liquid 2.6.0 → 2.6.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -13
- data/History.md +7 -1
- data/lib/liquid/tags/if.rb +3 -3
- data/lib/liquid/version.rb +1 -1
- data/test/liquid/tags/if_else_tag_test.rb +6 -0
- metadata +5 -6
checksums.yaml
CHANGED
|
@@ -1,15 +1,7 @@
|
|
|
1
1
|
---
|
|
2
|
-
|
|
3
|
-
metadata.gz:
|
|
4
|
-
|
|
5
|
-
data.tar.gz: !binary |-
|
|
6
|
-
MDIwN2E3NDNlOGYxMGMwZjMyNGJjZmJmNzVjM2JmZWFmMjgxODBhOA==
|
|
2
|
+
SHA1:
|
|
3
|
+
metadata.gz: b0e31111a331f2a07fcb229b706bbb9b5e719b29
|
|
4
|
+
data.tar.gz: f1c6fbf31aec9e38ba89d022efe99fd5046f8794
|
|
7
5
|
SHA512:
|
|
8
|
-
metadata.gz:
|
|
9
|
-
|
|
10
|
-
Yzg3YWJjM2MxNGZjOGJlMGM0NjU1Y2FiYzgwODIxZmZmNDg5YTNlMDQzMGZm
|
|
11
|
-
ODQwYmU3MTI0YzMxMDExNDA1NTM3ZDZiZDZmNWIwNTljYjI0MGI=
|
|
12
|
-
data.tar.gz: !binary |-
|
|
13
|
-
M2I1ODYyZTI2MDVjZDBkMmU4NzkxY2I5NDk0YWEzOGU3YTA2YzljODA5NzI5
|
|
14
|
-
ZDAzNjIwMTE3YTA4YjNjOTBlNzNhM2FjMWY4YWE3YmRiMTVkNWE3ZTQwN2Rk
|
|
15
|
-
ZmE0NTM2ZjNjZTZhZDc1OTZmYmQ1ODdhODE5YjE4YjlhNzI2OGI=
|
|
6
|
+
metadata.gz: a05f58776ef9c97c252192f092b5d7a4b945afa7d67d95668af0a019952dce717b1346a7bb8967d22e3272c9fc458cadf377a35aef9a10de5309df16190b12a1
|
|
7
|
+
data.tar.gz: 80ca90e27ae95d04efbee61dadd4ca3316e3593dab28a68350fb1d595813d38b27b52aecadd05394ad8973a392431fe7246b0fb3751dba6f40ad54bf982e1b67
|
data/History.md
CHANGED
|
@@ -3,7 +3,13 @@
|
|
|
3
3
|
IMPORTANT: Liquid 2.6 is going to be the last version of Liquid which maintains explicit Ruby 1.8 compatability.
|
|
4
4
|
The following releases will only be tested against Ruby 1.9 and Ruby 2.0 and are likely to break on Ruby 1.8.
|
|
5
5
|
|
|
6
|
-
## 2.6.
|
|
6
|
+
## 2.6.1 / 2014-01-10 / branch "2-6-stable"
|
|
7
|
+
|
|
8
|
+
Security fix, cherry-picked from master (4e14a65):
|
|
9
|
+
* Don't call to_sym when creating conditions for security reasons, see #273 [Bouke van der Bijl, bouk]
|
|
10
|
+
* Prevent arbitrary method invocation on condition objects, see #274 [Dylan Thacker-Smith, dylanahsmith]
|
|
11
|
+
|
|
12
|
+
## 2.6.0 / 2013-11-25
|
|
7
13
|
|
|
8
14
|
* ...
|
|
9
15
|
* Bugfix for #106: fix example servlet [gnowoel]
|
data/lib/liquid/tags/if.rb
CHANGED
|
@@ -15,6 +15,7 @@ module Liquid
|
|
|
15
15
|
SyntaxHelp = "Syntax Error in tag 'if' - Valid syntax: if [expression]"
|
|
16
16
|
Syntax = /(#{QuotedFragment})\s*([=!<>a-z_]+)?\s*(#{QuotedFragment})?/o
|
|
17
17
|
ExpressionsAndOperators = /(?:\b(?:\s?and\s?|\s?or\s?)\b|(?:\s*(?!\b(?:\s?and\s?|\s?or\s?)\b)(?:#{QuotedFragment}|\S+)\s*)+)/o
|
|
18
|
+
BOOLEAN_OPERATORS = %w(and or)
|
|
18
19
|
|
|
19
20
|
def initialize(tag_name, markup, tokens)
|
|
20
21
|
@blocks = []
|
|
@@ -61,7 +62,8 @@ module Liquid
|
|
|
61
62
|
raise(SyntaxError, SyntaxHelp) unless expressions.shift.to_s =~ Syntax
|
|
62
63
|
|
|
63
64
|
new_condition = Condition.new($1, $2, $3)
|
|
64
|
-
|
|
65
|
+
raise SyntaxError, "invalid boolean operator" unless BOOLEAN_OPERATORS.include?(operator)
|
|
66
|
+
new_condition.send(operator, condition)
|
|
65
67
|
condition = new_condition
|
|
66
68
|
end
|
|
67
69
|
|
|
@@ -71,8 +73,6 @@ module Liquid
|
|
|
71
73
|
@blocks.push(block)
|
|
72
74
|
@nodelist = block.attach(Array.new)
|
|
73
75
|
end
|
|
74
|
-
|
|
75
|
-
|
|
76
76
|
end
|
|
77
77
|
|
|
78
78
|
Template.register_tag('if', If)
|
data/lib/liquid/version.rb
CHANGED
|
@@ -157,4 +157,10 @@ class IfElseTagTest < Test::Unit::TestCase
|
|
|
157
157
|
assert_template_result('yes',
|
|
158
158
|
%({% if 'gnomeslab-and-or-liquid' contains 'gnomeslab-and-or-liquid' %}yes{% endif %}))
|
|
159
159
|
end
|
|
160
|
+
|
|
161
|
+
def test_operators_are_whitelisted
|
|
162
|
+
assert_raise(SyntaxError) do
|
|
163
|
+
assert_template_result('', %({% if 1 or throw or or 1 %}yes{% endif %}))
|
|
164
|
+
end
|
|
165
|
+
end
|
|
160
166
|
end # IfElseTest
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: liquid
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.6.
|
|
4
|
+
version: 2.6.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Tobias Luetke
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2014-01-10 00:00:00.000000000 Z
|
|
12
12
|
dependencies: []
|
|
13
13
|
description:
|
|
14
14
|
email:
|
|
@@ -97,17 +97,17 @@ require_paths:
|
|
|
97
97
|
- lib
|
|
98
98
|
required_ruby_version: !ruby/object:Gem::Requirement
|
|
99
99
|
requirements:
|
|
100
|
-
- -
|
|
100
|
+
- - '>='
|
|
101
101
|
- !ruby/object:Gem::Version
|
|
102
102
|
version: '0'
|
|
103
103
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
104
104
|
requirements:
|
|
105
|
-
- -
|
|
105
|
+
- - '>='
|
|
106
106
|
- !ruby/object:Gem::Version
|
|
107
107
|
version: 1.3.7
|
|
108
108
|
requirements: []
|
|
109
109
|
rubyforge_project:
|
|
110
|
-
rubygems_version: 2.
|
|
110
|
+
rubygems_version: 2.0.3
|
|
111
111
|
signing_key:
|
|
112
112
|
specification_version: 4
|
|
113
113
|
summary: A secure, non-evaling end user template engine with aesthetic markup.
|
|
@@ -143,4 +143,3 @@ test_files:
|
|
|
143
143
|
- test/liquid/template_test.rb
|
|
144
144
|
- test/liquid/variable_test.rb
|
|
145
145
|
- test/test_helper.rb
|
|
146
|
-
has_rdoc:
|