RubyGems - alchemy_cms - Versions diffs - 6.1.8 → 7.0.0.pre.a - Mend

alchemy_cms 6.1.8 → 7.0.0.pre.a

Files changed (246) hide show

data/app/views/alchemy/ingredients/_select_editor.html.erb CHANGED Viewed

@@ -12,7 +12,7 @@
       <%= warning(':select_values is nil',
       "<strong>No select values given.</strong>
       <br>Please provide <code>select_values</code> on the
-      content definition <code>settings</code> in
+      ingredient definition <code>settings</code> in
       <code>elements.yml</code>.") %>
     <% else %>
       <%
@@ -22,7 +22,7 @@
         options_tags = options_for_select(select_values, select_editor.value)
       end %>
       <%= f.select :value, options_tags, {}, {
-        id: nil,
+        id: select_editor.form_field_id,
         class: ["alchemy_selectbox", "ingredient-editor-select"]
       } %>
     <% end %>

data/app/views/alchemy/ingredients/_text_editor.html.erb CHANGED Viewed

@@ -7,7 +7,7 @@
     <%= ingredient_label(text_editor) %>
     <%= f.text_field :value,
       class: text_editor.settings[:linkable] ? "text_with_icon" : "",
-      id: nil,
+      id: text_editor.form_field_id,
       type: text_editor.settings[:input_type] || "text" %>
     <% if text_editor.settings[:anchor] %>
       <%= render "alchemy/ingredients/shared/anchor", ingredient_editor: text_editor %>

data/app/views/alchemy/ingredients/shared/_link_tools.html.erb CHANGED Viewed

@@ -1,9 +1,9 @@
-<span class="linkable_essence_tools">
+<span class="ingredient_link_buttons">
   <%= link_to(
     render_icon(:link),
     '#',
     onclick: 'new Alchemy.LinkDialog(this).open(); return false;',
-    class: "icon_button#{ingredient_editor.linked? ? ' linked' : ''} link-essence",
+    class: "icon_button#{ingredient_editor.linked? ? ' linked' : ''} link-ingredient",
     "data-parent-selector": "[data-ingredient-id='#{ingredient_editor.id}']",
     title: Alchemy.t(:place_link),
     id: "edit_link_#{ingredient_editor.id}"
@@ -12,7 +12,7 @@
     render_icon(:unlink),
     '#',
     onclick: "return Alchemy.LinkDialog.removeLink(this, '[data-ingredient-id=\"#{ingredient_editor.id}\"]')",
-    class: "icon_button unlink-essence #{ingredient_editor.linked? ? 'linked' : 'disabled'}",
+    class: "icon_button unlink-ingredient #{ingredient_editor.linked? ? 'linked' : 'disabled'}",
     tabindex: ingredient_editor.linked? ? nil : '-1',
     'data-ingredient-id' => ingredient_editor.id,
     title: Alchemy.t(:unlink)

data/app/views/alchemy/pages/_meta_data.html.erb CHANGED Viewed

@@ -5,5 +5,4 @@
   <%= tag(:meta, name: 'robots', content: meta_robots) %>
   <%= tag(:meta, name: 'description', content: meta_description, lang: @page.language_code) if meta_description.present? %>
   <%= tag(:meta, name: 'keywords', content: meta_keywords, lang: @page.language_code) if meta_keywords.present? %>
-  <%= auto_discovery_link_tag(:rss, show_alchemy_page_url(@page, format: :rss)) if @page.contains_feed? %>
 <% end %>

data/app/views/layouts/alchemy/admin.html.erb CHANGED Viewed

@@ -36,7 +36,11 @@
     </script>
     <%= render 'alchemy/admin/partials/routes' %>
     <%= javascript_include_tag('alchemy/admin/all', 'data-turbolinks-track' => true) %>
-    <%= javascript_pack_tag('alchemy/admin') %>
+    <% if respond_to?(:javascript_pack_tag) %>
+      <%= javascript_pack_tag('alchemy/admin', 'data-turbolinks-track' => true, defer: true) %>
+    <% else %>
+      <%= javascript_include_tag('alchemy_admin', 'data-turbolinks-track' => true, defer: true) %>
+    <% end %>
     <%= yield :javascript_includes %>
   </head>
   <%= content_tag :body, id: 'alchemy', class: alchemy_body_class do %>

data/config/alchemy/config.yml CHANGED Viewed

@@ -66,9 +66,9 @@ items_per_page: 15
 #
 # Example:
 # - name: some_element
-#   contents:
-#   - name: some_picture
-#     type: EssencePicture
+#   ingredients:
+#   - role: some_picture
+#     type: Picture
 #     settings:
 #       hint: true
 #       crop: true  # turns on image cropping
@@ -82,7 +82,7 @@ items_per_page: 15
 #   preprocess_image_resize   [String]        # Use this option to resize images to the given size when they are uploaded to the image library. Downsizing example: '1000x1000>' (Default nil)
 #   image_output_format       [String]        # The global image output format setting. (Default +original+)
 #
-# NOTE: You can always override the output format in the settings of your Essence in elements.yml, I.E. {format: 'gif'}
+# NOTE: You can always override the output format in the settings of your ingredients in elements.yml, I.E. {format: 'gif'}
 #
 output_image_jpg_quality: 85
 preprocess_image_resize:
@@ -91,7 +91,7 @@ image_output_format: original
 # This is used by the seeder to create the default site.
 default_site:
   name: Default Site
-  host: '*'
+  host: "*"
 # This is the default language when seeding.
 default_language:
@@ -191,7 +191,7 @@ link_target_options: [blank]
 # === Format matchers
 #
 # Named aliases for regular expressions that can be used in various places.
-# The most common use case is the format validation of essences, or attribute validations of your individual models.
+# The most common use case is the format validation of ingredients, or attribute validations of your individual models.
 #
 # == Example:
 #

data/config/brakeman.ignore CHANGED Viewed

@@ -1,36 +1,5 @@
 {
   "ignored_warnings": [
-    {
-      "warning_type": "Cross-Site Scripting",
-      "warning_code": 2,
-      "fingerprint": "068b12d24047e2ece633115ba065ce46fc8c8a26827be7de2565ab721e1c2e82",
-      "check_name": "CrossSiteScripting",
-      "message": "Unescaped parameter value",
-      "file": "app/views/alchemy/admin/elements/update.js.erb",
-      "line": 21,
-      "link": "https://brakemanscanner.org/docs/warning_types/cross_site_scripting",
-      "code": "Element.find(params[:id]).ingredients_with_errors.map do\n \"[data-ingredient-id=\\\"#{ingredient.id}\\\"]\"\n end.join(\", \")",
-      "render_path": [
-        {
-          "type": "controller",
-          "class": "Alchemy::Admin::ElementsController",
-          "method": "update",
-          "line": 61,
-          "file": "app/controllers/alchemy/admin/elements_controller.rb",
-          "rendered": {
-            "name": "alchemy/admin/elements/update",
-            "file": "app/views/alchemy/admin/elements/update.js.erb"
-          }
-        }
-      ],
-      "location": {
-        "type": "template",
-        "template": "alchemy/admin/elements/update"
-      },
-      "user_input": "params[:id]",
-      "confidence": "Weak",
-      "note": ""
-    },
     {
       "warning_type": "File Access",
       "warning_code": 16,
@@ -49,6 +18,9 @@
       },
       "user_input": "params[:id]",
       "confidence": "Weak",
+      "cwe_id": [
+        22
+      ],
       "note": ""
     },
     {
@@ -69,6 +41,9 @@
       },
       "user_input": null,
       "confidence": "Medium",
+      "cwe_id": [
+        915
+      ],
       "note": "Because we actually can't know all attributes each inheriting controller supports, we permit all resource model params. It is adviced that all inheriting controllers implement this method and provide its own set of permitted attributes. As this all happens inside the password protected /admin namespace this can be considered a false positive."
     },
     {
@@ -86,7 +61,7 @@
           "type": "controller",
           "class": "Alchemy::Admin::ElementsController",
           "method": "fold",
-          "line": 102,
+          "line": 98,
           "file": "app/controllers/alchemy/admin/elements_controller.rb",
           "rendered": {
             "name": "alchemy/admin/elements/fold",
@@ -100,28 +75,11 @@
       },
       "user_input": "params[:id]",
       "confidence": "Weak",
+      "cwe_id": [
+        22
+      ],
       "note": ""
     },
-    {
-      "warning_type": "Mass Assignment",
-      "warning_code": 70,
-      "fingerprint": "4b4dc24a6f5251bc1a6851597dfcee39608a2932eb7f81a4a241c00fca8a3043",
-      "check_name": "MassAssignment",
-      "message": "Specify exact keys allowed for mass assignment instead of using `permit!` which allows any keys",
-      "file": "app/controllers/alchemy/admin/elements_controller.rb",
-      "line": 155,
-      "link": "https://brakemanscanner.org/docs/warning_types/mass_assignment/",
-      "code": "params.fetch(:contents, {}).permit!",
-      "render_path": null,
-      "location": {
-        "type": "method",
-        "class": "Alchemy::Admin::ElementsController",
-        "method": "contents_params"
-      },
-      "user_input": null,
-      "confidence": "Medium",
-      "note": "`Alchemy::Content` is a polymorphic association of any kind of model extending `Alchemy::Essence`. Since we can't know the attributes of all potential essences we need to permit all attributes. As this all happens inside the password protected /admin namespace this can be considered a false positive."
-    },
     {
       "warning_type": "Command Injection",
       "warning_code": 14,
@@ -129,7 +87,7 @@
       "check_name": "Execute",
       "message": "Possible command injection",
       "file": "lib/alchemy/upgrader.rb",
-      "line": 30,
+      "line": 33,
       "link": "https://brakemanscanner.org/docs/warning_types/command_injection/",
       "code": "`yarn add @alchemy_cms/admin@~#{Alchemy.version}`",
       "render_path": null,
@@ -140,6 +98,9 @@
       },
       "user_input": "Alchemy.version",
       "confidence": "Medium",
+      "cwe_id": [
+        77
+      ],
       "note": "The alchemy version is safe"
     },
     {
@@ -170,6 +131,9 @@
       },
       "user_input": "(Unresolved Model).new.url",
       "confidence": "Weak",
+      "cwe_id": [
+        79
+      ],
       "note": ""
     },
     {
@@ -190,6 +154,9 @@
       },
       "user_input": "params[:id]",
       "confidence": "Weak",
+      "cwe_id": [
+        22
+      ],
       "note": ""
     },
     {
@@ -207,7 +174,7 @@
           "type": "controller",
           "class": "Alchemy::Admin::ElementsController",
           "method": "index",
-          "line": 15,
+          "line": 16,
           "file": "app/controllers/alchemy/admin/elements_controller.rb",
           "rendered": {
             "name": "alchemy/admin/elements/index",
@@ -221,6 +188,9 @@
       },
       "user_input": "params[:page_version_id]",
       "confidence": "Weak",
+      "cwe_id": [
+        22
+      ],
       "note": ""
     },
     {
@@ -238,7 +208,7 @@
           "type": "controller",
           "class": "Alchemy::Admin::ElementsController",
           "method": "index",
-          "line": 15,
+          "line": 16,
           "file": "app/controllers/alchemy/admin/elements_controller.rb",
           "rendered": {
             "name": "alchemy/admin/elements/index",
@@ -252,6 +222,32 @@
       },
       "user_input": "params[:page_version_id]",
       "confidence": "Weak",
+      "cwe_id": [
+        22
+      ],
+      "note": ""
+    },
+    {
+      "warning_type": "Command Injection",
+      "warning_code": 14,
+      "fingerprint": "98ca8e77026312eaa7eec15ce26bfe45aa8dd0fcd38e4cff104cb9dffbde1733",
+      "check_name": "Execute",
+      "message": "Possible command injection",
+      "file": "lib/alchemy/upgrader.rb",
+      "line": 31,
+      "link": "https://brakemanscanner.org/docs/warning_types/command_injection/",
+      "code": "`bin/importmap pin @alchemy_cms/admin@~#{Alchemy.version}`",
+      "render_path": null,
+      "location": {
+        "type": "method",
+        "class": "Alchemy::Upgrader",
+        "method": "update_npm_package"
+      },
+      "user_input": "Alchemy.version",
+      "confidence": "Medium",
+      "cwe_id": [
+        77
+      ],
       "note": ""
     },
     {
@@ -272,9 +268,12 @@
       },
       "user_input": "params[:id]",
       "confidence": "Weak",
+      "cwe_id": [
+        22
+      ],
       "note": ""
     }
   ],
-  "updated": "2021-10-26 21:44:59 +0200",
-  "brakeman_version": "5.1.1"
+  "updated": "2023-01-31 19:16:48 +0100",
+  "brakeman_version": "5.4.0"
 }