adva 0.1.3 → 0.2.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (252) hide show
  1. checksums.yaml +4 -4
  2. data/adva.gemspec +3 -0
  3. data/app/assets/config/manifest.js +6 -0
  4. data/app/assets/javascripts/adva_cms/ckeditor.js.erb +12 -0
  5. data/app/assets/javascripts/adva_cms/concat_main_menus.js +13 -0
  6. data/app/assets/javascripts/adva_cms/jquery.table_tree.js +704 -0
  7. data/app/assets/javascripts/adva_cms.js +7 -0
  8. data/app/assets/javascripts/ckeditor/config.js.erb +94 -0
  9. data/app/assets/stylesheets/adva_cms/admin/common.scss +15 -1
  10. data/app/assets/stylesheets/adva_cms/admin/projection.scss +2 -5
  11. data/app/assets/stylesheets/adva_cms/admin/sidebar.scss +30 -9
  12. data/app/assets/stylesheets/adva_cms/admin.scss +1 -1
  13. data/app/controllers/admin/base_controller.rb +10 -24
  14. data/app/controllers/admin/page/articles_controller.rb +8 -27
  15. data/app/controllers/admin/page/categories_controller.rb +6 -9
  16. data/app/controllers/admin/page/links_controller.rb +6 -9
  17. data/app/controllers/admin/sections_controller.rb +7 -9
  18. data/app/controllers/admin/sites_controller.rb +9 -12
  19. data/app/controllers/admin/users_controller.rb +6 -9
  20. data/app/controllers/articles_controller.rb +30 -52
  21. data/app/controllers/base_controller.rb +8 -8
  22. data/app/controllers/password_controller.rb +3 -5
  23. data/app/controllers/session_controller.rb +3 -5
  24. data/app/helpers/activities_helper.rb +9 -20
  25. data/app/helpers/admin/base_helper.rb +4 -22
  26. data/app/helpers/base_helper.rb +1 -1
  27. data/app/helpers/content_helper.rb +7 -5
  28. data/app/helpers/resource_helper.rb +4 -5
  29. data/app/helpers/users_helper.rb +1 -1
  30. data/app/models/activity.rb +3 -0
  31. data/app/models/article.rb +0 -11
  32. data/app/models/category.rb +3 -3
  33. data/app/models/content.rb +10 -39
  34. data/app/models/link.rb +0 -1
  35. data/app/models/password_mailer.rb +6 -9
  36. data/app/models/section.rb +6 -7
  37. data/app/models/site.rb +0 -2
  38. data/app/models/user.rb +1 -2
  39. data/app/views/activity_notifier/new_content_notification.html.erb +5 -5
  40. data/app/views/admin/activities/_activities.html.erb +4 -4
  41. data/app/views/admin/activities/_comment.html.erb +21 -21
  42. data/app/views/admin/activities/_content.html.erb +4 -3
  43. data/app/views/admin/activities/_topic.html.erb +5 -5
  44. data/app/views/admin/install/confirmation.html.erb +3 -3
  45. data/app/views/admin/install/index.html.erb +14 -14
  46. data/app/views/admin/page/articles/_form.html.erb +28 -25
  47. data/app/views/admin/page/articles/_options.html.erb +3 -4
  48. data/app/views/admin/page/articles/edit.html.erb +3 -3
  49. data/app/views/admin/page/articles/new.html.erb +4 -4
  50. data/app/views/admin/page/categories/edit.html.erb +9 -9
  51. data/app/views/admin/page/categories/index.html.erb +16 -16
  52. data/app/views/admin/page/categories/new.html.erb +5 -3
  53. data/app/views/admin/page/contents/index.html.erb +3 -18
  54. data/app/views/admin/page/links/_form.html.erb +17 -17
  55. data/app/views/admin/page/links/_options.html.erb +16 -19
  56. data/app/views/admin/page/links/edit.html.erb +3 -3
  57. data/app/views/admin/page/links/new.html.erb +3 -3
  58. data/app/views/admin/sections/_form.html.haml +5 -5
  59. data/app/views/admin/sections/edit.html.haml +2 -2
  60. data/app/views/admin/sections/index.html.erb +18 -18
  61. data/app/views/admin/sections/new.html.erb +15 -13
  62. data/app/views/admin/sections/settings/_page.html.haml +4 -6
  63. data/app/views/admin/shared/_header.html.erb +5 -4
  64. data/app/views/admin/shared/_section_tree.html.erb +2 -2
  65. data/app/views/admin/sites/_email_notifications.html.erb +6 -7
  66. data/app/views/admin/sites/_form.html.erb +7 -7
  67. data/app/views/admin/sites/_recent_users.html.erb +4 -2
  68. data/app/views/admin/sites/_unapproved_comments.html.erb +1 -1
  69. data/app/views/admin/sites/index.html.erb +1 -1
  70. data/app/views/admin/sites/new.html.erb +2 -2
  71. data/app/views/admin/sites/show.html.erb +7 -8
  72. data/app/views/admin/users/edit.html.erb +1 -1
  73. data/app/views/admin/users/index.html.erb +10 -10
  74. data/app/views/admin/users/new.html.erb +1 -1
  75. data/app/views/admin/users/show.html.erb +7 -7
  76. data/app/views/layouts/admin.html.haml +3 -5
  77. data/app/views/layouts/login.html.erb +1 -1
  78. data/app/views/password/edit.html.erb +12 -5
  79. data/app/views/password/new.html.erb +7 -7
  80. data/app/views/password_mailer/reset_password_email.html.erb +21 -1
  81. data/app/views/password_mailer/updated_password_email.html.erb +3 -1
  82. data/app/views/session/new.html.erb +9 -9
  83. data/app/views/shared/_flash.html.erb +2 -2
  84. data/app/views/shared/_sidebar.html.erb +2 -2
  85. data/config/initializers/ckeditor.rb +61 -0
  86. data/config/initializers/menus.rb +1 -1
  87. data/config/initializers/time_format.rb +2 -0
  88. data/lib/adva/authenticate_user.rb +193 -0
  89. data/lib/{active_record → adva}/belongs_to_author.rb +4 -4
  90. data/lib/adva/event.rb +34 -0
  91. data/lib/adva/extensible_forms.rb +285 -0
  92. data/lib/{has_options.rb → adva/has_options.rb} +5 -7
  93. data/lib/adva/has_permalink.rb +36 -0
  94. data/lib/adva/version.rb +1 -1
  95. data/lib/adva.rb +10 -36
  96. data/lib/rails_ext/action_controller/event_helper.rb +1 -1
  97. data/lib/rails_ext.rb +0 -9
  98. data/vendor/gems/cacheable_flash/.gitignore +8 -0
  99. data/vendor/gems/cacheable_flash/Gemfile +8 -0
  100. data/vendor/gems/cacheable_flash/README.md +35 -0
  101. data/vendor/gems/cacheable_flash/Rakefile +4 -0
  102. data/vendor/gems/cacheable_flash/bin/console +15 -0
  103. data/vendor/gems/cacheable_flash/bin/setup +8 -0
  104. data/vendor/gems/cacheable_flash/cacheable_flash.gemspec +38 -0
  105. data/vendor/gems/cacheable_flash/lib/cacheable_flash/controller.rb +29 -0
  106. data/vendor/gems/cacheable_flash/lib/cacheable_flash/javascript.js +19 -0
  107. data/vendor/gems/cacheable_flash/lib/cacheable_flash/middleware.rb +30 -0
  108. data/vendor/gems/cacheable_flash/lib/cacheable_flash/version.rb +5 -0
  109. data/vendor/gems/cacheable_flash/lib/cacheable_flash.rb +12 -0
  110. data/vendor/gems/simple_taggable/lib/tag_list.rb +1 -1
  111. data/vendor/gems/tags/lib/menu.rb +1 -1
  112. data/vendor/gems/tags/lib/tags/tag.rb +1 -1
  113. metadata +72 -145
  114. data/app/assets/javascripts/adva_cms/admin/jquery.admin.js +0 -23
  115. data/app/assets/javascripts/adva_cms/admin/jquery.article.js +0 -22
  116. data/app/assets/javascripts/adva_cms/admin/jquery.cached_pages.js +0 -14
  117. data/app/assets/javascripts/adva_cms/admin/jquery.table_tree.js +0 -7
  118. data/app/assets/javascripts/adva_cms/application.js +0 -13
  119. data/app/assets/javascripts/adva_cms/base.js +0 -4
  120. data/app/assets/javascripts/adva_cms/cookie.js +0 -49
  121. data/app/assets/javascripts/adva_cms/jquery/jquery-lowpro.js +0 -224
  122. data/app/assets/javascripts/adva_cms/jquery/jquery.qtip.js +0 -2085
  123. data/app/assets/javascripts/adva_cms/jquery/jquery.table_tree.js +0 -307
  124. data/app/assets/javascripts/adva_cms/jquery/jquery.tablednd_0_5.js +0 -386
  125. data/app/assets/javascripts/adva_cms/jquery.common.js +0 -41
  126. data/app/assets/javascripts/adva_cms/jquery.dates.js +0 -51
  127. data/app/assets/javascripts/adva_cms/jquery.flash.js +0 -59
  128. data/app/assets/javascripts/adva_cms/jquery.roles.js +0 -25
  129. data/app/assets/javascripts/adva_cms/json.js +0 -139
  130. data/app/controllers/admin/base_account_controller.rb +0 -13
  131. data/app/controllers/admin/install_controller.rb +0 -61
  132. data/app/controllers/admin/plugins_controller.rb +0 -38
  133. data/app/helpers/meta_tags_helper.rb +0 -30
  134. data/app/models/account.rb +0 -7
  135. data/app/models/event.rb +0 -34
  136. data/app/views/admin/articles/_meta_tags.html.erb +0 -7
  137. data/app/views/admin/cached_pages/_filter.html.erb +0 -8
  138. data/app/views/admin/cached_pages/destroy.js.erb +0 -18
  139. data/app/views/admin/cached_pages/index.html.erb +0 -26
  140. data/app/views/admin/plugins/_form.html.erb +0 -11
  141. data/app/views/admin/plugins/index.html.erb +0 -16
  142. data/app/views/admin/plugins/show.html.erb +0 -43
  143. data/app/views/admin/shared/_language_select.html.erb +0 -6
  144. data/app/views/admin/shared/_section_summary.html.erb +0 -23
  145. data/app/views/admin/sites/_meta_tags.html.erb +0 -15
  146. data/app/views/layouts/default.html.erb +0 -38
  147. data/app/views/layouts/simple.html.erb +0 -22
  148. data/app/views/shared/_footer.html.erb +0 -4
  149. data/app/views/shared/messages/insufficient_permissions.html.erb +0 -4
  150. data/config/initializers/article.rb +0 -8
  151. data/config/initializers/has_options.rb +0 -2
  152. data/config/initializers/has_permalink.rb +0 -2
  153. data/config/initializers/site.rb +0 -8
  154. data/config/locales/en.yml +0 -1319
  155. data/lib/action_controller/authenticate_anonymous.rb +0 -69
  156. data/lib/action_controller/authenticate_user.rb +0 -203
  157. data/lib/core_ext.rb +0 -7
  158. data/lib/extensible_forms.rb +0 -284
  159. data/lib/has_permalink.rb +0 -33
  160. data/lib/login/helper_integration.rb +0 -11
  161. data/lib/login/mail_config.rb +0 -39
  162. data/lib/rails_ext/action_controller/cacheable_flash.rb +0 -30
  163. data/lib/rails_ext/action_controller/content_for_assignments.rb +0 -106
  164. data/lib/rails_ext/action_controller/page_caching.rb +0 -23
  165. data/lib/rails_ext/action_controller/responds_to_parent.rb +0 -46
  166. data/lib/rails_ext/active_record/exists.rb +0 -5
  167. data/lib/rails_ext/active_record/sti_instantiation.rb +0 -35
  168. data/lib/rails_ext/active_record/sticky_changes.rb +0 -30
  169. data/lib/rails_ext/railties/plugin.rb +0 -58
  170. data/lib/rails_ext/railties/plugin_configuration.rb +0 -72
  171. data/lib/registry.rb +0 -49
  172. data/lib/tasks/translation.rake +0 -69
  173. data/lib/time_hacks.rb +0 -57
  174. data/lib/webrat_patch.rb +0 -11
  175. data/test/meta_tags_test.rb +0 -42
  176. data/vendor/gems/has_counter/.gitignore +0 -17
  177. data/vendor/gems/has_counter/Gemfile +0 -4
  178. data/vendor/gems/has_counter/LICENSE +0 -22
  179. data/vendor/gems/has_counter/MIT-LICENSE +0 -20
  180. data/vendor/gems/has_counter/README.markdown +0 -64
  181. data/vendor/gems/has_counter/README.md +0 -29
  182. data/vendor/gems/has_counter/Rakefile +0 -2
  183. data/vendor/gems/has_counter/db/migrate/20080601194338_create_counters_table.rb.rb +0 -13
  184. data/vendor/gems/has_counter/has_counter.gemspec +0 -17
  185. data/vendor/gems/has_counter/lib/active_record/has_counter.rb +0 -67
  186. data/vendor/gems/has_counter/lib/counter.rb +0 -23
  187. data/vendor/gems/has_counter/lib/has_counter/version.rb +0 -3
  188. data/vendor/gems/has_counter/lib/has_counter.rb +0 -4
  189. data/vendor/gems/has_counter/spec/has_counter.sqlite3.db +0 -0
  190. data/vendor/gems/has_counter/spec/has_counter_spec.rb +0 -55
  191. data/vendor/gems/has_counter/spec/spec_helper.rb +0 -117
  192. data/vendor/gems/has_filter/.gitignore +0 -17
  193. data/vendor/gems/has_filter/Gemfile +0 -4
  194. data/vendor/gems/has_filter/LICENSE +0 -22
  195. data/vendor/gems/has_filter/README.md +0 -29
  196. data/vendor/gems/has_filter/Rakefile +0 -2
  197. data/vendor/gems/has_filter/app/assets/images/has_filter/filter_add.png +0 -0
  198. data/vendor/gems/has_filter/app/assets/images/has_filter/filter_button_left.png +0 -0
  199. data/vendor/gems/has_filter/app/assets/images/has_filter/filter_button_right.png +0 -0
  200. data/vendor/gems/has_filter/app/assets/images/has_filter/filter_remove.png +0 -0
  201. data/vendor/gems/has_filter/app/assets/javascripts/has_filter/filter.js +0 -35
  202. data/vendor/gems/has_filter/app/assets/javascripts/has_filter/jquery.filter.js +0 -23
  203. data/vendor/gems/has_filter/app/assets/stylesheets/has_filter/alternate/filter.scss +0 -102
  204. data/vendor/gems/has_filter/app/assets/stylesheets/has_filter/filter.scss +0 -100
  205. data/vendor/gems/has_filter/app/helpers/filter_helper.rb +0 -3
  206. data/vendor/gems/has_filter/has_filter.gemspec +0 -17
  207. data/vendor/gems/has_filter/init.rb +0 -3
  208. data/vendor/gems/has_filter/lib/has_filter/active_record/act_macro.rb +0 -102
  209. data/vendor/gems/has_filter/lib/has_filter/filter/base.rb +0 -67
  210. data/vendor/gems/has_filter/lib/has_filter/filter/categorized.rb +0 -24
  211. data/vendor/gems/has_filter/lib/has_filter/filter/chain.rb +0 -45
  212. data/vendor/gems/has_filter/lib/has_filter/filter/set.rb +0 -80
  213. data/vendor/gems/has_filter/lib/has_filter/filter/state.rb +0 -25
  214. data/vendor/gems/has_filter/lib/has_filter/filter/tagged.rb +0 -22
  215. data/vendor/gems/has_filter/lib/has_filter/filter/text.rb +0 -55
  216. data/vendor/gems/has_filter/lib/has_filter/filter.rb +0 -17
  217. data/vendor/gems/has_filter/lib/has_filter/version.rb +0 -3
  218. data/vendor/gems/has_filter/lib/has_filter.rb +0 -22
  219. data/vendor/gems/has_filter/test/db/setup.rb +0 -45
  220. data/vendor/gems/has_filter/test/db/test.sqlite3.db +0 -0
  221. data/vendor/gems/has_filter/test/fixtures.rb +0 -15
  222. data/vendor/gems/has_filter/test/has_filter/filter_chain_test.rb +0 -41
  223. data/vendor/gems/has_filter/test/has_filter/filter_scopes_test.rb +0 -102
  224. data/vendor/gems/has_filter/test/has_filter/filter_tags_test.rb +0 -113
  225. data/vendor/gems/has_filter/test/has_filter/integration.rb +0 -15
  226. data/vendor/gems/has_filter/test/has_filter/scopes_test.rb +0 -48
  227. data/vendor/gems/has_filter/test/log/test.log +0 -34346
  228. data/vendor/gems/has_filter/test/models.rb +0 -23
  229. data/vendor/gems/has_filter/test/templates/has_filter/test/index.html.erb +0 -5
  230. data/vendor/gems/has_filter/test/test_helper.rb +0 -66
  231. data/vendor/gems/xss_terminate/.gitignore +0 -17
  232. data/vendor/gems/xss_terminate/Gemfile +0 -4
  233. data/vendor/gems/xss_terminate/LICENSE +0 -22
  234. data/vendor/gems/xss_terminate/MIT-LICENSE +0 -20
  235. data/vendor/gems/xss_terminate/README +0 -94
  236. data/vendor/gems/xss_terminate/README.md +0 -29
  237. data/vendor/gems/xss_terminate/Rakefile +0 -23
  238. data/vendor/gems/xss_terminate/lib/html5lib_sanitize.rb +0 -2453
  239. data/vendor/gems/xss_terminate/lib/rails_sanitize.rb +0 -8
  240. data/vendor/gems/xss_terminate/lib/xss_terminate/version.rb +0 -3
  241. data/vendor/gems/xss_terminate/lib/xss_terminate.rb +0 -141
  242. data/vendor/gems/xss_terminate/tasks/xss_terminate_tasks.rake +0 -7
  243. data/vendor/gems/xss_terminate/test/models/comment.rb +0 -5
  244. data/vendor/gems/xss_terminate/test/models/entry.rb +0 -7
  245. data/vendor/gems/xss_terminate/test/models/message.rb +0 -3
  246. data/vendor/gems/xss_terminate/test/models/person.rb +0 -5
  247. data/vendor/gems/xss_terminate/test/models/review.rb +0 -5
  248. data/vendor/gems/xss_terminate/test/schema.rb +0 -34
  249. data/vendor/gems/xss_terminate/test/setup_test.rb +0 -16
  250. data/vendor/gems/xss_terminate/test/xss_terminate_test.rb +0 -50
  251. data/vendor/gems/xss_terminate/xss_terminate.gemspec +0 -17
  252. /data/lib/tasks/{adva_cms.rake → adva.rake} +0 -0
@@ -1,8 +0,0 @@
1
- # This class exists so including the Rails HTML sanitization helpers doesn't polute your models.
2
- class RailsSanitize
3
- include ActionView::Helpers::SanitizeHelper
4
-
5
- class << self
6
- include ActionView::Helpers::SanitizeHelper::ClassMethods
7
- end
8
- end
@@ -1,3 +0,0 @@
1
- module XssTerminate
2
- VERSION = "0.0.1"
3
- end
@@ -1,141 +0,0 @@
1
- # additions + refactorings:
2
- #
3
- # * allowed options to be passed as symbols (e.g. :sanitize => :body)
4
- # * added an escape_html filter that acts the same way as CGI::escapeHTML does
5
- # but leaves the & character unchanged (because that behaviour is not
6
- # idempotent and results in & in &amp; being escaped every time the filter
7
- # is applied)
8
- # * added explicit options to access the strip_tags and escape_html filters
9
- # * added an option :none to completely turn off sanitizing for a class
10
- # (useful e.g. for acts_as_versioned where versions don't need to be
11
- # refiltered)
12
- # * added an alias filters_attributes for xss_terminate (because this seems
13
- # like a more descriptive method name and more in line with the Rails naming
14
- # conventions)
15
- # * added a module level option :default_filter to allow users to select the
16
- # default filter
17
- # * added a module level option :untaint_after_find and an after_find hook
18
- # which untaints filtered attributes after the where retrieved from the
19
- # database (in order to integrate nicely with SafeERB).
20
- # * made :xss_terminate_options an superclass_delegating_reader in order to
21
- # fix things for cases where a model gets included before XssTerminate is
22
- # loaded
23
- # * changed the filter process to now work with Arrays and Hashes (i.e. the
24
- # ActiveRecord serializes feature)
25
- # * changed the filter process to directly access @attributes instead of
26
- # self[] (i.e. read/write_attribute) to circumvent any third-party additions
27
- # that hook in here
28
- # * renamed and refactored a bit more :)
29
-
30
- require "xss_terminate/version"
31
- require "rails_sanitize"
32
-
33
- module XssTerminate
34
- mattr_accessor :default_filter
35
- @@default_filter = :strip_tags
36
-
37
- mattr_accessor :untaint_after_find
38
- @@untaint_after_find = false
39
-
40
- mattr_accessor :sanitize_filters
41
- @@sanitize_filters = [:html5lib_sanitize, :sanitize, :strip_tags, :escape]
42
-
43
- def self.included(base)
44
- base.extend(ClassMethods)
45
- # sets up default of stripping tags for all fields
46
- # base.send(:xss_terminate)
47
- end
48
-
49
- module ClassMethods
50
- def xss_terminate(options = {})
51
- before_save :sanitize_attributes!
52
-
53
- class_attribute :xss_terminate_options
54
- self.xss_terminate_options = {}
55
-
56
- keys = [:except, *XssTerminate.sanitize_filters]
57
- options.assert_valid_keys :none, *keys
58
-
59
- keys.each do |key|
60
- option = options[key] || []
61
- self.xss_terminate_options[key] = option.is_a?(Array) ? option : [option]
62
- end
63
- self.xss_terminate_options[:none] = options[:none]
64
-
65
- include XssTerminate::InstanceMethods
66
- end
67
-
68
- alias :filters_attributes :xss_terminate
69
- end
70
-
71
- module InstanceMethods
72
- def after_find
73
- @attributes.each do |name, value|
74
- unless xss_terminate_options[:except].include?(name.to_sym)
75
- @attributes[name].untaint
76
- end
77
- end
78
- end
79
-
80
- def sanitize_attributes!
81
- # puts "sanitize attributes #{self.inspect}"
82
- return if xss_terminate_options[:none]
83
- select_attributes_to_sanitize.each do |attribute|
84
- filter = select_sanitize_filter(attribute)
85
- sanitize_attribute! filter, @attributes[attribute]
86
- end
87
- end
88
-
89
- def sanitize_attribute!(filter, value)
90
- case value
91
- when Array
92
- value.map{|v| sanitize_attribute!(filter, v) }
93
- when Hash
94
- value.each{|k, v| sanitize_attribute!(filter, v) }
95
- value
96
- when String
97
- # TODO is it safe to exclude frozen strings? this ran into an error
98
- # when with a polymorphic object_type attribute (User#save_roles)
99
- value.replace send(filter, value) unless value.frozen?
100
- when ActiveRecord::Base, Numeric, NilClass, TrueClass, FalseClass
101
- # nothing to sanitize
102
- else
103
- Rails.logger.warn "can't sanitize #{value.class.name} #{value.inspect}"
104
- end
105
- end
106
-
107
- def select_attributes_to_sanitize
108
- self.class.columns.select do |column|
109
- [:string, :text].include?(column.type) &&
110
- !xss_terminate_options[:except].include?(column.name.to_sym)
111
- end.map(&:name)
112
- end
113
-
114
- def select_sanitize_filter(attribute)
115
- XssTerminate.sanitize_filters.detect do |filter|
116
- xss_terminate_options[filter].include?(attribute.to_sym)
117
- end || XssTerminate.default_filter
118
- end
119
-
120
- def html5lib_sanitize(value)
121
- HTML5libSanitize.new.sanitize_html(value)
122
- end
123
-
124
- def sanitize(value)
125
- RailsSanitize.white_list_sanitizer.sanitize(value)
126
- end
127
-
128
- def strip_tags(value)
129
- RailsSanitize.full_sanitizer.sanitize(value)
130
- end
131
-
132
- # Can't use CGI::escapeHTML for this because it also escapes & to &amp;
133
- # which isn't idempotent (i.e. saving the same value multiple times would
134
- # cause the & in &amp; being escaped every time).
135
- def escape(value)
136
- replace = { '"' => '&quot;', '<' => '&lt;', '>' => '&gt;' }
137
- value.gsub(/["<>]/){|char| replace[char] }
138
- end
139
- end
140
- end
141
- ActiveRecord::Base.send :include, XssTerminate
@@ -1,7 +0,0 @@
1
- desc "Given MODELS=Foo,Bar,Baz find all instances in the DB and save to sanitize existing records"
2
- task :xss_terminate => :environment do
3
- models = ENV['MODELS'].split(',')
4
- models.each do |model|
5
- model.constantize.find(:all).map(&:save)
6
- end
7
- end
@@ -1,5 +0,0 @@
1
- # Commet uses the default: stripping tags fro all fields.
2
- class Comment < ActiveRecord::Base
3
- belongs_to :entry
4
- belongs_to :person
5
- end
@@ -1,7 +0,0 @@
1
- # Rails HTML sanitization on some fields
2
- class Entry < ActiveRecord::Base
3
- belongs_to :person
4
- has_many :comments
5
-
6
- xss_terminate :sanitize => [:body, :extended]
7
- end
@@ -1,3 +0,0 @@
1
- class Message < ActiveRecord::Base
2
- belongs_to :person
3
- end
@@ -1,5 +0,0 @@
1
- # This model excepts HTML sanitization on the name
2
- class Person < ActiveRecord::Base
3
- has_many :entries
4
- xss_terminate :except => [:name]
5
- end
@@ -1,5 +0,0 @@
1
- class Review < ActiveRecord::Base
2
- belongs_to :person
3
-
4
- xss_terminate :html5lib_sanitize => [:body, :extended]
5
- end
@@ -1,34 +0,0 @@
1
- ActiveRecord::Schema.define(:version => 0) do
2
- create_table :people, :force => true do |t|
3
- t.column :name, :string
4
- end
5
-
6
- create_table :entries, :force => true do |t|
7
- t.column :title, :string
8
- t.column :body, :text
9
- t.column :extended, :text
10
- t.column :person_id, :integer
11
- t.column :created_on, :datetime
12
- end
13
-
14
- create_table :comments, :force => true do |t|
15
- t.column :person_id, :integer
16
- t.column :title, :string
17
- t.column :body, :text
18
- t.column :created_on, :datetime
19
- end
20
-
21
- create_table :messages, :force => true do |t|
22
- t.column :person_id, :integer
23
- t.column :recipient_id, :integer
24
- t.column :body, :text
25
- end
26
-
27
- create_table :reviews, :force => true do |t|
28
- t.column :title, :string
29
- t.column :body, :text
30
- t.column :extended, :text
31
- t.column :person_id, :integer
32
- t.column :created_on, :datetime
33
- end
34
- end
@@ -1,16 +0,0 @@
1
- # borrowed from err who borrowed from topfunky who borrowed from...
2
-
3
- # set up test environment
4
- RAILS_ENV = 'test'
5
- require File.expand_path(File.join(File.dirname(__FILE__), '../../../../config/environment.rb'))
6
- require 'test/unit'
7
-
8
- # load test schema
9
- load(File.dirname(__FILE__) + "/schema.rb")
10
-
11
- # load test models
12
- require File.join(File.dirname(__FILE__), 'models/person')
13
- require File.join(File.dirname(__FILE__), 'models/entry')
14
- require File.join(File.dirname(__FILE__), 'models/comment')
15
- require File.join(File.dirname(__FILE__), 'models/message')
16
- require File.join(File.dirname(__FILE__), 'models/review')
@@ -1,50 +0,0 @@
1
- require File.join(File.dirname(__FILE__), 'setup_test')
2
-
3
- class XssTerminateTest < Test::Unit::TestCase
4
- def test_strip_tags_on_discovered_fields
5
- c = Comment.create!(:title => "<script>alert('xss in title')</script>",
6
- :body => "<script>alert('xss in body')</script>")
7
-
8
- assert_equal "alert('xss in title')", c.title
9
-
10
- assert_equal "alert('xss in body')", c.body
11
- end
12
-
13
- def test_rails_sanitization_on_specified_fields
14
- e = Entry.create!(:title => "<script>alert('xss in title')</script>",
15
- :body => "<script>alert('xss in body')</script>",
16
- :extended => "<script>alert('xss in extended')</script>",
17
- :person_id => 1)
18
-
19
- assert_equal [:body, :extended], e.xss_terminate_options[:sanitize]
20
-
21
- assert_equal "alert('xss in title')", e.title
22
-
23
- assert_equal "", e.body
24
-
25
- assert_equal "", e.extended
26
- end
27
-
28
- def test_excepting_specified_fields
29
- p = Person.create!(:name => "<strong>Mallory</strong>")
30
-
31
- assert_equal [:name], p.xss_terminate_options[:except]
32
-
33
- assert_equal "<strong>Mallory</strong>", p.name
34
- end
35
-
36
- def test_html5lib_sanitization_on_specified_fields
37
- r = Review.create!(:title => "<script>alert('xss in title')</script>",
38
- :body => "<script>alert('xss in body')</script>",
39
- :extended => "<script>alert('xss in extended')</script>",
40
- :person_id => 1)
41
-
42
- assert_equal [:body, :extended], r.xss_terminate_options[:html5lib_sanitize]
43
-
44
- assert_equal "alert('xss in title')", r.title
45
-
46
- assert_equal "&lt;script&gt;alert('xss in body')&lt;/script&gt;", r.body
47
-
48
- assert_equal "&lt;script&gt;alert('xss in extended')&lt;/script&gt;", r.extended
49
- end
50
- end
@@ -1,17 +0,0 @@
1
- # -*- encoding: utf-8 -*-
2
- require File.expand_path('../lib/xss_terminate/version', __FILE__)
3
-
4
- Gem::Specification.new do |gem|
5
- gem.authors = ["Micah Geisel"]
6
- gem.email = ["micah@botandrose.com"]
7
- gem.description = %q{TODO: Write a gem description}
8
- gem.summary = %q{TODO: Write a gem summary}
9
- gem.homepage = ""
10
-
11
- gem.files = `git ls-files`.split($\)
12
- gem.executables = gem.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
13
- gem.test_files = gem.files.grep(%r{^(test|spec|features)/})
14
- gem.name = "xss_terminate"
15
- gem.require_paths = ["lib"]
16
- gem.version = XssTerminate::VERSION
17
- end
File without changes