htmltoword 1.1.0 → 1.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -5
- data/README.md +8 -1
- data/lib/htmltoword/document.rb +1 -1
- data/lib/htmltoword/version.rb +1 -1
- metadata +3 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
|
-
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
2
|
+
SHA256:
|
|
3
|
+
metadata.gz: 0a135dbc0c341e9b4b5825c9e744d2b87be4ed5c9fd8b201c6be2a5d3aea4b2c
|
|
4
|
+
data.tar.gz: 3e915b1d35d3089492318134721f4c8107734cd5f240574a81e25fe573c18e2f
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 46c56d29f481e8a5b0dc69631e1bd3f269af1b5886d9968cc407760967914ac66626649299288044907ac41871da1f825a18a73e1100c2509ae7e59024b2b6c5
|
|
7
|
+
data.tar.gz: f66e0e6c5e6bb0b29405ce9137850e06fc6d8385991f068e9362b8d6bf5e0963eca49fdf4449190bb256b5337b701dbbf1a3d4464bd625ef734ff79d850b6bb5
|
data/README.md
CHANGED
|
@@ -15,7 +15,14 @@ Or install it yourself as:
|
|
|
15
15
|
$ gem install htmltoword
|
|
16
16
|
|
|
17
17
|
|
|
18
|
-
**
|
|
18
|
+
**Note:** Since version 0.4.0 the ```create``` method will return a string with the contents of the file. If you want to save the file please use ```create_and_save```. See the usage for more
|
|
19
|
+
|
|
20
|
+
### Security warnings
|
|
21
|
+
In versions `0.7.0` and `1.0.0` we introduced a security vulnerability when allowing
|
|
22
|
+
the use of local images since no check to the files was done, potentially exposing
|
|
23
|
+
sensitive files in the output zipfile.
|
|
24
|
+
|
|
25
|
+
Version `1.1.0` doesn't allow the use of local images but uses an insecure `open`
|
|
19
26
|
|
|
20
27
|
## Usage
|
|
21
28
|
|
data/lib/htmltoword/document.rb
CHANGED
|
@@ -79,7 +79,7 @@ module Htmltoword
|
|
|
79
79
|
#stream the image files into the media folder using open-uri
|
|
80
80
|
@image_files.each do |hash|
|
|
81
81
|
out.put_next_entry("word/media/#{hash[:filename]}")
|
|
82
|
-
open(hash[:url], 'rb') do |f|
|
|
82
|
+
URI.open(hash[:url], 'rb') do |f|
|
|
83
83
|
out.write(f.read)
|
|
84
84
|
end
|
|
85
85
|
end
|
data/lib/htmltoword/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: htmltoword
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.1.
|
|
4
|
+
version: 1.1.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Nicholas Frandsen, Cristina Matonte
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2019-11-11 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: actionpack
|
|
@@ -174,8 +174,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
174
174
|
- !ruby/object:Gem::Version
|
|
175
175
|
version: '0'
|
|
176
176
|
requirements: []
|
|
177
|
-
|
|
178
|
-
rubygems_version: 2.6.13
|
|
177
|
+
rubygems_version: 3.0.3
|
|
179
178
|
signing_key:
|
|
180
179
|
specification_version: 4
|
|
181
180
|
summary: This simple gem allows you to create MS Word docx documents from simple html
|