metadata_presenter 3.3.3 → 3.3.4

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/app/controllers/metadata_presenter/answers_controller.rb +0 -1
  3. data/app/models/metadata_presenter/page_answers.rb +27 -10
  4. data/lib/metadata_presenter/version.rb +1 -1
  5. data/schemas/validations/validations.json +2 -8
  6. metadata +6 -6
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: cc84786b2ed09dc03a4df7af7d096346b18bce085b4c7e9cf40d15bb0778000a
4
- data.tar.gz: 708f4c349746f9d80dfb405860dc7b37cd6773eef9cc86c931540848b5205b5b
3
+ metadata.gz: b1383e7705f46897aab384b9e5e5f8af3fa252a68292c71e7ab4fb9ba810f003
4
+ data.tar.gz: '08a34570f899f09c6e6390ab54730febc3c19215ce7ff685005ae6fa90028671'
5
5
  SHA512:
6
- metadata.gz: cc8b1eb03836a7a4e649e509e66018e0718ef90cedab16da9e11a9fab7412bc8a6c38f612e9c6c617641bc1a8483ea0dd21c14d53866c2d88449eeb491215cf0
7
- data.tar.gz: 1feebdd5af39db1c9a116e5d6419bef27b6131e234fa1dfb9910952a0927fff6f87d25115c614b5a4e5597def786bdf0471e71097e03fcb6fb4ed677bfb0fa4d
6
+ metadata.gz: 6a9461584ecb5471ef3f4e2dab87f24f10f22b317b0fcdd1f0b4b0126d2b84062f68159df671df6a6a358f99977b3dfd6fa48e1c5b0082028ad5c7834eabfc51
7
+ data.tar.gz: fadb737aaf8eb0a899bb0936268b3bea4187f318160ac99f396b9ce2904ae6b7f127f11e3ca3ffc4af91666db7d914c259497a55d3a2dff3f6eee026cbdff2f9
data/app/controllers/metadata_presenter/answers_controller.rb CHANGED
@@ -133,7 +133,6 @@ module MetadataPresenter
133
133
  end
134
134
 
135
135
  def answers_params
136
- params.permit(:page_slug, :save_for_later)
137
136
  params[:answers] ? params[:answers].permit! : {}
138
137
  end
139
138
 
data/app/models/metadata_presenter/page_answers.rb CHANGED
@@ -44,11 +44,22 @@ module MetadataPresenter
44
44
 
45
45
  return {} unless file_details
46
46
 
47
- if file_details.is_a?(Hash) || file_details.is_a?(ActionController::Parameters)
48
- file_details.merge('original_filename' => sanitize(filename(update_filename(file_details['original_filename']))))
47
+ if file_details.is_a?(ActionController::Parameters)
48
+ unless file_details.permitted?
49
+ Rails.logger.warn("[PageAnswers#upload_answer] Permitting unfiltered params in component `#{component_id}`")
50
+ file_details.permit!
51
+ end
52
+
53
+ file_details.merge(
54
+ 'original_filename' => sanitize_filename(file_details['original_filename'])
55
+ )
56
+ elsif file_details.is_a?(Hash)
57
+ file_details.merge(
58
+ 'original_filename' => sanitize_filename(file_details['original_filename'])
59
+ )
49
60
  else
50
61
  {
51
- 'original_filename' => sanitize(filename(update_filename(file_details.original_filename))),
62
+ 'original_filename' => sanitize_filename(file_details.original_filename),
52
63
  'content_type' => file_details.content_type,
53
64
  'tempfile' => file_details.tempfile.path.to_s
54
65
  }
@@ -83,25 +94,27 @@ module MetadataPresenter
83
94
  return if answers[component_id].blank?
84
95
 
85
96
  if answers[component_id].is_a?(Array)
86
- answers[component_id].each { |answer| answer['original_filename'] = sanitize(filename(update_filename(answer['original_filename']))) }
97
+ answers[component_id].each { |answer| answer['original_filename'] = sanitize_filename(answer['original_filename']) }
87
98
  end
88
99
 
89
100
  answers[component_id] = answers[component_id].reject { |a| a['original_filename'].blank? }
90
101
  return answers
91
102
  end
92
103
 
104
+ return answers if answers.incoming_answer.blank?
105
+
93
106
  # uploading a new answer, this method will be called during multiple render operations
94
- if answers.incoming_answer.present? && answers.incoming_answer.is_a?(ActionController::Parameters)
95
- answers.incoming_answer[component_id].original_filename = sanitize(filename(update_filename(answers.incoming_answer[component_id].original_filename)))
107
+ if answers.incoming_answer.is_a?(ActionController::Parameters)
108
+ answers.incoming_answer[component_id].original_filename = sanitize_filename(answers.incoming_answer[component_id].original_filename)
96
109
  end
97
110
 
98
- if answers.incoming_answer.present? && answers.incoming_answer.is_a?(Hash)
99
- answers.incoming_answer['original_filename'] = sanitize(filename(update_filename(answers.incoming_answer['original_filename'])))
111
+ if answers.incoming_answer.is_a?(Hash)
112
+ answers.incoming_answer['original_filename'] = sanitize_filename(answers.incoming_answer['original_filename'])
100
113
  end
101
114
 
102
- if answers.incoming_answer.present? && answers.incoming_answer[component_id].is_a?(ActionDispatch::Http::UploadedFile)
115
+ if answers.incoming_answer[component_id].is_a?(ActionDispatch::Http::UploadedFile)
103
116
  answers.incoming_answer = {
104
- 'original_filename' => sanitize(filename(update_filename(answers.incoming_answer[component_id].original_filename))),
117
+ 'original_filename' => sanitize_filename(answers.incoming_answer[component_id].original_filename),
105
118
  'content_type' => answers.incoming_answer[component_id].content_type,
106
119
  'tempfile' => answers.incoming_answer[component_id].tempfile.path.to_s,
107
120
  'uuid' => SecureRandom.uuid
@@ -129,6 +142,10 @@ module MetadataPresenter
129
142
 
130
143
  private
131
144
 
145
+ def sanitize_filename(answer)
146
+ sanitize(filename(update_filename(answer)))
147
+ end
148
+
132
149
  def filename(path)
133
150
  return sanitize(path) if path.nil?
134
151
 
data/lib/metadata_presenter/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module MetadataPresenter
2
- VERSION = '3.3.3'.freeze
2
+ VERSION = '3.3.4'.freeze
3
3
  end
data/schemas/validations/validations.json CHANGED
@@ -120,7 +120,7 @@
120
120
  },
121
121
  "max_files": {
122
122
  "title": "Maximum files",
123
- "description": "The maximum number of fiels a user can upload",
123
+ "description": "The maximum number of files a user can upload",
124
124
  "type": "number",
125
125
  "minimum": 0
126
126
  },
@@ -464,9 +464,6 @@
464
464
  },
465
465
  "exclusive_minimum": {
466
466
  "$ref": "#/definitions/exclusive_minimum"
467
- },
468
- "max_files": {
469
- "$ref": "#/definitions/max_files"
470
467
  }
471
468
  }
472
469
  },
@@ -486,9 +483,6 @@
486
483
  },
487
484
  "exclusive_minimum": {
488
485
  "$ref": "#/definitions/errors_exclusive_minimum"
489
- },
490
- "max_files": {
491
- "$ref": "#/definitions/max_files"
492
486
  }
493
487
  }
494
488
  }
@@ -542,7 +536,7 @@
542
536
  "errors": {
543
537
  "properties": {
544
538
  "max_files": {
545
- "$ref": "#/definitions/max_files"
539
+ "$ref": "#/definitions/errors_max_files"
546
540
  }
547
541
  }
548
542
  }
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: metadata_presenter
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.3.3
4
+ version: 3.3.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - MoJ Forms
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-11-22 00:00:00.000000000 Z
11
+ date: 2023-11-29 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: govuk_design_system_formbuilder
@@ -266,16 +266,16 @@ dependencies:
266
266
  name: site_prism
267
267
  requirement: !ruby/object:Gem::Requirement
268
268
  requirements:
269
- - - '='
269
+ - - "<"
270
270
  - !ruby/object:Gem::Version
271
- version: '4.0'
271
+ version: '5.0'
272
272
  type: :development
273
273
  prerelease: false
274
274
  version_requirements: !ruby/object:Gem::Requirement
275
275
  requirements:
276
- - - '='
276
+ - - "<"
277
277
  - !ruby/object:Gem::Version
278
- version: '4.0'
278
+ version: '5.0'
279
279
  - !ruby/object:Gem::Dependency
280
280
  name: sqlite3
281
281
  requirement: !ruby/object:Gem::Requirement