pdfkit 0.8.7.1 → 0.8.7.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: dd9ab1711dcc1f5dc4c9ec2b0f5a203394cc8276291f34bd59230dd832c6b51c
-  data.tar.gz: 0ec141cfe484aea9ae00488c34da32573f8f84d7ae3a5a3d5c954a0d4acfbee5
+  metadata.gz: d5a276883efaa6bba1349d1077bee9ed23e466e48006d7b87a8e6c6ffbbd83bb
+  data.tar.gz: 33632dc0ae3a917efe7a4d227ea3f1ef52a2901f125b5102f687d8058c32a135
 SHA512:
-  metadata.gz: d8cf1754028c05b1dab1f382c91b86672a8a2808bbabbe66132fdb78501a731b1a651b5d276c0818efba1b537a685d2f55cb2a281935edf8c7b5b58c3aed1f1a
-  data.tar.gz: 93f26e92cc31dd7f4fdaf1d5a20c2b2c5463d66588bc465bfacbfa4aecbbbe19662b1e605c1ac69593e1974fc0d606ff92298cfdace4c55313d977b87d128fc4
+  metadata.gz: 8694cd8411e17b0a960a5a931f84960031a935bfdb2f6fc43b6b460c8434644694e0b8dd764fb151cb722b947c9775c9540bd2b5935a0bbb5021705bbe7f8b52
+  data.tar.gz: 55fdc04026f173baa10fc1f349323b243f6ef9d17142a9ab196cdc4302c2444e7a72dcf1ba68c31c3a953ab1559add63c257a1c5c1012e9a3216765ae386457e

data/.github/workflows/test.yml

@@ -43,6 +43,18 @@ jobs:
     steps:
     - uses: actions/checkout@v2
     - uses: ruby/setup-ruby@v1
+      # rubygems-update's latest is no longer compatible with ruby 2.5, so conditionally run ruby-setup setting the
+      # rubygem version the most recent valid version for 2.5:
+      # https://rubygems.org/gems/rubygems-update/versions/3.3.26
+      if: ${{ matrix.ruby == '2.5' }}
+      with:
+        ruby-version: ${{ matrix.ruby }}
+        rubygems: 3.3.26
+        bundler: latest
+        bundler-cache: true
+    - uses: ruby/setup-ruby@v1
+      # otherwise, we can use rubygems latest
+      if: ${{ matrix.ruby != '2.5' }}
       with:
         ruby-version: ${{ matrix.ruby }}
         rubygems: latest

data/CHANGELOG.md

@@ -1,3 +1,14 @@
+2023-02-27
+=================
+  * Bump to 0.8.7.3
+  * Allow passing a `Pathname` object to the `path` argument by @yujideveloper in https://github.com/pdfkit/pdfkit/pull/522
+  * Update repeatable options by @mguidetti in https://github.com/pdfkit/pdfkit/pull/524
+
+2022-10-18
+=================
+  * Bump to 0.8.7.2
+  * Call IO.popen with an Array of command arguments (#519)
+
 2022-10-17
 =================
   * Bump to 0.8.7.1

data/lib/pdfkit/configuration.rb

@@ -45,7 +45,7 @@ class PDFKit
     end
 
     def executable
-      using_xvfb? ? "xvfb-run #{wkhtmltopdf}" : wkhtmltopdf
+      using_xvfb? ? ['xvfb-run', wkhtmltopdf] : wkhtmltopdf
     end
 
     def using_xvfb?

data/lib/pdfkit/pdfkit.rb

@@ -46,16 +46,11 @@ class PDFKit
   end
 
   def command(path = nil)
-    args = @renderer.options_for_command
-    shell_escaped_command = [executable, OS::shell_escape_for_os(args)].join ' '
-
-    # In order to allow for URL parameters (e.g. https://www.google.com/search?q=pdfkit) we do
-    # not escape the source. The user is responsible for ensuring that no vulnerabilities exist
-    # in the source. Please see https://github.com/pdfkit/pdfkit/issues/164.
-    input_for_command = @source.to_input_for_command
-    output_for_command = path ? Shellwords.shellescape(path) : '-'
-
-    "#{shell_escaped_command} #{input_for_command} #{output_for_command}"
+    args = [*executable]
+    args.concat(@renderer.options_for_command)
+    args << @source.to_input_for_command
+    args << (path ? path.to_s : '-')
+    args
   end
 
   def options

data/lib/pdfkit/source.rb

@@ -29,7 +29,7 @@ class PDFKit
       if file?
         @source.path
       elsif url?
-        %{"#{shell_safe_url}"}
+        escaped_url
       else
         SOURCE_FROM_STDIN
       end
@@ -41,7 +41,7 @@ class PDFKit
 
     private
 
-    def shell_safe_url
+    def escaped_url
       url_needs_escaping? ? URI::DEFAULT_PARSER.escape(@source) : @source
     end
 

data/lib/pdfkit/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 class PDFKit
-  VERSION = '0.8.7.1'
+  VERSION = '0.8.7.3'
 end

data/lib/pdfkit/wkhtmltopdf.rb

@@ -3,9 +3,9 @@
 class PDFKit
   class WkHTMLtoPDF
     attr_reader :options
-    # Pulled from:
-    # https://github.com/wkhtmltopdf/wkhtmltopdf/blob/ebf9b6cfc4c58a31349fb94c568b254fac37b3d3/README_WKHTMLTOIMAGE#L27
-    REPEATABLE_OPTIONS = %w[--allow --cookie --custom-header --post --post-file --run-script].freeze
+    # Pulled from: 
+    # https://github.com/wkhtmltopdf/wkhtmltopdf/blob/6a57c1449797d6cb915921fb747f3ac36199241f/docs/usage/wkhtmltopdf.txt#L104
+    REPEATABLE_OPTIONS = %w[--allow --bypass-proxy-for --cookie --custom-header --post --post-file --run-script --replace].freeze
     SPECIAL_OPTIONS = %w[cover toc].freeze
 
     def initialize(options)
@@ -64,7 +64,7 @@ class PDFKit
       when Array
         value.flatten.collect{|x| x.to_s}
       else
-        (OS::host_is_windows? && value.to_s.index(' ')) ? "'#{ value.to_s }'" : value.to_s
+        value.to_s
       end
     end
   

data/spec/pdfkit_spec.rb

@@ -45,8 +45,8 @@ describe PDFKit do
     end
 
     it "transforms complex keys into command-line arguments" do
-      pdfkit = PDFKit.new('html', :replace => {'value' => 'something else'} )
-      expect(pdfkit.options).to have_key('--replace')
+      pdfkit = PDFKit.new('html', :header_left => {'value' => 'something else'} )
+      expect(pdfkit.options).to have_key('--header-left')
     end
 
     it "drops options with false or falsey values" do
@@ -72,8 +72,8 @@ describe PDFKit do
     end
 
     it "parses hash option values into an array" do
-      pdfkit = PDFKit.new('html', :replace => {'value' => 'something else'} )
-      expect(pdfkit.options['--replace']).to eql ['value', 'something else']
+      pdfkit = PDFKit.new('html', :header_left => {'value' => 'something else'} )
+      expect(pdfkit.options['--header-left']).to eql ['value', 'something else']
     end
 
     it "flattens hash options into the key" do
@@ -84,8 +84,8 @@ describe PDFKit do
     end
 
     it "parses array option values into a string" do
-      pdfkit = PDFKit.new('html', :replace => ['value', 'something else'] )
-      expect(pdfkit.options['--replace']).to eql ['value', 'something else']
+      pdfkit = PDFKit.new('html', :header_left => ['value', 'something else'] )
+      expect(pdfkit.options['--header-left']).to eql ['value', 'something else']
     end
 
     it "flattens array options" do
@@ -175,22 +175,36 @@ describe PDFKit do
     it "constructs the correct command" do
       pdfkit = PDFKit.new('html', :page_size => 'Letter', :toc_l1_font_size => 12, :replace => {'foo' => 'bar'})
       command = pdfkit.command
-      expect(command).to include "wkhtmltopdf"
-      expect(command).to include "--page-size Letter"
-      expect(command).to include "--toc-l1-font-size 12"
-      expect(command).to include "--replace foo bar"
+      expect(command.first).to match(/wkhtmltopdf/)
+      expect(command).to contain %w[--page-size Letter]
+      expect(command).to contain %w[--toc-l1-font-size 12]
+      expect(command).to contain %w[--replace foo bar]
+    end
+
+    it "contains a specified by path argument" do
+      pdfkit = PDFKit.new('html')
+      command = pdfkit.command("/foo/bar")
+      expect(command.first).to match(/wkhtmltopdf/)
+      expect(command.last).to eq("/foo/bar")
+    end
+
+    it "contains a specified by path argument of Pathname" do
+      pdfkit = PDFKit.new('html')
+      command = pdfkit.command(Pathname.new("/foo/bar"))
+      expect(command.first).to match(/wkhtmltopdf/)
+      expect(command.last).to eq("/foo/bar")
     end
 
     it "sets up one cookie when hash has only one cookie" do
       pdfkit = PDFKit.new('html', cookie: {cookie_name: :cookie_value})
       command = pdfkit.command
-      expect(command).to include "--cookie cookie_name cookie_value"
+      expect(command).to contain %w[--cookie cookie_name cookie_value]
     end
 
-    it "does not break Windows paths" do
+    it "does not split Windows paths that contain spaces" do
       pdfkit = PDFKit.new('html')
       allow(PDFKit.configuration).to receive(:wkhtmltopdf).and_return 'c:/Program Files/wkhtmltopdf/wkhtmltopdf.exe'
-      expect(pdfkit.command).not_to include('Program\ Files')
+      expect(pdfkit.command).not_to contain(%w[c:/Program Files/wkhtmltopdf/wkhtmltopdf.exe])
     end
 
     it "does not shell escape source URLs" do
@@ -207,15 +221,15 @@ describe PDFKit do
     it "sets up multiple cookies when passed multiple cookies" do
       pdfkit = PDFKit.new('html', :cookie => {:cookie_name1 => :cookie_val1, :cookie_name2 => :cookie_val2})
       command = pdfkit.command
-      expect(command).to include "--cookie cookie_name1 cookie_val1"
-      expect(command).to include "--cookie cookie_name2 cookie_val2"
+      expect(command).to contain %w[--cookie cookie_name1 cookie_val1]
+      expect(command).to contain %w[--cookie cookie_name2 cookie_val2]
     end
 
     it "sets up multiple cookies when passed an array of tuples" do
       pdfkit = PDFKit.new('html', :cookie => [[:cookie_name1, :cookie_val1], [:cookie_name2, :cookie_val2]])
       command = pdfkit.command
-      expect(command).to include "--cookie cookie_name1 cookie_val1"
-      expect(command).to include "--cookie cookie_name2 cookie_val2"
+      expect(command).to contain %w[--cookie cookie_name1 cookie_val1]
+      expect(command).to contain %w[--cookie cookie_name2 cookie_val2]
     end
 
     it "will not include default options it is told to omit" do
@@ -229,48 +243,57 @@ describe PDFKit do
       expect(pdfkit.command).not_to include('--disable-smart-shrinking')
     end
 
-    it "encapsulates string arguments in quotes" do
+    it "must not split string arguments containing spaces" do
       pdfkit = PDFKit.new('html', :header_center => "foo [page]")
-      expect(pdfkit.command).to include "--header-center foo\\ \\[page\\]"
+      expect(pdfkit.command).to contain ['--header-center', 'foo [page]']
     end
 
-    it "sanitizes string arguments" do
+    it "paramatarizes string arguments" do
       pdfkit = PDFKit.new('html', :header_center => "$(ls)")
-      expect(pdfkit.command).to include "--header-center \\$\\(ls\\)"
+      expect(pdfkit.command).to contain %w[--header-center $(ls)]
     end
 
     it "read the source from stdin if it is html" do
       pdfkit = PDFKit.new('html')
-      expect(pdfkit.command).to match(/- -$/)
+      command = pdfkit.command
+      expect(command[-2]).to eq('-')
+      expect(command[-1]).to eq('-')
     end
 
     it "specifies the URL to the source if it is a url" do
       pdfkit = PDFKit.new('http://google.com')
-      expect(pdfkit.command).to match(/"http:\/\/google.com" -$/)
+      command = pdfkit.command
+      expect(command[-2]).to eq("http://google.com")
+      expect(command[-1]).to eq("-")
     end
 
     it "does not break Windows paths" do
       pdfkit = PDFKit.new('html')
       allow(PDFKit.configuration).to receive(:wkhtmltopdf).and_return 'c:/Program Files/wkhtmltopdf/wkhtmltopdf.exe'
-      expect(pdfkit.command).not_to include('Program\ Files')
+      expect(pdfkit.command).not_to contain ['Program', 'Files']
     end
 
     it "specifies the path to the source if it is a file" do
       file_path = File.join(SPEC_ROOT,'fixtures','example.html')
       pdfkit = PDFKit.new(File.new(file_path))
-      expect(pdfkit.command).to match(/#{file_path} -$/)
+      command = pdfkit.command
+      expect(command[-2]).to eq(file_path)
+      expect(command[-1]).to eq('-')
     end
 
     it "specifies the path to the source if it is a tempfile" do
       file_path = File.join(SPEC_ROOT,'fixtures','example.html')
       pdfkit = PDFKit.new(Tempfile.new(file_path))
-      expect(pdfkit.command).to match(/#{Dir.tmpdir}\S+ -$/)
+      command = pdfkit.command
+      expect(command[-2]).to start_with(Dir.tmpdir)
+      expect(command[-1]).to eq('-')
     end
 
     it "specifies the path for the ouput if a path is given" do
       file_path = "/path/to/output.pdf"
       pdfkit = PDFKit.new("html")
-      expect(pdfkit.command(file_path)).to match(/#{file_path}$/)
+      command = pdfkit.command(file_path)
+      expect(command.last).to eq(file_path)
     end
 
     it "detects special pdfkit meta tags" do
@@ -284,8 +307,8 @@ describe PDFKit do
       }
       pdfkit = PDFKit.new(body)
       command = pdfkit.command
-      expect(command).to include "--page-size Legal"
-      expect(command).to include "--orientation Landscape"
+      expect(command).to contain %w[--page-size Legal]
+      expect(command).to contain %w[--orientation Landscape]
     end
 
     it "detects cookies meta tag" do
@@ -299,7 +322,7 @@ describe PDFKit do
       }
       pdfkit = PDFKit.new(body)
       command = pdfkit.command
-      expect(command).to include "--cookie rails_session rails_session_value --cookie cookie_variable cookie_variable_value"
+      expect(command).to contain %w[--cookie rails_session rails_session_value --cookie cookie_variable cookie_variable_value]
     end
 
     it "detects disable_smart_shrinking meta tag" do
@@ -313,7 +336,7 @@ describe PDFKit do
       pdfkit = PDFKit.new(body)
       command = pdfkit.command
       expect(command).to include "--disable-smart-shrinking"
-      expect(command).not_to include "--disable-smart-shrinking true"
+      expect(command).not_to contain %w[--disable-smart-shrinking true]
     end
 
     it "detects names with hyphens instead of underscores" do
@@ -342,8 +365,8 @@ describe PDFKit do
       }
       pdfkit = PDFKit.new(body)
       command = pdfkit.command
-      expect(command).to include "--page-size Legal"
-      expect(command).to include "--orientation Landscape"
+      expect(command).to contain %w[--page-size Legal]
+      expect(command).to contain %w[--orientation Landscape]
     end
 
     it "skips non-pdfkit meta tags" do
@@ -358,8 +381,8 @@ describe PDFKit do
       }
       pdfkit = PDFKit.new(body)
       command = pdfkit.command
-      expect(command).not_to include "--page-size Legal"
-      expect(command).to include "--orientation Landscape"
+      expect(command).not_to contain %w[--page-size Legal]
+      expect(command).to contain %w[--orientation Landscape]
     end
 
     it "does not use quiet when told to" do
@@ -422,14 +445,9 @@ describe PDFKit do
         allow(PDFKit::OS).to receive(:host_is_windows?).and_return(true)
       end
 
-      it "escapes special windows characters" do
-        pdf = PDFKit.new('html', :title => 'hello(world)')
-        expect(pdf.command).to include 'hello^(world^)'
-      end
-
       it "quotes spaces in options" do
         pdf = PDFKit.new('html', :title => 'hello world')
-        expect(pdf.command).to include "--title 'hello world'"
+        expect(pdf.command).to contain ['--title', "hello world"]
       end
     end
   end

data/spec/source_spec.rb

@@ -75,19 +75,14 @@ describe PDFKit::Source do
   end
 
   describe "#to_input_for_command" do
-    it "URI escapes source URLs and encloses them in quotes to accomodate ampersands" do
-      source = PDFKit::Source.new("https://www.google.com/search?q='cat<dev/zero>/dev/null'")
-      expect(source.to_input_for_command).to eq "\"https://www.google.com/search?q='cat%3Cdev/zero%3E/dev/null'\""
-    end
-
-    it "URI escapes source URI only escape part of it" do
-      source = PDFKit::Source.new("https://www.google.com/search?q='%20 sleep 5'")
-      expect(source.to_input_for_command).to eq "\"https://www.google.com/search?q='%2520%20sleep%205'\""
+    it "URI escapes source URI" do
+      source = PDFKit::Source.new("https://www.google.com/search?q=foo bar")
+      expect(source.to_input_for_command).to eq "https://www.google.com/search?q=foo%20bar"
     end
 
     it "does not URI escape previously escaped source URLs" do
-      source = PDFKit::Source.new("https://www.google.com/search?q='cat%3Cdev/zero%3E/dev/null'")
-      expect(source.to_input_for_command).to eq "\"https://www.google.com/search?q='cat%3Cdev/zero%3E/dev/null'\""
+      source = PDFKit::Source.new("https://www.google.com/search?q=foo%20bar")
+      expect(source.to_input_for_command).to eq "https://www.google.com/search?q=foo%20bar"
     end
 
     it "returns a '-' for HTML strings to indicate that we send that content through STDIN" do

data/spec/spec_helper.rb

@@ -21,3 +21,13 @@ require 'custom_wkhtmltopdf_path' if File.exist?(File.join(SPEC_ROOT, 'custom_wk
 RSpec.configure do |config|
   include Rack::Test::Methods
 end
+
+RSpec::Matchers.define :contain do |expected|
+  match do |actual|
+    (0..(actual.length - expected.length)).any? do |base_index|
+      expected.each_with_index.all? do |expected_element,index|
+        actual[base_index+index] == expected_element
+      end
+    end
+  end
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: pdfkit
 version: !ruby/object:Gem::Version
-  version: 0.8.7.1
+  version: 0.8.7.3
 platform: ruby
 authors:
 - Jared Pace
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-10-17 00:00:00.000000000 Z
+date: 2023-05-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport