logster 1.2.3 → 1.2.4

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 484c833daa418abec6e50539b82a84bb07baf6d2
4
- data.tar.gz: 28f4b8bdf0231275c386e618cabb1741e03ddf5e
3
+ metadata.gz: cde590d40ec69bd78ed30ec141998e179cb20f57
4
+ data.tar.gz: 4d406e47cd13499229013d52fb02d1712e52987d
5
5
  SHA512:
6
- metadata.gz: 2c1263387bcb227863dbc9a5fb9e0c8bf1beb07eeff85a70c08acdcf753bccfab6f33b17d61c948a6454c0f4921bafeef0750f127503bc86a734c366c684f2fc
7
- data.tar.gz: 9c7fbb351f43a819138258c958c1850ff95a7f4ffb7c86c62c517dcd0990fd95efba3d0d98245b76a27b8bd1eea7f437920c8061f475d126646d5fb7a8ceba9e
6
+ metadata.gz: e906d4e91d9b59cb31d4809530f06f8ca5d1bb60de701363858c3be4e0899dc1d658edbe1b6096c828338a9b8207cc085b0b9d84c13f974f8906fb3c7712025d
7
+ data.tar.gz: ba7008cc65b0dcd406b167370ae9aa8cdefec0b742f84c32c87cf0d4fa47b60f3af997074c11674fabb21ecd908c3ef641a914718edd795e1385f3191a5aca8e
data/README.md CHANGED
@@ -54,7 +54,7 @@ end
54
54
 
55
55
  ### Note
56
56
  If you are seeing the error `No such middleware to insert before: ActionDispatch::DebugExceptions` after installing logster,
57
- then you are using a conflicting gem like `better_errors`.
57
+ then you are using a conflicting gem like `better_errors` or `web-console`.
58
58
 
59
59
  To avoid this error, make sure logster is added behind those conflicting gems in your Gemfile.
60
60
 
@@ -96,7 +96,10 @@ Logster UI is built using [Ember.js](http://emberjs.com/)
96
96
  5. Create a new Pull Request
97
97
 
98
98
  # CHANGELOG
99
- - 2016-05-05: Version 1.2.3h
99
+ - 2016-05-05: Version 1.2.4
100
+ - Fix: XSS in log message show if attacker can inject script into ENV
101
+
102
+ - 2016-05-05: Version 1.2.3
100
103
  - Fix: clear_all now also clears rate limits
101
104
  - Fix: protect against corrupt data in redis during clear
102
105
 
@@ -93,7 +93,7 @@ function buildHashString(hash, recurse) {
93
93
  } else if (typeof v === "object") {
94
94
  hashes.push(k);
95
95
  } else {
96
- buffer.push("<tr><td>" + k + "</td><td>" + v + "</td></tr>");
96
+ buffer.push("<tr><td>" + escapeHtml(k) + "</td><td>" + escapeHtml(v) + "</td></tr>");
97
97
  }
98
98
  });
99
99
 
@@ -101,7 +101,7 @@ function buildHashString(hash, recurse) {
101
101
  _.each(hashes, function(k1) {
102
102
  var v = hash[k1];
103
103
  buffer.push("<tr><td></td><td><table>");
104
- buffer.push("<td>" + k1 + "</td><td>" + buildHashString(v, true) + "</td>");
104
+ buffer.push("<td>" + escapeHtml(k1) + "</td><td>" + buildHashString(v, true) + "</td>");
105
105
  buffer.push("</table></td></tr>");
106
106
  });
107
107
  }
@@ -226,7 +226,7 @@ JS
226
226
  <script>
227
227
  window.Logger = {
228
228
  rootPath: "#{@logs_path}",
229
- preload: #{JSON.fast_generate(preload)}
229
+ preload: #{JSON.fast_generate(preload).gsub("</", "<\\/")}
230
230
  };
231
231
  </script>
232
232
  </head>
@@ -1,3 +1,3 @@
1
1
  module Logster
2
- VERSION = "1.2.3"
2
+ VERSION = "1.2.4"
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: logster
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.2.3
4
+ version: 1.2.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - UI for viewing logs in Rack
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2016-05-05 00:00:00.000000000 Z
11
+ date: 2016-06-20 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler