card 1.93.13 → 1.94.0

data/mod/core/spec/set/all/name_validations_spec.rb

@@ -1,14 +1,4 @@
 describe Card::Set::All::NameValidations, "validate name" do
-  it "errors on name with /" do
-    expect { create "testname/" }
-      .to raise_error /Name may not contain/
-  end
-
-  it "errors on junction name  with /" do
-    expect { create "jasmin+ri/ce" }
-      .to raise_error /Name may not contain/
-  end
-
   it "does not allow empty name" do
     expect { create "" }
       .to raise_error /Name can't be blank/

data/mod/core/spec/set/all/rename_spec.rb

@@ -81,8 +81,8 @@ RSpec.describe Card::Set::All::Rename do
   end
 
   it "fails if name is invalid" do
-    expect { update "T", name: "YT/Yo" }
-      .to raise_error(/Validation failed: Name may not contain/)
+    expect { update "T", name: "" }
+      .to raise_error(/Name can't be blank/)
   end
 
   example "simple to simple" do

data/mod/pointer/set/abstract/02_pointer.rb

@@ -55,6 +55,10 @@ end
 
 format :html do
   view :core, cache: :never do
+    standard_pointer_core
+  end
+
+  def standard_pointer_core
     with_paging do |paging_args|
       wrap_with :div, pointer_items(paging_args.extract!(:limit, :offset)),
                 class: "pointer-list"

data/mod/search/set/abstract/00_filter_helper.rb

@@ -42,7 +42,7 @@ end
 
 format :html do
   def extra_paging_path_args
-    { filter: filter_hash }.merge sort_hash
+    super.merge(filter: filter_hash).merge sort_hash
   end
 
   def filter_active?

data/mod/search/set/abstract/02_search_params.rb

@@ -11,9 +11,22 @@ format do
 
   # used for override
   def default_search_params
+    if (qparams = query_params)
+      paging_params.merge vars: qparams
+    else
+      paging_params
+    end
+  end
+
+  def paging_params
     { limit: limit_param, offset: offset_param }
   end
 
+  def query_params
+    return nil unless (vars = params[:query])
+    Card.safe_param vars
+  end
+
   def default_limit
     100
   end
@@ -23,6 +36,11 @@ format :html do
   def default_limit
     Cardio.config.paging_limit || 20
   end
+
+  def extra_paging_path_args
+    return {} unless (vars = query_params)
+    { query: vars }
+  end
 end
 
 format :json do

data/mod/search/set/abstract/search.rb

@@ -1,5 +1,5 @@
-include_set Abstract::SearchParams
 include_set Abstract::Paging
+include_set Abstract::SearchParams
 include_set Abstract::Filter
 
 def search _args={}

data/mod/search/set/self/navbox.rb

@@ -2,8 +2,8 @@
 format :html do
   view :raw do
     wrap_with :div, class: "form-group w-100" do
-      text_field_tag :_keyword, "", class: "_navbox navbox form-control w-100",
-                                    placeholder: navbar_placeholder
+      text_field_tag "query[keyword]", "", class: "_navbox navbox form-control w-100",
+                                           placeholder: navbar_placeholder
     end
   end
 

data/mod/search/set/self/search.rb

@@ -14,16 +14,6 @@ def keyword_contains_wql? hash
 end
 
 format do
-  def default_search_params
-    hash = super
-    hash[:vars] = params[:vars] || {}
-    params.each do |key, val|
-      next unless key.to_s =~ /^\_(\w+)$/
-      hash[:vars][Regexp.last_match(1).to_sym] = val
-    end
-    hash
-  end
-
   view :search_error, cache: :never do
     sr_class = search_with_params.class.to_s
 
@@ -33,14 +23,6 @@ format do
 end
 
 format :html do
-  def extra_paging_path_args
-    vars = query_with_params.vars
-    return {} unless vars.is_a? Hash
-    vars.each_with_object({}) do |(key, value), hash|
-      hash["_#{key}"] = value
-    end
-  end
-
   view :title, cache: :never do
     return super() unless (keyword = search_keyword) &&
                           (title = keyword_search_title(keyword))
@@ -104,7 +86,7 @@ format :json do
   end
 
   def complete_term
-    term = params["_keyword"]
+    term = query_params[:keyword]
     if (term =~ /^\+/) && (main = params["main"])
       term = main + term
     end

data/mod/search/spec/set/self/search_spec.rb

@@ -2,7 +2,7 @@
 
 describe Card::Set::Self::Search do
   def keyword_search value
-    Card::Env.params[:vars] = { keyword: value }
+    Card::Env.params[:query] = { keyword: value }
     Card[:search].format.search_with_params
   end
 

data/mod/standard/set/all/error.rb

@@ -18,7 +18,7 @@ format do
   end
 
   view :not_found, perms: :none, error_code: 404 do |_args|
-    error_name = card.name.present? ? card.name : "the card requested"
+    error_name = card.name.present? ? safe_name : "the card requested"
     %( Could not find #{error_name}. )
   end
 
@@ -75,7 +75,7 @@ format :html do
     warning = alert("warning", true) do
       %{
         <h3>Error message (visible to admin only)</h3>
-        <p><strong>#{exception.message}</strong></p>
+        <p><strong>#{CGI.escapeHTML exception.message}</strong></p>
         <div>#{exception.backtrace * "<br>\n"}</div>
       }
     end
@@ -105,7 +105,7 @@ format :html do
   end
 
   view :closed_missing, perms: :none do
-    wrap_with :span, title_in_context, class: "faint"
+    wrap_with :span, h(title_in_context), class: "faint"
   end
 
   view :conflict, error_code: 409, cache: :never do
@@ -136,20 +136,20 @@ format :html do
     frame do
       card.errors.map do |attrib, msg|
         alert "warning", true do
-          attrib == :abort ? msg : standard_error_message(attrib, msg)
+          attrib == :abort ? h(msg) : standard_error_message(attrib, msg)
         end
       end
     end
   end
 
   def standard_error_message attribute, message
-    "<strong>#{attribute.to_s.upcase}:</strong> #{message}"
+    "<strong>#{h attribute.to_s.upcase}:</strong> #{h message}"
   end
 
   view :not_found do # ug.  bad name.
     voo.hide! :menu
     voo.title = "Not Found"
-    card_label = card.name.present? ? "<em>#{card.name}</em>" : "that"
+    card_label = card.name.present? ? "<em>#{safe_name}</em>" : "that"
     frame do
       [wrap_with(:h2) { "Could not find #{card_label}." },
        sign_in_or_up_links]

data/mod/standard/set/all/rich_html/content.rb

@@ -21,7 +21,7 @@ format :html do
     args[:view] = view if view
     @main = false
     @main_opts = args
-    render! :layout, title: params[:layout]
+    render! :layout, layout: params[:layout]
     # FIXME: using title because it's a standard view option.  hack!
   end
 
@@ -32,7 +32,7 @@ format :html do
   end
 
   view :layout, perms: :none, cache: :never do
-    layout = process_content get_layout_content(voo.title),
+    layout = process_content get_layout_content(voo.layout),
                              content_opts: { chunk_list: :references }
     output [layout, _render_modal_slot]
   end
@@ -89,20 +89,6 @@ format :html do
     end
   end
 
-  view :title do
-    title = fancy_title super()
-    if show_view? :title_link, :hide
-      title = _render_title_link title_ready: title
-    end
-    add_name_context
-    title
-  end
-
-  view :title_link do |args|
-    title_text = args[:title_ready] || pov_name(voo.title)
-    link_to_card card.name, title_text
-  end
-
   view :type_info do
     return unless show_view?(:toolbar, :hide) && card.type_code != :basic
     wrap_with :span, class: "type-info float-right" do
@@ -236,15 +222,4 @@ format :html do
       </span>
     )
   end
-
-  def fancy_title title=nil
-    wrap_with :span, class: classy("card-title") do
-      title.to_name.parts.join fancy_joint
-    end
-  end
-
-  def fancy_joint
-    wrap_with :span, "+", classy("joint")
-  end
 end
-

data/mod/standard/set/all/rich_html/editing.rb

@@ -69,7 +69,7 @@ format :html do
   end
 
   def rename_confirmation_alert
-    msg = "<h5>Are you sure you want to rename <em>#{card.name}</em>?</h5>"
+    msg = "<h5>Are you sure you want to rename <em>#{safe_name}</em>?</h5>"
     msg << rename_effects_and_options
     alert("warning") { msg }
   end

data/mod/standard/set/all/rich_html/title.rb

@@ -0,0 +1,39 @@
+format :html do
+  view :title do
+    title = wrapped_title(super())
+    title = link_to_card card.name, title if show_view? :title_link, :hide
+    add_name_context
+    title
+  end
+
+  view :title_link do
+    render_title show: :title_link
+  end
+
+  def title_with_link link_text
+    link_to_card card.name, link_text
+  end
+
+  view :name do
+    h(super())
+  end
+
+  def safe_name
+    h super
+  end
+
+  def title_in_context title=nil
+    h super
+  end
+
+  def wrapped_title title
+    wrap_with :span, class: classy("card-title") do
+      escaped_parts = title.to_name.parts.map { |part| h part }
+      escaped_parts.join wrapped_joint
+    end
+  end
+
+  def wrapped_joint
+    wrap_with :span, "+", classy("joint")
+  end
+end

data/mod/standard/set/all/rich_html/toolbar.rb

@@ -218,7 +218,7 @@ format :html do
   end
 
   view :delete_button do |_args|
-    confirm = "Are you sure you want to delete #{card.name}?"
+    confirm = "Are you sure you want to delete #{safe_name}?"
     success = main? ? "REDIRECT: *previous" : "TEXT: #{card.name} deleted"
     toolbar_button "delete", :trash,
                    path: { action: :delete, success: success },

data/mod/standard/set/type/cardtype.rb

@@ -12,14 +12,14 @@ format :html do
 
   view :type_formgroup do
     if card.cards_of_type_exist?
-      wrap_with :div, tr(:cards_exist, cardname: card.name)
+      wrap_with :div, tr(:cards_exist, cardname: safe_name)
     else
       super()
     end
   end
 
   view :add_link do |args|
-    voo.title ||= tr(:add_card, cardname: card.name)
+    voo.title ||= tr(:add_card, cardname: safe_name)
     title = _render_title args
     link_to title, path: _render_add_path(args), class: args[:css_class]
   end
@@ -82,3 +82,9 @@ event :check_for_cards_of_type_when_type_changed, :validate, changed: :type do
     errors.add :cardtype, tr(:error_cant_alter, name: name)
   end
 end
+
+event :validate_cardtype_name, :validate, on: :save, changed: :name do
+  if name =~ %r{[<>/]}
+    errors.add :name, tr(:error_invalid_character_in_cardtype, banned: "<, >, /")
+  end
+end

data/mod/standard/spec/{chunk → content/chunk}/include_spec.rb

@@ -2,16 +2,16 @@
 
 describe Card::Content::Chunk::Nest, "Inclusion" do
   context "syntax parsing" do
-    before do
-      @class = Card::Content::Chunk::Nest
-    end
-
     let :instance do
-      @class.new(@class.full_match(@chunk), nil)
+      described_class.new(described_class.full_match(@chunk), nil)
     end
     let(:options) { instance.options }
     let(:name) { instance.name }
 
+    def chunk_nest chunk
+      described_class.new(described_class.full_match(chunk), nil)
+    end
+
     it "ignores invisible comments" do
       expect(render_content("{{## now you see nothing}}")).to eq("")
     end

data/mod/standard/spec/{chunk → content/chunk}/link_spec.rb

@@ -1,6 +1,6 @@
 # -*- encoding : utf-8 -*-
 
-describe Card::Content::Chunk::Link do
+RSpec.describe Card::Content::Chunk::Link do
   def assert_link target, args
     text = args.delete(:text)
     format_args = args.delete(:format_args)

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: card
 version: !ruby/object:Gem::Version
-  version: 1.93.13
+  version: 1.94.0
 platform: ruby
 authors:
 - Ethan McCutchen
@@ -11,7 +11,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-03-01 00:00:00.000000000 Z
+date: 2018-03-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: cardname
@@ -19,14 +19,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.3.13
+        version: 0.4.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.3.13
+        version: 0.4.0
 - !ruby/object:Gem::Dependency
   name: haml
   requirement: !ruby/object:Gem::Requirement
@@ -572,6 +572,7 @@ files:
 - lib/card/view/visibility.rb
 - lib/cardio.rb
 - lib/cardio/schema.rb
+- lib/cardio/utils.rb
 - lib/generators/card.rb
 - lib/generators/card/format/USAGE
 - lib/generators/card/format/format_generator.rb
@@ -664,6 +665,7 @@ files:
 - mod/bootstrap/db/migrate_core_cards/data/custom_theme/fonts.scss
 - mod/bootstrap/db/migrate_core_cards/data/custom_theme/more.scss
 - mod/bootstrap/db/migrate_core_cards/data/custom_theme/spacing.scss
+- mod/bootstrap/db/migrate_core_cards/lib/skin.rb
 - mod/bootstrap/file/cerulean_skin_image/image-icon.png
 - mod/bootstrap/file/cerulean_skin_image/image-large.png
 - mod/bootstrap/file/cerulean_skin_image/image-medium.png
@@ -799,6 +801,7 @@ files:
 - mod/bootstrap/lib/stylesheets/smartmenu.css
 - mod/bootstrap/lib/stylesheets/style_bootstrap_cards.scss
 - mod/bootstrap/lib/stylesheets/style_select2_bootstrap.scss
+- mod/bootstrap/script/update_skin_thumbnails.rb
 - mod/bootstrap/set/abstract/bootstrap_code_file.rb
 - mod/bootstrap/set/all/bootstrap/accordion.rb
 - mod/bootstrap/set/all/bootstrap/form.rb
@@ -3654,6 +3657,7 @@ files:
 - mod/standard/set/all/rich_html/new.rb
 - mod/standard/set/all/rich_html/overlay.rb
 - mod/standard/set/all/rich_html/overlay/overlay_header.haml
+- mod/standard/set/all/rich_html/title.rb
 - mod/standard/set/all/rich_html/toolbar.rb
 - mod/standard/set/all/rich_html/wrapper.rb
 - mod/standard/set/right/discussion.rb
@@ -3679,9 +3683,9 @@ files:
 - mod/standard/set/type/set.rb
 - mod/standard/set/type/toggle.rb
 - mod/standard/set/type/uri.rb
-- mod/standard/spec/chunk/include_spec.rb
-- mod/standard/spec/chunk/link_spec.rb
-- mod/standard/spec/chunk/query_reference_spec.rb
+- mod/standard/spec/content/chunk/include_spec.rb
+- mod/standard/spec/content/chunk/link_spec.rb
+- mod/standard/spec/content/chunk/query_reference_spec.rb
 - mod/standard/spec/format/css_format_spec.rb
 - mod/standard/spec/format/csv_format_spec.rb
 - mod/standard/spec/format/email_html_format_spec.rb