "@", "\t", "\r"].freeze
|
133
|
+
|
134
|
+
def sanitize(value)
|
135
|
+
return "'#{value}" if require_sanitization?(value)
|
136
|
+
|
137
|
+
value
|
138
|
+
end
|
139
|
+
|
140
|
+
def require_sanitization?(value)
|
141
|
+
value.is_a?(String) && value.starts_with?(*ATTACK_CHARACTERS)
|
142
|
+
end
|
143
|
+
end
|
123
144
|
end
|
@@ -47,7 +47,7 @@ module ActiveAdmin
|
|
47
47
|
#
|
48
48
|
|
49
49
|
def searchable_has_many_through?
|
50
|
-
if reflection && reflection.options[:through]
|
50
|
+
if klass.ransackable_associations.include?(method.to_s) && reflection && reflection.options[:through]
|
51
51
|
reflection.through_reflection.klass.ransackable_attributes.include? reflection.foreign_key
|
52
52
|
else
|
53
53
|
false
|
data/lib/active_admin/menu.rb
CHANGED
@@ -48,6 +48,7 @@ module ActiveAdmin
|
|
48
48
|
# menu.add parent: 'Dashboard', label: 'My Child Dashboard'
|
49
49
|
#
|
50
50
|
def add(options)
|
51
|
+
options = options.dup # Make sure parameter is not modified
|
51
52
|
parent_chain = Array.wrap(options.delete(:parent))
|
52
53
|
|
53
54
|
item = if parent = parent_chain.shift
|
data/lib/active_admin/version.rb
CHANGED
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: activeadmin
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 3.
|
4
|
+
version: 3.2.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Charles Maresh
|
@@ -15,7 +15,7 @@ authors:
|
|
15
15
|
autorequire:
|
16
16
|
bindir: bin
|
17
17
|
cert_chain: []
|
18
|
-
date: 2023-
|
18
|
+
date: 2023-12-11 00:00:00.000000000 Z
|
19
19
|
dependencies:
|
20
20
|
- !ruby/object:Gem::Dependency
|
21
21
|
name: arbre
|
@@ -520,7 +520,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
520
520
|
- !ruby/object:Gem::Version
|
521
521
|
version: '0'
|
522
522
|
requirements: []
|
523
|
-
rubygems_version: 3.4.
|
523
|
+
rubygems_version: 3.4.21
|
524
524
|
signing_key:
|
525
525
|
specification_version: 4
|
526
526
|
summary: Active Admin is a Ruby on Rails plugin for generating administration style
|