fredit 0.1.0 → 0.1.2

data/app/controllers/fredit_controller.rb

@@ -1,62 +1,86 @@
-require 'shellwords'
+require 'git'
 
 class FreditController < ::ApplicationController
 
-  layout false
+  layout 'fredit'
+
+  before_filter :load_git
 
   CSS_DIR = Rails.root + 'public/stylesheets/**/*.css'
   JS_DIR = Rails.root + 'public/javascripts/**/*.js'
 
-  def index
-    @path ||= secure_path(params[:file] || params[:new_path] || Fredit.editables[:views].first)
-    if !File.size?(@path)
-      File.open(@path, 'w') {|f| f.write("REPLACE WITH CONTENT")}
-    end
+  def show
+    @path ||= secure_path(params[:file] || Fredit.editables[:views].first)
+    load_git_log
     @source = File.read(Rails.root + @path)
   end
 
   def update
     @path = secure_path params[:file_path]
 
-    edit_msg = !params[:edit_message].blank? ? Shellwords.shellescape(params[:edit_message].gsub(/["']/, '')) : "unspecified edit"
+    edit_msg = !params[:edit_message].blank? ? params[:edit_message] : "unspecified edit"
+    edit_msg_file = Tempfile.new('commit-message')
+    t.write(edit_msg) # we write this message to a file to protect against shell injection
+    t.cloase
+
+    session[:commit_author] = (params[:commit_author] || '')
+    # cleanup any shell injection attempt characters
+    author = session[:commit_author].gsub(/[^\w@<>. ]/, '') 
 
-    session[:commit_author] = (params[:commit_author] || '').gsub(/['"]/, '')
-    author = session[:commit_author]
     if session[:commit_author].blank?
       flash.now[:notice] = "Edited By must not be blank"
       @source = params[:source]
-      render :action => 'index'
+      render :action => 'show'
       return
     end
 
     if params[:commit] =~ /delete/i
       `git rm #@path`
       flash[:notice] = "#@path deleted"
-      res = system %Q|git commit --author='#{author}' -m '#{edit_msg}' #{@path}|
+      res = system %Q|git commit --author='#{author}' --file '#{edit_msg_file}' #{@path}|
       @path = nil
     else
       n = params[:source].gsub(/\r\n/, "\n")
       File.open(@path, 'w') {|f| f.write(n)}
       system %Q|git add #{@path}|
       flash[:notice] = "#@path updated"
-      res = system %Q|git commit --author='#{author}' -m '#{edit_msg}' #{@path}|
+      res = system %Q|git commit --author='#{author}' --file '#{edit_msg_file}' #{@path}|
     end
     if res == false
       flash[:notice] = "Something went wrong with git. Make sure you changed something and filled in required fields."
     end
-    params.delete(:source)
-
-    redirect_to :action => 'index', :file => @path
+    redirect_to fredit_path(:file => @path)
   end
   
   def create
-    @path = secure_path params[:file]
+    @path = secure_path params[:new_file]
     FileUtils::mkdir_p File.dirname(@path)
     File.open(@path, 'w') {|f| f.write("REPLACE WITH CONTENT")}
+    flash[:notice] = "Created new file: #@path"
+    redirect_to fredit_path(:file => @path)
+  end
+
+  def revision
+    @path = secure_path params[:file]
+    load_git_log
+    @sha = params[:sha].gsub(/[^0-9a-z]/, '') # shell injection protection
+    @git_object = @git.object(@sha)
+    @diff = `git show #{@sha}`
   end
 
 private
 
+  def load_git
+    @git = Git.init Rails.root.to_s
+  end
+
+  def load_git_log
+    @git_log = @git.log(20).object(@path).to_a
+  rescue Git::GitExecuteError
+    @git_log = []
+    flash[:notice] = "You need to initialize a git repository or add this file to the path"
+  end
+
   def secure_path(path)
     path2 = File.expand_path(path.to_s)
     if path2.index(Rails.root.to_s) != 0

data/app/views/fredit/revision.html.erb

@@ -0,0 +1,36 @@
+<textarea name='source'><%= @diff %></textarea>
+
+<table>
+  <tr>
+    <td>File:</td>
+    <td>
+      <%= link_to @path, fredit_path(:file => @path) %>
+    </td>
+  </tr>
+  <tr>
+    <td>Commit:</td>
+    <td>
+      <%= @sha %>
+    </td>
+  </tr>
+  <tr>
+    <td>Edited By:</td>
+    <td>
+      <%= @git_object.author.name %>
+    </td>
+  </tr>
+  <tr>
+    <td>Date:</td>
+    <td>
+      <%= @git_object.date %>
+    </td>
+  </tr>
+  <tr>
+    <td>Log Message:</td>
+    <td>
+      <%= @git_object.message %>
+    </td>
+  </tr>
+</table>
+
+

data/app/views/fredit/show.html.erb

@@ -0,0 +1,55 @@
+
+  <form action="<%= fredit_path %>" method="post">
+    <input name="_method" type="hidden" value="put" />
+    <input name="utf8" type="hidden" value="&#x2713;" />
+    <input type="hidden" name="file" value="<%=@path%>"/>
+    <textarea name='source'><%= @source %></textarea>
+
+    <table>
+      <tr>
+        <td>File:</td>
+        <td>
+          <%= @path %>
+        </td>
+      </tr>
+      <tr>
+        <td>Edit Message (optional):</td>
+        <td>
+          <input type="text" name="edit_message" value="" placeholder="Describe the edit " size="50"/>
+        </td>
+      </tr>
+      <tr>
+        <td>Edited By (required): </td>
+        <td>
+          <input type="text" name="commit_author" value="<%=session[:commit_author]%>" placeholder="Your Name <yourname@example.com>" size="50"/>
+        </td>
+      </tr>
+      <tr>
+        <td>Action:</td>
+        <td>
+          <input hidden="text" name="file_path" value="<%=@path%>" />
+          <input type="submit" name="commit" value="update this file"/>
+          <input id="deleteBtn" type="submit" name="commit" value="delete this file"/>
+        </td>
+      </tr>
+    </table>
+  </form>
+
+  <form id="createFileForm" action="<%= fredit_path %>" method="post">
+    <table>
+      <tr>
+        <td>Create file at path:</td>
+        <td>
+          <input type="text" name="new_file" value="" placeholder="<%=Fredit.editables[:views].first%>" size="50"/>
+        </td>
+      </tr>
+      <tr>
+        <td>Action:</td>
+        <td>
+          <input type="submit" name="commit" value="create file"/>
+        </td>
+      </tr>
+    </table>
+  </form>
+
+

data/app/views/layouts/fredit.html.erb

@@ -0,0 +1,130 @@
+<!DOCTYPE html>
+<html>
+  <head>
+    <title><%=@path%></title>
+    <%= javascript_include_tag 'http://ajax.googleapis.com/ajax/libs/jquery/1.6.4/jquery.min.js' %>
+    <style type="text/css">
+
+body {
+  padding-top:0;
+  padding-bottom: 30px;
+  font-family: Verdana, Helvetica, sans;
+  font-size: 12px;
+  margin-left: 40px;
+  width: 92%;
+  background-color: #EDEDED;
+}
+h1#appName {
+  margin:0;
+  padding:0;
+  display: inline;
+}
+h1#appName em {
+  font-size: smaller;
+}
+section#editor {
+  float: left;
+  width: 74%;
+}
+section#git {
+  float: left;
+  width: 23%;
+  padding-left: 2%;
+}
+section#git h3 {
+  margin-top: 0;
+  margin-bottom: 0.7em;
+}
+section#git ul {
+  padding-left: 0;
+  list-style-type: none;
+}
+
+textarea {
+  width: 100%;
+  height: 500px;
+  font-family: monospace;
+}
+#notice {
+  background-color: yellow;
+}
+input#deleteBtn {
+  float:right;
+}
+input[type=text] {
+  width: 100%;
+}
+table {
+  width: 100%
+}
+form#fileSelector {
+  float:right;
+}
+form#createFileForm {
+  border-top: 1px solid #CCC;
+  margin-top: 10px;
+  padding-top: 10px;
+}
+
+    </style>
+  </head>
+  <body>
+
+    <% if flash[:notice] %>
+      <div id="notice"><%= flash[:notice] %></div>
+    <% end %>
+
+    <section id="editor">
+      <h1 id="appName">fredit <em>front-end edit</em></h1>
+      <form id="fileSelector" action="<%=fredit_path%>">
+        <select id="fileSelectorDropDown" name="file">
+          <% Fredit.editables.each_pair do |k, v| %>
+            <optgroup label="<%= k %>">
+              <% v.each do |path| %>
+                <option value="<%= path %>" <%= @path == path ? 'selected=\"selected\"' : nil %>><%= Fredit.link(path)%></li>
+              <% end %>
+            </optgroup>
+          <% end %>
+        </select>
+        <input type="submit" id="changeFileBtn" value="change file"/>
+      </form>
+      <script>
+        $(document).ready(function() {
+          $('#fileSelectorDropDown').bind('change', function() {
+            $('#fileSelector').submit();
+          });
+          $('#changeFileBtn').hide();
+        });
+      </script>
+
+      <%= yield %>
+    </section>
+
+    <section id="git">
+      <nav>
+        <h3>git</h3>
+        <div id="currentBranch">
+          Current branch:
+          <strong><%= @git.current_branch %></strong>
+        </div>
+
+        <h4>Recent edits</h4>
+
+        <ul>
+          <% @git_log.each do |commit| %>
+            <li>
+              <%= link_to "#{commit.date.strftime('%m-%d-%y')}", 
+                          fredit_revision_path(:sha => commit.sha, :file => @path), 
+                          :title => commit.message %> 
+              <%= commit.author && commit.author.name %>:
+              <%= truncate(commit.message, :length => 15) %>
+            </li> 
+          <% end %>
+        </ul>
+
+      </nav>
+    </section>
+        
+  </body>
+</html>
+

data/config/routes.rb

@@ -1,5 +1,7 @@
 Rails.application.routes.draw do
-  get "/fredit" => "fredit#index"
-  post "/fredit/update" => "fredit#update"
+  get 'fredit/revision' => "fredit#revision"
+  get 'fredit' => "fredit#show"
+  put 'fredit' => "fredit#update"
+  post 'fredit' => "fredit#create"
 end
 

data/lib/fredit.rb

@@ -1,4 +1,8 @@
-require 'fredit/erb'
+if Rails.version < '3.1.0'
+  require 'fredit/erb'
+else
+  require 'fredit/erb31'
+end
 require 'uri'
 
 module Fredit

data/lib/fredit/erb.rb

@@ -1,4 +1,3 @@
-
 module ActionView
   class Template
     module Handlers

data/lib/fredit/erb31.rb

@@ -0,0 +1,50 @@
+module ActionView
+  class Template
+    module Handlers
+      class ERB 
+        def call(template)
+          if template.source.encoding_aware?
+            # First, convert to BINARY, so in case the encoding is
+            # wrong, we can still find an encoding tag
+            # (<%# encoding %>) inside the String using a regular
+            # expression
+            template_source = template.source.dup.force_encoding("BINARY")
+
+            erb = template_source.gsub(ENCODING_TAG, '')
+            encoding = $2
+
+            erb.force_encoding valid_encoding(template.source.dup, encoding)
+
+            # Always make sure we return a String in the default_internal
+            erb.encode!
+          else
+            erb = template.source.dup
+          end
+
+          # begin Fredit patch
+
+          if Fredit.template_editable?(template)
+            source_file = Fredit.rel_path template.identifier
+            edit_link = "<div style='color:red'>#{Fredit.link(source_file)}</div> "
+            if erb =~ /^\s*<!DOCTYPE/ && erb =~ /<body[^>]*>/
+              erb = erb.sub(/<body[^>]*>/, '\&' + edit_link)
+            else
+              erb = edit_link + erb
+            end
+          end
+
+          # end Fredit patch
+
+
+          self.class.erb_implementation.new(
+            erb,
+            :trim => (self.class.erb_trim_mode == "-")
+          ).src
+
+        end
+
+      end
+    end
+  end
+end
+

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: fredit
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.1.2
   prerelease: 
 platform: ruby
 authors:
@@ -10,7 +10,18 @@ autorequire:
 bindir: bin
 cert_chain: []
 date: 2011-10-25 00:00:00.000000000Z
-dependencies: []
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: git
+  requirement: &82978850 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: *82978850
 description: Edit the front end of Rails apps through the browser.
 email:
 - dhchoi@gmail.com
@@ -18,10 +29,12 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- app/views/fredit/index.html.erb
-- app/views/fredit/layout.html.erb
+- app/views/layouts/fredit.html.erb
+- app/views/fredit/show.html.erb
+- app/views/fredit/revision.html.erb
 - app/controllers/fredit_controller.rb
 - lib/fredit.rb
+- lib/fredit/erb31.rb
 - lib/fredit/erb.rb
 - lib/fredit/engine.rb
 - config/routes.rb
@@ -43,7 +56,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: -150563923
+      hash: 122408225
 required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
   requirements:
@@ -52,11 +65,11 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: -150563923
+      hash: 122408225
 requirements: []
 rubyforge_project: 
 rubygems_version: 1.8.11
 signing_key: 
 specification_version: 3
-summary: fredit 0.1.0
+summary: fredit 0.1.2
 test_files: []

data/app/views/fredit/index.html.erb

@@ -1,121 +0,0 @@
-<!DOCTYPE html>
-<html>
-  <head>
-    <title><%=@path%></title>
-    <style>
-
-body {
-  padding-top:0;
-  padding-bottom: 30px;
-  font-family: Verdana, Helvetica, sans;
-  font-size: 12px;
-  margin-left: 40px;
-  width: 80%;
-  background-color: #EDEDED;
-}
-h1 {
-  margin:0;
-  padding:0;
-  float:left;
-}
-h1 em {
-  font-size: smaller;
-}
-textarea {
-  width: 100%;
-  height: 500px;
-  font-family: monospace;
-}
-#notice {
-  background-color: yellow;
-}
-input#deleteBtn {
-  float:right;
-}
-input[type=text] {
-  width: 100%;
-}
-table {
-  width: 100%
-}
-form#fileSelector {
-  float:right;
-}
-form#createFileForm {
-  border-top: 1px solid #CCC;
-  margin-top: 10px;
-  padding-top: 10px;
-}
-
-    </style>
-  </head>
-  <body>
-
-<% if flash[:notice] %>
-  <div id="notice"><%= flash[:notice] %></div>
-<% end %>
-
-<h1>fredit <em>front-end edit</em></h1>
-
-<form id="fileSelector" action="<%=url_for%>">
-  <select name="file">
-    <% Fredit.editables.each_pair do |k, v| %>
-      <optgroup label="<%= k %>">
-        <% v.each do |path| %>
-          <option value="<%= path %>" <%= @path == path ? 'selected=\"selected\"' : nil %>><%= Fredit.link(path)%></li>
-        <% end %>
-      </optgroup>
-    <% end %>
-  </select>
-  <input type="submit" value="change file"/>
-</form>
-
-<form action="<%=url_for(:action => :update)%>" method="post">
-  <input type="hidden" name="file" value="<%=@path%>"/>
-  <textarea name='source'><%= @source %></textarea>
-
-  <table>
-    <tr>
-      <td>Edit Message (optional):</td>
-      <td>
-        <input type="text" name="edit_message" value="" placeholder="Describe the edit " size="50"/>
-      </td>
-    </tr>
-    <tr>
-      <td>Edited By (required): </td>
-      <td>
-        <input type="text" name="commit_author" value="<%=session[:commit_author]%>" placeholder="Your Name <yourname@example.com>" size="50"/>
-      </td>
-    </tr>
-    <tr>
-      <td>Action:</td>
-      <td>
-        <input hidden="text" name="file_path" value="<%=@path%>" />
-        <input type="submit" name="commit" value="update this file"/>
-        <input id="deleteBtn" type="submit" name="commit" value="delete this file"/>
-      </td>
-    </tr>
-  </table>
-</form>
-
-<form id="createFileForm" action="<%=url_for%>" method="get">
-  <table>
-    <tr>
-      <td>Create file at path:</td>
-      <td>
-        <input type="text" name="new_path" value="" placeholder="<%=Fredit.editables[:views].first%>" size="50"/>
-      </td>
-    </tr>
-    <tr>
-      <td>Action:</td>
-      <td>
-        <input type="submit" name="commit" value="create file"/>
-      </td>
-    </tr>
-  </table>
-</form>
-
-
-
-  </body>
-</html>

data/app/views/fredit/layout.html.erb

@@ -1,16 +0,0 @@
-<!DOCTYPE html>
-<html>
-  <head>
-    <title>test</title>
-    <style>
-
-textarea {
-  width: 100%;
-  height: 400px;
-}
-    </style>
-  </head>
-  <body>
-    <%= yield %>
-  </body>
-</html>