pageflow 14.5.1 → 14.5.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (10) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +17 -0
  3. data/admins/pageflow/membership.rb +5 -1
  4. data/app/assets/javascripts/pageflow/dist/editor.js +11890 -0
  5. data/app/assets/javascripts/pageflow/dist/frontend.js +5800 -0
  6. data/app/assets/javascripts/pageflow/dist/ui.js +3114 -0
  7. data/app/models/pageflow/entry.rb +8 -0
  8. data/lib/pageflow/user_mixin.rb +6 -0
  9. data/lib/pageflow/version.rb +1 -1
  10. metadata +6 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 550db2063d0c5c342bd9b24d38d3d759defce7e3e9aa33fd9b0e47e6b0862ba5
4
- data.tar.gz: 494b553bf952e0d641586d28306c0e2e6ef9fa2cd6cedadd7764a606b73b1279
3
+ metadata.gz: 033f4a8249a6495f4efd89da77551f81f4c2ebc9d52239b556a1bbe8fd5ffc5b
4
+ data.tar.gz: 7acc4e48d957b31061fe32b5cbc089c446b8b77cfeeecb0524f124bb84625225
5
5
  SHA512:
6
- metadata.gz: 1bf9cc43939f2d61502c3e16114bbba8bbdacdd10f89c2f537df9a020d95a9ef587f1e63deeb2c3893b3dfcae0a4b631beaf697e0968e11cbbff9521b89381a5
7
- data.tar.gz: c84b678c51232d043419dc9bf2713aa6b39ce0aca89263d815890d6adbcf557abdb3ab289628b6b9af0567271df10f406760ed282dd828d45d185583eff570c0
6
+ metadata.gz: aa80c8bff2c29709f64238ded3af623132485aee9b67f30fd90392b2b48015985d52f951bad79f93f546a6cf81505f3560702dd6c53f76def9a82687652cc0f3
7
+ data.tar.gz: 01c0d4e10ae16e0ecea6d489b1ab3ffa98fa6a8d8ff534cefe83677c9e63bfb891fd0f8f36d9274aae2a4a770808ce3b91fdd9fcb79b06f8444eb3a048ad938c
data/CHANGELOG.md CHANGED
@@ -1,5 +1,22 @@
1
1
  # CHANGELOG
2
2
 
3
+ ### Version 14.5.2
4
+
5
+ 2022-09-14
6
+
7
+ [Compare changes](https://github.com/codevise/pageflow/compare/v14.5.1...v14.5.2)
8
+
9
+ ##### Security
10
+
11
+ - Fix
12
+ [GHSA-qcqv-38jg-2r43](https://github.com/codevise/pageflow/security/advisories/GHSA-qcqv-38jg-2r43):
13
+ Insecure direct object reference in membership update endpoint
14
+ ([#1862](https://github.com/codevise/pageflow/pull/1862))
15
+ - Fix
16
+ [GHSA-wrrw-crp8-979q](https://github.com/codevise/pageflow/security/advisories/GHSA-wrrw-crp8-979q):
17
+ Sensitive user data extraction via Ransack query injection
18
+ ([#1862](https://github.com/codevise/pageflow/pull/1862))
19
+
3
20
  ### Version 14.5.1
4
21
 
5
22
  2019-10-31
data/admins/pageflow/membership.rb CHANGED
@@ -100,7 +100,11 @@ module Pageflow
100
100
  private
101
101
 
102
102
  def permitted_params
103
- params.permit(membership: [:user_id, :entity_id, :entity_type, :role])
103
+ if [:create, :new].include?(action_name.to_sym)
104
+ params.permit(membership: [:user_id, :entity_id, :entity_type, :role])
105
+ else
106
+ params.permit(membership: [:role])
107
+ end
104
108
  end
105
109
 
106
110
  def redirect_path