RubyGems - alchemy_cms - Versions diffs - 7.1.11 → 7.1.13 - Mend

alchemy_cms 7.1.11 → 7.1.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (16) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +15 -0
data/Gemfile +7 -0
data/app/assets/stylesheets/alchemy/elements.scss +1 -1
data/app/components/alchemy/ingredients/datetime_view.rb +3 -2
data/app/controllers/alchemy/admin/base_controller.rb +26 -2
data/app/controllers/alchemy/admin/languages_controller.rb +1 -1
data/app/controllers/alchemy/admin/pages_controller.rb +1 -5
data/app/controllers/alchemy/admin/resources_controller.rb +1 -1
data/app/models/alchemy/ingredients/datetime.rb +1 -1
data/app/models/alchemy/page.rb +3 -3
data/app/models/concerns/alchemy/picture_thumbnails.rb +4 -5
data/app/views/alchemy/ingredients/_datetime_editor.html.erb +2 -1
data/lib/alchemy/resource.rb +14 -4
data/lib/alchemy/version.rb +1 -1
metadata +3 -5

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 702711d3c433b8ebd8622cb94198dd6ca4d7ff094fb2fb7993ea8ce17ff4d3a5
-  data.tar.gz: cb45c9e7bbf2e9df285dea8e555aa90d96c330159f2604113fbf25389cdf6597
+  metadata.gz: 122b7507c58ee7984f2fe8e8bb25bdcbf66a3fea17f87e89524777f58d724044
+  data.tar.gz: c1907274004ecd5c562aa5e85b78cfa333e1703815f19b8f51df94e2536511db
 SHA512:
-  metadata.gz: 574b3bb7e42ce0fdeff179dd37bc19dab1b40038c7514701fe9ae425e8f48972f455030bf8aa735515a5d33fafe91ccbbe80919b751168857646b37745dbee88
-  data.tar.gz: 0dd7baa8ef36719a7b738083741ac81cd498a7826c5464207704e355471448142473409e5f219c7d1490a0018d7f00faa00db6724c4be60d7c99904c3fcab5a0
+  metadata.gz: 3ff38d23f4b1ceddbc62431d16065245ea5734681c9feecb56b09bf1d02d8656f35b673532db9ff717fbf99a45305e0b6295e20f9f6f2996fd0f1f98f440ce28
+  data.tar.gz: a3203ae19cb5c4e067d627f86cd1b24c6cb1a687eaeac211cd83bed14e1fc2af850218d8e17f8112356d8ccd54e000d5ca8d61d3eabc0699558c611c6b1aeee1

data/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,20 @@
 # Changelog
+## 7.1.13 (2025-01-24)
+- [7.1-stable] fix attribute sorting across Ruby versions [#3161](https://github.com/AlchemyCMS/alchemy_cms/pull/3161) ([alchemycms-bot](https://github.com/alchemycms-bot))
+- [7.1-stable] fix missing logger issue in github actions [#3156](https://github.com/AlchemyCMS/alchemy_cms/pull/3156) ([alchemycms-bot](https://github.com/alchemycms-bot))
+- [7.1-stable] CI: Set workflow permissions [#3143](https://github.com/AlchemyCMS/alchemy_cms/pull/3143) ([tvdeyen](https://github.com/tvdeyen))
+- [7.1-stable] Use safe redirect paths in admin redirects [#3135](https://github.com/AlchemyCMS/alchemy_cms/pull/3135) ([tvdeyen](https://github.com/tvdeyen))
+- [7.1-stable] CI: Run actions on ubuntu-22.04 [#3126](https://github.com/AlchemyCMS/alchemy_cms/pull/3126) ([tvdeyen](https://github.com/tvdeyen))
+- Fix tinymce fullscreen mode [#3102](https://github.com/AlchemyCMS/alchemy_cms/pull/3102) ([tvdeyen](https://github.com/tvdeyen))
+- [7.1-stable] Use alchemy_display_name for page actor names [#3029](https://github.com/AlchemyCMS/alchemy_cms/pull/3029) ([alchemycms-bot](https://github.com/alchemycms-bot))
+## 7.1.12 (2024-09-04)
+- [7.1-stable] Render Datetime ingredient in local time zone [#3018](https://github.com/AlchemyCMS/alchemy_cms/pull/3018) ([tvdeyen](https://github.com/tvdeyen))
+- [7.1-stable] Allow to set input_type on Datetime ingredient editor [#3015](https://github.com/AlchemyCMS/alchemy_cms/pull/3015) ([tvdeyen](https://github.com/tvdeyen))
 ## 7.1.11 (2024-08-10)
 - [7.1-stable] fix PictureEditor defaultCropSize [#2991](https://github.com/AlchemyCMS/alchemy_cms/pull/2991) ([alchemycms-bot](https://github.com/alchemycms-bot))

data/Gemfile CHANGED Viewed

@@ -31,6 +31,13 @@ group :development, :test do
     if rails_version == "7.1"
       gem "actioncable", "~> #{rails_version}.0"
     end
+    # concurrent-ruby v1.3.5 has removed the dependency on logger,
+    # effecting Rails 6.1 up to including 7.0.
+    # https://github.com/rails/rails/pull/54264
+    if ("6.1".to_f.."7.0".to_f).cover?(rails_version.to_f)
+      gem "concurrent-ruby", "< 1.3.5"
+    end
   else
     gem "launchy"
     gem "annotate"

data/app/assets/stylesheets/alchemy/elements.scss CHANGED Viewed

@@ -15,7 +15,7 @@
   }
   // Fix for Tinymce fullscreen window positioning issues (GH#1511)
-  .mce-fullscreen & {
+  .tox-fullscreen & {
     width: calc(100vw - #{$collapsed-main-menu-width - $default-border-width});
   }

data/app/components/alchemy/ingredients/datetime_view.rb CHANGED Viewed

@@ -11,10 +11,11 @@ module Alchemy
       end
       def call
+        datetime = ingredient.value.in_time_zone(Rails.application.config.time_zone)
         if date_format == "rfc822"
-          ingredient.value.to_s(:rfc822)
+          datetime.to_fs(:rfc822)
         else
-          ::I18n.l(ingredient.value, format: date_format)
+          ::I18n.l(datetime, format: date_format)
         end.html_safe
       end
     end

data/app/controllers/alchemy/admin/base_controller.rb CHANGED Viewed

@@ -31,6 +31,27 @@ module Alchemy
       private
+      def safe_redirect_path(path = params[:redirect_to], fallback: admin_path)
+        if is_safe_redirect_path?(path)
+          path
+        elsif is_safe_redirect_path?(fallback)
+          fallback
+        else
+          admin_path
+        end
+      end
+      def is_safe_redirect_path?(path)
+        mount_path = alchemy.root_path
+        path.to_s.match? %r{^#{mount_path}admin/}
+      end
+      def relative_referer_path(referer = request.referer)
+        return unless referer
+        URI(referer).path
+      end
       # Disable layout rendering for xhr requests.
       def set_layout
         request.xhr? ? false : "alchemy/admin"
@@ -106,13 +127,16 @@ module Alchemy
       # Does redirects for html and js requests
       #
+      # Makes sure that the redirect path is safe.
+      #
       def do_redirect_to(url_or_path)
+        redirect_path = safe_redirect_path(url_or_path)
         respond_to do |format|
           format.js {
-            @redirect_url = url_or_path
+            @redirect_url = redirect_path
             render :redirect
           }
-          format.html { redirect_to url_or_path }
+          format.html { redirect_to redirect_path }
         end
       end

data/app/controllers/alchemy/admin/languages_controller.rb CHANGED Viewed

@@ -40,7 +40,7 @@ module Alchemy
       def switch
         @language = set_alchemy_language(params[:language_id])
         session[:alchemy_language_id] = @language.id
-        do_redirect_to request.referer || alchemy.admin_dashboard_path
+        do_redirect_to relative_referer_path || alchemy.admin_dashboard_path
       end
       private

data/app/controllers/alchemy/admin/pages_controller.rb CHANGED Viewed

@@ -189,11 +189,7 @@ module Alchemy
       end
       def unlock_redirect_path
-        if params[:redirect_to].to_s.match?(/\A\/admin\/(layout_)?pages/)
-          params[:redirect_to]
-        else
-          admin_pages_path
-        end
+        safe_redirect_path(fallback: admin_pages_path)
       end
       # Sets the page public and updates the published_at attribute that is used as cache_key

data/app/controllers/alchemy/admin/resources_controller.rb CHANGED Viewed

@@ -78,7 +78,7 @@ module Alchemy
           flash[:error] = resource_instance_variable.errors.full_messages.join(", ")
         end
         flash_notice_for_resource_action
-        do_redirect_to resource_url_proxy.url_for(search_filter_params.merge(action: "index"))
+        do_redirect_to resource_url_proxy.url_for(search_filter_params.merge(action: "index", only_path: true))
       end
       def resource_handler

data/app/models/alchemy/ingredients/datetime.rb CHANGED Viewed

@@ -5,7 +5,7 @@ module Alchemy
     # A datetime value
     #
     class Datetime < Alchemy::Ingredient
-      allow_settings %i[date_format]
+      allow_settings %i[date_format input_type]
       def value
         ActiveRecord::Type::DateTime.new.cast(self[:value])

data/app/models/alchemy/page.rb CHANGED Viewed

@@ -506,7 +506,7 @@ module Alchemy
     # does not respond to +#name+ it returns +'unknown'+
     #
     def creator_name
-      creator.try(:name) || Alchemy.t("unknown")
+      creator.try(:alchemy_display_name) || Alchemy.t("unknown")
     end
     # Returns the name of the last updater of this page.
@@ -515,7 +515,7 @@ module Alchemy
     # does not respond to +#name+ it returns +'unknown'+
     #
     def updater_name
-      updater.try(:name) || Alchemy.t("unknown")
+      updater.try(:alchemy_display_name) || Alchemy.t("unknown")
     end
     # Returns the name of the user currently editing this page.
@@ -524,7 +524,7 @@ module Alchemy
     # does not respond to +#name+ it returns +'unknown'+
     #
     def locker_name
-      locker.try(:name) || Alchemy.t("unknown")
+      locker.try(:alchemy_display_name) || Alchemy.t("unknown")
     end
     # Key hint translations by page layout, rather than the default name.

data/app/models/concerns/alchemy/picture_thumbnails.rb CHANGED Viewed

@@ -102,11 +102,10 @@ module Alchemy
     # Show image cropping link for ingredient
     def allow_image_cropping?
-      settings[:crop] && picture &&
-        picture.can_be_cropped_to?(
-          settings[:size],
-          settings[:upsample]
-        ) && !!picture.image_file
+      settings[:crop] && picture&.can_be_cropped_to?(
+        settings[:size],
+        settings[:upsample]
+      ) && !!picture.image_file
     end
     private

data/app/views/alchemy/ingredients/_datetime_editor.html.erb CHANGED Viewed

@@ -7,7 +7,8 @@
       datetime_editor, :value, {
         name: datetime_editor.form_field_name,
         id: datetime_editor.form_field_id,
-        value: datetime_editor.value
+        value: datetime_editor.value,
+        type: datetime_editor.settings[:input_type]
       }
     ) %>
   <% end %>

data/lib/alchemy/resource.rb CHANGED Viewed

@@ -188,11 +188,21 @@ module Alchemy
       end
     end
+    # Returns a sorted array of attributes.
+    #
+    # Attribute called "name" comes first.
+    # Attribute called "updated_at" comes last.
+    # Boolean type attributes come after non-boolean attributes but before "updated_at".
+    #
     def sorted_attributes
-      @_sorted_attributes ||= attributes
-        .sort_by { |attr| (attr[:name] == "name") ? 0 : 1 }
-        .sort_by! { |attr| (attr[:type] == :boolean) ? 1 : 0 }
-        .sort_by! { |attr| (attr[:name] == "updated_at") ? 1 : 0 }
+      @_sorted_attributes ||= attributes.sort_by! do |attr|
+        [
+          (attr[:name] == "name") ? 0 : 1,
+          (attr[:name] == "updated_at") ? 3 : 2,
+          (attr[:type] == :boolean) ? 2 : 1,
+          attr[:name]
+        ]
+      end
     end
     def editable_attributes

data/lib/alchemy/version.rb CHANGED Viewed

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 module Alchemy
-  VERSION = "7.1.11"
+  VERSION = "7.1.13"
   def self.version
     VERSION

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: alchemy_cms
 version: !ruby/object:Gem::Version
-  version: 7.1.11
+  version: 7.1.13
 platform: ruby
 authors:
 - Thomas von Deyen
@@ -10,10 +10,9 @@ authors:
 - Hendrik Mans
 - Carsten Fregin
 - Martin Meyerhoff
-autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-08-10 00:00:00.000000000 Z
+date: 2025-01-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: actionmailer
@@ -1443,8 +1442,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements:
 - ImageMagick (libmagick), v6.6 or greater.
-rubygems_version: 3.5.11
-signing_key:
+rubygems_version: 3.6.3
 specification_version: 4
 summary: A powerful, userfriendly and flexible CMS for Rails
 test_files: []