pageflow 14.5.1 → 14.5.2

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 550db2063d0c5c342bd9b24d38d3d759defce7e3e9aa33fd9b0e47e6b0862ba5
4
- data.tar.gz: 494b553bf952e0d641586d28306c0e2e6ef9fa2cd6cedadd7764a606b73b1279
3
+ metadata.gz: 033f4a8249a6495f4efd89da77551f81f4c2ebc9d52239b556a1bbe8fd5ffc5b
4
+ data.tar.gz: 7acc4e48d957b31061fe32b5cbc089c446b8b77cfeeecb0524f124bb84625225
5
5
  SHA512:
6
- metadata.gz: 1bf9cc43939f2d61502c3e16114bbba8bbdacdd10f89c2f537df9a020d95a9ef587f1e63deeb2c3893b3dfcae0a4b631beaf697e0968e11cbbff9521b89381a5
7
- data.tar.gz: c84b678c51232d043419dc9bf2713aa6b39ce0aca89263d815890d6adbcf557abdb3ab289628b6b9af0567271df10f406760ed282dd828d45d185583eff570c0
6
+ metadata.gz: aa80c8bff2c29709f64238ded3af623132485aee9b67f30fd90392b2b48015985d52f951bad79f93f546a6cf81505f3560702dd6c53f76def9a82687652cc0f3
7
+ data.tar.gz: 01c0d4e10ae16e0ecea6d489b1ab3ffa98fa6a8d8ff534cefe83677c9e63bfb891fd0f8f36d9274aae2a4a770808ce3b91fdd9fcb79b06f8444eb3a048ad938c
data/CHANGELOG.md CHANGED
@@ -1,5 +1,22 @@
1
1
  # CHANGELOG
2
2
 
3
+ ### Version 14.5.2
4
+
5
+ 2022-09-14
6
+
7
+ [Compare changes](https://github.com/codevise/pageflow/compare/v14.5.1...v14.5.2)
8
+
9
+ ##### Security
10
+
11
+ - Fix
12
+ [GHSA-qcqv-38jg-2r43](https://github.com/codevise/pageflow/security/advisories/GHSA-qcqv-38jg-2r43):
13
+ Insecure direct object reference in membership update endpoint
14
+ ([#1862](https://github.com/codevise/pageflow/pull/1862))
15
+ - Fix
16
+ [GHSA-wrrw-crp8-979q](https://github.com/codevise/pageflow/security/advisories/GHSA-wrrw-crp8-979q):
17
+ Sensitive user data extraction via Ransack query injection
18
+ ([#1862](https://github.com/codevise/pageflow/pull/1862))
19
+
3
20
  ### Version 14.5.1
4
21
 
5
22
  2019-10-31
@@ -100,7 +100,11 @@ module Pageflow
100
100
  private
101
101
 
102
102
  def permitted_params
103
- params.permit(membership: [:user_id, :entity_id, :entity_type, :role])
103
+ if [:create, :new].include?(action_name.to_sym)
104
+ params.permit(membership: [:user_id, :entity_id, :entity_type, :role])
105
+ else
106
+ params.permit(membership: [:role])
107
+ end
104
108
  end
105
109
 
106
110
  def redirect_path