gollum-lib 4.0.1 → 4.0.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (9) hide show
  1. checksums.yaml +8 -8
  2. data/HISTORY.md +8 -0
  3. data/gollum-lib.gemspec +2 -2
  4. data/lib/gollum-lib.rb +1 -1
  5. data/lib/gollum-lib/filter/code.rb +30 -24
  6. data/lib/gollum-lib/filter/macro.rb +5 -4
  7. data/lib/gollum-lib/filter/toc.rb +4 -7
  8. data/lib/gollum-lib/wiki.rb +1 -1
  9. metadata +2 -2
checksums.yaml CHANGED
@@ -1,15 +1,15 @@
1
1
  ---
2
2
  !binary "U0hBMQ==":
3
3
  metadata.gz: !binary |-
4
- OWViYjc2ZTIxNmQ2NGFmMWJjNmQ2MGIyNTZjYjdhNmRjYmYxODBjMg==
4
+ N2Y4ZGU4MTBjNjg3YjBjNzVmNjNjZTE1ZjgzNWJjOWYwNGRhOGZjYw==
5
5
  data.tar.gz: !binary |-
6
- YWMyMGE0OTJjMjYzOTIyZDliZWE0MDNlZTJlZmVmMGQ1MmQyYTdlYw==
6
+ ZmZiMTllMGJiMWRhNzUyMDIyNDUzZWZlMjBkNjlkYTNhMjAyN2UwOA==
7
7
  SHA512:
8
8
  metadata.gz: !binary |-
9
- ZTMyN2YwNDQxZGY3ZTUxZDI1YjNjNGY0M2QyNjFmYmE4MjgyZWU5YWU5NDA0
10
- NTJkMGZlZDcyZTgxYmU5N2M4ZjgzMGVlMGZlMGJjODM0ZjU5M2U3NGYzYWRk
11
- NmE3MDU4YjEwOTVhYWQ0NjdkYzhmZTAwMGExNDRiYjk1ZjU4Yzc=
9
+ NDFmMDkyODFlZjc0YzJmMGNkNWIwNmI4NTk0OGJkYWQ1MTIwYzY3MTlkZjRh
10
+ N2ZjOTA5ODgwYjJkOGUyMzU1YTczN2EwOGJjMWQxMGMwYmIxMzE1NWJlZDBj
11
+ ZjJhNzc1ZDZjOTFjNGZkZTkzYTkxNGQxN2YxYjNkM2FhYzkzNTE=
12
12
  data.tar.gz: !binary |-
13
- MjExY2VhY2M1MmZkNDBiMDU1MGFjZGZkMDNhZWFiN2VjYTI3NWE5MTVmZGNi
14
- ODk2OTlkNTkxYjViMGVhMjYyYjUzNDhkY2Q4NmI5N2ZmZWYyNzE5ZTMyMmNm
15
- ODcwZmM0Y2QzMWNhOGI0MTZhOTJkNzMwZDZhMTA2YjhmYzlmYjk=
13
+ N2FkZGIwZGU5YTZkM2NiNGYwMWMzOGEyMDU1Yzc5MzcxYmU3N2MwNzdkMWIz
14
+ MTYwOGQ1OTViNmJmMmM2ZmQ3NWM1OTQyMDVlYTYwYjJhOTYwNThlZmZiNDMz
15
+ OTU5NzM2ZGFkOGQxZmY0YjZiOTYxYzMwMmZlOGViYzFmMWQ4YTE=
data/HISTORY.md CHANGED
@@ -1,3 +1,11 @@
1
+ # v4.0.2 /2015-0119
2
+
3
+ * Bugfixes
4
+
5
+ # v4.0.1 /2014-12-04
6
+
7
+ * Security fix for [remote code execution issue](https://github.com/gollum/gollum/issues/913). Please update!
8
+
1
9
  # v0.0.1 / 2013-03-19
2
10
 
3
11
  * First release, extrated from https://github.com/gollum/gollum
data/gollum-lib.gemspec CHANGED
@@ -5,8 +5,8 @@ Gem::Specification.new do |s|
5
5
  s.required_ruby_version = '>= 1.9'
6
6
 
7
7
  s.name = 'gollum-lib'
8
- s.version = '4.0.1'
9
- s.date = '2014-12-04'
8
+ s.version = '4.0.2'
9
+ s.date = '2015-01-19'
10
10
  s.rubyforge_project = 'gollum-lib'
11
11
  s.license = 'MIT'
12
12
 
data/lib/gollum-lib.rb CHANGED
@@ -38,7 +38,7 @@ $KCODE = 'U' if RUBY_VERSION[0, 3] == '1.8'
38
38
 
39
39
  module Gollum
40
40
  module Lib
41
- VERSION = '4.0.1'
41
+ VERSION = '4.0.2'
42
42
  end
43
43
 
44
44
  def self.assets_path
data/lib/gollum-lib/filter/code.rb CHANGED
@@ -5,46 +5,42 @@
5
5
  # Render a block of code using the Rouge syntax-highlighter.
6
6
  class Gollum::Filter::Code < Gollum::Filter
7
7
  def extract(data)
8
- return data if @markup.format == :txt
8
+ case @markup.format
9
+ when :txt
10
+ return data
11
+ when :asciidoc
12
+ data.gsub!(/^(\[source,([^\r\n]*)\]\n)?----\n(.+?)\n----$/m) do
13
+ cache_codeblock($2, $3)
14
+ end
15
+ when :org
16
+ org_headers = %r{([ \t]*#\+HEADER[S]?:[^\r\n]*\n)*}
17
+ org_name = %r{([ \t]*#\+NAME:[^\r\n]*\n)?}
18
+ org_lang = %r{[ ]*([^\n \r]*)[ ]*[^\r\n]*}
19
+ org_begin = %r{[ \t]*#\+BEGIN_SRC#{org_lang}\n}
20
+ org_end = %r{\n[ \t]*#\+END_SRC[ \t]*}
21
+ data.gsub!(/^#{org_headers}#{org_name}#{org_begin}(.+?)#{org_end}$/mi) do
22
+ cache_codeblock($3, $4)
23
+ end
24
+ end
9
25
  data.gsub!(/^([ \t]*)(~~~+) ?([^\r\n]+)?\r?\n(.+?)\r?\n\1(~~~+)[ \t\r]*$/m) do
10
26
  m_indent = $1
11
27
  m_start = $2 # ~~~
12
28
  m_lang = $3
13
29
  m_code = $4
14
30
  m_end = $5 # ~~~
15
-
16
31
  # start and finish tilde fence must be the same length
17
32
  next '' if m_start.length != m_end.length
18
-
19
- lang = m_lang ? m_lang.strip : nil
20
- id = Digest::SHA1.hexdigest("#{lang}.#{m_code}")
21
- cached = @markup.check_cache(:code, id)
22
-
23
- # extract lang from { .ruby } or { #stuff .ruby .indent }
24
- # see http://johnmacfarlane.net/pandoc/README.html#delimited-code-blocks
25
-
33
+ lang = m_lang ? m_lang.strip : nil
26
34
  if lang
27
35
  lang = lang.match(/\.([^}\s]+)/)
28
36
  lang = lang[1] unless lang.nil?
29
37
  end
30
-
31
- @map[id] = cached ?
32
- { :output => cached } :
33
- { :lang => lang, :code => m_code, :indent => m_indent }
34
-
35
- "#{m_indent}#{id}" # print the SHA1 ID with the proper indentation
38
+ "#{m_indent}#{cache_codeblock(lang, m_code, m_indent)}"
36
39
  end
37
40
 
38
41
  data.gsub!(/^([ \t]*)``` ?([^\r\n]+)?\r?\n(.+?)\r?\n\1```[ \t]*\r?$/m) do
39
- lang = $2 ? $2.strip : nil
40
- id = Digest::SHA1.hexdigest("#{lang}.#{$3}")
41
- cached = @markup.check_cache(:code, id)
42
- @map[id] = cached ?
43
- { :output => cached } :
44
- { :lang => lang, :code => $3, :indent => $1 }
45
- "#{$1}#{id}" # print the SHA1 ID with the proper indentation
42
+ "#{$1}#{cache_codeblock($2.to_s.strip, $3, $1)}" # print the SHA1 ID with the proper indentation
46
43
  end
47
-
48
44
  data
49
45
  end
50
46
 
@@ -136,4 +132,14 @@ class Gollum::Filter::Code < Gollum::Filter
136
132
  end
137
133
  end
138
134
  end
135
+
136
+ def cache_codeblock(language, code, indent = "")
137
+ language = language.to_s.empty? ? nil : language
138
+ id = Digest::SHA1.hexdigest("#{language}.#{code}")
139
+ cached = @markup.check_cache(:code, id)
140
+ @map[id] = cached ?
141
+ { :output => cached } :
142
+ { :lang => language, :code => code, :indent => indent }
143
+ id
144
+ end
139
145
  end
data/lib/gollum-lib/filter/macro.rb CHANGED
@@ -10,10 +10,11 @@ class Gollum::Filter::Macro < Gollum::Filter
10
10
  arg = %r{(?:#{quoted_arg}|#{unquoted_arg}|#{named_arg})}
11
11
  arg_list = %r{(\s*|#{arg}(?:\s*,\s*#{arg})*)}
12
12
 
13
- data.gsub(/\<\<\s*([A-Z][A-Za-z0-9]*)\s*\(#{arg_list}\)\s*\>\>/) do
14
- id = Digest::SHA1.hexdigest($1 + $2)
15
- macro = $1
16
- argstr = $2
13
+ data.gsub(/('?)\<\<\s*([A-Z][A-Za-z0-9]*)\s*\(#{arg_list}\)\s*\>\>/) do
14
+ next CGI.escape_html($&[1..-1]) unless $1.empty?
15
+ id = Digest::SHA1.hexdigest($2 + $3)
16
+ macro = $2
17
+ argstr = $3
17
18
  args = []
18
19
  opts = {}
19
20
 
data/lib/gollum-lib/filter/toc.rb CHANGED
@@ -9,7 +9,7 @@ class Gollum::Filter::TOC < Gollum::Filter
9
9
  @doc = Nokogiri::HTML::DocumentFragment.parse(data)
10
10
  @toc = nil
11
11
  @anchor_names = {}
12
- @current_ancestors = ""
12
+ @current_ancestors = []
13
13
 
14
14
  if @markup.sub_page && @markup.parent_page
15
15
  @toc = @markup.parent_page.toc_data
@@ -57,12 +57,9 @@ class Gollum::Filter::TOC < Gollum::Filter
57
57
  name.gsub!(/-$/, "")
58
58
  name.downcase!
59
59
 
60
- anchor_name = name
61
-
62
- # Set and/or add the ancestors to the name
63
- @current_ancestors = name if level == 1
64
- anchor_name = (level == 1) ? name : "#{@current_ancestors}_#{name}"
65
- @current_ancestors+= "_#{name}" if level > 1
60
+ @current_ancestors[level - 1] = name
61
+ @current_ancestors = @current_ancestors.take(level)
62
+ anchor_name = @current_ancestors.compact.join("_")
66
63
 
67
64
  # Ensure duplicate anchors have a unique prefix or the toc will break
68
65
  index = increment_anchor_index(anchor_name)
data/lib/gollum-lib/wiki.rb CHANGED
@@ -607,7 +607,7 @@ module Gollum
607
607
  # Remove ext only from known extensions.
608
608
  # test.pdf => test.pdf, test.md => test
609
609
  file_name = Page::valid_page_name?(name) ? name.chomp(::File.extname(name)) : name
610
- results[file_name] = count
610
+ results[file_name] = count.to_i
611
611
  end
612
612
 
613
613
  # Use git ls-files '*query*' to search for file names. Grep only searches file content.
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: gollum-lib
3
3
  version: !ruby/object:Gem::Version
4
- version: 4.0.1
4
+ version: 4.0.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Tom Preston-Werner
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2014-12-04 00:00:00.000000000 Z
12
+ date: 2015-01-19 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: gollum-grit_adapter