hyrax 2.0.2 → 2.0.3

Sign up to get free protection for your applications and to get access to all the features.
Files changed (20) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +3 -3
  3. data/app/helpers/hyrax/citations_behaviors/formatters/chicago_formatter.rb +10 -3
  4. data/app/views/_flash_msg.html.erb +1 -1
  5. data/app/views/hyrax/batch_edits/edit.html.erb +1 -1
  6. data/app/views/hyrax/file_sets/_extra_fields_modal.html.erb +1 -1
  7. data/app/views/hyrax/file_sets/_show_characterization_details.html.erb +1 -1
  8. data/app/views/hyrax/notifications/_notifications.html.erb +2 -2
  9. data/app/views/hyrax/permissions/confirm_access.html.erb +1 -1
  10. data/app/views/hyrax/stats/file.html.erb +1 -1
  11. data/app/views/hyrax/stats/work.html.erb +1 -1
  12. data/app/views/hyrax/users/_activity_log.html.erb +1 -1
  13. data/hyrax.gemspec +3 -1
  14. data/lib/hyrax/version.rb +1 -1
  15. data/spec/actors/hyrax/actors/file_set_actor_spec.rb +1 -1
  16. data/spec/controllers/hyrax/admin/strategies_controller_spec.rb +13 -2
  17. data/spec/helpers/hyrax/citations_behaviors/formatters/chicago_formatter_spec.rb +10 -0
  18. data/template.rb +1 -1
  19. metadata +26 -5
  20. data/app/views/kaminari/blacklight_compact/_paginator.html.erb +0 -23
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 8cbba68b87a679def263b2954cefc2f513e98c25
4
- data.tar.gz: '07229cce18d1ed0350488029afef7d34a3f56322'
3
+ metadata.gz: fa5aeb61448a7bb4c3f3e44853a9ab847456ae9f
4
+ data.tar.gz: e13c7998086b013f8e1dd4717d79171e5fee0891
5
5
  SHA512:
6
- metadata.gz: 2b7313824660998cd844daee4728874f059b282d03b9db2745dcafff71e93eefb8e9b78f2fd96f27e882c731c9bef7a74a49cfd47cf684bd4dc63cb62aff2d7c
7
- data.tar.gz: 469261a45725b10f3b09f77c36f7d56e74c5ca31b630ba48ab4ac7767c6fcc59b1844d891cce6562d8560eebbc16cfd9fae7d736227354efe7a691ae82dd030b
6
+ metadata.gz: ee5994be411f64cced03b2bdc1204423fe026e396be07cc568f13823ce7fa4a9367214da5ea4be9f10c702e03453a583645b480816c7de215e8375851fc40579
7
+ data.tar.gz: 779f0003fd4c0a235987ef5f1c594797aeb2523106866120ddd7be27a71e509be01cda3a4a70727d36eb694854562c4542a18da2caf995b803b08e4c47ddc838
data/README.md CHANGED
@@ -1,7 +1,7 @@
1
1
  ![Logo](https://raw.githubusercontent.com/samvera/hyrax/gh-pages/assets/images/hyrax_logo_horizontal_white_background.png)
2
2
 
3
3
  Code: [![Version](https://badge.fury.io/rb/hyrax.png)](http://badge.fury.io/rb/hyrax)
4
- [![Build Status](https://travis-ci.org/samvera/hyrax.png?branch=master)](https://travis-ci.org/samvera/hyrax)
4
+ [![Build Status](https://travis-ci.org/samvera/hyrax.png?branch=2.0-stable)](https://travis-ci.org/samvera/hyrax/branches)
5
5
  [![Coverage Status](https://coveralls.io/repos/github/samvera/hyrax/badge.svg?branch=master)](https://coveralls.io/github/samvera/hyrax?branch=master)
6
6
  [![Code Climate](https://codeclimate.com/github/samvera/hyrax/badges/gpa.svg)](https://codeclimate.com/github/samvera/hyrax)
7
7
  [![Dependency Update Status](https://gemnasium.com/samvera/hyrax.png)](https://gemnasium.com/samvera/hyrax)
@@ -63,7 +63,7 @@ The Samvera community is here to help. Please see our [support guide](./.github/
63
63
  # Getting started
64
64
 
65
65
  This document contains instructions specific to setting up an app with __Hyrax
66
- v2.0.2__. If you are looking for instructions on installing a different
66
+ v2.0.3__. If you are looking for instructions on installing a different
67
67
  version, be sure to select the appropriate branch or tag from the drop-down
68
68
  menu above.
69
69
 
@@ -160,7 +160,7 @@ NOTE: The steps need to be done in order to create a new Hyrax based app.
160
160
  Generate a new Rails application using the template.
161
161
 
162
162
  ```
163
- rails _5.0.6_ new my_app -m https://raw.githubusercontent.com/samvera/hyrax/v2.0.1/template.rb
163
+ rails _5.0.6_ new my_app -m https://raw.githubusercontent.com/samvera/hyrax/v2.0.3/template.rb
164
164
  ```
165
165
 
166
166
  Generating a new Rails application using Hyrax's template above takes cares of a number of steps for you, including:
data/app/helpers/hyrax/citations_behaviors/formatters/chicago_formatter.rb CHANGED
@@ -17,11 +17,11 @@ module Hyrax
17
17
  end
18
18
  # Get Pub Date
19
19
  pub_date = setup_pub_date(work)
20
- text << " #{pub_date}." unless pub_date.nil?
20
+ text << " #{whitewash(pub_date)}." unless pub_date.nil?
21
21
 
22
22
  text << format_title(work.to_s)
23
23
  pub_info = setup_pub_info(work, false)
24
- text << " #{pub_info}." if pub_info.present?
24
+ text << " #{whitewash(pub_info)}." if pub_info.present?
25
25
  text.html_safe
26
26
  end
27
27
 
@@ -40,7 +40,7 @@ module Hyrax
40
40
  # if for some reason the first author ended with a comma
41
41
  text.gsub!(',,', ',')
42
42
  text << "." unless text =~ /\.$/
43
- text
43
+ whitewash(text)
44
44
  end
45
45
  # rubocop:enable Metrics/MethodLength
46
46
 
@@ -50,8 +50,15 @@ module Hyrax
50
50
  return "" if title_info.blank?
51
51
  title_text = chicago_citation_title(title_info)
52
52
  title_text << '.' unless title_text =~ /\.$/
53
+ title_text = whitewash(title_text)
53
54
  " <i class=\"citation-title\">#{title_text}</i>"
54
55
  end
56
+
57
+ private
58
+
59
+ def whitewash(text)
60
+ Loofah.fragment(text.to_s).scrub!(:whitewash).to_s
61
+ end
55
62
  end
56
63
  end
57
64
  end
data/app/views/_flash_msg.html.erb CHANGED
@@ -2,7 +2,7 @@
2
2
  <% if flash[type].present? %>
3
3
  <div class="alert <%= flash_dom_class %> alert-dismissable" role="alert">
4
4
  <button type="button" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="true">&times;</span></button>
5
- <%= safe_join(Array.wrap(flash[type]).map(&:html_safe), '<br/>'.html_safe) %>
5
+ <%= sanitize Array.wrap(flash[type]).join(tag(:br)) %>
6
6
  </div>
7
7
  <% flash.delete(type) %>
8
8
  <% end %>
data/app/views/hyrax/batch_edits/edit.html.erb CHANGED
@@ -2,7 +2,7 @@
2
2
 
3
3
  <div class="scrollx scrolly fileHeight"> <!-- original values -->
4
4
  <h3> <b>Changes will be applied to: (<%= @form.names.size %> works) </b></h3>
5
- <%= @form.names.join(", ").html_safe %>
5
+ <%= sanitize @form.names.join(", ") %>
6
6
  </div> <!-- /original values -->
7
7
 
8
8
  <div >
data/app/views/hyrax/file_sets/_extra_fields_modal.html.erb CHANGED
@@ -11,7 +11,7 @@
11
11
  <h2 id="extraFieldsModal_<%=name %>_Label">Additional <%= label %>(s)</h2>
12
12
  </div>
13
13
  <div class="modal-body">
14
- <%= values.join("<br />").html_safe %>
14
+ <%= sanitize values.join("<br />") %>
15
15
  </div>
16
16
  <div class="modal-footer">
17
17
  <button class="btn btn-primary" data-dismiss="modal">Close</button>
data/app/views/hyrax/file_sets/_show_characterization_details.html.erb CHANGED
@@ -1,7 +1,7 @@
1
1
  <% @presenter.characterization_metadata.keys.each do |term| %>
2
2
  <div>
3
3
  <% additional_values = @presenter.secondary_characterization_values(term) %>
4
- <%= @presenter.label_for_term(term) %>: <%= @presenter.primary_characterization_values(term).join("<br />").html_safe %>
4
+ <%= @presenter.label_for_term(term) %>: <%= sanitize @presenter.primary_characterization_values(term).join("<br />") %>
5
5
  <% unless additional_values.empty? %>
6
6
  <%= render partial: "extra_fields_modal", locals: { name: term, values: additional_values } %>
7
7
  <% end %>
data/app/views/hyrax/notifications/_notifications.html.erb CHANGED
@@ -17,8 +17,8 @@
17
17
  <%= msg.last_message.created_at.to_formatted_s(:long_ordinal) %>
18
18
  </relative-time>
19
19
  </td>
20
- <td><%= msg.last_message.subject.html_safe %></td>
21
- <td><%= msg.last_message.body.html_safe %></td>
20
+ <td><%= sanitize msg.last_message.subject %></td>
21
+ <td><%= sanitize msg.last_message.body %></td>
22
22
  <td>
23
23
  <%= link_to hyrax.notification_path(msg.id),
24
24
  class: "itemicon itemtrash",
data/app/views/hyrax/permissions/confirm_access.html.erb CHANGED
@@ -3,7 +3,7 @@
3
3
  <h4>Apply changes to contents?<h4>
4
4
  </div>
5
5
  <div class="panel-body">
6
- <%= I18n.t("hyrax.upload.change_access_message_html", curation_concern: curation_concern).html_safe %>
6
+ <%= sanitize I18n.t("hyrax.upload.change_access_message_html", curation_concern: curation_concern) %>
7
7
  </div>
8
8
  <div class="form-actions panel-footer">
9
9
  <%= button_to I18n.t("hyrax.upload.change_access_yes_message"), hyrax.copy_access_permission_path(curation_concern), class: 'btn btn-primary' %>
data/app/views/hyrax/stats/file.html.erb CHANGED
@@ -1,6 +1,6 @@
1
1
  <!-- Adapted from jquery-flot examples https://github.com/flot/flot/blob/master/examples/visitors/index.html -->
2
2
  <%= javascript_tag do %>
3
- var hyrax_item_stats = <%= @stats.to_flot.to_json.html_safe %>;
3
+ var hyrax_item_stats = <%= raw json_escape @stats.to_flot.to_json %>;
4
4
  <% end %>
5
5
 
6
6
  <%= content_tag :h1, @file_set, class: "lower" %>
data/app/views/hyrax/stats/work.html.erb CHANGED
@@ -1,6 +1,6 @@
1
1
  <!-- Adapted from jquery-flot examples https://github.com/flot/flot/blob/master/examples/visitors/index.html -->
2
2
  <%= javascript_tag do %>
3
- var hyrax_item_stats = <%= @stats.to_flot.to_json.html_safe %>;
3
+ var hyrax_item_stats = <%= raw json_escape @stats.to_flot.to_json %>;
4
4
  <% end %>
5
5
 
6
6
  <%= content_tag :h1, @stats, class: "lower" %>
data/app/views/hyrax/users/_activity_log.html.erb CHANGED
@@ -9,7 +9,7 @@
9
9
  <% events.each do |event| %>
10
10
  <% next if event[:action].blank? or event[:timestamp].blank? %>
11
11
  <tr>
12
- <td><%= event[:action].html_safe %></td>
12
+ <td><%= sanitize event[:action] %></td>
13
13
  <% time = Time.zone.at(event[:timestamp].to_i) %>
14
14
  <td data-sort="<%= time.getutc.iso8601(5) %>">
15
15
  <relative-time datetime="<%= time.getutc.iso8601 %>" title="<%= time.to_formatted_s(:standard) %>">
data/hyrax.gemspec CHANGED
@@ -60,6 +60,8 @@ EOF
60
60
  spec.add_dependency 'jquery-datatables-rails', '~> 3.4'
61
61
  spec.add_dependency 'rdf-rdfxml' # controlled vocabulary importer
62
62
  spec.add_dependency 'clipboard-rails', '~> 1.5'
63
+ # Devise 4.5 removes the 'trackable' module, which we depend on
64
+ spec.add_dependency 'devise', '<= 4.4.99'
63
65
  spec.add_dependency 'rails_autolink', '~> 1.1'
64
66
  spec.add_dependency 'active_fedora-noid', '~> 2.0', '>= 2.0.2'
65
67
  spec.add_dependency 'awesome_nested_set', '~> 3.1'
@@ -78,7 +80,7 @@ EOF
78
80
  spec.add_development_dependency 'engine_cart', '~> 1.2'
79
81
  spec.add_development_dependency 'mida', '~> 0.3'
80
82
  spec.add_development_dependency 'database_cleaner', '~> 1.3'
81
- spec.add_development_dependency 'solr_wrapper', '~> 1.1'
83
+ spec.add_development_dependency 'solr_wrapper', '>= 1.1', '< 3.0'
82
84
  spec.add_development_dependency 'fcrepo_wrapper', '~> 0.5', '>= 0.5.1'
83
85
  spec.add_development_dependency 'rspec-rails', '~> 3.1'
84
86
  spec.add_development_dependency 'rspec-its', '~> 1.1'
data/lib/hyrax/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Hyrax
2
- VERSION = '2.0.2'.freeze
2
+ VERSION = '2.0.3'.freeze
3
3
  end
data/spec/actors/hyrax/actors/file_set_actor_spec.rb CHANGED
@@ -278,7 +278,7 @@ RSpec.describe Hyrax::Actors::FileSetActor do
278
278
  actor.attach_to_work(work)
279
279
  expect(work.representative).to eq(file_set)
280
280
  expect(work.thumbnail).to eq(file_set)
281
- expect { work.reload }.not_to change { [work.representative, work.thumbnail] }
281
+ expect { work.reload }.not_to change { [work.representative.id, work.thumbnail.id] }
282
282
  end
283
283
  end
284
284
 
data/spec/controllers/hyrax/admin/strategies_controller_spec.rb CHANGED
@@ -1,14 +1,25 @@
1
1
  RSpec.describe Hyrax::Admin::StrategiesController do
2
2
  describe "#update" do
3
3
  before do
4
+ # Added when Flipflop bumped to 2.3.2. See also https://github.com/voormedia/flipflop/issues/26
5
+ Flipflop::FeatureSet.current.instance_variable_set(:@features, original_feature_hash.merge(feature_id => feature))
6
+
4
7
  sign_in user
5
8
  end
9
+
10
+ after do
11
+ Flipflop::FeatureSet.current.instance_variable_set(:@features, original_feature_hash)
12
+ end
13
+
14
+ let(:original_feature_hash) { Flipflop::FeatureSet.current.instance_variable_get(:@features) }
6
15
  let(:user) { create(:user) }
7
16
  let(:strategy) { Flipflop::Strategies::ActiveRecordStrategy.new(class: Hyrax::Feature).key }
17
+ let(:feature) { double('feature', id: feature_id, key: 'foo') }
18
+ let(:feature_id) { :my_feature }
8
19
 
9
20
  context "when not authorized" do
10
21
  it "redirects away" do
11
- patch :update, params: { feature_id: '123', id: strategy }
22
+ patch :update, params: { feature_id: feature.id, id: strategy }
12
23
  expect(response).to redirect_to root_path
13
24
  end
14
25
  end
@@ -20,7 +31,7 @@ RSpec.describe Hyrax::Admin::StrategiesController do
20
31
  end
21
32
 
22
33
  it "is successful" do
23
- patch :update, params: { feature_id: '123', id: strategy }
34
+ patch :update, params: { feature_id: feature.id, id: strategy }
24
35
  expect(response).to redirect_to Hyrax::Engine.routes.url_helpers.admin_features_path(locale: 'en')
25
36
  end
26
37
  end
data/spec/helpers/hyrax/citations_behaviors/formatters/chicago_formatter_spec.rb ADDED
@@ -0,0 +1,10 @@
1
+ RSpec.describe Hyrax::CitationsBehaviors::Formatters::ChicagoFormatter do
2
+ subject(:formatter) { described_class.new(:no_context) }
3
+
4
+ let(:presenter) { Hyrax::WorkShowPresenter.new(SolrDocument.new(work.to_solr), :no_ability) }
5
+ let(:work) { build(:generic_work, title: ['<ScrIPt>prompt("Confirm Password")</sCRIpt>']) }
6
+
7
+ it 'sanitizes input' do
8
+ expect(formatter.format(presenter)).not_to include 'prompt'
9
+ end
10
+ end
data/template.rb CHANGED
@@ -1,4 +1,4 @@
1
- gem 'hyrax', '2.0.2'
1
+ gem 'hyrax', '2.0.3'
2
2
  run 'bundle install'
3
3
  generate 'hyrax:install', '-f'
4
4
  rails_command 'db:migrate'
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: hyrax
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.0.2
4
+ version: 2.0.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - Justin Coyne
@@ -14,7 +14,7 @@ authors:
14
14
  autorequire:
15
15
  bindir: bin
16
16
  cert_chain: []
17
- date: 2018-03-08 00:00:00.000000000 Z
17
+ date: 2018-09-14 00:00:00.000000000 Z
18
18
  dependencies:
19
19
  - !ruby/object:Gem::Dependency
20
20
  name: rails
@@ -422,6 +422,20 @@ dependencies:
422
422
  - - "~>"
423
423
  - !ruby/object:Gem::Version
424
424
  version: '1.5'
425
+ - !ruby/object:Gem::Dependency
426
+ name: devise
427
+ requirement: !ruby/object:Gem::Requirement
428
+ requirements:
429
+ - - "<="
430
+ - !ruby/object:Gem::Version
431
+ version: 4.4.99
432
+ type: :runtime
433
+ prerelease: false
434
+ version_requirements: !ruby/object:Gem::Requirement
435
+ requirements:
436
+ - - "<="
437
+ - !ruby/object:Gem::Version
438
+ version: 4.4.99
425
439
  - !ruby/object:Gem::Dependency
426
440
  name: rails_autolink
427
441
  requirement: !ruby/object:Gem::Requirement
@@ -674,16 +688,22 @@ dependencies:
674
688
  name: solr_wrapper
675
689
  requirement: !ruby/object:Gem::Requirement
676
690
  requirements:
677
- - - "~>"
691
+ - - ">="
678
692
  - !ruby/object:Gem::Version
679
693
  version: '1.1'
694
+ - - "<"
695
+ - !ruby/object:Gem::Version
696
+ version: '3.0'
680
697
  type: :development
681
698
  prerelease: false
682
699
  version_requirements: !ruby/object:Gem::Requirement
683
700
  requirements:
684
- - - "~>"
701
+ - - ">="
685
702
  - !ruby/object:Gem::Version
686
703
  version: '1.1'
704
+ - - "<"
705
+ - !ruby/object:Gem::Version
706
+ version: '3.0'
687
707
  - !ruby/object:Gem::Dependency
688
708
  name: fcrepo_wrapper
689
709
  requirement: !ruby/object:Gem::Requirement
@@ -1890,7 +1910,6 @@ files:
1890
1910
  - app/views/hyrax/users/index.html.erb
1891
1911
  - app/views/hyrax/users/index.json.jbuilder
1892
1912
  - app/views/hyrax/users/show.html.erb
1893
- - app/views/kaminari/blacklight_compact/_paginator.html.erb
1894
1913
  - app/views/layouts/_head_tag_content.html.erb
1895
1914
  - app/views/layouts/dashboard.html.erb
1896
1915
  - app/views/layouts/error.html.erb
@@ -2306,6 +2325,7 @@ files:
2306
2325
  - spec/helpers/hyrax/ability_helper_spec.rb
2307
2326
  - spec/helpers/hyrax/batch_edits_helper_spec.rb
2308
2327
  - spec/helpers/hyrax/charts_helper_spec.rb
2328
+ - spec/helpers/hyrax/citations_behaviors/formatters/chicago_formatter_spec.rb
2309
2329
  - spec/helpers/hyrax/collections_helper_spec.rb
2310
2330
  - spec/helpers/hyrax/content_block_helper_spec.rb
2311
2331
  - spec/helpers/hyrax/file_set_helper_spec.rb
@@ -2943,6 +2963,7 @@ test_files:
2943
2963
  - spec/helpers/hyrax/ability_helper_spec.rb
2944
2964
  - spec/helpers/hyrax/batch_edits_helper_spec.rb
2945
2965
  - spec/helpers/hyrax/charts_helper_spec.rb
2966
+ - spec/helpers/hyrax/citations_behaviors/formatters/chicago_formatter_spec.rb
2946
2967
  - spec/helpers/hyrax/collections_helper_spec.rb
2947
2968
  - spec/helpers/hyrax/content_block_helper_spec.rb
2948
2969
  - spec/helpers/hyrax/file_set_helper_spec.rb
data/app/views/kaminari/blacklight_compact/_paginator.html.erb DELETED
@@ -1,23 +0,0 @@
1
- <%# This is copied from blacklight-5.5.3/app/views/kaminari/blacklight_compact/_paginator.html.erb
2
- so we can add a aria-hidden="true" attribute around it. If that gets added into
3
- Blacklight, this file can be removed
4
- -%>
5
- <% if total_pages > 1 -%>
6
- <%# #render checks if total_pages > 1, so we can't put our fallback
7
- in here .. -%>
8
- <%= paginator.render do -%>
9
- <div aria-hidden="true" class="page_links">
10
- <%= prev_page_tag %> |
11
- <span class="page_entries">
12
- <%= page_entries_info %>
13
- </span> |
14
- <%= next_page_tag %>
15
- </div>
16
- <% end -%>
17
- <% else -%>
18
- <div aria-hidden="true" class="page_links">
19
- <span class="page_entries">
20
- <%= page_entries_info %>
21
- </span>
22
- </div>
23
- <% end -%>