publify_core 9.2.3 → 9.2.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of publify_core might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CHANGELOG.md +29 -0
- data/app/controllers/admin/base_controller.rb +6 -0
- data/app/controllers/admin/content_controller.rb +1 -0
- data/app/controllers/users/registrations_controller.rb +12 -0
- data/app/helpers/base_helper.rb +6 -1
- data/app/models/content_base.rb +9 -3
- data/app/models/feedback.rb +0 -6
- data/app/uploaders/resource_uploader.rb +4 -0
- data/app/views/admin/resources/index.html.erb +17 -18
- data/app/views/admin/themes/index.html.erb +3 -3
- data/app/views/articles/_article_excerpt.html.erb +1 -1
- data/app/views/articles/_full_article_content.html.erb +2 -2
- data/app/views/articles/view_page.html.erb +1 -1
- data/app/views/comments/_comment.html.erb +1 -1
- data/app/views/notes/_note.html.erb +1 -1
- data/app/views/notes/index.html.erb +1 -1
- data/config/locales/da.yml +3 -0
- data/config/locales/de.yml +3 -0
- data/config/locales/en.yml +3 -0
- data/config/locales/es-MX.yml +3 -0
- data/config/locales/fr.yml +3 -0
- data/config/locales/he.yml +3 -0
- data/config/locales/it.yml +3 -0
- data/config/locales/ja.yml +3 -0
- data/config/locales/lt.yml +3 -0
- data/config/locales/nb-NO.yml +3 -0
- data/config/locales/nl.yml +6 -2
- data/config/locales/pl.yml +3 -0
- data/config/locales/pt-BR.yml +3 -0
- data/config/locales/ro.yml +3 -0
- data/config/locales/ru.yml +4 -1
- data/config/locales/zh-CN.yml +3 -0
- data/config/locales/zh-TW.yml +3 -0
- data/config/routes.rb +3 -2
- data/lib/publify_core/testing_support/fixtures/just_some.html +5 -0
- data/lib/publify_core/version.rb +1 -1
- data/lib/spam_protection.rb +7 -9
- metadata +19 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: e18625369ded53028adddd92f21dfe76cee5783ee75d3f78c1803a46f46e8dbd
|
|
4
|
+
data.tar.gz: acbc4e66a4a6917b51d2bf84190ac8f6546f1299cf9716eeb112d16ed7c2bfac
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: c72aa4d994e346dce07a1ab7816bfe52b2b3ff104b2623ff79ade1ee98a54d4af60c1a04d662f7f1ba08fff1183b07a8c68b4fb9edc2057f34adbc43cda4321c
|
|
7
|
+
data.tar.gz: 2f40107dd94916d0522825b852987f4740f956a7f20bedde75e64195f321986df077efcea5db4f10563dfba2b95250636bd773e01515d9cd378965caf43445ed
|
data/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,34 @@
|
|
|
1
1
|
# Changelog
|
|
2
2
|
|
|
3
|
+
## 9.2.7 / 2022-02-07
|
|
4
|
+
|
|
5
|
+
* Fix setting the article password from the Admin [#1044](https://github.com/publify/publify/pull/1044)
|
|
6
|
+
|
|
7
|
+
## 9.2.6 / 2022-01-07
|
|
8
|
+
|
|
9
|
+
* Add documentation about use of the media library
|
|
10
|
+
|
|
11
|
+
## 9.2.5 / 2021-10-11
|
|
12
|
+
|
|
13
|
+
This release fixes several security issues:
|
|
14
|
+
|
|
15
|
+
* Block ability to switch themes using a GET request; use a POST instead
|
|
16
|
+
* Disallow user self-registration rather than hiding it
|
|
17
|
+
* Let the browser not cache admin pages
|
|
18
|
+
* Limit the set of allowed mime types for uploaded media
|
|
19
|
+
* Limit allowed HTML in articles, pages and notes
|
|
20
|
+
|
|
21
|
+
Additionally, it includes the following changes:
|
|
22
|
+
|
|
23
|
+
* Fix resource size display in admin resource list
|
|
24
|
+
* Trigger download of media in the Media Library in admin instead of displaying
|
|
25
|
+
them directly
|
|
26
|
+
|
|
27
|
+
## 9.2.4 / 2021-10-02
|
|
28
|
+
|
|
29
|
+
* Explicitly require at least version 1.12.5 of nokogiri to avoid a security issue
|
|
30
|
+
* Drop support for Ruby 2.4 since it is incompatible with nokogiri 1.12.5
|
|
31
|
+
|
|
3
32
|
## 9.2.3 / 2021-05-22
|
|
4
33
|
|
|
5
34
|
* Bump Rails dependency to 5.2.6
|
|
@@ -10,6 +10,7 @@ class Admin::BaseController < BaseController
|
|
|
10
10
|
layout "administration"
|
|
11
11
|
|
|
12
12
|
before_action :login_required, except: [:login, :signup]
|
|
13
|
+
before_action :no_caching
|
|
13
14
|
|
|
14
15
|
private
|
|
15
16
|
|
|
@@ -24,4 +25,9 @@ class Admin::BaseController < BaseController
|
|
|
24
25
|
name: controller_name.humanize)
|
|
25
26
|
redirect_to action: "index"
|
|
26
27
|
end
|
|
28
|
+
|
|
29
|
+
def no_caching
|
|
30
|
+
response.cache_control[:extras] =
|
|
31
|
+
["no-cache", "max-age=0", "must-revalidate", "no-store"]
|
|
32
|
+
end
|
|
27
33
|
end
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
class Users::RegistrationsController < Devise::RegistrationsController
|
|
4
|
+
include BlogHelper
|
|
5
|
+
before_action :require_signup_allowed
|
|
6
|
+
|
|
7
|
+
private
|
|
8
|
+
|
|
9
|
+
def require_signup_allowed
|
|
10
|
+
render plain: "Not found", status: :not_found unless this_blog.allow_signup?
|
|
11
|
+
end
|
|
12
|
+
end
|
data/app/helpers/base_helper.rb
CHANGED
|
@@ -240,10 +240,15 @@ module BaseHelper
|
|
|
240
240
|
end
|
|
241
241
|
|
|
242
242
|
def nofollowify_links(string)
|
|
243
|
+
raise ArgumentError, "string", "must be html_safe" unless string.html_safe?
|
|
244
|
+
|
|
243
245
|
if this_blog.dofollowify
|
|
244
246
|
string
|
|
245
247
|
else
|
|
246
|
-
|
|
248
|
+
followify_scrubber = Loofah::Scrubber.new do |node|
|
|
249
|
+
node.set_attribute "rel", "nofollow" if node.name == "a"
|
|
250
|
+
end
|
|
251
|
+
sanitize h(string), scrubber: followify_scrubber
|
|
247
252
|
end
|
|
248
253
|
end
|
|
249
254
|
|
data/app/models/content_base.rb
CHANGED
|
@@ -5,6 +5,12 @@ module ContentBase
|
|
|
5
5
|
base.extend ClassMethods
|
|
6
6
|
end
|
|
7
7
|
|
|
8
|
+
class ContentTextHelpers
|
|
9
|
+
include ActionView::Helpers::UrlHelper
|
|
10
|
+
include ActionView::Helpers::TextHelper
|
|
11
|
+
include ActionView::Helpers::SanitizeHelper
|
|
12
|
+
end
|
|
13
|
+
|
|
8
14
|
attr_accessor :just_changed_published_status
|
|
9
15
|
alias just_changed_published_status? just_changed_published_status
|
|
10
16
|
|
|
@@ -39,10 +45,10 @@ module ContentBase
|
|
|
39
45
|
html_postprocess(field, html).to_s
|
|
40
46
|
end
|
|
41
47
|
|
|
42
|
-
# Post-process the HTML
|
|
43
|
-
# to enforce HTML sanity.
|
|
48
|
+
# Post-process the HTML
|
|
44
49
|
def html_postprocess(_field, html)
|
|
45
|
-
|
|
50
|
+
helper = ContentTextHelpers.new
|
|
51
|
+
helper.sanitize html
|
|
46
52
|
end
|
|
47
53
|
|
|
48
54
|
def html_preprocess(_field, html)
|
data/app/models/feedback.rb
CHANGED
|
@@ -11,12 +11,6 @@ class Feedback < ApplicationRecord
|
|
|
11
11
|
include PublifyGuid
|
|
12
12
|
include ContentBase
|
|
13
13
|
|
|
14
|
-
class ContentTextHelpers
|
|
15
|
-
include ActionView::Helpers::UrlHelper
|
|
16
|
-
include ActionView::Helpers::TextHelper
|
|
17
|
-
include ActionView::Helpers::SanitizeHelper
|
|
18
|
-
end
|
|
19
|
-
|
|
20
14
|
validate :feedback_not_closed, on: :create
|
|
21
15
|
validates :article, presence: true
|
|
22
16
|
|
|
@@ -6,6 +6,10 @@ class ResourceUploader < CarrierWave::Uploader::Base
|
|
|
6
6
|
include CarrierWave::MiniMagick
|
|
7
7
|
before :cache, :check_image_content_type!
|
|
8
8
|
|
|
9
|
+
def content_type_allowlist
|
|
10
|
+
[%r{image/}, %r{audio/}, %r{video/}, "text/plain"]
|
|
11
|
+
end
|
|
12
|
+
|
|
9
13
|
def store_dir
|
|
10
14
|
"files/#{model.class.to_s.underscore}/#{model.id}"
|
|
11
15
|
end
|
|
@@ -2,6 +2,9 @@
|
|
|
2
2
|
<h2>
|
|
3
3
|
<%= t('.media_library') %>
|
|
4
4
|
</h2>
|
|
5
|
+
<p>
|
|
6
|
+
<%= t('.explain_media_library_html') %>
|
|
7
|
+
</p>
|
|
5
8
|
<% end %>
|
|
6
9
|
|
|
7
10
|
<%= form_tag({ action: 'upload' }, { enctype: 'multipart/form-data', class: 'form-inline' }) do %>
|
|
@@ -33,38 +36,34 @@
|
|
|
33
36
|
</tr>
|
|
34
37
|
<% end %>
|
|
35
38
|
|
|
36
|
-
<% for
|
|
39
|
+
<% for resource in @resources %>
|
|
37
40
|
<tr>
|
|
38
41
|
<td>
|
|
39
|
-
<% if
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
42
|
+
<% if resource.mime =~ /image/ %>
|
|
43
|
+
<a href="<%= resource.upload.medium.url %>" data-toggle="lightbox">
|
|
44
|
+
<%= image_tag(resource.upload.thumb.url) %>
|
|
45
|
+
</a>
|
|
43
46
|
<% else %>
|
|
44
|
-
|
|
47
|
+
<%= link_to(resource.upload_url, resource.upload_url, download: resource.upload.identifier) %>
|
|
45
48
|
<% end %>
|
|
46
49
|
<p>
|
|
47
50
|
<small>
|
|
48
|
-
<% if
|
|
49
|
-
<%= link_to(t('.thumbnail'),
|
|
50
|
-
<%= link_to(t('.medium_size'),
|
|
51
|
-
<%= link_to(t('.original_size'),
|
|
51
|
+
<% if resource.mime =~ /image/ %>
|
|
52
|
+
<%= link_to(t('.thumbnail'), resource.upload.thumb.url) %> |
|
|
53
|
+
<%= link_to(t('.medium_size'), resource.upload.medium.url) %> |
|
|
54
|
+
<%= link_to(t('.original_size'), resource.upload.url) %> |
|
|
52
55
|
<% end %>
|
|
53
56
|
<%= link_to(t('.delete'),
|
|
54
|
-
{ action: 'destroy', id:
|
|
57
|
+
{ action: 'destroy', id: resource.id, search: params[:search], page: params[:page] },
|
|
55
58
|
{ confirm: t('.are_you_sure'), method: :delete }) %>
|
|
56
59
|
</small>
|
|
57
60
|
</p>
|
|
58
61
|
</td>
|
|
59
62
|
<td>
|
|
60
|
-
<%=
|
|
63
|
+
<%= resource.mime %>
|
|
61
64
|
</td>
|
|
62
|
-
<td><%=
|
|
63
|
-
|
|
64
|
-
rescue StandardError
|
|
65
|
-
0
|
|
66
|
-
end %> bytes</td>
|
|
67
|
-
<td><%= l(upload.created_at, format: :short) %></td>
|
|
65
|
+
<td><%= resource.upload.size %> bytes</td>
|
|
66
|
+
<td><%= l(resource.created_at, format: :short) %></td>
|
|
68
67
|
</tr>
|
|
69
68
|
<% end %>
|
|
70
69
|
<%= display_pagination(@resources, 6) %>
|
|
@@ -16,10 +16,10 @@
|
|
|
16
16
|
</div>
|
|
17
17
|
<% else %>
|
|
18
18
|
<div>
|
|
19
|
-
<h3><%=
|
|
20
|
-
<%=
|
|
19
|
+
<h3><%= theme.name %></h3>
|
|
20
|
+
<%= image_tag(preview_url, class: 'img-thumbnail') %>
|
|
21
21
|
<%= raw theme.description_html %>
|
|
22
|
-
<p><%=
|
|
22
|
+
<p><%= button_to(t('.use_this_theme'), switch_url, class: 'btn btn-info') %></p>
|
|
23
23
|
</div>
|
|
24
24
|
<% end %>
|
|
25
25
|
</div>
|
|
@@ -5,7 +5,7 @@
|
|
|
5
5
|
<p><%= link_to_permalink article, t('.continue_reading') %></p>
|
|
6
6
|
</div>
|
|
7
7
|
<% else %>
|
|
8
|
-
<%=
|
|
8
|
+
<%= article.html(:body) %>
|
|
9
9
|
<% if article.extended? %>
|
|
10
10
|
<div class="extended">
|
|
11
11
|
<p><%= link_to_permalink article, t('.continue_reading') %></p>
|
|
@@ -6,7 +6,7 @@
|
|
|
6
6
|
<%= t('.said') %> <%= display_date_and_time comment.created_at %>:
|
|
7
7
|
</p>
|
|
8
8
|
<div class="content">
|
|
9
|
-
<%=
|
|
9
|
+
<%= nofollowify_links comment.generate_html(:body) %>
|
|
10
10
|
<% unless comment.published? %>
|
|
11
11
|
<div class="spamwarning">
|
|
12
12
|
<%= t('.this_comment_has_been_flagged_for_moderator_approval') %>
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
<% cache [note, note.user] do %>
|
|
2
2
|
<article class='status'>
|
|
3
3
|
<%= author_picture note %>
|
|
4
|
-
<div class='p-name entry-title e-content entry-content article'><%=
|
|
4
|
+
<div class='p-name entry-title e-content entry-content article'><%= note.html(:body) %></div>
|
|
5
5
|
<footer>
|
|
6
6
|
<small>
|
|
7
7
|
<%= link_to_permalink(note, display_date_and_time(note.published_at)) %> |
|
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
<% for note in @notes %>
|
|
3
3
|
<div class='h-entry hentry h-as-note'>
|
|
4
4
|
<article>
|
|
5
|
-
<p class='p-name entry-title e-content entry-content article'><%=
|
|
5
|
+
<p class='p-name entry-title e-content entry-content article'><%= note.html(:body) %></p>
|
|
6
6
|
<footer>
|
|
7
7
|
<small><%= link_to_permalink(note, display_date_and_time(note.published_at)) %></small>
|
|
8
8
|
</footer>
|
data/config/locales/da.yml
CHANGED
|
@@ -334,6 +334,9 @@ da:
|
|
|
334
334
|
content_type: Indholdstype (Content Type)
|
|
335
335
|
date: Dato
|
|
336
336
|
delete: Slet
|
|
337
|
+
explain_media_library_html: Upload images, video and audio here for use in
|
|
338
|
+
your blog posts and pages. Please note that <strong>all uploaded files will
|
|
339
|
+
be publicly accessible even if they're not used in blog posts or pages</strong>.
|
|
337
340
|
file_size: Filstørrelse
|
|
338
341
|
filename: Filnavn
|
|
339
342
|
media_library: Media Library
|
data/config/locales/de.yml
CHANGED
|
@@ -334,6 +334,9 @@ de:
|
|
|
334
334
|
content_type: Content Type
|
|
335
335
|
date: Date
|
|
336
336
|
delete: Löschen
|
|
337
|
+
explain_media_library_html: Upload images, video and audio here for use in
|
|
338
|
+
your blog posts and pages. Please note that <strong>all uploaded files will
|
|
339
|
+
be publicly accessible even if they're not used in blog posts or pages</strong>.
|
|
337
340
|
file_size: Dateigröße
|
|
338
341
|
filename: Dateiname
|
|
339
342
|
media_library: Media Library
|
data/config/locales/en.yml
CHANGED
|
@@ -334,6 +334,9 @@ en:
|
|
|
334
334
|
content_type: Content Type
|
|
335
335
|
date: Date
|
|
336
336
|
delete: Delete
|
|
337
|
+
explain_media_library_html: Upload images, video and audio here for use in
|
|
338
|
+
your blog posts and pages. Please note that <strong>all uploaded files will
|
|
339
|
+
be publicly accessible even if they're not used in blog posts or pages</strong>.
|
|
337
340
|
file_size: File Size
|
|
338
341
|
filename: Filename
|
|
339
342
|
media_library: Media Library
|
data/config/locales/es-MX.yml
CHANGED
|
@@ -334,6 +334,9 @@ es-MX:
|
|
|
334
334
|
content_type: Content Type
|
|
335
335
|
date: Date
|
|
336
336
|
delete: Eliminar
|
|
337
|
+
explain_media_library_html: Upload images, video and audio here for use in
|
|
338
|
+
your blog posts and pages. Please note that <strong>all uploaded files will
|
|
339
|
+
be publicly accessible even if they're not used in blog posts or pages</strong>.
|
|
337
340
|
file_size: Tamaño del Archivo
|
|
338
341
|
filename: Nombre del archivo
|
|
339
342
|
media_library: Media Library
|
data/config/locales/fr.yml
CHANGED
|
@@ -338,6 +338,9 @@ fr:
|
|
|
338
338
|
content_type: Type de contenu
|
|
339
339
|
date: Date
|
|
340
340
|
delete: Supprimer
|
|
341
|
+
explain_media_library_html: Upload images, video and audio here for use in
|
|
342
|
+
your blog posts and pages. Please note that <strong>all uploaded files will
|
|
343
|
+
be publicly accessible even if they're not used in blog posts or pages</strong>.
|
|
341
344
|
file_size: Taille du fichier
|
|
342
345
|
filename: Fichier
|
|
343
346
|
media_library: Bibliothèque de médias
|
data/config/locales/he.yml
CHANGED
|
@@ -333,6 +333,9 @@ he:
|
|
|
333
333
|
content_type: סוג התוכן
|
|
334
334
|
date: תאריך
|
|
335
335
|
delete: מחק
|
|
336
|
+
explain_media_library_html: Upload images, video and audio here for use in
|
|
337
|
+
your blog posts and pages. Please note that <strong>all uploaded files will
|
|
338
|
+
be publicly accessible even if they're not used in blog posts or pages</strong>.
|
|
336
339
|
file_size: גודל הקובץ
|
|
337
340
|
filename: שם הקובץ
|
|
338
341
|
media_library: Media Library
|
data/config/locales/it.yml
CHANGED
|
@@ -334,6 +334,9 @@ it:
|
|
|
334
334
|
content_type: Tipo di contenuto
|
|
335
335
|
date: Date
|
|
336
336
|
delete: Elimina
|
|
337
|
+
explain_media_library_html: Upload images, video and audio here for use in
|
|
338
|
+
your blog posts and pages. Please note that <strong>all uploaded files will
|
|
339
|
+
be publicly accessible even if they're not used in blog posts or pages</strong>.
|
|
337
340
|
file_size: Dimensione
|
|
338
341
|
filename: Nome del file
|
|
339
342
|
media_library: Media Library
|
data/config/locales/ja.yml
CHANGED
|
@@ -333,6 +333,9 @@ ja:
|
|
|
333
333
|
content_type: コンテンツタイプ
|
|
334
334
|
date: 日付
|
|
335
335
|
delete: 削除
|
|
336
|
+
explain_media_library_html: Upload images, video and audio here for use in
|
|
337
|
+
your blog posts and pages. Please note that <strong>all uploaded files will
|
|
338
|
+
be publicly accessible even if they're not used in blog posts or pages</strong>.
|
|
336
339
|
file_size: ファイルサイズ
|
|
337
340
|
filename: ファイル名
|
|
338
341
|
media_library: Media Library
|
data/config/locales/lt.yml
CHANGED
|
@@ -346,6 +346,9 @@ lt:
|
|
|
346
346
|
content_type: Content Type
|
|
347
347
|
date: Date
|
|
348
348
|
delete: Trinti
|
|
349
|
+
explain_media_library_html: Upload images, video and audio here for use in
|
|
350
|
+
your blog posts and pages. Please note that <strong>all uploaded files will
|
|
351
|
+
be publicly accessible even if they're not used in blog posts or pages</strong>.
|
|
349
352
|
file_size: Dateigröße
|
|
350
353
|
filename: Dateiname
|
|
351
354
|
media_library: Media Library
|
data/config/locales/nb-NO.yml
CHANGED
|
@@ -333,6 +333,9 @@ nb-NO:
|
|
|
333
333
|
content_type: Innholdstype (MIME Content Type)
|
|
334
334
|
date: Dato
|
|
335
335
|
delete: Slett
|
|
336
|
+
explain_media_library_html: Upload images, video and audio here for use in
|
|
337
|
+
your blog posts and pages. Please note that <strong>all uploaded files will
|
|
338
|
+
be publicly accessible even if they're not used in blog posts or pages</strong>.
|
|
336
339
|
file_size: Filstørrelse
|
|
337
340
|
filename: Filnavn
|
|
338
341
|
media_library: Media-bibliotek
|
data/config/locales/nl.yml
CHANGED
|
@@ -334,9 +334,13 @@ nl:
|
|
|
334
334
|
content_type: Content Type
|
|
335
335
|
date: Datum
|
|
336
336
|
delete: Verwijderen
|
|
337
|
+
explain_media_library_html: Upload hier plaatjes, video en audio om te gebruiken
|
|
338
|
+
in blog posts en pagina's. Let op dat <strong>alle geüploade bestanden openbaar
|
|
339
|
+
toegankelijk zijn, zelfs als ze niet gebruikt worden in een blog post of
|
|
340
|
+
pagina.</strong>.
|
|
337
341
|
file_size: Bestandsgrootte
|
|
338
342
|
filename: Bestandsnaam
|
|
339
|
-
media_library:
|
|
343
|
+
media_library: Mediabibliotheek
|
|
340
344
|
medium_size: Medium size
|
|
341
345
|
no_resources: Er zijn nog geen media. Waarom begin je er niet een te maken?
|
|
342
346
|
original_size: Original size
|
|
@@ -556,7 +560,7 @@ nl:
|
|
|
556
560
|
logged_in_as: Logged in as %{login}
|
|
557
561
|
logout_html: Log out »
|
|
558
562
|
manage_users: Manage Users
|
|
559
|
-
media_library:
|
|
563
|
+
media_library: Mediabibliotheek
|
|
560
564
|
new: Nieuw
|
|
561
565
|
new_article: Nieuw artikel
|
|
562
566
|
new_media: New Media
|
data/config/locales/pl.yml
CHANGED
|
@@ -358,6 +358,9 @@ pl:
|
|
|
358
358
|
content_type: Typ treści
|
|
359
359
|
date: Data
|
|
360
360
|
delete: Usuń
|
|
361
|
+
explain_media_library_html: Upload images, video and audio here for use in
|
|
362
|
+
your blog posts and pages. Please note that <strong>all uploaded files will
|
|
363
|
+
be publicly accessible even if they're not used in blog posts or pages</strong>.
|
|
361
364
|
file_size: Rozmiar pliku
|
|
362
365
|
filename: Nazwa pliku
|
|
363
366
|
media_library: Biblioteka multimediów
|
data/config/locales/pt-BR.yml
CHANGED
|
@@ -335,6 +335,9 @@ pt-BR:
|
|
|
335
335
|
content_type: Tipo de conteúdo
|
|
336
336
|
date: Data
|
|
337
337
|
delete: Remover
|
|
338
|
+
explain_media_library_html: Upload images, video and audio here for use in
|
|
339
|
+
your blog posts and pages. Please note that <strong>all uploaded files will
|
|
340
|
+
be publicly accessible even if they're not used in blog posts or pages</strong>.
|
|
338
341
|
file_size: Tamanho do arquivo
|
|
339
342
|
filename: Nome do arquivo
|
|
340
343
|
media_library: Biblioteca
|
data/config/locales/ro.yml
CHANGED
|
@@ -346,6 +346,9 @@ ro:
|
|
|
346
346
|
content_type: Tip de conținut (content type)
|
|
347
347
|
date: Date
|
|
348
348
|
delete: Delete
|
|
349
|
+
explain_media_library_html: Upload images, video and audio here for use in
|
|
350
|
+
your blog posts and pages. Please note that <strong>all uploaded files will
|
|
351
|
+
be publicly accessible even if they're not used in blog posts or pages</strong>.
|
|
349
352
|
file_size: Dimensiunea fișierului
|
|
350
353
|
filename: Nume de fișier
|
|
351
354
|
media_library: Media Library
|
data/config/locales/ru.yml
CHANGED
|
@@ -358,6 +358,9 @@ ru:
|
|
|
358
358
|
content_type: Content Type
|
|
359
359
|
date: Дата
|
|
360
360
|
delete: Удалить
|
|
361
|
+
explain_media_library_html: Upload images, video and audio here for use in
|
|
362
|
+
your blog posts and pages. Please note that <strong>all uploaded files will
|
|
363
|
+
be publicly accessible even if they're not used in blog posts or pages</strong>.
|
|
361
364
|
file_size: Размер Файла
|
|
362
365
|
filename: Имя Файла
|
|
363
366
|
media_library: Медиатека
|
|
@@ -579,7 +582,7 @@ ru:
|
|
|
579
582
|
logged_in_as: Вы вошли как %{login}
|
|
580
583
|
logout_html: Выйти »
|
|
581
584
|
manage_users: Управление пользователями
|
|
582
|
-
media_library:
|
|
585
|
+
media_library: Медиатека
|
|
583
586
|
new: Добавить...
|
|
584
587
|
new_article: Новый пост
|
|
585
588
|
new_media: Новый файл
|
data/config/locales/zh-CN.yml
CHANGED
|
@@ -330,6 +330,9 @@ zh-CN:
|
|
|
330
330
|
content_type: 內容類型
|
|
331
331
|
date: 日期
|
|
332
332
|
delete: 删除
|
|
333
|
+
explain_media_library_html: Upload images, video and audio here for use in
|
|
334
|
+
your blog posts and pages. Please note that <strong>all uploaded files will
|
|
335
|
+
be publicly accessible even if they're not used in blog posts or pages</strong>.
|
|
333
336
|
file_size: 檔案大小
|
|
334
337
|
filename: 檔案名稱
|
|
335
338
|
media_library: Media Library
|
data/config/locales/zh-TW.yml
CHANGED
|
@@ -331,6 +331,9 @@ zh-TW:
|
|
|
331
331
|
content_type: 內容類型
|
|
332
332
|
date: Date
|
|
333
333
|
delete: 刪除
|
|
334
|
+
explain_media_library_html: Upload images, video and audio here for use in
|
|
335
|
+
your blog posts and pages. Please note that <strong>all uploaded files will
|
|
336
|
+
be publicly accessible even if they're not used in blog posts or pages</strong>.
|
|
334
337
|
file_size: 檔案大小
|
|
335
338
|
filename: 檔案名稱
|
|
336
339
|
media_library: Media Library
|
data/config/routes.rb
CHANGED
|
@@ -1,7 +1,8 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
3
|
Rails.application.routes.draw do
|
|
4
|
-
devise_for :users
|
|
4
|
+
devise_for :users, controllers: { registrations: "users/registrations" }
|
|
5
|
+
|
|
5
6
|
# TODO: use only in archive sidebar. See how made other system
|
|
6
7
|
get ":year/:month", to: "articles#index", year: /\d{4}/, month: /\d{1,2}/,
|
|
7
8
|
as: "articles_by_month", format: false
|
|
@@ -144,7 +145,7 @@ Rails.application.routes.draw do
|
|
|
144
145
|
resources :themes, only: [:index], format: false do
|
|
145
146
|
collection do
|
|
146
147
|
get "preview"
|
|
147
|
-
|
|
148
|
+
post "switchto"
|
|
148
149
|
end
|
|
149
150
|
end
|
|
150
151
|
|
data/lib/publify_core/version.rb
CHANGED
data/lib/spam_protection.rb
CHANGED
|
@@ -82,16 +82,14 @@ class SpamProtection
|
|
|
82
82
|
def query_rbls(rbls, *subdomains)
|
|
83
83
|
rbls.each do |rbl|
|
|
84
84
|
subdomains.uniq.each do |d|
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
"#{rbl} positively resolved subdomain #{d} => #{response}"
|
|
90
|
-
end
|
|
91
|
-
rescue SocketError
|
|
92
|
-
# NXDOMAIN response => negative: d is not in RBL
|
|
93
|
-
next
|
|
85
|
+
response = IPSocket.getaddress([d, rbl].join("."))
|
|
86
|
+
if response.start_with?("127.0.0.")
|
|
87
|
+
throw :hit,
|
|
88
|
+
"#{rbl} positively resolved subdomain #{d} => #{response}"
|
|
94
89
|
end
|
|
90
|
+
rescue SocketError
|
|
91
|
+
# NXDOMAIN response => negative: d is not in RBL
|
|
92
|
+
next
|
|
95
93
|
end
|
|
96
94
|
end
|
|
97
95
|
false
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: publify_core
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 9.2.
|
|
4
|
+
version: 9.2.7
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Matijs van Zuijlen
|
|
@@ -11,7 +11,7 @@ authors:
|
|
|
11
11
|
autorequire:
|
|
12
12
|
bindir: bin
|
|
13
13
|
cert_chain: []
|
|
14
|
-
date:
|
|
14
|
+
date: 2022-02-07 00:00:00.000000000 Z
|
|
15
15
|
dependencies:
|
|
16
16
|
- !ruby/object:Gem::Dependency
|
|
17
17
|
name: aasm
|
|
@@ -221,6 +221,20 @@ dependencies:
|
|
|
221
221
|
- - ">="
|
|
222
222
|
- !ruby/object:Gem::Version
|
|
223
223
|
version: 4.9.4
|
|
224
|
+
- !ruby/object:Gem::Dependency
|
|
225
|
+
name: nokogiri
|
|
226
|
+
requirement: !ruby/object:Gem::Requirement
|
|
227
|
+
requirements:
|
|
228
|
+
- - ">="
|
|
229
|
+
- !ruby/object:Gem::Version
|
|
230
|
+
version: 1.12.5
|
|
231
|
+
type: :runtime
|
|
232
|
+
prerelease: false
|
|
233
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
234
|
+
requirements:
|
|
235
|
+
- - ">="
|
|
236
|
+
- !ruby/object:Gem::Version
|
|
237
|
+
version: 1.12.5
|
|
224
238
|
- !ruby/object:Gem::Dependency
|
|
225
239
|
name: rack
|
|
226
240
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -680,6 +694,7 @@ files:
|
|
|
680
694
|
- app/controllers/text_controller.rb
|
|
681
695
|
- app/controllers/textfilter_controller.rb
|
|
682
696
|
- app/controllers/theme_controller.rb
|
|
697
|
+
- app/controllers/users/registrations_controller.rb
|
|
683
698
|
- app/controllers/xml_controller.rb
|
|
684
699
|
- app/helpers/admin/base_helper.rb
|
|
685
700
|
- app/helpers/admin/feedback_helper.rb
|
|
@@ -954,6 +969,7 @@ files:
|
|
|
954
969
|
- lib/publify_core/testing_support/feed_assertions.rb
|
|
955
970
|
- lib/publify_core/testing_support/fixtures/exploit.svg
|
|
956
971
|
- lib/publify_core/testing_support/fixtures/fakepng.png
|
|
972
|
+
- lib/publify_core/testing_support/fixtures/just_some.html
|
|
957
973
|
- lib/publify_core/testing_support/fixtures/otherfile.txt
|
|
958
974
|
- lib/publify_core/testing_support/fixtures/testfile.png
|
|
959
975
|
- lib/publify_core/testing_support/fixtures/testfile.txt
|
|
@@ -992,7 +1008,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
992
1008
|
requirements:
|
|
993
1009
|
- - ">="
|
|
994
1010
|
- !ruby/object:Gem::Version
|
|
995
|
-
version: 2.
|
|
1011
|
+
version: 2.5.0
|
|
996
1012
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
997
1013
|
requirements:
|
|
998
1014
|
- - ">="
|