fat_free_crm 0.17.2 → 0.17.3

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of fat_free_crm might be problematic. Click here for more details.

checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
- SHA1:
3
- metadata.gz: 7221e26b201b43c86185ba3c5c836a217ce877c2
4
- data.tar.gz: 88605bc299c4cc32ed059c3fcc4bc4c37da167fe
2
+ SHA256:
3
+ metadata.gz: 2ca66c981de552c61f57b222cafd88bc9d34e1c2ec4a184a0bc8ffd009d4da37
4
+ data.tar.gz: d484f322f7594b1c821d13424d8cd9a8bce8a4912d37b7e4151ff7bdfc8d6640
5
5
  SHA512:
6
- metadata.gz: 29471fdc624409ce11715db80702efcaf214fb95fb7fbeba0702b1e4bf6e56b732d7f9e7abe7a2fa384fecb7c8d7b0afbedfc2617ddaac9d6c5572f572061bfb
7
- data.tar.gz: 31608af4f51f58ff87f51ff9a8e43420374efeb3cea34e526fee18d7a335f93e381d6a6d38a97a895709f4bae89494100c2d454e181496d3c216e5ed5fd7d12d
6
+ metadata.gz: a3944df108b8ee40424ef0747b0cead3b03a6e08129b164232b8cb7be258a632469126d0d3fc2f1bfeb35066c6089b5712afc5dea8dbf9950ebe493e4dcfcd87
7
+ data.tar.gz: 3f4544819b61cefb933787a84c2a4ff693810378c1a66c5669aecea9683881000216002d7ad80d692de80b3cc4767e643eed8f93a3e1f421c2f993712ddf9dc8
@@ -4,7 +4,13 @@ It does not matter how slowly you go as long as you do not stop.
4
4
  First they ignore you, then they laugh at you, then they fight you,
5
5
  then you win. –- Mahatma Gandhi
6
6
 
7
- Mon Jan 22, 2018 (0.17.2)
7
+ Sat Oct 27, 2018 (0.17.3)
8
+ ---------------------------------------------------------------------
9
+
10
+ #### Fixed XSS flaw in tags_helper
11
+ Credit Antonin Steinhauser (asteinhauser) for discovery and responsible disclosure.
12
+
13
+ Wed Jan 24, 2018 (0.17.2)
8
14
  ---------------------------------------------------------------------
9
15
  - Fix CVE-2017-0889
10
16
  - Fix #687
@@ -17,7 +17,7 @@ module TagsHelper
17
17
  elsif !query.include?(hashtag)
18
18
  query += " #{hashtag}"
19
19
  end
20
- out << link_to_function(tag, "crm.search_tagged('#{query}', '#{model.class.to_s.tableize}')", title: tag)
20
+ out << link_to_function(tag, "crm.search_tagged('#{escape_javascript(query)}', '#{model.class.to_s.tableize}')", title: tag)
21
21
  end
22
22
  end
23
23
 
@@ -9,7 +9,7 @@ module FatFreeCRM
9
9
  module VERSION #:nodoc:
10
10
  MAJOR = 0
11
11
  MINOR = 17
12
- TINY = 2
12
+ TINY = 3
13
13
  PRE = nil
14
14
 
15
15
  STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: fat_free_crm
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.17.2
4
+ version: 0.17.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - Michael Dvorkin
@@ -12,7 +12,7 @@ authors:
12
12
  autorequire:
13
13
  bindir: bin
14
14
  cert_chain: []
15
- date: 2018-01-24 00:00:00.000000000 Z
15
+ date: 2018-10-27 00:00:00.000000000 Z
16
16
  dependencies:
17
17
  - !ruby/object:Gem::Dependency
18
18
  name: rails
@@ -1581,7 +1581,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
1581
1581
  version: '0'
1582
1582
  requirements: []
1583
1583
  rubyforge_project:
1584
- rubygems_version: 2.6.14
1584
+ rubygems_version: 2.7.3
1585
1585
  signing_key:
1586
1586
  specification_version: 4
1587
1587
  summary: Fat Free CRM