rails_admin 1.1.0 → 1.1.1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of rails_admin might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Gemfile +0 -2
- data/README.md +9 -0
- data/app/controllers/rails_admin/application_controller.rb +4 -0
- data/config/initializers/active_record_extensions.rb +1 -1
- data/lib/rails_admin/adapters/active_record.rb +2 -0
- data/lib/rails_admin/config/actions/dashboard.rb +1 -1
- data/lib/rails_admin/config/actions/index.rb +1 -1
- data/lib/rails_admin/support/csv_converter.rb +4 -0
- data/lib/rails_admin/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: d80a5575faa7784d6f5d17ddebb05038a5416969
|
|
4
|
+
data.tar.gz: c30c5b1ffb5839b5b387b7935e7ed201966efdbb
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: ee5a0326bd91f3b04e1b7711cddb648772bbc29f47f76784a69508fcfa3bf590528321b86faddace87c3bd1d6334100e0fea04cf18dbd04ecf6bd3e3ed2c85e9
|
|
7
|
+
data.tar.gz: 4565950fa8e26c5c5b7a0d79cb522e91d1256575287e7b637165c2c03b82053461aa3e6317479c5ca2340439b5a9d8e4e5768efe52939b7d32b1bb1cfd443919
|
data/Gemfile
CHANGED
data/README.md
CHANGED
|
@@ -16,6 +16,15 @@
|
|
|
16
16
|
|
|
17
17
|
RailsAdmin is a Rails engine that provides an easy-to-use interface for managing your data.
|
|
18
18
|
|
|
19
|
+
## Announcements
|
|
20
|
+
|
|
21
|
+
### [Action required] Security issue
|
|
22
|
+
|
|
23
|
+
**RailsAdmin 1.0.0 and 1.1.0 have been reported to have CSRF vulnerability with default setup.** We strongly recommend that you upgrade RailsAdmin to 1.1.1 or later as soon as possible, if you are on these versions. See [b13e879e](https://github.com/sferik/rails_admin/commit/b13e879eb93b661204e9fb5e55f7afa4f397537a) for the detail.
|
|
24
|
+
|
|
25
|
+
This problem was reported by SourceClear, Inc.
|
|
26
|
+
|
|
27
|
+
|
|
19
28
|
## Features
|
|
20
29
|
* CRUD any data with ease
|
|
21
30
|
* Custom actions
|
|
@@ -11,6 +11,8 @@ module RailsAdmin
|
|
|
11
11
|
end
|
|
12
12
|
|
|
13
13
|
class ApplicationController < Config.parent_controller.constantize
|
|
14
|
+
protect_from_forgery with: :exception
|
|
15
|
+
|
|
14
16
|
before_action :_authenticate!
|
|
15
17
|
before_action :_authorize!
|
|
16
18
|
before_action :_audit!
|
|
@@ -63,12 +65,14 @@ module RailsAdmin
|
|
|
63
65
|
rescue_from RailsAdmin::ObjectNotFound do
|
|
64
66
|
flash[:error] = I18n.t('admin.flash.object_not_found', model: @model_name, id: params[:id])
|
|
65
67
|
params[:action] = 'index'
|
|
68
|
+
@status_code = :not_found
|
|
66
69
|
index
|
|
67
70
|
end
|
|
68
71
|
|
|
69
72
|
rescue_from RailsAdmin::ModelNotFound do
|
|
70
73
|
flash[:error] = I18n.t('admin.flash.model_not_found', model: @model_name)
|
|
71
74
|
params[:action] = 'dashboard'
|
|
75
|
+
@status_code = :not_found
|
|
72
76
|
dashboard
|
|
73
77
|
end
|
|
74
78
|
end
|
|
@@ -72,6 +72,8 @@ module RailsAdmin
|
|
|
72
72
|
::ActiveRecord::Base.connection.select_one("SELECT ''::text AS str;").values.first.encoding
|
|
73
73
|
when 'mysql2'
|
|
74
74
|
::ActiveRecord::Base.connection.instance_variable_get(:@connection).encoding
|
|
75
|
+
when 'oracle_enhanced'
|
|
76
|
+
::ActiveRecord::Base.connection.select_one("SELECT dummy FROM DUAL").values.first.encoding
|
|
75
77
|
else
|
|
76
78
|
::ActiveRecord::Base.connection.select_one("SELECT '' AS str;").values.first.encoding
|
|
77
79
|
end
|
|
@@ -30,7 +30,7 @@ module RailsAdmin
|
|
|
30
30
|
@most_recent_created[t.model.name] = t.model.last.try(:created_at)
|
|
31
31
|
end
|
|
32
32
|
end
|
|
33
|
-
render @action.template_name, status:
|
|
33
|
+
render @action.template_name, status: @status_code || :ok
|
|
34
34
|
end
|
|
35
35
|
end
|
|
36
36
|
|
|
@@ -4,6 +4,9 @@ require 'csv'
|
|
|
4
4
|
module RailsAdmin
|
|
5
5
|
class CSVConverter
|
|
6
6
|
def initialize(objects = [], schema = {})
|
|
7
|
+
@fields = []
|
|
8
|
+
@associations = []
|
|
9
|
+
|
|
7
10
|
return self if (@objects = objects).blank?
|
|
8
11
|
|
|
9
12
|
@model = objects.dup.first.class
|
|
@@ -32,6 +35,7 @@ module RailsAdmin
|
|
|
32
35
|
end
|
|
33
36
|
|
|
34
37
|
def to_csv(options = {})
|
|
38
|
+
options = HashWithIndifferentAccess.new(options)
|
|
35
39
|
encoding_to = Encoding.find(options[:encoding_to]) if options[:encoding_to].present?
|
|
36
40
|
|
|
37
41
|
csv_string = generate_csv_string(options)
|
data/lib/rails_admin/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rails_admin
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.1.
|
|
4
|
+
version: 1.1.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Erik Michaels-Ober
|
|
@@ -12,7 +12,7 @@ authors:
|
|
|
12
12
|
autorequire:
|
|
13
13
|
bindir: bin
|
|
14
14
|
cert_chain: []
|
|
15
|
-
date: 2016-
|
|
15
|
+
date: 2016-12-25 00:00:00.000000000 Z
|
|
16
16
|
dependencies:
|
|
17
17
|
- !ruby/object:Gem::Dependency
|
|
18
18
|
name: builder
|