alchemy_cms 7.2.6 → 7.2.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.


This version of alchemy_cms might be problematic. Click here for more details.

checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 5761f973ebc69f26df9000e33ac1116dd900943e4beca826a5cfda2951d4cc09
4
- data.tar.gz: '0242947c5e00faa5f006713192c28b35996b85202d7ea20557c3a05b56a0879a'
3
+ metadata.gz: 0fdef966fae65762629b97f68de454dba401b0343f2556db588e4c9d1fce72b9
4
+ data.tar.gz: 50457894d1edc86920364f92d283aca506aee9912f8709ad7adc627494852031
5
5
  SHA512:
6
- metadata.gz: ddc9484e053fcd6b359449737f3eac7b88def44eaaad1f1bf2f281e7f863829ad1a8fec8848911c2e888dbb66731c523dd53bf5ef1ef5ec55c56540cd5a66e96
7
- data.tar.gz: 9608c346894b1a9f36d9ffe62da010666405ae97320330921dfdfe5cebb1369cdbe63a77f06a8ef044b3370342a7d0b655c3e64231557b1ae2abf9554defebec
6
+ metadata.gz: 77adc60f06685b4259a1015439f6ab1c8e8772314050bf1de65e38fae047a4dae83bd607c2f95f88abaf4a273ddb245e4b23d4713a8c021c349403554394cf8b
7
+ data.tar.gz: 4c44fa0cc929f1eaecf86cb3b5d46ed6345627c408b00f5ea22cd037dd2308013118d439edb9815c6f67a5a5830ec279fdaf298f4f83d9bd5d504df82c9ab5b0
data/CHANGELOG.md CHANGED
@@ -1,5 +1,19 @@
1
1
  # Changelog
2
2
 
3
+ ## 7.2.8 (2025-01-24)
4
+
5
+ - [7.2-stable] fix attribute sorting across Ruby versions [#3162](https://github.com/AlchemyCMS/alchemy_cms/pull/3162) ([alchemycms-bot](https://github.com/alchemycms-bot))
6
+ - [7.2-stable] fix missing logger issue in github actions [#3157](https://github.com/AlchemyCMS/alchemy_cms/pull/3157) ([alchemycms-bot](https://github.com/alchemycms-bot))
7
+ - [7.2-stable] CI: Set workflow permissions [#3142](https://github.com/AlchemyCMS/alchemy_cms/pull/3142) ([tvdeyen](https://github.com/tvdeyen))
8
+ - [7.2-stable] Use safe redirect paths in admin redirects [#3136](https://github.com/AlchemyCMS/alchemy_cms/pull/3136) ([tvdeyen](https://github.com/tvdeyen))
9
+ - [7.2-stable] CI: Run actions on ubuntu-22.04 [#3125](https://github.com/AlchemyCMS/alchemy_cms/pull/3125) ([tvdeyen](https://github.com/tvdeyen))
10
+ - Fix tinymce fullscreen mode [#3101](https://github.com/AlchemyCMS/alchemy_cms/pull/3101) ([tvdeyen](https://github.com/tvdeyen))
11
+
12
+ ## 7.2.7 (2024-10-15)
13
+
14
+ - [7.2-stable] Fix filtering associated models by id [#3069](https://github.com/AlchemyCMS/alchemy_cms/pull/3069) ([tvdeyen](https://github.com/tvdeyen))
15
+ - [7.2-stable] Use alchemy_display_name for page actor names [#3030](https://github.com/AlchemyCMS/alchemy_cms/pull/3030) ([alchemycms-bot](https://github.com/alchemycms-bot))
16
+
3
17
  ## 7.2.6 (2024-09-04)
4
18
 
5
19
  - [7.2-stable] Set Alchemy::Page.current in Messages Controller [#3021](https://github.com/AlchemyCMS/alchemy_cms/pull/3021) ([tvdeyen](https://github.com/tvdeyen))
data/Gemfile CHANGED
@@ -32,6 +32,13 @@ group :development, :test do
32
32
  if rails_version == "7.1"
33
33
  gem "actioncable", "~> #{rails_version}.0"
34
34
  end
35
+
36
+ # concurrent-ruby v1.3.5 has removed the dependency on logger,
37
+ # effecting Rails 6.1 up to including 7.0.
38
+ # https://github.com/rails/rails/pull/54264
39
+ if ("6.1".to_f.."7.0".to_f).cover?(rails_version.to_f)
40
+ gem "concurrent-ruby", "< 1.3.5"
41
+ end
35
42
  else
36
43
  gem "launchy"
37
44
  gem "annotate"
@@ -59,3 +66,5 @@ end
59
66
  gem "web-console", "~> 4.2", group: :development
60
67
 
61
68
  gem "rails_live_reload", "~> 0.3.5"
69
+
70
+ gem "gem-release", "~> 2.2"
@@ -16,7 +16,7 @@
16
16
  }
17
17
 
18
18
  // Fix for Tinymce fullscreen window positioning issues (GH#1511)
19
- .mce-fullscreen & {
19
+ .tox-fullscreen & {
20
20
  width: calc(100vw - #{$collapsed-main-menu-width - $default-border-width});
21
21
  }
22
22
 
@@ -31,6 +31,27 @@ module Alchemy
31
31
 
32
32
  private
33
33
 
34
+ def safe_redirect_path(path = params[:redirect_to], fallback: admin_path)
35
+ if is_safe_redirect_path?(path)
36
+ path
37
+ elsif is_safe_redirect_path?(fallback)
38
+ fallback
39
+ else
40
+ admin_path
41
+ end
42
+ end
43
+
44
+ def is_safe_redirect_path?(path)
45
+ mount_path = alchemy.root_path
46
+ path.to_s.match? %r{^#{mount_path}admin/}
47
+ end
48
+
49
+ def relative_referer_path(referer = request.referer)
50
+ return unless referer
51
+
52
+ URI(referer).path
53
+ end
54
+
34
55
  # Disable layout rendering for xhr requests.
35
56
  def set_layout
36
57
  (request.xhr? || turbo_frame_request?) ? false : "alchemy/admin"
@@ -106,13 +127,16 @@ module Alchemy
106
127
 
107
128
  # Does redirects for html and js requests
108
129
  #
130
+ # Makes sure that the redirect path is safe.
131
+ #
109
132
  def do_redirect_to(url_or_path)
133
+ redirect_path = safe_redirect_path(url_or_path)
110
134
  respond_to do |format|
111
135
  format.js {
112
- @redirect_url = url_or_path
136
+ @redirect_url = redirect_path
113
137
  render :redirect
114
138
  }
115
- format.html { redirect_to url_or_path }
139
+ format.html { redirect_to redirect_path }
116
140
  end
117
141
  end
118
142
 
@@ -40,7 +40,7 @@ module Alchemy
40
40
  def switch
41
41
  @language = set_alchemy_language(params[:language_id])
42
42
  session[:alchemy_language_id] = @language.id
43
- do_redirect_to request.referer || alchemy.admin_dashboard_path
43
+ do_redirect_to relative_referer_path || alchemy.admin_dashboard_path
44
44
  end
45
45
 
46
46
  private
@@ -189,11 +189,7 @@ module Alchemy
189
189
  end
190
190
 
191
191
  def unlock_redirect_path
192
- if params[:redirect_to].to_s.match?(/\A\/admin\/(layout_)?pages/)
193
- params[:redirect_to]
194
- else
195
- admin_pages_path
196
- end
192
+ safe_redirect_path(fallback: admin_pages_path)
197
193
  end
198
194
 
199
195
  # Sets the page public and updates the published_at attribute that is used as cache_key
@@ -78,7 +78,7 @@ module Alchemy
78
78
  flash[:error] = resource_instance_variable.errors.full_messages.join(", ")
79
79
  end
80
80
  flash_notice_for_resource_action
81
- do_redirect_to resource_url_proxy.url_for(search_filter_params.merge(action: "index"))
81
+ do_redirect_to resource_url_proxy.url_for(search_filter_params.merge(action: "index", only_path: true))
82
82
  end
83
83
 
84
84
  def resource_handler
@@ -138,7 +138,7 @@ module Alchemy
138
138
  end
139
139
 
140
140
  def eligible_resource_filter_values
141
- resource_filters.map(&:values).flatten
141
+ resource_filters.map(&:values).flatten!.map!(&:to_s)
142
142
  end
143
143
 
144
144
  # Returns a translated +flash[:notice]+ for current controller action.
@@ -491,7 +491,7 @@ module Alchemy
491
491
  # does not respond to +#name+ it returns +'unknown'+
492
492
  #
493
493
  def creator_name
494
- creator.try(:name) || Alchemy.t("unknown")
494
+ creator.try(:alchemy_display_name) || Alchemy.t("unknown")
495
495
  end
496
496
 
497
497
  # Returns the name of the last updater of this page.
@@ -500,7 +500,7 @@ module Alchemy
500
500
  # does not respond to +#name+ it returns +'unknown'+
501
501
  #
502
502
  def updater_name
503
- updater.try(:name) || Alchemy.t("unknown")
503
+ updater.try(:alchemy_display_name) || Alchemy.t("unknown")
504
504
  end
505
505
 
506
506
  # Returns the name of the user currently editing this page.
@@ -509,7 +509,7 @@ module Alchemy
509
509
  # does not respond to +#name+ it returns +'unknown'+
510
510
  #
511
511
  def locker_name
512
- locker.try(:name) || Alchemy.t("unknown")
512
+ locker.try(:alchemy_display_name) || Alchemy.t("unknown")
513
513
  end
514
514
 
515
515
  # Key hint translations by page layout, rather than the default name.
@@ -102,11 +102,10 @@ module Alchemy
102
102
 
103
103
  # Show image cropping link for ingredient
104
104
  def allow_image_cropping?
105
- settings[:crop] && picture &&
106
- picture.can_be_cropped_to?(
107
- settings[:size],
108
- settings[:upsample]
109
- ) && !!picture.image_file
105
+ settings[:crop] && picture&.can_be_cropped_to?(
106
+ settings[:size],
107
+ settings[:upsample]
108
+ ) && !!picture.image_file
110
109
  end
111
110
 
112
111
  private
@@ -188,11 +188,21 @@ module Alchemy
188
188
  end
189
189
  end
190
190
 
191
+ # Returns a sorted array of attributes.
192
+ #
193
+ # Attribute called "name" comes first.
194
+ # Attribute called "updated_at" comes last.
195
+ # Boolean type attributes come after non-boolean attributes but before "updated_at".
196
+ #
191
197
  def sorted_attributes
192
- @_sorted_attributes ||= attributes
193
- .sort_by { |attr| (attr[:name] == "name") ? 0 : 1 }
194
- .sort_by! { |attr| (attr[:type] == :boolean) ? 1 : 0 }
195
- .sort_by! { |attr| (attr[:name] == "updated_at") ? 1 : 0 }
198
+ @_sorted_attributes ||= attributes.sort_by! do |attr|
199
+ [
200
+ (attr[:name] == "name") ? 0 : 1,
201
+ (attr[:name] == "updated_at") ? 3 : 2,
202
+ (attr[:type] == :boolean) ? 2 : 1,
203
+ attr[:name]
204
+ ]
205
+ end
196
206
  end
197
207
 
198
208
  def editable_attributes
@@ -1,7 +1,7 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Alchemy
4
- VERSION = "7.2.6"
4
+ VERSION = "7.2.8"
5
5
 
6
6
  def self.version
7
7
  VERSION
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: alchemy_cms
3
3
  version: !ruby/object:Gem::Version
4
- version: 7.2.6
4
+ version: 7.2.8
5
5
  platform: ruby
6
6
  authors:
7
7
  - Thomas von Deyen
@@ -10,10 +10,9 @@ authors:
10
10
  - Hendrik Mans
11
11
  - Carsten Fregin
12
12
  - Martin Meyerhoff
13
- autorequire:
14
13
  bindir: bin
15
14
  cert_chain: []
16
- date: 2024-09-04 00:00:00.000000000 Z
15
+ date: 2025-01-24 00:00:00.000000000 Z
17
16
  dependencies:
18
17
  - !ruby/object:Gem::Dependency
19
18
  name: actionmailer
@@ -1432,8 +1431,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
1432
1431
  version: '0'
1433
1432
  requirements:
1434
1433
  - ImageMagick (libmagick), v6.6 or greater.
1435
- rubygems_version: 3.5.16
1436
- signing_key:
1434
+ rubygems_version: 3.6.3
1437
1435
  specification_version: 4
1438
1436
  summary: A powerful, userfriendly and flexible CMS for Rails
1439
1437
  test_files: []