parameter_cleaner 0.0.1 → 0.0.2
Sign up to get free protection for your applications and to get access to all the features.
- data/lib/parameter_cleaner.rb +23 -7
- data/parameter_cleaner.gemspec +2 -2
- metadata +21 -41
data/lib/parameter_cleaner.rb
CHANGED
|
@@ -4,18 +4,22 @@ class ActionController::Base
|
|
|
4
4
|
before_filter :pc_remove_angle_brackets_from_params
|
|
5
5
|
|
|
6
6
|
class <<self
|
|
7
|
+
|
|
8
|
+
#do_not_clean_param :name, :password
|
|
9
|
+
#do_not_clean_param /\[body\]/
|
|
7
10
|
def do_not_clean_param(*names)
|
|
8
11
|
names.each do |name|
|
|
9
|
-
pc_uncleaned_params.push([*name].map{ |s| s
|
|
12
|
+
pc_uncleaned_params.push([*name].map{ |s| s })
|
|
10
13
|
end
|
|
14
|
+
pc_uncleaned_params.flatten!
|
|
11
15
|
end
|
|
12
16
|
|
|
13
17
|
def pc_uncleaned_params
|
|
14
|
-
|
|
18
|
+
@@pc_uncleaned_params ||= []
|
|
15
19
|
end
|
|
16
20
|
end
|
|
17
21
|
|
|
18
|
-
private
|
|
22
|
+
private
|
|
19
23
|
def pc_remove_angle_brackets_from_params
|
|
20
24
|
pc_remove_angle_brackets_from_hash(params)
|
|
21
25
|
pc_remove_angle_brackets_from_hash(cookies)
|
|
@@ -30,15 +34,27 @@ private
|
|
|
30
34
|
when Array
|
|
31
35
|
value.map!{ |v| pc_remove_angle_brackets_from_value(v, h) }
|
|
32
36
|
else
|
|
33
|
-
|
|
37
|
+
if value.respond_to?('include?'.to_sym)&&['<', '>'].any?{|c| value.include?(c)}
|
|
38
|
+
hash[key] = pc_remove_angle_brackets_from_value(value, h)
|
|
39
|
+
end
|
|
40
|
+
end
|
|
41
|
+
end
|
|
42
|
+
end
|
|
43
|
+
|
|
44
|
+
def pc_match_do_not_clean_param(hierarchy)
|
|
45
|
+
hierarchy_key_name = [hierarchy.first, hierarchy[1, hierarchy.size-1].map{|k| "[#{k}]"}.join].join
|
|
46
|
+
self.class.pc_uncleaned_params.each do |key|
|
|
47
|
+
if key.is_a?(Symbol) || key.is_a?(String)
|
|
48
|
+
return true if key.to_s==hierarchy_key_name
|
|
49
|
+
elsif key.is_a?(Regexp)
|
|
50
|
+
return true if hierarchy_key_name =~ key
|
|
34
51
|
end
|
|
35
52
|
end
|
|
53
|
+
false
|
|
36
54
|
end
|
|
37
55
|
|
|
38
56
|
def pc_remove_angle_brackets_from_value(value, hierarchy)
|
|
39
|
-
return value if hierarchy.any?{ |k| k =~ /password/ } ||
|
|
40
|
-
self.class.pc_uncleaned_params.include?(hierarchy) ||
|
|
41
|
-
!value.respond_to?(:gsub)
|
|
57
|
+
return value if hierarchy.any?{ |k| k =~ /password/ } || pc_match_do_not_clean_param(hierarchy) || !value.respond_to?(:gsub)
|
|
42
58
|
value.gsub(/[<>]/, "")
|
|
43
59
|
end
|
|
44
60
|
end
|
data/parameter_cleaner.gemspec
CHANGED
|
@@ -1,9 +1,9 @@
|
|
|
1
1
|
Gem::Specification.new do |s|
|
|
2
2
|
s.name = %q{parameter_cleaner}
|
|
3
|
-
s.version = "0.0.
|
|
3
|
+
s.version = "0.0.2"
|
|
4
4
|
|
|
5
5
|
s.authors = ["Wayne Deng"]
|
|
6
|
-
s.date = %q{2013-11-
|
|
6
|
+
s.date = %q{2013-11-14}
|
|
7
7
|
s.platform = Gem::Platform::RUBY
|
|
8
8
|
s.summary = "Clean all the angle brackets from user input params and cookies!"
|
|
9
9
|
s.description = "Clean all the angle brackets from user input params and cookies! Based on https://github.com/madebymany/parameter_cleaner. Thanks to threedaymonk!"
|
metadata
CHANGED
|
@@ -1,33 +1,23 @@
|
|
|
1
|
-
--- !ruby/object:Gem::Specification
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: parameter_cleaner
|
|
3
|
-
version: !ruby/object:Gem::Version
|
|
4
|
-
|
|
3
|
+
version: !ruby/object:Gem::Version
|
|
4
|
+
version: 0.0.2
|
|
5
5
|
prerelease:
|
|
6
|
-
segments:
|
|
7
|
-
- 0
|
|
8
|
-
- 0
|
|
9
|
-
- 1
|
|
10
|
-
version: 0.0.1
|
|
11
6
|
platform: ruby
|
|
12
|
-
authors:
|
|
7
|
+
authors:
|
|
13
8
|
- Wayne Deng
|
|
14
9
|
autorequire:
|
|
15
10
|
bindir: bin
|
|
16
11
|
cert_chain: []
|
|
17
|
-
|
|
18
|
-
date: 2013-11-12 00:00:00 +08:00
|
|
19
|
-
default_executable:
|
|
12
|
+
date: 2013-11-14 00:00:00.000000000 Z
|
|
20
13
|
dependencies: []
|
|
21
|
-
|
|
22
|
-
|
|
14
|
+
description: Clean all the angle brackets from user input params and cookies! Based
|
|
15
|
+
on https://github.com/madebymany/parameter_cleaner. Thanks to threedaymonk!
|
|
23
16
|
email: wayne.deng.cn@gmail.com
|
|
24
17
|
executables: []
|
|
25
|
-
|
|
26
18
|
extensions: []
|
|
27
|
-
|
|
28
19
|
extra_rdoc_files: []
|
|
29
|
-
|
|
30
|
-
files:
|
|
20
|
+
files:
|
|
31
21
|
- init.rb
|
|
32
22
|
- MIT-LICENSE
|
|
33
23
|
- Rakefile
|
|
@@ -36,44 +26,34 @@ files:
|
|
|
36
26
|
- test/test_helper.rb
|
|
37
27
|
- lib/parameter_cleaner.rb
|
|
38
28
|
- parameter_cleaner.gemspec
|
|
39
|
-
has_rdoc: true
|
|
40
29
|
homepage:
|
|
41
30
|
licenses: []
|
|
42
|
-
|
|
43
31
|
post_install_message:
|
|
44
|
-
rdoc_options:
|
|
32
|
+
rdoc_options:
|
|
45
33
|
- --line-numbers
|
|
46
34
|
- --inline-source
|
|
47
35
|
- --title
|
|
48
36
|
- ParameterCleaner
|
|
49
37
|
- --main
|
|
50
38
|
- README
|
|
51
|
-
require_paths:
|
|
39
|
+
require_paths:
|
|
52
40
|
- lib
|
|
53
|
-
required_ruby_version: !ruby/object:Gem::Requirement
|
|
41
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
|
54
42
|
none: false
|
|
55
|
-
requirements:
|
|
56
|
-
- -
|
|
57
|
-
- !ruby/object:Gem::Version
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
- 0
|
|
61
|
-
version: "0"
|
|
62
|
-
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
43
|
+
requirements:
|
|
44
|
+
- - ! '>='
|
|
45
|
+
- !ruby/object:Gem::Version
|
|
46
|
+
version: '0'
|
|
47
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
63
48
|
none: false
|
|
64
|
-
requirements:
|
|
65
|
-
- -
|
|
66
|
-
- !ruby/object:Gem::Version
|
|
67
|
-
|
|
68
|
-
segments:
|
|
69
|
-
- 0
|
|
70
|
-
version: "0"
|
|
49
|
+
requirements:
|
|
50
|
+
- - ! '>='
|
|
51
|
+
- !ruby/object:Gem::Version
|
|
52
|
+
version: '0'
|
|
71
53
|
requirements: []
|
|
72
|
-
|
|
73
54
|
rubyforge_project:
|
|
74
|
-
rubygems_version: 1.
|
|
55
|
+
rubygems_version: 1.8.24
|
|
75
56
|
signing_key:
|
|
76
57
|
specification_version: 3
|
|
77
58
|
summary: Clean all the angle brackets from user input params and cookies!
|
|
78
59
|
test_files: []
|
|
79
|
-
|