pageflow 15.7.0 → 15.7.1

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: e07646ad594c834e19ed93553b64ba592dc807d85cca57a07ce3ea392f77d4c2
4
- data.tar.gz: 845f8fc85917afe64894bf61f05f520993e03b9c61a1eaed0d314d450aa41319
3
+ metadata.gz: c1a50cfe81bd53808d9ae9dad7d9a4a66b694bd4362e5b775cc214978404cedc
4
+ data.tar.gz: 2071f8c941906db50038ad08e3c6e16ea3082e1f879f4f523d9c5ca8e69870d6
5
5
  SHA512:
6
- metadata.gz: 0eb5bb9a53af5e48c692d603d926d591bf2a2d762a7fb5aa630959ef4e0a3a8cea236ae3fb16d9cfa302e020318d26f7f9866fd536ba9bc385078b468cb30326
7
- data.tar.gz: c91f4e74965891b57b343f0a12eb4b8b33907a47035b7f0e3e59f36eed59b26755ca388ebe958f981be7eb1a396a69979acb7e5f1dd27ae997c84d7680395fd8
6
+ metadata.gz: 207901a660ce7258638a9ac6095cf95e9260904eec7e471ceb3e9c8a23dcc6aef00b098135b1fb1b7b81be750166426a412d91013803452f4d72ed8eef77471f
7
+ data.tar.gz: de7df8277fe83db6d8b0e5391868a6f94f86fb3a82622c526d71cc5656c5e12bcec1c33cf75d5a3ec420cd8af352545555433306d2f59cbc16dd45549790297a
data/CHANGELOG.md CHANGED
@@ -1,5 +1,22 @@
1
1
  # CHANGELOG
2
2
 
3
+ ### Version 15.7.1
4
+
5
+ 2022-09-14
6
+
7
+ [Compare changes](https://github.com/codevise/pageflow/compare/v15.7.0...v15.7.1)
8
+
9
+ ##### Security
10
+
11
+ - Fix
12
+ [GHSA-qcqv-38jg-2r43](https://github.com/codevise/pageflow/security/advisories/GHSA-qcqv-38jg-2r43):
13
+ Insecure direct object reference in membership update endpoint
14
+ ([#1862](https://github.com/codevise/pageflow/pull/1862))
15
+ - Fix
16
+ [GHSA-wrrw-crp8-979q](https://github.com/codevise/pageflow/security/advisories/GHSA-wrrw-crp8-979q):
17
+ Sensitive user data extraction via Ransack query injection
18
+ ([#1862](https://github.com/codevise/pageflow/pull/1862))
19
+
3
20
  ### Version 15.7.0
4
21
 
5
22
  2022-07-18
@@ -112,7 +112,11 @@ module Pageflow
112
112
  private
113
113
 
114
114
  def permitted_params
115
- params.permit(membership: [:user_id, :entity_id, :entity_type, :role])
115
+ if [:create, :new].include?(action_name.to_sym)
116
+ params.permit(membership: [:user_id, :entity_id, :entity_type, :role])
117
+ else
118
+ params.permit(membership: [:role])
119
+ end
116
120
  end
117
121
 
118
122
  def redirect_path