hyrax 2.2.1 → 2.2.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (18) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +2 -2
  3. data/app/actors/hyrax/actors/attach_members_actor.rb +2 -2
  4. data/app/helpers/hyrax/citations_behaviors/formatters/chicago_formatter.rb +10 -3
  5. data/app/views/_flash_msg.html.erb +1 -1
  6. data/app/views/hyrax/batch_edits/edit.html.erb +1 -1
  7. data/app/views/hyrax/dashboard/collections/_flash_msg.html.erb +1 -1
  8. data/app/views/hyrax/file_sets/_extra_fields_modal.html.erb +1 -1
  9. data/app/views/hyrax/file_sets/_show_characterization_details.html.erb +1 -1
  10. data/app/views/hyrax/notifications/_notifications.html.erb +2 -2
  11. data/app/views/hyrax/permissions/confirm_access.html.erb +1 -1
  12. data/app/views/hyrax/stats/file.html.erb +1 -1
  13. data/app/views/hyrax/stats/work.html.erb +1 -1
  14. data/app/views/hyrax/users/_activity_log.html.erb +1 -1
  15. data/lib/hyrax/version.rb +1 -1
  16. data/spec/helpers/hyrax/citations_behaviors/formatters/chicago_formatter_spec.rb +10 -0
  17. data/template.rb +1 -1
  18. metadata +4 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 6f086851536da61deedbb9795675b44319ad7708
4
- data.tar.gz: fdc35cc7f45c521f8b196b8642900270d4714ba9
3
+ metadata.gz: 97fb2ae450f3b4b0c85cfa72f4d05e02e02a628b
4
+ data.tar.gz: 7500fb0e85e5171e2da86f75cd84b0109827f849
5
5
  SHA512:
6
- metadata.gz: 4d043eb1fd8223cf6f517c6eba02228c637bcd5179bd32fae7b2def80373c285e5b5c4c6ba6410585cc35b9e20f8f5ef5ac8da7db260c69aa2825a0a64c3d512
7
- data.tar.gz: 305a94619c505e545a44d8c26ffc2e03168563c5caa0c6bb1ac7cd00b80afe822b1fad3b8a4e8b9e5e75cfe69516b738d6c1c440c13f45d47726ff2bbf371f7f
6
+ metadata.gz: c7da390ffaf5451e88d43261e4d61e9963677a80fa567d54d760c3158d218e2717fb9d65cf0de6915792416d8c5468448c08dfb1b0d64263fe8934f8212c5d12
7
+ data.tar.gz: 65d79abe5721fa5c09bf574d086935edf50784f6908faaf6a1ea2daf71684adae7d7dbac84cc2243d96c53111dc60bf8985ee33cfd6e440aa0fcbba07014e2c7
data/README.md CHANGED
@@ -62,7 +62,7 @@ The Samvera community is here to help. Please see our [support guide](./.github/
62
62
  # Getting started
63
63
 
64
64
  This document contains instructions specific to setting up an app with __Hyrax
65
- v2.2.1__. If you are looking for instructions on installing a different
65
+ v2.2.2__. If you are looking for instructions on installing a different
66
66
  version, be sure to select the appropriate branch or tag from the drop-down
67
67
  menu above.
68
68
 
@@ -161,7 +161,7 @@ NOTE: The steps need to be done in order to create a new Hyrax based app.
161
161
  Generate a new Rails application using the template.
162
162
 
163
163
  ```
164
- rails _5.1.6_ new my_app -m https://raw.githubusercontent.com/samvera/hyrax/v2.2.1/template.rb
164
+ rails _5.1.6_ new my_app -m https://raw.githubusercontent.com/samvera/hyrax/v2.2.2/template.rb
165
165
  ```
166
166
 
167
167
  Generating a new Rails application using Hyrax's template above takes cares of a number of steps for you, including:
data/app/actors/hyrax/actors/attach_members_actor.rb CHANGED
@@ -4,8 +4,8 @@ module Hyrax
4
4
  # that follow the rails nested parameters conventions:
5
5
  # e.g.
6
6
  # 'work_members_attributes' => {
7
- # '0' => { 'id' = '12312412'},
8
- # '1' => { 'id' = '99981228', '_destroy' => 'true' }
7
+ # '0' => { 'id' => '12312412'},
8
+ # '1' => { 'id' => '99981228', '_destroy' => 'true' }
9
9
  # }
10
10
  #
11
11
  # The goal of this actor is to mutate the ordered_members with as few writes
data/app/helpers/hyrax/citations_behaviors/formatters/chicago_formatter.rb CHANGED
@@ -13,11 +13,11 @@ module Hyrax
13
13
  text = "<span class=\"citation-author\">#{text}</span>" if text.present?
14
14
  # Get Pub Date
15
15
  pub_date = setup_pub_date(work)
16
- text << " #{pub_date}." unless pub_date.nil?
16
+ text << " #{whitewash(pub_date)}." unless pub_date.nil?
17
17
 
18
18
  text << format_title(work.to_s)
19
19
  pub_info = setup_pub_info(work, false)
20
- text << " #{pub_info}." if pub_info.present?
20
+ text << " #{whitewash(pub_info)}." if pub_info.present?
21
21
  text.html_safe
22
22
  end
23
23
 
@@ -36,7 +36,7 @@ module Hyrax
36
36
  # if for some reason the first author ended with a comma
37
37
  text.gsub!(',,', ',')
38
38
  text << "." unless text =~ /\.$/
39
- text
39
+ whitewash(text)
40
40
  end
41
41
  # rubocop:enable Metrics/MethodLength
42
42
 
@@ -46,8 +46,15 @@ module Hyrax
46
46
  return "" if title_info.blank?
47
47
  title_text = chicago_citation_title(title_info)
48
48
  title_text << '.' unless title_text =~ /\.$/
49
+ title_text = whitewash(title_text)
49
50
  " <i class=\"citation-title\">#{title_text}</i>"
50
51
  end
52
+
53
+ private
54
+
55
+ def whitewash(text)
56
+ Loofah.fragment(text.to_s).scrub!(:whitewash).to_s
57
+ end
51
58
  end
52
59
  end
53
60
  end
data/app/views/_flash_msg.html.erb CHANGED
@@ -2,7 +2,7 @@
2
2
  <% if flash[type].present? %>
3
3
  <div class="alert <%= flash_dom_class %> alert-dismissable" role="alert">
4
4
  <button type="button" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="true">&times;</span></button>
5
- <%= safe_join(Array.wrap(flash[type]).map(&:html_safe), tag(:br)) %>
5
+ <%= sanitize Array.wrap(flash[type]).join(tag(:br)) %>
6
6
  </div>
7
7
  <% flash.delete(type) %>
8
8
  <% end %>
data/app/views/hyrax/batch_edits/edit.html.erb CHANGED
@@ -2,7 +2,7 @@
2
2
 
3
3
  <div class="scrollx scrolly fileHeight"> <!-- original values -->
4
4
  <h3> <b>Changes will be applied to: (<%= @form.names.size %> works) </b></h3>
5
- <%= @form.names.join(", ").html_safe %>
5
+ <%= sanitize @form.names.join(", ") %>
6
6
  </div> <!-- /original values -->
7
7
 
8
8
  <div>
data/app/views/hyrax/dashboard/collections/_flash_msg.html.erb CHANGED
@@ -2,7 +2,7 @@
2
2
  <% if flash[type].present? %>
3
3
  <div class="alert <%= flash_dom_class %> alert-dismissable" role="alert">
4
4
  <button type="button" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="true">&times;</span></button>
5
- <%= safe_join(Array.wrap(flash[type]).map(&:html_safe), '<br/>'.html_safe) %>
5
+ <%= sanitize Array.wrap(flash[type]).join(tag(:br)) %>
6
6
  </div>
7
7
  <% flash.delete(type) %>
8
8
  <% end %>
data/app/views/hyrax/file_sets/_extra_fields_modal.html.erb CHANGED
@@ -11,7 +11,7 @@
11
11
  <h2 id="extraFieldsModal_<%= name %>_Label">Additional <%= label %>(s)</h2>
12
12
  </div>
13
13
  <div class="modal-body">
14
- <%= values.join("<br />").html_safe %>
14
+ <%= sanitize values.join("<br />") %>
15
15
  </div>
16
16
  <div class="modal-footer">
17
17
  <button class="btn btn-primary" data-dismiss="modal">Close</button>
data/app/views/hyrax/file_sets/_show_characterization_details.html.erb CHANGED
@@ -1,7 +1,7 @@
1
1
  <% @presenter.characterization_metadata.keys.each do |term| %>
2
2
  <div>
3
3
  <% additional_values = @presenter.secondary_characterization_values(term) %>
4
- <%= @presenter.label_for_term(term) %>: <%= @presenter.primary_characterization_values(term).join("<br />").html_safe %>
4
+ <%= @presenter.label_for_term(term) %>: <%= sanitize @presenter.primary_characterization_values(term).join("<br />") %>
5
5
  <% unless additional_values.empty? %>
6
6
  <%= render partial: "extra_fields_modal", locals: { name: term, values: additional_values } %>
7
7
  <% end %>
data/app/views/hyrax/notifications/_notifications.html.erb CHANGED
@@ -17,8 +17,8 @@
17
17
  <%= msg.last_message.created_at.to_formatted_s(:long_ordinal) %>
18
18
  </relative-time>
19
19
  </td>
20
- <td><%= msg.last_message.subject.html_safe %></td>
21
- <td><%= msg.last_message.body.html_safe %></td>
20
+ <td><%= sanitize msg.last_message.subject %></td>
21
+ <td><%= sanitize msg.last_message.body %></td>
22
22
  <td>
23
23
  <%= link_to hyrax.notification_path(msg.id),
24
24
  class: "itemicon itemtrash",
data/app/views/hyrax/permissions/confirm_access.html.erb CHANGED
@@ -3,7 +3,7 @@
3
3
  <h4>Apply changes to contents?<h4>
4
4
  </div>
5
5
  <div class="panel-body">
6
- <%= I18n.t("hyrax.upload.change_access_message_html", curation_concern: curation_concern).html_safe %>
6
+ <%= sanitize I18n.t("hyrax.upload.change_access_message_html", curation_concern: curation_concern) %>
7
7
  </div>
8
8
  <div class="form-actions panel-footer">
9
9
  <%= button_to I18n.t("hyrax.upload.change_access_yes_message"), hyrax.copy_access_permission_path(curation_concern), class: 'btn btn-primary' %>
data/app/views/hyrax/stats/file.html.erb CHANGED
@@ -2,7 +2,7 @@
2
2
  <script>
3
3
  //<![CDATA[
4
4
 
5
- var hyrax_item_stats = <%= @stats.to_flot.to_json.html_safe %>;
5
+ var hyrax_item_stats = <%= raw json_escape @stats.to_flot.to_json %>;
6
6
 
7
7
  //]]>
8
8
  </script>
data/app/views/hyrax/stats/work.html.erb CHANGED
@@ -2,7 +2,7 @@
2
2
  <script>
3
3
  //<![CDATA[
4
4
 
5
- var hyrax_item_stats = <%= @stats.to_flot.to_json.html_safe %>;
5
+ var hyrax_item_stats = <%= raw json_escape @stats.to_flot.to_json %>;
6
6
 
7
7
  //]]>
8
8
  </script>
data/app/views/hyrax/users/_activity_log.html.erb CHANGED
@@ -9,7 +9,7 @@
9
9
  <% events.each do |event| %>
10
10
  <% next if event[:action].blank? or event[:timestamp].blank? %>
11
11
  <tr>
12
- <td><%= event[:action].html_safe %></td>
12
+ <td><%= event[:action] %></td>
13
13
  <% time = Time.zone.at(event[:timestamp].to_i) %>
14
14
  <td data-sort="<%= time.getutc.iso8601(5) %>">
15
15
  <relative-time datetime="<%= time.getutc.iso8601 %>" title="<%= time.to_formatted_s(:standard) %>">
data/lib/hyrax/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Hyrax
2
- VERSION = '2.2.1'.freeze
2
+ VERSION = '2.2.2'.freeze
3
3
  end
data/spec/helpers/hyrax/citations_behaviors/formatters/chicago_formatter_spec.rb ADDED
@@ -0,0 +1,10 @@
1
+ RSpec.describe Hyrax::CitationsBehaviors::Formatters::ChicagoFormatter do
2
+ subject(:formatter) { described_class.new(:no_context) }
3
+
4
+ let(:presenter) { Hyrax::WorkShowPresenter.new(SolrDocument.new(work.to_solr), :no_ability) }
5
+ let(:work) { build(:generic_work, title: ['<ScrIPt>prompt("Confirm Password")</sCRIpt>']) }
6
+
7
+ it 'sanitizes input' do
8
+ expect(formatter.format(presenter)).not_to include 'prompt'
9
+ end
10
+ end
data/template.rb CHANGED
@@ -1,4 +1,4 @@
1
- gem 'hyrax', '2.2.1'
1
+ gem 'hyrax', '2.2.2'
2
2
  run 'bundle install'
3
3
  generate 'hyrax:install', '-f'
4
4
  rails_command 'db:migrate'
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: hyrax
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.2.1
4
+ version: 2.2.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Justin Coyne
@@ -14,7 +14,7 @@ authors:
14
14
  autorequire:
15
15
  bindir: bin
16
16
  cert_chain: []
17
- date: 2018-08-30 00:00:00.000000000 Z
17
+ date: 2018-09-04 00:00:00.000000000 Z
18
18
  dependencies:
19
19
  - !ruby/object:Gem::Dependency
20
20
  name: rails
@@ -2498,6 +2498,7 @@ files:
2498
2498
  - spec/helpers/hyrax/ability_helper_spec.rb
2499
2499
  - spec/helpers/hyrax/batch_edits_helper_spec.rb
2500
2500
  - spec/helpers/hyrax/charts_helper_spec.rb
2501
+ - spec/helpers/hyrax/citations_behaviors/formatters/chicago_formatter_spec.rb
2501
2502
  - spec/helpers/hyrax/collections_helper_spec.rb
2502
2503
  - spec/helpers/hyrax/content_block_helper_spec.rb
2503
2504
  - spec/helpers/hyrax/dashboard_helper_behavior_spec.rb
@@ -3229,6 +3230,7 @@ test_files:
3229
3230
  - spec/helpers/hyrax/ability_helper_spec.rb
3230
3231
  - spec/helpers/hyrax/batch_edits_helper_spec.rb
3231
3232
  - spec/helpers/hyrax/charts_helper_spec.rb
3233
+ - spec/helpers/hyrax/citations_behaviors/formatters/chicago_formatter_spec.rb
3232
3234
  - spec/helpers/hyrax/collections_helper_spec.rb
3233
3235
  - spec/helpers/hyrax/content_block_helper_spec.rb
3234
3236
  - spec/helpers/hyrax/dashboard_helper_behavior_spec.rb