guillotine 1.0.4 → 1.0.5

data/guillotine.gemspec

@@ -13,7 +13,7 @@ Gem::Specification.new do |s|
   ## If your rubyforge_project name is different, then edit it and comment out
   ## the sub! line in the Rakefile
   s.name              = 'guillotine'
-  s.version           = '1.0.4'
+  s.version           = '1.0.5'
   s.date              = '2011-11-10'
   s.rubyforge_project = 'guillotine'
 

data/lib/guillotine/app.rb

@@ -9,7 +9,7 @@ module Guillotine
       if url = settings.db.find(Addressable::URI.escape(code))
         redirect settings.db.parse_url(url).to_s
       else
-        halt 404, "No url found for #{code}"
+        halt 404, simple_escape("No url found for #{code}")
       end
     end
 
@@ -17,17 +17,17 @@ module Guillotine
       url  = settings.db.parse_url params[:url].to_s
 
       if !(url && url.scheme =~ /^https?$/)
-        halt 422, "Invalid url: #{url}"
+        halt 422, simple_escape("Invalid url: #{url}")
       end
 
       case settings.required_host
       when String
         if url.host != settings.required_host
-          halt 422, "URL must be from #{settings.required_host}"
+          halt 422, simple_escape("URL must be from #{settings.required_host}")
         end
       when Regexp
         if url.host.to_s !~ settings.required_host
-          halt 422, "URL must match #{settings.required_host.inspect}"
+          halt 422, simple_escape("URL must match #{settings.required_host.inspect}")
         end
       end
 
@@ -35,11 +35,19 @@ module Guillotine
         if code = settings.db.add(url.to_s, params[:code])
           redirect code, 201
         else
-          halt 422, "Unable to shorten #{url}"
+          halt 422, simple_escape("Unable to shorten #{url}")
         end
       rescue Guillotine::DuplicateCodeError => err
-        halt 422, err.to_s
+        halt 422, simple_escape(err.to_s)
       end
     end
+
+    # Guillotine output is supposed to be text/plain friendly, so only strip
+    # /<|>/.  Broken tie fighter :(  If you're passing these characters in,
+    # you're probably doing something naughty.
+    def simple_escape(s)
+      s.gsub! /<|>/, ''
+      s
+    end
   end
 end

data/lib/guillotine.rb

@@ -3,7 +3,7 @@ require 'digest/md5'
 require 'addressable/uri'
 
 module Guillotine
-  VERSION = "1.0.4"
+  VERSION = "1.0.5"
 
   dir = File.expand_path '../guillotine', __FILE__
   autoload :App, "#{dir}/app"

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: guillotine
 version: !ruby/object:Gem::Version
-  version: 1.0.4
+  version: 1.0.5
   prerelease: 
 platform: ruby
 authors:
@@ -13,7 +13,7 @@ date: 2011-11-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: sinatra
-  requirement: &70359911480240 !ruby/object:Gem::Requirement
+  requirement: &70237903245740 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
@@ -21,10 +21,10 @@ dependencies:
         version: 1.2.6
   type: :runtime
   prerelease: false
-  version_requirements: *70359911480240
+  version_requirements: *70237903245740
 - !ruby/object:Gem::Dependency
   name: addressable
-  requirement: &70359911479040 !ruby/object:Gem::Requirement
+  requirement: &70237903244540 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
@@ -32,10 +32,10 @@ dependencies:
         version: 2.2.6
   type: :runtime
   prerelease: false
-  version_requirements: *70359911479040
+  version_requirements: *70237903244540
 - !ruby/object:Gem::Dependency
   name: rack-test
-  requirement: &70359911478640 !ruby/object:Gem::Requirement
+  requirement: &70237903244140 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -43,7 +43,7 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *70359911478640
+  version_requirements: *70237903244140
 description: Adaptable private URL shortener
 email: technoweenie@gmail.com
 executables: []