liquid 2.5.4 → 2.5.5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -13
- data/History.md +7 -1
- data/lib/liquid/tags/if.rb +3 -3
- data/test/liquid/tags/if_else_tag_test.rb +6 -0
- metadata +5 -5
checksums.yaml
CHANGED
@@ -1,15 +1,7 @@
|
|
1
1
|
---
|
2
|
-
|
3
|
-
metadata.gz:
|
4
|
-
|
5
|
-
data.tar.gz: !binary |-
|
6
|
-
MDY1NTZhOTA3OTA2MDI1ODNkZGIwYzQxZWQ1M2M3ZmE1NmIzNmM5YQ==
|
2
|
+
SHA1:
|
3
|
+
metadata.gz: 187e926592d08a1fdfe6c92a4438d2a28e3bef15
|
4
|
+
data.tar.gz: da01b50919773dac4c35363aecc4d10c991c4ed7
|
7
5
|
SHA512:
|
8
|
-
metadata.gz:
|
9
|
-
|
10
|
-
ZmQzNTAwMzMwYTgyODIyMjc2ZWRkMTg2ZmE5MjJjM2NkNDRkNGExNzU1ZjZk
|
11
|
-
NDQ4NDJjMTU0MWE5OTUwNWMwYzZjYmQyNDMzNmNkZjFmMDgzZjM=
|
12
|
-
data.tar.gz: !binary |-
|
13
|
-
MzYzOWExZmQ5ODI2M2IwYmI4NzIwMDc0ZWU3ZjNmN2E4NThlYjczOTNkMGJi
|
14
|
-
YzRiODRiNWI4ZDFkZGZlYzUwYzNhMzE4MmZmY2M3ODQ0N2M2OTQ0NDA0MGYw
|
15
|
-
MjVjZmEzYzAzMTc2N2JiNTAyOWIxMjViYWEyNjhjMzI4ZDFjMjY=
|
6
|
+
metadata.gz: 0f676eb449b0af41596e80b8f9bbdc76ae101339a2a4cf97d65b1a75a1d9a1bd3ccdeb9787d53f61080d5f7c1c9456e3cec550e5c0d8f4f848d9c27acd7e5d37
|
7
|
+
data.tar.gz: c2c869dfd70ef5ecafb1c2095cc513e7b38d1a023bca6fb6ebfebee1374e07c6a3043f52396a55601c60dd71abe90ca6f71c0ff112d250285aaf70d9fe738023
|
data/History.md
CHANGED
@@ -1,6 +1,12 @@
|
|
1
1
|
# Liquid Version History
|
2
2
|
|
3
|
-
## 2.5.
|
3
|
+
## 2.5.5 / 2014-01-10 / branch "2-5-stable"
|
4
|
+
|
5
|
+
Security fix, cherry-picked from master (4e14a65):
|
6
|
+
* Don't call to_sym when creating conditions for security reasons, see #273 [Bouke van der Bijl, bouk]
|
7
|
+
* Prevent arbitrary method invocation on condition objects, see #274 [Dylan Thacker-Smith, dylanahsmith]
|
8
|
+
|
9
|
+
## 2.5.4 / 2013-11-11
|
4
10
|
|
5
11
|
* Fix "can't convert Fixnum into String" for "replace", see #173, [wǒ_is神仙, jsw0528]
|
6
12
|
|
data/lib/liquid/tags/if.rb
CHANGED
@@ -15,6 +15,7 @@ module Liquid
|
|
15
15
|
SyntaxHelp = "Syntax Error in tag 'if' - Valid syntax: if [expression]"
|
16
16
|
Syntax = /(#{QuotedFragment})\s*([=!<>a-z_]+)?\s*(#{QuotedFragment})?/o
|
17
17
|
ExpressionsAndOperators = /(?:\b(?:\s?and\s?|\s?or\s?)\b|(?:\s*(?!\b(?:\s?and\s?|\s?or\s?)\b)(?:#{QuotedFragment}|\S+)\s*)+)/o
|
18
|
+
BOOLEAN_OPERATORS = %w(and or)
|
18
19
|
|
19
20
|
def initialize(tag_name, markup, tokens)
|
20
21
|
@blocks = []
|
@@ -61,7 +62,8 @@ module Liquid
|
|
61
62
|
raise(SyntaxError, SyntaxHelp) unless expressions.shift.to_s =~ Syntax
|
62
63
|
|
63
64
|
new_condition = Condition.new($1, $2, $3)
|
64
|
-
|
65
|
+
raise SyntaxError, "invalid boolean operator" unless BOOLEAN_OPERATORS.include?(operator)
|
66
|
+
new_condition.send(operator, condition)
|
65
67
|
condition = new_condition
|
66
68
|
end
|
67
69
|
|
@@ -71,8 +73,6 @@ module Liquid
|
|
71
73
|
@blocks.push(block)
|
72
74
|
@nodelist = block.attach(Array.new)
|
73
75
|
end
|
74
|
-
|
75
|
-
|
76
76
|
end
|
77
77
|
|
78
78
|
Template.register_tag('if', If)
|
@@ -157,4 +157,10 @@ class IfElseTagTest < Test::Unit::TestCase
|
|
157
157
|
assert_template_result('yes',
|
158
158
|
%({% if 'gnomeslab-and-or-liquid' contains 'gnomeslab-and-or-liquid' %}yes{% endif %}))
|
159
159
|
end
|
160
|
+
|
161
|
+
def test_operators_are_whitelisted
|
162
|
+
assert_raise(SyntaxError) do
|
163
|
+
assert_template_result('', %({% if 1 or throw or or 1 %}yes{% endif %}))
|
164
|
+
end
|
165
|
+
end
|
160
166
|
end # IfElseTest
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: liquid
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.5.
|
4
|
+
version: 2.5.5
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Tobias Luetke
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2014-01-10 00:00:00.000000000 Z
|
12
12
|
dependencies: []
|
13
13
|
description:
|
14
14
|
email:
|
@@ -95,17 +95,17 @@ require_paths:
|
|
95
95
|
- lib
|
96
96
|
required_ruby_version: !ruby/object:Gem::Requirement
|
97
97
|
requirements:
|
98
|
-
- -
|
98
|
+
- - '>='
|
99
99
|
- !ruby/object:Gem::Version
|
100
100
|
version: '0'
|
101
101
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
102
102
|
requirements:
|
103
|
-
- -
|
103
|
+
- - '>='
|
104
104
|
- !ruby/object:Gem::Version
|
105
105
|
version: 1.3.7
|
106
106
|
requirements: []
|
107
107
|
rubyforge_project:
|
108
|
-
rubygems_version: 2.
|
108
|
+
rubygems_version: 2.0.3
|
109
109
|
signing_key:
|
110
110
|
specification_version: 4
|
111
111
|
summary: A secure, non-evaling end user template engine with aesthetic markup.
|