avo 2.33.2 → 2.33.3.pre.2

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.

This version of avo might be problematic. Click here for more details.

Files changed (14) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile.lock +2 -2
  3. data/app/components/avo/alert_component.html.erb +1 -1
  4. data/app/components/avo/field_wrapper_component.html.erb +2 -2
  5. data/app/components/avo/fields/common/heading_component.html.erb +1 -1
  6. data/app/components/avo/fields/trix_field/edit_component.html.erb +1 -1
  7. data/app/components/avo/fields/trix_field/show_component.html.erb +1 -1
  8. data/app/components/avo/index/field_wrapper_component.html.erb +1 -1
  9. data/app/components/avo/panel_component.html.erb +1 -1
  10. data/config/master.key +1 -0
  11. data/lib/avo/fields/belongs_to_field.rb +4 -2
  12. data/lib/avo/version.rb +1 -1
  13. data/public/avo-assets/avo.base.css +4 -4
  14. metadata +5 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 3dc07d8896fb957e62c31758d46d9edf1e47ed0a2be4af60f10372747838a386
4
- data.tar.gz: 30f3ba2be719772d61e24d36888683b8e256e18b0f11b52481952b10ab78bbf9
3
+ metadata.gz: ece1802c0aff8f4c7aa07963976459b3926348dec30e6bb626af4af3615ab079
4
+ data.tar.gz: 9cc1670145ad39ec8fb09dee7f843eebb7912f9222b66378c3a15014d8ae341e
5
5
  SHA512:
6
- metadata.gz: f5acc02b2faa3ce7fa2cfe05118aee925a4daab284fdb78098c0a7dfb1a1b6cf17896a23453c4ab99b95fa971ecc14e40d39d0129839e839620b833af3004d49
7
- data.tar.gz: 21f533ccfe75cf2d69ed719dee359593020db71831145d6ecbe784c16e63d3be7c9db6df2dfb5ca6d48deb45ad5ecee63dbc9e108002ca370b4b7dee4908cbd6
6
+ metadata.gz: dbe3867dfc4e1ba3299bbeb0ae5f4e0dbedb67d887f1a593d3565ded47c6c66df6f1ba3ed1971c212a3420f682bbd7c694121880c37f1d9f0d62f15c6d2a8baf
7
+ data.tar.gz: b30c40416024a57cf39f1ab184b6cbbbf4a5d8ddbcc4460a7fafa01199e62b4a2b8269c7775709765a0f19bae3bc64db6b1dcfadeb1842d19ff7144cee35ad05
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- avo (2.33.2)
4
+ avo (2.33.3.pre.2)
5
5
  actionview (>= 6.0)
6
6
  active_link_to
7
7
  activerecord (>= 6.0)
@@ -421,7 +421,7 @@ GEM
421
421
  tzinfo (2.0.6)
422
422
  concurrent-ruby (~> 1.0)
423
423
  unicode-display_width (2.4.0)
424
- view_component (3.0.0)
424
+ view_component (3.1.0)
425
425
  activesupport (>= 5.2.0, < 8.0)
426
426
  concurrent-ruby (~> 1.0)
427
427
  method_source (~> 1.0)
data/app/components/avo/alert_component.html.erb CHANGED
@@ -10,7 +10,7 @@
10
10
  </div>
11
11
  <div class="ml-3 w-0 flex-1 pt-0.5">
12
12
  <p class="text-sm leading-5 font-semibold">
13
- <%== message %>
13
+ <%= sanitize message %>
14
14
  </p>
15
15
  </div>
16
16
  <div class="ml-4 flex-shrink-0 flex items-center">
data/app/components/avo/field_wrapper_component.html.erb CHANGED
@@ -24,13 +24,13 @@
24
24
  <div class="text-red-600 mt-2 text-sm"><%= record.errors.full_messages_for(field.id).to_sentence %></div>
25
25
  <% end %>
26
26
  <% if help.present? %>
27
- <div class="text-gray-600 mt-2 text-sm"><%== help %></div>
27
+ <div class="text-gray-600 mt-2 text-sm"><%= sanitize help %></div>
28
28
  <% end %>
29
29
  <% end %>
30
30
  </div>
31
31
  </div>
32
32
  <% if params[:avo_debug].present? %>
33
33
  <!-- Raw value: -->
34
- <!-- <%== field.value.inspect %> -->
34
+ <!-- <%= sanitize field.value.inspect %> -->
35
35
  <% end %>
36
36
  <% end %>
data/app/components/avo/fields/common/heading_component.html.erb CHANGED
@@ -3,7 +3,7 @@
3
3
  <% if empty %>
4
4
  <% elsif value.present? %>
5
5
  <% if as_html %>
6
- <%== value %>
6
+ <%= sanitize value %>
7
7
  <% else %>
8
8
  <div class="font-semibold uppercase"><%= value %></div>
9
9
  <% end %>
data/app/components/avo/fields/trix_field/edit_component.html.erb CHANGED
@@ -20,7 +20,7 @@
20
20
  },
21
21
  input: trix_id,
22
22
  placeholder: @field.placeholder do %>
23
- <%== @field.value %>
23
+ <%= sanitize @field.value %>
24
24
  <% end %>
25
25
  <%= @form.text_area @field.id,
26
26
  class: classes("w-full hidden"),
data/app/components/avo/fields/trix_field/show_component.html.erb CHANGED
@@ -8,7 +8,7 @@
8
8
  <%= link_to t('avo.show_content'), 'javascript:void(0);', class: 'font-bold inline-block', data: { action: 'click->hidden-input#showContent' } %>
9
9
  <% end %>
10
10
  <div class="<%= content_classes %> " data-hidden-input-target="content">
11
- <%== @field.value %>
11
+ <%= sanitize @field.value %>
12
12
  </div>
13
13
  </div>
14
14
  <% end %>
data/app/components/avo/index/field_wrapper_component.html.erb CHANGED
@@ -19,6 +19,6 @@
19
19
  <% end %>
20
20
  <% if params[:avo_debug].present? %>
21
21
  <!-- Raw value: -->
22
- <!-- <%== @field.value.inspect %> -->
22
+ <!-- <%= sanitize @field.value.inspect %> -->
23
23
  <% end %>
24
24
  <% end %>
data/app/components/avo/panel_component.html.erb CHANGED
@@ -25,7 +25,7 @@
25
25
  <% end %>
26
26
  <% if body? %>
27
27
  <div class="flex flex-col sm:flex-row space-y-4 sm:space-y-0 sm:gap-4 w-full">
28
- <div class="relative flex-1 <% if sidebar? %> w-2/3 <% else %> w-full <% end %>">
28
+ <div class="relative flex-1 w-full <% if sidebar? %> sm:w-2/3 <% end %>">
29
29
  <% # The body is wrapped inside another div in order to avoid long & tall panels next to sidebars when the sidebar taller. %>
30
30
  <div class="relative <%= white_panel_classes %> <%= @body_classes %>">
31
31
  <%= body %>
data/config/master.key ADDED
@@ -0,0 +1 @@
1
+ 2aeb23d82b909d9c6b5abb62f7058c2a
data/lib/avo/fields/belongs_to_field.rb CHANGED
@@ -199,11 +199,13 @@ module Avo
199
199
  def fill_field(model, key, value, params)
200
200
  return model unless model.methods.include? key.to_sym
201
201
 
202
+ valid_model_class = BaseResource.valid_model_class params["#{polymorphic_as}_type"]
203
+
202
204
  if polymorphic_as.present?
203
- model.send("#{polymorphic_as}_type=", params["#{polymorphic_as}_type"])
205
+ model.send("#{polymorphic_as}_type=", valid_model_class)
204
206
 
205
207
  # If the type is blank, reset the id too.
206
- if params["#{polymorphic_as}_type"].blank?
208
+ if valid_model_class.blank?
207
209
  model.send("#{polymorphic_as}_id=", nil)
208
210
  else
209
211
  model.send("#{polymorphic_as}_id=", params["#{polymorphic_as}_id"])
data/lib/avo/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Avo
2
- VERSION = "2.33.2" unless const_defined?(:VERSION)
2
+ VERSION = "2.33.3.pre.2" unless const_defined?(:VERSION)
3
3
  end
data/public/avo-assets/avo.base.css CHANGED
@@ -6929,10 +6929,6 @@ trix-toolbar .trix-button-group:not(:first-child){
6929
6929
  width:4rem
6930
6930
  }
6931
6931
 
6932
- .w-2\/3{
6933
- width:66.666667%
6934
- }
6935
-
6936
6932
  .w-64{
6937
6933
  width:16rem
6938
6934
  }
@@ -9632,6 +9628,10 @@ trix-editor {
9632
9628
  width:auto
9633
9629
  }
9634
9630
 
9631
+ .sm\:w-2\/3{
9632
+ width:66.666667%
9633
+ }
9634
+
9635
9635
  .sm\:w-1\/3{
9636
9636
  width:33.333333%
9637
9637
  }
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: avo
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.33.2
4
+ version: 2.33.3.pre.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Adrian Marin
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2023-05-31 00:00:00.000000000 Z
12
+ date: 2023-06-05 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: activerecord
@@ -1713,6 +1713,7 @@ files:
1713
1713
  - config/credentials.yml.enc
1714
1714
  - config/i18n-tasks.yml
1715
1715
  - config/initializers/pagy.rb
1716
+ - config/master.key
1716
1717
  - config/routes.rb
1717
1718
  - config/spring.rb
1718
1719
  - db/factories.rb
@@ -1976,9 +1977,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
1976
1977
  version: 2.6.0
1977
1978
  required_rubygems_version: !ruby/object:Gem::Requirement
1978
1979
  requirements:
1979
- - - ">="
1980
+ - - ">"
1980
1981
  - !ruby/object:Gem::Version
1981
- version: '0'
1982
+ version: 1.3.1
1982
1983
  requirements: []
1983
1984
  rubygems_version: 3.3.3
1984
1985
  signing_key: