alchemy_cms 6.0.0.pre.b4 → 6.0.0.pre.rc2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/workflows/brakeman-analysis.yml +46 -0
- data/.github/workflows/ci.yml +4 -3
- data/CHANGELOG.md +17 -0
- data/Gemfile +1 -1
- data/README.md +1 -1
- data/SECURITY.md +13 -0
- data/alchemy_cms.gemspec +1 -1
- data/app/assets/javascripts/alchemy/alchemy.link_dialog.js.coffee +7 -6
- data/app/controllers/alchemy/admin/elements_controller.rb +8 -4
- data/app/models/alchemy/element/presenters.rb +9 -2
- data/app/models/alchemy/ingredient.rb +0 -5
- data/lib/alchemy/test_support/shared_ingredient_examples.rb +0 -1
- data/lib/alchemy/version.rb +1 -1
- data/package.json +1 -1
- metadata +24 -21
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: aa6425ce6e3aa16df7d9df57ac4d098093cc6707f95856f4a7030204b82cb7b9
|
|
4
|
+
data.tar.gz: ea96e420624ff64d60dccaa6e9e425354f85aa47e2a8602a20799414adf37096
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 8842fb9afc57ca77301e7658c3b00ca96306d5de1eda7827ba114d8fa0501fb9d520416ba8e9d100b785c9555be4b0d8f277dde4b44124539c9a9dbe2756d0b7
|
|
7
|
+
data.tar.gz: d18b971bd54abf71a988e78751ce104d6ba7ea8ad24fd809cdc44e7c4564c65b4f777971819ca7df14ab23162dfeeb5c0ab5936f58097139277fd72fb22567f2
|
|
@@ -0,0 +1,46 @@
|
|
|
1
|
+
# This workflow integrates Brakeman with GitHub's Code Scanning feature
|
|
2
|
+
# Brakeman is a static analysis security vulnerability scanner for Ruby on Rails applications
|
|
3
|
+
|
|
4
|
+
name: Brakeman Scan
|
|
5
|
+
|
|
6
|
+
on:
|
|
7
|
+
push:
|
|
8
|
+
branches: [ main ]
|
|
9
|
+
pull_request:
|
|
10
|
+
# The branches below must be a subset of the branches above
|
|
11
|
+
branches: [ main ]
|
|
12
|
+
schedule:
|
|
13
|
+
- cron: '40 4 * * 2'
|
|
14
|
+
|
|
15
|
+
jobs:
|
|
16
|
+
brakeman-scan:
|
|
17
|
+
name: Brakeman Scan
|
|
18
|
+
runs-on: ubuntu-latest
|
|
19
|
+
steps:
|
|
20
|
+
# Checkout the repository to the GitHub Actions runner
|
|
21
|
+
- name: Checkout
|
|
22
|
+
uses: actions/checkout@v2
|
|
23
|
+
|
|
24
|
+
# Customize the ruby version depending on your needs
|
|
25
|
+
- name: Setup Ruby
|
|
26
|
+
uses: actions/setup-ruby@v1
|
|
27
|
+
with:
|
|
28
|
+
ruby-version: '2.7'
|
|
29
|
+
|
|
30
|
+
- name: Setup Brakeman
|
|
31
|
+
env:
|
|
32
|
+
BRAKEMAN_VERSION: '4.10' # SARIF support is provided in Brakeman version 4.10+
|
|
33
|
+
run: |
|
|
34
|
+
gem install brakeman --version $BRAKEMAN_VERSION
|
|
35
|
+
|
|
36
|
+
# Execute Brakeman CLI and generate a SARIF output with the security issues identified during the analysis
|
|
37
|
+
- name: Scan
|
|
38
|
+
continue-on-error: true
|
|
39
|
+
run: |
|
|
40
|
+
brakeman -f sarif -o output.sarif.json .
|
|
41
|
+
|
|
42
|
+
# Upload the SARIF file generated in the previous step
|
|
43
|
+
- name: Upload SARIF
|
|
44
|
+
uses: github/codeql-action/upload-sarif@v1
|
|
45
|
+
with:
|
|
46
|
+
sarif_file: output.sarif.json
|
data/.github/workflows/ci.yml
CHANGED
data/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,20 @@
|
|
|
1
|
+
## 6.0.0-rc2 (2021-10-13)
|
|
2
|
+
|
|
3
|
+
- Fix init link dialog if used in tinymce [#2200](https://github.com/AlchemyCMS/alchemy_cms/pull/2200) ([tvdeyen](https://github.com/tvdeyen))
|
|
4
|
+
|
|
5
|
+
## 6.0.0-rc1 (2021-09-12)
|
|
6
|
+
|
|
7
|
+
- Allow Rails 6.1 [#2047](https://github.com/AlchemyCMS/alchemy_cms/pull/2047) ([robinboening](https://github.com/robinboening))
|
|
8
|
+
|
|
9
|
+
## 6.0.0-b6 (2021-09-02)
|
|
10
|
+
|
|
11
|
+
- Fix element with ingredients preview text [#2187](https://github.com/AlchemyCMS/alchemy_cms/pull/2187) ([tvdeyen](https://github.com/tvdeyen))
|
|
12
|
+
- Do not validate element during toggle fold and create [#2186](https://github.com/AlchemyCMS/alchemy_cms/pull/2186) ([tvdeyen](https://github.com/tvdeyen))
|
|
13
|
+
## 6.0.0-b5 (2021-08-27)
|
|
14
|
+
|
|
15
|
+
- Remove spec that tests default data store value [#2184](https://github.com/AlchemyCMS/alchemy_cms/pull/2184) ([tvdeyen](https://github.com/tvdeyen))
|
|
16
|
+
- Remove data store accessor from ingredient base class [#2183](https://github.com/AlchemyCMS/alchemy_cms/pull/2183) ([tvdeyen](https://github.com/tvdeyen))
|
|
17
|
+
|
|
1
18
|
## 6.0.0-b4 (2021-08-27)
|
|
2
19
|
|
|
3
20
|
- Load custom Tinymce config for ingredients [#2182](https://github.com/AlchemyCMS/alchemy_cms/pull/2182) ([tvdeyen](https://github.com/tvdeyen))
|
data/Gemfile
CHANGED
data/README.md
CHANGED
|
@@ -18,7 +18,7 @@ Alchemy is an open source CMS engine written in Ruby on Rails.
|
|
|
18
18
|
|
|
19
19
|
Read more about Alchemy on the [website](https://alchemy-cms.com) and in the [guidelines](https://guides.alchemy-cms.com).
|
|
20
20
|
|
|
21
|
-
**CAUTION: This main branch is a development branch that *can* contain bugs. For productive environments you should use the [current Ruby gem version](https://rubygems.org/gems/alchemy_cms), or the [latest stable branch (5.
|
|
21
|
+
**CAUTION: This main branch is a development branch that *can* contain bugs. For productive environments you should use the [current Ruby gem version](https://rubygems.org/gems/alchemy_cms), or the [latest stable branch (5.2-stable)](https://github.com/AlchemyCMS/alchemy_cms/tree/5.2-stable).**
|
|
22
22
|
|
|
23
23
|
|
|
24
24
|
## ✅ Features
|
data/SECURITY.md
ADDED
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
# Security Policy
|
|
2
|
+
|
|
3
|
+
## Supported Versions
|
|
4
|
+
|
|
5
|
+
We support the current major and last minor version of the previous major version with security fixes.
|
|
6
|
+
|
|
7
|
+
## Reporting a Vulnerability
|
|
8
|
+
|
|
9
|
+
Please send a preferably encrypted email to hello@alchemy-cms.com
|
|
10
|
+
|
|
11
|
+
PGP public key finger print
|
|
12
|
+
|
|
13
|
+
52D3 2070 4BF3 E5C5 035C BC71 17E9 E620 A96B 4CE0
|
data/alchemy_cms.gemspec
CHANGED
|
@@ -29,7 +29,7 @@ Gem::Specification.new do |gem|
|
|
|
29
29
|
activesupport
|
|
30
30
|
railties
|
|
31
31
|
].each do |rails_gem|
|
|
32
|
-
gem.add_runtime_dependency rails_gem, [">= 6.0", "< 6.
|
|
32
|
+
gem.add_runtime_dependency rails_gem, [">= 6.0", "< 6.2"]
|
|
33
33
|
end
|
|
34
34
|
|
|
35
35
|
gem.add_runtime_dependency "active_model_serializers", ["~> 0.10.0"]
|
|
@@ -4,12 +4,13 @@
|
|
|
4
4
|
class window.Alchemy.LinkDialog extends Alchemy.Dialog
|
|
5
5
|
|
|
6
6
|
constructor: (@link_object) ->
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
7
|
+
if @link_object.dataset
|
|
8
|
+
parent_selector = @link_object.dataset.parentSelector
|
|
9
|
+
parent = document.querySelector(parent_selector)
|
|
10
|
+
@link_value_field = parent.querySelector("[data-link-value]")
|
|
11
|
+
@link_title_field = parent.querySelector("[data-link-title]")
|
|
12
|
+
@link_target_field = parent.querySelector("[data-link-target]")
|
|
13
|
+
@link_class_field = parent.querySelector("[data-link-class]")
|
|
13
14
|
@url = Alchemy.routes.link_admin_pages_path
|
|
14
15
|
@$link_object = $(@link_object)
|
|
15
16
|
@options =
|
|
@@ -32,14 +32,14 @@ module Alchemy
|
|
|
32
32
|
if @paste_from_clipboard = params[:paste_from_clipboard].present?
|
|
33
33
|
@element = paste_element_from_clipboard
|
|
34
34
|
else
|
|
35
|
-
@element = Element.
|
|
35
|
+
@element = Element.new(create_element_params)
|
|
36
36
|
end
|
|
37
37
|
if @page.definition["insert_elements_at"] == "top"
|
|
38
38
|
@insert_at_top = true
|
|
39
|
-
@element.
|
|
39
|
+
@element.position = 1
|
|
40
40
|
end
|
|
41
41
|
end
|
|
42
|
-
if @element.
|
|
42
|
+
if @element.save
|
|
43
43
|
render :create
|
|
44
44
|
else
|
|
45
45
|
@element.page_version = @page_version
|
|
@@ -91,10 +91,14 @@ module Alchemy
|
|
|
91
91
|
end
|
|
92
92
|
end
|
|
93
93
|
|
|
94
|
+
# Toggle fodls the element and persists the state in the db
|
|
95
|
+
#
|
|
96
|
+
# Ingredient validations might make the element invalid.
|
|
97
|
+
# In this case we are just toggling a UI state and do not care about the validations.
|
|
94
98
|
def fold
|
|
95
99
|
@page = @element.page
|
|
96
100
|
@element.folded = !@element.folded
|
|
97
|
-
@element.save
|
|
101
|
+
@element.save(validate: false)
|
|
98
102
|
end
|
|
99
103
|
|
|
100
104
|
private
|
|
@@ -99,12 +99,12 @@ module Alchemy
|
|
|
99
99
|
# The ingredient that's used for element's preview text.
|
|
100
100
|
#
|
|
101
101
|
# It tries to find one of element's ingredients that is defined +as_element_title+.
|
|
102
|
-
# Takes element's first ingredient if no ingredient is defined +as_element_title+.
|
|
102
|
+
# Takes element's first defined ingredient if no ingredient is defined +as_element_title+.
|
|
103
103
|
#
|
|
104
104
|
# @return (Alchemy::Ingredient)
|
|
105
105
|
#
|
|
106
106
|
def preview_ingredient
|
|
107
|
-
@_preview_ingredient ||= ingredients.detect(&:preview_ingredient?) ||
|
|
107
|
+
@_preview_ingredient ||= ingredients.detect(&:preview_ingredient?) || first_ingredient_by_definition
|
|
108
108
|
end
|
|
109
109
|
|
|
110
110
|
private
|
|
@@ -122,6 +122,13 @@ module Alchemy
|
|
|
122
122
|
def preview_text_from_preview_ingredient(maxlength)
|
|
123
123
|
preview_ingredient&.preview_text(maxlength)
|
|
124
124
|
end
|
|
125
|
+
|
|
126
|
+
def first_ingredient_by_definition
|
|
127
|
+
return if ingredient_definitions.empty?
|
|
128
|
+
|
|
129
|
+
role = ingredient_definitions.first["role"]
|
|
130
|
+
ingredients.detect { |ingredient| ingredient.role == role }
|
|
131
|
+
end
|
|
125
132
|
end
|
|
126
133
|
end
|
|
127
134
|
end
|
|
@@ -118,11 +118,6 @@ module Alchemy
|
|
|
118
118
|
value.to_s[0..maxlength - 1]
|
|
119
119
|
end
|
|
120
120
|
|
|
121
|
-
# Cross DB adapter data accessor that works
|
|
122
|
-
def data
|
|
123
|
-
@_data ||= (self[:data] || {}).with_indifferent_access
|
|
124
|
-
end
|
|
125
|
-
|
|
126
121
|
# The path to the view partial of the ingredient
|
|
127
122
|
# @return [String]
|
|
128
123
|
def to_partial_path
|
|
@@ -16,7 +16,6 @@ RSpec.shared_examples_for "an alchemy ingredient" do
|
|
|
16
16
|
it { is_expected.to belong_to(:related_object).optional }
|
|
17
17
|
it { is_expected.to validate_presence_of(:role) }
|
|
18
18
|
it { is_expected.to validate_presence_of(:type) }
|
|
19
|
-
it { expect(subject.data).to eq({}) }
|
|
20
19
|
|
|
21
20
|
describe "#settings" do
|
|
22
21
|
subject { ingredient.settings }
|
data/lib/alchemy/version.rb
CHANGED
data/package.json
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: alchemy_cms
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 6.0.0.pre.
|
|
4
|
+
version: 6.0.0.pre.rc2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Thomas von Deyen
|
|
@@ -10,10 +10,10 @@ authors:
|
|
|
10
10
|
- Hendrik Mans
|
|
11
11
|
- Carsten Fregin
|
|
12
12
|
- Martin Meyerhoff
|
|
13
|
-
autorequire:
|
|
13
|
+
autorequire:
|
|
14
14
|
bindir: bin
|
|
15
15
|
cert_chain: []
|
|
16
|
-
date: 2021-
|
|
16
|
+
date: 2021-10-13 00:00:00.000000000 Z
|
|
17
17
|
dependencies:
|
|
18
18
|
- !ruby/object:Gem::Dependency
|
|
19
19
|
name: actionmailer
|
|
@@ -24,7 +24,7 @@ dependencies:
|
|
|
24
24
|
version: '6.0'
|
|
25
25
|
- - "<"
|
|
26
26
|
- !ruby/object:Gem::Version
|
|
27
|
-
version: '6.
|
|
27
|
+
version: '6.2'
|
|
28
28
|
type: :runtime
|
|
29
29
|
prerelease: false
|
|
30
30
|
version_requirements: !ruby/object:Gem::Requirement
|
|
@@ -34,7 +34,7 @@ dependencies:
|
|
|
34
34
|
version: '6.0'
|
|
35
35
|
- - "<"
|
|
36
36
|
- !ruby/object:Gem::Version
|
|
37
|
-
version: '6.
|
|
37
|
+
version: '6.2'
|
|
38
38
|
- !ruby/object:Gem::Dependency
|
|
39
39
|
name: actionpack
|
|
40
40
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -44,7 +44,7 @@ dependencies:
|
|
|
44
44
|
version: '6.0'
|
|
45
45
|
- - "<"
|
|
46
46
|
- !ruby/object:Gem::Version
|
|
47
|
-
version: '6.
|
|
47
|
+
version: '6.2'
|
|
48
48
|
type: :runtime
|
|
49
49
|
prerelease: false
|
|
50
50
|
version_requirements: !ruby/object:Gem::Requirement
|
|
@@ -54,7 +54,7 @@ dependencies:
|
|
|
54
54
|
version: '6.0'
|
|
55
55
|
- - "<"
|
|
56
56
|
- !ruby/object:Gem::Version
|
|
57
|
-
version: '6.
|
|
57
|
+
version: '6.2'
|
|
58
58
|
- !ruby/object:Gem::Dependency
|
|
59
59
|
name: actionview
|
|
60
60
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -64,7 +64,7 @@ dependencies:
|
|
|
64
64
|
version: '6.0'
|
|
65
65
|
- - "<"
|
|
66
66
|
- !ruby/object:Gem::Version
|
|
67
|
-
version: '6.
|
|
67
|
+
version: '6.2'
|
|
68
68
|
type: :runtime
|
|
69
69
|
prerelease: false
|
|
70
70
|
version_requirements: !ruby/object:Gem::Requirement
|
|
@@ -74,7 +74,7 @@ dependencies:
|
|
|
74
74
|
version: '6.0'
|
|
75
75
|
- - "<"
|
|
76
76
|
- !ruby/object:Gem::Version
|
|
77
|
-
version: '6.
|
|
77
|
+
version: '6.2'
|
|
78
78
|
- !ruby/object:Gem::Dependency
|
|
79
79
|
name: activejob
|
|
80
80
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -84,7 +84,7 @@ dependencies:
|
|
|
84
84
|
version: '6.0'
|
|
85
85
|
- - "<"
|
|
86
86
|
- !ruby/object:Gem::Version
|
|
87
|
-
version: '6.
|
|
87
|
+
version: '6.2'
|
|
88
88
|
type: :runtime
|
|
89
89
|
prerelease: false
|
|
90
90
|
version_requirements: !ruby/object:Gem::Requirement
|
|
@@ -94,7 +94,7 @@ dependencies:
|
|
|
94
94
|
version: '6.0'
|
|
95
95
|
- - "<"
|
|
96
96
|
- !ruby/object:Gem::Version
|
|
97
|
-
version: '6.
|
|
97
|
+
version: '6.2'
|
|
98
98
|
- !ruby/object:Gem::Dependency
|
|
99
99
|
name: activemodel
|
|
100
100
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -104,7 +104,7 @@ dependencies:
|
|
|
104
104
|
version: '6.0'
|
|
105
105
|
- - "<"
|
|
106
106
|
- !ruby/object:Gem::Version
|
|
107
|
-
version: '6.
|
|
107
|
+
version: '6.2'
|
|
108
108
|
type: :runtime
|
|
109
109
|
prerelease: false
|
|
110
110
|
version_requirements: !ruby/object:Gem::Requirement
|
|
@@ -114,7 +114,7 @@ dependencies:
|
|
|
114
114
|
version: '6.0'
|
|
115
115
|
- - "<"
|
|
116
116
|
- !ruby/object:Gem::Version
|
|
117
|
-
version: '6.
|
|
117
|
+
version: '6.2'
|
|
118
118
|
- !ruby/object:Gem::Dependency
|
|
119
119
|
name: activerecord
|
|
120
120
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -124,7 +124,7 @@ dependencies:
|
|
|
124
124
|
version: '6.0'
|
|
125
125
|
- - "<"
|
|
126
126
|
- !ruby/object:Gem::Version
|
|
127
|
-
version: '6.
|
|
127
|
+
version: '6.2'
|
|
128
128
|
type: :runtime
|
|
129
129
|
prerelease: false
|
|
130
130
|
version_requirements: !ruby/object:Gem::Requirement
|
|
@@ -134,7 +134,7 @@ dependencies:
|
|
|
134
134
|
version: '6.0'
|
|
135
135
|
- - "<"
|
|
136
136
|
- !ruby/object:Gem::Version
|
|
137
|
-
version: '6.
|
|
137
|
+
version: '6.2'
|
|
138
138
|
- !ruby/object:Gem::Dependency
|
|
139
139
|
name: activesupport
|
|
140
140
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -144,7 +144,7 @@ dependencies:
|
|
|
144
144
|
version: '6.0'
|
|
145
145
|
- - "<"
|
|
146
146
|
- !ruby/object:Gem::Version
|
|
147
|
-
version: '6.
|
|
147
|
+
version: '6.2'
|
|
148
148
|
type: :runtime
|
|
149
149
|
prerelease: false
|
|
150
150
|
version_requirements: !ruby/object:Gem::Requirement
|
|
@@ -154,7 +154,7 @@ dependencies:
|
|
|
154
154
|
version: '6.0'
|
|
155
155
|
- - "<"
|
|
156
156
|
- !ruby/object:Gem::Version
|
|
157
|
-
version: '6.
|
|
157
|
+
version: '6.2'
|
|
158
158
|
- !ruby/object:Gem::Dependency
|
|
159
159
|
name: railties
|
|
160
160
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -164,7 +164,7 @@ dependencies:
|
|
|
164
164
|
version: '6.0'
|
|
165
165
|
- - "<"
|
|
166
166
|
- !ruby/object:Gem::Version
|
|
167
|
-
version: '6.
|
|
167
|
+
version: '6.2'
|
|
168
168
|
type: :runtime
|
|
169
169
|
prerelease: false
|
|
170
170
|
version_requirements: !ruby/object:Gem::Requirement
|
|
@@ -174,7 +174,7 @@ dependencies:
|
|
|
174
174
|
version: '6.0'
|
|
175
175
|
- - "<"
|
|
176
176
|
- !ruby/object:Gem::Version
|
|
177
|
-
version: '6.
|
|
177
|
+
version: '6.2'
|
|
178
178
|
- !ruby/object:Gem::Dependency
|
|
179
179
|
name: active_model_serializers
|
|
180
180
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -724,6 +724,7 @@ files:
|
|
|
724
724
|
- ".github/ISSUE_TEMPLATE/Bug_report.md"
|
|
725
725
|
- ".github/ISSUE_TEMPLATE/Feature_request.md"
|
|
726
726
|
- ".github/PULL_REQUEST_TEMPLATE.md"
|
|
727
|
+
- ".github/workflows/brakeman-analysis.yml"
|
|
727
728
|
- ".github/workflows/ci.yml"
|
|
728
729
|
- ".github/workflows/stale.yml"
|
|
729
730
|
- ".gitignore"
|
|
@@ -739,6 +740,7 @@ files:
|
|
|
739
740
|
- LICENSE
|
|
740
741
|
- README.md
|
|
741
742
|
- Rakefile
|
|
743
|
+
- SECURITY.md
|
|
742
744
|
- alchemy_cms.gemspec
|
|
743
745
|
- app/assets/config/alchemy_manifest.js
|
|
744
746
|
- app/assets/images/alchemy/alchemy-logo.png
|
|
@@ -1516,8 +1518,9 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
1516
1518
|
version: 1.3.1
|
|
1517
1519
|
requirements:
|
|
1518
1520
|
- ImageMagick (libmagick), v6.6 or greater.
|
|
1519
|
-
rubygems_version: 3.
|
|
1520
|
-
signing_key:
|
|
1521
|
+
rubygems_version: 3.2.28
|
|
1522
|
+
signing_key:
|
|
1521
1523
|
specification_version: 4
|
|
1522
1524
|
summary: A powerful, userfriendly and flexible CMS for Rails
|
|
1523
1525
|
test_files: []
|
|
1526
|
+
...
|