nokogiri 1.10.8-java → 1.10.9-java

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of nokogiri might be problematic. Click here for more details.

checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 4a128fdc76b3bc96899e22fed66f613f990e3c4736d4b0cc7c243a3a19182bf9
4
- data.tar.gz: 6f8b1afb5e1ac41f49740b77bd908a7b7405d6425b23b756dc3cbb816f4a8970
3
+ metadata.gz: 30b45e844544b442de9e1b6e0d7563366691987d706c644852ac2a43b98e21aa
4
+ data.tar.gz: 72a92174b6c7212e855d5ad837a6a057aa037e787c1a5bfbafc51b01e4bcc005
5
5
  SHA512:
6
- metadata.gz: 62b71a0ee6624bb44cb631f7ab887ad48c5c55bd25d9b040b2da553aa364a737fbc5fe1de61f2ef4fd86a8e80789df880dce056fc0423be56d57a968ae593172
7
- data.tar.gz: 3d0f696d04cf4ae54c9202e7e3575d0bb6e6ba6217a39d8cba714ad0ef395f1a1022b19d509c7efe96c48103badf9b5a355d04e93aeebefab4afe7767af1393e
6
+ metadata.gz: 5a73e36df6a440644e9597b17d6d981fe04b2dbd4487b69491eaff3501f503e181c33f5531b8fdca363c52789ad211b5a05c70f4a78eddd7819ad0ecd506b892
7
+ data.tar.gz: e6b1bb8a4a6a499a893db8df894fd88eb4f90c9b819ec2317a824d50054dfbbaa6cc5af957d22d554cd2d9a6c96d5755ef407eca4d524a54cbd8878e7a1ad3df
@@ -39,6 +39,7 @@ import static nokogiri.internals.NokogiriHelpers.nodeListToRubyArray;
39
39
  import java.util.Arrays;
40
40
 
41
41
  import org.jruby.Ruby;
42
+ import org.jruby.RubyArray;
42
43
  import org.jruby.RubyClass;
43
44
  import org.jruby.RubyFixnum;
44
45
  import org.jruby.RubyObject;
@@ -391,7 +392,7 @@ outer:
391
392
  }
392
393
 
393
394
  @JRubyMethod(name = {"to_a", "to_ary"})
394
- public IRubyObject to_a(ThreadContext context) {
395
+ public RubyArray to_a(ThreadContext context) {
395
396
  return context.runtime.newArrayNoCopy(nodes);
396
397
  }
397
398
 
@@ -133,6 +133,31 @@ static VALUE read_memory(VALUE klass, VALUE content)
133
133
  return rb_schema;
134
134
  }
135
135
 
136
+ /* Schema creation will remove and deallocate "blank" nodes.
137
+ * If those blank nodes have been exposed to Ruby, they could get freed
138
+ * out from under the VALUE pointer. This function checks to see if any of
139
+ * those nodes have been exposed to Ruby, and if so we should raise an exception.
140
+ */
141
+ static int has_blank_nodes_p(VALUE cache)
142
+ {
143
+ long i;
144
+
145
+ if (NIL_P(cache)) {
146
+ return 0;
147
+ }
148
+
149
+ for (i = 0; i < RARRAY_LEN(cache); i++) {
150
+ xmlNodePtr node;
151
+ VALUE element = rb_ary_entry(cache, i);
152
+ Data_Get_Struct(element, xmlNode, node);
153
+ if (xmlIsBlankNode(node)) {
154
+ return 1;
155
+ }
156
+ }
157
+
158
+ return 0;
159
+ }
160
+
136
161
  /*
137
162
  * call-seq:
138
163
  * from_document(doc)
@@ -152,6 +177,10 @@ static VALUE from_document(VALUE klass, VALUE document)
152
177
  /* In case someone passes us a node. ugh. */
153
178
  doc = doc->doc;
154
179
 
180
+ if (has_blank_nodes_p(DOC_NODE_CACHE(doc))) {
181
+ rb_raise(rb_eArgError, "Creating a schema from a document that has blank nodes exposed to Ruby is dangerous");
182
+ }
183
+
155
184
  ctx = xmlSchemaNewDocParserCtxt(doc);
156
185
 
157
186
  errors = rb_ary_new();
Binary file
@@ -1,6 +1,6 @@
1
1
  module Nokogiri
2
2
  # The version of Nokogiri you are using
3
- VERSION = "1.10.8"
3
+ VERSION = "1.10.9"
4
4
 
5
5
  class VersionInfo # :nodoc:
6
6
  def jruby?
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: nokogiri
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.10.8
4
+ version: 1.10.9
5
5
  platform: java
6
6
  authors:
7
7
  - Aaron Patterson
@@ -14,7 +14,7 @@ authors:
14
14
  autorequire:
15
15
  bindir: bin
16
16
  cert_chain: []
17
- date: 2020-02-10 00:00:00.000000000 Z
17
+ date: 2020-03-01 00:00:00.000000000 Z
18
18
  dependencies:
19
19
  - !ruby/object:Gem::Dependency
20
20
  requirement: !ruby/object:Gem::Requirement