immunio 1.0.2 → 1.0.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/immunio/plugins/action_view.rb +32 -16
- data/lib/immunio/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 32e3badd0b140fd2fe05d77ecc5c64ab1f5ca5e0
|
|
4
|
+
data.tar.gz: 8b66b7f499e9106c8b94fe9e0dbdab2433fe9a7c
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: ed9e737272bbe584ab6435958543a2fff0f854a3c635857eab74d8cf3e9800a4250dba38773fa16e76835451607b20717332b8c92d6fed9ef376ab62bbf147ed
|
|
7
|
+
data.tar.gz: 73e02e430bc5047e830807887ec4959ac030ace837e8af3ed31ea482fae5709703801dc37c6a784766051649a7a32f2ec3b609be9e4d31b777cce7a1a788c191
|
|
@@ -4,6 +4,20 @@ require 'securerandom'
|
|
|
4
4
|
module Immunio
|
|
5
5
|
# Renders templates by filtering them through Immunio's hook handlers.
|
|
6
6
|
class Template
|
|
7
|
+
CHECKSUM_CACHE = Hash.new do |cache, template_id|
|
|
8
|
+
template = ObjectSpace._id2ref(template_id)
|
|
9
|
+
|
|
10
|
+
if template.respond_to?(:source) && !template.source.nil?
|
|
11
|
+
finalizer = Immunio::Template.finalize_template(template_id)
|
|
12
|
+
ObjectSpace.define_finalizer(template, finalizer)
|
|
13
|
+
cache[template_id] = Digest::SHA1.hexdigest(template.source).freeze
|
|
14
|
+
end
|
|
15
|
+
end
|
|
16
|
+
|
|
17
|
+
def self.finalize_template(id)
|
|
18
|
+
proc { CHECKSUM_CACHE.delete(id) if CHECKSUM_CACHE.has_key?(id) }
|
|
19
|
+
end
|
|
20
|
+
|
|
7
21
|
attr_accessor :vars
|
|
8
22
|
|
|
9
23
|
def initialize(template)
|
|
@@ -52,10 +66,7 @@ module Immunio
|
|
|
52
66
|
end
|
|
53
67
|
|
|
54
68
|
def template_sha
|
|
55
|
-
|
|
56
|
-
@template_sha ||= begin
|
|
57
|
-
Digest::SHA1.hexdigest(@template.source) if has_source?
|
|
58
|
-
end
|
|
69
|
+
CHECKSUM_CACHE[@template.object_id]
|
|
59
70
|
end
|
|
60
71
|
|
|
61
72
|
def compiled?
|
|
@@ -82,7 +93,7 @@ module Immunio
|
|
|
82
93
|
@nonce ||= SecureRandom.hex(2)
|
|
83
94
|
end
|
|
84
95
|
|
|
85
|
-
def mark_var(content, code, template_id, file, line, escape)
|
|
96
|
+
def self.mark_var(content, code, template_id, template_sha, file, line, escape, is_text, handler)
|
|
86
97
|
id = Template.next_var_id
|
|
87
98
|
nonce = Template.get_nonce
|
|
88
99
|
|
|
@@ -91,7 +102,7 @@ module Immunio
|
|
|
91
102
|
# escaping if content is not itself a SafeBuffer.
|
|
92
103
|
# Otherwise we explicitly convert to a string, and convert that to a SafeBuffer to ensure that
|
|
93
104
|
# for instance no escaping is performed on the contents of a <%== %> Erubis interpolation.
|
|
94
|
-
rendering = if escape && !is_text
|
|
105
|
+
rendering = if escape && !is_text
|
|
95
106
|
|
|
96
107
|
# explicitly convert (w/ escapes) and mark safe things that aren't String (SafeBuffer is_a String also)
|
|
97
108
|
# `to_s` is used to render any object passed to a template.
|
|
@@ -129,7 +140,7 @@ module Immunio
|
|
|
129
140
|
template_sha: template_sha,
|
|
130
141
|
template_id: template_id.to_s,
|
|
131
142
|
nonce: nonce,
|
|
132
|
-
code: wrap_code(code, escape: escape),
|
|
143
|
+
code: wrap_code(code, handler, escape: escape),
|
|
133
144
|
file: file,
|
|
134
145
|
line: line
|
|
135
146
|
}
|
|
@@ -196,13 +207,21 @@ module Immunio
|
|
|
196
207
|
template = Template.current
|
|
197
208
|
if template
|
|
198
209
|
template_id = template.next_template_id
|
|
199
|
-
|
|
210
|
+
|
|
211
|
+
handler = template.instance_variable_get(:@template).handler
|
|
212
|
+
handler_name = if handler.is_a? Class
|
|
213
|
+
handler.name
|
|
214
|
+
else
|
|
215
|
+
handler.class.name
|
|
216
|
+
end
|
|
217
|
+
|
|
218
|
+
"(__immunio_result = (#{code}); Immunio::Template.render_var(#{code.strip.inspect}, __immunio_result, #{template_id}, '#{template.template_sha}', __FILE__, __LINE__, #{escape}, #{template.is_text?}, '#{handler_name}'))"
|
|
200
219
|
else
|
|
201
220
|
code
|
|
202
221
|
end
|
|
203
222
|
end
|
|
204
223
|
|
|
205
|
-
def self.render_var(code, rendered, template_id, file, line, escape)
|
|
224
|
+
def self.render_var(code, rendered, template_id, template_sha, file, line, escape, is_text, handler)
|
|
206
225
|
if rendered.instance_variable_get("@__immunio_processed") then
|
|
207
226
|
# Ignore buffers marked as __immunio_processed in render as these are full templates or partials
|
|
208
227
|
return rendered
|
|
@@ -210,10 +229,7 @@ module Immunio
|
|
|
210
229
|
# Ignore yielded blocks inside layouts
|
|
211
230
|
return rendered
|
|
212
231
|
end
|
|
213
|
-
|
|
214
|
-
if template
|
|
215
|
-
rendered = template.mark_var rendered, code, template_id, file, line, escape
|
|
216
|
-
end
|
|
232
|
+
rendered = mark_var rendered, code, template_id, template_sha, file, line, escape, is_text, handler
|
|
217
233
|
rendered.html_safe
|
|
218
234
|
end
|
|
219
235
|
|
|
@@ -244,12 +260,12 @@ module Immunio
|
|
|
244
260
|
Thread.current["immunio.rendering_stack"] ||= []
|
|
245
261
|
end
|
|
246
262
|
|
|
247
|
-
def wrap_code(code, options = {})
|
|
263
|
+
def self.wrap_code(code, handler, options = {})
|
|
248
264
|
case
|
|
249
|
-
when
|
|
265
|
+
when handler == 'ActionView::Template::Handlers::ERB'
|
|
250
266
|
modifier = options[:escape] ? '=' : '=='
|
|
251
267
|
"<%#{modifier} #{code} %>"
|
|
252
|
-
when
|
|
268
|
+
when handler == 'Haml::Plugin'
|
|
253
269
|
modifier = options[:escape] ? '=' : '!='
|
|
254
270
|
"#{modifier} #{code}"
|
|
255
271
|
end
|
data/lib/immunio/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: immunio
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.0.
|
|
4
|
+
version: 1.0.3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Immunio
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2015-10-
|
|
11
|
+
date: 2015-10-22 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rails
|