fat_free_crm 0.16.3 → 0.16.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. checksums.yaml +5 -5
  2. data/CHANGELOG.md +6 -0
  3. data/app/helpers/tags_helper.rb +1 -1
  4. data/lib/fat_free_crm/version.rb +1 -1
  5. metadata +3 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
- SHA1:
3
- metadata.gz: 12ac74622a278199d8c503a22920fb0b03300bdb
4
- data.tar.gz: d27004574a068d05ae85751eddcc1c3ab3cc8287
2
+ SHA256:
3
+ metadata.gz: ae1017dbbd08e35ac7336f1809ac762ec68f767f2c5f0f0e5271b9f1549f7ffc
4
+ data.tar.gz: 893edf5f3b660171f2a22e14d93e8aa8577e1dd4d77ef2f544671e9f1ca88cb9
5
5
  SHA512:
6
- metadata.gz: b9506e765aa71eb03c1cfc23f2b4a08656703bb9fbd5415ce7dc7717523427476cdc5f162543d6ff042abf70ae1893f0711611cf455ab3fc172562c92c16381f
7
- data.tar.gz: d9ae88d69ecf12e9778441457e1b45d6a49c1ce3d2a1c4dfa51a07c990e866d4f3dcdd9d8ad5695a6a2f44382022b06081dfada2c7c3e2109823331a499ac062
6
+ metadata.gz: c69c3124f7af4441849677afb7ccfb4de9287f676efe77a257bc54b7305991563cbf0a9049d86700041ce66bc1fed62d4bfed51da4c2f4b9283d23e7e976b22a
7
+ data.tar.gz: d9d4dc31339029ae87c7b4226abdbea32c7ac7d5785dd512c46676f4edd1a6453ec2d93a2bc22ee9c2dd2c582af49bf3bec5951b887759e75d856f3ac68a31f6
data/CHANGELOG.md CHANGED
@@ -4,6 +4,12 @@ It does not matter how slowly you go as long as you do not stop.
4
4
  First they ignore you, then they laugh at you, then they fight you,
5
5
  then you win. –- Mahatma Gandhi
6
6
 
7
+ Sat Oct 27, 2018 (0.16.4)
8
+ ---------------------------------------------------------------------
9
+
10
+ #### Fixed XSS flaw in tags_helper
11
+ Credit Antonin Steinhauser (steinhause) for discovery and responsible disclosure.
12
+
7
13
  Wed Jan 24, 2018 (0.16.3)
8
14
  ---------------------------------------------------------------------
9
15
  CVE-2017-0889
data/app/helpers/tags_helper.rb CHANGED
@@ -15,7 +15,7 @@ module TagsHelper
15
15
  elsif !query.include?(hashtag)
16
16
  query += " #{hashtag}"
17
17
  end
18
- out << link_to_function(tag, "crm.search_tagged('#{query}', '#{model.class.to_s.tableize}')", title: tag)
18
+ out << link_to_function(tag, "crm.search_tagged('#{escape_javascript(query)}', '#{model.class.to_s.tableize}')", title: tag)
19
19
  end
20
20
  end
21
21
 
data/lib/fat_free_crm/version.rb CHANGED
@@ -7,7 +7,7 @@ module FatFreeCRM
7
7
  module VERSION #:nodoc:
8
8
  MAJOR = 0
9
9
  MINOR = 16
10
- TINY = 3
10
+ TINY = 4
11
11
  PRE = nil
12
12
 
13
13
  STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: fat_free_crm
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.16.3
4
+ version: 0.16.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - Michael Dvorkin
@@ -12,7 +12,7 @@ authors:
12
12
  autorequire:
13
13
  bindir: bin
14
14
  cert_chain: []
15
- date: 2018-01-24 00:00:00.000000000 Z
15
+ date: 2018-10-27 00:00:00.000000000 Z
16
16
  dependencies:
17
17
  - !ruby/object:Gem::Dependency
18
18
  name: rails
@@ -1585,7 +1585,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
1585
1585
  version: '0'
1586
1586
  requirements: []
1587
1587
  rubyforge_project:
1588
- rubygems_version: 2.6.14
1588
+ rubygems_version: 2.7.3
1589
1589
  signing_key:
1590
1590
  specification_version: 4
1591
1591
  summary: Fat Free CRM