publify_core 9.2.2 → 9.2.6
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of publify_core might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CHANGELOG.md +30 -0
- data/app/controllers/admin/base_controller.rb +6 -0
- data/app/controllers/users/registrations_controller.rb +12 -0
- data/app/helpers/base_helper.rb +6 -1
- data/app/models/content_base.rb +9 -3
- data/app/models/feedback.rb +0 -6
- data/app/uploaders/resource_uploader.rb +6 -7
- data/app/views/admin/resources/index.html.erb +17 -18
- data/app/views/admin/themes/index.html.erb +3 -3
- data/app/views/articles/_article_excerpt.html.erb +1 -1
- data/app/views/articles/_full_article_content.html.erb +2 -2
- data/app/views/articles/view_page.html.erb +1 -1
- data/app/views/comments/_comment.html.erb +1 -1
- data/app/views/notes/_note.html.erb +1 -1
- data/app/views/notes/index.html.erb +1 -1
- data/config/locales/da.yml +3 -0
- data/config/locales/de.yml +3 -0
- data/config/locales/en.yml +3 -0
- data/config/locales/es-MX.yml +3 -0
- data/config/locales/fr.yml +3 -0
- data/config/locales/he.yml +3 -0
- data/config/locales/it.yml +3 -0
- data/config/locales/ja.yml +3 -0
- data/config/locales/lt.yml +3 -0
- data/config/locales/nb-NO.yml +3 -0
- data/config/locales/nl.yml +6 -2
- data/config/locales/pl.yml +3 -0
- data/config/locales/pt-BR.yml +3 -0
- data/config/locales/ro.yml +3 -0
- data/config/locales/ru.yml +4 -1
- data/config/locales/zh-CN.yml +3 -0
- data/config/locales/zh-TW.yml +3 -0
- data/config/routes.rb +3 -2
- data/lib/publify_core/testing_support/fixtures/just_some.html +5 -0
- data/lib/publify_core/version.rb +1 -1
- data/lib/spam_protection.rb +7 -9
- metadata +20 -24
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: da6da95f7716a807eb81fc3c6684945b4afeb75dae12256d6e8e0341dacc8108
|
4
|
+
data.tar.gz: 16590e78cb4f249017cad7df86fb72fb6ebfc90eb3c9a55d9fdac017a708c203
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 9ba6b4fb3315f76bb3ffba8f2c423fe4d0a2a57fda992a1bf0ce92df49dad52f78e0d72955a75dfcac58ab2a693ecc46f419dbb1c59678ceb86ed8f0c280140d
|
7
|
+
data.tar.gz: 4704c65615d660a2a10f8827970710baeb5438917adeb8d37e7a10a1534626b08b1a45049486398163739c23929d5629d71a41198d28dd46572e5aa3d6260f4d
|
data/CHANGELOG.md
CHANGED
@@ -1,5 +1,35 @@
|
|
1
1
|
# Changelog
|
2
2
|
|
3
|
+
## 9.2.6 / 2022-01-07
|
4
|
+
|
5
|
+
* Add documentation about use of the media library
|
6
|
+
|
7
|
+
## 9.2.5 / 2021-10-11
|
8
|
+
|
9
|
+
This release fixes several security issues:
|
10
|
+
|
11
|
+
* Block ability to switch themes using a GET request; use a POST instead
|
12
|
+
* Disallow user self-registration rather than hiding it
|
13
|
+
* Let the browser not cache admin pages
|
14
|
+
* Limit the set of allowed mime types for uploaded media
|
15
|
+
* Limit allowed HTML in articles, pages and notes
|
16
|
+
|
17
|
+
Additionally, it includes the following changes:
|
18
|
+
|
19
|
+
* Fix resource size display in admin resource list
|
20
|
+
* Trigger download of media in the Media Library in admin instead of displaying
|
21
|
+
them directly
|
22
|
+
|
23
|
+
## 9.2.4 / 2021-10-02
|
24
|
+
|
25
|
+
* Explicitly require at least version 1.12.5 of nokogiri to avoid a security issue
|
26
|
+
* Drop support for Ruby 2.4 since it is incompatible with nokogiri 1.12.5
|
27
|
+
|
28
|
+
## 9.2.3 / 2021-05-22
|
29
|
+
|
30
|
+
* Bump Rails dependency to 5.2.6
|
31
|
+
* Replace mimemagic with marcel
|
32
|
+
|
3
33
|
## 9.2.2 / 2021-03-21
|
4
34
|
|
5
35
|
* No changes
|
@@ -10,6 +10,7 @@ class Admin::BaseController < BaseController
|
|
10
10
|
layout "administration"
|
11
11
|
|
12
12
|
before_action :login_required, except: [:login, :signup]
|
13
|
+
before_action :no_caching
|
13
14
|
|
14
15
|
private
|
15
16
|
|
@@ -24,4 +25,9 @@ class Admin::BaseController < BaseController
|
|
24
25
|
name: controller_name.humanize)
|
25
26
|
redirect_to action: "index"
|
26
27
|
end
|
28
|
+
|
29
|
+
def no_caching
|
30
|
+
response.cache_control[:extras] =
|
31
|
+
["no-cache", "max-age=0", "must-revalidate", "no-store"]
|
32
|
+
end
|
27
33
|
end
|
@@ -0,0 +1,12 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
class Users::RegistrationsController < Devise::RegistrationsController
|
4
|
+
include BlogHelper
|
5
|
+
before_action :require_signup_allowed
|
6
|
+
|
7
|
+
private
|
8
|
+
|
9
|
+
def require_signup_allowed
|
10
|
+
render plain: "Not found", status: :not_found unless this_blog.allow_signup?
|
11
|
+
end
|
12
|
+
end
|
data/app/helpers/base_helper.rb
CHANGED
@@ -240,10 +240,15 @@ module BaseHelper
|
|
240
240
|
end
|
241
241
|
|
242
242
|
def nofollowify_links(string)
|
243
|
+
raise ArgumentError, "string", "must be html_safe" unless string.html_safe?
|
244
|
+
|
243
245
|
if this_blog.dofollowify
|
244
246
|
string
|
245
247
|
else
|
246
|
-
|
248
|
+
followify_scrubber = Loofah::Scrubber.new do |node|
|
249
|
+
node.set_attribute "rel", "nofollow" if node.name == "a"
|
250
|
+
end
|
251
|
+
sanitize h(string), scrubber: followify_scrubber
|
247
252
|
end
|
248
253
|
end
|
249
254
|
|
data/app/models/content_base.rb
CHANGED
@@ -5,6 +5,12 @@ module ContentBase
|
|
5
5
|
base.extend ClassMethods
|
6
6
|
end
|
7
7
|
|
8
|
+
class ContentTextHelpers
|
9
|
+
include ActionView::Helpers::UrlHelper
|
10
|
+
include ActionView::Helpers::TextHelper
|
11
|
+
include ActionView::Helpers::SanitizeHelper
|
12
|
+
end
|
13
|
+
|
8
14
|
attr_accessor :just_changed_published_status
|
9
15
|
alias just_changed_published_status? just_changed_published_status
|
10
16
|
|
@@ -39,10 +45,10 @@ module ContentBase
|
|
39
45
|
html_postprocess(field, html).to_s
|
40
46
|
end
|
41
47
|
|
42
|
-
# Post-process the HTML
|
43
|
-
# to enforce HTML sanity.
|
48
|
+
# Post-process the HTML
|
44
49
|
def html_postprocess(_field, html)
|
45
|
-
|
50
|
+
helper = ContentTextHelpers.new
|
51
|
+
helper.sanitize html
|
46
52
|
end
|
47
53
|
|
48
54
|
def html_preprocess(_field, html)
|
data/app/models/feedback.rb
CHANGED
@@ -11,12 +11,6 @@ class Feedback < ApplicationRecord
|
|
11
11
|
include PublifyGuid
|
12
12
|
include ContentBase
|
13
13
|
|
14
|
-
class ContentTextHelpers
|
15
|
-
include ActionView::Helpers::UrlHelper
|
16
|
-
include ActionView::Helpers::TextHelper
|
17
|
-
include ActionView::Helpers::SanitizeHelper
|
18
|
-
end
|
19
|
-
|
20
14
|
validate :feedback_not_closed, on: :create
|
21
15
|
validates :article, presence: true
|
22
16
|
|
@@ -1,11 +1,15 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
require "
|
3
|
+
require "marcel"
|
4
4
|
|
5
5
|
class ResourceUploader < CarrierWave::Uploader::Base
|
6
6
|
include CarrierWave::MiniMagick
|
7
7
|
before :cache, :check_image_content_type!
|
8
8
|
|
9
|
+
def content_type_allowlist
|
10
|
+
[%r{image/}, %r{audio/}, %r{video/}, "text/plain"]
|
11
|
+
end
|
12
|
+
|
9
13
|
def store_dir
|
10
14
|
"files/#{model.class.to_s.underscore}/#{model.id}"
|
11
15
|
end
|
@@ -50,14 +54,9 @@ class ResourceUploader < CarrierWave::Uploader::Base
|
|
50
54
|
content_type = nil
|
51
55
|
|
52
56
|
File.open(new_file.path) do |fd|
|
53
|
-
content_type =
|
57
|
+
content_type = Marcel::MimeType.for(fd)
|
54
58
|
end
|
55
59
|
|
56
60
|
content_type
|
57
61
|
end
|
58
|
-
|
59
|
-
# NOTE: This method was copied from MagicMimeBlacklist from CarrierWave 1.0.0.
|
60
|
-
def filemagic
|
61
|
-
@filemagic ||= FileMagic.new(FileMagic::MAGIC_MIME_TYPE)
|
62
|
-
end
|
63
62
|
end
|
@@ -2,6 +2,9 @@
|
|
2
2
|
<h2>
|
3
3
|
<%= t('.media_library') %>
|
4
4
|
</h2>
|
5
|
+
<p>
|
6
|
+
<%= t('.explain_media_library_html') %>
|
7
|
+
</p>
|
5
8
|
<% end %>
|
6
9
|
|
7
10
|
<%= form_tag({ action: 'upload' }, { enctype: 'multipart/form-data', class: 'form-inline' }) do %>
|
@@ -33,38 +36,34 @@
|
|
33
36
|
</tr>
|
34
37
|
<% end %>
|
35
38
|
|
36
|
-
<% for
|
39
|
+
<% for resource in @resources %>
|
37
40
|
<tr>
|
38
41
|
<td>
|
39
|
-
<% if
|
40
|
-
|
41
|
-
|
42
|
-
|
42
|
+
<% if resource.mime =~ /image/ %>
|
43
|
+
<a href="<%= resource.upload.medium.url %>" data-toggle="lightbox">
|
44
|
+
<%= image_tag(resource.upload.thumb.url) %>
|
45
|
+
</a>
|
43
46
|
<% else %>
|
44
|
-
|
47
|
+
<%= link_to(resource.upload_url, resource.upload_url, download: resource.upload.identifier) %>
|
45
48
|
<% end %>
|
46
49
|
<p>
|
47
50
|
<small>
|
48
|
-
<% if
|
49
|
-
<%= link_to(t('.thumbnail'),
|
50
|
-
<%= link_to(t('.medium_size'),
|
51
|
-
<%= link_to(t('.original_size'),
|
51
|
+
<% if resource.mime =~ /image/ %>
|
52
|
+
<%= link_to(t('.thumbnail'), resource.upload.thumb.url) %> |
|
53
|
+
<%= link_to(t('.medium_size'), resource.upload.medium.url) %> |
|
54
|
+
<%= link_to(t('.original_size'), resource.upload.url) %> |
|
52
55
|
<% end %>
|
53
56
|
<%= link_to(t('.delete'),
|
54
|
-
{ action: 'destroy', id:
|
57
|
+
{ action: 'destroy', id: resource.id, search: params[:search], page: params[:page] },
|
55
58
|
{ confirm: t('.are_you_sure'), method: :delete }) %>
|
56
59
|
</small>
|
57
60
|
</p>
|
58
61
|
</td>
|
59
62
|
<td>
|
60
|
-
<%=
|
63
|
+
<%= resource.mime %>
|
61
64
|
</td>
|
62
|
-
<td><%=
|
63
|
-
|
64
|
-
rescue StandardError
|
65
|
-
0
|
66
|
-
end %> bytes</td>
|
67
|
-
<td><%= l(upload.created_at, format: :short) %></td>
|
65
|
+
<td><%= resource.upload.size %> bytes</td>
|
66
|
+
<td><%= l(resource.created_at, format: :short) %></td>
|
68
67
|
</tr>
|
69
68
|
<% end %>
|
70
69
|
<%= display_pagination(@resources, 6) %>
|
@@ -16,10 +16,10 @@
|
|
16
16
|
</div>
|
17
17
|
<% else %>
|
18
18
|
<div>
|
19
|
-
<h3><%=
|
20
|
-
<%=
|
19
|
+
<h3><%= theme.name %></h3>
|
20
|
+
<%= image_tag(preview_url, class: 'img-thumbnail') %>
|
21
21
|
<%= raw theme.description_html %>
|
22
|
-
<p><%=
|
22
|
+
<p><%= button_to(t('.use_this_theme'), switch_url, class: 'btn btn-info') %></p>
|
23
23
|
</div>
|
24
24
|
<% end %>
|
25
25
|
</div>
|
@@ -5,7 +5,7 @@
|
|
5
5
|
<p><%= link_to_permalink article, t('.continue_reading') %></p>
|
6
6
|
</div>
|
7
7
|
<% else %>
|
8
|
-
<%=
|
8
|
+
<%= article.html(:body) %>
|
9
9
|
<% if article.extended? %>
|
10
10
|
<div class="extended">
|
11
11
|
<p><%= link_to_permalink article, t('.continue_reading') %></p>
|
@@ -6,7 +6,7 @@
|
|
6
6
|
<%= t('.said') %> <%= display_date_and_time comment.created_at %>:
|
7
7
|
</p>
|
8
8
|
<div class="content">
|
9
|
-
<%=
|
9
|
+
<%= nofollowify_links comment.generate_html(:body) %>
|
10
10
|
<% unless comment.published? %>
|
11
11
|
<div class="spamwarning">
|
12
12
|
<%= t('.this_comment_has_been_flagged_for_moderator_approval') %>
|
@@ -1,7 +1,7 @@
|
|
1
1
|
<% cache [note, note.user] do %>
|
2
2
|
<article class='status'>
|
3
3
|
<%= author_picture note %>
|
4
|
-
<div class='p-name entry-title e-content entry-content article'><%=
|
4
|
+
<div class='p-name entry-title e-content entry-content article'><%= note.html(:body) %></div>
|
5
5
|
<footer>
|
6
6
|
<small>
|
7
7
|
<%= link_to_permalink(note, display_date_and_time(note.published_at)) %> |
|
@@ -2,7 +2,7 @@
|
|
2
2
|
<% for note in @notes %>
|
3
3
|
<div class='h-entry hentry h-as-note'>
|
4
4
|
<article>
|
5
|
-
<p class='p-name entry-title e-content entry-content article'><%=
|
5
|
+
<p class='p-name entry-title e-content entry-content article'><%= note.html(:body) %></p>
|
6
6
|
<footer>
|
7
7
|
<small><%= link_to_permalink(note, display_date_and_time(note.published_at)) %></small>
|
8
8
|
</footer>
|
data/config/locales/da.yml
CHANGED
@@ -334,6 +334,9 @@ da:
|
|
334
334
|
content_type: Indholdstype (Content Type)
|
335
335
|
date: Dato
|
336
336
|
delete: Slet
|
337
|
+
explain_media_library_html: Upload images, video and audio here for use in
|
338
|
+
your blog posts and pages. Please note that <strong>all uploaded files will
|
339
|
+
be publicly accessible even if they're not used in blog posts or pages</strong>.
|
337
340
|
file_size: Filstørrelse
|
338
341
|
filename: Filnavn
|
339
342
|
media_library: Media Library
|
data/config/locales/de.yml
CHANGED
@@ -334,6 +334,9 @@ de:
|
|
334
334
|
content_type: Content Type
|
335
335
|
date: Date
|
336
336
|
delete: Löschen
|
337
|
+
explain_media_library_html: Upload images, video and audio here for use in
|
338
|
+
your blog posts and pages. Please note that <strong>all uploaded files will
|
339
|
+
be publicly accessible even if they're not used in blog posts or pages</strong>.
|
337
340
|
file_size: Dateigröße
|
338
341
|
filename: Dateiname
|
339
342
|
media_library: Media Library
|
data/config/locales/en.yml
CHANGED
@@ -334,6 +334,9 @@ en:
|
|
334
334
|
content_type: Content Type
|
335
335
|
date: Date
|
336
336
|
delete: Delete
|
337
|
+
explain_media_library_html: Upload images, video and audio here for use in
|
338
|
+
your blog posts and pages. Please note that <strong>all uploaded files will
|
339
|
+
be publicly accessible even if they're not used in blog posts or pages</strong>.
|
337
340
|
file_size: File Size
|
338
341
|
filename: Filename
|
339
342
|
media_library: Media Library
|
data/config/locales/es-MX.yml
CHANGED
@@ -334,6 +334,9 @@ es-MX:
|
|
334
334
|
content_type: Content Type
|
335
335
|
date: Date
|
336
336
|
delete: Eliminar
|
337
|
+
explain_media_library_html: Upload images, video and audio here for use in
|
338
|
+
your blog posts and pages. Please note that <strong>all uploaded files will
|
339
|
+
be publicly accessible even if they're not used in blog posts or pages</strong>.
|
337
340
|
file_size: Tamaño del Archivo
|
338
341
|
filename: Nombre del archivo
|
339
342
|
media_library: Media Library
|
data/config/locales/fr.yml
CHANGED
@@ -338,6 +338,9 @@ fr:
|
|
338
338
|
content_type: Type de contenu
|
339
339
|
date: Date
|
340
340
|
delete: Supprimer
|
341
|
+
explain_media_library_html: Upload images, video and audio here for use in
|
342
|
+
your blog posts and pages. Please note that <strong>all uploaded files will
|
343
|
+
be publicly accessible even if they're not used in blog posts or pages</strong>.
|
341
344
|
file_size: Taille du fichier
|
342
345
|
filename: Fichier
|
343
346
|
media_library: Bibliothèque de médias
|
data/config/locales/he.yml
CHANGED
@@ -333,6 +333,9 @@ he:
|
|
333
333
|
content_type: סוג התוכן
|
334
334
|
date: תאריך
|
335
335
|
delete: מחק
|
336
|
+
explain_media_library_html: Upload images, video and audio here for use in
|
337
|
+
your blog posts and pages. Please note that <strong>all uploaded files will
|
338
|
+
be publicly accessible even if they're not used in blog posts or pages</strong>.
|
336
339
|
file_size: גודל הקובץ
|
337
340
|
filename: שם הקובץ
|
338
341
|
media_library: Media Library
|
data/config/locales/it.yml
CHANGED
@@ -334,6 +334,9 @@ it:
|
|
334
334
|
content_type: Tipo di contenuto
|
335
335
|
date: Date
|
336
336
|
delete: Elimina
|
337
|
+
explain_media_library_html: Upload images, video and audio here for use in
|
338
|
+
your blog posts and pages. Please note that <strong>all uploaded files will
|
339
|
+
be publicly accessible even if they're not used in blog posts or pages</strong>.
|
337
340
|
file_size: Dimensione
|
338
341
|
filename: Nome del file
|
339
342
|
media_library: Media Library
|
data/config/locales/ja.yml
CHANGED
@@ -333,6 +333,9 @@ ja:
|
|
333
333
|
content_type: コンテンツタイプ
|
334
334
|
date: 日付
|
335
335
|
delete: 削除
|
336
|
+
explain_media_library_html: Upload images, video and audio here for use in
|
337
|
+
your blog posts and pages. Please note that <strong>all uploaded files will
|
338
|
+
be publicly accessible even if they're not used in blog posts or pages</strong>.
|
336
339
|
file_size: ファイルサイズ
|
337
340
|
filename: ファイル名
|
338
341
|
media_library: Media Library
|
data/config/locales/lt.yml
CHANGED
@@ -346,6 +346,9 @@ lt:
|
|
346
346
|
content_type: Content Type
|
347
347
|
date: Date
|
348
348
|
delete: Trinti
|
349
|
+
explain_media_library_html: Upload images, video and audio here for use in
|
350
|
+
your blog posts and pages. Please note that <strong>all uploaded files will
|
351
|
+
be publicly accessible even if they're not used in blog posts or pages</strong>.
|
349
352
|
file_size: Dateigröße
|
350
353
|
filename: Dateiname
|
351
354
|
media_library: Media Library
|
data/config/locales/nb-NO.yml
CHANGED
@@ -333,6 +333,9 @@ nb-NO:
|
|
333
333
|
content_type: Innholdstype (MIME Content Type)
|
334
334
|
date: Dato
|
335
335
|
delete: Slett
|
336
|
+
explain_media_library_html: Upload images, video and audio here for use in
|
337
|
+
your blog posts and pages. Please note that <strong>all uploaded files will
|
338
|
+
be publicly accessible even if they're not used in blog posts or pages</strong>.
|
336
339
|
file_size: Filstørrelse
|
337
340
|
filename: Filnavn
|
338
341
|
media_library: Media-bibliotek
|
data/config/locales/nl.yml
CHANGED
@@ -334,9 +334,13 @@ nl:
|
|
334
334
|
content_type: Content Type
|
335
335
|
date: Datum
|
336
336
|
delete: Verwijderen
|
337
|
+
explain_media_library_html: Upload hier plaatjes, video en audio om te gebruiken
|
338
|
+
in blog posts en pagina's. Let op dat <strong>alle geüploade bestanden openbaar
|
339
|
+
toegankelijk zijn, zelfs als ze niet gebruikt worden in een blog post of
|
340
|
+
pagina.</strong>.
|
337
341
|
file_size: Bestandsgrootte
|
338
342
|
filename: Bestandsnaam
|
339
|
-
media_library:
|
343
|
+
media_library: Mediabibliotheek
|
340
344
|
medium_size: Medium size
|
341
345
|
no_resources: Er zijn nog geen media. Waarom begin je er niet een te maken?
|
342
346
|
original_size: Original size
|
@@ -556,7 +560,7 @@ nl:
|
|
556
560
|
logged_in_as: Logged in as %{login}
|
557
561
|
logout_html: Log out »
|
558
562
|
manage_users: Manage Users
|
559
|
-
media_library:
|
563
|
+
media_library: Mediabibliotheek
|
560
564
|
new: Nieuw
|
561
565
|
new_article: Nieuw artikel
|
562
566
|
new_media: New Media
|
data/config/locales/pl.yml
CHANGED
@@ -358,6 +358,9 @@ pl:
|
|
358
358
|
content_type: Typ treści
|
359
359
|
date: Data
|
360
360
|
delete: Usuń
|
361
|
+
explain_media_library_html: Upload images, video and audio here for use in
|
362
|
+
your blog posts and pages. Please note that <strong>all uploaded files will
|
363
|
+
be publicly accessible even if they're not used in blog posts or pages</strong>.
|
361
364
|
file_size: Rozmiar pliku
|
362
365
|
filename: Nazwa pliku
|
363
366
|
media_library: Biblioteka multimediów
|
data/config/locales/pt-BR.yml
CHANGED
@@ -335,6 +335,9 @@ pt-BR:
|
|
335
335
|
content_type: Tipo de conteúdo
|
336
336
|
date: Data
|
337
337
|
delete: Remover
|
338
|
+
explain_media_library_html: Upload images, video and audio here for use in
|
339
|
+
your blog posts and pages. Please note that <strong>all uploaded files will
|
340
|
+
be publicly accessible even if they're not used in blog posts or pages</strong>.
|
338
341
|
file_size: Tamanho do arquivo
|
339
342
|
filename: Nome do arquivo
|
340
343
|
media_library: Biblioteca
|
data/config/locales/ro.yml
CHANGED
@@ -346,6 +346,9 @@ ro:
|
|
346
346
|
content_type: Tip de conținut (content type)
|
347
347
|
date: Date
|
348
348
|
delete: Delete
|
349
|
+
explain_media_library_html: Upload images, video and audio here for use in
|
350
|
+
your blog posts and pages. Please note that <strong>all uploaded files will
|
351
|
+
be publicly accessible even if they're not used in blog posts or pages</strong>.
|
349
352
|
file_size: Dimensiunea fișierului
|
350
353
|
filename: Nume de fișier
|
351
354
|
media_library: Media Library
|
data/config/locales/ru.yml
CHANGED
@@ -358,6 +358,9 @@ ru:
|
|
358
358
|
content_type: Content Type
|
359
359
|
date: Дата
|
360
360
|
delete: Удалить
|
361
|
+
explain_media_library_html: Upload images, video and audio here for use in
|
362
|
+
your blog posts and pages. Please note that <strong>all uploaded files will
|
363
|
+
be publicly accessible even if they're not used in blog posts or pages</strong>.
|
361
364
|
file_size: Размер Файла
|
362
365
|
filename: Имя Файла
|
363
366
|
media_library: Медиатека
|
@@ -579,7 +582,7 @@ ru:
|
|
579
582
|
logged_in_as: Вы вошли как %{login}
|
580
583
|
logout_html: Выйти »
|
581
584
|
manage_users: Управление пользователями
|
582
|
-
media_library:
|
585
|
+
media_library: Медиатека
|
583
586
|
new: Добавить...
|
584
587
|
new_article: Новый пост
|
585
588
|
new_media: Новый файл
|
data/config/locales/zh-CN.yml
CHANGED
@@ -330,6 +330,9 @@ zh-CN:
|
|
330
330
|
content_type: 內容類型
|
331
331
|
date: 日期
|
332
332
|
delete: 删除
|
333
|
+
explain_media_library_html: Upload images, video and audio here for use in
|
334
|
+
your blog posts and pages. Please note that <strong>all uploaded files will
|
335
|
+
be publicly accessible even if they're not used in blog posts or pages</strong>.
|
333
336
|
file_size: 檔案大小
|
334
337
|
filename: 檔案名稱
|
335
338
|
media_library: Media Library
|
data/config/locales/zh-TW.yml
CHANGED
@@ -331,6 +331,9 @@ zh-TW:
|
|
331
331
|
content_type: 內容類型
|
332
332
|
date: Date
|
333
333
|
delete: 刪除
|
334
|
+
explain_media_library_html: Upload images, video and audio here for use in
|
335
|
+
your blog posts and pages. Please note that <strong>all uploaded files will
|
336
|
+
be publicly accessible even if they're not used in blog posts or pages</strong>.
|
334
337
|
file_size: 檔案大小
|
335
338
|
filename: 檔案名稱
|
336
339
|
media_library: Media Library
|
data/config/routes.rb
CHANGED
@@ -1,7 +1,8 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
3
|
Rails.application.routes.draw do
|
4
|
-
devise_for :users
|
4
|
+
devise_for :users, controllers: { registrations: "users/registrations" }
|
5
|
+
|
5
6
|
# TODO: use only in archive sidebar. See how made other system
|
6
7
|
get ":year/:month", to: "articles#index", year: /\d{4}/, month: /\d{1,2}/,
|
7
8
|
as: "articles_by_month", format: false
|
@@ -144,7 +145,7 @@ Rails.application.routes.draw do
|
|
144
145
|
resources :themes, only: [:index], format: false do
|
145
146
|
collection do
|
146
147
|
get "preview"
|
147
|
-
|
148
|
+
post "switchto"
|
148
149
|
end
|
149
150
|
end
|
150
151
|
|
data/lib/publify_core/version.rb
CHANGED
data/lib/spam_protection.rb
CHANGED
@@ -82,16 +82,14 @@ class SpamProtection
|
|
82
82
|
def query_rbls(rbls, *subdomains)
|
83
83
|
rbls.each do |rbl|
|
84
84
|
subdomains.uniq.each do |d|
|
85
|
-
|
86
|
-
|
87
|
-
|
88
|
-
|
89
|
-
"#{rbl} positively resolved subdomain #{d} => #{response}"
|
90
|
-
end
|
91
|
-
rescue SocketError
|
92
|
-
# NXDOMAIN response => negative: d is not in RBL
|
93
|
-
next
|
85
|
+
response = IPSocket.getaddress([d, rbl].join("."))
|
86
|
+
if response.start_with?("127.0.0.")
|
87
|
+
throw :hit,
|
88
|
+
"#{rbl} positively resolved subdomain #{d} => #{response}"
|
94
89
|
end
|
90
|
+
rescue SocketError
|
91
|
+
# NXDOMAIN response => negative: d is not in RBL
|
92
|
+
next
|
95
93
|
end
|
96
94
|
end
|
97
95
|
false
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: publify_core
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 9.2.
|
4
|
+
version: 9.2.6
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Matijs van Zuijlen
|
@@ -11,7 +11,7 @@ authors:
|
|
11
11
|
autorequire:
|
12
12
|
bindir: bin
|
13
13
|
cert_chain: []
|
14
|
-
date:
|
14
|
+
date: 2022-01-07 00:00:00.000000000 Z
|
15
15
|
dependencies:
|
16
16
|
- !ruby/object:Gem::Dependency
|
17
17
|
name: aasm
|
@@ -202,39 +202,39 @@ dependencies:
|
|
202
202
|
- !ruby/object:Gem::Version
|
203
203
|
version: 1.2.1
|
204
204
|
- !ruby/object:Gem::Dependency
|
205
|
-
name:
|
205
|
+
name: mini_magick
|
206
206
|
requirement: !ruby/object:Gem::Requirement
|
207
207
|
requirements:
|
208
208
|
- - "~>"
|
209
209
|
- !ruby/object:Gem::Version
|
210
|
-
version:
|
210
|
+
version: '4.9'
|
211
|
+
- - ">="
|
212
|
+
- !ruby/object:Gem::Version
|
213
|
+
version: 4.9.4
|
211
214
|
type: :runtime
|
212
215
|
prerelease: false
|
213
216
|
version_requirements: !ruby/object:Gem::Requirement
|
214
217
|
requirements:
|
215
218
|
- - "~>"
|
216
219
|
- !ruby/object:Gem::Version
|
217
|
-
version:
|
220
|
+
version: '4.9'
|
221
|
+
- - ">="
|
222
|
+
- !ruby/object:Gem::Version
|
223
|
+
version: 4.9.4
|
218
224
|
- !ruby/object:Gem::Dependency
|
219
|
-
name:
|
225
|
+
name: nokogiri
|
220
226
|
requirement: !ruby/object:Gem::Requirement
|
221
227
|
requirements:
|
222
|
-
- - "~>"
|
223
|
-
- !ruby/object:Gem::Version
|
224
|
-
version: '4.9'
|
225
228
|
- - ">="
|
226
229
|
- !ruby/object:Gem::Version
|
227
|
-
version:
|
230
|
+
version: 1.12.5
|
228
231
|
type: :runtime
|
229
232
|
prerelease: false
|
230
233
|
version_requirements: !ruby/object:Gem::Requirement
|
231
234
|
requirements:
|
232
|
-
- - "~>"
|
233
|
-
- !ruby/object:Gem::Version
|
234
|
-
version: '4.9'
|
235
235
|
- - ">="
|
236
236
|
- !ruby/object:Gem::Version
|
237
|
-
version:
|
237
|
+
version: 1.12.5
|
238
238
|
- !ruby/object:Gem::Dependency
|
239
239
|
name: rack
|
240
240
|
requirement: !ruby/object:Gem::Requirement
|
@@ -255,20 +255,14 @@ dependencies:
|
|
255
255
|
requirements:
|
256
256
|
- - "~>"
|
257
257
|
- !ruby/object:Gem::Version
|
258
|
-
version: 5.2.
|
259
|
-
- - ">="
|
260
|
-
- !ruby/object:Gem::Version
|
261
|
-
version: 5.2.4.3
|
258
|
+
version: 5.2.6
|
262
259
|
type: :runtime
|
263
260
|
prerelease: false
|
264
261
|
version_requirements: !ruby/object:Gem::Requirement
|
265
262
|
requirements:
|
266
263
|
- - "~>"
|
267
264
|
- !ruby/object:Gem::Version
|
268
|
-
version: 5.2.
|
269
|
-
- - ">="
|
270
|
-
- !ruby/object:Gem::Version
|
271
|
-
version: 5.2.4.3
|
265
|
+
version: 5.2.6
|
272
266
|
- !ruby/object:Gem::Dependency
|
273
267
|
name: rails_autolink
|
274
268
|
requirement: !ruby/object:Gem::Requirement
|
@@ -700,6 +694,7 @@ files:
|
|
700
694
|
- app/controllers/text_controller.rb
|
701
695
|
- app/controllers/textfilter_controller.rb
|
702
696
|
- app/controllers/theme_controller.rb
|
697
|
+
- app/controllers/users/registrations_controller.rb
|
703
698
|
- app/controllers/xml_controller.rb
|
704
699
|
- app/helpers/admin/base_helper.rb
|
705
700
|
- app/helpers/admin/feedback_helper.rb
|
@@ -974,6 +969,7 @@ files:
|
|
974
969
|
- lib/publify_core/testing_support/feed_assertions.rb
|
975
970
|
- lib/publify_core/testing_support/fixtures/exploit.svg
|
976
971
|
- lib/publify_core/testing_support/fixtures/fakepng.png
|
972
|
+
- lib/publify_core/testing_support/fixtures/just_some.html
|
977
973
|
- lib/publify_core/testing_support/fixtures/otherfile.txt
|
978
974
|
- lib/publify_core/testing_support/fixtures/testfile.png
|
979
975
|
- lib/publify_core/testing_support/fixtures/testfile.txt
|
@@ -1012,14 +1008,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
1012
1008
|
requirements:
|
1013
1009
|
- - ">="
|
1014
1010
|
- !ruby/object:Gem::Version
|
1015
|
-
version: 2.
|
1011
|
+
version: 2.5.0
|
1016
1012
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
1017
1013
|
requirements:
|
1018
1014
|
- - ">="
|
1019
1015
|
- !ruby/object:Gem::Version
|
1020
1016
|
version: '0'
|
1021
1017
|
requirements: []
|
1022
|
-
rubygems_version: 3.
|
1018
|
+
rubygems_version: 3.1.6
|
1023
1019
|
signing_key:
|
1024
1020
|
specification_version: 4
|
1025
1021
|
summary: Core engine for the Publify blogging system.
|