narou 3.5.1 → 3.8.0

data/lib/novelconverter.rb

@@ -436,7 +436,7 @@ class NovelConverter
   def load_novel_section(subtitle_info, section_save_dir)
     file_subtitle = subtitle_info["file_subtitle"] || subtitle_info["subtitle"]   # 互換性維持のため
     path = section_save_dir.join("#{subtitle_info["index"]} #{file_subtitle}.yaml")
-    YAML.load_file(path)
+    YAML.unsafe_load_file(path)
   rescue Errno::ENOENT => e
     stream_io.puts
     stream_io.error(<<~MSG.termcolor)
@@ -568,7 +568,7 @@ class NovelConverter
   # 各小説用の converter.rb 変換オブジェクトを生成
   #
   def create_converter
-    load_converter(@novel_title, @setting.archive_path).new(@setting, @inspector, @illustration)
+    load_converter(@setting.archive_path).new(@setting, @inspector, @illustration)
   end
 
   #

data/lib/sitesetting.rb

@@ -72,7 +72,7 @@ class SiteSetting
 
   def initialize(path)
     @match_values = {}
-    @yaml = YAML.load_file(path)
+    @yaml = YAML.unsafe_load_file(path)
     @path = path
   end
 

data/lib/template.rb

@@ -50,7 +50,7 @@ class Template
       path = dir.join(TEMPLATE_DIR, src_filename + ".erb")
       next unless path.exist?
       src = Helper::CacheLoader.load(path)
-      result = ERB.new(src, nil, "-").result(_binding)
+      result = ERB.new(src, trim_mode: "-").result(_binding)
       return result
     end
     raise LoadError, "テンプレートファイルが見つかりません。(#{src_filename}.erb)"

data/lib/version.rb

@@ -5,5 +5,5 @@
 #
 
 module Narou
-  VERSION = "3.5.1"
+  VERSION = "3.8.0"
 end

data/lib/web/appserver.rb

@@ -187,7 +187,7 @@ class Narou::AppServer < Sinatra::Base
     headers "Cache-Control" => "no-cache" if $development
     @bootstrap_theme = case params["webui.theme"]
                        when nil
-                         Narou.get_theme
+                         Narou.theme
                        when ""   # 環境設定画面で未設定が選択された時
                          nil
                        else
@@ -422,7 +422,7 @@ class Narou::AppServer < Sinatra::Base
     postscripts_count = 0
     toc["subtitles"].each do |sub|
       begin
-        element = YAML.load_file(downloader.section_file_path(sub))["element"]
+        element = YAML.unsafe_load_file(downloader.section_file_path(sub))["element"]
         data_type = element["data_type"] || "text"
         introduction = element["introduction"] || ""
         postscript = element["postscript"] || ""
@@ -835,8 +835,10 @@ class Narou::AppServer < Sinatra::Base
 
   # ダウンロード登録すると同時にグレーのボタン画像を返す
   get "/api/download4ssl" do
+    target = params["target"] or error("need a parameter: `target'")
+    opt_mail = "--mail" if query_to_boolean(params["mail"])
     Narou::WebWorker.push do
-      CommandLine.run!("download", params["target"])
+      CommandLine.run!("download", target, opt_mail)
       @@push_server.send_all(:"table.reload")
     end
     redirect "/resources/images/dl_button1.gif"
@@ -891,8 +893,9 @@ class Narou::AppServer < Sinatra::Base
   post "/api/eject" do
     do_eject = proc do
       device = Narou.get_device
-      device.eject if device
-      puts "<bold><green>端末を取り外しました</green></bold>".termcolor
+      device&.eject do
+        puts "<bold><green>端末を取り外しました</green></bold>".termcolor
+      end
     end
     if params["enqueue"] == "true"
       Narou::WebWorker.push do

data/narou.gemspec

@@ -32,12 +32,12 @@ Gem::Specification.new do |gem|
   install_message = <<-EOS
 #{"*" * 60}
 
-3.5.1: 2020/03/21
+3.8.0: 2021/06/27
 -----------------
 #### 修正内容
-- 小説家になろう系列の挿絵をダウンロード時に、サムネイル画像を取得するように
-  なってしまっていたのを修正
-- Ruby 2.7 で narou setting -l を実行時に警告が大量に出ていたのを修正
+- タイトル名もしくは作者名に特定の記号を使うことで任意のコードを実行できて
+  しまう問題を修正 [CVE-2021-35514]
+  - この問題を発見した RyotaK に感謝します
 
 #{"*" * 60}
   EOS
@@ -53,25 +53,28 @@ Gem::Specification.new do |gem|
   gem.add_runtime_dependency 'mail', '~> 2.6.0', '>= 2.6.6'
   gem.add_runtime_dependency 'pony', '~> 1', '>= 1.11'
   gem.add_runtime_dependency 'diff-lcs', '~> 1.2', '>= 1.2.5'
-  gem.add_runtime_dependency 'sinatra', '~> 1.4', '>= 1.4.5'
-  gem.add_runtime_dependency 'sinatra-contrib', '~> 1.4', '>= 1.4.2'
+  gem.add_runtime_dependency 'sinatra', '~> 2.0', '>= 2.0.8.1'
+  gem.add_runtime_dependency 'sinatra-contrib', '~> 2.0', '>= 2.0.8.1'
   gem.add_runtime_dependency 'tilt', '~> 2.0', '>= 2.0.10'
-  gem.add_runtime_dependency 'sass', '~> 3.4', '>= 3.4.18'
+  gem.add_runtime_dependency 'sassc', '~> 2.4'
+  gem.add_runtime_dependency 'ffi', '~> 1.4', '>= 1.4.2'
   gem.add_runtime_dependency 'haml', '>= 5.1.2', '< 6'
   gem.add_runtime_dependency 'memoist', '~> 0.11.0'
   gem.add_runtime_dependency 'systemu', '~> 2.6', '>= 2.6.5'
   gem.add_runtime_dependency 'erubis', '~> 2.7'
   gem.add_runtime_dependency 'open_uri_redirections', '~> 0.2', '>= 0.2.1'
-  gem.add_runtime_dependency 'activesupport', '~> 5.2'
+  gem.add_runtime_dependency 'activesupport', '>= 6.1', '< 8.0'
   gem.add_runtime_dependency 'unicode-display_width', '~> 1.4'
+  gem.add_runtime_dependency 'webrick', '~> 1.7'
+  gem.add_runtime_dependency 'psych', '~> 4.0'
 
-  gem.add_development_dependency 'rspec', '~> 3.9'
+  gem.add_development_dependency 'rspec', '~> 3.10'
   gem.add_development_dependency 'rspec-retry', '~> 0.6'
   gem.add_development_dependency 'rspec_junit_formatter', '~> 0.4'
   gem.add_development_dependency 'timecop', '~> 0.9'
   gem.add_development_dependency 'pry', '~> 0.12'
   gem.add_development_dependency 'pry-byebug', '~> 3.8'
   gem.add_development_dependency 'awesome_print', '~> 1.8'
-  gem.add_development_dependency 'simplecov', '~> 0.18'
+  gem.add_development_dependency 'simplecov', '~> 0.20'
 end
 

data/template/converter.rb.erb

@@ -1,15 +1,8 @@
 # -*- coding: utf-8 -*-
 <% Template.target_binary_version(1.0) -%>
 
-#
-# 対象小説情報
-# タイトル: <%= @setting["title"] %>
-# 作者: <%= @setting["author"] %>
-# URL: <%= @setting["toc_url"] %>
-#
 # 詳細については http://bit.ly/1vTEH04 を参照して下さい
-#
-converter "<%= file_title.gsub('"', '\"') %>" do
+converter do
   # 各種変換処理がされる「前」の生データに対しての変換処理を記述
   def before(io, text_type)
     super

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: narou
 version: !ruby/object:Gem::Version
-  version: 3.5.1
+  version: 3.8.0
 platform: ruby
 authors:
 - whiteleaf7
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-03-21 00:00:00.000000000 Z
+date: 2021-06-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: termcolorlight
@@ -116,40 +116,40 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.4'
+        version: '2.0'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.4.5
+        version: 2.0.8.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.4'
+        version: '2.0'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.4.5
+        version: 2.0.8.1
 - !ruby/object:Gem::Dependency
   name: sinatra-contrib
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.4'
+        version: '2.0'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.4.2
+        version: 2.0.8.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.4'
+        version: '2.0'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.4.2
+        version: 2.0.8.1
 - !ruby/object:Gem::Dependency
   name: tilt
   requirement: !ruby/object:Gem::Requirement
@@ -171,25 +171,39 @@ dependencies:
       - !ruby/object:Gem::Version
         version: 2.0.10
 - !ruby/object:Gem::Dependency
-  name: sass
+  name: sassc
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.4'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.4'
+- !ruby/object:Gem::Dependency
+  name: ffi
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.4'
+        version: '1.4'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.4.18
+        version: 1.4.2
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.4'
+        version: '1.4'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.4.18
+        version: 1.4.2
 - !ruby/object:Gem::Dependency
   name: haml
   requirement: !ruby/object:Gem::Requirement
@@ -282,16 +296,22 @@ dependencies:
   name: activesupport
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '5.2'
+        version: '6.1'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '8.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '5.2'
+        version: '6.1'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '8.0'
 - !ruby/object:Gem::Dependency
   name: unicode-display_width
   requirement: !ruby/object:Gem::Requirement
@@ -306,20 +326,48 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.4'
+- !ruby/object:Gem::Dependency
+  name: webrick
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.7'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.7'
+- !ruby/object:Gem::Dependency
+  name: psych
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.0'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.9'
+        version: '3.10'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.9'
+        version: '3.10'
 - !ruby/object:Gem::Dependency
   name: rspec-retry
   requirement: !ruby/object:Gem::Requirement
@@ -410,14 +458,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.18'
+        version: '0.20'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.18'
+        version: '0.20'
 description: 小説家になろうで公開されている小説の管理、及び電子書籍データへの変換を支援します。縦書用に特化されており、横書き用に特化されたWEB小説を違和感なく縦書で読むことが出来るようになります。
 email:
 - 2nd.leaf@gmail.com
@@ -661,12 +709,12 @@ metadata: {}
 post_install_message: |
   ************************************************************
 
-  3.5.1: 2020/03/21
+  3.8.0: 2021/06/27
   -----------------
   #### 修正内容
-  - 小説家になろう系列の挿絵をダウンロード時に、サムネイル画像を取得するように
-    なってしまっていたのを修正
-  - Ruby 2.7 で narou setting -l を実行時に警告が大量に出ていたのを修正
+  - タイトル名もしくは作者名に特定の記号を使うことで任意のコードを実行できて
+    しまう問題を修正 [CVE-2021-35514]
+    - この問題を発見した RyotaK に感謝します
 
   ************************************************************
 rdoc_options: []
@@ -683,8 +731,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.2
-signing_key: 
+rubygems_version: 3.2.15
+signing_key:
 specification_version: 4
 summary: Narou.rb ― 小説家になろうダウンローダ＆縦書用整形スクリプト
 test_files: []