publify_core 9.2.0 → 9.2.4
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of publify_core might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CHANGELOG.md +18 -0
- data/app/models/article.rb +0 -4
- data/app/models/comment.rb +0 -4
- data/app/models/content_base.rb +1 -1
- data/app/uploaders/resource_uploader.rb +2 -7
- data/lib/publify_core/version.rb +1 -1
- data/lib/spam_protection.rb +7 -9
- metadata +21 -27
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 1a656e67eabdbc775b90db037ea087c2bc27b179f7d2078ce24eee88d24db874
|
4
|
+
data.tar.gz: b241a29fbb8b5a942acac80e5a774271f31298d0d5add64b77134988902daf3b
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: f201fcc55b9caa48cee99651b6820aeecbf8d5fc655ce475da6d4b42d9e1741222d2611428bf98f5952e8a0df21d47ecba1733dd864eea9851fda3f996d7ec85
|
7
|
+
data.tar.gz: 749dea0ae5d68830f3de9a49ae216465be1d9542656fb9980896e029e74089aa9335559214ce05eb8f8646e17bc609fe2f626e0b599ae081278649b16bc915b3
|
data/CHANGELOG.md
CHANGED
@@ -1,5 +1,23 @@
|
|
1
1
|
# Changelog
|
2
2
|
|
3
|
+
## 9.2.4 / 2021-10-02
|
4
|
+
|
5
|
+
* Explicitly require at least version 1.12.5 of nokogiri to avoid a security issue
|
6
|
+
* Drop support for Ruby 2.4 since it is incompatible with nokogiri 1.12.5
|
7
|
+
|
8
|
+
## 9.2.3 / 2021-05-22
|
9
|
+
|
10
|
+
* Bump Rails dependency to 5.2.6
|
11
|
+
* Replace mimemagic with marcel
|
12
|
+
|
13
|
+
## 9.2.2 / 2021-03-21
|
14
|
+
|
15
|
+
* No changes
|
16
|
+
|
17
|
+
## 9.2.1 / 2021-03-20
|
18
|
+
|
19
|
+
* No changes
|
20
|
+
|
3
21
|
## 9.2.0 / 2021-01-17
|
4
22
|
|
5
23
|
* Upgrade to Rails 5.2 (mvz)
|
data/app/models/article.rb
CHANGED
@@ -225,10 +225,6 @@ class Article < Content
|
|
225
225
|
published_at.to_i > blog.sp_article_auto_close.days.ago.to_i
|
226
226
|
end
|
227
227
|
|
228
|
-
def content_fields
|
229
|
-
[:body, :extended]
|
230
|
-
end
|
231
|
-
|
232
228
|
# The web interface no longer distinguishes between separate "body" and
|
233
229
|
# "extended" fields, and instead edits everything in a single edit field,
|
234
230
|
# separating the extended content using "\<!--more-->".
|
data/app/models/comment.rb
CHANGED
data/app/models/content_base.rb
CHANGED
@@ -1,6 +1,6 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
require "
|
3
|
+
require "marcel"
|
4
4
|
|
5
5
|
class ResourceUploader < CarrierWave::Uploader::Base
|
6
6
|
include CarrierWave::MiniMagick
|
@@ -50,14 +50,9 @@ class ResourceUploader < CarrierWave::Uploader::Base
|
|
50
50
|
content_type = nil
|
51
51
|
|
52
52
|
File.open(new_file.path) do |fd|
|
53
|
-
content_type =
|
53
|
+
content_type = Marcel::MimeType.for(fd)
|
54
54
|
end
|
55
55
|
|
56
56
|
content_type
|
57
57
|
end
|
58
|
-
|
59
|
-
# NOTE: This method was copied from MagicMimeBlacklist from CarrierWave 1.0.0.
|
60
|
-
def filemagic
|
61
|
-
@filemagic ||= FileMagic.new(FileMagic::MAGIC_MIME_TYPE)
|
62
|
-
end
|
63
58
|
end
|
data/lib/publify_core/version.rb
CHANGED
data/lib/spam_protection.rb
CHANGED
@@ -82,16 +82,14 @@ class SpamProtection
|
|
82
82
|
def query_rbls(rbls, *subdomains)
|
83
83
|
rbls.each do |rbl|
|
84
84
|
subdomains.uniq.each do |d|
|
85
|
-
|
86
|
-
|
87
|
-
|
88
|
-
|
89
|
-
"#{rbl} positively resolved subdomain #{d} => #{response}"
|
90
|
-
end
|
91
|
-
rescue SocketError
|
92
|
-
# NXDOMAIN response => negative: d is not in RBL
|
93
|
-
next
|
85
|
+
response = IPSocket.getaddress([d, rbl].join("."))
|
86
|
+
if response.start_with?("127.0.0.")
|
87
|
+
throw :hit,
|
88
|
+
"#{rbl} positively resolved subdomain #{d} => #{response}"
|
94
89
|
end
|
90
|
+
rescue SocketError
|
91
|
+
# NXDOMAIN response => negative: d is not in RBL
|
92
|
+
next
|
95
93
|
end
|
96
94
|
end
|
97
95
|
false
|
metadata
CHANGED
@@ -1,17 +1,17 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: publify_core
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 9.2.
|
4
|
+
version: 9.2.4
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Matijs van Zuijlen
|
8
8
|
- Yannick François
|
9
9
|
- Thomas Lecavellier
|
10
10
|
- Frédéric de Villamil
|
11
|
-
autorequire:
|
11
|
+
autorequire:
|
12
12
|
bindir: bin
|
13
13
|
cert_chain: []
|
14
|
-
date: 2021-
|
14
|
+
date: 2021-10-02 00:00:00.000000000 Z
|
15
15
|
dependencies:
|
16
16
|
- !ruby/object:Gem::Dependency
|
17
17
|
name: aasm
|
@@ -202,39 +202,39 @@ dependencies:
|
|
202
202
|
- !ruby/object:Gem::Version
|
203
203
|
version: 1.2.1
|
204
204
|
- !ruby/object:Gem::Dependency
|
205
|
-
name:
|
205
|
+
name: mini_magick
|
206
206
|
requirement: !ruby/object:Gem::Requirement
|
207
207
|
requirements:
|
208
208
|
- - "~>"
|
209
209
|
- !ruby/object:Gem::Version
|
210
|
-
version:
|
210
|
+
version: '4.9'
|
211
|
+
- - ">="
|
212
|
+
- !ruby/object:Gem::Version
|
213
|
+
version: 4.9.4
|
211
214
|
type: :runtime
|
212
215
|
prerelease: false
|
213
216
|
version_requirements: !ruby/object:Gem::Requirement
|
214
217
|
requirements:
|
215
218
|
- - "~>"
|
216
219
|
- !ruby/object:Gem::Version
|
217
|
-
version:
|
220
|
+
version: '4.9'
|
221
|
+
- - ">="
|
222
|
+
- !ruby/object:Gem::Version
|
223
|
+
version: 4.9.4
|
218
224
|
- !ruby/object:Gem::Dependency
|
219
|
-
name:
|
225
|
+
name: nokogiri
|
220
226
|
requirement: !ruby/object:Gem::Requirement
|
221
227
|
requirements:
|
222
|
-
- - "~>"
|
223
|
-
- !ruby/object:Gem::Version
|
224
|
-
version: '4.9'
|
225
228
|
- - ">="
|
226
229
|
- !ruby/object:Gem::Version
|
227
|
-
version:
|
230
|
+
version: 1.12.5
|
228
231
|
type: :runtime
|
229
232
|
prerelease: false
|
230
233
|
version_requirements: !ruby/object:Gem::Requirement
|
231
234
|
requirements:
|
232
|
-
- - "~>"
|
233
|
-
- !ruby/object:Gem::Version
|
234
|
-
version: '4.9'
|
235
235
|
- - ">="
|
236
236
|
- !ruby/object:Gem::Version
|
237
|
-
version:
|
237
|
+
version: 1.12.5
|
238
238
|
- !ruby/object:Gem::Dependency
|
239
239
|
name: rack
|
240
240
|
requirement: !ruby/object:Gem::Requirement
|
@@ -255,20 +255,14 @@ dependencies:
|
|
255
255
|
requirements:
|
256
256
|
- - "~>"
|
257
257
|
- !ruby/object:Gem::Version
|
258
|
-
version: 5.2.
|
259
|
-
- - ">="
|
260
|
-
- !ruby/object:Gem::Version
|
261
|
-
version: 5.2.4.3
|
258
|
+
version: 5.2.6
|
262
259
|
type: :runtime
|
263
260
|
prerelease: false
|
264
261
|
version_requirements: !ruby/object:Gem::Requirement
|
265
262
|
requirements:
|
266
263
|
- - "~>"
|
267
264
|
- !ruby/object:Gem::Version
|
268
|
-
version: 5.2.
|
269
|
-
- - ">="
|
270
|
-
- !ruby/object:Gem::Version
|
271
|
-
version: 5.2.4.3
|
265
|
+
version: 5.2.6
|
272
266
|
- !ruby/object:Gem::Dependency
|
273
267
|
name: rails_autolink
|
274
268
|
requirement: !ruby/object:Gem::Requirement
|
@@ -1004,7 +998,7 @@ homepage: https://publify.github.io/
|
|
1004
998
|
licenses:
|
1005
999
|
- MIT
|
1006
1000
|
metadata: {}
|
1007
|
-
post_install_message:
|
1001
|
+
post_install_message:
|
1008
1002
|
rdoc_options: []
|
1009
1003
|
require_paths:
|
1010
1004
|
- lib
|
@@ -1012,15 +1006,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
1012
1006
|
requirements:
|
1013
1007
|
- - ">="
|
1014
1008
|
- !ruby/object:Gem::Version
|
1015
|
-
version: 2.
|
1009
|
+
version: 2.5.0
|
1016
1010
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
1017
1011
|
requirements:
|
1018
1012
|
- - ">="
|
1019
1013
|
- !ruby/object:Gem::Version
|
1020
1014
|
version: '0'
|
1021
1015
|
requirements: []
|
1022
|
-
rubygems_version: 3.
|
1023
|
-
signing_key:
|
1016
|
+
rubygems_version: 3.1.6
|
1017
|
+
signing_key:
|
1024
1018
|
specification_version: 4
|
1025
1019
|
summary: Core engine for the Publify blogging system.
|
1026
1020
|
test_files: []
|