RubyGems - metadata_presenter - Versions diffs - 3.3.3 → 3.3.4 - Mend

metadata_presenter 3.3.3 → 3.3.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

checksums.yaml +4 -4
data/app/controllers/metadata_presenter/answers_controller.rb +0 -1
data/app/models/metadata_presenter/page_answers.rb +27 -10
data/lib/metadata_presenter/version.rb +1 -1
data/schemas/validations/validations.json +2 -8
metadata +6 -6

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: cc84786b2ed09dc03a4df7af7d096346b18bce085b4c7e9cf40d15bb0778000a
-  data.tar.gz: 708f4c349746f9d80dfb405860dc7b37cd6773eef9cc86c931540848b5205b5b
+  metadata.gz: b1383e7705f46897aab384b9e5e5f8af3fa252a68292c71e7ab4fb9ba810f003
+  data.tar.gz: '08a34570f899f09c6e6390ab54730febc3c19215ce7ff685005ae6fa90028671'
 SHA512:
-  metadata.gz: cc8b1eb03836a7a4e649e509e66018e0718ef90cedab16da9e11a9fab7412bc8a6c38f612e9c6c617641bc1a8483ea0dd21c14d53866c2d88449eeb491215cf0
-  data.tar.gz: 1feebdd5af39db1c9a116e5d6419bef27b6131e234fa1dfb9910952a0927fff6f87d25115c614b5a4e5597def786bdf0471e71097e03fcb6fb4ed677bfb0fa4d
+  metadata.gz: 6a9461584ecb5471ef3f4e2dab87f24f10f22b317b0fcdd1f0b4b0126d2b84062f68159df671df6a6a358f99977b3dfd6fa48e1c5b0082028ad5c7834eabfc51
+  data.tar.gz: fadb737aaf8eb0a899bb0936268b3bea4187f318160ac99f396b9ce2904ae6b7f127f11e3ca3ffc4af91666db7d914c259497a55d3a2dff3f6eee026cbdff2f9

data/app/controllers/metadata_presenter/answers_controller.rb CHANGED Viewed

@@ -133,7 +133,6 @@ module MetadataPresenter
     end
     def answers_params
-      params.permit(:page_slug, :save_for_later)
       params[:answers] ? params[:answers].permit! : {}
     end

data/app/models/metadata_presenter/page_answers.rb CHANGED Viewed

@@ -44,11 +44,22 @@ module MetadataPresenter
       return {} unless file_details
-      if file_details.is_a?(Hash) || file_details.is_a?(ActionController::Parameters)
-        file_details.merge('original_filename' => sanitize(filename(update_filename(file_details['original_filename']))))
+      if file_details.is_a?(ActionController::Parameters)
+        unless file_details.permitted?
+          Rails.logger.warn("[PageAnswers#upload_answer] Permitting unfiltered params in component `#{component_id}`")
+          file_details.permit!
+        end
+        file_details.merge(
+          'original_filename' => sanitize_filename(file_details['original_filename'])
+        )
+      elsif file_details.is_a?(Hash)
+        file_details.merge(
+          'original_filename' => sanitize_filename(file_details['original_filename'])
+        )
       else
         {
-          'original_filename' => sanitize(filename(update_filename(file_details.original_filename))),
+          'original_filename' => sanitize_filename(file_details.original_filename),
           'content_type' => file_details.content_type,
           'tempfile' => file_details.tempfile.path.to_s
         }
@@ -83,25 +94,27 @@ module MetadataPresenter
         return if answers[component_id].blank?
         if answers[component_id].is_a?(Array)
-          answers[component_id].each { |answer| answer['original_filename'] = sanitize(filename(update_filename(answer['original_filename']))) }
+          answers[component_id].each { |answer| answer['original_filename'] = sanitize_filename(answer['original_filename']) }
         end
         answers[component_id] = answers[component_id].reject { |a| a['original_filename'].blank? }
         return answers
       end
+      return answers if answers.incoming_answer.blank?
       # uploading a new answer, this method will be called during multiple render operations
-      if answers.incoming_answer.present? && answers.incoming_answer.is_a?(ActionController::Parameters)
-        answers.incoming_answer[component_id].original_filename = sanitize(filename(update_filename(answers.incoming_answer[component_id].original_filename)))
+      if answers.incoming_answer.is_a?(ActionController::Parameters)
+        answers.incoming_answer[component_id].original_filename = sanitize_filename(answers.incoming_answer[component_id].original_filename)
       end
-      if answers.incoming_answer.present? && answers.incoming_answer.is_a?(Hash)
-        answers.incoming_answer['original_filename'] = sanitize(filename(update_filename(answers.incoming_answer['original_filename'])))
+      if answers.incoming_answer.is_a?(Hash)
+        answers.incoming_answer['original_filename'] = sanitize_filename(answers.incoming_answer['original_filename'])
       end
-      if answers.incoming_answer.present? && answers.incoming_answer[component_id].is_a?(ActionDispatch::Http::UploadedFile)
+      if answers.incoming_answer[component_id].is_a?(ActionDispatch::Http::UploadedFile)
         answers.incoming_answer = {
-          'original_filename' => sanitize(filename(update_filename(answers.incoming_answer[component_id].original_filename))),
+          'original_filename' => sanitize_filename(answers.incoming_answer[component_id].original_filename),
           'content_type' => answers.incoming_answer[component_id].content_type,
           'tempfile' => answers.incoming_answer[component_id].tempfile.path.to_s,
           'uuid' => SecureRandom.uuid
@@ -129,6 +142,10 @@ module MetadataPresenter
     private
+    def sanitize_filename(answer)
+      sanitize(filename(update_filename(answer)))
+    end
     def filename(path)
       return sanitize(path) if path.nil?

data/lib/metadata_presenter/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module MetadataPresenter
-  VERSION = '3.3.3'.freeze
+  VERSION = '3.3.4'.freeze
 end

data/schemas/validations/validations.json CHANGED Viewed

@@ -120,7 +120,7 @@
     },
     "max_files": {
       "title": "Maximum files",
-      "description": "The maximum number of fiels a user can upload",
+      "description": "The maximum number of files a user can upload",
       "type": "number",
       "minimum": 0
     },
@@ -464,9 +464,6 @@
             },
             "exclusive_minimum": {
               "$ref": "#/definitions/exclusive_minimum"
-            },
-            "max_files": {
-              "$ref": "#/definitions/max_files"
             }
           }
         },
@@ -486,9 +483,6 @@
             },
             "exclusive_minimum": {
               "$ref": "#/definitions/errors_exclusive_minimum"
-            },
-            "max_files": {
-              "$ref": "#/definitions/max_files"
             }
           }
         }
@@ -542,7 +536,7 @@
         "errors": {
           "properties": {
             "max_files": {
-              "$ref": "#/definitions/max_files"
+              "$ref": "#/definitions/errors_max_files"
             }
           }
         }

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: metadata_presenter
 version: !ruby/object:Gem::Version
-  version: 3.3.3
+  version: 3.3.4
 platform: ruby
 authors:
 - MoJ Forms
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-11-22 00:00:00.000000000 Z
+date: 2023-11-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: govuk_design_system_formbuilder
@@ -266,16 +266,16 @@ dependencies:
   name: site_prism
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '='
+    - - "<"
       - !ruby/object:Gem::Version
-        version: '4.0'
+        version: '5.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '='
+    - - "<"
       - !ruby/object:Gem::Version
-        version: '4.0'
+        version: '5.0'
 - !ruby/object:Gem::Dependency
   name: sqlite3
   requirement: !ruby/object:Gem::Requirement