gollum 5.1.1 → 5.1.2

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 325b3e4c0bf9a6c80c0db6057766bccc7163528b55cf9deb0d2a91f6fc901589
4
- data.tar.gz: 5569622a0b0cac54ce7bba6e687f5eed26bcdbd7aa201b9d5e90ae57d1538986
3
+ metadata.gz: 69f544be25a9e3bf274c3220eab0a15d88f1c7e2812358a89545bea9aa2b839b
4
+ data.tar.gz: b3bc438ebf698204a8566269e54a750d2c84a1b6e846140bb70cd8f7c8f682d4
5
5
  SHA512:
6
- metadata.gz: 5d16a8fe38db40ab355fa4c50134bc52d670b84779fee21d48368e5b853ce069663007e827a61cab9a27a4043a70a16285d0493a94c735f6eb7a9b72af834e62
7
- data.tar.gz: 8d495b080e4d5997cf765eaace9675777d4f4c3fcbc782850332fc58db998a2a94e2547b9b203a3e57eccc7778e9afbe0f2b8fb828439a95e5119db33680bb2d
6
+ metadata.gz: d964ab05ddcf8a1182f0a9f39512af5e46274770fc090432bb493d43785ffca57b80544acd83a78a4163610872cca63f8d348b4c1f7c5632ceba4d3ddaf87a78
7
+ data.tar.gz: b7c90c735d533c1cdeaea07bd7c177b53f61f0894f63e716dd0a10c557d8a7563642d742e4fef72128828c8c6ddb2e47a42fc43893f2ed24a263af9d219154af
@@ -21,7 +21,7 @@ Before submitting an issue, **please carefully look through the following places
21
21
 
22
22
  Security vulnerabilities can be reported directly to the maintainers using these GPG keys:
23
23
 
24
- * [@dometto](https://pgp.mit.edu/pks/lookup?op=vindex&search=0xD637E455CD3E27BF)
24
+ * [@dometto](https://keys.openpgp.org/vks/v1/by-fingerprint/02354CC9F820B52CC2791979BB8CCC95FD83B795)
25
25
 
26
26
  Lastly, please **consider helping out** by opening a Pull Request!
27
27
 
data/README.md CHANGED
@@ -4,8 +4,9 @@ gollum -- A git-based Wiki
4
4
  [![Gem Version](https://badge.fury.io/rb/gollum.svg)](http://badge.fury.io/rb/gollum)
5
5
  [![Build Status](https://travis-ci.org/gollum/gollum.svg?branch=master)](https://travis-ci.org/gollum/gollum)
6
6
  [![Open Source Helpers](https://www.codetriage.com/gollum/gollum/badges/users.svg)](https://www.codetriage.com/gollum/gollum)
7
+ [![Cutting Edge Dependency Status](https://dometto-cuttingedge.herokuapp.com/github/gollum/gollum/svg 'Cutting Edge Dependency Status')](https://dometto-cuttingedge.herokuapp.com/github/gollum/gollum/info)
7
8
 
8
- **Please update to gollum 5.1.1 to counter a recent exploit in the kramdown rendering gem, [CVE-2020-14001](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14001)**
9
+ **Please update to gollum 5.1.2 to counter a recent exploit. More info will follow after CVE is assigned.**
9
10
 
10
11
  **Gollum version 5.0 is out!** See [here](https://github.com/gollum/gollum/wiki/5.0-release-notes) for a list of changes and new features compared to Gollum version 4.x, and see some [Screenshots](https://github.com/gollum/gollum/wiki/Screenshots) of Gollum's features.
11
12
 
@@ -5,8 +5,8 @@ Gem::Specification.new do |s|
5
5
  s.required_ruby_version = '>= 1.9'
6
6
 
7
7
  s.name = 'gollum'
8
- s.version = '5.1.1'
9
- s.date = '2020-08-11'
8
+ s.version = '5.1.2'
9
+ s.date = '2020-12-01'
10
10
  s.license = 'MIT'
11
11
 
12
12
  s.summary = 'A simple, Git-powered wiki.'
@@ -25,7 +25,7 @@ Gem::Specification.new do |s|
25
25
 
26
26
  s.add_dependency 'gollum-lib', '~> 5.0'
27
27
  s.add_dependency 'kramdown', '~> 2.3'
28
- s.add_dependency 'kramdown-parser-gfm', '~> 1.0.0'
28
+ s.add_dependency 'kramdown-parser-gfm', '~> 1.1.0'
29
29
  s.add_dependency 'sinatra', '~> 2.0'
30
30
  s.add_dependency 'sinatra-contrib', '~> 2.0'
31
31
  s.add_dependency 'mustache', ['>= 0.99.5', '< 1.0.0']
@@ -12,7 +12,7 @@ require 'rhino' if RUBY_PLATFORM == 'java'
12
12
  require File.expand_path('../gollum/uri_encode_component', __FILE__)
13
13
 
14
14
  module Gollum
15
- VERSION = '5.1.1'
15
+ VERSION = '5.1.2'
16
16
 
17
17
  def self.assets_path
18
18
  ::File.expand_path('gollum/public', ::File.dirname(__FILE__))
@@ -318,9 +318,8 @@ module Precious
318
318
  post '/edit/*' do
319
319
  etag = params[:etag]
320
320
  path = "/#{clean_url(sanitize_empty_params(params[:path]))}"
321
- page_name = CGI.unescape(params[:page])
322
321
  wiki = wiki_new
323
- page = wiki.page(::File.join(path, page_name))
322
+ page = wiki.page(::File.join(path, params[:page]))
324
323
 
325
324
  return if page.nil?
326
325
  if etag != page.sha
@@ -417,7 +416,7 @@ module Precious
417
416
 
418
417
  post '/preview' do
419
418
  wiki = wiki_new
420
- @name = params[:page] ? strip_page_name(CGI.unescape(params[:page])) : 'Preview'
419
+ @name = params[:page] ? strip_page_name(params[:page]) : 'Preview'
421
420
  @page = wiki.preview_page(@name, params[:content], params[:format])
422
421
  ['sidebar', 'header', 'footer'].each do |subpage|
423
422
  @page.send("set_#{subpage}".to_sym, params[subpage]) if params[subpage]
@@ -25,9 +25,9 @@ module Precious
25
25
  title = crumb.basename
26
26
 
27
27
  if title == path.basename
28
- breadcrumb << %{<li class="breadcrumb-item" aria-current="page">#{title}</li>}
28
+ breadcrumb << %{<li class="breadcrumb-item" aria-current="page">#{CGI.escape(title.to_s)}</li>}
29
29
  else
30
- breadcrumb << %{<li class="breadcrumb-item"><a href="#{overview_path}/#{crumb}/">#{title}</a></li>}
30
+ breadcrumb << %{<li class="breadcrumb-item"><a href="#{overview_path}/#{crumb}/">#{CGI.escape(title.to_s)}</a></li>}
31
31
  end
32
32
  end
33
33
  breadcrumb << %{</ol></nav>}
@@ -32,7 +32,7 @@ module Precious
32
32
  path.descend do |crumb|
33
33
  element = "#{crumb.basename}"
34
34
  next if element == @page.title
35
- breadcrumb << %{<li class="breadcrumb-item"><a href="#{overview_path}/#{crumb}/">#{element}</a></li>}
35
+ breadcrumb << %{<li class="breadcrumb-item"><a href="#{overview_path}/#{crumb}/">#{CGI.escape(element.to_s)}</a></li>}
36
36
  end
37
37
  breadcrumb << %{</ol></nav>}
38
38
  breadcrumb.join("\n")
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: gollum
3
3
  version: !ruby/object:Gem::Version
4
- version: 5.1.1
4
+ version: 5.1.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Tom Preston-Werner
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2020-08-11 00:00:00.000000000 Z
12
+ date: 2020-12-01 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: gollum-lib
@@ -45,14 +45,14 @@ dependencies:
45
45
  requirements:
46
46
  - - "~>"
47
47
  - !ruby/object:Gem::Version
48
- version: 1.0.0
48
+ version: 1.1.0
49
49
  type: :runtime
50
50
  prerelease: false
51
51
  version_requirements: !ruby/object:Gem::Requirement
52
52
  requirements:
53
53
  - - "~>"
54
54
  - !ruby/object:Gem::Version
55
- version: 1.0.0
55
+ version: 1.1.0
56
56
  - !ruby/object:Gem::Dependency
57
57
  name: sinatra
58
58
  requirement: !ruby/object:Gem::Requirement