html2odt 0.3.3 → 0.4.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +4 -0
  3. data/README.md +15 -2
  4. data/html2odt.gemspec +1 -1
  5. data/lib/html2odt/version.rb +1 -1
  6. metadata +23 -23
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: d6e392a2bb293ff1f5ddade2b2584369040903a6
4
- data.tar.gz: a95aa2ca695d94b779ea9357cdc9a282871e1a52
3
+ metadata.gz: 17739952ee2010c4787bc33475552edf2f4a4053
4
+ data.tar.gz: 3e5140a764870fe43268d1089cb926315f8cfc85
5
5
  SHA512:
6
- metadata.gz: 6bd769ca10d9cb05d365da4fc37dced0136b5509e94ff21e527ae50f920cb3c470cc4031e4b534856ff5d86ab96f402f6abe88f9df77da12ae07052c989f6ee0
7
- data.tar.gz: 201dc464672f62141c80486f8a6984e89f56d793829936eedfe23c97b5e6eb86187bf56d2febbf0273c1eda938414a92b90c64ec59c7594e77709ed5e8634f46
6
+ metadata.gz: 8b2d33e402c811c8b0705e90f914e40bb5cdcecb21dadc15af0b49fdccdeeb21a3a2afb4c35be7f66f91c09155d65e7c245e3729fa99d4d9cfcf766f115c17f3
7
+ data.tar.gz: 1f0bbca292059d5f856c5460ad4819f7dd4ee830f28fc8e1efd301fa65d5ba050d16d03a6c229564d1a2e5234c082a66c6ad222e2a5f12142708adccf6638578
data/CHANGELOG.md CHANGED
@@ -1,3 +1,7 @@
1
+ # v0.4.0 - 2017-03-30
2
+
3
+ Bump required nokogiri version
4
+
1
5
  # v0.3.3 - 2016-06-07
2
6
 
3
7
  Properly handle HTTP errors on remote image handling. Improved handling of top
data/README.md CHANGED
@@ -160,14 +160,27 @@ file locations.
160
160
  doc = Html2Odt::Document.new
161
161
 
162
162
  doc.image_location_mapping = lambda do |src|
163
- # Attention! Add protection against directory traversal attacks
164
- "/var/www/mywebsite/#{src}"
163
+ root = "/var/www/mywebsite/public"
164
+ path = File.join(root, src)
165
+
166
+ # File.realpath raises Errno::ENOENT, if `path` does not exist in file system.
167
+ valid = File.realpath(path).starts_with?(root) rescue false
168
+
169
+ valid ? path : nil
165
170
  end
166
171
  ```
167
172
 
168
173
  Registering an `image_location_mapping` callback will deactivate the default
169
174
  behaviour of including images with `file` and `http` URLs automatically.
170
175
 
176
+ **Attention:** Be careful! Without a `image_location_mapping` Proc, `html2odt`
177
+ will include any local or remote image into the the resulting ODT. This may
178
+ cause all kinds of vulnerabilities and should only be used with well known
179
+ inputs. When registering an `image_location_mapping` callback, this default
180
+ behaviour is deactivated, but please make sure, that your custom code, does not
181
+ introduce [path traversal](https://en.wikipedia.org/wiki/Directory_traversal_attack)
182
+ vulnerabilities. Following the above example code should be a good start.
183
+
171
184
 
172
185
  ## License
173
186
 
data/html2odt.gemspec CHANGED
@@ -20,7 +20,7 @@ Gem::Specification.new do |spec|
20
20
  spec.executables << "html2odt.rb"
21
21
 
22
22
  spec.add_dependency "dimensions", "~> 1.3.0"
23
- spec.add_dependency "nokogiri", "~> 1.6.8"
23
+ spec.add_dependency "nokogiri", "~> 1.7.1"
24
24
  spec.add_dependency "rubyzip", "~> 1.0"
25
25
 
26
26
  spec.add_development_dependency "bundler", "~> 1.12"
data/lib/html2odt/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Html2Odt
2
- VERSION = "0.3.3"
2
+ VERSION = "0.4.0"
3
3
  end
metadata CHANGED
@@ -1,111 +1,111 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: html2odt
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.3.3
4
+ version: 0.4.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Gregor Schmidt (Planio)
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2016-06-07 00:00:00.000000000 Z
11
+ date: 2017-03-30 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dimensions
15
15
  requirement: !ruby/object:Gem::Requirement
16
16
  requirements:
17
- - - ~>
17
+ - - "~>"
18
18
  - !ruby/object:Gem::Version
19
19
  version: 1.3.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
- - - ~>
24
+ - - "~>"
25
25
  - !ruby/object:Gem::Version
26
26
  version: 1.3.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: nokogiri
29
29
  requirement: !ruby/object:Gem::Requirement
30
30
  requirements:
31
- - - ~>
31
+ - - "~>"
32
32
  - !ruby/object:Gem::Version
33
- version: 1.6.8
33
+ version: 1.7.1
34
34
  type: :runtime
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
- - - ~>
38
+ - - "~>"
39
39
  - !ruby/object:Gem::Version
40
- version: 1.6.8
40
+ version: 1.7.1
41
41
  - !ruby/object:Gem::Dependency
42
42
  name: rubyzip
43
43
  requirement: !ruby/object:Gem::Requirement
44
44
  requirements:
45
- - - ~>
45
+ - - "~>"
46
46
  - !ruby/object:Gem::Version
47
47
  version: '1.0'
48
48
  type: :runtime
49
49
  prerelease: false
50
50
  version_requirements: !ruby/object:Gem::Requirement
51
51
  requirements:
52
- - - ~>
52
+ - - "~>"
53
53
  - !ruby/object:Gem::Version
54
54
  version: '1.0'
55
55
  - !ruby/object:Gem::Dependency
56
56
  name: bundler
57
57
  requirement: !ruby/object:Gem::Requirement
58
58
  requirements:
59
- - - ~>
59
+ - - "~>"
60
60
  - !ruby/object:Gem::Version
61
61
  version: '1.12'
62
62
  type: :development
63
63
  prerelease: false
64
64
  version_requirements: !ruby/object:Gem::Requirement
65
65
  requirements:
66
- - - ~>
66
+ - - "~>"
67
67
  - !ruby/object:Gem::Version
68
68
  version: '1.12'
69
69
  - !ruby/object:Gem::Dependency
70
70
  name: rake
71
71
  requirement: !ruby/object:Gem::Requirement
72
72
  requirements:
73
- - - ~>
73
+ - - "~>"
74
74
  - !ruby/object:Gem::Version
75
75
  version: '10.0'
76
76
  type: :development
77
77
  prerelease: false
78
78
  version_requirements: !ruby/object:Gem::Requirement
79
79
  requirements:
80
- - - ~>
80
+ - - "~>"
81
81
  - !ruby/object:Gem::Version
82
82
  version: '10.0'
83
83
  - !ruby/object:Gem::Dependency
84
84
  name: minitest
85
85
  requirement: !ruby/object:Gem::Requirement
86
86
  requirements:
87
- - - ~>
87
+ - - "~>"
88
88
  - !ruby/object:Gem::Version
89
89
  version: '5.0'
90
90
  type: :development
91
91
  prerelease: false
92
92
  version_requirements: !ruby/object:Gem::Requirement
93
93
  requirements:
94
- - - ~>
94
+ - - "~>"
95
95
  - !ruby/object:Gem::Version
96
96
  version: '5.0'
97
97
  - !ruby/object:Gem::Dependency
98
98
  name: fakeweb
99
99
  requirement: !ruby/object:Gem::Requirement
100
100
  requirements:
101
- - - ~>
101
+ - - "~>"
102
102
  - !ruby/object:Gem::Version
103
103
  version: '1.3'
104
104
  type: :development
105
105
  prerelease: false
106
106
  version_requirements: !ruby/object:Gem::Requirement
107
107
  requirements:
108
- - - ~>
108
+ - - "~>"
109
109
  - !ruby/object:Gem::Version
110
110
  version: '1.3'
111
111
  description: html2odt generates ODT documents based on HTML fragments using xhtml2odt
@@ -117,8 +117,8 @@ executables:
117
117
  extensions: []
118
118
  extra_rdoc_files: []
119
119
  files:
120
- - .gitignore
121
- - .travis.yml
120
+ - ".gitignore"
121
+ - ".travis.yml"
122
122
  - CHANGELOG.md
123
123
  - CODE_OF_CONDUCT.md
124
124
  - Gemfile
@@ -170,17 +170,17 @@ require_paths:
170
170
  - lib
171
171
  required_ruby_version: !ruby/object:Gem::Requirement
172
172
  requirements:
173
- - - '>='
173
+ - - ">="
174
174
  - !ruby/object:Gem::Version
175
175
  version: '0'
176
176
  required_rubygems_version: !ruby/object:Gem::Requirement
177
177
  requirements:
178
- - - '>='
178
+ - - ">="
179
179
  - !ruby/object:Gem::Version
180
180
  version: '0'
181
181
  requirements: []
182
182
  rubyforge_project:
183
- rubygems_version: 2.4.8
183
+ rubygems_version: 2.5.2
184
184
  signing_key:
185
185
  specification_version: 4
186
186
  summary: html2odt generates ODT documents based on HTML fragments