RubyGems - fat_free_crm - Versions diffs - 0.18.0 → 0.18.1 - Mend

fat_free_crm 0.18.0 → 0.18.1

This version of fat_free_crm might be problematic. Click here for more details.

Files changed (6) hide show

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 0e742d170861eae5ac601236d6f2d0ddd25d42186a66651a4adb24f5f65859fa
-  data.tar.gz: 25bea2bb3db3844aac5084caab8c6dd18a6ba857ed3cf3ea997ef7c604435f83
+  metadata.gz: bb89ae97ee3b23e349affe50ca12d56cda21689f8bb317c7b877a48bd8fe4258
+  data.tar.gz: e548f576324a2c75e7daa6fd12997880ef295a82b353a500542c33f6ac064a78
 SHA512:
-  metadata.gz: fea727f3837d27e618797ef91da85a2b628965fede5b84ec579c7362dc1ff7ee9180a5a39b67c705e8be528ff7431bc4077dee9a7985fb61e3c3a0f852b95c03
-  data.tar.gz: e63e10fc312f93a2b5e4f8be302202ebd4221ca400debf663e6a0b5acd66779fee4d03cbe9aafcdd99ece4acdb8db2d68311ec803e64e498664cc944d57491b4
+  metadata.gz: 663ff8b5e566c482cc8f9e05b4b89ed04f9567df1409593ac6de0d99305029583f1943bcf9dd616b5a00cd16ca533c1f04a421535a773db57cabfa1b3ee778a2
+  data.tar.gz: 3f95330ec40b1dbb86d25c19d3ab66f9303115668318e9a074f95e05600a448b75810d751e83acd41c827b92476c2a6f413c9843bef44e4a1f7669d3067caf25

data/CHANGELOG.md CHANGED

@@ -4,8 +4,11 @@ It does not matter how slowly you go as long as you do not stop.
 First they ignore you, then they laugh at you, then they fight you,
 then you win. –- Mahatma Gandhi
-Unreleased (0.19.0)
-=======
+Sat Oct 27, 2018 (0.18.1)
+---------------------------------------------------------------------
+#### Fixed XSS flaw in tags_helper
+Credit Antonin Steinhauser (asteinhauser) for discovery and responsible disclosure.
 Sat Apr 21, 2018 (0.18.0)

@@ -17,7 +17,7 @@ module TagsHelper
       elsif !query.include?(hashtag)
         query += " #{hashtag}"
       end
-      out << link_to_function(tag, "crm.search_tagged('#{query}', '#{model.class.to_s.tableize}')", title: tag)
+      out << link_to_function(tag, "crm.search_tagged('#{escape_javascript(query)}', '#{model.class.to_s.tableize}')", title: tag)
     end
   end

@@ -9,7 +9,7 @@ module FatFreeCRM
   module VERSION #:nodoc:
     MAJOR = 0
     MINOR = 18
-    TINY  = 0
+    TINY  = 1
     PRE   = nil
     STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')

metadata CHANGED

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: fat_free_crm
 version: !ruby/object:Gem::Version
-  version: 0.18.0
+  version: 0.18.1
 platform: ruby
 authors:
 - Michael Dvorkin
@@ -12,7 +12,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2018-04-21 00:00:00.000000000 Z
+date: 2018-10-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -548,7 +548,6 @@ extensions: []
 extra_rdoc_files: []
 files:
 - ".docker/nginx/sites-enabled/ffcrm.conf"
-- ".dockerignore"
 - ".gitignore"
 - ".rubocop.yml"
 - ".rubocop_todo.yml"

data/.dockerignore DELETED

@@ -1,11 +0,0 @@
-.bundle
-.git*
-db/*.sql*
-log/*
-tmp/*
-Dockerfile
-README.md
-spec/reports
-spec/internal/public/avatars
-spec/internal/public/assets
-coverage/*