alchemy_cms 7.0.15 → 7.0.16
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/workflows/brakeman-analysis.yml +13 -5
- data/.github/workflows/lint.yml +9 -2
- data/.github/workflows/stale.yml +5 -2
- data/.github/workflows/test.yml +13 -4
- data/CHANGELOG.md +9 -0
- data/Gemfile +7 -0
- data/app/controllers/alchemy/admin/base_controller.rb +26 -2
- data/app/controllers/alchemy/admin/languages_controller.rb +1 -1
- data/app/controllers/alchemy/admin/pages_controller.rb +5 -4
- data/app/controllers/alchemy/admin/resources_controller.rb +1 -1
- data/app/controllers/concerns/alchemy/site_redirects.rb +1 -1
- data/app/models/alchemy/page.rb +3 -3
- data/app/models/concerns/alchemy/picture_thumbnails.rb +4 -5
- data/lib/alchemy/version.rb +1 -1
- metadata +3 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: d20bda02db92caa55198f4cc360bafb972b868e742215f1b19ab83976215b230
|
|
4
|
+
data.tar.gz: ab901f120f7a3c2f0878fb03a25e2d2de8e68aff1cd9240c58994b903e9781b8
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: adb1fd6328915e0648e8b94b45f91e2fb1051fbcf6b33ebf26d75a9de52fd2479991c0cb40dc8cc6d7972214291d195765d9ddda0ddc13bb69a0794941d45fcb
|
|
7
|
+
data.tar.gz: 2c9c34c568de4ed7492aaaa5f05959023493eba2951776fd1bedbf22a8e4bed65ce9e7480c42a2767334edba0d469d0277d8ea6ad616493c18a55f51e4135d31
|
|
@@ -3,19 +3,27 @@
|
|
|
3
3
|
|
|
4
4
|
name: Brakeman Scan
|
|
5
5
|
|
|
6
|
+
concurrency:
|
|
7
|
+
group: brakeman-${{ github.ref_name }}
|
|
8
|
+
cancel-in-progress: ${{ github.ref_name != 'main' }}
|
|
9
|
+
|
|
10
|
+
permissions:
|
|
11
|
+
contents: read
|
|
12
|
+
security-events: write
|
|
13
|
+
|
|
6
14
|
on:
|
|
7
15
|
push:
|
|
8
|
-
branches:
|
|
16
|
+
branches:
|
|
17
|
+
- 7.0-stable
|
|
9
18
|
pull_request:
|
|
10
19
|
# The branches below must be a subset of the branches above
|
|
11
|
-
branches:
|
|
12
|
-
|
|
13
|
-
- cron: "40 4 * * 2"
|
|
20
|
+
branches:
|
|
21
|
+
- 7.0-stable
|
|
14
22
|
|
|
15
23
|
jobs:
|
|
16
24
|
brakeman-scan:
|
|
17
25
|
name: Brakeman Scan
|
|
18
|
-
runs-on: ubuntu-
|
|
26
|
+
runs-on: ubuntu-22.04
|
|
19
27
|
steps:
|
|
20
28
|
# Checkout the repository to the GitHub Actions runner
|
|
21
29
|
- name: Checkout
|
data/.github/workflows/lint.yml
CHANGED
|
@@ -2,9 +2,16 @@ name: Lint
|
|
|
2
2
|
|
|
3
3
|
on: [pull_request]
|
|
4
4
|
|
|
5
|
+
concurrency:
|
|
6
|
+
group: lint-${{ github.ref_name }}
|
|
7
|
+
cancel-in-progress: ${{ github.ref_name != 'main' }}
|
|
8
|
+
|
|
9
|
+
permissions:
|
|
10
|
+
contents: read
|
|
11
|
+
|
|
5
12
|
jobs:
|
|
6
13
|
Standard:
|
|
7
|
-
runs-on: ubuntu-
|
|
14
|
+
runs-on: ubuntu-22.04
|
|
8
15
|
steps:
|
|
9
16
|
- name: Checkout code
|
|
10
17
|
uses: actions/checkout@v3
|
|
@@ -16,7 +23,7 @@ jobs:
|
|
|
16
23
|
- name: Lint Ruby files
|
|
17
24
|
run: bundle exec standardrb
|
|
18
25
|
Prettier:
|
|
19
|
-
runs-on: ubuntu-
|
|
26
|
+
runs-on: ubuntu-22.04
|
|
20
27
|
steps:
|
|
21
28
|
- name: Checkout
|
|
22
29
|
uses: actions/checkout@v3
|
data/.github/workflows/stale.yml
CHANGED
data/.github/workflows/test.yml
CHANGED
|
@@ -1,10 +1,17 @@
|
|
|
1
1
|
name: Test
|
|
2
2
|
|
|
3
|
-
on:
|
|
3
|
+
on:
|
|
4
|
+
push:
|
|
5
|
+
branches:
|
|
6
|
+
- 7.0-stable
|
|
7
|
+
pull_request:
|
|
8
|
+
|
|
9
|
+
permissions:
|
|
10
|
+
contents: read
|
|
4
11
|
|
|
5
12
|
jobs:
|
|
6
13
|
RSpec:
|
|
7
|
-
runs-on: ubuntu-
|
|
14
|
+
runs-on: ubuntu-22.04
|
|
8
15
|
strategy:
|
|
9
16
|
fail-fast: false
|
|
10
17
|
matrix:
|
|
@@ -104,9 +111,11 @@ jobs:
|
|
|
104
111
|
if: failure()
|
|
105
112
|
with:
|
|
106
113
|
name: Screenshots
|
|
107
|
-
path:
|
|
114
|
+
path: |
|
|
115
|
+
spec/dummy/tmp/capybara
|
|
116
|
+
spec/dummy/tmp/screenshots
|
|
108
117
|
Jest:
|
|
109
|
-
runs-on: ubuntu-
|
|
118
|
+
runs-on: ubuntu-22.04
|
|
110
119
|
env:
|
|
111
120
|
NODE_ENV: test
|
|
112
121
|
steps:
|
data/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,14 @@
|
|
|
1
1
|
# Changelog
|
|
2
2
|
|
|
3
|
+
## 7.0.16 (2025-01-23)
|
|
4
|
+
|
|
5
|
+
- [7.0-stable] Allow redirecting to other host in site redirect [#3160](https://github.com/AlchemyCMS/alchemy_cms/pull/3160) ([alchemycms-bot](https://github.com/alchemycms-bot))
|
|
6
|
+
- [7.0-stable] fix missing logger issue in github actions [#3155](https://github.com/AlchemyCMS/alchemy_cms/pull/3155) ([alchemycms-bot](https://github.com/alchemycms-bot))
|
|
7
|
+
- [7.0-stable] CI: Set workflow permissions [#3144](https://github.com/AlchemyCMS/alchemy_cms/pull/3144) ([tvdeyen](https://github.com/tvdeyen))
|
|
8
|
+
- [7.0-stable] Use safe redirect paths in admin redirects [#3134](https://github.com/AlchemyCMS/alchemy_cms/pull/3134) ([tvdeyen](https://github.com/tvdeyen))
|
|
9
|
+
- [7.0-stable] CI: Run actions on ubuntu-22.04 [#3127](https://github.com/AlchemyCMS/alchemy_cms/pull/3127) ([tvdeyen](https://github.com/tvdeyen))
|
|
10
|
+
- [7.0-stable] Use alchemy_display_name for page actor names [#3028](https://github.com/AlchemyCMS/alchemy_cms/pull/3028) ([alchemycms-bot](https://github.com/alchemycms-bot))
|
|
11
|
+
|
|
3
12
|
## 7.0.15 (2024-09-04)
|
|
4
13
|
|
|
5
14
|
- [7.0-stable] Render Datetime ingredient in local time zone [#3017](https://github.com/AlchemyCMS/alchemy_cms/pull/3017) ([tvdeyen](https://github.com/tvdeyen))
|
data/Gemfile
CHANGED
|
@@ -32,6 +32,13 @@ group :development, :test do
|
|
|
32
32
|
if rails_version == "7.1"
|
|
33
33
|
gem "actioncable", "~> #{rails_version}.0"
|
|
34
34
|
end
|
|
35
|
+
|
|
36
|
+
# concurrent-ruby v1.3.5 has removed the dependency on logger,
|
|
37
|
+
# effecting Rails 6.1 up to including 7.0.
|
|
38
|
+
# https://github.com/rails/rails/pull/54264
|
|
39
|
+
if ("6.1".to_f.."7.0".to_f).cover?(rails_version.to_f)
|
|
40
|
+
gem "concurrent-ruby", "< 1.3.5"
|
|
41
|
+
end
|
|
35
42
|
else
|
|
36
43
|
gem "launchy"
|
|
37
44
|
gem "annotate"
|
|
@@ -31,6 +31,27 @@ module Alchemy
|
|
|
31
31
|
|
|
32
32
|
private
|
|
33
33
|
|
|
34
|
+
def safe_redirect_path(path = params[:redirect_to], fallback: admin_path)
|
|
35
|
+
if is_safe_redirect_path?(path)
|
|
36
|
+
path
|
|
37
|
+
elsif is_safe_redirect_path?(fallback)
|
|
38
|
+
fallback
|
|
39
|
+
else
|
|
40
|
+
admin_path
|
|
41
|
+
end
|
|
42
|
+
end
|
|
43
|
+
|
|
44
|
+
def is_safe_redirect_path?(path)
|
|
45
|
+
mount_path = alchemy.root_path
|
|
46
|
+
path.to_s.match? %r{^#{mount_path}admin/}
|
|
47
|
+
end
|
|
48
|
+
|
|
49
|
+
def relative_referer_path(referer = request.referer)
|
|
50
|
+
return unless referer
|
|
51
|
+
|
|
52
|
+
URI(referer).path
|
|
53
|
+
end
|
|
54
|
+
|
|
34
55
|
# Disable layout rendering for xhr requests.
|
|
35
56
|
def set_layout
|
|
36
57
|
request.xhr? ? false : "alchemy/admin"
|
|
@@ -107,13 +128,16 @@ module Alchemy
|
|
|
107
128
|
|
|
108
129
|
# Does redirects for html and js requests
|
|
109
130
|
#
|
|
131
|
+
# Makes sure that the redirect path is safe.
|
|
132
|
+
#
|
|
110
133
|
def do_redirect_to(url_or_path)
|
|
134
|
+
redirect_path = safe_redirect_path(url_or_path)
|
|
111
135
|
respond_to do |format|
|
|
112
136
|
format.js {
|
|
113
|
-
@redirect_url =
|
|
137
|
+
@redirect_url = redirect_path
|
|
114
138
|
render :redirect
|
|
115
139
|
}
|
|
116
|
-
format.html { redirect_to
|
|
140
|
+
format.html { redirect_to redirect_path }
|
|
117
141
|
end
|
|
118
142
|
end
|
|
119
143
|
|
|
@@ -40,7 +40,7 @@ module Alchemy
|
|
|
40
40
|
def switch
|
|
41
41
|
@language = set_alchemy_language(params[:language_id])
|
|
42
42
|
session[:alchemy_language_id] = @language.id
|
|
43
|
-
do_redirect_to
|
|
43
|
+
do_redirect_to relative_referer_path || alchemy.admin_dashboard_path
|
|
44
44
|
end
|
|
45
45
|
|
|
46
46
|
private
|
|
@@ -183,14 +183,15 @@ module Alchemy
|
|
|
183
183
|
respond_to do |format|
|
|
184
184
|
format.js
|
|
185
185
|
format.html do
|
|
186
|
-
redirect_to(
|
|
187
|
-
params[:redirect_to].presence || admin_pages_path,
|
|
188
|
-
allow_other_host: true
|
|
189
|
-
)
|
|
186
|
+
redirect_to(unlock_redirect_path, allow_other_host: true)
|
|
190
187
|
end
|
|
191
188
|
end
|
|
192
189
|
end
|
|
193
190
|
|
|
191
|
+
def unlock_redirect_path
|
|
192
|
+
safe_redirect_path(fallback: admin_pages_path)
|
|
193
|
+
end
|
|
194
|
+
|
|
194
195
|
# Sets the page public and updates the published_at attribute that is used as cache_key
|
|
195
196
|
#
|
|
196
197
|
def publish
|
|
@@ -78,7 +78,7 @@ module Alchemy
|
|
|
78
78
|
flash[:error] = resource_instance_variable.errors.full_messages.join(", ")
|
|
79
79
|
end
|
|
80
80
|
flash_notice_for_resource_action
|
|
81
|
-
do_redirect_to resource_url_proxy.url_for(search_filter_params.merge(action: "index"))
|
|
81
|
+
do_redirect_to resource_url_proxy.url_for(search_filter_params.merge(action: "index", only_path: true))
|
|
82
82
|
end
|
|
83
83
|
|
|
84
84
|
def resource_handler
|
|
@@ -12,7 +12,7 @@ module Alchemy
|
|
|
12
12
|
private
|
|
13
13
|
|
|
14
14
|
def enforce_primary_host_for_site
|
|
15
|
-
redirect_to url_for(host: current_alchemy_site.host), status: :moved_permanently
|
|
15
|
+
redirect_to url_for(host: current_alchemy_site.host), status: :moved_permanently, allow_other_host: true
|
|
16
16
|
end
|
|
17
17
|
|
|
18
18
|
def needs_redirect_to_primary_host?
|
data/app/models/alchemy/page.rb
CHANGED
|
@@ -546,7 +546,7 @@ module Alchemy
|
|
|
546
546
|
# does not respond to +#name+ it returns +'unknown'+
|
|
547
547
|
#
|
|
548
548
|
def creator_name
|
|
549
|
-
creator.try(:
|
|
549
|
+
creator.try(:alchemy_display_name) || Alchemy.t("unknown")
|
|
550
550
|
end
|
|
551
551
|
|
|
552
552
|
# Returns the name of the last updater of this page.
|
|
@@ -555,7 +555,7 @@ module Alchemy
|
|
|
555
555
|
# does not respond to +#name+ it returns +'unknown'+
|
|
556
556
|
#
|
|
557
557
|
def updater_name
|
|
558
|
-
updater.try(:
|
|
558
|
+
updater.try(:alchemy_display_name) || Alchemy.t("unknown")
|
|
559
559
|
end
|
|
560
560
|
|
|
561
561
|
# Returns the name of the user currently editing this page.
|
|
@@ -564,7 +564,7 @@ module Alchemy
|
|
|
564
564
|
# does not respond to +#name+ it returns +'unknown'+
|
|
565
565
|
#
|
|
566
566
|
def locker_name
|
|
567
|
-
locker.try(:
|
|
567
|
+
locker.try(:alchemy_display_name) || Alchemy.t("unknown")
|
|
568
568
|
end
|
|
569
569
|
|
|
570
570
|
# Key hint translations by page layout, rather than the default name.
|
|
@@ -102,11 +102,10 @@ module Alchemy
|
|
|
102
102
|
|
|
103
103
|
# Show image cropping link for ingredient
|
|
104
104
|
def allow_image_cropping?
|
|
105
|
-
settings[:crop] && picture
|
|
106
|
-
|
|
107
|
-
|
|
108
|
-
|
|
109
|
-
) && !!picture.image_file
|
|
105
|
+
settings[:crop] && picture&.can_be_cropped_to?(
|
|
106
|
+
settings[:size],
|
|
107
|
+
settings[:upsample]
|
|
108
|
+
) && !!picture.image_file
|
|
110
109
|
end
|
|
111
110
|
|
|
112
111
|
private
|
data/lib/alchemy/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: alchemy_cms
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 7.0.
|
|
4
|
+
version: 7.0.16
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Thomas von Deyen
|
|
@@ -10,10 +10,9 @@ authors:
|
|
|
10
10
|
- Hendrik Mans
|
|
11
11
|
- Carsten Fregin
|
|
12
12
|
- Martin Meyerhoff
|
|
13
|
-
autorequire:
|
|
14
13
|
bindir: bin
|
|
15
14
|
cert_chain: []
|
|
16
|
-
date:
|
|
15
|
+
date: 2025-01-23 00:00:00.000000000 Z
|
|
17
16
|
dependencies:
|
|
18
17
|
- !ruby/object:Gem::Dependency
|
|
19
18
|
name: actionmailer
|
|
@@ -1456,8 +1455,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
1456
1455
|
version: '0'
|
|
1457
1456
|
requirements:
|
|
1458
1457
|
- ImageMagick (libmagick), v6.6 or greater.
|
|
1459
|
-
rubygems_version: 3.
|
|
1460
|
-
signing_key:
|
|
1458
|
+
rubygems_version: 3.6.3
|
|
1461
1459
|
specification_version: 4
|
|
1462
1460
|
summary: A powerful, userfriendly and flexible CMS for Rails
|
|
1463
1461
|
test_files: []
|