liquid 2.5.4 → 2.5.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -13
- data/History.md +7 -1
- data/lib/liquid/tags/if.rb +3 -3
- data/test/liquid/tags/if_else_tag_test.rb +6 -0
- metadata +5 -5
checksums.yaml
CHANGED
|
@@ -1,15 +1,7 @@
|
|
|
1
1
|
---
|
|
2
|
-
|
|
3
|
-
metadata.gz:
|
|
4
|
-
|
|
5
|
-
data.tar.gz: !binary |-
|
|
6
|
-
MDY1NTZhOTA3OTA2MDI1ODNkZGIwYzQxZWQ1M2M3ZmE1NmIzNmM5YQ==
|
|
2
|
+
SHA1:
|
|
3
|
+
metadata.gz: 187e926592d08a1fdfe6c92a4438d2a28e3bef15
|
|
4
|
+
data.tar.gz: da01b50919773dac4c35363aecc4d10c991c4ed7
|
|
7
5
|
SHA512:
|
|
8
|
-
metadata.gz:
|
|
9
|
-
|
|
10
|
-
ZmQzNTAwMzMwYTgyODIyMjc2ZWRkMTg2ZmE5MjJjM2NkNDRkNGExNzU1ZjZk
|
|
11
|
-
NDQ4NDJjMTU0MWE5OTUwNWMwYzZjYmQyNDMzNmNkZjFmMDgzZjM=
|
|
12
|
-
data.tar.gz: !binary |-
|
|
13
|
-
MzYzOWExZmQ5ODI2M2IwYmI4NzIwMDc0ZWU3ZjNmN2E4NThlYjczOTNkMGJi
|
|
14
|
-
YzRiODRiNWI4ZDFkZGZlYzUwYzNhMzE4MmZmY2M3ODQ0N2M2OTQ0NDA0MGYw
|
|
15
|
-
MjVjZmEzYzAzMTc2N2JiNTAyOWIxMjViYWEyNjhjMzI4ZDFjMjY=
|
|
6
|
+
metadata.gz: 0f676eb449b0af41596e80b8f9bbdc76ae101339a2a4cf97d65b1a75a1d9a1bd3ccdeb9787d53f61080d5f7c1c9456e3cec550e5c0d8f4f848d9c27acd7e5d37
|
|
7
|
+
data.tar.gz: c2c869dfd70ef5ecafb1c2095cc513e7b38d1a023bca6fb6ebfebee1374e07c6a3043f52396a55601c60dd71abe90ca6f71c0ff112d250285aaf70d9fe738023
|
data/History.md
CHANGED
|
@@ -1,6 +1,12 @@
|
|
|
1
1
|
# Liquid Version History
|
|
2
2
|
|
|
3
|
-
## 2.5.
|
|
3
|
+
## 2.5.5 / 2014-01-10 / branch "2-5-stable"
|
|
4
|
+
|
|
5
|
+
Security fix, cherry-picked from master (4e14a65):
|
|
6
|
+
* Don't call to_sym when creating conditions for security reasons, see #273 [Bouke van der Bijl, bouk]
|
|
7
|
+
* Prevent arbitrary method invocation on condition objects, see #274 [Dylan Thacker-Smith, dylanahsmith]
|
|
8
|
+
|
|
9
|
+
## 2.5.4 / 2013-11-11
|
|
4
10
|
|
|
5
11
|
* Fix "can't convert Fixnum into String" for "replace", see #173, [wǒ_is神仙, jsw0528]
|
|
6
12
|
|
data/lib/liquid/tags/if.rb
CHANGED
|
@@ -15,6 +15,7 @@ module Liquid
|
|
|
15
15
|
SyntaxHelp = "Syntax Error in tag 'if' - Valid syntax: if [expression]"
|
|
16
16
|
Syntax = /(#{QuotedFragment})\s*([=!<>a-z_]+)?\s*(#{QuotedFragment})?/o
|
|
17
17
|
ExpressionsAndOperators = /(?:\b(?:\s?and\s?|\s?or\s?)\b|(?:\s*(?!\b(?:\s?and\s?|\s?or\s?)\b)(?:#{QuotedFragment}|\S+)\s*)+)/o
|
|
18
|
+
BOOLEAN_OPERATORS = %w(and or)
|
|
18
19
|
|
|
19
20
|
def initialize(tag_name, markup, tokens)
|
|
20
21
|
@blocks = []
|
|
@@ -61,7 +62,8 @@ module Liquid
|
|
|
61
62
|
raise(SyntaxError, SyntaxHelp) unless expressions.shift.to_s =~ Syntax
|
|
62
63
|
|
|
63
64
|
new_condition = Condition.new($1, $2, $3)
|
|
64
|
-
|
|
65
|
+
raise SyntaxError, "invalid boolean operator" unless BOOLEAN_OPERATORS.include?(operator)
|
|
66
|
+
new_condition.send(operator, condition)
|
|
65
67
|
condition = new_condition
|
|
66
68
|
end
|
|
67
69
|
|
|
@@ -71,8 +73,6 @@ module Liquid
|
|
|
71
73
|
@blocks.push(block)
|
|
72
74
|
@nodelist = block.attach(Array.new)
|
|
73
75
|
end
|
|
74
|
-
|
|
75
|
-
|
|
76
76
|
end
|
|
77
77
|
|
|
78
78
|
Template.register_tag('if', If)
|
|
@@ -157,4 +157,10 @@ class IfElseTagTest < Test::Unit::TestCase
|
|
|
157
157
|
assert_template_result('yes',
|
|
158
158
|
%({% if 'gnomeslab-and-or-liquid' contains 'gnomeslab-and-or-liquid' %}yes{% endif %}))
|
|
159
159
|
end
|
|
160
|
+
|
|
161
|
+
def test_operators_are_whitelisted
|
|
162
|
+
assert_raise(SyntaxError) do
|
|
163
|
+
assert_template_result('', %({% if 1 or throw or or 1 %}yes{% endif %}))
|
|
164
|
+
end
|
|
165
|
+
end
|
|
160
166
|
end # IfElseTest
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: liquid
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.5.
|
|
4
|
+
version: 2.5.5
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Tobias Luetke
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2014-01-10 00:00:00.000000000 Z
|
|
12
12
|
dependencies: []
|
|
13
13
|
description:
|
|
14
14
|
email:
|
|
@@ -95,17 +95,17 @@ require_paths:
|
|
|
95
95
|
- lib
|
|
96
96
|
required_ruby_version: !ruby/object:Gem::Requirement
|
|
97
97
|
requirements:
|
|
98
|
-
- -
|
|
98
|
+
- - '>='
|
|
99
99
|
- !ruby/object:Gem::Version
|
|
100
100
|
version: '0'
|
|
101
101
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
102
102
|
requirements:
|
|
103
|
-
- -
|
|
103
|
+
- - '>='
|
|
104
104
|
- !ruby/object:Gem::Version
|
|
105
105
|
version: 1.3.7
|
|
106
106
|
requirements: []
|
|
107
107
|
rubyforge_project:
|
|
108
|
-
rubygems_version: 2.
|
|
108
|
+
rubygems_version: 2.0.3
|
|
109
109
|
signing_key:
|
|
110
110
|
specification_version: 4
|
|
111
111
|
summary: A secure, non-evaling end user template engine with aesthetic markup.
|