comfortable_mexican_sofa 1.6.11 → 1.6.12

data/README.md

@@ -52,6 +52,8 @@ For more information please [see Wiki pages](https://github.com/comfy/comfortabl
 
 ![Sofa's Page Edit View](https://github.com/comfy/comfortable-mexican-sofa/raw/master/doc/preview.png)
 
+---
+
 ComfortableMexicanSofa is released under the [MIT license](https://github.com/comfy/comfortable-mexican-sofa/raw/master/LICENSE) 
 
 Copyright 2009-2011 Oleg Khabarov, [The Working Group Inc](http://www.twg.ca)

data/VERSION

@@ -1 +1 @@
-1.6.11
+1.6.12

data/app/assets/stylesheets/comfortable_mexican_sofa/content.css

@@ -175,6 +175,29 @@
 #cms_body ul.list li .item:hover {
   background-color: #fff;
 }
+/* -- Tables ------------------------------------------------------------ */
+#cms_body table.formatted {
+  width: 100%;
+}
+#cms_body table.formatted th, #cms_body table.formatted td {
+  white-space: nowrap;
+  padding: 6px;
+  background-color: #f1f1f1;
+  border-bottom: 2px solid #e6e6e6;
+  vertical-align: top;
+}
+#cms_body table.formatted th.main, #cms_body table.formatted td.main {
+  white-space: normal;
+  width: 100%;
+}
+#cms_body table.formatted th {
+  color: #000;
+  border-color: #9f9f9f;
+}
+#cms_body table.formatted tr:hover td {
+  background-color: #fff
+}
+
 /* -- Missing Translations ---------------------------------------------- */
 #cms_body .translation_missing {
   text-decoration: blink;

data/app/assets/stylesheets/comfortable_mexican_sofa/form.css

@@ -176,4 +176,7 @@
   text-transform: uppercase;
   color: #fff;
   margin-bottom: 3px;
+}
+#cms_body .form_element.simple_field .value input {
+  margin-bottom: 3px;
 }

data/app/assets/stylesheets/comfortable_mexican_sofa/typography.css

@@ -18,6 +18,9 @@ body#cms_body {
 #cms_body h1 + h2 {
   margin-top: -15px;
 }
+#cms_body p {
+  margin-bottom: 15px;
+}
 #cms_body a {
   text-decoration: none;
   color: #384E66;

data/app/controllers/cms_admin/base_controller.rb

@@ -13,6 +13,10 @@ class CmsAdmin::BaseController < ApplicationController
   
   layout 'cms_admin'
   
+  if ComfortableMexicanSofa.config.admin_cache_sweeper.present?
+    cache_sweeper *ComfortableMexicanSofa.config.admin_cache_sweeper
+  end
+  
   def jump
     path = ComfortableMexicanSofa.config.admin_route_redirect
     return redirect_to(path) unless path.blank?

data/app/controllers/cms_admin/sites_controller.rb

@@ -60,4 +60,4 @@ protected
     redirect_to :action => :index
   end
 
-end
+end

data/app/models/cms/layout.rb

@@ -77,6 +77,7 @@ protected
   end
   
   def assign_position
+    return if self.position.to_i > 0
     max = self.site.layouts.where(:parent_id => self.parent_id).maximum(:position)
     self.position = max ? max + 1 : 0
   end

data/app/models/cms/page.rb

@@ -157,6 +157,7 @@ protected
     end
   end
   
+  # NOTE: This can create 'phantom' page blocks as they are defined in the layout. This is normal.
   def set_cached_content
     write_attribute(:content, self.content(true))
   end

data/app/views/cms_admin/files/edit.html.erb

@@ -1,5 +1,5 @@
 <h1><%= t('.title') %></h1>
 
-<%= cms_form_for @file, :as => :file, :url => {:action => :update} do |form| %>
+<%= comfy_form_for @file, :as => :file, :url => {:action => :update} do |form| %>
   <%= render :partial => 'form', :object => form %>
 <% end %>

data/app/views/cms_admin/files/new.html.erb

@@ -1,5 +1,5 @@
 <h1><%= t('.title') %></h1>
 
-<%= cms_form_for @file, :as => :file, :url => {:action => :create}, :html => {:multipart => true} do |form| %>
+<%= comfy_form_for @file, :as => :file, :url => {:action => :create}, :html => {:multipart => true} do |form| %>
   <%= render :partial => 'form', :object => form %>
 <% end %>

data/app/views/cms_admin/layouts/edit.html.erb

@@ -6,6 +6,6 @@
   <%= render :partial => 'cms_admin/sites/mirrors', :object => @layout %>
 <% end %>
 
-<%= cms_form_for @layout, :as => :layout, :url => {:action => :update} do |form| %>
+<%= comfy_form_for @layout, :as => :layout, :url => {:action => :update} do |form| %>
   <%= render :partial => 'form', :object => form %>
 <% end %>

data/app/views/cms_admin/layouts/new.html.erb

@@ -1,5 +1,5 @@
 <h1><%= t('.title') %></h1>
 
-<%= cms_form_for @layout, :as => :layout, :url => {:action => :create} do |form| %>
+<%= comfy_form_for @layout, :as => :layout, :url => {:action => :create} do |form| %>
   <%= render :partial => 'form', :object => form %>
 <% end %>

data/app/views/cms_admin/pages/edit.html.erb

@@ -6,6 +6,6 @@
   <%= render :partial => 'cms_admin/sites/mirrors', :object => @page %>
 <% end %>
 
-<%= cms_form_for @page, :as => :page, :url => {:action => :update}, :html => {:multipart => true} do |form| %>
+<%= comfy_form_for @page, :as => :page, :url => {:action => :update}, :html => {:multipart => true} do |form| %>
   <%= render :partial => 'form', :object => form %>
 <% end %>

data/app/views/cms_admin/pages/new.html.erb

@@ -1,5 +1,5 @@
 <h1><%= t('.title') %></h1>
 
-<%= cms_form_for @page, :as => :page, :url => {:action => :create}, :html => {:multipart => true} do |form| %>
+<%= comfy_form_for @page, :as => :page, :url => {:action => :create}, :html => {:multipart => true} do |form| %>
   <%= render :partial => 'form', :object => form %>
 <% end %>

data/app/views/cms_admin/revisions/show.html.erb

@@ -10,7 +10,7 @@
   </div>
 <% end %>
 
-<%= cms_form_for @revision, :url => {:action => :revert} do |form| %>
+<%= comfy_form_for @revision, :url => {:action => :revert} do |form| %>
   <%= form.simple_field do %>
     <div class='current'>
       <div class='title'>Current</div>

data/app/views/cms_admin/sites/edit.html.erb

@@ -1,5 +1,5 @@
 <h1><%= t('.title') %></h1>
 
-<%= cms_form_for @site, :as => :site, :url => {:action => :update} do |form| %>
+<%= comfy_form_for @site, :as => :site, :url => {:action => :update} do |form| %>
   <%= render :partial => 'form', :object => form %>
 <% end %>

data/app/views/cms_admin/sites/new.html.erb

@@ -1,5 +1,5 @@
 <h1><%= t('.title') %></h1>
 
-<%= cms_form_for @site, :as => :site, :url => {:action => :create} do |form| %>
+<%= comfy_form_for @site, :as => :site, :url => {:action => :create} do |form| %>
   <%= render :partial => 'form', :object => form %>
 <% end %>

data/app/views/cms_admin/snippets/edit.html.erb

@@ -5,6 +5,6 @@
   <%= render :partial => 'cms_admin/sites/mirrors', :object => @snippet %>
 <% end %>
 
-<%= cms_form_for @snippet, :as => :snippet, :url => {:action => :update} do |form| %>
+<%= comfy_form_for @snippet, :as => :snippet, :url => {:action => :update} do |form| %>
   <%= render :partial => 'form', :object => form %>
 <% end %>

data/app/views/cms_admin/snippets/new.html.erb

@@ -1,5 +1,5 @@
 <h1><%= t('.title') %></h1>
 
-<%= cms_form_for @snippet, :as => :snippet, :url => {:action => :create} do |form| %>
+<%= comfy_form_for @snippet, :as => :snippet, :url => {:action => :create} do |form| %>
   <%= render :partial => 'form', :object => form %>
 <% end %>

data/app/views/cms_content/render_sitemap.xml.builder

@@ -11,4 +11,5 @@ xml.urlset :xmlns => 'http://www.sitemaps.org/schemas/sitemap/0.9' do
       xml.lastmod page.updated_at.strftime('%Y-%m-%d')
     end
   end
+  ComfortableMexicanSofa::Sitemap.process(@cms_site, self, xml)
 end

data/comfortable_mexican_sofa.gemspec

@@ -5,11 +5,11 @@
 
 Gem::Specification.new do |s|
   s.name = "comfortable_mexican_sofa"
-  s.version = "1.6.11"
+  s.version = "1.6.12"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = ["Oleg Khabarov", "The Working Group Inc"]
-  s.date = "2012-02-08"
+  s.date = "2012-02-21"
   s.description = ""
   s.email = "oleg@theworkinggroup.ca"
   s.extra_rdoc_files = [
@@ -218,6 +218,7 @@ Gem::Specification.new do |s|
     "lib/comfortable_mexican_sofa/fixtures.rb",
     "lib/comfortable_mexican_sofa/form_builder.rb",
     "lib/comfortable_mexican_sofa/render_methods.rb",
+    "lib/comfortable_mexican_sofa/sitemap.rb",
     "lib/comfortable_mexican_sofa/tag.rb",
     "lib/comfortable_mexican_sofa/tags/asset.rb",
     "lib/comfortable_mexican_sofa/tags/collection.rb",
@@ -295,6 +296,7 @@ Gem::Specification.new do |s|
     "test/unit/models/site_test.rb",
     "test/unit/models/snippet_test.rb",
     "test/unit/revisions_test.rb",
+    "test/unit/sitemap_test.rb",
     "test/unit/tag_test.rb",
     "test/unit/tags/asset_test.rb",
     "test/unit/tags/collection_test.rb",

data/config/initializers/comfortable_mexican_sofa.rb

@@ -22,10 +22,9 @@ ComfortableMexicanSofa.configure do |config|
   # for example '/cms-admin/users'
   #   config.admin_route_redirect = ''
   
-  # By default you cannot have irb code inside your layouts/pages/snippets.
-  # Generally this is to prevent putting something like this:
-  # <% User.delete_all %> but if you really want to allow it...
-  #   config.allow_irb = false
+  # Normally we include default routes from https://github.com/comfy/comfortable-mexican-sofa/blob/master/config/routes.rb
+  # If you want to include the routes manually set this to false
+  #   config.use_default_routes = true
   
   # File uploads use Paperclip and can support filesystem or s3 uploads.  Override
   # the upload method and appropriate settings based on Paperclip.  For S3 see:
@@ -71,6 +70,23 @@ ComfortableMexicanSofa.configure do |config|
   # definition in your database.yml file
   #   config.database_config = nil
   
+  # A class that is included as a sweeper to admin base controller if it's set
+  #   config.admin_cache_sweeper = nil
+  
+  # By default you cannot have irb code inside your layouts/pages/snippets.
+  # Generally this is to prevent putting something like this:
+  # <% User.delete_all %> but if you really want to allow it...
+  #   config.allow_irb = false
+  
+  # Whitelist of all helper methods that can be used via {{cms:helper}} tag. By default
+  # all helpers are allowed except `eval`, `send`, `call` and few others. Empty array
+  # will prevent rendering of all helpers.
+  #   config.allowed_helpers = nil
+  
+  # Whitelist of partials paths that can be used via {{cms:partial}} tag. All partials
+  # are accessible by default. Empty array will prevent rendering of all partials.
+  #   config.allowed_partials = nil
+  
 end
 
 # Default credentials for ComfortableMexicanSofa::HttpAuth

data/config/routes.rb

@@ -1,5 +1,5 @@
 Rails.application.routes.draw do
-  
+
   namespace :cms_admin, :path => ComfortableMexicanSofa.config.admin_route_prefix, :except => :show do
     get '/', :to => 'base#jump'
     resources :sites do
@@ -41,4 +41,4 @@ Rails.application.routes.draw do
     get '/' => :render_html,  :as => 'cms_html',  :path => "(*cms_path)"
   end
   
-end
+end if ComfortableMexicanSofa.config.use_default_routes

data/lib/comfortable_mexican_sofa.rb

@@ -13,6 +13,7 @@ end
   'comfortable_mexican_sofa/view_methods',
   'comfortable_mexican_sofa/form_builder',
   'comfortable_mexican_sofa/tag',
+  'comfortable_mexican_sofa/sitemap',
   'comfortable_mexican_sofa/fixtures',
   'comfortable_mexican_sofa/extensions/rails',
   'comfortable_mexican_sofa/extensions/acts_as_tree',
@@ -66,4 +67,4 @@ module ComfortableMexicanSofa
     end
     
   end
-end
+end

data/lib/comfortable_mexican_sofa/authentication/dummy_auth.rb

@@ -1,8 +1,8 @@
 module ComfortableMexicanSofa::DummyAuth
-  
+
   # Will always let you in
   def authenticate
     true
   end
   
-end
+end

data/lib/comfortable_mexican_sofa/authentication/http_auth.rb

@@ -14,4 +14,5 @@ module ComfortableMexicanSofa::HttpAuth
       username == self.username && password == self.password
     end
   end
-end
+  
+end

data/lib/comfortable_mexican_sofa/configuration.rb

@@ -2,7 +2,7 @@
 
 class ComfortableMexicanSofa::Configuration
   
-  # Don't like Comfortable Mexican Sofa? Set it to whatever you like. :(
+  # Don't like ComfortableMexicanSofa? Set it to whatever you like. :(
   attr_accessor :cms_title
   
   # Module that will handle authentication to access cms-admin area
@@ -18,9 +18,10 @@ class ComfortableMexicanSofa::Configuration
   # When arriving at /cms-admin you may chose to redirect to arbirtary path,
   # for example '/cms-admin/users'
   attr_accessor :admin_route_redirect
-  
-  # Not allowing irb code to be run inside page content. False by default.
-  attr_accessor :allow_irb
+
+  # Normally we include default routes from https://github.com/comfy/comfortable-mexican-sofa/blob/master/config/routes.rb
+  # If you want to include the routes manually set this to false
+  attr_accessor :use_default_routes
   
   # Upload settings
   attr_accessor :upload_file_options
@@ -49,6 +50,21 @@ class ComfortableMexicanSofa::Configuration
   # in your database.yml file
   attr_accessor :database_config
   
+  # A class that is included as a sweeper to admin base controller if it's set
+  attr_accessor :admin_cache_sweeper
+  
+  # Not allowing irb code to be run inside page content. False by default.
+  attr_accessor :allow_irb
+  
+  # Whitelist of all helper methods that can be used via {{cms:helper}} tag. By default
+  # all helpers are allowed except `eval`, `send`, `call` and few others. Empty array
+  # will prevent rendering of all helpers.
+  attr_accessor :allowed_helpers
+  
+  # Whitelist of partials paths that can be used via {{cms:partial}} tag. All partials
+  # are accessible by default. Empty array will prevent rendering of all partials.
+  attr_accessor :allowed_partials
+  
   # Configuration defaults
   def initialize
     @cms_title            = 'ComfortableMexicanSofa CMS Engine'
@@ -57,7 +73,7 @@ class ComfortableMexicanSofa::Configuration
     @seed_data_path       = nil
     @admin_route_prefix   = 'cms-admin'
     @admin_route_redirect = ''
-    @allow_irb            = false
+    @use_default_routes   = true
     @upload_file_options  = { :url => '/system/:class/:id/:attachment/:style/:filename' }
     @enable_fixtures      = false
     @fixtures_path        = File.expand_path('db/cms_fixtures', Rails.root)
@@ -70,6 +86,10 @@ class ComfortableMexicanSofa::Configuration
     }
     @admin_locale         = nil
     @database_config      = nil
+    @admin_cache_sweeper  = nil
+    @allow_irb            = false
+    @allowed_helpers      = nil
+    @allowed_partials     = nil
   end
   
 end

data/lib/comfortable_mexican_sofa/fixtures.rb

@@ -110,10 +110,12 @@ module ComfortableMexicanSofa::Fixtures
       end
       
       # updating content
+      blocks_to_clear = page.blocks.collect(&:identifier)
       blocks_attributes = [ ]
       Dir.glob("#{path}/*.html").each do |file_path|
+        identifier = file_path.split('/').last.split('.').first
+        blocks_to_clear.delete(identifier)
         if page.new_record? || File.mtime(file_path) > page.updated_at
-          identifier = file_path.split('/').last.split('.').first
           blocks_attributes << {
             :identifier => identifier,
             :content    => File.open(file_path).read
@@ -121,6 +123,14 @@ module ComfortableMexicanSofa::Fixtures
         end
       end
       
+      # clearing removed blocks
+      blocks_to_clear.each do |identifier|
+        blocks_attributes << {
+          :identifier => identifier,
+          :content    => nil
+        }
+      end
+      
       # saving
       page.blocks_attributes = blocks_attributes if blocks_attributes.present?
       if page.changed? || blocks_attributes.present?

data/lib/comfortable_mexican_sofa/form_builder.rb

@@ -35,7 +35,7 @@ class ComfortableMexicanSofa::FormBuilder < ActionView::Helpers::FormBuilder
   def simple_field(label = nil, content = nil, options = {}, &block)
     content ||= @template.capture(&block) if block_given?
     %(
-      <div class='form_element #{options.delete(:class)}'>
+      <div class='form_element simple_field #{options.delete(:class)}'>
         <div class='label'>#{label}</div>
         <div class='value'>#{content}</div>
       </div>

data/lib/comfortable_mexican_sofa/render_methods.rb

@@ -36,7 +36,6 @@ module ComfortableMexicanSofa::RenderMethods
     # 
     def render(options = {}, locals = {}, &block)
       
-      # TODO: add slug to Cms::Site as well
       if options.is_a?(Hash) && identifier = options.delete(:cms_site)
         unless @cms_site = Cms::Site.find_by_identifier(identifier)
           raise ComfortableMexicanSofa::MissingSite.new(identifier)

data/lib/comfortable_mexican_sofa/sitemap.rb

@@ -0,0 +1,27 @@
+class ComfortableMexicanSofa::Sitemap
+  
+  # we want our callback to include the cms_site and 
+  # the view so we have whatever routes are available to us
+  # xml is an xml_builder which expects a sitemap url definition, e.g:
+  #   xml.url do
+  #     xml.loc view.url_for("http://example.org/example")
+  #     xml.lastmod 2.days.ago.strftime('%Y-%m-%d')
+  #   end
+  def self.process(cms_site, view, xml)
+    self.sitemap_extensions.each do |extension|
+      extension.call(cms_site, view, xml)
+    end
+  end
+  
+  def self.register_extension(callback)
+    self.sitemap_extensions.push(callback)
+  end
+  
+private
+  
+  # A list of registered sitemap extension methods
+  def self.sitemap_extensions
+    @@sitemap_extensions ||= []
+  end
+  
+end

data/lib/comfortable_mexican_sofa/tag.rb

@@ -31,10 +31,17 @@ module ComfortableMexicanSofa::Tag
     # First capture group in the regex is the tag identifier
     def initialize_tag(page, tag_signature)
       if match = tag_signature.match(regex_tag_signature)
+        
+        params = begin
+          (CSV.parse_line(match[2].to_s, (RUBY_VERSION < '1.9.2' ? ':' : {:col_sep => ':'})) || []).compact
+        rescue
+          []
+        end.map{|p| p.gsub(/\\|'/) { |c| "\\#{c}" } }
+        
         tag = self.new
         tag.page        = page
         tag.identifier  = match[1]
-        tag.params      = (CSV.parse_line(match[2].to_s, (RUBY_VERSION < '1.9.2' ? ':' : {:col_sep => ':'})) || []).compact
+        tag.params      = params
         tag
       end
     end

data/lib/comfortable_mexican_sofa/tags/helper.rb

@@ -1,6 +1,8 @@
 class ComfortableMexicanSofa::Tag::Helper
   include ComfortableMexicanSofa::Tag
   
+  BLACKLIST = %w(eval class_eval instance_eval render)
+  
   def self.regex_tag_signature(identifier = nil)
     identifier ||= /[\w\-]+/
     /\{\{\s*cms:helper:(#{identifier}):?(.*?)\s*\}\}/
@@ -10,4 +12,13 @@ class ComfortableMexicanSofa::Tag::Helper
     "<%= #{identifier}(#{params.collect{|p| "'#{p}'"}.join(', ')}) %>"
   end
   
+  def render
+    whitelist = ComfortableMexicanSofa.config.allowed_helpers
+    if whitelist.is_a?(Array)
+      content if whitelist.map!(&:to_s).member?(identifier)
+    else 
+      content unless BLACKLIST.member?(identifier)
+    end
+  end
+  
 end

data/lib/comfortable_mexican_sofa/tags/partial.rb

@@ -11,4 +11,13 @@ class ComfortableMexicanSofa::Tag::Partial
     "<%= render :partial => '#{identifier}'#{ps.blank?? nil : ", :locals => {#{ps}}"} %>"
   end
   
+  def render
+    whitelist = ComfortableMexicanSofa.config.allowed_partials
+    if whitelist.is_a?(Array)
+      content if whitelist.member?(identifier)
+    else
+      content
+    end
+  end
+  
 end

data/lib/comfortable_mexican_sofa/view_methods.rb

@@ -1,6 +1,6 @@
 module ComfortableMexicanSofa::ViewMethods
   # Wrapper around CmsFormBuilder
-  def cms_form_for(record_or_name_or_array, *args, &proc)
+  def comfy_form_for(record_or_name_or_array, *args, &proc)
     options = args.extract_options!
     form_for(record_or_name_or_array, *(args << options.merge(:builder => ComfortableMexicanSofa::FormBuilder)), &proc)
   end

data/test/functional/cms_content_controller_test.rb

@@ -182,4 +182,21 @@ class CmsContentControllerTest < ActionController::TestCase
     assert_match '<loc>http://test.host/en/child-page</loc>', response.body
   end
 
+  class TestRenderException
+    def self.callback(cms_site, view, xml)
+      xml.url do
+        # make sure we have the view
+        xml.loc view.url_for("http://test.host/test_render")
+        xml.lastmod 2.days.ago.strftime('%Y-%m-%d')
+      end
+    end
+  end
+
+  def test_rendering_sitemap_with_extensions
+    ComfortableMexicanSofa::Sitemap.register_extension(TestRenderException.method(:callback))
+    get :render_sitemap, :format => :xml
+    assert_response :success
+    assert_match '<loc>http://test.host/test_render</loc>', response.body
+  end
+
 end

data/test/integration/routing_extensions_test.rb

@@ -35,4 +35,13 @@ class RoutingExtensionsTest < ActionDispatch::IntegrationTest
     assert_response 404
   end
   
+  def test_get_admin_with_all_routes_disabled
+    ComfortableMexicanSofa.config.use_default_routes = false
+    Rails.application.reload_routes!
+    
+    assert_exception_raised ActionController::RoutingError do
+      http_auth :get, '/'
+    end
+  end
+  
 end

data/test/test_helper.rb

@@ -23,7 +23,7 @@ class ActiveSupport::TestCase
       config.public_auth          = 'ComfortableMexicanSofa::DummyAuth'
       config.admin_route_prefix   = 'cms-admin'
       config.admin_route_redirect = ''
-      config.allow_irb            = false
+      config.use_default_routes   = true
       config.enable_fixtures      = false
       config.fixtures_path        = File.expand_path('db/cms_fixtures', Rails.root)
       config.revisions_limit      = 25
@@ -35,6 +35,10 @@ class ActiveSupport::TestCase
       }
       config.admin_locale         = nil
       config.upload_file_options  = { :url => '/system/:class/:id/:attachment/:style/:filename' }
+      config.admin_cache_sweeper  = nil
+      config.allow_irb            = false
+      config.allowed_helpers      = nil
+      config.allowed_partials     = nil
     end
     ComfortableMexicanSofa::HttpAuth.username = 'username'
     ComfortableMexicanSofa::HttpAuth.password = 'password'

data/test/unit/configuration_test.rb

@@ -10,8 +10,9 @@ class ConfigurationTest < ActiveSupport::TestCase
     assert_equal 'ComfortableMexicanSofa::HttpAuth', config.admin_auth
     assert_equal 'ComfortableMexicanSofa::DummyAuth', config.public_auth
     assert_equal 'cms-admin', config.admin_route_prefix
+    assert_equal true, config.use_default_routes
     assert_equal '', config.admin_route_redirect
-    assert_equal false, config.allow_irb
+    
     assert_equal false, config.enable_fixtures
     assert_equal File.expand_path('db/cms_fixtures', Rails.root), config.fixtures_path
     assert_equal 25, config.revisions_limit
@@ -26,6 +27,10 @@ class ConfigurationTest < ActiveSupport::TestCase
     assert_equal ({
       :url => '/system/:class/:id/:attachment/:style/:filename'
     }), config.upload_file_options
+    assert_equal nil, config.admin_cache_sweeper
+    assert_equal false, config.allow_irb
+    assert_equal nil, config.allowed_helpers
+    assert_equal nil, config.allowed_partials
   end
   
   def test_initialization_overrides

data/test/unit/fixtures_test.rb

@@ -124,7 +124,14 @@ class FixturesTest < ActiveSupport::TestCase
   end
   
   def test_import_pages_ignoring
-    page = cms_pages(:default)
+    Cms::Page.destroy_all
+    
+    page = cms_sites(:default).pages.create!(
+      :label  => 'Test',
+      :layout => cms_layouts(:default),
+      :blocks_attributes => [ { :identifier => 'content', :content => 'test content' } ]
+    )
+    
     page_path         = File.join(ComfortableMexicanSofa.config.fixtures_path, 'example.com', 'pages', 'index')
     attr_file_path    = File.join(page_path, '_index.yml')
     content_file_path = File.join(page_path, 'content.html')
@@ -134,9 +141,31 @@ class FixturesTest < ActiveSupport::TestCase
     
     ComfortableMexicanSofa::Fixtures.import_pages('test.host', 'example.com')
     page.reload
+    
     assert_equal nil, page.slug
-    assert_equal 'Default Page', page.label
-    assert_equal "\nlayout_content_a\ndefault_page_text_content_a\ndefault_snippet_content\ndefault_page_text_content_b\nlayout_content_b\ndefault_snippet_content\nlayout_content_c", page.content
+    assert_equal 'Test', page.label
+    block = page.blocks.where(:identifier => 'content').first
+    assert_equal 'test content', block.content
+  end
+  
+  def test_import_pages_removing_deleted_blocks
+    Cms::Page.destroy_all
+    
+    page = cms_sites(:default).pages.create!(
+      :label  => 'Test',
+      :layout => cms_layouts(:default),
+      :blocks_attributes => [ { :identifier => 'to_delete', :content => 'test content' } ]
+    )
+    page.update_attribute(:updated_at, 10.years.ago)
+    
+    ComfortableMexicanSofa::Fixtures.import_pages('test.host', 'example.com')
+    page.reload
+    
+    block = page.blocks.where(:identifier => 'content').first
+    assert_equal "Home Page Fixture Contént\n{{ cms:snippet:default }}", block.content
+    
+    block = page.blocks.where(:identifier => 'to_delete').first
+    assert_equal nil, block.content
   end
   
   def test_import_snippets_creating

data/test/unit/form_builder_test.rb

@@ -4,7 +4,7 @@ class FormBuilderTest < ActionView::TestCase
   include ComfortableMexicanSofa::ViewMethods
   
   def test_form_render_basic
-    concat( cms_form_for(cms_pages(:child), :url => '#') do |f|
+    concat( comfy_form_for(cms_pages(:child), :url => '#') do |f|
       f.text_area(:label) +
       f.text_field(:slug) +
       f.select(:parent_id, [['1', 'Parent']])
@@ -27,7 +27,7 @@ class FormBuilderTest < ActionView::TestCase
   end
   
   def test_form_render_with_custom_ids
-    concat( cms_form_for(cms_pages(:child), :url => '#') do |f|
+    concat( comfy_form_for(cms_pages(:child), :url => '#') do |f|
       f.text_field(:label, :id => 'slugify') +
       f.text_field(:slug)
     end )
@@ -38,13 +38,13 @@ class FormBuilderTest < ActionView::TestCase
   end
   
   def test_form_label_with_html_safe_labels
-    cms_form_for(cms_pages(:child), :url => '#') do |f|
+    comfy_form_for(cms_pages(:child), :url => '#') do |f|
       assert f.label_for(:is_published).html_safe?
     end
   end
   
   def test_form_label_custom_override
-    concat( cms_form_for(cms_pages(:child), :url => '#') do |f|
+    concat( comfy_form_for(cms_pages(:child), :url => '#') do |f|
       f.text_field(:slug, :label => 'Custom')
     end )
     assert_select 'label[for="cms_page_slug"]', 'Custom'
@@ -55,7 +55,7 @@ class FormBuilderTest < ActionView::TestCase
       :attributes => { :slug => "Gulsty" },
       :activerecord => { :attributes => { :'cms/page' => { :label => 'Titlumtimpin' } } }
     } do
-      concat( cms_form_for(cms_pages(:child), :url => '#') do |f|
+      concat( comfy_form_for(cms_pages(:child), :url => '#') do |f|
         f.text_field(:label) +
         f.text_field(:slug) +
         f.text_field(:parent_id)

data/test/unit/sitemap_test.rb

@@ -0,0 +1,20 @@
+require File.expand_path('../test_helper', File.dirname(__FILE__))
+
+class SitemapTest < ActiveSupport::TestCase
+  class DummySitemapExtension
+    @@calls = 0
+    def self.calls
+      @@calls
+    end
+    def self.callback(cms_site, view, xml)
+      @@calls = @@calls + 1
+    end
+  end
+
+  def test_should_get_registered_extensions
+    ComfortableMexicanSofa::Sitemap.register_extension(DummySitemapExtension.method(:callback))
+    ComfortableMexicanSofa::Sitemap.process(cms_sites(:default), nil, "xml")
+    assert_equal 1, DummySitemapExtension.calls
+  end
+
+end

data/test/unit/tag_test.rb

@@ -266,4 +266,12 @@ class TagTest < ActiveSupport::TestCase
     assert_equal "<% 1 + 1 %> text <% 2 + 2 %> snippet <%= 2 + 2 %> <%= render :partial => 'path/to' %> <%= method() %> text <%= render :partial => 'partials/cms/snippets', :locals => {:model => 'Cms::Snippet', :identifier => '#{snippet.id}'} %> <%= 1 + 1 %>", page.content
   end
   
+  def test_escaping_of_parameters
+    tag = ComfortableMexicanSofa::Tag::Helper.initialize_tag(
+      cms_pages(:default), '{{cms:helper:h:"\'+User.first.inspect+\'"}}'
+    )
+    assert_equal %{<%= h('\\'+User.first.inspect+\\'') %>}, tag.content
+    assert_equal %{<%= h('\\'+User.first.inspect+\\'') %>}, tag.render
+  end
+  
 end

data/test/unit/tags/helper_test.rb

@@ -56,4 +56,31 @@ class HelperTagTest < ActiveSupport::TestCase
     assert_equal "<%= method_name('param1', 'param2') %>", tag.render
   end
   
+  def test_blacklisted_methods
+    ComfortableMexicanSofa::Tag::Helper::BLACKLIST.each do |method|
+      tag = ComfortableMexicanSofa::Tag::Helper.initialize_tag(
+        cms_pages(:default), "{{ cms:helper:#{method}:Rails.env }}"
+      )
+      assert_equal "<%= #{method}('Rails.env') %>", tag.content
+      assert_equal nil, tag.render
+    end
+  end
+  
+  def test_whitelisted_methods
+    ComfortableMexicanSofa.config.allowed_helpers = [:tester, :eval]
+    ComfortableMexicanSofa.config.allowed_helpers.each do |method|
+      tag = ComfortableMexicanSofa::Tag::Helper.initialize_tag(
+        cms_pages(:default), "{{ cms:helper:#{method}:Rails.env }}"
+      )
+      assert_equal "<%= #{method}('Rails.env') %>", tag.content
+      assert_equal "<%= #{method}('Rails.env') %>", tag.render
+    end
+    
+    tag = ComfortableMexicanSofa::Tag::Helper.initialize_tag(
+      cms_pages(:default), "{{ cms:helper:invalid:Rails.env }}"
+    )
+    assert_equal "<%= invalid('Rails.env') %>", tag.content
+    assert_equal nil, tag.render
+  end
+  
 end

data/test/unit/tags/partial_test.rb

@@ -57,4 +57,20 @@ class PartialTagTest < ActiveSupport::TestCase
     assert_equal "<%= render :partial => 'path/to/partial', :locals => {:param_1 => 'param1', :param_2 => 'param2'} %>", tag.render
   end
   
+  def test_whitelisted_paths
+    ComfortableMexicanSofa.config.allowed_partials = ['safe/path']
+    
+    tag = ComfortableMexicanSofa::Tag::Partial.initialize_tag(
+      cms_pages(:default), '{{cms:partial:safe/path}}'
+    )
+    assert_equal "<%= render :partial => 'safe/path' %>", tag.content
+    assert_equal "<%= render :partial => 'safe/path' %>", tag.render
+    
+    tag = ComfortableMexicanSofa::Tag::Partial.initialize_tag(
+      cms_pages(:default), '{{cms:partial:unsafe/path}}'
+    )
+    assert_equal "<%= render :partial => 'unsafe/path' %>", tag.content
+    assert_equal nil, tag.render
+  end
+  
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: comfortable_mexican_sofa
 version: !ruby/object:Gem::Version
-  version: 1.6.11
+  version: 1.6.12
   prerelease: 
 platform: ruby
 authors:
@@ -10,11 +10,11 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2012-02-08 00:00:00.000000000Z
+date: 2012-02-21 00:00:00.000000000Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
-  requirement: &70121486515260 !ruby/object:Gem::Requirement
+  requirement: &70366229980420 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -22,10 +22,10 @@ dependencies:
         version: 3.0.0
   type: :runtime
   prerelease: false
-  version_requirements: *70121486515260
+  version_requirements: *70366229980420
 - !ruby/object:Gem::Dependency
   name: active_link_to
-  requirement: &70121486514720 !ruby/object:Gem::Requirement
+  requirement: &70366229978160 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
@@ -33,10 +33,10 @@ dependencies:
         version: 1.0.0
   type: :runtime
   prerelease: false
-  version_requirements: *70121486514720
+  version_requirements: *70366229978160
 - !ruby/object:Gem::Dependency
   name: paperclip
-  requirement: &70121486514020 !ruby/object:Gem::Requirement
+  requirement: &70366229976420 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -44,7 +44,7 @@ dependencies:
         version: 2.3.0
   type: :runtime
   prerelease: false
-  version_requirements: *70121486514020
+  version_requirements: *70366229976420
 description: ''
 email: oleg@theworkinggroup.ca
 executables: []
@@ -254,6 +254,7 @@ files:
 - lib/comfortable_mexican_sofa/fixtures.rb
 - lib/comfortable_mexican_sofa/form_builder.rb
 - lib/comfortable_mexican_sofa/render_methods.rb
+- lib/comfortable_mexican_sofa/sitemap.rb
 - lib/comfortable_mexican_sofa/tag.rb
 - lib/comfortable_mexican_sofa/tags/asset.rb
 - lib/comfortable_mexican_sofa/tags/collection.rb
@@ -331,6 +332,7 @@ files:
 - test/unit/models/site_test.rb
 - test/unit/models/snippet_test.rb
 - test/unit/revisions_test.rb
+- test/unit/sitemap_test.rb
 - test/unit/tag_test.rb
 - test/unit/tags/asset_test.rb
 - test/unit/tags/collection_test.rb
@@ -364,7 +366,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: 1091644248589677740
+      hash: -4596160239397252587
 required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
   requirements: