alchemy_cms 7.2.7 → 7.2.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +15 -0
- data/Gemfile +9 -0
- data/app/assets/stylesheets/alchemy/elements.scss +1 -1
- data/app/components/alchemy/admin/link_dialog/internal_tab.rb +2 -1
- data/app/components/alchemy/ingredients/link_view.rb +7 -1
- data/app/components/alchemy/ingredients/picture_view.rb +5 -2
- data/app/components/alchemy/ingredients/text_view.rb +4 -1
- data/app/components/concerns/alchemy/ingredients/link_target.rb +18 -0
- data/app/controllers/alchemy/admin/base_controller.rb +26 -2
- data/app/controllers/alchemy/admin/languages_controller.rb +1 -1
- data/app/controllers/alchemy/admin/pages_controller.rb +1 -5
- data/app/controllers/alchemy/admin/resources_controller.rb +1 -1
- data/app/models/concerns/alchemy/picture_thumbnails.rb +4 -5
- data/lib/alchemy/resource.rb +14 -4
- data/lib/alchemy/version.rb +1 -1
- metadata +4 -5
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: ca577f0e46713ddcda567834a14df89269d469c463d40b9ef45a94cb75c51d5c
|
4
|
+
data.tar.gz: 7f2697e309ebf31067618f09c84f6b41811bc3ea3764047e2d9cbb4a69c9e5d3
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: f4060445469483578207a2e432bf9b63c4729e47eeb21ea6cc43a1019f677b2e699b531dcf3d56515c8ec599185e5ce2859d87ac12410cc7b600ffee344e1f1a
|
7
|
+
data.tar.gz: 364bd7003f899d43e2f3ee5023f62f8c49be6c572af6c2730f98ca612345e56f5656423ae0b950513c19028734fed908a398a4e5e52cdacfb198c0d7cd0de9cf
|
data/CHANGELOG.md
CHANGED
@@ -1,5 +1,20 @@
|
|
1
1
|
# Changelog
|
2
2
|
|
3
|
+
## 7.2.9 (2025-03-17)
|
4
|
+
|
5
|
+
- [7.2-stable] Fix link dialog for links with url scheme mailto [#3205](https://github.com/AlchemyCMS/alchemy_cms/pull/3205) ([alchemycms-bot](https://github.com/alchemycms-bot))
|
6
|
+
- [7.2-stable] CI: Use own script to check changes files [#3201](https://github.com/AlchemyCMS/alchemy_cms/pull/3201) ([tvdeyen](https://github.com/tvdeyen))
|
7
|
+
- [7.2-stable] Add rel="noopener noreferrer" to external links [#3184](https://github.com/AlchemyCMS/alchemy_cms/pull/3184) ([alchemycms-bot](https://github.com/alchemycms-bot))
|
8
|
+
|
9
|
+
## 7.2.8 (2025-01-24)
|
10
|
+
|
11
|
+
- [7.2-stable] fix attribute sorting across Ruby versions [#3162](https://github.com/AlchemyCMS/alchemy_cms/pull/3162) ([alchemycms-bot](https://github.com/alchemycms-bot))
|
12
|
+
- [7.2-stable] fix missing logger issue in github actions [#3157](https://github.com/AlchemyCMS/alchemy_cms/pull/3157) ([alchemycms-bot](https://github.com/alchemycms-bot))
|
13
|
+
- [7.2-stable] CI: Set workflow permissions [#3142](https://github.com/AlchemyCMS/alchemy_cms/pull/3142) ([tvdeyen](https://github.com/tvdeyen))
|
14
|
+
- [7.2-stable] Use safe redirect paths in admin redirects [#3136](https://github.com/AlchemyCMS/alchemy_cms/pull/3136) ([tvdeyen](https://github.com/tvdeyen))
|
15
|
+
- [7.2-stable] CI: Run actions on ubuntu-22.04 [#3125](https://github.com/AlchemyCMS/alchemy_cms/pull/3125) ([tvdeyen](https://github.com/tvdeyen))
|
16
|
+
- Fix tinymce fullscreen mode [#3101](https://github.com/AlchemyCMS/alchemy_cms/pull/3101) ([tvdeyen](https://github.com/tvdeyen))
|
17
|
+
|
3
18
|
## 7.2.7 (2024-10-15)
|
4
19
|
|
5
20
|
- [7.2-stable] Fix filtering associated models by id [#3069](https://github.com/AlchemyCMS/alchemy_cms/pull/3069) ([tvdeyen](https://github.com/tvdeyen))
|
data/Gemfile
CHANGED
@@ -32,6 +32,13 @@ group :development, :test do
|
|
32
32
|
if rails_version == "7.1"
|
33
33
|
gem "actioncable", "~> #{rails_version}.0"
|
34
34
|
end
|
35
|
+
|
36
|
+
# concurrent-ruby v1.3.5 has removed the dependency on logger,
|
37
|
+
# effecting Rails 6.1 up to including 7.0.
|
38
|
+
# https://github.com/rails/rails/pull/54264
|
39
|
+
if ("6.1".to_f.."7.0".to_f).cover?(rails_version.to_f)
|
40
|
+
gem "concurrent-ruby", "< 1.3.5"
|
41
|
+
end
|
35
42
|
else
|
36
43
|
gem "launchy"
|
37
44
|
gem "annotate"
|
@@ -59,3 +66,5 @@ end
|
|
59
66
|
gem "web-console", "~> 4.2", group: :development
|
60
67
|
|
61
68
|
gem "rails_live_reload", "~> 0.3.5"
|
69
|
+
|
70
|
+
gem "gem-release", "~> 2.2"
|
@@ -49,7 +49,8 @@ module Alchemy
|
|
49
49
|
end
|
50
50
|
|
51
51
|
def page_attributes
|
52
|
-
|
52
|
+
# uri.path might be nil if the protocol is mailto: or a similar scheme that cannot have paths
|
53
|
+
locale, urlname, _fragment = uri.path&.match(PAGE_URL_PATTERN)&.captures
|
53
54
|
|
54
55
|
if locale && urlname.present?
|
55
56
|
{language_code: locale, urlname: urlname}
|
@@ -1,6 +1,8 @@
|
|
1
1
|
module Alchemy
|
2
2
|
module Ingredients
|
3
3
|
class LinkView < BaseView
|
4
|
+
include LinkTarget
|
5
|
+
|
4
6
|
attr_reader :link_text
|
5
7
|
|
6
8
|
# @param ingredient [Alchemy::Ingredient]
|
@@ -12,7 +14,11 @@ module Alchemy
|
|
12
14
|
end
|
13
15
|
|
14
16
|
def call
|
15
|
-
|
17
|
+
target = ingredient.link_target.presence
|
18
|
+
link_to(link_text, value, {
|
19
|
+
target: link_target_value(target),
|
20
|
+
rel: link_rel_value(target)
|
21
|
+
}.merge(html_options)).html_safe
|
16
22
|
end
|
17
23
|
end
|
18
24
|
end
|
@@ -4,6 +4,8 @@ module Alchemy
|
|
4
4
|
module Ingredients
|
5
5
|
# Renders a picture ingredient view
|
6
6
|
class PictureView < BaseView
|
7
|
+
include LinkTarget
|
8
|
+
|
7
9
|
attr_reader :ingredient,
|
8
10
|
:show_caption,
|
9
11
|
:disable_link,
|
@@ -46,10 +48,11 @@ module Alchemy
|
|
46
48
|
output = caption ? img_tag + caption : img_tag
|
47
49
|
|
48
50
|
if is_linked?
|
51
|
+
target = ingredient.link_target.presence
|
49
52
|
output = link_to(output, url_for(ingredient.link), {
|
50
53
|
title: ingredient.link_title.presence,
|
51
|
-
|
52
|
-
|
54
|
+
rel: link_rel_value(target),
|
55
|
+
target: link_target_value(target)
|
53
56
|
})
|
54
57
|
end
|
55
58
|
|
@@ -1,6 +1,8 @@
|
|
1
1
|
module Alchemy
|
2
2
|
module Ingredients
|
3
3
|
class TextView < BaseView
|
4
|
+
include LinkTarget
|
5
|
+
|
4
6
|
attr_reader :disable_link
|
5
7
|
|
6
8
|
delegate :dom_id, :link, :link_title, :link_target,
|
@@ -21,7 +23,8 @@ module Alchemy
|
|
21
23
|
link_to(value, url_for(link), {
|
22
24
|
id: dom_id.presence,
|
23
25
|
title: link_title,
|
24
|
-
target: link_target
|
26
|
+
target: link_target_value(link_target),
|
27
|
+
rel: link_rel_value(link_target)
|
25
28
|
}.merge(html_options))
|
26
29
|
end.html_safe
|
27
30
|
end
|
@@ -0,0 +1,18 @@
|
|
1
|
+
module Alchemy
|
2
|
+
module Ingredients
|
3
|
+
module LinkTarget
|
4
|
+
BLANK_VALUE = "_blank"
|
5
|
+
REL_VALUE = "noopener noreferrer"
|
6
|
+
|
7
|
+
def link_rel_value(target)
|
8
|
+
if link_target_value(target) == BLANK_VALUE
|
9
|
+
REL_VALUE
|
10
|
+
end
|
11
|
+
end
|
12
|
+
|
13
|
+
def link_target_value(target)
|
14
|
+
(target == "blank") ? BLANK_VALUE : target
|
15
|
+
end
|
16
|
+
end
|
17
|
+
end
|
18
|
+
end
|
@@ -31,6 +31,27 @@ module Alchemy
|
|
31
31
|
|
32
32
|
private
|
33
33
|
|
34
|
+
def safe_redirect_path(path = params[:redirect_to], fallback: admin_path)
|
35
|
+
if is_safe_redirect_path?(path)
|
36
|
+
path
|
37
|
+
elsif is_safe_redirect_path?(fallback)
|
38
|
+
fallback
|
39
|
+
else
|
40
|
+
admin_path
|
41
|
+
end
|
42
|
+
end
|
43
|
+
|
44
|
+
def is_safe_redirect_path?(path)
|
45
|
+
mount_path = alchemy.root_path
|
46
|
+
path.to_s.match? %r{^#{mount_path}admin/}
|
47
|
+
end
|
48
|
+
|
49
|
+
def relative_referer_path(referer = request.referer)
|
50
|
+
return unless referer
|
51
|
+
|
52
|
+
URI(referer).path
|
53
|
+
end
|
54
|
+
|
34
55
|
# Disable layout rendering for xhr requests.
|
35
56
|
def set_layout
|
36
57
|
(request.xhr? || turbo_frame_request?) ? false : "alchemy/admin"
|
@@ -106,13 +127,16 @@ module Alchemy
|
|
106
127
|
|
107
128
|
# Does redirects for html and js requests
|
108
129
|
#
|
130
|
+
# Makes sure that the redirect path is safe.
|
131
|
+
#
|
109
132
|
def do_redirect_to(url_or_path)
|
133
|
+
redirect_path = safe_redirect_path(url_or_path)
|
110
134
|
respond_to do |format|
|
111
135
|
format.js {
|
112
|
-
@redirect_url =
|
136
|
+
@redirect_url = redirect_path
|
113
137
|
render :redirect
|
114
138
|
}
|
115
|
-
format.html { redirect_to
|
139
|
+
format.html { redirect_to redirect_path }
|
116
140
|
end
|
117
141
|
end
|
118
142
|
|
@@ -40,7 +40,7 @@ module Alchemy
|
|
40
40
|
def switch
|
41
41
|
@language = set_alchemy_language(params[:language_id])
|
42
42
|
session[:alchemy_language_id] = @language.id
|
43
|
-
do_redirect_to
|
43
|
+
do_redirect_to relative_referer_path || alchemy.admin_dashboard_path
|
44
44
|
end
|
45
45
|
|
46
46
|
private
|
@@ -189,11 +189,7 @@ module Alchemy
|
|
189
189
|
end
|
190
190
|
|
191
191
|
def unlock_redirect_path
|
192
|
-
|
193
|
-
params[:redirect_to]
|
194
|
-
else
|
195
|
-
admin_pages_path
|
196
|
-
end
|
192
|
+
safe_redirect_path(fallback: admin_pages_path)
|
197
193
|
end
|
198
194
|
|
199
195
|
# Sets the page public and updates the published_at attribute that is used as cache_key
|
@@ -78,7 +78,7 @@ module Alchemy
|
|
78
78
|
flash[:error] = resource_instance_variable.errors.full_messages.join(", ")
|
79
79
|
end
|
80
80
|
flash_notice_for_resource_action
|
81
|
-
do_redirect_to resource_url_proxy.url_for(search_filter_params.merge(action: "index"))
|
81
|
+
do_redirect_to resource_url_proxy.url_for(search_filter_params.merge(action: "index", only_path: true))
|
82
82
|
end
|
83
83
|
|
84
84
|
def resource_handler
|
@@ -102,11 +102,10 @@ module Alchemy
|
|
102
102
|
|
103
103
|
# Show image cropping link for ingredient
|
104
104
|
def allow_image_cropping?
|
105
|
-
settings[:crop] && picture
|
106
|
-
|
107
|
-
|
108
|
-
|
109
|
-
) && !!picture.image_file
|
105
|
+
settings[:crop] && picture&.can_be_cropped_to?(
|
106
|
+
settings[:size],
|
107
|
+
settings[:upsample]
|
108
|
+
) && !!picture.image_file
|
110
109
|
end
|
111
110
|
|
112
111
|
private
|
data/lib/alchemy/resource.rb
CHANGED
@@ -188,11 +188,21 @@ module Alchemy
|
|
188
188
|
end
|
189
189
|
end
|
190
190
|
|
191
|
+
# Returns a sorted array of attributes.
|
192
|
+
#
|
193
|
+
# Attribute called "name" comes first.
|
194
|
+
# Attribute called "updated_at" comes last.
|
195
|
+
# Boolean type attributes come after non-boolean attributes but before "updated_at".
|
196
|
+
#
|
191
197
|
def sorted_attributes
|
192
|
-
@_sorted_attributes ||= attributes
|
193
|
-
|
194
|
-
|
195
|
-
|
198
|
+
@_sorted_attributes ||= attributes.sort_by! do |attr|
|
199
|
+
[
|
200
|
+
(attr[:name] == "name") ? 0 : 1,
|
201
|
+
(attr[:name] == "updated_at") ? 3 : 2,
|
202
|
+
(attr[:type] == :boolean) ? 2 : 1,
|
203
|
+
attr[:name]
|
204
|
+
]
|
205
|
+
end
|
196
206
|
end
|
197
207
|
|
198
208
|
def editable_attributes
|
data/lib/alchemy/version.rb
CHANGED
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: alchemy_cms
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 7.2.
|
4
|
+
version: 7.2.9
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Thomas von Deyen
|
@@ -10,10 +10,9 @@ authors:
|
|
10
10
|
- Hendrik Mans
|
11
11
|
- Carsten Fregin
|
12
12
|
- Martin Meyerhoff
|
13
|
-
autorequire:
|
14
13
|
bindir: bin
|
15
14
|
cert_chain: []
|
16
|
-
date:
|
15
|
+
date: 2025-03-17 00:00:00.000000000 Z
|
17
16
|
dependencies:
|
18
17
|
- !ruby/object:Gem::Dependency
|
19
18
|
name: actionmailer
|
@@ -807,6 +806,7 @@ files:
|
|
807
806
|
- app/components/alchemy/ingredients/select_view.rb
|
808
807
|
- app/components/alchemy/ingredients/text_view.rb
|
809
808
|
- app/components/alchemy/ingredients/video_view.rb
|
809
|
+
- app/components/concerns/alchemy/ingredients/link_target.rb
|
810
810
|
- app/controllers/alchemy/admin/attachments_controller.rb
|
811
811
|
- app/controllers/alchemy/admin/base_controller.rb
|
812
812
|
- app/controllers/alchemy/admin/clipboard_controller.rb
|
@@ -1432,8 +1432,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
1432
1432
|
version: '0'
|
1433
1433
|
requirements:
|
1434
1434
|
- ImageMagick (libmagick), v6.6 or greater.
|
1435
|
-
rubygems_version: 3.5
|
1436
|
-
signing_key:
|
1435
|
+
rubygems_version: 3.6.5
|
1437
1436
|
specification_version: 4
|
1438
1437
|
summary: A powerful, userfriendly and flexible CMS for Rails
|
1439
1438
|
test_files: []
|