dm_core 4.2.3.5 → 4.2.3.6

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/app/helpers/dm_core/liquid_helper.rb +3 -2
  3. data/app/models/comment.rb +1 -0
  4. data/app/models/custom_field.rb +1 -0
  5. data/lib/dm_core/version.rb +1 -1
  6. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 0490f46401026caee491bca39285f601fd19beca
4
- data.tar.gz: 02bcbb988dbb7981aa90514fcb96f68aa5422561
3
+ metadata.gz: ac89f31f284e74d5e6aac7acb6ea93b07215272a
4
+ data.tar.gz: fda380a2a51a1799b585bcb350bc56f946d2ea7e
5
5
  SHA512:
6
- metadata.gz: 54ad5aed91b6bfa8b7bb4286eb6758ff8b7da0b5c92e81ec3232252a4f29845433c86a43baa032173f82cdac605d4fe1705b7daeaf7214aad35e8a90b54d500b
7
- data.tar.gz: dcc180704d792810d0c430aca89b0e05fde8b34b1f3cc1546afc5ed489ec773f2aa060d70bef2754035c489c0b8d7d20756f4ec39679b52a9bbf97136e3061f4
6
+ metadata.gz: 754a71d30e5620791e1d59eb9e0c84fd745fd64fff018f7eff3e07a72749aaf5d635491cca9f62cbb92675844fa1d0ed43af47785e8d3baedbe7a4a32e263b13
7
+ data.tar.gz: 0c4121ebf9a9aaa375b58033d2ba0dd9fcc4252b31d295e4d5018629bcf4fa7877177bc306545d296c4d56279ae2bba8d366ef8954ae4953f3d03d9fe198f096
data/app/helpers/dm_core/liquid_helper.rb CHANGED
@@ -47,7 +47,8 @@ module DmCore::LiquidHelper
47
47
  else
48
48
  html = ::Kramdown::Document.new(content).to_html.html_safe
49
49
  end
50
- return options[:safe] ? sanitize_text(html, level: :relaxed).html_safe : html
50
+ # for safety, use :basic or lower
51
+ return options[:safe] ? sanitize_text(html, level: :basic).html_safe : html
51
52
  end
52
53
 
53
54
  # Uses Sanitize gem to fully sanitize any text.
@@ -63,7 +64,7 @@ module DmCore::LiquidHelper
63
64
  # Allows only very simple inline formatting markup. No links, images, or block elements.
64
65
  Sanitize.clean(content, Sanitize::Config::RESTRICTED)
65
66
  when :basic
66
- #Allows a variety of markup including formatting tags, links, and lists.
67
+ # Allows a variety of markup including formatting tags, links, and lists.
67
68
  # Images and tables are not allowed, links are limited to FTP, HTTP, HTTPS, and
68
69
  # mailto protocols, and a rel="nofollow" attribute is added to all links to
69
70
  # mitigate SEO spam.
data/app/models/comment.rb CHANGED
@@ -19,6 +19,7 @@ class Comment < ActiveRecord::Base
19
19
  belongs_to :account
20
20
 
21
21
  validates_presence_of :body
22
+ validates_length_of :body, maximum: 60000
22
23
  self.per_page = 10
23
24
 
24
25
  end
data/app/models/custom_field.rb CHANGED
@@ -38,6 +38,7 @@ class CustomField < ActiveRecord::Base
38
38
 
39
39
  validates_presence_of :field_data, if: Proc.new {|field| field.required?}
40
40
  validates_numericality_of :field_data, if: Proc.new {|field| field.field_type == 'number_field' && !field.field_data.blank?}
41
+ validates_length_of :field_data, maximum: 4096, if: Proc.new {|field| !field.field_data.blank?}
41
42
  validate :checkbox_required, if: Proc.new {|field| field.field_type == 'check_box_collection' && field.required?}
42
43
 
43
44
  #------------------------------------------------------------------------------
data/lib/dm_core/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module DmCore
2
- VERSION = "4.2.3.5"
2
+ VERSION = "4.2.3.6"
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dm_core
3
3
  version: !ruby/object:Gem::Version
4
- version: 4.2.3.5
4
+ version: 4.2.3.6
5
5
  platform: ruby
6
6
  authors:
7
7
  - Brett Walker
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2017-01-16 00:00:00.000000000 Z
11
+ date: 2017-01-17 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rails