html2odt 0.3.3 → 0.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +4 -0
  3. data/README.md +15 -2
  4. data/html2odt.gemspec +1 -1
  5. data/lib/html2odt/version.rb +1 -1
  6. metadata +23 -23
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: d6e392a2bb293ff1f5ddade2b2584369040903a6
4
- data.tar.gz: a95aa2ca695d94b779ea9357cdc9a282871e1a52
3
+ metadata.gz: 17739952ee2010c4787bc33475552edf2f4a4053
4
+ data.tar.gz: 3e5140a764870fe43268d1089cb926315f8cfc85
5
5
  SHA512:
6
- metadata.gz: 6bd769ca10d9cb05d365da4fc37dced0136b5509e94ff21e527ae50f920cb3c470cc4031e4b534856ff5d86ab96f402f6abe88f9df77da12ae07052c989f6ee0
7
- data.tar.gz: 201dc464672f62141c80486f8a6984e89f56d793829936eedfe23c97b5e6eb86187bf56d2febbf0273c1eda938414a92b90c64ec59c7594e77709ed5e8634f46
6
+ metadata.gz: 8b2d33e402c811c8b0705e90f914e40bb5cdcecb21dadc15af0b49fdccdeeb21a3a2afb4c35be7f66f91c09155d65e7c245e3729fa99d4d9cfcf766f115c17f3
7
+ data.tar.gz: 1f0bbca292059d5f856c5460ad4819f7dd4ee830f28fc8e1efd301fa65d5ba050d16d03a6c229564d1a2e5234c082a66c6ad222e2a5f12142708adccf6638578
data/CHANGELOG.md CHANGED
@@ -1,3 +1,7 @@
1
+ # v0.4.0 - 2017-03-30
2
+
3
+ Bump required nokogiri version
4
+
1
5
  # v0.3.3 - 2016-06-07
2
6
 
3
7
  Properly handle HTTP errors on remote image handling. Improved handling of top
data/README.md CHANGED
@@ -160,14 +160,27 @@ file locations.
160
160
  doc = Html2Odt::Document.new
161
161
 
162
162
  doc.image_location_mapping = lambda do |src|
163
- # Attention! Add protection against directory traversal attacks
164
- "/var/www/mywebsite/#{src}"
163
+ root = "/var/www/mywebsite/public"
164
+ path = File.join(root, src)
165
+
166
+ # File.realpath raises Errno::ENOENT, if `path` does not exist in file system.
167
+ valid = File.realpath(path).starts_with?(root) rescue false
168
+
169
+ valid ? path : nil
165
170
  end
166
171
  ```
167
172
 
168
173
  Registering an `image_location_mapping` callback will deactivate the default
169
174
  behaviour of including images with `file` and `http` URLs automatically.
170
175
 
176
+ **Attention:** Be careful! Without a `image_location_mapping` Proc, `html2odt`
177
+ will include any local or remote image into the the resulting ODT. This may
178
+ cause all kinds of vulnerabilities and should only be used with well known
179
+ inputs. When registering an `image_location_mapping` callback, this default
180
+ behaviour is deactivated, but please make sure, that your custom code, does not
181
+ introduce [path traversal](https://en.wikipedia.org/wiki/Directory_traversal_attack)
182
+ vulnerabilities. Following the above example code should be a good start.
183
+
171
184
 
172
185
  ## License
173
186
 
data/html2odt.gemspec CHANGED
@@ -20,7 +20,7 @@ Gem::Specification.new do |spec|
20
20
  spec.executables << "html2odt.rb"
21
21
 
22
22
  spec.add_dependency "dimensions", "~> 1.3.0"
23
- spec.add_dependency "nokogiri", "~> 1.6.8"
23
+ spec.add_dependency "nokogiri", "~> 1.7.1"
24
24
  spec.add_dependency "rubyzip", "~> 1.0"
25
25
 
26
26
  spec.add_development_dependency "bundler", "~> 1.12"
data/lib/html2odt/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Html2Odt
2
- VERSION = "0.3.3"
2
+ VERSION = "0.4.0"
3
3
  end
metadata CHANGED
@@ -1,111 +1,111 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: html2odt
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.3.3
4
+ version: 0.4.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Gregor Schmidt (Planio)
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2016-06-07 00:00:00.000000000 Z
11
+ date: 2017-03-30 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dimensions
15
15
  requirement: !ruby/object:Gem::Requirement
16
16
  requirements:
17
- - - ~>
17
+ - - "~>"
18
18
  - !ruby/object:Gem::Version
19
19
  version: 1.3.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
- - - ~>
24
+ - - "~>"
25
25
  - !ruby/object:Gem::Version
26
26
  version: 1.3.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: nokogiri
29
29
  requirement: !ruby/object:Gem::Requirement
30
30
  requirements:
31
- - - ~>
31
+ - - "~>"
32
32
  - !ruby/object:Gem::Version
33
- version: 1.6.8
33
+ version: 1.7.1
34
34
  type: :runtime
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
- - - ~>
38
+ - - "~>"
39
39
  - !ruby/object:Gem::Version
40
- version: 1.6.8
40
+ version: 1.7.1
41
41
  - !ruby/object:Gem::Dependency
42
42
  name: rubyzip
43
43
  requirement: !ruby/object:Gem::Requirement
44
44
  requirements:
45
- - - ~>
45
+ - - "~>"
46
46
  - !ruby/object:Gem::Version
47
47
  version: '1.0'
48
48
  type: :runtime
49
49
  prerelease: false
50
50
  version_requirements: !ruby/object:Gem::Requirement
51
51
  requirements:
52
- - - ~>
52
+ - - "~>"
53
53
  - !ruby/object:Gem::Version
54
54
  version: '1.0'
55
55
  - !ruby/object:Gem::Dependency
56
56
  name: bundler
57
57
  requirement: !ruby/object:Gem::Requirement
58
58
  requirements:
59
- - - ~>
59
+ - - "~>"
60
60
  - !ruby/object:Gem::Version
61
61
  version: '1.12'
62
62
  type: :development
63
63
  prerelease: false
64
64
  version_requirements: !ruby/object:Gem::Requirement
65
65
  requirements:
66
- - - ~>
66
+ - - "~>"
67
67
  - !ruby/object:Gem::Version
68
68
  version: '1.12'
69
69
  - !ruby/object:Gem::Dependency
70
70
  name: rake
71
71
  requirement: !ruby/object:Gem::Requirement
72
72
  requirements:
73
- - - ~>
73
+ - - "~>"
74
74
  - !ruby/object:Gem::Version
75
75
  version: '10.0'
76
76
  type: :development
77
77
  prerelease: false
78
78
  version_requirements: !ruby/object:Gem::Requirement
79
79
  requirements:
80
- - - ~>
80
+ - - "~>"
81
81
  - !ruby/object:Gem::Version
82
82
  version: '10.0'
83
83
  - !ruby/object:Gem::Dependency
84
84
  name: minitest
85
85
  requirement: !ruby/object:Gem::Requirement
86
86
  requirements:
87
- - - ~>
87
+ - - "~>"
88
88
  - !ruby/object:Gem::Version
89
89
  version: '5.0'
90
90
  type: :development
91
91
  prerelease: false
92
92
  version_requirements: !ruby/object:Gem::Requirement
93
93
  requirements:
94
- - - ~>
94
+ - - "~>"
95
95
  - !ruby/object:Gem::Version
96
96
  version: '5.0'
97
97
  - !ruby/object:Gem::Dependency
98
98
  name: fakeweb
99
99
  requirement: !ruby/object:Gem::Requirement
100
100
  requirements:
101
- - - ~>
101
+ - - "~>"
102
102
  - !ruby/object:Gem::Version
103
103
  version: '1.3'
104
104
  type: :development
105
105
  prerelease: false
106
106
  version_requirements: !ruby/object:Gem::Requirement
107
107
  requirements:
108
- - - ~>
108
+ - - "~>"
109
109
  - !ruby/object:Gem::Version
110
110
  version: '1.3'
111
111
  description: html2odt generates ODT documents based on HTML fragments using xhtml2odt
@@ -117,8 +117,8 @@ executables:
117
117
  extensions: []
118
118
  extra_rdoc_files: []
119
119
  files:
120
- - .gitignore
121
- - .travis.yml
120
+ - ".gitignore"
121
+ - ".travis.yml"
122
122
  - CHANGELOG.md
123
123
  - CODE_OF_CONDUCT.md
124
124
  - Gemfile
@@ -170,17 +170,17 @@ require_paths:
170
170
  - lib
171
171
  required_ruby_version: !ruby/object:Gem::Requirement
172
172
  requirements:
173
- - - '>='
173
+ - - ">="
174
174
  - !ruby/object:Gem::Version
175
175
  version: '0'
176
176
  required_rubygems_version: !ruby/object:Gem::Requirement
177
177
  requirements:
178
- - - '>='
178
+ - - ">="
179
179
  - !ruby/object:Gem::Version
180
180
  version: '0'
181
181
  requirements: []
182
182
  rubyforge_project:
183
- rubygems_version: 2.4.8
183
+ rubygems_version: 2.5.2
184
184
  signing_key:
185
185
  specification_version: 4
186
186
  summary: html2odt generates ODT documents based on HTML fragments