pageflow 14.5.1 → 14.5.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (10) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +17 -0
  3. data/admins/pageflow/membership.rb +5 -1
  4. data/app/assets/javascripts/pageflow/dist/editor.js +11890 -0
  5. data/app/assets/javascripts/pageflow/dist/frontend.js +5800 -0
  6. data/app/assets/javascripts/pageflow/dist/ui.js +3114 -0
  7. data/app/models/pageflow/entry.rb +8 -0
  8. data/lib/pageflow/user_mixin.rb +6 -0
  9. data/lib/pageflow/version.rb +1 -1
  10. metadata +6 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 550db2063d0c5c342bd9b24d38d3d759defce7e3e9aa33fd9b0e47e6b0862ba5
4
- data.tar.gz: 494b553bf952e0d641586d28306c0e2e6ef9fa2cd6cedadd7764a606b73b1279
3
+ metadata.gz: 033f4a8249a6495f4efd89da77551f81f4c2ebc9d52239b556a1bbe8fd5ffc5b
4
+ data.tar.gz: 7acc4e48d957b31061fe32b5cbc089c446b8b77cfeeecb0524f124bb84625225
5
5
  SHA512:
6
- metadata.gz: 1bf9cc43939f2d61502c3e16114bbba8bbdacdd10f89c2f537df9a020d95a9ef587f1e63deeb2c3893b3dfcae0a4b631beaf697e0968e11cbbff9521b89381a5
7
- data.tar.gz: c84b678c51232d043419dc9bf2713aa6b39ce0aca89263d815890d6adbcf557abdb3ab289628b6b9af0567271df10f406760ed282dd828d45d185583eff570c0
6
+ metadata.gz: aa80c8bff2c29709f64238ded3af623132485aee9b67f30fd90392b2b48015985d52f951bad79f93f546a6cf81505f3560702dd6c53f76def9a82687652cc0f3
7
+ data.tar.gz: 01c0d4e10ae16e0ecea6d489b1ab3ffa98fa6a8d8ff534cefe83677c9e63bfb891fd0f8f36d9274aae2a4a770808ce3b91fdd9fcb79b06f8444eb3a048ad938c
data/CHANGELOG.md CHANGED
@@ -1,5 +1,22 @@
1
1
  # CHANGELOG
2
2
 
3
+ ### Version 14.5.2
4
+
5
+ 2022-09-14
6
+
7
+ [Compare changes](https://github.com/codevise/pageflow/compare/v14.5.1...v14.5.2)
8
+
9
+ ##### Security
10
+
11
+ - Fix
12
+ [GHSA-qcqv-38jg-2r43](https://github.com/codevise/pageflow/security/advisories/GHSA-qcqv-38jg-2r43):
13
+ Insecure direct object reference in membership update endpoint
14
+ ([#1862](https://github.com/codevise/pageflow/pull/1862))
15
+ - Fix
16
+ [GHSA-wrrw-crp8-979q](https://github.com/codevise/pageflow/security/advisories/GHSA-wrrw-crp8-979q):
17
+ Sensitive user data extraction via Ransack query injection
18
+ ([#1862](https://github.com/codevise/pageflow/pull/1862))
19
+
3
20
  ### Version 14.5.1
4
21
 
5
22
  2019-10-31
data/admins/pageflow/membership.rb CHANGED
@@ -100,7 +100,11 @@ module Pageflow
100
100
  private
101
101
 
102
102
  def permitted_params
103
- params.permit(membership: [:user_id, :entity_id, :entity_type, :role])
103
+ if [:create, :new].include?(action_name.to_sym)
104
+ params.permit(membership: [:user_id, :entity_id, :entity_type, :role])
105
+ else
106
+ params.permit(membership: [:role])
107
+ end
104
108
  end
105
109
 
106
110
  def redirect_path