muck-comments 0.1.16 → 0.1.17
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
data/Rakefile
CHANGED
|
@@ -54,6 +54,8 @@ begin
|
|
|
54
54
|
gemspec.description = "The comment engine for the muck system."
|
|
55
55
|
gemspec.authors = ["Justin Ball", "Joel Duffin"]
|
|
56
56
|
gemspec.rubyforge_project = 'muck-comments'
|
|
57
|
+
gemspec.add_dependency "sanitize"
|
|
58
|
+
gemspec.add_dependency "awesome_nested_set"
|
|
57
59
|
gemspec.add_dependency "muck-engine"
|
|
58
60
|
gemspec.add_dependency "muck-users"
|
|
59
61
|
end
|
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
0.1.
|
|
1
|
+
0.1.17
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
<div id="<%= comment.dom_id %>" class="comment_holder delete-container">
|
|
2
2
|
<div class="commentor-icon"><%= icon comment.user %></div>
|
|
3
3
|
<p><span class="commentor"><%= link_to comment.user.try(:display_name), comment.user %></span>
|
|
4
|
-
<%=
|
|
4
|
+
<%= limit_comment(comment.body, truncate_comment, length, omission) %></p>
|
|
5
5
|
<%= delete_comment(comment, :image) if comment.can_edit?(current_user) %>
|
|
6
6
|
<span class="comment-time"><%= t("muck.general.time_ago", :time_in_words => time_ago_in_words(comment.created_at)) %></span></p>
|
|
7
7
|
</div>
|
|
@@ -1,5 +1,3 @@
|
|
|
1
|
-
<% c = comment_title.comment.dup.gsub(/\[youtube:+.+\]/, '') %>
|
|
2
|
-
|
|
3
1
|
<div id="<%= comment_title.dom_id %>" class="comment_holder">
|
|
4
2
|
<%= icon comment_title.user, :small, :class => 'left avatar_on_comment' %>
|
|
5
3
|
<div class="date_details">
|
|
@@ -8,7 +6,7 @@
|
|
|
8
6
|
profile_path(comment_title.user))} %>
|
|
9
7
|
</div>
|
|
10
8
|
<div class="comment_message">
|
|
11
|
-
<%=
|
|
9
|
+
<%= comment_title.body %>
|
|
12
10
|
</div>
|
|
13
11
|
<div class="clear"></div>
|
|
14
12
|
</div>
|
|
@@ -1,4 +1,4 @@
|
|
|
1
1
|
<div id="<%= simple_comment.dom_id %>" class="simple-comment">
|
|
2
2
|
<div class="commentor-icon"><%= icon simple_comment.user %></div>
|
|
3
|
-
<div class="comment-body"><%=
|
|
3
|
+
<div class="comment-body"><%= limit_comment(simple_comment.body, truncate_comment, length, omission) %></div>
|
|
4
4
|
</div>
|
|
@@ -9,6 +9,11 @@ module ActiveRecord
|
|
|
9
9
|
|
|
10
10
|
def acts_as_muck_comment(options = {})
|
|
11
11
|
|
|
12
|
+
default_options = {
|
|
13
|
+
:sanitize_content => true,
|
|
14
|
+
}
|
|
15
|
+
options = default_options.merge(options)
|
|
16
|
+
|
|
12
17
|
acts_as_nested_set :scope => [:commentable_id, :commentable_type]
|
|
13
18
|
validates_presence_of :body
|
|
14
19
|
belongs_to :user
|
|
@@ -18,7 +23,11 @@ module ActiveRecord
|
|
|
18
23
|
named_scope :by_newest, :order => "created_at DESC"
|
|
19
24
|
named_scope :by_oldest, :order => "created_at ASC"
|
|
20
25
|
named_scope :recent, lambda { { :conditions => ['created_at > ?', 1.week.ago] } }
|
|
21
|
-
|
|
26
|
+
|
|
27
|
+
if options[:sanitize_content]
|
|
28
|
+
before_save :sanitize_attributes
|
|
29
|
+
end
|
|
30
|
+
|
|
22
31
|
class_eval <<-EOV
|
|
23
32
|
# prevents a user from submitting a crafted form that bypasses activation
|
|
24
33
|
attr_protected :created_at, :updated_at
|
|
@@ -78,6 +87,34 @@ module ActiveRecord
|
|
|
78
87
|
false
|
|
79
88
|
end
|
|
80
89
|
|
|
90
|
+
# Sanitize content before saving. This prevent XSS attacks and other malicious html.
|
|
91
|
+
def sanitize_attributes
|
|
92
|
+
if self.sanitize_level
|
|
93
|
+
self.body = Sanitize.clean(self.body, self.sanitize_level)
|
|
94
|
+
end
|
|
95
|
+
end
|
|
96
|
+
|
|
97
|
+
# Override this method to control sanitization levels.
|
|
98
|
+
# Currently a user who is an admin will not have their content sanitized. A user
|
|
99
|
+
# in any role 'editor', 'manager', or 'contributor' will be given the 'RELAXED' settings
|
|
100
|
+
# while all other users will get 'BASIC'.
|
|
101
|
+
#
|
|
102
|
+
# By default the 'creator' of the content will be used to determine which level of
|
|
103
|
+
# sanitization is allowed. To change this set 'current_editor' before
|
|
104
|
+
#
|
|
105
|
+
# Options are from sanitze:
|
|
106
|
+
# nil - no sanitize
|
|
107
|
+
# Sanitize::Config::RELAXED
|
|
108
|
+
# Sanitize::Config::BASIC
|
|
109
|
+
# Sanitize::Config::RESTRICTED
|
|
110
|
+
# for more details see: http://rgrove.github.com/sanitize/
|
|
111
|
+
def sanitize_level
|
|
112
|
+
return Sanitize::Config::BASIC if self.user.nil?
|
|
113
|
+
return nil if self.user.admin?
|
|
114
|
+
return Sanitize::Config::RELAXED if self.user.any_role?('editor', 'manager', 'contributor')
|
|
115
|
+
Sanitize::Config::BASIC
|
|
116
|
+
end
|
|
117
|
+
|
|
81
118
|
end
|
|
82
119
|
end
|
|
83
120
|
end
|
data/muck-comments.gemspec
CHANGED
|
@@ -5,7 +5,7 @@
|
|
|
5
5
|
|
|
6
6
|
Gem::Specification.new do |s|
|
|
7
7
|
s.name = %q{muck-comments}
|
|
8
|
-
s.version = "0.1.
|
|
8
|
+
s.version = "0.1.17"
|
|
9
9
|
|
|
10
10
|
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
|
11
11
|
s.authors = ["Justin Ball", "Joel Duffin"]
|
|
@@ -415,13 +415,19 @@ Gem::Specification.new do |s|
|
|
|
415
415
|
s.specification_version = 3
|
|
416
416
|
|
|
417
417
|
if Gem::Version.new(Gem::RubyGemsVersion) >= Gem::Version.new('1.2.0') then
|
|
418
|
+
s.add_runtime_dependency(%q<sanitize>, [">= 0"])
|
|
419
|
+
s.add_runtime_dependency(%q<awesome_nested_set>, [">= 0"])
|
|
418
420
|
s.add_runtime_dependency(%q<muck-engine>, [">= 0"])
|
|
419
421
|
s.add_runtime_dependency(%q<muck-users>, [">= 0"])
|
|
420
422
|
else
|
|
423
|
+
s.add_dependency(%q<sanitize>, [">= 0"])
|
|
424
|
+
s.add_dependency(%q<awesome_nested_set>, [">= 0"])
|
|
421
425
|
s.add_dependency(%q<muck-engine>, [">= 0"])
|
|
422
426
|
s.add_dependency(%q<muck-users>, [">= 0"])
|
|
423
427
|
end
|
|
424
428
|
else
|
|
429
|
+
s.add_dependency(%q<sanitize>, [">= 0"])
|
|
430
|
+
s.add_dependency(%q<awesome_nested_set>, [">= 0"])
|
|
425
431
|
s.add_dependency(%q<muck-engine>, [">= 0"])
|
|
426
432
|
s.add_dependency(%q<muck-users>, [">= 0"])
|
|
427
433
|
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: muck-comments
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.17
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Justin Ball
|
|
@@ -13,6 +13,26 @@ cert_chain: []
|
|
|
13
13
|
date: 2009-12-02 00:00:00 -07:00
|
|
14
14
|
default_executable:
|
|
15
15
|
dependencies:
|
|
16
|
+
- !ruby/object:Gem::Dependency
|
|
17
|
+
name: sanitize
|
|
18
|
+
type: :runtime
|
|
19
|
+
version_requirement:
|
|
20
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
21
|
+
requirements:
|
|
22
|
+
- - ">="
|
|
23
|
+
- !ruby/object:Gem::Version
|
|
24
|
+
version: "0"
|
|
25
|
+
version:
|
|
26
|
+
- !ruby/object:Gem::Dependency
|
|
27
|
+
name: awesome_nested_set
|
|
28
|
+
type: :runtime
|
|
29
|
+
version_requirement:
|
|
30
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
31
|
+
requirements:
|
|
32
|
+
- - ">="
|
|
33
|
+
- !ruby/object:Gem::Version
|
|
34
|
+
version: "0"
|
|
35
|
+
version:
|
|
16
36
|
- !ruby/object:Gem::Dependency
|
|
17
37
|
name: muck-engine
|
|
18
38
|
type: :runtime
|