dradis-html_export 3.9.0 → 3.10.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +5 -0
  3. data/dradis-html_export.gemspec +1 -1
  4. data/lib/dradis/plugins/html_export/exporter.rb +9 -3
  5. data/lib/dradis/plugins/html_export/gem_version.rb +1 -1
  6. metadata +7 -7
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: d6b5b6986bd7981e3077c68731420ed8f60f9ea4
4
- data.tar.gz: 3d6f8d24cd43621fda4e978badba9fbaced9896b
3
+ metadata.gz: 49f262777bc734cf9c057c50841c44d8fcd73b65
4
+ data.tar.gz: f7350952a6d61b78928c97226bd4c29cc1963da4
5
5
  SHA512:
6
- metadata.gz: 9eed6807256557eca8cf3b629710dd93fb936b32b4416d27dd37727591a6c0933583d1ebeacaa9c46145448541be36176900d5b01f36d8d22c9ec56d540388e3
7
- data.tar.gz: a96255d0e075db5f828ccfcb9ca251870886afa5f8469a383f9bef278b4268503e2df97edfa2a77700615b55a3add3bed85c75ac093358c89403525d9acefda7
6
+ metadata.gz: 6debdf7f488314090a76eb70914fccd012ad2ecf00a778e30a8810a5ae4374a218c9e3a64d70cbf96181117551ea554f411eb5873311dcbde8e950444b202f24
7
+ data.tar.gz: 740e514e90f8c09197ece9b706f9471b47245d6a14341827625afd01f1f7617bac81864dc542e38052a220581fa7180e35110c4df95f7c269dbec1b519c5acce
data/CHANGELOG.md CHANGED
@@ -1,3 +1,8 @@
1
+ ## Dradis Framework 3.10 (August, 2018) ##
2
+
3
+ * Security fix: update RedCloth to 4.3.2
4
+ * Fix issue sorting
5
+
1
6
  ## Dradis Framework 3.9 (January, 2018) ##
2
7
 
3
8
  * Updated rendering html as in Rails 5.1 (`render html:`)
data/dradis-html_export.gemspec CHANGED
@@ -25,7 +25,7 @@ Gem::Specification.new do |spec|
25
25
 
26
26
  # Note markup
27
27
  spec.add_dependency 'rails_autolink', '~> 1.1'
28
- spec.add_dependency 'RedCloth', '4.3.1'
28
+ spec.add_dependency 'RedCloth', '~> 4.3.2'
29
29
 
30
30
  # gem.add_development_dependency 'capybara', '~> 1.1.3'
31
31
  # gem.add_development_dependency 'database_cleaner'
data/lib/dradis/plugins/html_export/exporter.rb CHANGED
@@ -35,7 +35,7 @@ module Dradis
35
35
  logger.debug{ "Template properties define a sort field: #{sort_by}. Sorting..." }
36
36
 
37
37
  # FIXME: Assume the Field :type is :number, so cast .to_f and sort
38
- issues.sort! do |a, b|
38
+ issues.to_a.sort! do |a, b|
39
39
  b.fields.fetch(sort_by, '0').to_f <=> a.fields.fetch(sort_by, '0').to_f
40
40
  end
41
41
 
@@ -57,15 +57,21 @@ module Dradis
57
57
  end
58
58
 
59
59
  private
60
+
61
+ # FIXME This method is a behavioural duplicate of ApplicationHelper#markup
62
+ # from the main app, it would be better to re-use that code.
60
63
  def markup(text)
61
64
  return unless text.present?
62
65
 
63
- output = text.dup
66
+ # escape HTML 'manually' instead of using RedCloth's "filter_html"
67
+ # for security reasons
68
+ output = ERB::Util.html_escape(text.dup)
69
+
64
70
  Hash[ *text.scan(/#\[(.+?)\]#[\r|\n](.*?)(?=#\[|\z)/m).flatten.collect{ |str| str.strip } ].keys.each do |field|
65
71
  output.gsub!(/#\[#{Regexp.escape(field)}\]#[\r|\n]/, "h4. #{field}\n\n")
66
72
  end
67
73
 
68
- auto_link(RedCloth.new(output, [:filter_html, :no_span_caps]).to_html, sanitize: false ).html_safe
74
+ auto_link(RedCloth.new(output, [:no_span_caps]).to_html).html_safe
69
75
  end
70
76
  end
71
77
  end
data/lib/dradis/plugins/html_export/gem_version.rb CHANGED
@@ -8,7 +8,7 @@ module Dradis
8
8
 
9
9
  module VERSION
10
10
  MAJOR = 3
11
- MINOR = 9
11
+ MINOR = 10
12
12
  TINY = 0
13
13
  PRE = nil
14
14
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dradis-html_export
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.9.0
4
+ version: 3.10.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Daniel Martin
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2018-01-08 00:00:00.000000000 Z
11
+ date: 2018-08-31 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dradis-plugins
@@ -42,16 +42,16 @@ dependencies:
42
42
  name: RedCloth
43
43
  requirement: !ruby/object:Gem::Requirement
44
44
  requirements:
45
- - - '='
45
+ - - "~>"
46
46
  - !ruby/object:Gem::Version
47
- version: 4.3.1
47
+ version: 4.3.2
48
48
  type: :runtime
49
49
  prerelease: false
50
50
  version_requirements: !ruby/object:Gem::Requirement
51
51
  requirements:
52
- - - '='
52
+ - - "~>"
53
53
  - !ruby/object:Gem::Version
54
- version: 4.3.1
54
+ version: 4.3.2
55
55
  description: Export to HTML plugin for the Dradis Framework
56
56
  email:
57
57
  - "<etd@nomejortu.com>"
@@ -101,7 +101,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
101
101
  version: '0'
102
102
  requirements: []
103
103
  rubyforge_project:
104
- rubygems_version: 2.4.5
104
+ rubygems_version: 2.6.8
105
105
  signing_key:
106
106
  specification_version: 4
107
107
  summary: Dradis HTML export plugin