hyrax 2.5.0 → 2.5.1

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 07d676d225e5f0e4dcf90474785b25b46ba44433088bd4f939b30ac893018907
4
- data.tar.gz: '098e92006e2286deb06fe494b56a725051f25076906887842c922706a6502ea2'
3
+ metadata.gz: 52ca5db4f8ce55b87305b9bfbbbe4bfc7464958f5070e3cb4911f04feed87352
4
+ data.tar.gz: 4f9977600707f112927aed03cc8f985f7b125ca04d13344a3effb66350755ca2
5
5
  SHA512:
6
- metadata.gz: 4f2d39f2437e74fa39d13c35e30a931822b61aca590a0fdabd4136df2b5af8ac1a4110398c33cb7f60b5a595dae4cabc55d002d64520625fab99ef2301485dfe
7
- data.tar.gz: b2d0d871115bd3c2ba06265f59a47906511b69be05fba5152444bb0e01a9b07ed3df586e622bd91b176b9ee8b805e48a0107e394f178a93db4b69aa9ef7066be
6
+ metadata.gz: ea378dc6fb860157cf4330ed9d82d915123c89da7db61b44412fe44fc18da317806ad0716d08fec07d8b98cec963531607b828a6fab1a771a0576e2d8e649e52
7
+ data.tar.gz: 304be0cc47238943179bd32d1d843c7a7a7413c4daf4bcc58d9cdba5fcdb7a024e5cb4e7f55b4656872c4f352a36533b5f6d05b21cb6441ce1cdc084c9838d5c
data/README.md CHANGED
@@ -1,7 +1,6 @@
1
1
  ![Logo](https://raw.githubusercontent.com/samvera/hyrax/gh-pages/assets/images/hyrax_logo_horizontal_white_background.png)
2
2
 
3
3
  Code: [![Version](https://badge.fury.io/rb/hyrax.png)](http://badge.fury.io/rb/hyrax)
4
- [![Build Status](https://travis-ci.org/samvera/hyrax.png?branch=master)](https://travis-ci.org/samvera/hyrax)
5
4
  [![CircleCI](https://circleci.com/gh/samvera/hyrax.svg?style=svg)](https://circleci.com/gh/samvera/hyrax)
6
5
  [![Coverage Status](https://coveralls.io/repos/github/samvera/hyrax/badge.svg?branch=master)](https://coveralls.io/github/samvera/hyrax?branch=master)
7
6
  [![Code Climate](https://codeclimate.com/github/samvera/hyrax/badges/gpa.svg)](https://codeclimate.com/github/samvera/hyrax)
@@ -163,7 +162,7 @@ NOTE: The steps need to be done in order to create a new Hyrax based app.
163
162
  Generate a new Rails application using the template.
164
163
 
165
164
  ```
166
- rails _5.1.6_ new my_app -m https://raw.githubusercontent.com/samvera/hyrax/v2.5.0/template.rb
165
+ rails _5.1.6_ new my_app -m https://raw.githubusercontent.com/samvera/hyrax/v2.5.1/template.rb
167
166
  ```
168
167
 
169
168
  Generating a new Rails application using Hyrax's template above takes cares of a number of steps for you, including:
@@ -326,7 +325,7 @@ If you'd like to help the development effort and you're not sure where to get st
326
325
 
327
326
  # Development
328
327
 
329
- The [Hyrax Development Guide](https://github.com/samvera/hyrax/wiki/Hyrax-Development-Guide) is for people who want to modify Hyrax itself, not an application that uses Hyrax.
328
+ The [Hyrax Development Guide](https://github.com/samvera/hyrax/wiki/Hyrax-Development-Guide) is for people who want to modify Hyrax itself, not an application that uses Hyrax. See especially the [Quick Start](https://github.com/samvera/hyrax/wiki/Hyrax-Development-Guide#quick-start-for-hyrax-development) guide and instructions for running the [Hyrax test suite](https://github.com/samvera/hyrax/wiki/Hyrax-Development-Guide#run-the-test-suite).
330
329
 
331
330
  ## Reporting Security Issues
332
331
 
@@ -279,10 +279,10 @@ module Hyrax
279
279
  public_files = []
280
280
  uploaded_file_ids.each_with_index do |ufi, i|
281
281
  if ufi.include?('public')
282
- update_logo_info(ufi, params["alttext"][i], params["linkurl"][i])
282
+ update_logo_info(ufi, params["alttext"][i], verify_linkurl(params["linkurl"][i]))
283
283
  public_files << ufi
284
284
  else # brand new one, insert in the database
285
- logo_info = create_logo_info(ufi, params["alttext"][i], params["linkurl"][i])
285
+ logo_info = create_logo_info(ufi, params["alttext"][i], verify_linkurl(params["linkurl"][i]))
286
286
  public_files << logo_info.local_path
287
287
  end
288
288
  end
@@ -458,6 +458,17 @@ module Hyrax
458
458
  def params_for_query
459
459
  params.merge(q: params[:cq])
460
460
  end
461
+
462
+ # Only accept HTTP|HTTPS urls;
463
+ # @return <String> the url
464
+ def verify_linkurl(linkurl)
465
+ url = Loofah.scrub_fragment(linkurl, :prune).to_s
466
+ url if valid_url?(url)
467
+ end
468
+
469
+ def valid_url?(url)
470
+ (url =~ URI.regexp(['http', 'https']))
471
+ end
461
472
  end
462
473
  end
463
474
  end
@@ -1,3 +1,3 @@
1
1
  module Hyrax
2
- VERSION = '2.5.0'.freeze
2
+ VERSION = '2.5.1'.freeze
3
3
  end
@@ -82,7 +82,7 @@ RSpec.describe Hyrax::Dashboard::CollectionsController, :clean_repo do
82
82
  }
83
83
 
84
84
  expect(assigns[:collection].member_objects).to eq [asset1]
85
- asset_results = ActiveFedora::SolrService.instance.conn.get "select", params: { fq: ["id:\"#{asset1.id}\""], fl: ['id', Solrizer.solr_name(:collection)] }
85
+ asset_results = ActiveFedora::SolrService.instance.conn.get "select", params: { fq: ["id:\"#{asset1.id}\""], fl: ['id', ActiveFedora.index_field_mapper.solr_name(:collection)] }
86
86
  expect(asset_results["response"]["numFound"]).to eq 1
87
87
  doc = asset_results["response"]["docs"].first
88
88
  expect(doc["id"]).to eq asset1.id
@@ -294,6 +294,49 @@ RSpec.describe Hyrax::Dashboard::CollectionsController, :clean_repo do
294
294
 
295
295
  expect(CollectionBrandingInfo.where(collection_id: collection.id, role: "logo", alt_text: "Logo alt Text", target_url: "http://abc.com").where("local_path LIKE '%logo.gif'")).to exist
296
296
  end
297
+
298
+ context 'where the linkurl is not a valid http|http link' do
299
+ it "does not save linkurl containing html; target_url is empty" do
300
+ val = double(["/public/logo.gif"])
301
+ allow(val).to receive(:file_url).and_return("/public/logo.gif")
302
+ allow(Hyrax::UploadedFile).to receive(:find).with("1").and_return(val)
303
+
304
+ allow(File).to receive(:split).with(any_args).and_return(["logo.gif"])
305
+ allow(FileUtils).to receive(:cp).with(any_args).and_return(nil)
306
+
307
+ put :update, params: { id: collection, logo_files: [1], alttext: ["Logo alt Text"], linkurl: ["<script>remove_me</script>"], collection: { creator: ['Emily'] }, update_collection: true }
308
+ collection.reload
309
+
310
+ expect(
311
+ CollectionBrandingInfo.where(
312
+ collection_id: collection.id,
313
+ role: "logo",
314
+ alt_text: "Logo alt Text",
315
+ target_url: "<script>remove_me</script>"
316
+ ).where("target_url LIKE '%remove_me%)'")
317
+ ).not_to exist
318
+ end
319
+
320
+ it "does not save linkurl containing dodgy protocol; target_url is empty" do
321
+ val = double(["/public/logo.gif"])
322
+ allow(val).to receive(:file_url).and_return("/public/logo.gif")
323
+ allow(Hyrax::UploadedFile).to receive(:find).with("1").and_return(val)
324
+
325
+ allow(File).to receive(:split).with(any_args).and_return(["logo.gif"])
326
+ allow(FileUtils).to receive(:cp).with(any_args).and_return(nil)
327
+
328
+ put :update, params: { id: collection, logo_files: [1], alttext: ["Logo alt Text"], linkurl: ['javascript:alert("remove_me")'], collection: { creator: ['Emily'] }, update_collection: true }
329
+ collection.reload
330
+ expect(
331
+ CollectionBrandingInfo.where(
332
+ collection_id: collection.id,
333
+ role: "logo",
334
+ alt_text: "Logo alt Text",
335
+ target_url: 'javascript:alert("remove_me")'
336
+ ).where("target_url LIKE '%remove_me%)'")
337
+ ).not_to exist
338
+ end
339
+ end
297
340
  end
298
341
  end
299
342
 
@@ -1,6 +1,6 @@
1
1
  # Hack for https://github.com/rails/rails/issues/35153
2
2
  gsub_file 'Gemfile', /^gem ["']sqlite3["']$/, 'gem "sqlite3", "~> 1.3.0"'
3
- gem 'hyrax', '2.5.0'
3
+ gem 'hyrax', '2.5.1'
4
4
  run 'bundle install'
5
5
  generate 'hyrax:install', '-f'
6
6
  rails_command 'db:migrate'
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: hyrax
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.5.0
4
+ version: 2.5.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Justin Coyne
@@ -14,7 +14,7 @@ authors:
14
14
  autorequire:
15
15
  bindir: bin
16
16
  cert_chain: []
17
- date: 2019-03-18 00:00:00.000000000 Z
17
+ date: 2019-05-29 00:00:00.000000000 Z
18
18
  dependencies:
19
19
  - !ruby/object:Gem::Dependency
20
20
  name: rails
@@ -1100,7 +1100,6 @@ files:
1100
1100
  - ".rubocop.yml"
1101
1101
  - ".rubocop_fixme.yml"
1102
1102
  - ".scss-lint.yml"
1103
- - ".travis.yml"
1104
1103
  - CODE_OF_CONDUCT.md
1105
1104
  - Gemfile
1106
1105
  - LICENSE
@@ -3079,8 +3078,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
3079
3078
  - !ruby/object:Gem::Version
3080
3079
  version: '0'
3081
3080
  requirements: []
3082
- rubyforge_project:
3083
- rubygems_version: 2.7.9
3081
+ rubygems_version: 3.0.3
3084
3082
  signing_key:
3085
3083
  specification_version: 4
3086
3084
  summary: Hyrax is a front-end based on the robust Samvera framework, providing a user
@@ -1,36 +0,0 @@
1
- language: ruby
2
- sudo: required
3
- dist: trusty
4
-
5
- addons:
6
- apt:
7
- packages:
8
- - chromium-chromedriver
9
- cache:
10
- bundler: true
11
-
12
- before_install:
13
- - gem update --system
14
- - gem install bundler
15
- - google-chrome-stable --headless --disable-gpu --no-sandbox --remote-debugging-port=9222 http://localhost &
16
-
17
- rvm:
18
- - 2.5.0
19
-
20
- env:
21
- global:
22
- - NOKOGIRI_USE_SYSTEM_LIBRARIES=true
23
- - ENGINE_CART_RAILS_OPTIONS='--skip-git --skip-bundle --skip-listen --skip-spring --skip-yarn --skip-keeps --skip-action-cable --skip-coffee --skip-puma --skip-test'
24
- # Travis should check every minor version in a range of supported versions, because
25
- # rails does not follow sem-ver conventions, see http://guides.rubyonrails.org/maintenance_policy.html
26
- # It should be sufficient to test only the latest of the patch versions for a minor version, they
27
- # should be compatible across patch versions (only bug fixes are released in patch versions).
28
- matrix:
29
- - "RAILS_VERSION=5.1.4"
30
- - "RAILS_VERSION=5.0.6"
31
-
32
- services:
33
- - redis-server
34
- before_script:
35
- - jdk_switcher use oraclejdk8
36
- - ln -s /usr/lib/chromium-browser/chromedriver ~/bin/chromedriver