pdfkit 0.8.7 → 0.8.7.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 824738b3d4f198d080bb590e5db7489da39ffb40f5f8c24b97652793160ac0d9
-  data.tar.gz: 963701136ddf00dd42502b2d564135c675ae1ae313c6cd40d8dd92761a70b3af
+  metadata.gz: b5277a9f3eef01b48a25763e16c1f2ebb1bd84e9868ad0c5dbd7a09aa1e4b1dc
+  data.tar.gz: '05039a31dc9ec5927c2dbcc7ba106e590d9e104e390f4740e5106a039120db37'
 SHA512:
-  metadata.gz: 6340e287849a0c43b8883cc1f2b78138fc5628fd2da4670c5f5d8a150632b56dbf27c9716bea49c1007cc2359148a4b3c1af1fed8c264ff89cf3d379976bfe30
-  data.tar.gz: b1b4f6d302ec4c407ebac2dfcc6bf3d72d7882520ba407bdb0d2b0316684ddcc09d3eecf0967305976292210a21304dc9b399fa39a9c4055ced27c5b7b8c1677
+  metadata.gz: d2faea1df102a9429d63d210f36f6a029f233d236f8bc496bf67c2f737592516d5ddd963039e6069e422a62abbc7d2eff41dbf3657a6de520c2ffd5bc92c874f
+  data.tar.gz: aae487ef8e56463a37a576bc6eeb8ab42ccd74b4912a1b79e027879481e773b340fd9d6802d4d929200debf5b9634bd121eae0fd9551d449ab0e732d020a3aae

data/CHANGELOG.md

@@ -1,3 +1,13 @@
+2022-10-18
+=================
+  * Bump to 0.8.7.2
+  * Call IO.popen with an Array of command arguments (#519)
+
+2022-10-17
+=================
+  * Bump to 0.8.7.1
+  * Support non-lower-case Content-Type header provided by app (#516)
+
 2022-10-02
 =================
   * Bump to 0.8.7

data/lib/pdfkit/configuration.rb

@@ -45,7 +45,7 @@ class PDFKit
     end
 
     def executable
-      using_xvfb? ? "xvfb-run #{wkhtmltopdf}" : wkhtmltopdf
+      using_xvfb? ? ['xvfb-run', wkhtmltopdf] : wkhtmltopdf
     end
 
     def using_xvfb?

data/lib/pdfkit/middleware.rb

@@ -22,7 +22,8 @@ class PDFKit
       status, headers, response = @app.call(env)
 
       begin
-        if rendering_pdf? && headers['content-type'] =~ /text\/html|application\/xhtml\+xml/
+        content_type_header = headers.has_key?('Content-Type') ? 'Content-Type' : 'content-type'
+        if rendering_pdf? && headers[content_type_header] =~ /text\/html|application\/xhtml\+xml/
           body = response.respond_to?(:body) ? response.body : response.join
           body = body.join if body.is_a?(Array)
 
@@ -49,7 +50,7 @@ class PDFKit
           end
 
           headers['content-length'] = (body.respond_to?(:bytesize) ? body.bytesize : body.size).to_s
-          headers['content-type']   = 'application/pdf'
+          headers[content_type_header]   = 'application/pdf'
           headers['content-disposition'] ||= @conditions[:disposition] || 'inline'
         end
       rescue StandardError => e

data/lib/pdfkit/pdfkit.rb

@@ -46,16 +46,11 @@ class PDFKit
   end
 
   def command(path = nil)
-    args = @renderer.options_for_command
-    shell_escaped_command = [executable, OS::shell_escape_for_os(args)].join ' '
-
-    # In order to allow for URL parameters (e.g. https://www.google.com/search?q=pdfkit) we do
-    # not escape the source. The user is responsible for ensuring that no vulnerabilities exist
-    # in the source. Please see https://github.com/pdfkit/pdfkit/issues/164.
-    input_for_command = @source.to_input_for_command
-    output_for_command = path ? Shellwords.shellescape(path) : '-'
-
-    "#{shell_escaped_command} #{input_for_command} #{output_for_command}"
+    args = [*executable]
+    args.concat(@renderer.options_for_command)
+    args << @source.to_input_for_command
+    args << (path ? path : '-')
+    args
   end
 
   def options

data/lib/pdfkit/source.rb

@@ -29,7 +29,7 @@ class PDFKit
       if file?
         @source.path
       elsif url?
-        %{"#{shell_safe_url}"}
+        escaped_url
       else
         SOURCE_FROM_STDIN
       end
@@ -41,7 +41,7 @@ class PDFKit
 
     private
 
-    def shell_safe_url
+    def escaped_url
       url_needs_escaping? ? URI::DEFAULT_PARSER.escape(@source) : @source
     end
 

data/lib/pdfkit/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 class PDFKit
-  VERSION = '0.8.7'
+  VERSION = '0.8.7.2'
 end

data/lib/pdfkit/wkhtmltopdf.rb

@@ -64,7 +64,7 @@ class PDFKit
       when Array
         value.flatten.collect{|x| x.to_s}
       else
-        (OS::host_is_windows? && value.to_s.index(' ')) ? "'#{ value.to_s }'" : value.to_s
+        value.to_s
       end
     end
   

data/spec/middleware_spec.rb

@@ -422,6 +422,29 @@ describe PDFKit::Middleware do
       end
     end
 
+    describe "content type header" do
+      before { mock_app }
+
+      context "lower case" do
+        specify "header gets correctly updated" do
+          get 'http://www.example.org/public/test.pdf'
+          expect(last_response.headers["content-type"]).to eq("application/pdf")
+        end
+      end
+
+      context "mixed case" do
+        let(:headers) do
+          {'Content-Type' => "text/html"}
+        end
+
+        specify "header gets correctly updated" do
+          pending("this test only applies to rack 2.x and is rejected by rack 3.x") if Rack.release >= "3.0.0"
+          get 'http://www.example.org/public/test.pdf'
+          expect(last_response.headers["Content-Type"]).to eq("application/pdf")
+        end
+      end
+    end
+
     describe "remove .pdf from PATH_INFO and REQUEST_URI" do
       before { mock_app }
 

data/spec/pdfkit_spec.rb

@@ -175,22 +175,22 @@ describe PDFKit do
     it "constructs the correct command" do
       pdfkit = PDFKit.new('html', :page_size => 'Letter', :toc_l1_font_size => 12, :replace => {'foo' => 'bar'})
       command = pdfkit.command
-      expect(command).to include "wkhtmltopdf"
-      expect(command).to include "--page-size Letter"
-      expect(command).to include "--toc-l1-font-size 12"
-      expect(command).to include "--replace foo bar"
+      expect(command.first).to match(/wkhtmltopdf/)
+      expect(command).to contain %w[--page-size Letter]
+      expect(command).to contain %w[--toc-l1-font-size 12]
+      expect(command).to contain %w[--replace foo bar]
     end
 
     it "sets up one cookie when hash has only one cookie" do
       pdfkit = PDFKit.new('html', cookie: {cookie_name: :cookie_value})
       command = pdfkit.command
-      expect(command).to include "--cookie cookie_name cookie_value"
+      expect(command).to contain %w[--cookie cookie_name cookie_value]
     end
 
-    it "does not break Windows paths" do
+    it "does not split Windows paths that contain spaces" do
       pdfkit = PDFKit.new('html')
       allow(PDFKit.configuration).to receive(:wkhtmltopdf).and_return 'c:/Program Files/wkhtmltopdf/wkhtmltopdf.exe'
-      expect(pdfkit.command).not_to include('Program\ Files')
+      expect(pdfkit.command).not_to contain(%w[c:/Program Files/wkhtmltopdf/wkhtmltopdf.exe])
     end
 
     it "does not shell escape source URLs" do
@@ -207,15 +207,15 @@ describe PDFKit do
     it "sets up multiple cookies when passed multiple cookies" do
       pdfkit = PDFKit.new('html', :cookie => {:cookie_name1 => :cookie_val1, :cookie_name2 => :cookie_val2})
       command = pdfkit.command
-      expect(command).to include "--cookie cookie_name1 cookie_val1"
-      expect(command).to include "--cookie cookie_name2 cookie_val2"
+      expect(command).to contain %w[--cookie cookie_name1 cookie_val1]
+      expect(command).to contain %w[--cookie cookie_name2 cookie_val2]
     end
 
     it "sets up multiple cookies when passed an array of tuples" do
       pdfkit = PDFKit.new('html', :cookie => [[:cookie_name1, :cookie_val1], [:cookie_name2, :cookie_val2]])
       command = pdfkit.command
-      expect(command).to include "--cookie cookie_name1 cookie_val1"
-      expect(command).to include "--cookie cookie_name2 cookie_val2"
+      expect(command).to contain %w[--cookie cookie_name1 cookie_val1]
+      expect(command).to contain %w[--cookie cookie_name2 cookie_val2]
     end
 
     it "will not include default options it is told to omit" do
@@ -229,48 +229,57 @@ describe PDFKit do
       expect(pdfkit.command).not_to include('--disable-smart-shrinking')
     end
 
-    it "encapsulates string arguments in quotes" do
+    it "must not split string arguments containing spaces" do
       pdfkit = PDFKit.new('html', :header_center => "foo [page]")
-      expect(pdfkit.command).to include "--header-center foo\\ \\[page\\]"
+      expect(pdfkit.command).to contain ['--header-center', 'foo [page]']
     end
 
-    it "sanitizes string arguments" do
+    it "paramatarizes string arguments" do
       pdfkit = PDFKit.new('html', :header_center => "$(ls)")
-      expect(pdfkit.command).to include "--header-center \\$\\(ls\\)"
+      expect(pdfkit.command).to contain %w[--header-center $(ls)]
     end
 
     it "read the source from stdin if it is html" do
       pdfkit = PDFKit.new('html')
-      expect(pdfkit.command).to match(/- -$/)
+      command = pdfkit.command
+      expect(command[-2]).to eq('-')
+      expect(command[-1]).to eq('-')
     end
 
     it "specifies the URL to the source if it is a url" do
       pdfkit = PDFKit.new('http://google.com')
-      expect(pdfkit.command).to match(/"http:\/\/google.com" -$/)
+      command = pdfkit.command
+      expect(command[-2]).to eq("http://google.com")
+      expect(command[-1]).to eq("-")
     end
 
     it "does not break Windows paths" do
       pdfkit = PDFKit.new('html')
       allow(PDFKit.configuration).to receive(:wkhtmltopdf).and_return 'c:/Program Files/wkhtmltopdf/wkhtmltopdf.exe'
-      expect(pdfkit.command).not_to include('Program\ Files')
+      expect(pdfkit.command).not_to contain ['Program', 'Files']
     end
 
     it "specifies the path to the source if it is a file" do
       file_path = File.join(SPEC_ROOT,'fixtures','example.html')
       pdfkit = PDFKit.new(File.new(file_path))
-      expect(pdfkit.command).to match(/#{file_path} -$/)
+      command = pdfkit.command
+      expect(command[-2]).to eq(file_path)
+      expect(command[-1]).to eq('-')
     end
 
     it "specifies the path to the source if it is a tempfile" do
       file_path = File.join(SPEC_ROOT,'fixtures','example.html')
       pdfkit = PDFKit.new(Tempfile.new(file_path))
-      expect(pdfkit.command).to match(/#{Dir.tmpdir}\S+ -$/)
+      command = pdfkit.command
+      expect(command[-2]).to start_with(Dir.tmpdir)
+      expect(command[-1]).to eq('-')
     end
 
     it "specifies the path for the ouput if a path is given" do
       file_path = "/path/to/output.pdf"
       pdfkit = PDFKit.new("html")
-      expect(pdfkit.command(file_path)).to match(/#{file_path}$/)
+      command = pdfkit.command(file_path)
+      expect(command.last).to eq(file_path)
     end
 
     it "detects special pdfkit meta tags" do
@@ -284,8 +293,8 @@ describe PDFKit do
       }
       pdfkit = PDFKit.new(body)
       command = pdfkit.command
-      expect(command).to include "--page-size Legal"
-      expect(command).to include "--orientation Landscape"
+      expect(command).to contain %w[--page-size Legal]
+      expect(command).to contain %w[--orientation Landscape]
     end
 
     it "detects cookies meta tag" do
@@ -299,7 +308,7 @@ describe PDFKit do
       }
       pdfkit = PDFKit.new(body)
       command = pdfkit.command
-      expect(command).to include "--cookie rails_session rails_session_value --cookie cookie_variable cookie_variable_value"
+      expect(command).to contain %w[--cookie rails_session rails_session_value --cookie cookie_variable cookie_variable_value]
     end
 
     it "detects disable_smart_shrinking meta tag" do
@@ -313,7 +322,7 @@ describe PDFKit do
       pdfkit = PDFKit.new(body)
       command = pdfkit.command
       expect(command).to include "--disable-smart-shrinking"
-      expect(command).not_to include "--disable-smart-shrinking true"
+      expect(command).not_to contain %w[--disable-smart-shrinking true]
     end
 
     it "detects names with hyphens instead of underscores" do
@@ -342,8 +351,8 @@ describe PDFKit do
       }
       pdfkit = PDFKit.new(body)
       command = pdfkit.command
-      expect(command).to include "--page-size Legal"
-      expect(command).to include "--orientation Landscape"
+      expect(command).to contain %w[--page-size Legal]
+      expect(command).to contain %w[--orientation Landscape]
     end
 
     it "skips non-pdfkit meta tags" do
@@ -358,8 +367,8 @@ describe PDFKit do
       }
       pdfkit = PDFKit.new(body)
       command = pdfkit.command
-      expect(command).not_to include "--page-size Legal"
-      expect(command).to include "--orientation Landscape"
+      expect(command).not_to contain %w[--page-size Legal]
+      expect(command).to contain %w[--orientation Landscape]
     end
 
     it "does not use quiet when told to" do
@@ -422,14 +431,9 @@ describe PDFKit do
         allow(PDFKit::OS).to receive(:host_is_windows?).and_return(true)
       end
 
-      it "escapes special windows characters" do
-        pdf = PDFKit.new('html', :title => 'hello(world)')
-        expect(pdf.command).to include 'hello^(world^)'
-      end
-
       it "quotes spaces in options" do
         pdf = PDFKit.new('html', :title => 'hello world')
-        expect(pdf.command).to include "--title 'hello world'"
+        expect(pdf.command).to contain ['--title', "hello world"]
       end
     end
   end

data/spec/source_spec.rb

@@ -75,19 +75,14 @@ describe PDFKit::Source do
   end
 
   describe "#to_input_for_command" do
-    it "URI escapes source URLs and encloses them in quotes to accomodate ampersands" do
-      source = PDFKit::Source.new("https://www.google.com/search?q='cat<dev/zero>/dev/null'")
-      expect(source.to_input_for_command).to eq "\"https://www.google.com/search?q='cat%3Cdev/zero%3E/dev/null'\""
-    end
-
-    it "URI escapes source URI only escape part of it" do
-      source = PDFKit::Source.new("https://www.google.com/search?q='%20 sleep 5'")
-      expect(source.to_input_for_command).to eq "\"https://www.google.com/search?q='%2520%20sleep%205'\""
+    it "URI escapes source URI" do
+      source = PDFKit::Source.new("https://www.google.com/search?q=foo bar")
+      expect(source.to_input_for_command).to eq "https://www.google.com/search?q=foo%20bar"
     end
 
     it "does not URI escape previously escaped source URLs" do
-      source = PDFKit::Source.new("https://www.google.com/search?q='cat%3Cdev/zero%3E/dev/null'")
-      expect(source.to_input_for_command).to eq "\"https://www.google.com/search?q='cat%3Cdev/zero%3E/dev/null'\""
+      source = PDFKit::Source.new("https://www.google.com/search?q=foo%20bar")
+      expect(source.to_input_for_command).to eq "https://www.google.com/search?q=foo%20bar"
     end
 
     it "returns a '-' for HTML strings to indicate that we send that content through STDIN" do

data/spec/spec_helper.rb

@@ -21,3 +21,13 @@ require 'custom_wkhtmltopdf_path' if File.exist?(File.join(SPEC_ROOT, 'custom_wk
 RSpec.configure do |config|
   include Rack::Test::Methods
 end
+
+RSpec::Matchers.define :contain do |expected|
+  match do |actual|
+    (0..(actual.length - expected.length)).any? do |base_index|
+      expected.each_with_index.all? do |expected_element,index|
+        actual[base_index+index] == expected_element
+      end
+    end
+  end
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: pdfkit
 version: !ruby/object:Gem::Version
-  version: 0.8.7
+  version: 0.8.7.2
 platform: ruby
 authors:
 - Jared Pace
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-10-02 00:00:00.000000000 Z
+date: 2022-10-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport