publify_core 9.2.2 → 9.2.6

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c465b9f4aaebc33c4fb9013a7675c042ca1b5530ce8ed9d4af6752b2d2a255f9
-  data.tar.gz: 0d287bc8ca255ae3edb386c56840b9f637966dccca49746107601d5a9d2e30d6
+  metadata.gz: da6da95f7716a807eb81fc3c6684945b4afeb75dae12256d6e8e0341dacc8108
+  data.tar.gz: 16590e78cb4f249017cad7df86fb72fb6ebfc90eb3c9a55d9fdac017a708c203
 SHA512:
-  metadata.gz: 83ff43281107a53da8187321e70d54752cd7a046e4f5ff79fa7018999de3a30de873a312e44e9ea95101459a88ffff738fdc4c729cc27900173293d8d63a3c7f
-  data.tar.gz: 6d3a518995ebc38c82450458b35950d5a5e02047606892aa84083ca4b01120313c3fc31db64fab9192f12aa68f34ff6de542f520bd47d2fdc51f4fcab8c61c85
+  metadata.gz: 9ba6b4fb3315f76bb3ffba8f2c423fe4d0a2a57fda992a1bf0ce92df49dad52f78e0d72955a75dfcac58ab2a693ecc46f419dbb1c59678ceb86ed8f0c280140d
+  data.tar.gz: 4704c65615d660a2a10f8827970710baeb5438917adeb8d37e7a10a1534626b08b1a45049486398163739c23929d5629d71a41198d28dd46572e5aa3d6260f4d

data/CHANGELOG.md

@@ -1,5 +1,35 @@
 # Changelog
 
+## 9.2.6 / 2022-01-07
+
+* Add documentation about use of the media library
+
+## 9.2.5 / 2021-10-11
+
+This release fixes several security issues:
+
+* Block ability to switch themes using a GET request; use a POST instead
+* Disallow user self-registration rather than hiding it
+* Let the browser not cache admin pages
+* Limit the set of allowed mime types for uploaded media
+* Limit allowed HTML in articles, pages and notes
+
+Additionally, it includes the following changes:
+
+* Fix resource size display in admin resource list
+* Trigger download of media in the Media Library in admin instead of displaying
+  them directly
+
+## 9.2.4 / 2021-10-02
+
+* Explicitly require at least version 1.12.5 of nokogiri to avoid a security issue
+* Drop support for Ruby 2.4 since it is incompatible with nokogiri 1.12.5
+
+## 9.2.3 / 2021-05-22
+
+* Bump Rails dependency to 5.2.6
+* Replace mimemagic with marcel
+
 ## 9.2.2 / 2021-03-21
 
 * No changes

data/app/controllers/admin/base_controller.rb

@@ -10,6 +10,7 @@ class Admin::BaseController < BaseController
   layout "administration"
 
   before_action :login_required, except: [:login, :signup]
+  before_action :no_caching
 
   private
 
@@ -24,4 +25,9 @@ class Admin::BaseController < BaseController
                             name: controller_name.humanize)
     redirect_to action: "index"
   end
+
+  def no_caching
+    response.cache_control[:extras] =
+      ["no-cache", "max-age=0", "must-revalidate", "no-store"]
+  end
 end

data/app/controllers/users/registrations_controller.rb

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+class Users::RegistrationsController < Devise::RegistrationsController
+  include BlogHelper
+  before_action :require_signup_allowed
+
+  private
+
+  def require_signup_allowed
+    render plain: "Not found", status: :not_found unless this_blog.allow_signup?
+  end
+end

data/app/helpers/base_helper.rb

@@ -240,10 +240,15 @@ module BaseHelper
   end
 
   def nofollowify_links(string)
+    raise ArgumentError, "string", "must be html_safe" unless string.html_safe?
+
     if this_blog.dofollowify
       string
     else
-      string.gsub(/<a(.*?)>/i, '<a\1 rel="nofollow">')
+      followify_scrubber = Loofah::Scrubber.new do |node|
+        node.set_attribute "rel", "nofollow" if node.name == "a"
+      end
+      sanitize h(string), scrubber: followify_scrubber
     end
   end
 

data/app/models/content_base.rb

@@ -5,6 +5,12 @@ module ContentBase
     base.extend ClassMethods
   end
 
+  class ContentTextHelpers
+    include ActionView::Helpers::UrlHelper
+    include ActionView::Helpers::TextHelper
+    include ActionView::Helpers::SanitizeHelper
+  end
+
   attr_accessor :just_changed_published_status
   alias just_changed_published_status? just_changed_published_status
 
@@ -39,10 +45,10 @@ module ContentBase
     html_postprocess(field, html).to_s
   end
 
-  # Post-process the HTML.  This is a noop by default, but Comment overrides it
-  # to enforce HTML sanity.
+  # Post-process the HTML
   def html_postprocess(_field, html)
-    html
+    helper = ContentTextHelpers.new
+    helper.sanitize html
   end
 
   def html_preprocess(_field, html)

data/app/models/feedback.rb

@@ -11,12 +11,6 @@ class Feedback < ApplicationRecord
   include PublifyGuid
   include ContentBase
 
-  class ContentTextHelpers
-    include ActionView::Helpers::UrlHelper
-    include ActionView::Helpers::TextHelper
-    include ActionView::Helpers::SanitizeHelper
-  end
-
   validate :feedback_not_closed, on: :create
   validates :article, presence: true
 

data/app/uploaders/resource_uploader.rb

@@ -1,11 +1,15 @@
 # frozen_string_literal: true
 
-require "mimemagic"
+require "marcel"
 
 class ResourceUploader < CarrierWave::Uploader::Base
   include CarrierWave::MiniMagick
   before :cache, :check_image_content_type!
 
+  def content_type_allowlist
+    [%r{image/}, %r{audio/}, %r{video/}, "text/plain"]
+  end
+
   def store_dir
     "files/#{model.class.to_s.underscore}/#{model.id}"
   end
@@ -50,14 +54,9 @@ class ResourceUploader < CarrierWave::Uploader::Base
     content_type = nil
 
     File.open(new_file.path) do |fd|
-      content_type = MimeMagic.by_magic(fd).try(:type)
+      content_type = Marcel::MimeType.for(fd)
     end
 
     content_type
   end
-
-  # NOTE: This method was copied from MagicMimeBlacklist from CarrierWave 1.0.0.
-  def filemagic
-    @filemagic ||= FileMagic.new(FileMagic::MAGIC_MIME_TYPE)
-  end
 end

data/app/views/admin/resources/index.html.erb

@@ -2,6 +2,9 @@
   <h2>
     <%= t('.media_library') %>
   </h2>
+  <p>
+    <%= t('.explain_media_library_html') %>
+  </p>
 <% end %>
 
 <%= form_tag({ action: 'upload' }, { enctype: 'multipart/form-data', class: 'form-inline' }) do %>
@@ -33,38 +36,34 @@
     </tr>
   <% end %>
 
-  <% for upload in @resources %>
+  <% for resource in @resources %>
   <tr>
     <td>
-      <% if upload.mime =~ /image/ %>
-      <a href="<%= upload.upload.medium.url %>" data-toggle="lightbox">
-        <%= image_tag(upload.upload.thumb.url) %>
-      </a>
+      <% if resource.mime =~ /image/ %>
+        <a href="<%= resource.upload.medium.url %>" data-toggle="lightbox">
+          <%= image_tag(resource.upload.thumb.url) %>
+        </a>
       <% else %>
-      <%= link_to(upload.upload_url, upload.upload_url) %>
+        <%= link_to(resource.upload_url, resource.upload_url, download: resource.upload.identifier) %>
       <% end %>
       <p>
         <small>
-          <% if upload.mime =~ /image/ %>
-            <%= link_to(t('.thumbnail'), upload.upload.thumb.url) %> |
-            <%= link_to(t('.medium_size'), upload.upload.medium.url) %> |
-            <%= link_to(t('.original_size'), upload.upload.url) %> |
+          <% if resource.mime =~ /image/ %>
+            <%= link_to(t('.thumbnail'), resource.upload.thumb.url) %> |
+            <%= link_to(t('.medium_size'), resource.upload.medium.url) %> |
+            <%= link_to(t('.original_size'), resource.upload.url) %> |
           <% end %>
           <%= link_to(t('.delete'),
-                      { action: 'destroy', id: upload.id, search: params[:search], page: params[:page] },
+                      { action: 'destroy', id: resource.id, search: params[:search], page: params[:page] },
                       { confirm: t('.are_you_sure'), method: :delete }) %>
         </small>
       </p>
     </td>
     <td>
-      <%= upload.mime %>
+      <%= resource.mime %>
     </td>
-    <td><%= begin
-              h upload.size
-            rescue StandardError
-              0
-            end %> bytes</td>
-    <td><%= l(upload.created_at, format: :short) %></td>
+    <td><%= resource.upload.size %> bytes</td>
+    <td><%= l(resource.created_at, format: :short) %></td>
   </tr>
   <% end %>
   <%= display_pagination(@resources, 6) %>

data/app/views/admin/themes/index.html.erb

@@ -16,10 +16,10 @@
       </div>
     <% else %>
       <div>
-        <h3><%= link_to(theme.name, switch_url, title: t('.use_this_theme')) %></h3>
-        <%= link_to(image_tag(preview_url, class: 'img-thumbnail'), switch_url, title: t('.use_this_theme')) %>
+        <h3><%= theme.name %></h3>
+        <%= image_tag(preview_url, class: 'img-thumbnail') %>
         <%= raw theme.description_html %>
-        <p><%= link_to(t('.use_this_theme'), switch_url, class: 'btn btn-info') %></p>
+        <p><%= button_to(t('.use_this_theme'), switch_url, class: 'btn btn-info') %></p>
       </div>
     <% end %>
   </div>

data/app/views/articles/_article_excerpt.html.erb

@@ -5,7 +5,7 @@
       <p><%= link_to_permalink article, t('.continue_reading') %></p>
     </div>
   <% else %>
-    <%= raw article.html(:body) %>
+    <%= article.html(:body) %>
     <% if article.extended? %>
       <div class="extended">
         <p><%= link_to_permalink article, t('.continue_reading') %></p>

data/app/views/articles/_full_article_content.html.erb

@@ -1,4 +1,4 @@
 <% cache article do %>
-  <%= raw article.html(:body) %>
-  <%= raw article.html(:extended) %>
+  <%= article.html(:body) %>
+  <%= article.html(:extended) %>
 <% end %>

data/app/views/articles/view_page.html.erb

@@ -1,3 +1,3 @@
 <div id="viewpage">
-  <%= raw html @page %>
+  <%= html @page %>
 </div>

data/app/views/comments/_comment.html.erb

@@ -6,7 +6,7 @@
     <%= t('.said') %> <%= display_date_and_time comment.created_at %>:
     </p>
     <div class="content">
-      <%= raw nofollowify_links comment.generate_html(:body) %>
+      <%= nofollowify_links comment.generate_html(:body) %>
       <% unless comment.published? %>
         <div class="spamwarning">
           <%= t('.this_comment_has_been_flagged_for_moderator_approval') %>

data/app/views/notes/_note.html.erb

@@ -1,7 +1,7 @@
 <% cache [note, note.user] do %>
   <article class='status'>
     <%= author_picture note %>
-    <div class='p-name entry-title e-content entry-content article'><%= raw note.html(:body) %></div>
+    <div class='p-name entry-title e-content entry-content article'><%= note.html(:body) %></div>
     <footer>
       <small>
         <%= link_to_permalink(note, display_date_and_time(note.published_at)) %> |

data/app/views/notes/index.html.erb

@@ -2,7 +2,7 @@
   <% for note in @notes %>
   <div class='h-entry hentry h-as-note'>
     <article>
-      <p class='p-name entry-title e-content entry-content article'><%= raw note.html(:body) %></p>
+      <p class='p-name entry-title e-content entry-content article'><%= note.html(:body) %></p>
       <footer>
         <small><%= link_to_permalink(note, display_date_and_time(note.published_at)) %></small>
       </footer>

data/config/locales/da.yml

@@ -334,6 +334,9 @@ da:
         content_type: Indholdstype (Content Type)
         date: Dato
         delete: Slet
+        explain_media_library_html: Upload images, video and audio here for use in
+          your blog posts and pages. Please note that <strong>all uploaded files will
+          be publicly accessible even if they're not used in blog posts or pages</strong>.
         file_size: Filstørrelse
         filename: Filnavn
         media_library: Media Library

data/config/locales/de.yml

@@ -334,6 +334,9 @@ de:
         content_type: Content Type
         date: Date
         delete: Löschen
+        explain_media_library_html: Upload images, video and audio here for use in
+          your blog posts and pages. Please note that <strong>all uploaded files will
+          be publicly accessible even if they're not used in blog posts or pages</strong>.
         file_size: Dateigröße
         filename: Dateiname
         media_library: Media Library

data/config/locales/en.yml

@@ -334,6 +334,9 @@ en:
         content_type: Content Type
         date: Date
         delete: Delete
+        explain_media_library_html: Upload images, video and audio here for use in
+          your blog posts and pages. Please note that <strong>all uploaded files will
+          be publicly accessible even if they're not used in blog posts or pages</strong>.
         file_size: File Size
         filename: Filename
         media_library: Media Library

data/config/locales/es-MX.yml

@@ -334,6 +334,9 @@ es-MX:
         content_type: Content Type
         date: Date
         delete: Eliminar
+        explain_media_library_html: Upload images, video and audio here for use in
+          your blog posts and pages. Please note that <strong>all uploaded files will
+          be publicly accessible even if they're not used in blog posts or pages</strong>.
         file_size: Tama&ntilde;o del Archivo
         filename: Nombre del archivo
         media_library: Media Library

data/config/locales/fr.yml

@@ -338,6 +338,9 @@ fr:
         content_type: Type de contenu
         date: Date
         delete: Supprimer
+        explain_media_library_html: Upload images, video and audio here for use in
+          your blog posts and pages. Please note that <strong>all uploaded files will
+          be publicly accessible even if they're not used in blog posts or pages</strong>.
         file_size: Taille du fichier
         filename: Fichier
         media_library: Bibliothèque de médias

data/config/locales/he.yml

@@ -333,6 +333,9 @@ he:
         content_type: סוג התוכן
         date: תאריך
         delete: מחק
+        explain_media_library_html: Upload images, video and audio here for use in
+          your blog posts and pages. Please note that <strong>all uploaded files will
+          be publicly accessible even if they're not used in blog posts or pages</strong>.
         file_size: גודל הקובץ
         filename: שם הקובץ
         media_library: Media Library

data/config/locales/it.yml

@@ -334,6 +334,9 @@ it:
         content_type: Tipo di contenuto
         date: Date
         delete: Elimina
+        explain_media_library_html: Upload images, video and audio here for use in
+          your blog posts and pages. Please note that <strong>all uploaded files will
+          be publicly accessible even if they're not used in blog posts or pages</strong>.
         file_size: Dimensione
         filename: Nome del file
         media_library: Media Library

data/config/locales/ja.yml

@@ -333,6 +333,9 @@ ja:
         content_type: コンテンツタイプ
         date: 日付
         delete: 削除
+        explain_media_library_html: Upload images, video and audio here for use in
+          your blog posts and pages. Please note that <strong>all uploaded files will
+          be publicly accessible even if they're not used in blog posts or pages</strong>.
         file_size: ファイルサイズ
         filename: ファイル名
         media_library: Media Library

data/config/locales/lt.yml

@@ -346,6 +346,9 @@ lt:
         content_type: Content Type
         date: Date
         delete: Trinti
+        explain_media_library_html: Upload images, video and audio here for use in
+          your blog posts and pages. Please note that <strong>all uploaded files will
+          be publicly accessible even if they're not used in blog posts or pages</strong>.
         file_size: Dateigröße
         filename: Dateiname
         media_library: Media Library

data/config/locales/nb-NO.yml

@@ -333,6 +333,9 @@ nb-NO:
         content_type: Innholdstype (MIME Content Type)
         date: Dato
         delete: Slett
+        explain_media_library_html: Upload images, video and audio here for use in
+          your blog posts and pages. Please note that <strong>all uploaded files will
+          be publicly accessible even if they're not used in blog posts or pages</strong>.
         file_size: Filstørrelse
         filename: Filnavn
         media_library: Media-bibliotek

data/config/locales/nl.yml

@@ -334,9 +334,13 @@ nl:
         content_type: Content Type
         date: Datum
         delete: Verwijderen
+        explain_media_library_html: Upload hier plaatjes, video en audio om te gebruiken
+          in blog posts en pagina's. Let op dat <strong>alle geüploade bestanden openbaar
+          toegankelijk zijn, zelfs als ze niet gebruikt worden in een blog post of
+          pagina.</strong>.
         file_size: Bestandsgrootte
         filename: Bestandsnaam
-        media_library: Media Library
+        media_library: Mediabibliotheek
         medium_size: Medium size
         no_resources: Er zijn nog geen media. Waarom begin je er niet een te maken?
         original_size: Original size
@@ -556,7 +560,7 @@ nl:
         logged_in_as: Logged in as %{login}
         logout_html: Log out &raquo;
         manage_users: Manage Users
-        media_library: Media Library
+        media_library: Mediabibliotheek
         new: Nieuw
         new_article: Nieuw artikel
         new_media: New Media

data/config/locales/pl.yml

@@ -358,6 +358,9 @@ pl:
         content_type: Typ treści
         date: Data
         delete: Usuń
+        explain_media_library_html: Upload images, video and audio here for use in
+          your blog posts and pages. Please note that <strong>all uploaded files will
+          be publicly accessible even if they're not used in blog posts or pages</strong>.
         file_size: Rozmiar pliku
         filename: Nazwa pliku
         media_library: Biblioteka multimediów

data/config/locales/pt-BR.yml

@@ -335,6 +335,9 @@ pt-BR:
         content_type: Tipo de conteúdo
         date: Data
         delete: Remover
+        explain_media_library_html: Upload images, video and audio here for use in
+          your blog posts and pages. Please note that <strong>all uploaded files will
+          be publicly accessible even if they're not used in blog posts or pages</strong>.
         file_size: Tamanho do arquivo
         filename: Nome do arquivo
         media_library: Biblioteca

data/config/locales/ro.yml

@@ -346,6 +346,9 @@ ro:
         content_type: Tip de conținut (content type)
         date: Date
         delete: Delete
+        explain_media_library_html: Upload images, video and audio here for use in
+          your blog posts and pages. Please note that <strong>all uploaded files will
+          be publicly accessible even if they're not used in blog posts or pages</strong>.
         file_size: Dimensiunea fișierului
         filename: Nume de fișier
         media_library: Media Library

data/config/locales/ru.yml

@@ -358,6 +358,9 @@ ru:
         content_type: Content Type
         date: Дата
         delete: Удалить
+        explain_media_library_html: Upload images, video and audio here for use in
+          your blog posts and pages. Please note that <strong>all uploaded files will
+          be publicly accessible even if they're not used in blog posts or pages</strong>.
         file_size: Размер Файла
         filename: Имя Файла
         media_library: Медиатека
@@ -579,7 +582,7 @@ ru:
         logged_in_as: Вы вошли как %{login}
         logout_html: Выйти »
         manage_users: Управление пользователями
-        media_library: Файлы
+        media_library: Медиатека
         new: Добавить...
         new_article: Новый пост
         new_media: Новый файл

data/config/locales/zh-CN.yml

@@ -330,6 +330,9 @@ zh-CN:
         content_type: 內容類型
         date: 日期
         delete: 删除
+        explain_media_library_html: Upload images, video and audio here for use in
+          your blog posts and pages. Please note that <strong>all uploaded files will
+          be publicly accessible even if they're not used in blog posts or pages</strong>.
         file_size: 檔案大小
         filename: 檔案名稱
         media_library: Media Library

data/config/locales/zh-TW.yml

@@ -331,6 +331,9 @@ zh-TW:
         content_type: 內容類型
         date: Date
         delete: 刪除
+        explain_media_library_html: Upload images, video and audio here for use in
+          your blog posts and pages. Please note that <strong>all uploaded files will
+          be publicly accessible even if they're not used in blog posts or pages</strong>.
         file_size: 檔案大小
         filename: 檔案名稱
         media_library: Media Library

data/config/routes.rb

@@ -1,7 +1,8 @@
 # frozen_string_literal: true
 
 Rails.application.routes.draw do
-  devise_for :users
+  devise_for :users, controllers: { registrations: "users/registrations" }
+
   # TODO: use only in archive sidebar. See how made other system
   get ":year/:month", to: "articles#index", year: /\d{4}/, month: /\d{1,2}/,
                       as: "articles_by_month", format: false
@@ -144,7 +145,7 @@ Rails.application.routes.draw do
     resources :themes, only: [:index], format: false do
       collection do
         get "preview"
-        get "switchto"
+        post "switchto"
       end
     end
 

data/lib/publify_core/testing_support/fixtures/just_some.html

@@ -0,0 +1,5 @@
+<html>
+  <body>
+    <p>Hello!</p>
+  </body>
+</html>

data/lib/publify_core/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module PublifyCore
-  VERSION = "9.2.2"
+  VERSION = "9.2.6"
 end

data/lib/spam_protection.rb

@@ -82,16 +82,14 @@ class SpamProtection
   def query_rbls(rbls, *subdomains)
     rbls.each do |rbl|
       subdomains.uniq.each do |d|
-        begin
-          response = IPSocket.getaddress([d, rbl].join("."))
-          if response.start_with?("127.0.0.")
-            throw :hit,
-                  "#{rbl} positively resolved subdomain #{d} => #{response}"
-          end
-        rescue SocketError
-          # NXDOMAIN response => negative:  d is not in RBL
-          next
+        response = IPSocket.getaddress([d, rbl].join("."))
+        if response.start_with?("127.0.0.")
+          throw :hit,
+                "#{rbl} positively resolved subdomain #{d} => #{response}"
         end
+      rescue SocketError
+        # NXDOMAIN response => negative:  d is not in RBL
+        next
       end
     end
     false

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: publify_core
 version: !ruby/object:Gem::Version
-  version: 9.2.2
+  version: 9.2.6
 platform: ruby
 authors:
 - Matijs van Zuijlen
@@ -11,7 +11,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-03-21 00:00:00.000000000 Z
+date: 2022-01-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aasm
@@ -202,39 +202,39 @@ dependencies:
       - !ruby/object:Gem::Version
         version: 1.2.1
 - !ruby/object:Gem::Dependency
-  name: mimemagic
+  name: mini_magick
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.3.2
+        version: '4.9'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 4.9.4
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.3.2
+        version: '4.9'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 4.9.4
 - !ruby/object:Gem::Dependency
-  name: mini_magick
+  name: nokogiri
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '4.9'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 4.9.4
+        version: 1.12.5
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '4.9'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 4.9.4
+        version: 1.12.5
 - !ruby/object:Gem::Dependency
   name: rack
   requirement: !ruby/object:Gem::Requirement
@@ -255,20 +255,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 5.2.4
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 5.2.4.3
+        version: 5.2.6
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 5.2.4
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 5.2.4.3
+        version: 5.2.6
 - !ruby/object:Gem::Dependency
   name: rails_autolink
   requirement: !ruby/object:Gem::Requirement
@@ -700,6 +694,7 @@ files:
 - app/controllers/text_controller.rb
 - app/controllers/textfilter_controller.rb
 - app/controllers/theme_controller.rb
+- app/controllers/users/registrations_controller.rb
 - app/controllers/xml_controller.rb
 - app/helpers/admin/base_helper.rb
 - app/helpers/admin/feedback_helper.rb
@@ -974,6 +969,7 @@ files:
 - lib/publify_core/testing_support/feed_assertions.rb
 - lib/publify_core/testing_support/fixtures/exploit.svg
 - lib/publify_core/testing_support/fixtures/fakepng.png
+- lib/publify_core/testing_support/fixtures/just_some.html
 - lib/publify_core/testing_support/fixtures/otherfile.txt
 - lib/publify_core/testing_support/fixtures/testfile.png
 - lib/publify_core/testing_support/fixtures/testfile.txt
@@ -1012,14 +1008,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 2.4.0
+      version: 2.5.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.3
+rubygems_version: 3.1.6
 signing_key: 
 specification_version: 4
 summary: Core engine for the Publify blogging system.