pageflow 15.7.0 → 15.7.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: e07646ad594c834e19ed93553b64ba592dc807d85cca57a07ce3ea392f77d4c2
4
- data.tar.gz: 845f8fc85917afe64894bf61f05f520993e03b9c61a1eaed0d314d450aa41319
3
+ metadata.gz: c1a50cfe81bd53808d9ae9dad7d9a4a66b694bd4362e5b775cc214978404cedc
4
+ data.tar.gz: 2071f8c941906db50038ad08e3c6e16ea3082e1f879f4f523d9c5ca8e69870d6
5
5
  SHA512:
6
- metadata.gz: 0eb5bb9a53af5e48c692d603d926d591bf2a2d762a7fb5aa630959ef4e0a3a8cea236ae3fb16d9cfa302e020318d26f7f9866fd536ba9bc385078b468cb30326
7
- data.tar.gz: c91f4e74965891b57b343f0a12eb4b8b33907a47035b7f0e3e59f36eed59b26755ca388ebe958f981be7eb1a396a69979acb7e5f1dd27ae997c84d7680395fd8
6
+ metadata.gz: 207901a660ce7258638a9ac6095cf95e9260904eec7e471ceb3e9c8a23dcc6aef00b098135b1fb1b7b81be750166426a412d91013803452f4d72ed8eef77471f
7
+ data.tar.gz: de7df8277fe83db6d8b0e5391868a6f94f86fb3a82622c526d71cc5656c5e12bcec1c33cf75d5a3ec420cd8af352545555433306d2f59cbc16dd45549790297a
data/CHANGELOG.md CHANGED
@@ -1,5 +1,22 @@
1
1
  # CHANGELOG
2
2
 
3
+ ### Version 15.7.1
4
+
5
+ 2022-09-14
6
+
7
+ [Compare changes](https://github.com/codevise/pageflow/compare/v15.7.0...v15.7.1)
8
+
9
+ ##### Security
10
+
11
+ - Fix
12
+ [GHSA-qcqv-38jg-2r43](https://github.com/codevise/pageflow/security/advisories/GHSA-qcqv-38jg-2r43):
13
+ Insecure direct object reference in membership update endpoint
14
+ ([#1862](https://github.com/codevise/pageflow/pull/1862))
15
+ - Fix
16
+ [GHSA-wrrw-crp8-979q](https://github.com/codevise/pageflow/security/advisories/GHSA-wrrw-crp8-979q):
17
+ Sensitive user data extraction via Ransack query injection
18
+ ([#1862](https://github.com/codevise/pageflow/pull/1862))
19
+
3
20
  ### Version 15.7.0
4
21
 
5
22
  2022-07-18
@@ -112,7 +112,11 @@ module Pageflow
112
112
  private
113
113
 
114
114
  def permitted_params
115
- params.permit(membership: [:user_id, :entity_id, :entity_type, :role])
115
+ if [:create, :new].include?(action_name.to_sym)
116
+ params.permit(membership: [:user_id, :entity_id, :entity_type, :role])
117
+ else
118
+ params.permit(membership: [:role])
119
+ end
116
120
  end
117
121
 
118
122
  def redirect_path