playbook_ui 16.12.0.pre.rc.0 → 16.12.0.pre.rc.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/app/pb_kits/playbook/pb_dropdown/_dropdown.scss +1 -1
- data/app/pb_kits/playbook/pb_icon/icon.rb +91 -6
- data/app/pb_kits/playbook/pb_table/docs/_playground.json +3 -0
- data/app/pb_kits/playbook/pb_table/docs/_playground.overrides.json +3 -0
- data/dist/playbook.css +1 -1
- data/lib/playbook/changelog_generator.rb +28 -13
- data/lib/playbook/connect_message_generator.rb +2 -1
- data/lib/playbook/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: b0cbc758e63f9d4d5dbf201736dbd86f6c922ff025a8209c163264ce8a186f54
|
|
4
|
+
data.tar.gz: 87b94773628bf6591d5b7eb136ffa26441a8519b160afca6e4e6ea326a819b4b
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: c91ae82e2bc2c6631192f52806cf76db101b0002a321012201b216ff928df6bf28a34692a85cfeb540191fc4d194807af8a653012e0bab25de93470dbd9e1891
|
|
7
|
+
data.tar.gz: c69a780ec1d5d6f71cfb7b6f1a33199874bb777929b850390040410e911e4c98b99ae50f60bac02488a3ec8e39b4eda25337703a884d0059aedc1f7f8aa518d6
|
|
@@ -3,6 +3,7 @@
|
|
|
3
3
|
require "open-uri"
|
|
4
4
|
require "json"
|
|
5
5
|
require "digest"
|
|
6
|
+
require "pathname"
|
|
6
7
|
|
|
7
8
|
module Playbook
|
|
8
9
|
module PbIcon
|
|
@@ -113,12 +114,9 @@ module Playbook
|
|
|
113
114
|
end
|
|
114
115
|
|
|
115
116
|
def render_svg
|
|
116
|
-
|
|
117
|
-
|
|
118
|
-
|
|
119
|
-
else
|
|
120
|
-
URI.open(source, &:read) # rubocop:disable Security/Open
|
|
121
|
-
end
|
|
117
|
+
content = svg_content
|
|
118
|
+
return "" if content.blank?
|
|
119
|
+
|
|
122
120
|
doc = Nokogiri::XML(content)
|
|
123
121
|
svg = doc.at_css("svg")
|
|
124
122
|
return "" unless svg
|
|
@@ -294,6 +292,93 @@ module Playbook
|
|
|
294
292
|
|
|
295
293
|
private
|
|
296
294
|
|
|
295
|
+
def svg_content
|
|
296
|
+
return File.read(asset_path) if asset_path.present?
|
|
297
|
+
|
|
298
|
+
read_svg_content(icon || custom_icon)
|
|
299
|
+
end
|
|
300
|
+
|
|
301
|
+
def read_svg_content(source)
|
|
302
|
+
source = source.to_s
|
|
303
|
+
return "" if source.blank?
|
|
304
|
+
|
|
305
|
+
remote = remote_svg_uri(source)
|
|
306
|
+
return read_remote_svg(remote) if remote
|
|
307
|
+
|
|
308
|
+
path = allowed_svg_path(source)
|
|
309
|
+
return "" unless path
|
|
310
|
+
|
|
311
|
+
path.read
|
|
312
|
+
end
|
|
313
|
+
|
|
314
|
+
def remote_svg_uri(source)
|
|
315
|
+
uri = URI.parse(source)
|
|
316
|
+
uri if uri.is_a?(URI::HTTP)
|
|
317
|
+
rescue URI::InvalidURIError
|
|
318
|
+
nil
|
|
319
|
+
end
|
|
320
|
+
|
|
321
|
+
def read_remote_svg(uri)
|
|
322
|
+
uri.open("User-Agent" => "Playbook-Icon-Kit/1.0 (https://github.com/powerhome/playbook)", redirect: false, &:read)
|
|
323
|
+
rescue OpenURI::HTTPError, StandardError
|
|
324
|
+
""
|
|
325
|
+
end
|
|
326
|
+
|
|
327
|
+
def allowed_svg_path(source)
|
|
328
|
+
candidate = Pathname.new(source)
|
|
329
|
+
candidate = Rails.root.join(candidate) unless candidate.absolute?
|
|
330
|
+
resolved = candidate.expand_path
|
|
331
|
+
return nil unless svg_file?(resolved)
|
|
332
|
+
return nil unless path_within_allowed_root?(resolved)
|
|
333
|
+
|
|
334
|
+
resolved
|
|
335
|
+
end
|
|
336
|
+
|
|
337
|
+
# Only ever read real .svg files. This keeps non-svg files that happen to
|
|
338
|
+
# live inside an allowed root (config/master.key, credentials, .env, ...)
|
|
339
|
+
# structurally out of the read path rather than relying on the is_svg?
|
|
340
|
+
# gate to exclude them.
|
|
341
|
+
def svg_file?(path)
|
|
342
|
+
path.file? && path.extname.casecmp(".svg").zero?
|
|
343
|
+
end
|
|
344
|
+
|
|
345
|
+
def path_within_allowed_root?(path)
|
|
346
|
+
real = path.realpath
|
|
347
|
+
allowed_svg_roots.any? do |root|
|
|
348
|
+
real == root || real.to_s.start_with?("#{root}#{File::SEPARATOR}")
|
|
349
|
+
end
|
|
350
|
+
rescue
|
|
351
|
+
false
|
|
352
|
+
end
|
|
353
|
+
|
|
354
|
+
# An SVG may live in the host application or in any mounted engine
|
|
355
|
+
# (Playbook itself, or a host app's component engines), so every loaded
|
|
356
|
+
# engine root is allowed in addition to Rails.root.
|
|
357
|
+
def allowed_svg_roots
|
|
358
|
+
@allowed_svg_roots ||= svg_root_candidates.filter_map { |candidate| real_path(candidate) }.uniq
|
|
359
|
+
end
|
|
360
|
+
|
|
361
|
+
def svg_root_candidates
|
|
362
|
+
Rails::Engine.descendants
|
|
363
|
+
.map { |engine| engine_root(engine) }
|
|
364
|
+
.push(Playbook::Engine.root, Rails.root)
|
|
365
|
+
.compact
|
|
366
|
+
end
|
|
367
|
+
|
|
368
|
+
def engine_root(engine)
|
|
369
|
+
engine.root
|
|
370
|
+
rescue
|
|
371
|
+
nil
|
|
372
|
+
end
|
|
373
|
+
|
|
374
|
+
def real_path(path)
|
|
375
|
+
return nil unless path
|
|
376
|
+
|
|
377
|
+
Pathname.new(path).realpath
|
|
378
|
+
rescue
|
|
379
|
+
nil
|
|
380
|
+
end
|
|
381
|
+
|
|
297
382
|
def resolve_alias(icon)
|
|
298
383
|
return icon unless icon_alias_map
|
|
299
384
|
return icon if icon.nil?
|