RubyGems - dolzenko - Versions diffs - 0.0.22 → 0.0.23 - Mend

dolzenko 0.0.22 → 0.0.23

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

data/lib/dolzenko/light.rb +1 -0
data/lib/dolzenko/remote_download.rb +2 -0
data/lib/dolzenko/safe_interpolate.rb +80 -0
metadata +4 -3

data/lib/dolzenko/light.rb CHANGED Viewed

@@ -9,3 +9,4 @@ autoload :OpenStruct, "ostruct"
 module Net
   autoload :HTTP, "net/http"
 end
+autoload :StringIO, "stringio"

data/lib/dolzenko/remote_download.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+require "stringio"
 module Dolzenko
 # Simple `Net::HTTP` mumbo jumbo we all have to use occasionally.
 module RemoteDownload

data/lib/dolzenko/safe_interpolate.rb ADDED Viewed

@@ -0,0 +1,80 @@
+require "active_support/all"
+require "active_record"
+require "cgi"
+module SafeInterpolate
+  def generic_interpolate(string_block, interpolator)
+    string_with_interpolations = string_block.call
+    string_with_interpolations.gsub(/\#\{([^}]*)\}/) do
+      result = eval($1, string_block.binding)
+      interpolator[result]
+    end
+  end
+  def sql_interpolate(&string_block)
+    generic_interpolate(string_block, ActiveRecord::Base.connection.method(:quote))
+  end
+  def html_interpolate(&string_block)
+    generic_interpolate(string_block, ERB::Util.method(:html_escape))
+  end
+  def uri_interpolate(&string_block)
+    generic_interpolate(string_block, CGI.method(:escape))
+  end
+end
+if $PROGRAM_NAME == __FILE__
+  require 'rspec/core'
+  require 'rspec/expectations'
+  require 'rspec/matchers'
+  describe "SafeInterpolate#sql_interpolate" do
+    include SafeInterpolate
+    tmp_db_file = '/tmp/test.sqlite'
+    before(:all) do
+      ActiveRecord::Base.configurations = { 'test' => { :adapter => 'sqlite3', :database => tmp_db_file, :timeout => 5000 } }
+      ActiveRecord::Base.establish_connection('test')
+    end
+    after(:all) do
+      ActiveRecord::Base.remove_connection
+      File.delete(tmp_db_file) rescue nil
+    end
+    it "returns string passed in block" do
+      sql_interpolate { '42' }.should == "42"
+    end
+    it "interpolates expressions" do
+      num = 1
+      str = '123'
+      sql_interpolate { 'before #{ num } #{ str } after' }.should == 'before 1 \'123\' after'
+    end
+    it "properly quotes SQL sensitive characters" do
+      str = "'asd'; DROP TABLE users"
+      sql_interpolate { '#{ str }' }.should == "'''asd''; DROP TABLE users'"
+    end
+  end
+  describe "SafeInterpolate#html_interpolate" do
+    include SafeInterpolate
+    it "properly quotes HTML sensitive characters" do
+      str = '&"><'
+      html_interpolate { '<p>#{ str }</p>' }.should == "<p>&amp;&quot;&gt;&lt;</p>"
+    end
+  end
+  describe "SafeInterpolate#uri_interpolate" do
+    include SafeInterpolate
+    it "properly quotes URI sensitive characters" do
+      str = ':&? ='
+      uri_interpolate { 'http://example.com?q=#{ str }' }.should == "http://example.com?q=%3A%26%3F+%3D"
+    end
+  end
+end

metadata CHANGED Viewed

@@ -5,8 +5,8 @@ version: !ruby/object:Gem::Version
   segments:
   - 0
   - 0
-  - 22
-  version: 0.0.22
+  - 23
+  version: 0.0.23
 platform: ruby
 authors:
 - Evgeniy Dolzhenko
@@ -14,7 +14,7 @@ autorequire:
 bindir: bin
 cert_chain: []
-date: 2010-06-04 00:00:00 +04:00
+date: 2010-07-02 00:00:00 +04:00
 default_executable:
 dependencies:
 - !ruby/object:Gem::Dependency
@@ -72,6 +72,7 @@ files:
 - lib/dolzenko/io_interceptor.rb
 - lib/dolzenko/light.rb
 - lib/dolzenko/remote_download.rb
+- lib/dolzenko/safe_interpolate.rb
 - lib/dolzenko/shell_out.rb
 - lib/dolzenko/try_block.rb
 - lib/dolzenko.rb