hyrax 2.0.2 → 2.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (20) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +3 -3
  3. data/app/helpers/hyrax/citations_behaviors/formatters/chicago_formatter.rb +10 -3
  4. data/app/views/_flash_msg.html.erb +1 -1
  5. data/app/views/hyrax/batch_edits/edit.html.erb +1 -1
  6. data/app/views/hyrax/file_sets/_extra_fields_modal.html.erb +1 -1
  7. data/app/views/hyrax/file_sets/_show_characterization_details.html.erb +1 -1
  8. data/app/views/hyrax/notifications/_notifications.html.erb +2 -2
  9. data/app/views/hyrax/permissions/confirm_access.html.erb +1 -1
  10. data/app/views/hyrax/stats/file.html.erb +1 -1
  11. data/app/views/hyrax/stats/work.html.erb +1 -1
  12. data/app/views/hyrax/users/_activity_log.html.erb +1 -1
  13. data/hyrax.gemspec +3 -1
  14. data/lib/hyrax/version.rb +1 -1
  15. data/spec/actors/hyrax/actors/file_set_actor_spec.rb +1 -1
  16. data/spec/controllers/hyrax/admin/strategies_controller_spec.rb +13 -2
  17. data/spec/helpers/hyrax/citations_behaviors/formatters/chicago_formatter_spec.rb +10 -0
  18. data/template.rb +1 -1
  19. metadata +26 -5
  20. data/app/views/kaminari/blacklight_compact/_paginator.html.erb +0 -23
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 8cbba68b87a679def263b2954cefc2f513e98c25
4
- data.tar.gz: '07229cce18d1ed0350488029afef7d34a3f56322'
3
+ metadata.gz: fa5aeb61448a7bb4c3f3e44853a9ab847456ae9f
4
+ data.tar.gz: e13c7998086b013f8e1dd4717d79171e5fee0891
5
5
  SHA512:
6
- metadata.gz: 2b7313824660998cd844daee4728874f059b282d03b9db2745dcafff71e93eefb8e9b78f2fd96f27e882c731c9bef7a74a49cfd47cf684bd4dc63cb62aff2d7c
7
- data.tar.gz: 469261a45725b10f3b09f77c36f7d56e74c5ca31b630ba48ab4ac7767c6fcc59b1844d891cce6562d8560eebbc16cfd9fae7d736227354efe7a691ae82dd030b
6
+ metadata.gz: ee5994be411f64cced03b2bdc1204423fe026e396be07cc568f13823ce7fa4a9367214da5ea4be9f10c702e03453a583645b480816c7de215e8375851fc40579
7
+ data.tar.gz: 779f0003fd4c0a235987ef5f1c594797aeb2523106866120ddd7be27a71e509be01cda3a4a70727d36eb694854562c4542a18da2caf995b803b08e4c47ddc838
data/README.md CHANGED
@@ -1,7 +1,7 @@
1
1
  ![Logo](https://raw.githubusercontent.com/samvera/hyrax/gh-pages/assets/images/hyrax_logo_horizontal_white_background.png)
2
2
 
3
3
  Code: [![Version](https://badge.fury.io/rb/hyrax.png)](http://badge.fury.io/rb/hyrax)
4
- [![Build Status](https://travis-ci.org/samvera/hyrax.png?branch=master)](https://travis-ci.org/samvera/hyrax)
4
+ [![Build Status](https://travis-ci.org/samvera/hyrax.png?branch=2.0-stable)](https://travis-ci.org/samvera/hyrax/branches)
5
5
  [![Coverage Status](https://coveralls.io/repos/github/samvera/hyrax/badge.svg?branch=master)](https://coveralls.io/github/samvera/hyrax?branch=master)
6
6
  [![Code Climate](https://codeclimate.com/github/samvera/hyrax/badges/gpa.svg)](https://codeclimate.com/github/samvera/hyrax)
7
7
  [![Dependency Update Status](https://gemnasium.com/samvera/hyrax.png)](https://gemnasium.com/samvera/hyrax)
@@ -63,7 +63,7 @@ The Samvera community is here to help. Please see our [support guide](./.github/
63
63
  # Getting started
64
64
 
65
65
  This document contains instructions specific to setting up an app with __Hyrax
66
- v2.0.2__. If you are looking for instructions on installing a different
66
+ v2.0.3__. If you are looking for instructions on installing a different
67
67
  version, be sure to select the appropriate branch or tag from the drop-down
68
68
  menu above.
69
69
 
@@ -160,7 +160,7 @@ NOTE: The steps need to be done in order to create a new Hyrax based app.
160
160
  Generate a new Rails application using the template.
161
161
 
162
162
  ```
163
- rails _5.0.6_ new my_app -m https://raw.githubusercontent.com/samvera/hyrax/v2.0.1/template.rb
163
+ rails _5.0.6_ new my_app -m https://raw.githubusercontent.com/samvera/hyrax/v2.0.3/template.rb
164
164
  ```
165
165
 
166
166
  Generating a new Rails application using Hyrax's template above takes cares of a number of steps for you, including:
data/app/helpers/hyrax/citations_behaviors/formatters/chicago_formatter.rb CHANGED
@@ -17,11 +17,11 @@ module Hyrax
17
17
  end
18
18
  # Get Pub Date
19
19
  pub_date = setup_pub_date(work)
20
- text << " #{pub_date}." unless pub_date.nil?
20
+ text << " #{whitewash(pub_date)}." unless pub_date.nil?
21
21
 
22
22
  text << format_title(work.to_s)
23
23
  pub_info = setup_pub_info(work, false)
24
- text << " #{pub_info}." if pub_info.present?
24
+ text << " #{whitewash(pub_info)}." if pub_info.present?
25
25
  text.html_safe
26
26
  end
27
27
 
@@ -40,7 +40,7 @@ module Hyrax
40
40
  # if for some reason the first author ended with a comma
41
41
  text.gsub!(',,', ',')
42
42
  text << "." unless text =~ /\.$/
43
- text
43
+ whitewash(text)
44
44
  end
45
45
  # rubocop:enable Metrics/MethodLength
46
46
 
@@ -50,8 +50,15 @@ module Hyrax
50
50
  return "" if title_info.blank?
51
51
  title_text = chicago_citation_title(title_info)
52
52
  title_text << '.' unless title_text =~ /\.$/
53
+ title_text = whitewash(title_text)
53
54
  " <i class=\"citation-title\">#{title_text}</i>"
54
55
  end
56
+
57
+ private
58
+
59
+ def whitewash(text)
60
+ Loofah.fragment(text.to_s).scrub!(:whitewash).to_s
61
+ end
55
62
  end
56
63
  end
57
64
  end
data/app/views/_flash_msg.html.erb CHANGED
@@ -2,7 +2,7 @@
2
2
  <% if flash[type].present? %>
3
3
  <div class="alert <%= flash_dom_class %> alert-dismissable" role="alert">
4
4
  <button type="button" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="true">&times;</span></button>
5
- <%= safe_join(Array.wrap(flash[type]).map(&:html_safe), '<br/>'.html_safe) %>
5
+ <%= sanitize Array.wrap(flash[type]).join(tag(:br)) %>
6
6
  </div>
7
7
  <% flash.delete(type) %>
8
8
  <% end %>
data/app/views/hyrax/batch_edits/edit.html.erb CHANGED
@@ -2,7 +2,7 @@
2
2
 
3
3
  <div class="scrollx scrolly fileHeight"> <!-- original values -->
4
4
  <h3> <b>Changes will be applied to: (<%= @form.names.size %> works) </b></h3>
5
- <%= @form.names.join(", ").html_safe %>
5
+ <%= sanitize @form.names.join(", ") %>
6
6
  </div> <!-- /original values -->
7
7
 
8
8
  <div >
data/app/views/hyrax/file_sets/_extra_fields_modal.html.erb CHANGED
@@ -11,7 +11,7 @@
11
11
  <h2 id="extraFieldsModal_<%=name %>_Label">Additional <%= label %>(s)</h2>
12
12
  </div>
13
13
  <div class="modal-body">
14
- <%= values.join("<br />").html_safe %>
14
+ <%= sanitize values.join("<br />") %>
15
15
  </div>
16
16
  <div class="modal-footer">
17
17
  <button class="btn btn-primary" data-dismiss="modal">Close</button>
data/app/views/hyrax/file_sets/_show_characterization_details.html.erb CHANGED
@@ -1,7 +1,7 @@
1
1
  <% @presenter.characterization_metadata.keys.each do |term| %>
2
2
  <div>
3
3
  <% additional_values = @presenter.secondary_characterization_values(term) %>
4
- <%= @presenter.label_for_term(term) %>: <%= @presenter.primary_characterization_values(term).join("<br />").html_safe %>
4
+ <%= @presenter.label_for_term(term) %>: <%= sanitize @presenter.primary_characterization_values(term).join("<br />") %>
5
5
  <% unless additional_values.empty? %>
6
6
  <%= render partial: "extra_fields_modal", locals: { name: term, values: additional_values } %>
7
7
  <% end %>
data/app/views/hyrax/notifications/_notifications.html.erb CHANGED
@@ -17,8 +17,8 @@
17
17
  <%= msg.last_message.created_at.to_formatted_s(:long_ordinal) %>
18
18
  </relative-time>
19
19
  </td>
20
- <td><%= msg.last_message.subject.html_safe %></td>
21
- <td><%= msg.last_message.body.html_safe %></td>
20
+ <td><%= sanitize msg.last_message.subject %></td>
21
+ <td><%= sanitize msg.last_message.body %></td>
22
22
  <td>
23
23
  <%= link_to hyrax.notification_path(msg.id),
24
24
  class: "itemicon itemtrash",
data/app/views/hyrax/permissions/confirm_access.html.erb CHANGED
@@ -3,7 +3,7 @@
3
3
  <h4>Apply changes to contents?<h4>
4
4
  </div>
5
5
  <div class="panel-body">
6
- <%= I18n.t("hyrax.upload.change_access_message_html", curation_concern: curation_concern).html_safe %>
6
+ <%= sanitize I18n.t("hyrax.upload.change_access_message_html", curation_concern: curation_concern) %>
7
7
  </div>
8
8
  <div class="form-actions panel-footer">
9
9
  <%= button_to I18n.t("hyrax.upload.change_access_yes_message"), hyrax.copy_access_permission_path(curation_concern), class: 'btn btn-primary' %>
data/app/views/hyrax/stats/file.html.erb CHANGED
@@ -1,6 +1,6 @@
1
1
  <!-- Adapted from jquery-flot examples https://github.com/flot/flot/blob/master/examples/visitors/index.html -->
2
2
  <%= javascript_tag do %>
3
- var hyrax_item_stats = <%= @stats.to_flot.to_json.html_safe %>;
3
+ var hyrax_item_stats = <%= raw json_escape @stats.to_flot.to_json %>;
4
4
  <% end %>
5
5
 
6
6
  <%= content_tag :h1, @file_set, class: "lower" %>
data/app/views/hyrax/stats/work.html.erb CHANGED
@@ -1,6 +1,6 @@
1
1
  <!-- Adapted from jquery-flot examples https://github.com/flot/flot/blob/master/examples/visitors/index.html -->
2
2
  <%= javascript_tag do %>
3
- var hyrax_item_stats = <%= @stats.to_flot.to_json.html_safe %>;
3
+ var hyrax_item_stats = <%= raw json_escape @stats.to_flot.to_json %>;
4
4
  <% end %>
5
5
 
6
6
  <%= content_tag :h1, @stats, class: "lower" %>
data/app/views/hyrax/users/_activity_log.html.erb CHANGED
@@ -9,7 +9,7 @@
9
9
  <% events.each do |event| %>
10
10
  <% next if event[:action].blank? or event[:timestamp].blank? %>
11
11
  <tr>
12
- <td><%= event[:action].html_safe %></td>
12
+ <td><%= sanitize event[:action] %></td>
13
13
  <% time = Time.zone.at(event[:timestamp].to_i) %>
14
14
  <td data-sort="<%= time.getutc.iso8601(5) %>">
15
15
  <relative-time datetime="<%= time.getutc.iso8601 %>" title="<%= time.to_formatted_s(:standard) %>">
data/hyrax.gemspec CHANGED
@@ -60,6 +60,8 @@ EOF
60
60
  spec.add_dependency 'jquery-datatables-rails', '~> 3.4'
61
61
  spec.add_dependency 'rdf-rdfxml' # controlled vocabulary importer
62
62
  spec.add_dependency 'clipboard-rails', '~> 1.5'
63
+ # Devise 4.5 removes the 'trackable' module, which we depend on
64
+ spec.add_dependency 'devise', '<= 4.4.99'
63
65
  spec.add_dependency 'rails_autolink', '~> 1.1'
64
66
  spec.add_dependency 'active_fedora-noid', '~> 2.0', '>= 2.0.2'
65
67
  spec.add_dependency 'awesome_nested_set', '~> 3.1'
@@ -78,7 +80,7 @@ EOF
78
80
  spec.add_development_dependency 'engine_cart', '~> 1.2'
79
81
  spec.add_development_dependency 'mida', '~> 0.3'
80
82
  spec.add_development_dependency 'database_cleaner', '~> 1.3'
81
- spec.add_development_dependency 'solr_wrapper', '~> 1.1'
83
+ spec.add_development_dependency 'solr_wrapper', '>= 1.1', '< 3.0'
82
84
  spec.add_development_dependency 'fcrepo_wrapper', '~> 0.5', '>= 0.5.1'
83
85
  spec.add_development_dependency 'rspec-rails', '~> 3.1'
84
86
  spec.add_development_dependency 'rspec-its', '~> 1.1'
data/lib/hyrax/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Hyrax
2
- VERSION = '2.0.2'.freeze
2
+ VERSION = '2.0.3'.freeze
3
3
  end
data/spec/actors/hyrax/actors/file_set_actor_spec.rb CHANGED
@@ -278,7 +278,7 @@ RSpec.describe Hyrax::Actors::FileSetActor do
278
278
  actor.attach_to_work(work)
279
279
  expect(work.representative).to eq(file_set)
280
280
  expect(work.thumbnail).to eq(file_set)
281
- expect { work.reload }.not_to change { [work.representative, work.thumbnail] }
281
+ expect { work.reload }.not_to change { [work.representative.id, work.thumbnail.id] }
282
282
  end
283
283
  end
284
284
 
data/spec/controllers/hyrax/admin/strategies_controller_spec.rb CHANGED
@@ -1,14 +1,25 @@
1
1
  RSpec.describe Hyrax::Admin::StrategiesController do
2
2
  describe "#update" do
3
3
  before do
4
+ # Added when Flipflop bumped to 2.3.2. See also https://github.com/voormedia/flipflop/issues/26
5
+ Flipflop::FeatureSet.current.instance_variable_set(:@features, original_feature_hash.merge(feature_id => feature))
6
+
4
7
  sign_in user
5
8
  end
9
+
10
+ after do
11
+ Flipflop::FeatureSet.current.instance_variable_set(:@features, original_feature_hash)
12
+ end
13
+
14
+ let(:original_feature_hash) { Flipflop::FeatureSet.current.instance_variable_get(:@features) }
6
15
  let(:user) { create(:user) }
7
16
  let(:strategy) { Flipflop::Strategies::ActiveRecordStrategy.new(class: Hyrax::Feature).key }
17
+ let(:feature) { double('feature', id: feature_id, key: 'foo') }
18
+ let(:feature_id) { :my_feature }
8
19
 
9
20
  context "when not authorized" do
10
21
  it "redirects away" do
11
- patch :update, params: { feature_id: '123', id: strategy }
22
+ patch :update, params: { feature_id: feature.id, id: strategy }
12
23
  expect(response).to redirect_to root_path
13
24
  end
14
25
  end
@@ -20,7 +31,7 @@ RSpec.describe Hyrax::Admin::StrategiesController do
20
31
  end
21
32
 
22
33
  it "is successful" do
23
- patch :update, params: { feature_id: '123', id: strategy }
34
+ patch :update, params: { feature_id: feature.id, id: strategy }
24
35
  expect(response).to redirect_to Hyrax::Engine.routes.url_helpers.admin_features_path(locale: 'en')
25
36
  end
26
37
  end
data/spec/helpers/hyrax/citations_behaviors/formatters/chicago_formatter_spec.rb ADDED
@@ -0,0 +1,10 @@
1
+ RSpec.describe Hyrax::CitationsBehaviors::Formatters::ChicagoFormatter do
2
+ subject(:formatter) { described_class.new(:no_context) }
3
+
4
+ let(:presenter) { Hyrax::WorkShowPresenter.new(SolrDocument.new(work.to_solr), :no_ability) }
5
+ let(:work) { build(:generic_work, title: ['<ScrIPt>prompt("Confirm Password")</sCRIpt>']) }
6
+
7
+ it 'sanitizes input' do
8
+ expect(formatter.format(presenter)).not_to include 'prompt'
9
+ end
10
+ end
data/template.rb CHANGED
@@ -1,4 +1,4 @@
1
- gem 'hyrax', '2.0.2'
1
+ gem 'hyrax', '2.0.3'
2
2
  run 'bundle install'
3
3
  generate 'hyrax:install', '-f'
4
4
  rails_command 'db:migrate'
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: hyrax
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.0.2
4
+ version: 2.0.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - Justin Coyne
@@ -14,7 +14,7 @@ authors:
14
14
  autorequire:
15
15
  bindir: bin
16
16
  cert_chain: []
17
- date: 2018-03-08 00:00:00.000000000 Z
17
+ date: 2018-09-14 00:00:00.000000000 Z
18
18
  dependencies:
19
19
  - !ruby/object:Gem::Dependency
20
20
  name: rails
@@ -422,6 +422,20 @@ dependencies:
422
422
  - - "~>"
423
423
  - !ruby/object:Gem::Version
424
424
  version: '1.5'
425
+ - !ruby/object:Gem::Dependency
426
+ name: devise
427
+ requirement: !ruby/object:Gem::Requirement
428
+ requirements:
429
+ - - "<="
430
+ - !ruby/object:Gem::Version
431
+ version: 4.4.99
432
+ type: :runtime
433
+ prerelease: false
434
+ version_requirements: !ruby/object:Gem::Requirement
435
+ requirements:
436
+ - - "<="
437
+ - !ruby/object:Gem::Version
438
+ version: 4.4.99
425
439
  - !ruby/object:Gem::Dependency
426
440
  name: rails_autolink
427
441
  requirement: !ruby/object:Gem::Requirement
@@ -674,16 +688,22 @@ dependencies:
674
688
  name: solr_wrapper
675
689
  requirement: !ruby/object:Gem::Requirement
676
690
  requirements:
677
- - - "~>"
691
+ - - ">="
678
692
  - !ruby/object:Gem::Version
679
693
  version: '1.1'
694
+ - - "<"
695
+ - !ruby/object:Gem::Version
696
+ version: '3.0'
680
697
  type: :development
681
698
  prerelease: false
682
699
  version_requirements: !ruby/object:Gem::Requirement
683
700
  requirements:
684
- - - "~>"
701
+ - - ">="
685
702
  - !ruby/object:Gem::Version
686
703
  version: '1.1'
704
+ - - "<"
705
+ - !ruby/object:Gem::Version
706
+ version: '3.0'
687
707
  - !ruby/object:Gem::Dependency
688
708
  name: fcrepo_wrapper
689
709
  requirement: !ruby/object:Gem::Requirement
@@ -1890,7 +1910,6 @@ files:
1890
1910
  - app/views/hyrax/users/index.html.erb
1891
1911
  - app/views/hyrax/users/index.json.jbuilder
1892
1912
  - app/views/hyrax/users/show.html.erb
1893
- - app/views/kaminari/blacklight_compact/_paginator.html.erb
1894
1913
  - app/views/layouts/_head_tag_content.html.erb
1895
1914
  - app/views/layouts/dashboard.html.erb
1896
1915
  - app/views/layouts/error.html.erb
@@ -2306,6 +2325,7 @@ files:
2306
2325
  - spec/helpers/hyrax/ability_helper_spec.rb
2307
2326
  - spec/helpers/hyrax/batch_edits_helper_spec.rb
2308
2327
  - spec/helpers/hyrax/charts_helper_spec.rb
2328
+ - spec/helpers/hyrax/citations_behaviors/formatters/chicago_formatter_spec.rb
2309
2329
  - spec/helpers/hyrax/collections_helper_spec.rb
2310
2330
  - spec/helpers/hyrax/content_block_helper_spec.rb
2311
2331
  - spec/helpers/hyrax/file_set_helper_spec.rb
@@ -2943,6 +2963,7 @@ test_files:
2943
2963
  - spec/helpers/hyrax/ability_helper_spec.rb
2944
2964
  - spec/helpers/hyrax/batch_edits_helper_spec.rb
2945
2965
  - spec/helpers/hyrax/charts_helper_spec.rb
2966
+ - spec/helpers/hyrax/citations_behaviors/formatters/chicago_formatter_spec.rb
2946
2967
  - spec/helpers/hyrax/collections_helper_spec.rb
2947
2968
  - spec/helpers/hyrax/content_block_helper_spec.rb
2948
2969
  - spec/helpers/hyrax/file_set_helper_spec.rb
data/app/views/kaminari/blacklight_compact/_paginator.html.erb DELETED
@@ -1,23 +0,0 @@
1
- <%# This is copied from blacklight-5.5.3/app/views/kaminari/blacklight_compact/_paginator.html.erb
2
- so we can add a aria-hidden="true" attribute around it. If that gets added into
3
- Blacklight, this file can be removed
4
- -%>
5
- <% if total_pages > 1 -%>
6
- <%# #render checks if total_pages > 1, so we can't put our fallback
7
- in here .. -%>
8
- <%= paginator.render do -%>
9
- <div aria-hidden="true" class="page_links">
10
- <%= prev_page_tag %> |
11
- <span class="page_entries">
12
- <%= page_entries_info %>
13
- </span> |
14
- <%= next_page_tag %>
15
- </div>
16
- <% end -%>
17
- <% else -%>
18
- <div aria-hidden="true" class="page_links">
19
- <span class="page_entries">
20
- <%= page_entries_info %>
21
- </span>
22
- </div>
23
- <% end -%>