alchemy_cms 7.0.15 → 7.0.16
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.github/workflows/brakeman-analysis.yml +13 -5
- data/.github/workflows/lint.yml +9 -2
- data/.github/workflows/stale.yml +5 -2
- data/.github/workflows/test.yml +13 -4
- data/CHANGELOG.md +9 -0
- data/Gemfile +7 -0
- data/app/controllers/alchemy/admin/base_controller.rb +26 -2
- data/app/controllers/alchemy/admin/languages_controller.rb +1 -1
- data/app/controllers/alchemy/admin/pages_controller.rb +5 -4
- data/app/controllers/alchemy/admin/resources_controller.rb +1 -1
- data/app/controllers/concerns/alchemy/site_redirects.rb +1 -1
- data/app/models/alchemy/page.rb +3 -3
- data/app/models/concerns/alchemy/picture_thumbnails.rb +4 -5
- data/lib/alchemy/version.rb +1 -1
- metadata +3 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: d20bda02db92caa55198f4cc360bafb972b868e742215f1b19ab83976215b230
|
|
4
|
+
data.tar.gz: ab901f120f7a3c2f0878fb03a25e2d2de8e68aff1cd9240c58994b903e9781b8
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: adb1fd6328915e0648e8b94b45f91e2fb1051fbcf6b33ebf26d75a9de52fd2479991c0cb40dc8cc6d7972214291d195765d9ddda0ddc13bb69a0794941d45fcb
|
|
7
|
+
data.tar.gz: 2c9c34c568de4ed7492aaaa5f05959023493eba2951776fd1bedbf22a8e4bed65ce9e7480c42a2767334edba0d469d0277d8ea6ad616493c18a55f51e4135d31
|
|
@@ -3,19 +3,27 @@
|
|
|
3
3
|
|
|
4
4
|
name: Brakeman Scan
|
|
5
5
|
|
|
6
|
+
concurrency:
|
|
7
|
+
group: brakeman-${{ github.ref_name }}
|
|
8
|
+
cancel-in-progress: ${{ github.ref_name != 'main' }}
|
|
9
|
+
|
|
10
|
+
permissions:
|
|
11
|
+
contents: read
|
|
12
|
+
security-events: write
|
|
13
|
+
|
|
6
14
|
on:
|
|
7
15
|
push:
|
|
8
|
-
branches:
|
|
16
|
+
branches:
|
|
17
|
+
- 7.0-stable
|
|
9
18
|
pull_request:
|
|
10
19
|
# The branches below must be a subset of the branches above
|
|
11
|
-
branches:
|
|
12
|
-
|
|
13
|
-
- cron: "40 4 * * 2"
|
|
20
|
+
branches:
|
|
21
|
+
- 7.0-stable
|
|
14
22
|
|
|
15
23
|
jobs:
|
|
16
24
|
brakeman-scan:
|
|
17
25
|
name: Brakeman Scan
|
|
18
|
-
runs-on: ubuntu-
|
|
26
|
+
runs-on: ubuntu-22.04
|
|
19
27
|
steps:
|
|
20
28
|
# Checkout the repository to the GitHub Actions runner
|
|
21
29
|
- name: Checkout
|
data/.github/workflows/lint.yml
CHANGED
|
@@ -2,9 +2,16 @@ name: Lint
|
|
|
2
2
|
|
|
3
3
|
on: [pull_request]
|
|
4
4
|
|
|
5
|
+
concurrency:
|
|
6
|
+
group: lint-${{ github.ref_name }}
|
|
7
|
+
cancel-in-progress: ${{ github.ref_name != 'main' }}
|
|
8
|
+
|
|
9
|
+
permissions:
|
|
10
|
+
contents: read
|
|
11
|
+
|
|
5
12
|
jobs:
|
|
6
13
|
Standard:
|
|
7
|
-
runs-on: ubuntu-
|
|
14
|
+
runs-on: ubuntu-22.04
|
|
8
15
|
steps:
|
|
9
16
|
- name: Checkout code
|
|
10
17
|
uses: actions/checkout@v3
|
|
@@ -16,7 +23,7 @@ jobs:
|
|
|
16
23
|
- name: Lint Ruby files
|
|
17
24
|
run: bundle exec standardrb
|
|
18
25
|
Prettier:
|
|
19
|
-
runs-on: ubuntu-
|
|
26
|
+
runs-on: ubuntu-22.04
|
|
20
27
|
steps:
|
|
21
28
|
- name: Checkout
|
|
22
29
|
uses: actions/checkout@v3
|
data/.github/workflows/stale.yml
CHANGED
data/.github/workflows/test.yml
CHANGED
|
@@ -1,10 +1,17 @@
|
|
|
1
1
|
name: Test
|
|
2
2
|
|
|
3
|
-
on:
|
|
3
|
+
on:
|
|
4
|
+
push:
|
|
5
|
+
branches:
|
|
6
|
+
- 7.0-stable
|
|
7
|
+
pull_request:
|
|
8
|
+
|
|
9
|
+
permissions:
|
|
10
|
+
contents: read
|
|
4
11
|
|
|
5
12
|
jobs:
|
|
6
13
|
RSpec:
|
|
7
|
-
runs-on: ubuntu-
|
|
14
|
+
runs-on: ubuntu-22.04
|
|
8
15
|
strategy:
|
|
9
16
|
fail-fast: false
|
|
10
17
|
matrix:
|
|
@@ -104,9 +111,11 @@ jobs:
|
|
|
104
111
|
if: failure()
|
|
105
112
|
with:
|
|
106
113
|
name: Screenshots
|
|
107
|
-
path:
|
|
114
|
+
path: |
|
|
115
|
+
spec/dummy/tmp/capybara
|
|
116
|
+
spec/dummy/tmp/screenshots
|
|
108
117
|
Jest:
|
|
109
|
-
runs-on: ubuntu-
|
|
118
|
+
runs-on: ubuntu-22.04
|
|
110
119
|
env:
|
|
111
120
|
NODE_ENV: test
|
|
112
121
|
steps:
|
data/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,14 @@
|
|
|
1
1
|
# Changelog
|
|
2
2
|
|
|
3
|
+
## 7.0.16 (2025-01-23)
|
|
4
|
+
|
|
5
|
+
- [7.0-stable] Allow redirecting to other host in site redirect [#3160](https://github.com/AlchemyCMS/alchemy_cms/pull/3160) ([alchemycms-bot](https://github.com/alchemycms-bot))
|
|
6
|
+
- [7.0-stable] fix missing logger issue in github actions [#3155](https://github.com/AlchemyCMS/alchemy_cms/pull/3155) ([alchemycms-bot](https://github.com/alchemycms-bot))
|
|
7
|
+
- [7.0-stable] CI: Set workflow permissions [#3144](https://github.com/AlchemyCMS/alchemy_cms/pull/3144) ([tvdeyen](https://github.com/tvdeyen))
|
|
8
|
+
- [7.0-stable] Use safe redirect paths in admin redirects [#3134](https://github.com/AlchemyCMS/alchemy_cms/pull/3134) ([tvdeyen](https://github.com/tvdeyen))
|
|
9
|
+
- [7.0-stable] CI: Run actions on ubuntu-22.04 [#3127](https://github.com/AlchemyCMS/alchemy_cms/pull/3127) ([tvdeyen](https://github.com/tvdeyen))
|
|
10
|
+
- [7.0-stable] Use alchemy_display_name for page actor names [#3028](https://github.com/AlchemyCMS/alchemy_cms/pull/3028) ([alchemycms-bot](https://github.com/alchemycms-bot))
|
|
11
|
+
|
|
3
12
|
## 7.0.15 (2024-09-04)
|
|
4
13
|
|
|
5
14
|
- [7.0-stable] Render Datetime ingredient in local time zone [#3017](https://github.com/AlchemyCMS/alchemy_cms/pull/3017) ([tvdeyen](https://github.com/tvdeyen))
|
data/Gemfile
CHANGED
|
@@ -32,6 +32,13 @@ group :development, :test do
|
|
|
32
32
|
if rails_version == "7.1"
|
|
33
33
|
gem "actioncable", "~> #{rails_version}.0"
|
|
34
34
|
end
|
|
35
|
+
|
|
36
|
+
# concurrent-ruby v1.3.5 has removed the dependency on logger,
|
|
37
|
+
# effecting Rails 6.1 up to including 7.0.
|
|
38
|
+
# https://github.com/rails/rails/pull/54264
|
|
39
|
+
if ("6.1".to_f.."7.0".to_f).cover?(rails_version.to_f)
|
|
40
|
+
gem "concurrent-ruby", "< 1.3.5"
|
|
41
|
+
end
|
|
35
42
|
else
|
|
36
43
|
gem "launchy"
|
|
37
44
|
gem "annotate"
|
|
@@ -31,6 +31,27 @@ module Alchemy
|
|
|
31
31
|
|
|
32
32
|
private
|
|
33
33
|
|
|
34
|
+
def safe_redirect_path(path = params[:redirect_to], fallback: admin_path)
|
|
35
|
+
if is_safe_redirect_path?(path)
|
|
36
|
+
path
|
|
37
|
+
elsif is_safe_redirect_path?(fallback)
|
|
38
|
+
fallback
|
|
39
|
+
else
|
|
40
|
+
admin_path
|
|
41
|
+
end
|
|
42
|
+
end
|
|
43
|
+
|
|
44
|
+
def is_safe_redirect_path?(path)
|
|
45
|
+
mount_path = alchemy.root_path
|
|
46
|
+
path.to_s.match? %r{^#{mount_path}admin/}
|
|
47
|
+
end
|
|
48
|
+
|
|
49
|
+
def relative_referer_path(referer = request.referer)
|
|
50
|
+
return unless referer
|
|
51
|
+
|
|
52
|
+
URI(referer).path
|
|
53
|
+
end
|
|
54
|
+
|
|
34
55
|
# Disable layout rendering for xhr requests.
|
|
35
56
|
def set_layout
|
|
36
57
|
request.xhr? ? false : "alchemy/admin"
|
|
@@ -107,13 +128,16 @@ module Alchemy
|
|
|
107
128
|
|
|
108
129
|
# Does redirects for html and js requests
|
|
109
130
|
#
|
|
131
|
+
# Makes sure that the redirect path is safe.
|
|
132
|
+
#
|
|
110
133
|
def do_redirect_to(url_or_path)
|
|
134
|
+
redirect_path = safe_redirect_path(url_or_path)
|
|
111
135
|
respond_to do |format|
|
|
112
136
|
format.js {
|
|
113
|
-
@redirect_url =
|
|
137
|
+
@redirect_url = redirect_path
|
|
114
138
|
render :redirect
|
|
115
139
|
}
|
|
116
|
-
format.html { redirect_to
|
|
140
|
+
format.html { redirect_to redirect_path }
|
|
117
141
|
end
|
|
118
142
|
end
|
|
119
143
|
|
|
@@ -40,7 +40,7 @@ module Alchemy
|
|
|
40
40
|
def switch
|
|
41
41
|
@language = set_alchemy_language(params[:language_id])
|
|
42
42
|
session[:alchemy_language_id] = @language.id
|
|
43
|
-
do_redirect_to
|
|
43
|
+
do_redirect_to relative_referer_path || alchemy.admin_dashboard_path
|
|
44
44
|
end
|
|
45
45
|
|
|
46
46
|
private
|
|
@@ -183,14 +183,15 @@ module Alchemy
|
|
|
183
183
|
respond_to do |format|
|
|
184
184
|
format.js
|
|
185
185
|
format.html do
|
|
186
|
-
redirect_to(
|
|
187
|
-
params[:redirect_to].presence || admin_pages_path,
|
|
188
|
-
allow_other_host: true
|
|
189
|
-
)
|
|
186
|
+
redirect_to(unlock_redirect_path, allow_other_host: true)
|
|
190
187
|
end
|
|
191
188
|
end
|
|
192
189
|
end
|
|
193
190
|
|
|
191
|
+
def unlock_redirect_path
|
|
192
|
+
safe_redirect_path(fallback: admin_pages_path)
|
|
193
|
+
end
|
|
194
|
+
|
|
194
195
|
# Sets the page public and updates the published_at attribute that is used as cache_key
|
|
195
196
|
#
|
|
196
197
|
def publish
|
|
@@ -78,7 +78,7 @@ module Alchemy
|
|
|
78
78
|
flash[:error] = resource_instance_variable.errors.full_messages.join(", ")
|
|
79
79
|
end
|
|
80
80
|
flash_notice_for_resource_action
|
|
81
|
-
do_redirect_to resource_url_proxy.url_for(search_filter_params.merge(action: "index"))
|
|
81
|
+
do_redirect_to resource_url_proxy.url_for(search_filter_params.merge(action: "index", only_path: true))
|
|
82
82
|
end
|
|
83
83
|
|
|
84
84
|
def resource_handler
|
|
@@ -12,7 +12,7 @@ module Alchemy
|
|
|
12
12
|
private
|
|
13
13
|
|
|
14
14
|
def enforce_primary_host_for_site
|
|
15
|
-
redirect_to url_for(host: current_alchemy_site.host), status: :moved_permanently
|
|
15
|
+
redirect_to url_for(host: current_alchemy_site.host), status: :moved_permanently, allow_other_host: true
|
|
16
16
|
end
|
|
17
17
|
|
|
18
18
|
def needs_redirect_to_primary_host?
|
data/app/models/alchemy/page.rb
CHANGED
|
@@ -546,7 +546,7 @@ module Alchemy
|
|
|
546
546
|
# does not respond to +#name+ it returns +'unknown'+
|
|
547
547
|
#
|
|
548
548
|
def creator_name
|
|
549
|
-
creator.try(:
|
|
549
|
+
creator.try(:alchemy_display_name) || Alchemy.t("unknown")
|
|
550
550
|
end
|
|
551
551
|
|
|
552
552
|
# Returns the name of the last updater of this page.
|
|
@@ -555,7 +555,7 @@ module Alchemy
|
|
|
555
555
|
# does not respond to +#name+ it returns +'unknown'+
|
|
556
556
|
#
|
|
557
557
|
def updater_name
|
|
558
|
-
updater.try(:
|
|
558
|
+
updater.try(:alchemy_display_name) || Alchemy.t("unknown")
|
|
559
559
|
end
|
|
560
560
|
|
|
561
561
|
# Returns the name of the user currently editing this page.
|
|
@@ -564,7 +564,7 @@ module Alchemy
|
|
|
564
564
|
# does not respond to +#name+ it returns +'unknown'+
|
|
565
565
|
#
|
|
566
566
|
def locker_name
|
|
567
|
-
locker.try(:
|
|
567
|
+
locker.try(:alchemy_display_name) || Alchemy.t("unknown")
|
|
568
568
|
end
|
|
569
569
|
|
|
570
570
|
# Key hint translations by page layout, rather than the default name.
|
|
@@ -102,11 +102,10 @@ module Alchemy
|
|
|
102
102
|
|
|
103
103
|
# Show image cropping link for ingredient
|
|
104
104
|
def allow_image_cropping?
|
|
105
|
-
settings[:crop] && picture
|
|
106
|
-
|
|
107
|
-
|
|
108
|
-
|
|
109
|
-
) && !!picture.image_file
|
|
105
|
+
settings[:crop] && picture&.can_be_cropped_to?(
|
|
106
|
+
settings[:size],
|
|
107
|
+
settings[:upsample]
|
|
108
|
+
) && !!picture.image_file
|
|
110
109
|
end
|
|
111
110
|
|
|
112
111
|
private
|
data/lib/alchemy/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: alchemy_cms
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 7.0.
|
|
4
|
+
version: 7.0.16
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Thomas von Deyen
|
|
@@ -10,10 +10,9 @@ authors:
|
|
|
10
10
|
- Hendrik Mans
|
|
11
11
|
- Carsten Fregin
|
|
12
12
|
- Martin Meyerhoff
|
|
13
|
-
autorequire:
|
|
14
13
|
bindir: bin
|
|
15
14
|
cert_chain: []
|
|
16
|
-
date:
|
|
15
|
+
date: 2025-01-23 00:00:00.000000000 Z
|
|
17
16
|
dependencies:
|
|
18
17
|
- !ruby/object:Gem::Dependency
|
|
19
18
|
name: actionmailer
|
|
@@ -1456,8 +1455,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
1456
1455
|
version: '0'
|
|
1457
1456
|
requirements:
|
|
1458
1457
|
- ImageMagick (libmagick), v6.6 or greater.
|
|
1459
|
-
rubygems_version: 3.
|
|
1460
|
-
signing_key:
|
|
1458
|
+
rubygems_version: 3.6.3
|
|
1461
1459
|
specification_version: 4
|
|
1462
1460
|
summary: A powerful, userfriendly and flexible CMS for Rails
|
|
1463
1461
|
test_files: []
|