nokogiri 1.5.4.rc1-java → 1.5.4.rc2-java

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of nokogiri might be problematic. Click here for more details.

@@ -10,6 +10,9 @@
10
10
 
11
11
  * Segmentation fault when creating a comment node for a DocumentFragment. #677, #678.
12
12
  * Treat '.' as xpath in at() and search(). #690
13
+ * [MRI] [Security] Default parse options for XML documents were
14
+ changed to not make network connections during document parsing,
15
+ to avoid XXE vulnerability. #693
13
16
 
14
17
 
15
18
  == 1.5.3 / 2012-06-01
@@ -2,7 +2,7 @@
2
2
 
3
3
  * Features
4
4
 
5
- * The "nokogiri" script now has more verbose output when passed the `--rng` option. (Thanks, Dan Radez!)
5
+ * The "nokogiri" script now has more verbose output when passed the `--rng` option. #675 (Thanks, Dan Radez!)
6
6
  * Build support on hardened Debian systems that use `-Werror=format-security`. #680.
7
7
  * Better build support for systems with pkg-config. #584
8
8
 
@@ -10,7 +10,9 @@
10
10
 
11
11
  * Segmentation fault when creating a comment node for a DocumentFragment. #677, #678.
12
12
  * Treat '.' as xpath in at() and search(). #690
13
-
13
+ * [MRI] [Security] Default parse options for XML documents were
14
+ changed to not make network connections during document parsing,
15
+ to avoid XXE vulnerability. #693
14
16
 
15
17
  == 1.5.3 / 2012-06-01
16
18
 
Binary file
@@ -1,6 +1,6 @@
1
1
  module Nokogiri
2
2
  # The version of Nokogiri you are using
3
- VERSION = '1.5.4.rc1'
3
+ VERSION = '1.5.4.rc2'
4
4
 
5
5
  class VersionInfo # :nodoc:
6
6
  def jruby?
@@ -47,7 +47,7 @@ module Nokogiri
47
47
  HUGE = 1 << 19
48
48
 
49
49
  # the default options used for parsing XML documents
50
- DEFAULT_XML = RECOVER
50
+ DEFAULT_XML = RECOVER | NONET
51
51
  # the default options used for parsing HTML documents
52
52
  DEFAULT_HTML = RECOVER | NOERROR | NOWARNING | NONET
53
53
 
@@ -64,6 +64,11 @@ module Nokogiri
64
64
  self
65
65
  end
66
66
 
67
+ def no#{constant.downcase}
68
+ @options &= ~#{constant}
69
+ self
70
+ end
71
+
67
72
  def #{constant.downcase}?
68
73
  #{constant} & @options == #{constant}
69
74
  end
@@ -35,6 +35,18 @@ module Nokogiri
35
35
  assert_equal 1 << 1, options.options
36
36
  end
37
37
 
38
+ def test_unsetting
39
+ options = Nokogiri::XML::ParseOptions.new Nokogiri::XML::ParseOptions::DEFAULT_HTML
40
+ assert options.nonet?
41
+ assert options.recover?
42
+ options.nononet.norecover
43
+ assert ! options.nonet?
44
+ assert ! options.recover?
45
+ options.nonet.recover
46
+ assert options.nonet?
47
+ assert options.recover?
48
+ end
49
+
38
50
  def test_chaining
39
51
  options = Nokogiri::XML::ParseOptions.new.recover.noent
40
52
  assert options.recover?
metadata CHANGED
@@ -2,7 +2,7 @@
2
2
  name: nokogiri
3
3
  version: !ruby/object:Gem::Version
4
4
  prerelease: 6
5
- version: 1.5.4.rc1
5
+ version: 1.5.4.rc2
6
6
  platform: java
7
7
  authors:
8
8
  - Aaron Patterson
@@ -12,7 +12,7 @@ autorequire:
12
12
  bindir: bin
13
13
  cert_chain: []
14
14
 
15
- date: 2012-06-07 00:00:00 Z
15
+ date: 2012-06-08 00:00:00 Z
16
16
  dependencies:
17
17
  - !ruby/object:Gem::Dependency
18
18
  name: hoe-bundler