publify_core 9.2.2 → 9.2.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of publify_core might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CHANGELOG.md +30 -0
- data/app/controllers/admin/base_controller.rb +6 -0
- data/app/controllers/users/registrations_controller.rb +12 -0
- data/app/helpers/base_helper.rb +6 -1
- data/app/models/content_base.rb +9 -3
- data/app/models/feedback.rb +0 -6
- data/app/uploaders/resource_uploader.rb +6 -7
- data/app/views/admin/resources/index.html.erb +17 -18
- data/app/views/admin/themes/index.html.erb +3 -3
- data/app/views/articles/_article_excerpt.html.erb +1 -1
- data/app/views/articles/_full_article_content.html.erb +2 -2
- data/app/views/articles/view_page.html.erb +1 -1
- data/app/views/comments/_comment.html.erb +1 -1
- data/app/views/notes/_note.html.erb +1 -1
- data/app/views/notes/index.html.erb +1 -1
- data/config/locales/da.yml +3 -0
- data/config/locales/de.yml +3 -0
- data/config/locales/en.yml +3 -0
- data/config/locales/es-MX.yml +3 -0
- data/config/locales/fr.yml +3 -0
- data/config/locales/he.yml +3 -0
- data/config/locales/it.yml +3 -0
- data/config/locales/ja.yml +3 -0
- data/config/locales/lt.yml +3 -0
- data/config/locales/nb-NO.yml +3 -0
- data/config/locales/nl.yml +6 -2
- data/config/locales/pl.yml +3 -0
- data/config/locales/pt-BR.yml +3 -0
- data/config/locales/ro.yml +3 -0
- data/config/locales/ru.yml +4 -1
- data/config/locales/zh-CN.yml +3 -0
- data/config/locales/zh-TW.yml +3 -0
- data/config/routes.rb +3 -2
- data/lib/publify_core/testing_support/fixtures/just_some.html +5 -0
- data/lib/publify_core/version.rb +1 -1
- data/lib/spam_protection.rb +7 -9
- metadata +20 -24
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: da6da95f7716a807eb81fc3c6684945b4afeb75dae12256d6e8e0341dacc8108
|
|
4
|
+
data.tar.gz: 16590e78cb4f249017cad7df86fb72fb6ebfc90eb3c9a55d9fdac017a708c203
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 9ba6b4fb3315f76bb3ffba8f2c423fe4d0a2a57fda992a1bf0ce92df49dad52f78e0d72955a75dfcac58ab2a693ecc46f419dbb1c59678ceb86ed8f0c280140d
|
|
7
|
+
data.tar.gz: 4704c65615d660a2a10f8827970710baeb5438917adeb8d37e7a10a1534626b08b1a45049486398163739c23929d5629d71a41198d28dd46572e5aa3d6260f4d
|
data/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,35 @@
|
|
|
1
1
|
# Changelog
|
|
2
2
|
|
|
3
|
+
## 9.2.6 / 2022-01-07
|
|
4
|
+
|
|
5
|
+
* Add documentation about use of the media library
|
|
6
|
+
|
|
7
|
+
## 9.2.5 / 2021-10-11
|
|
8
|
+
|
|
9
|
+
This release fixes several security issues:
|
|
10
|
+
|
|
11
|
+
* Block ability to switch themes using a GET request; use a POST instead
|
|
12
|
+
* Disallow user self-registration rather than hiding it
|
|
13
|
+
* Let the browser not cache admin pages
|
|
14
|
+
* Limit the set of allowed mime types for uploaded media
|
|
15
|
+
* Limit allowed HTML in articles, pages and notes
|
|
16
|
+
|
|
17
|
+
Additionally, it includes the following changes:
|
|
18
|
+
|
|
19
|
+
* Fix resource size display in admin resource list
|
|
20
|
+
* Trigger download of media in the Media Library in admin instead of displaying
|
|
21
|
+
them directly
|
|
22
|
+
|
|
23
|
+
## 9.2.4 / 2021-10-02
|
|
24
|
+
|
|
25
|
+
* Explicitly require at least version 1.12.5 of nokogiri to avoid a security issue
|
|
26
|
+
* Drop support for Ruby 2.4 since it is incompatible with nokogiri 1.12.5
|
|
27
|
+
|
|
28
|
+
## 9.2.3 / 2021-05-22
|
|
29
|
+
|
|
30
|
+
* Bump Rails dependency to 5.2.6
|
|
31
|
+
* Replace mimemagic with marcel
|
|
32
|
+
|
|
3
33
|
## 9.2.2 / 2021-03-21
|
|
4
34
|
|
|
5
35
|
* No changes
|
|
@@ -10,6 +10,7 @@ class Admin::BaseController < BaseController
|
|
|
10
10
|
layout "administration"
|
|
11
11
|
|
|
12
12
|
before_action :login_required, except: [:login, :signup]
|
|
13
|
+
before_action :no_caching
|
|
13
14
|
|
|
14
15
|
private
|
|
15
16
|
|
|
@@ -24,4 +25,9 @@ class Admin::BaseController < BaseController
|
|
|
24
25
|
name: controller_name.humanize)
|
|
25
26
|
redirect_to action: "index"
|
|
26
27
|
end
|
|
28
|
+
|
|
29
|
+
def no_caching
|
|
30
|
+
response.cache_control[:extras] =
|
|
31
|
+
["no-cache", "max-age=0", "must-revalidate", "no-store"]
|
|
32
|
+
end
|
|
27
33
|
end
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
class Users::RegistrationsController < Devise::RegistrationsController
|
|
4
|
+
include BlogHelper
|
|
5
|
+
before_action :require_signup_allowed
|
|
6
|
+
|
|
7
|
+
private
|
|
8
|
+
|
|
9
|
+
def require_signup_allowed
|
|
10
|
+
render plain: "Not found", status: :not_found unless this_blog.allow_signup?
|
|
11
|
+
end
|
|
12
|
+
end
|
data/app/helpers/base_helper.rb
CHANGED
|
@@ -240,10 +240,15 @@ module BaseHelper
|
|
|
240
240
|
end
|
|
241
241
|
|
|
242
242
|
def nofollowify_links(string)
|
|
243
|
+
raise ArgumentError, "string", "must be html_safe" unless string.html_safe?
|
|
244
|
+
|
|
243
245
|
if this_blog.dofollowify
|
|
244
246
|
string
|
|
245
247
|
else
|
|
246
|
-
|
|
248
|
+
followify_scrubber = Loofah::Scrubber.new do |node|
|
|
249
|
+
node.set_attribute "rel", "nofollow" if node.name == "a"
|
|
250
|
+
end
|
|
251
|
+
sanitize h(string), scrubber: followify_scrubber
|
|
247
252
|
end
|
|
248
253
|
end
|
|
249
254
|
|
data/app/models/content_base.rb
CHANGED
|
@@ -5,6 +5,12 @@ module ContentBase
|
|
|
5
5
|
base.extend ClassMethods
|
|
6
6
|
end
|
|
7
7
|
|
|
8
|
+
class ContentTextHelpers
|
|
9
|
+
include ActionView::Helpers::UrlHelper
|
|
10
|
+
include ActionView::Helpers::TextHelper
|
|
11
|
+
include ActionView::Helpers::SanitizeHelper
|
|
12
|
+
end
|
|
13
|
+
|
|
8
14
|
attr_accessor :just_changed_published_status
|
|
9
15
|
alias just_changed_published_status? just_changed_published_status
|
|
10
16
|
|
|
@@ -39,10 +45,10 @@ module ContentBase
|
|
|
39
45
|
html_postprocess(field, html).to_s
|
|
40
46
|
end
|
|
41
47
|
|
|
42
|
-
# Post-process the HTML
|
|
43
|
-
# to enforce HTML sanity.
|
|
48
|
+
# Post-process the HTML
|
|
44
49
|
def html_postprocess(_field, html)
|
|
45
|
-
|
|
50
|
+
helper = ContentTextHelpers.new
|
|
51
|
+
helper.sanitize html
|
|
46
52
|
end
|
|
47
53
|
|
|
48
54
|
def html_preprocess(_field, html)
|
data/app/models/feedback.rb
CHANGED
|
@@ -11,12 +11,6 @@ class Feedback < ApplicationRecord
|
|
|
11
11
|
include PublifyGuid
|
|
12
12
|
include ContentBase
|
|
13
13
|
|
|
14
|
-
class ContentTextHelpers
|
|
15
|
-
include ActionView::Helpers::UrlHelper
|
|
16
|
-
include ActionView::Helpers::TextHelper
|
|
17
|
-
include ActionView::Helpers::SanitizeHelper
|
|
18
|
-
end
|
|
19
|
-
|
|
20
14
|
validate :feedback_not_closed, on: :create
|
|
21
15
|
validates :article, presence: true
|
|
22
16
|
|
|
@@ -1,11 +1,15 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
|
-
require "
|
|
3
|
+
require "marcel"
|
|
4
4
|
|
|
5
5
|
class ResourceUploader < CarrierWave::Uploader::Base
|
|
6
6
|
include CarrierWave::MiniMagick
|
|
7
7
|
before :cache, :check_image_content_type!
|
|
8
8
|
|
|
9
|
+
def content_type_allowlist
|
|
10
|
+
[%r{image/}, %r{audio/}, %r{video/}, "text/plain"]
|
|
11
|
+
end
|
|
12
|
+
|
|
9
13
|
def store_dir
|
|
10
14
|
"files/#{model.class.to_s.underscore}/#{model.id}"
|
|
11
15
|
end
|
|
@@ -50,14 +54,9 @@ class ResourceUploader < CarrierWave::Uploader::Base
|
|
|
50
54
|
content_type = nil
|
|
51
55
|
|
|
52
56
|
File.open(new_file.path) do |fd|
|
|
53
|
-
content_type =
|
|
57
|
+
content_type = Marcel::MimeType.for(fd)
|
|
54
58
|
end
|
|
55
59
|
|
|
56
60
|
content_type
|
|
57
61
|
end
|
|
58
|
-
|
|
59
|
-
# NOTE: This method was copied from MagicMimeBlacklist from CarrierWave 1.0.0.
|
|
60
|
-
def filemagic
|
|
61
|
-
@filemagic ||= FileMagic.new(FileMagic::MAGIC_MIME_TYPE)
|
|
62
|
-
end
|
|
63
62
|
end
|
|
@@ -2,6 +2,9 @@
|
|
|
2
2
|
<h2>
|
|
3
3
|
<%= t('.media_library') %>
|
|
4
4
|
</h2>
|
|
5
|
+
<p>
|
|
6
|
+
<%= t('.explain_media_library_html') %>
|
|
7
|
+
</p>
|
|
5
8
|
<% end %>
|
|
6
9
|
|
|
7
10
|
<%= form_tag({ action: 'upload' }, { enctype: 'multipart/form-data', class: 'form-inline' }) do %>
|
|
@@ -33,38 +36,34 @@
|
|
|
33
36
|
</tr>
|
|
34
37
|
<% end %>
|
|
35
38
|
|
|
36
|
-
<% for
|
|
39
|
+
<% for resource in @resources %>
|
|
37
40
|
<tr>
|
|
38
41
|
<td>
|
|
39
|
-
<% if
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
42
|
+
<% if resource.mime =~ /image/ %>
|
|
43
|
+
<a href="<%= resource.upload.medium.url %>" data-toggle="lightbox">
|
|
44
|
+
<%= image_tag(resource.upload.thumb.url) %>
|
|
45
|
+
</a>
|
|
43
46
|
<% else %>
|
|
44
|
-
|
|
47
|
+
<%= link_to(resource.upload_url, resource.upload_url, download: resource.upload.identifier) %>
|
|
45
48
|
<% end %>
|
|
46
49
|
<p>
|
|
47
50
|
<small>
|
|
48
|
-
<% if
|
|
49
|
-
<%= link_to(t('.thumbnail'),
|
|
50
|
-
<%= link_to(t('.medium_size'),
|
|
51
|
-
<%= link_to(t('.original_size'),
|
|
51
|
+
<% if resource.mime =~ /image/ %>
|
|
52
|
+
<%= link_to(t('.thumbnail'), resource.upload.thumb.url) %> |
|
|
53
|
+
<%= link_to(t('.medium_size'), resource.upload.medium.url) %> |
|
|
54
|
+
<%= link_to(t('.original_size'), resource.upload.url) %> |
|
|
52
55
|
<% end %>
|
|
53
56
|
<%= link_to(t('.delete'),
|
|
54
|
-
{ action: 'destroy', id:
|
|
57
|
+
{ action: 'destroy', id: resource.id, search: params[:search], page: params[:page] },
|
|
55
58
|
{ confirm: t('.are_you_sure'), method: :delete }) %>
|
|
56
59
|
</small>
|
|
57
60
|
</p>
|
|
58
61
|
</td>
|
|
59
62
|
<td>
|
|
60
|
-
<%=
|
|
63
|
+
<%= resource.mime %>
|
|
61
64
|
</td>
|
|
62
|
-
<td><%=
|
|
63
|
-
|
|
64
|
-
rescue StandardError
|
|
65
|
-
0
|
|
66
|
-
end %> bytes</td>
|
|
67
|
-
<td><%= l(upload.created_at, format: :short) %></td>
|
|
65
|
+
<td><%= resource.upload.size %> bytes</td>
|
|
66
|
+
<td><%= l(resource.created_at, format: :short) %></td>
|
|
68
67
|
</tr>
|
|
69
68
|
<% end %>
|
|
70
69
|
<%= display_pagination(@resources, 6) %>
|
|
@@ -16,10 +16,10 @@
|
|
|
16
16
|
</div>
|
|
17
17
|
<% else %>
|
|
18
18
|
<div>
|
|
19
|
-
<h3><%=
|
|
20
|
-
<%=
|
|
19
|
+
<h3><%= theme.name %></h3>
|
|
20
|
+
<%= image_tag(preview_url, class: 'img-thumbnail') %>
|
|
21
21
|
<%= raw theme.description_html %>
|
|
22
|
-
<p><%=
|
|
22
|
+
<p><%= button_to(t('.use_this_theme'), switch_url, class: 'btn btn-info') %></p>
|
|
23
23
|
</div>
|
|
24
24
|
<% end %>
|
|
25
25
|
</div>
|
|
@@ -5,7 +5,7 @@
|
|
|
5
5
|
<p><%= link_to_permalink article, t('.continue_reading') %></p>
|
|
6
6
|
</div>
|
|
7
7
|
<% else %>
|
|
8
|
-
<%=
|
|
8
|
+
<%= article.html(:body) %>
|
|
9
9
|
<% if article.extended? %>
|
|
10
10
|
<div class="extended">
|
|
11
11
|
<p><%= link_to_permalink article, t('.continue_reading') %></p>
|
|
@@ -6,7 +6,7 @@
|
|
|
6
6
|
<%= t('.said') %> <%= display_date_and_time comment.created_at %>:
|
|
7
7
|
</p>
|
|
8
8
|
<div class="content">
|
|
9
|
-
<%=
|
|
9
|
+
<%= nofollowify_links comment.generate_html(:body) %>
|
|
10
10
|
<% unless comment.published? %>
|
|
11
11
|
<div class="spamwarning">
|
|
12
12
|
<%= t('.this_comment_has_been_flagged_for_moderator_approval') %>
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
<% cache [note, note.user] do %>
|
|
2
2
|
<article class='status'>
|
|
3
3
|
<%= author_picture note %>
|
|
4
|
-
<div class='p-name entry-title e-content entry-content article'><%=
|
|
4
|
+
<div class='p-name entry-title e-content entry-content article'><%= note.html(:body) %></div>
|
|
5
5
|
<footer>
|
|
6
6
|
<small>
|
|
7
7
|
<%= link_to_permalink(note, display_date_and_time(note.published_at)) %> |
|
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
<% for note in @notes %>
|
|
3
3
|
<div class='h-entry hentry h-as-note'>
|
|
4
4
|
<article>
|
|
5
|
-
<p class='p-name entry-title e-content entry-content article'><%=
|
|
5
|
+
<p class='p-name entry-title e-content entry-content article'><%= note.html(:body) %></p>
|
|
6
6
|
<footer>
|
|
7
7
|
<small><%= link_to_permalink(note, display_date_and_time(note.published_at)) %></small>
|
|
8
8
|
</footer>
|
data/config/locales/da.yml
CHANGED
|
@@ -334,6 +334,9 @@ da:
|
|
|
334
334
|
content_type: Indholdstype (Content Type)
|
|
335
335
|
date: Dato
|
|
336
336
|
delete: Slet
|
|
337
|
+
explain_media_library_html: Upload images, video and audio here for use in
|
|
338
|
+
your blog posts and pages. Please note that <strong>all uploaded files will
|
|
339
|
+
be publicly accessible even if they're not used in blog posts or pages</strong>.
|
|
337
340
|
file_size: Filstørrelse
|
|
338
341
|
filename: Filnavn
|
|
339
342
|
media_library: Media Library
|
data/config/locales/de.yml
CHANGED
|
@@ -334,6 +334,9 @@ de:
|
|
|
334
334
|
content_type: Content Type
|
|
335
335
|
date: Date
|
|
336
336
|
delete: Löschen
|
|
337
|
+
explain_media_library_html: Upload images, video and audio here for use in
|
|
338
|
+
your blog posts and pages. Please note that <strong>all uploaded files will
|
|
339
|
+
be publicly accessible even if they're not used in blog posts or pages</strong>.
|
|
337
340
|
file_size: Dateigröße
|
|
338
341
|
filename: Dateiname
|
|
339
342
|
media_library: Media Library
|
data/config/locales/en.yml
CHANGED
|
@@ -334,6 +334,9 @@ en:
|
|
|
334
334
|
content_type: Content Type
|
|
335
335
|
date: Date
|
|
336
336
|
delete: Delete
|
|
337
|
+
explain_media_library_html: Upload images, video and audio here for use in
|
|
338
|
+
your blog posts and pages. Please note that <strong>all uploaded files will
|
|
339
|
+
be publicly accessible even if they're not used in blog posts or pages</strong>.
|
|
337
340
|
file_size: File Size
|
|
338
341
|
filename: Filename
|
|
339
342
|
media_library: Media Library
|
data/config/locales/es-MX.yml
CHANGED
|
@@ -334,6 +334,9 @@ es-MX:
|
|
|
334
334
|
content_type: Content Type
|
|
335
335
|
date: Date
|
|
336
336
|
delete: Eliminar
|
|
337
|
+
explain_media_library_html: Upload images, video and audio here for use in
|
|
338
|
+
your blog posts and pages. Please note that <strong>all uploaded files will
|
|
339
|
+
be publicly accessible even if they're not used in blog posts or pages</strong>.
|
|
337
340
|
file_size: Tamaño del Archivo
|
|
338
341
|
filename: Nombre del archivo
|
|
339
342
|
media_library: Media Library
|
data/config/locales/fr.yml
CHANGED
|
@@ -338,6 +338,9 @@ fr:
|
|
|
338
338
|
content_type: Type de contenu
|
|
339
339
|
date: Date
|
|
340
340
|
delete: Supprimer
|
|
341
|
+
explain_media_library_html: Upload images, video and audio here for use in
|
|
342
|
+
your blog posts and pages. Please note that <strong>all uploaded files will
|
|
343
|
+
be publicly accessible even if they're not used in blog posts or pages</strong>.
|
|
341
344
|
file_size: Taille du fichier
|
|
342
345
|
filename: Fichier
|
|
343
346
|
media_library: Bibliothèque de médias
|
data/config/locales/he.yml
CHANGED
|
@@ -333,6 +333,9 @@ he:
|
|
|
333
333
|
content_type: סוג התוכן
|
|
334
334
|
date: תאריך
|
|
335
335
|
delete: מחק
|
|
336
|
+
explain_media_library_html: Upload images, video and audio here for use in
|
|
337
|
+
your blog posts and pages. Please note that <strong>all uploaded files will
|
|
338
|
+
be publicly accessible even if they're not used in blog posts or pages</strong>.
|
|
336
339
|
file_size: גודל הקובץ
|
|
337
340
|
filename: שם הקובץ
|
|
338
341
|
media_library: Media Library
|
data/config/locales/it.yml
CHANGED
|
@@ -334,6 +334,9 @@ it:
|
|
|
334
334
|
content_type: Tipo di contenuto
|
|
335
335
|
date: Date
|
|
336
336
|
delete: Elimina
|
|
337
|
+
explain_media_library_html: Upload images, video and audio here for use in
|
|
338
|
+
your blog posts and pages. Please note that <strong>all uploaded files will
|
|
339
|
+
be publicly accessible even if they're not used in blog posts or pages</strong>.
|
|
337
340
|
file_size: Dimensione
|
|
338
341
|
filename: Nome del file
|
|
339
342
|
media_library: Media Library
|
data/config/locales/ja.yml
CHANGED
|
@@ -333,6 +333,9 @@ ja:
|
|
|
333
333
|
content_type: コンテンツタイプ
|
|
334
334
|
date: 日付
|
|
335
335
|
delete: 削除
|
|
336
|
+
explain_media_library_html: Upload images, video and audio here for use in
|
|
337
|
+
your blog posts and pages. Please note that <strong>all uploaded files will
|
|
338
|
+
be publicly accessible even if they're not used in blog posts or pages</strong>.
|
|
336
339
|
file_size: ファイルサイズ
|
|
337
340
|
filename: ファイル名
|
|
338
341
|
media_library: Media Library
|
data/config/locales/lt.yml
CHANGED
|
@@ -346,6 +346,9 @@ lt:
|
|
|
346
346
|
content_type: Content Type
|
|
347
347
|
date: Date
|
|
348
348
|
delete: Trinti
|
|
349
|
+
explain_media_library_html: Upload images, video and audio here for use in
|
|
350
|
+
your blog posts and pages. Please note that <strong>all uploaded files will
|
|
351
|
+
be publicly accessible even if they're not used in blog posts or pages</strong>.
|
|
349
352
|
file_size: Dateigröße
|
|
350
353
|
filename: Dateiname
|
|
351
354
|
media_library: Media Library
|
data/config/locales/nb-NO.yml
CHANGED
|
@@ -333,6 +333,9 @@ nb-NO:
|
|
|
333
333
|
content_type: Innholdstype (MIME Content Type)
|
|
334
334
|
date: Dato
|
|
335
335
|
delete: Slett
|
|
336
|
+
explain_media_library_html: Upload images, video and audio here for use in
|
|
337
|
+
your blog posts and pages. Please note that <strong>all uploaded files will
|
|
338
|
+
be publicly accessible even if they're not used in blog posts or pages</strong>.
|
|
336
339
|
file_size: Filstørrelse
|
|
337
340
|
filename: Filnavn
|
|
338
341
|
media_library: Media-bibliotek
|
data/config/locales/nl.yml
CHANGED
|
@@ -334,9 +334,13 @@ nl:
|
|
|
334
334
|
content_type: Content Type
|
|
335
335
|
date: Datum
|
|
336
336
|
delete: Verwijderen
|
|
337
|
+
explain_media_library_html: Upload hier plaatjes, video en audio om te gebruiken
|
|
338
|
+
in blog posts en pagina's. Let op dat <strong>alle geüploade bestanden openbaar
|
|
339
|
+
toegankelijk zijn, zelfs als ze niet gebruikt worden in een blog post of
|
|
340
|
+
pagina.</strong>.
|
|
337
341
|
file_size: Bestandsgrootte
|
|
338
342
|
filename: Bestandsnaam
|
|
339
|
-
media_library:
|
|
343
|
+
media_library: Mediabibliotheek
|
|
340
344
|
medium_size: Medium size
|
|
341
345
|
no_resources: Er zijn nog geen media. Waarom begin je er niet een te maken?
|
|
342
346
|
original_size: Original size
|
|
@@ -556,7 +560,7 @@ nl:
|
|
|
556
560
|
logged_in_as: Logged in as %{login}
|
|
557
561
|
logout_html: Log out »
|
|
558
562
|
manage_users: Manage Users
|
|
559
|
-
media_library:
|
|
563
|
+
media_library: Mediabibliotheek
|
|
560
564
|
new: Nieuw
|
|
561
565
|
new_article: Nieuw artikel
|
|
562
566
|
new_media: New Media
|
data/config/locales/pl.yml
CHANGED
|
@@ -358,6 +358,9 @@ pl:
|
|
|
358
358
|
content_type: Typ treści
|
|
359
359
|
date: Data
|
|
360
360
|
delete: Usuń
|
|
361
|
+
explain_media_library_html: Upload images, video and audio here for use in
|
|
362
|
+
your blog posts and pages. Please note that <strong>all uploaded files will
|
|
363
|
+
be publicly accessible even if they're not used in blog posts or pages</strong>.
|
|
361
364
|
file_size: Rozmiar pliku
|
|
362
365
|
filename: Nazwa pliku
|
|
363
366
|
media_library: Biblioteka multimediów
|
data/config/locales/pt-BR.yml
CHANGED
|
@@ -335,6 +335,9 @@ pt-BR:
|
|
|
335
335
|
content_type: Tipo de conteúdo
|
|
336
336
|
date: Data
|
|
337
337
|
delete: Remover
|
|
338
|
+
explain_media_library_html: Upload images, video and audio here for use in
|
|
339
|
+
your blog posts and pages. Please note that <strong>all uploaded files will
|
|
340
|
+
be publicly accessible even if they're not used in blog posts or pages</strong>.
|
|
338
341
|
file_size: Tamanho do arquivo
|
|
339
342
|
filename: Nome do arquivo
|
|
340
343
|
media_library: Biblioteca
|
data/config/locales/ro.yml
CHANGED
|
@@ -346,6 +346,9 @@ ro:
|
|
|
346
346
|
content_type: Tip de conținut (content type)
|
|
347
347
|
date: Date
|
|
348
348
|
delete: Delete
|
|
349
|
+
explain_media_library_html: Upload images, video and audio here for use in
|
|
350
|
+
your blog posts and pages. Please note that <strong>all uploaded files will
|
|
351
|
+
be publicly accessible even if they're not used in blog posts or pages</strong>.
|
|
349
352
|
file_size: Dimensiunea fișierului
|
|
350
353
|
filename: Nume de fișier
|
|
351
354
|
media_library: Media Library
|
data/config/locales/ru.yml
CHANGED
|
@@ -358,6 +358,9 @@ ru:
|
|
|
358
358
|
content_type: Content Type
|
|
359
359
|
date: Дата
|
|
360
360
|
delete: Удалить
|
|
361
|
+
explain_media_library_html: Upload images, video and audio here for use in
|
|
362
|
+
your blog posts and pages. Please note that <strong>all uploaded files will
|
|
363
|
+
be publicly accessible even if they're not used in blog posts or pages</strong>.
|
|
361
364
|
file_size: Размер Файла
|
|
362
365
|
filename: Имя Файла
|
|
363
366
|
media_library: Медиатека
|
|
@@ -579,7 +582,7 @@ ru:
|
|
|
579
582
|
logged_in_as: Вы вошли как %{login}
|
|
580
583
|
logout_html: Выйти »
|
|
581
584
|
manage_users: Управление пользователями
|
|
582
|
-
media_library:
|
|
585
|
+
media_library: Медиатека
|
|
583
586
|
new: Добавить...
|
|
584
587
|
new_article: Новый пост
|
|
585
588
|
new_media: Новый файл
|
data/config/locales/zh-CN.yml
CHANGED
|
@@ -330,6 +330,9 @@ zh-CN:
|
|
|
330
330
|
content_type: 內容類型
|
|
331
331
|
date: 日期
|
|
332
332
|
delete: 删除
|
|
333
|
+
explain_media_library_html: Upload images, video and audio here for use in
|
|
334
|
+
your blog posts and pages. Please note that <strong>all uploaded files will
|
|
335
|
+
be publicly accessible even if they're not used in blog posts or pages</strong>.
|
|
333
336
|
file_size: 檔案大小
|
|
334
337
|
filename: 檔案名稱
|
|
335
338
|
media_library: Media Library
|
data/config/locales/zh-TW.yml
CHANGED
|
@@ -331,6 +331,9 @@ zh-TW:
|
|
|
331
331
|
content_type: 內容類型
|
|
332
332
|
date: Date
|
|
333
333
|
delete: 刪除
|
|
334
|
+
explain_media_library_html: Upload images, video and audio here for use in
|
|
335
|
+
your blog posts and pages. Please note that <strong>all uploaded files will
|
|
336
|
+
be publicly accessible even if they're not used in blog posts or pages</strong>.
|
|
334
337
|
file_size: 檔案大小
|
|
335
338
|
filename: 檔案名稱
|
|
336
339
|
media_library: Media Library
|
data/config/routes.rb
CHANGED
|
@@ -1,7 +1,8 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
3
|
Rails.application.routes.draw do
|
|
4
|
-
devise_for :users
|
|
4
|
+
devise_for :users, controllers: { registrations: "users/registrations" }
|
|
5
|
+
|
|
5
6
|
# TODO: use only in archive sidebar. See how made other system
|
|
6
7
|
get ":year/:month", to: "articles#index", year: /\d{4}/, month: /\d{1,2}/,
|
|
7
8
|
as: "articles_by_month", format: false
|
|
@@ -144,7 +145,7 @@ Rails.application.routes.draw do
|
|
|
144
145
|
resources :themes, only: [:index], format: false do
|
|
145
146
|
collection do
|
|
146
147
|
get "preview"
|
|
147
|
-
|
|
148
|
+
post "switchto"
|
|
148
149
|
end
|
|
149
150
|
end
|
|
150
151
|
|
data/lib/publify_core/version.rb
CHANGED
data/lib/spam_protection.rb
CHANGED
|
@@ -82,16 +82,14 @@ class SpamProtection
|
|
|
82
82
|
def query_rbls(rbls, *subdomains)
|
|
83
83
|
rbls.each do |rbl|
|
|
84
84
|
subdomains.uniq.each do |d|
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
"#{rbl} positively resolved subdomain #{d} => #{response}"
|
|
90
|
-
end
|
|
91
|
-
rescue SocketError
|
|
92
|
-
# NXDOMAIN response => negative: d is not in RBL
|
|
93
|
-
next
|
|
85
|
+
response = IPSocket.getaddress([d, rbl].join("."))
|
|
86
|
+
if response.start_with?("127.0.0.")
|
|
87
|
+
throw :hit,
|
|
88
|
+
"#{rbl} positively resolved subdomain #{d} => #{response}"
|
|
94
89
|
end
|
|
90
|
+
rescue SocketError
|
|
91
|
+
# NXDOMAIN response => negative: d is not in RBL
|
|
92
|
+
next
|
|
95
93
|
end
|
|
96
94
|
end
|
|
97
95
|
false
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: publify_core
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 9.2.
|
|
4
|
+
version: 9.2.6
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Matijs van Zuijlen
|
|
@@ -11,7 +11,7 @@ authors:
|
|
|
11
11
|
autorequire:
|
|
12
12
|
bindir: bin
|
|
13
13
|
cert_chain: []
|
|
14
|
-
date:
|
|
14
|
+
date: 2022-01-07 00:00:00.000000000 Z
|
|
15
15
|
dependencies:
|
|
16
16
|
- !ruby/object:Gem::Dependency
|
|
17
17
|
name: aasm
|
|
@@ -202,39 +202,39 @@ dependencies:
|
|
|
202
202
|
- !ruby/object:Gem::Version
|
|
203
203
|
version: 1.2.1
|
|
204
204
|
- !ruby/object:Gem::Dependency
|
|
205
|
-
name:
|
|
205
|
+
name: mini_magick
|
|
206
206
|
requirement: !ruby/object:Gem::Requirement
|
|
207
207
|
requirements:
|
|
208
208
|
- - "~>"
|
|
209
209
|
- !ruby/object:Gem::Version
|
|
210
|
-
version:
|
|
210
|
+
version: '4.9'
|
|
211
|
+
- - ">="
|
|
212
|
+
- !ruby/object:Gem::Version
|
|
213
|
+
version: 4.9.4
|
|
211
214
|
type: :runtime
|
|
212
215
|
prerelease: false
|
|
213
216
|
version_requirements: !ruby/object:Gem::Requirement
|
|
214
217
|
requirements:
|
|
215
218
|
- - "~>"
|
|
216
219
|
- !ruby/object:Gem::Version
|
|
217
|
-
version:
|
|
220
|
+
version: '4.9'
|
|
221
|
+
- - ">="
|
|
222
|
+
- !ruby/object:Gem::Version
|
|
223
|
+
version: 4.9.4
|
|
218
224
|
- !ruby/object:Gem::Dependency
|
|
219
|
-
name:
|
|
225
|
+
name: nokogiri
|
|
220
226
|
requirement: !ruby/object:Gem::Requirement
|
|
221
227
|
requirements:
|
|
222
|
-
- - "~>"
|
|
223
|
-
- !ruby/object:Gem::Version
|
|
224
|
-
version: '4.9'
|
|
225
228
|
- - ">="
|
|
226
229
|
- !ruby/object:Gem::Version
|
|
227
|
-
version:
|
|
230
|
+
version: 1.12.5
|
|
228
231
|
type: :runtime
|
|
229
232
|
prerelease: false
|
|
230
233
|
version_requirements: !ruby/object:Gem::Requirement
|
|
231
234
|
requirements:
|
|
232
|
-
- - "~>"
|
|
233
|
-
- !ruby/object:Gem::Version
|
|
234
|
-
version: '4.9'
|
|
235
235
|
- - ">="
|
|
236
236
|
- !ruby/object:Gem::Version
|
|
237
|
-
version:
|
|
237
|
+
version: 1.12.5
|
|
238
238
|
- !ruby/object:Gem::Dependency
|
|
239
239
|
name: rack
|
|
240
240
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -255,20 +255,14 @@ dependencies:
|
|
|
255
255
|
requirements:
|
|
256
256
|
- - "~>"
|
|
257
257
|
- !ruby/object:Gem::Version
|
|
258
|
-
version: 5.2.
|
|
259
|
-
- - ">="
|
|
260
|
-
- !ruby/object:Gem::Version
|
|
261
|
-
version: 5.2.4.3
|
|
258
|
+
version: 5.2.6
|
|
262
259
|
type: :runtime
|
|
263
260
|
prerelease: false
|
|
264
261
|
version_requirements: !ruby/object:Gem::Requirement
|
|
265
262
|
requirements:
|
|
266
263
|
- - "~>"
|
|
267
264
|
- !ruby/object:Gem::Version
|
|
268
|
-
version: 5.2.
|
|
269
|
-
- - ">="
|
|
270
|
-
- !ruby/object:Gem::Version
|
|
271
|
-
version: 5.2.4.3
|
|
265
|
+
version: 5.2.6
|
|
272
266
|
- !ruby/object:Gem::Dependency
|
|
273
267
|
name: rails_autolink
|
|
274
268
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -700,6 +694,7 @@ files:
|
|
|
700
694
|
- app/controllers/text_controller.rb
|
|
701
695
|
- app/controllers/textfilter_controller.rb
|
|
702
696
|
- app/controllers/theme_controller.rb
|
|
697
|
+
- app/controllers/users/registrations_controller.rb
|
|
703
698
|
- app/controllers/xml_controller.rb
|
|
704
699
|
- app/helpers/admin/base_helper.rb
|
|
705
700
|
- app/helpers/admin/feedback_helper.rb
|
|
@@ -974,6 +969,7 @@ files:
|
|
|
974
969
|
- lib/publify_core/testing_support/feed_assertions.rb
|
|
975
970
|
- lib/publify_core/testing_support/fixtures/exploit.svg
|
|
976
971
|
- lib/publify_core/testing_support/fixtures/fakepng.png
|
|
972
|
+
- lib/publify_core/testing_support/fixtures/just_some.html
|
|
977
973
|
- lib/publify_core/testing_support/fixtures/otherfile.txt
|
|
978
974
|
- lib/publify_core/testing_support/fixtures/testfile.png
|
|
979
975
|
- lib/publify_core/testing_support/fixtures/testfile.txt
|
|
@@ -1012,14 +1008,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
1012
1008
|
requirements:
|
|
1013
1009
|
- - ">="
|
|
1014
1010
|
- !ruby/object:Gem::Version
|
|
1015
|
-
version: 2.
|
|
1011
|
+
version: 2.5.0
|
|
1016
1012
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
1017
1013
|
requirements:
|
|
1018
1014
|
- - ">="
|
|
1019
1015
|
- !ruby/object:Gem::Version
|
|
1020
1016
|
version: '0'
|
|
1021
1017
|
requirements: []
|
|
1022
|
-
rubygems_version: 3.
|
|
1018
|
+
rubygems_version: 3.1.6
|
|
1023
1019
|
signing_key:
|
|
1024
1020
|
specification_version: 4
|
|
1025
1021
|
summary: Core engine for the Publify blogging system.
|