muck-comments 0.1.16 → 0.1.17
Sign up to get free protection for your applications and to get access to all the features.
data/Rakefile
CHANGED
@@ -54,6 +54,8 @@ begin
|
|
54
54
|
gemspec.description = "The comment engine for the muck system."
|
55
55
|
gemspec.authors = ["Justin Ball", "Joel Duffin"]
|
56
56
|
gemspec.rubyforge_project = 'muck-comments'
|
57
|
+
gemspec.add_dependency "sanitize"
|
58
|
+
gemspec.add_dependency "awesome_nested_set"
|
57
59
|
gemspec.add_dependency "muck-engine"
|
58
60
|
gemspec.add_dependency "muck-users"
|
59
61
|
end
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
0.1.
|
1
|
+
0.1.17
|
@@ -1,7 +1,7 @@
|
|
1
1
|
<div id="<%= comment.dom_id %>" class="comment_holder delete-container">
|
2
2
|
<div class="commentor-icon"><%= icon comment.user %></div>
|
3
3
|
<p><span class="commentor"><%= link_to comment.user.try(:display_name), comment.user %></span>
|
4
|
-
<%=
|
4
|
+
<%= limit_comment(comment.body, truncate_comment, length, omission) %></p>
|
5
5
|
<%= delete_comment(comment, :image) if comment.can_edit?(current_user) %>
|
6
6
|
<span class="comment-time"><%= t("muck.general.time_ago", :time_in_words => time_ago_in_words(comment.created_at)) %></span></p>
|
7
7
|
</div>
|
@@ -1,5 +1,3 @@
|
|
1
|
-
<% c = comment_title.comment.dup.gsub(/\[youtube:+.+\]/, '') %>
|
2
|
-
|
3
1
|
<div id="<%= comment_title.dom_id %>" class="comment_holder">
|
4
2
|
<%= icon comment_title.user, :small, :class => 'left avatar_on_comment' %>
|
5
3
|
<div class="date_details">
|
@@ -8,7 +6,7 @@
|
|
8
6
|
profile_path(comment_title.user))} %>
|
9
7
|
</div>
|
10
8
|
<div class="comment_message">
|
11
|
-
<%=
|
9
|
+
<%= comment_title.body %>
|
12
10
|
</div>
|
13
11
|
<div class="clear"></div>
|
14
12
|
</div>
|
@@ -1,4 +1,4 @@
|
|
1
1
|
<div id="<%= simple_comment.dom_id %>" class="simple-comment">
|
2
2
|
<div class="commentor-icon"><%= icon simple_comment.user %></div>
|
3
|
-
<div class="comment-body"><%=
|
3
|
+
<div class="comment-body"><%= limit_comment(simple_comment.body, truncate_comment, length, omission) %></div>
|
4
4
|
</div>
|
@@ -9,6 +9,11 @@ module ActiveRecord
|
|
9
9
|
|
10
10
|
def acts_as_muck_comment(options = {})
|
11
11
|
|
12
|
+
default_options = {
|
13
|
+
:sanitize_content => true,
|
14
|
+
}
|
15
|
+
options = default_options.merge(options)
|
16
|
+
|
12
17
|
acts_as_nested_set :scope => [:commentable_id, :commentable_type]
|
13
18
|
validates_presence_of :body
|
14
19
|
belongs_to :user
|
@@ -18,7 +23,11 @@ module ActiveRecord
|
|
18
23
|
named_scope :by_newest, :order => "created_at DESC"
|
19
24
|
named_scope :by_oldest, :order => "created_at ASC"
|
20
25
|
named_scope :recent, lambda { { :conditions => ['created_at > ?', 1.week.ago] } }
|
21
|
-
|
26
|
+
|
27
|
+
if options[:sanitize_content]
|
28
|
+
before_save :sanitize_attributes
|
29
|
+
end
|
30
|
+
|
22
31
|
class_eval <<-EOV
|
23
32
|
# prevents a user from submitting a crafted form that bypasses activation
|
24
33
|
attr_protected :created_at, :updated_at
|
@@ -78,6 +87,34 @@ module ActiveRecord
|
|
78
87
|
false
|
79
88
|
end
|
80
89
|
|
90
|
+
# Sanitize content before saving. This prevent XSS attacks and other malicious html.
|
91
|
+
def sanitize_attributes
|
92
|
+
if self.sanitize_level
|
93
|
+
self.body = Sanitize.clean(self.body, self.sanitize_level)
|
94
|
+
end
|
95
|
+
end
|
96
|
+
|
97
|
+
# Override this method to control sanitization levels.
|
98
|
+
# Currently a user who is an admin will not have their content sanitized. A user
|
99
|
+
# in any role 'editor', 'manager', or 'contributor' will be given the 'RELAXED' settings
|
100
|
+
# while all other users will get 'BASIC'.
|
101
|
+
#
|
102
|
+
# By default the 'creator' of the content will be used to determine which level of
|
103
|
+
# sanitization is allowed. To change this set 'current_editor' before
|
104
|
+
#
|
105
|
+
# Options are from sanitze:
|
106
|
+
# nil - no sanitize
|
107
|
+
# Sanitize::Config::RELAXED
|
108
|
+
# Sanitize::Config::BASIC
|
109
|
+
# Sanitize::Config::RESTRICTED
|
110
|
+
# for more details see: http://rgrove.github.com/sanitize/
|
111
|
+
def sanitize_level
|
112
|
+
return Sanitize::Config::BASIC if self.user.nil?
|
113
|
+
return nil if self.user.admin?
|
114
|
+
return Sanitize::Config::RELAXED if self.user.any_role?('editor', 'manager', 'contributor')
|
115
|
+
Sanitize::Config::BASIC
|
116
|
+
end
|
117
|
+
|
81
118
|
end
|
82
119
|
end
|
83
120
|
end
|
data/muck-comments.gemspec
CHANGED
@@ -5,7 +5,7 @@
|
|
5
5
|
|
6
6
|
Gem::Specification.new do |s|
|
7
7
|
s.name = %q{muck-comments}
|
8
|
-
s.version = "0.1.
|
8
|
+
s.version = "0.1.17"
|
9
9
|
|
10
10
|
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
11
11
|
s.authors = ["Justin Ball", "Joel Duffin"]
|
@@ -415,13 +415,19 @@ Gem::Specification.new do |s|
|
|
415
415
|
s.specification_version = 3
|
416
416
|
|
417
417
|
if Gem::Version.new(Gem::RubyGemsVersion) >= Gem::Version.new('1.2.0') then
|
418
|
+
s.add_runtime_dependency(%q<sanitize>, [">= 0"])
|
419
|
+
s.add_runtime_dependency(%q<awesome_nested_set>, [">= 0"])
|
418
420
|
s.add_runtime_dependency(%q<muck-engine>, [">= 0"])
|
419
421
|
s.add_runtime_dependency(%q<muck-users>, [">= 0"])
|
420
422
|
else
|
423
|
+
s.add_dependency(%q<sanitize>, [">= 0"])
|
424
|
+
s.add_dependency(%q<awesome_nested_set>, [">= 0"])
|
421
425
|
s.add_dependency(%q<muck-engine>, [">= 0"])
|
422
426
|
s.add_dependency(%q<muck-users>, [">= 0"])
|
423
427
|
end
|
424
428
|
else
|
429
|
+
s.add_dependency(%q<sanitize>, [">= 0"])
|
430
|
+
s.add_dependency(%q<awesome_nested_set>, [">= 0"])
|
425
431
|
s.add_dependency(%q<muck-engine>, [">= 0"])
|
426
432
|
s.add_dependency(%q<muck-users>, [">= 0"])
|
427
433
|
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: muck-comments
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.17
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Justin Ball
|
@@ -13,6 +13,26 @@ cert_chain: []
|
|
13
13
|
date: 2009-12-02 00:00:00 -07:00
|
14
14
|
default_executable:
|
15
15
|
dependencies:
|
16
|
+
- !ruby/object:Gem::Dependency
|
17
|
+
name: sanitize
|
18
|
+
type: :runtime
|
19
|
+
version_requirement:
|
20
|
+
version_requirements: !ruby/object:Gem::Requirement
|
21
|
+
requirements:
|
22
|
+
- - ">="
|
23
|
+
- !ruby/object:Gem::Version
|
24
|
+
version: "0"
|
25
|
+
version:
|
26
|
+
- !ruby/object:Gem::Dependency
|
27
|
+
name: awesome_nested_set
|
28
|
+
type: :runtime
|
29
|
+
version_requirement:
|
30
|
+
version_requirements: !ruby/object:Gem::Requirement
|
31
|
+
requirements:
|
32
|
+
- - ">="
|
33
|
+
- !ruby/object:Gem::Version
|
34
|
+
version: "0"
|
35
|
+
version:
|
16
36
|
- !ruby/object:Gem::Dependency
|
17
37
|
name: muck-engine
|
18
38
|
type: :runtime
|