hyrax 1.1.0 → 1.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: f12bc4422975b30df6990632d50bbd5b39bfa033
4
- data.tar.gz: 1cbc32cf3989e372d2cff38780af758606fbaec3
3
+ metadata.gz: 8d3112e5f08e4c0da060fde290645a29b69bab62
4
+ data.tar.gz: d2b16f75eacb1a606a80dce93a86f93de4f5ef0c
5
5
  SHA512:
6
- metadata.gz: 74c91fe48c1b7c981ae6c81201d3cbd8732c4efacdfbfb4dcb0652f799a6317efaafcb5171f8dc26a54577cfa834623f9fb2aae01ee62d52fcc41335519a8826
7
- data.tar.gz: 577a72b3cfe93ba8b47d02da6d418a2dad6066ac9c874c92070a9d4d4beabaaaac5962d1860ecd5b2d60184023a406f859715869bcd8bab0aa158c160642cd3b
6
+ metadata.gz: 4916d4b71847fa4e0fabd5a477f5efa6ba99484493b9ef3de440d379e967d7a09c2bbb054a24f6529561eef820713ef6059ba1571d74bc150b439df556fb6bef
7
+ data.tar.gz: 54f5e65e0105faf6cad75868409030eff13e52f72cffe3a4d1a0299a72eac339f9136bfe46116ec237878bf779cbea02633bc23368f312214d764e3068e47603
data/README.md CHANGED
@@ -59,7 +59,7 @@ If you have questions or need help, please email [the Samvera community tech lis
59
59
  # Getting started
60
60
 
61
61
  This document contains instructions specific to setting up an app with __Hyrax
62
- v1.1.0__. If you are looking for instructions on installing a different
62
+ v1.1.1__. If you are looking for instructions on installing a different
63
63
  version, be sure to select the appropriate branch or tag from the drop-down
64
64
  menu above.
65
65
 
@@ -133,7 +133,7 @@ Rails requires that you have a JavaScript runtime -- for example, nodejs -- inst
133
133
  Generate a new Rails application using the template.
134
134
 
135
135
  ```
136
- rails new my_app -m https://raw.githubusercontent.com/samvera/hyrax/v1.1.0/template.rb
136
+ rails new my_app -m https://raw.githubusercontent.com/samvera/hyrax/v1.1.1/template.rb
137
137
  ```
138
138
 
139
139
  Generating a new Rails application using Hyrax's template above takes cares of a number of steps for you, including:
@@ -16,17 +16,18 @@ module Hyrax
16
16
  end
17
17
  # Get Pub Date
18
18
  pub_date = setup_pub_date(work)
19
- text << " #{pub_date}." unless pub_date.nil?
19
+ text << " #{whitewash(pub_date)}." unless pub_date.nil?
20
20
 
21
21
  text << format_title(work.to_s)
22
22
  pub_info = setup_pub_info(work, false)
23
- text << " #{pub_info}." if pub_info.present?
23
+ text << " #{whitewash(pub_info)}." if pub_info.present?
24
24
  text.html_safe
25
25
  end
26
26
 
27
27
  def format_authors(authors_list = [])
28
+ text = ''
29
+
28
30
  unless authors_list.blank?
29
- text = ''
30
31
  text << surname_first(authors_list.first) if authors_list.first
31
32
  authors_list[1..6].each_with_index do |author, index|
32
33
  text << if index + 2 == authors_list.length # we've skipped the first author
@@ -37,10 +38,11 @@ module Hyrax
37
38
  end
38
39
  text << " et al." if authors_list.length > 7
39
40
  end
41
+
40
42
  # if for some reason the first author ended with a comma
41
43
  text.gsub!(',,', ',')
42
44
  text << "." unless text =~ /\.$/
43
- text
45
+ whitewash(text)
44
46
  end
45
47
 
46
48
  def format_date(pub_date); end
@@ -49,8 +51,15 @@ module Hyrax
49
51
  return "" if title_info.blank?
50
52
  title_text = chicago_citation_title(title_info)
51
53
  title_text << '.' unless title_text =~ /\.$/
54
+ title_text = whitewash(title_text)
52
55
  " <i class=\"citation-title\">#{title_text}</i>"
53
56
  end
57
+
58
+ private
59
+
60
+ def whitewash(text)
61
+ Loofah.fragment(text.to_s).scrub!(:whitewash).to_s
62
+ end
54
63
  end
55
64
  end
56
65
  end
@@ -2,7 +2,7 @@
2
2
  <% if flash[type].present? %>
3
3
  <div class="alert <%= flash_dom_class %> alert-dismissable" role="alert">
4
4
  <button type="button" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="true">&times;</span></button>
5
- <%= safe_join(Array.wrap(flash[type]).map(&:html_safe), '<br/>'.html_safe) %>
5
+ <%= sanitize Array.wrap(flash[type]).join(tag(:br)) %>
6
6
  </div>
7
7
  <% flash.delete(type) %>
8
8
  <% end %>
@@ -2,7 +2,7 @@
2
2
 
3
3
  <div class="scrollx scrolly fileHeight"> <!-- original values -->
4
4
  <h3> <b>Changes will be applied to: (<%= @form.names.size %> works) </b></h3>
5
- <%= @form.names.join(", ").html_safe %>
5
+ <%= sanitize @form.names.join(", ") %>
6
6
  </div> <!-- /original values -->
7
7
 
8
8
  <div >
@@ -11,7 +11,7 @@
11
11
  <h2 id="extraFieldsModal_<%=name %>_Label">Additional <%= label %>(s)</h2>
12
12
  </div>
13
13
  <div class="modal-body">
14
- <%= values.join("<br />").html_safe %>
14
+ <%= sanitize values.join("<br />") %>
15
15
  </div>
16
16
  <div class="modal-footer">
17
17
  <button class="btn btn-primary" data-dismiss="modal">Close</button>
@@ -1,7 +1,7 @@
1
1
  <% @presenter.characterization_metadata.keys.each do |term| %>
2
2
  <div>
3
3
  <% additional_values = @presenter.secondary_characterization_values(term) %>
4
- <%= @presenter.label_for_term(term) %>: <%= @presenter.primary_characterization_values(term).join("<br />").html_safe %>
4
+ <%= @presenter.label_for_term(term) %>: <%= sanitize @presenter.primary_characterization_values(term).join("<br />") %>
5
5
  <% unless additional_values.empty? %>
6
6
  <%= render partial: "extra_fields_modal", locals: { name: term, values: additional_values } %>
7
7
  <% end %>
@@ -3,7 +3,7 @@
3
3
  <h4>Apply changes to contents?<h4>
4
4
  </div>
5
5
  <div class="panel-body">
6
- <%= I18n.t("hyrax.upload.change_access_message_html", curation_concern: curation_concern).html_safe %>
6
+ <%= sanitize I18n.t("hyrax.upload.change_access_message_html", curation_concern: curation_concern) %>
7
7
  </div>
8
8
  <div class="form-actions panel-footer">
9
9
  <%= button_to I18n.t("hyrax.upload.change_access_yes_message"), hyrax.copy_access_permission_path(curation_concern), class: 'btn btn-primary' %>
@@ -1,6 +1,6 @@
1
1
  <!-- Adapted from jquery-flot examples https://github.com/flot/flot/blob/master/examples/visitors/index.html -->
2
2
  <%= javascript_tag do %>
3
- var hyrax_item_stats = <%= @stats.to_flot.to_json.html_safe %>;
3
+ var hyrax_item_stats = <%= raw json_escape @stats.to_flot.to_json %>;
4
4
  <% end %>
5
5
 
6
6
  <%= content_tag :h1, @file_set, class: "lower" %>
@@ -1,6 +1,6 @@
1
1
  <!-- Adapted from jquery-flot examples https://github.com/flot/flot/blob/master/examples/visitors/index.html -->
2
2
  <%= javascript_tag do %>
3
- var hyrax_item_stats = <%= @stats.to_flot.to_json.html_safe %>;
3
+ var hyrax_item_stats = <%= raw json_escape @stats.to_flot.to_json %>;
4
4
  <% end %>
5
5
 
6
6
  <%= content_tag :h1, @stats, class: "lower" %>
@@ -9,7 +9,7 @@
9
9
  <% events.each do |event| %>
10
10
  <% next if event[:action].blank? or event[:timestamp].blank? %>
11
11
  <tr>
12
- <td><%= event[:action].html_safe %></td>
12
+ <td><%= sanitize event[:action] %></td>
13
13
  <td><%= time_ago_in_words(Time.zone.at(event[:timestamp].to_i)) %> ago</td>
14
14
  </tr>
15
15
  <% end %>
data/hyrax.gemspec CHANGED
@@ -55,6 +55,8 @@ EOF
55
55
  spec.add_dependency 'rdf-rdfxml' # controlled vocabulary importer
56
56
  spec.add_dependency 'railties', '~> 5.0'
57
57
  spec.add_dependency 'clipboard-rails', '~> 1.5'
58
+ # Devise 4.5 removes the 'trackable' module, which we depend on
59
+ spec.add_dependency 'devise', '<= 4.4.99'
58
60
  spec.add_dependency 'rails_autolink', '~> 1.1'
59
61
  spec.add_dependency 'active_fedora-noid', '~> 2.0', '>= 2.0.2'
60
62
  spec.add_dependency 'awesome_nested_set', '~> 3.1'
@@ -73,7 +75,7 @@ EOF
73
75
  spec.add_development_dependency 'engine_cart', '~> 1.0'
74
76
  spec.add_development_dependency 'mida', '~> 0.3'
75
77
  spec.add_development_dependency 'database_cleaner', '~> 1.3'
76
- spec.add_development_dependency 'solr_wrapper', '~> 0.5'
78
+ spec.add_development_dependency 'solr_wrapper', '~> 0.5', '< 3.0'
77
79
  spec.add_development_dependency 'fcrepo_wrapper', '~> 0.5', '>= 0.5.1'
78
80
  spec.add_development_dependency 'rspec-rails', '~> 3.1'
79
81
  spec.add_development_dependency 'rspec-its', '~> 1.1'
data/lib/hyrax/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Hyrax
2
- VERSION = '1.1.0'.freeze
2
+ VERSION = '1.1.1'.freeze
3
3
  end
@@ -3,14 +3,25 @@ require 'spec_helper'
3
3
  RSpec.describe Hyrax::Admin::StrategiesController do
4
4
  describe "#update" do
5
5
  before do
6
+ # Added when Flipflop bumped to 2.3.2. See also https://github.com/voormedia/flipflop/issues/26
7
+ Flipflop::FeatureSet.current.instance_variable_set(:@features, original_feature_hash.merge(feature_id => feature))
8
+
6
9
  sign_in user
7
10
  end
11
+
12
+ after do
13
+ Flipflop::FeatureSet.current.instance_variable_set(:@features, original_feature_hash)
14
+ end
15
+
16
+ let(:original_feature_hash) { Flipflop::FeatureSet.current.instance_variable_get(:@features) }
8
17
  let(:user) { create(:user) }
9
18
  let(:strategy) { Flipflop::Strategies::ActiveRecordStrategy.new(class: Hyrax::Feature).key }
19
+ let(:feature) { double('feature', id: feature_id, key: 'foo') }
20
+ let(:feature_id) { :my_feature }
10
21
 
11
22
  context "when not authorized" do
12
23
  it "redirects away" do
13
- patch :update, params: { feature_id: '123', id: strategy }
24
+ patch :update, params: { feature_id: feature.id, id: strategy }
14
25
  expect(response).to redirect_to root_path
15
26
  end
16
27
  end
@@ -22,7 +33,7 @@ RSpec.describe Hyrax::Admin::StrategiesController do
22
33
  end
23
34
 
24
35
  it "is successful" do
25
- patch :update, params: { feature_id: '123', id: strategy }
36
+ patch :update, params: { feature_id: feature.id, id: strategy }
26
37
  expect(response).to redirect_to Hyrax::Engine.routes.url_helpers.admin_features_path(locale: 'en')
27
38
  end
28
39
  end
@@ -0,0 +1,10 @@
1
+ RSpec.describe Hyrax::CitationsBehaviors::Formatters::ChicagoFormatter do
2
+ subject(:formatter) { described_class.new(:no_context) }
3
+
4
+ let(:presenter) { Hyrax::WorkShowPresenter.new(SolrDocument.new(work.to_solr), :no_ability) }
5
+ let(:work) { build(:generic_work, title: ['<ScrIPt>prompt("Confirm Password")</sCRIpt>']) }
6
+
7
+ it 'sanitizes input' do
8
+ expect(formatter.format(presenter)).not_to include 'prompt'
9
+ end
10
+ end
data/template.rb CHANGED
@@ -1,4 +1,4 @@
1
- gem 'hyrax', '1.1.0'
1
+ gem 'hyrax', '1.1.1'
2
2
 
3
3
  run 'bundle install'
4
4
 
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: hyrax
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.1.0
4
+ version: 1.1.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Justin Coyne
@@ -14,7 +14,7 @@ authors:
14
14
  autorequire:
15
15
  bindir: bin
16
16
  cert_chain: []
17
- date: 2018-04-17 00:00:00.000000000 Z
17
+ date: 2018-09-19 00:00:00.000000000 Z
18
18
  dependencies:
19
19
  - !ruby/object:Gem::Dependency
20
20
  name: hydra-head
@@ -466,6 +466,20 @@ dependencies:
466
466
  - - "~>"
467
467
  - !ruby/object:Gem::Version
468
468
  version: '1.5'
469
+ - !ruby/object:Gem::Dependency
470
+ name: devise
471
+ requirement: !ruby/object:Gem::Requirement
472
+ requirements:
473
+ - - "<="
474
+ - !ruby/object:Gem::Version
475
+ version: 4.4.99
476
+ type: :runtime
477
+ prerelease: false
478
+ version_requirements: !ruby/object:Gem::Requirement
479
+ requirements:
480
+ - - "<="
481
+ - !ruby/object:Gem::Version
482
+ version: 4.4.99
469
483
  - !ruby/object:Gem::Dependency
470
484
  name: rails_autolink
471
485
  requirement: !ruby/object:Gem::Requirement
@@ -735,6 +749,9 @@ dependencies:
735
749
  - - "~>"
736
750
  - !ruby/object:Gem::Version
737
751
  version: '0.5'
752
+ - - "<"
753
+ - !ruby/object:Gem::Version
754
+ version: '3.0'
738
755
  type: :development
739
756
  prerelease: false
740
757
  version_requirements: !ruby/object:Gem::Requirement
@@ -742,6 +759,9 @@ dependencies:
742
759
  - - "~>"
743
760
  - !ruby/object:Gem::Version
744
761
  version: '0.5'
762
+ - - "<"
763
+ - !ruby/object:Gem::Version
764
+ version: '3.0'
745
765
  - !ruby/object:Gem::Dependency
746
766
  name: fcrepo_wrapper
747
767
  requirement: !ruby/object:Gem::Requirement
@@ -2247,6 +2267,7 @@ files:
2247
2267
  - spec/helpers/dashboard_helper_spec.rb
2248
2268
  - spec/helpers/hyrax/ability_helper_spec.rb
2249
2269
  - spec/helpers/hyrax/charts_helper_spec.rb
2270
+ - spec/helpers/hyrax/citations_behaviors/formatters/chicago_formatter_spec.rb
2250
2271
  - spec/helpers/hyrax/collections_helper_spec.rb
2251
2272
  - spec/helpers/hyrax/content_block_helper_spec.rb
2252
2273
  - spec/helpers/hyrax/file_set_helper_spec.rb
@@ -2837,6 +2858,7 @@ test_files:
2837
2858
  - spec/helpers/dashboard_helper_spec.rb
2838
2859
  - spec/helpers/hyrax/ability_helper_spec.rb
2839
2860
  - spec/helpers/hyrax/charts_helper_spec.rb
2861
+ - spec/helpers/hyrax/citations_behaviors/formatters/chicago_formatter_spec.rb
2840
2862
  - spec/helpers/hyrax/collections_helper_spec.rb
2841
2863
  - spec/helpers/hyrax/content_block_helper_spec.rb
2842
2864
  - spec/helpers/hyrax/file_set_helper_spec.rb