RubyGems - dolzenko - Versions diffs - 0.0.22 → 0.0.23 - Mend

dolzenko 0.0.22 → 0.0.23

Files changed (4) hide show

data/lib/dolzenko/light.rb +1 -0
data/lib/dolzenko/remote_download.rb +2 -0
data/lib/dolzenko/safe_interpolate.rb +80 -0
metadata +4 -3

data/lib/dolzenko/light.rb CHANGED Viewed

@@ -9,3 +9,4 @@ autoload :OpenStruct, "ostruct"
 module Net
   autoload :HTTP, "net/http"
 end
+autoload :StringIO, "stringio"

data/lib/dolzenko/remote_download.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+require "stringio"
 module Dolzenko
 # Simple `Net::HTTP` mumbo jumbo we all have to use occasionally.
 module RemoteDownload

data/lib/dolzenko/safe_interpolate.rb ADDED Viewed

@@ -0,0 +1,80 @@
+require "active_support/all"
+require "active_record"
+require "cgi"
+module SafeInterpolate
+  def generic_interpolate(string_block, interpolator)
+    string_with_interpolations = string_block.call
+    string_with_interpolations.gsub(/\#\{([^}]*)\}/) do
+      result = eval($1, string_block.binding)
+      interpolator[result]
+    end
+  end
+  def sql_interpolate(&string_block)
+    generic_interpolate(string_block, ActiveRecord::Base.connection.method(:quote))
+  end
+  def html_interpolate(&string_block)
+    generic_interpolate(string_block, ERB::Util.method(:html_escape))
+  end
+  def uri_interpolate(&string_block)
+    generic_interpolate(string_block, CGI.method(:escape))
+  end
+end
+if $PROGRAM_NAME == __FILE__
+  require 'rspec/core'
+  require 'rspec/expectations'
+  require 'rspec/matchers'
+  describe "SafeInterpolate#sql_interpolate" do
+    include SafeInterpolate
+    tmp_db_file = '/tmp/test.sqlite'
+    before(:all) do
+      ActiveRecord::Base.configurations = { 'test' => { :adapter => 'sqlite3', :database => tmp_db_file, :timeout => 5000 } }
+      ActiveRecord::Base.establish_connection('test')
+    end
+    after(:all) do
+      ActiveRecord::Base.remove_connection
+      File.delete(tmp_db_file) rescue nil
+    end
+    it "returns string passed in block" do
+      sql_interpolate { '42' }.should == "42"
+    end
+    it "interpolates expressions" do
+      num = 1
+      str = '123'
+      sql_interpolate { 'before #{ num } #{ str } after' }.should == 'before 1 \'123\' after'
+    end
+    it "properly quotes SQL sensitive characters" do
+      str = "'asd'; DROP TABLE users"
+      sql_interpolate { '#{ str }' }.should == "'''asd''; DROP TABLE users'"
+    end
+  end
+  describe "SafeInterpolate#html_interpolate" do
+    include SafeInterpolate
+    it "properly quotes HTML sensitive characters" do
+      str = '&"><'
+      html_interpolate { '<p>#{ str }</p>' }.should == "<p>&amp;&quot;&gt;&lt;</p>"
+    end
+  end
+  describe "SafeInterpolate#uri_interpolate" do
+    include SafeInterpolate
+    it "properly quotes URI sensitive characters" do
+      str = ':&? ='
+      uri_interpolate { 'http://example.com?q=#{ str }' }.should == "http://example.com?q=%3A%26%3F+%3D"
+    end
+  end
+end

metadata CHANGED Viewed

@@ -5,8 +5,8 @@ version: !ruby/object:Gem::Version
   segments:
   - 0
   - 0
-  - 22
-  version: 0.0.22
+  - 23
+  version: 0.0.23
 platform: ruby
 authors:
 - Evgeniy Dolzhenko
@@ -14,7 +14,7 @@ autorequire:
 bindir: bin
 cert_chain: []
-date: 2010-06-04 00:00:00 +04:00
+date: 2010-07-02 00:00:00 +04:00
 default_executable:
 dependencies:
 - !ruby/object:Gem::Dependency
@@ -72,6 +72,7 @@ files:
 - lib/dolzenko/io_interceptor.rb
 - lib/dolzenko/light.rb
 - lib/dolzenko/remote_download.rb
+- lib/dolzenko/safe_interpolate.rb
 - lib/dolzenko/shell_out.rb
 - lib/dolzenko/try_block.rb
 - lib/dolzenko.rb