liquid 2.6.0 → 2.6.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -13
- data/History.md +7 -1
- data/lib/liquid/tags/if.rb +3 -3
- data/lib/liquid/version.rb +1 -1
- data/test/liquid/tags/if_else_tag_test.rb +6 -0
- metadata +5 -6
checksums.yaml
CHANGED
|
@@ -1,15 +1,7 @@
|
|
|
1
1
|
---
|
|
2
|
-
|
|
3
|
-
metadata.gz:
|
|
4
|
-
|
|
5
|
-
data.tar.gz: !binary |-
|
|
6
|
-
MDIwN2E3NDNlOGYxMGMwZjMyNGJjZmJmNzVjM2JmZWFmMjgxODBhOA==
|
|
2
|
+
SHA1:
|
|
3
|
+
metadata.gz: b0e31111a331f2a07fcb229b706bbb9b5e719b29
|
|
4
|
+
data.tar.gz: f1c6fbf31aec9e38ba89d022efe99fd5046f8794
|
|
7
5
|
SHA512:
|
|
8
|
-
metadata.gz:
|
|
9
|
-
|
|
10
|
-
Yzg3YWJjM2MxNGZjOGJlMGM0NjU1Y2FiYzgwODIxZmZmNDg5YTNlMDQzMGZm
|
|
11
|
-
ODQwYmU3MTI0YzMxMDExNDA1NTM3ZDZiZDZmNWIwNTljYjI0MGI=
|
|
12
|
-
data.tar.gz: !binary |-
|
|
13
|
-
M2I1ODYyZTI2MDVjZDBkMmU4NzkxY2I5NDk0YWEzOGU3YTA2YzljODA5NzI5
|
|
14
|
-
ZDAzNjIwMTE3YTA4YjNjOTBlNzNhM2FjMWY4YWE3YmRiMTVkNWE3ZTQwN2Rk
|
|
15
|
-
ZmE0NTM2ZjNjZTZhZDc1OTZmYmQ1ODdhODE5YjE4YjlhNzI2OGI=
|
|
6
|
+
metadata.gz: a05f58776ef9c97c252192f092b5d7a4b945afa7d67d95668af0a019952dce717b1346a7bb8967d22e3272c9fc458cadf377a35aef9a10de5309df16190b12a1
|
|
7
|
+
data.tar.gz: 80ca90e27ae95d04efbee61dadd4ca3316e3593dab28a68350fb1d595813d38b27b52aecadd05394ad8973a392431fe7246b0fb3751dba6f40ad54bf982e1b67
|
data/History.md
CHANGED
|
@@ -3,7 +3,13 @@
|
|
|
3
3
|
IMPORTANT: Liquid 2.6 is going to be the last version of Liquid which maintains explicit Ruby 1.8 compatability.
|
|
4
4
|
The following releases will only be tested against Ruby 1.9 and Ruby 2.0 and are likely to break on Ruby 1.8.
|
|
5
5
|
|
|
6
|
-
## 2.6.
|
|
6
|
+
## 2.6.1 / 2014-01-10 / branch "2-6-stable"
|
|
7
|
+
|
|
8
|
+
Security fix, cherry-picked from master (4e14a65):
|
|
9
|
+
* Don't call to_sym when creating conditions for security reasons, see #273 [Bouke van der Bijl, bouk]
|
|
10
|
+
* Prevent arbitrary method invocation on condition objects, see #274 [Dylan Thacker-Smith, dylanahsmith]
|
|
11
|
+
|
|
12
|
+
## 2.6.0 / 2013-11-25
|
|
7
13
|
|
|
8
14
|
* ...
|
|
9
15
|
* Bugfix for #106: fix example servlet [gnowoel]
|
data/lib/liquid/tags/if.rb
CHANGED
|
@@ -15,6 +15,7 @@ module Liquid
|
|
|
15
15
|
SyntaxHelp = "Syntax Error in tag 'if' - Valid syntax: if [expression]"
|
|
16
16
|
Syntax = /(#{QuotedFragment})\s*([=!<>a-z_]+)?\s*(#{QuotedFragment})?/o
|
|
17
17
|
ExpressionsAndOperators = /(?:\b(?:\s?and\s?|\s?or\s?)\b|(?:\s*(?!\b(?:\s?and\s?|\s?or\s?)\b)(?:#{QuotedFragment}|\S+)\s*)+)/o
|
|
18
|
+
BOOLEAN_OPERATORS = %w(and or)
|
|
18
19
|
|
|
19
20
|
def initialize(tag_name, markup, tokens)
|
|
20
21
|
@blocks = []
|
|
@@ -61,7 +62,8 @@ module Liquid
|
|
|
61
62
|
raise(SyntaxError, SyntaxHelp) unless expressions.shift.to_s =~ Syntax
|
|
62
63
|
|
|
63
64
|
new_condition = Condition.new($1, $2, $3)
|
|
64
|
-
|
|
65
|
+
raise SyntaxError, "invalid boolean operator" unless BOOLEAN_OPERATORS.include?(operator)
|
|
66
|
+
new_condition.send(operator, condition)
|
|
65
67
|
condition = new_condition
|
|
66
68
|
end
|
|
67
69
|
|
|
@@ -71,8 +73,6 @@ module Liquid
|
|
|
71
73
|
@blocks.push(block)
|
|
72
74
|
@nodelist = block.attach(Array.new)
|
|
73
75
|
end
|
|
74
|
-
|
|
75
|
-
|
|
76
76
|
end
|
|
77
77
|
|
|
78
78
|
Template.register_tag('if', If)
|
data/lib/liquid/version.rb
CHANGED
|
@@ -157,4 +157,10 @@ class IfElseTagTest < Test::Unit::TestCase
|
|
|
157
157
|
assert_template_result('yes',
|
|
158
158
|
%({% if 'gnomeslab-and-or-liquid' contains 'gnomeslab-and-or-liquid' %}yes{% endif %}))
|
|
159
159
|
end
|
|
160
|
+
|
|
161
|
+
def test_operators_are_whitelisted
|
|
162
|
+
assert_raise(SyntaxError) do
|
|
163
|
+
assert_template_result('', %({% if 1 or throw or or 1 %}yes{% endif %}))
|
|
164
|
+
end
|
|
165
|
+
end
|
|
160
166
|
end # IfElseTest
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: liquid
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.6.
|
|
4
|
+
version: 2.6.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Tobias Luetke
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2014-01-10 00:00:00.000000000 Z
|
|
12
12
|
dependencies: []
|
|
13
13
|
description:
|
|
14
14
|
email:
|
|
@@ -97,17 +97,17 @@ require_paths:
|
|
|
97
97
|
- lib
|
|
98
98
|
required_ruby_version: !ruby/object:Gem::Requirement
|
|
99
99
|
requirements:
|
|
100
|
-
- -
|
|
100
|
+
- - '>='
|
|
101
101
|
- !ruby/object:Gem::Version
|
|
102
102
|
version: '0'
|
|
103
103
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
104
104
|
requirements:
|
|
105
|
-
- -
|
|
105
|
+
- - '>='
|
|
106
106
|
- !ruby/object:Gem::Version
|
|
107
107
|
version: 1.3.7
|
|
108
108
|
requirements: []
|
|
109
109
|
rubyforge_project:
|
|
110
|
-
rubygems_version: 2.
|
|
110
|
+
rubygems_version: 2.0.3
|
|
111
111
|
signing_key:
|
|
112
112
|
specification_version: 4
|
|
113
113
|
summary: A secure, non-evaling end user template engine with aesthetic markup.
|
|
@@ -143,4 +143,3 @@ test_files:
|
|
|
143
143
|
- test/liquid/template_test.rb
|
|
144
144
|
- test/liquid/variable_test.rb
|
|
145
145
|
- test/test_helper.rb
|
|
146
|
-
has_rdoc:
|