rails_admin 2.0.1 → 2.0.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (13) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +7 -0
  3. data/app/assets/javascripts/rails_admin/ra.nested-form-hooks.js +4 -2
  4. data/app/assets/javascripts/rails_admin/ra.widgets.js +11 -3
  5. data/app/views/rails_admin/main/index.html.haml +1 -1
  6. data/config/locales/rails_admin.en.yml +1 -0
  7. data/lib/rails_admin/adapters/active_record/abstract_object.rb +2 -2
  8. data/lib/rails_admin/config/lazy_model.rb +4 -4
  9. data/lib/rails_admin/config/model.rb +2 -2
  10. data/lib/rails_admin/config/proxyable/proxy.rb +4 -4
  11. data/lib/rails_admin/extension.rb +1 -1
  12. data/lib/rails_admin/version.rb +1 -1
  13. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 4e762b5bdac4e8a36a97a7c202d8a44313d3bc832a52841fc23ffbf01fc585b0
4
- data.tar.gz: 9059efd9fba737bc94817e0613f62c276551ae37dfc14f79e8fb8def21bfbdcf
3
+ metadata.gz: b602512e6e725b80b4710d009beb60fffc8089f20a677579174f5af05ed7a728
4
+ data.tar.gz: b983654e17ee5f1a15bab17d2d5afbba7f06eb7d8b6f4be92112f5e9ad41ddf7
5
5
  SHA512:
6
- metadata.gz: ca9f568f3c3e8e2a7b63ad2d64de0d89944db6f6735376714a2d019a60d592c7a80e8c3c0b2a9ce606f390dadc630d7478a1471b3e90b4283091b063b30001dd
7
- data.tar.gz: fc5afc47e02d74b54c868c77cbf4b45217e5d2f9396e2c9e5c34ed1d2b7c2e4dfd3040657e7d21930ed5ee61599dd5ccbbd128c464f7ff2cb228e9e712d73761
6
+ metadata.gz: d2ec664fd9c217fd62d3ca65af5718e095f8de4ac3919ea0fe29b2e8d203e984583dd11877aa1ff8c40e2e8a696e55f304f24312da87da08051ba0a2bc33c99a
7
+ data.tar.gz: d2350c08e53ba3ed67e65bdd75863f4fd02b7c26ace2fdcafae81363b6567d6c5db52bcb2631224d0f5d291e46a9e577187fdcdc4bbc6e96613083dd8266b948
data/README.md CHANGED
@@ -16,6 +16,12 @@
16
16
 
17
17
  RailsAdmin is a Rails engine that provides an easy-to-use interface for managing your data.
18
18
 
19
+ ## Announcements
20
+
21
+ ### [Action required] Security issue
22
+
23
+ **RailsAdmin 2.0.1, 2.0.0 and up to 1.4.2 have been reported to have XSS vulnerability.** We strongly recommend that you upgrade RailsAdmin to 2.0.2 (and higher) or 1.4.3 as soon as possible, if you are on those versions. See [d72090ec](https://github.com/sferik/rails_admin/commit/d72090ec6a07c3b9b7b48ab50f3d405f91ff4375) for the detail.
24
+
19
25
  ## Getting started
20
26
 
21
27
  * Check out [the docs][docs].
@@ -93,6 +99,7 @@ This library aims to support and is [tested against][travis] the following Ruby
93
99
  * Ruby 2.4
94
100
  * Ruby 2.5
95
101
  * Ruby 2.6
102
+ * Ruby 2.7
96
103
  * [JRuby][]
97
104
 
98
105
  [jruby]: http://jruby.org/
data/app/assets/javascripts/rails_admin/ra.nested-form-hooks.js CHANGED
@@ -11,7 +11,9 @@
11
11
  $(document).on('nested:fieldAdded', 'form', function(content) {
12
12
  var controls, field, nav, new_tab, one_to_one, parent_group, toggler;
13
13
  field = content.field.addClass('tab-pane').attr('id', 'unique-id-' + (new Date().getTime()));
14
- new_tab = $('<li><a data-toggle="tab" href="#' + field.attr('id') + '">' + field.children('.object-infos').data('object-label') + '</a></li>');
14
+ new_tab = $('<li></li>').append(
15
+ $('<a></a>').attr('data-toggle', 'tab').attr('href', '#' + field.attr('id')).text(field.children('.object-infos').data('object-label'))
16
+ )
15
17
  parent_group = field.closest('.control-group');
16
18
  controls = parent_group.children('.controls');
17
19
  one_to_one = controls.data('nestedone') !== void 0;
@@ -27,7 +29,7 @@
27
29
  content.select(':hidden').show('slow');
28
30
  toggler.addClass('active').removeClass('disabled').children('i').addClass('icon-chevron-down').removeClass('icon-chevron-right');
29
31
  if (one_to_one) {
30
- controls.find('.add_nested_fields').removeClass('add_nested_fields').html(field.children('.object-infos').data('object-label'));
32
+ controls.find('.add_nested_fields').removeClass('add_nested_fields').text(field.children('.object-infos').data('object-label'));
31
33
  }
32
34
  });
33
35
 
data/app/assets/javascripts/rails_admin/ra.widgets.js CHANGED
@@ -137,7 +137,11 @@
137
137
  toggler = field.find('> .controls > .btn-group > .toggler');
138
138
  tab_content.children('.fields:not(.tab-pane)').addClass('tab-pane').each(function() {
139
139
  $(this).attr('id', 'unique-id-' + (new Date().getTime()) + Math.floor(Math.random() * 100000));
140
- nav.append('<li><a data-toggle="tab" href="#' + this.id + '">' + $(this).children('.object-infos').data('object-label') + '</a></li>');
140
+ nav.append(
141
+ $('<li></li>').append(
142
+ $('<a></a>').attr('data-toggle', 'tab').attr('href', '#' + this.id).text($(this).children('.object-infos').data('object-label'))
143
+ )
144
+ );
141
145
  });
142
146
  if (nav.find("> li.active").length === 0) {
143
147
  nav.find("> li > a[data-toggle='tab']:first").tab('show');
@@ -165,8 +169,12 @@
165
169
  tab_content = field.find("> .tab-content");
166
170
  toggler = field.find('> .controls > .btn-group > .toggler');
167
171
  tab_content.children(".fields:not(.tab-pane)").addClass('tab-pane active').each(function() {
168
- field.find('> .controls .add_nested_fields').removeClass('add_nested_fields').html($(this).children('.object-infos').data('object-label'));
169
- nav.append('<li><a data-toggle="tab" href="#' + this.id + '">' + $(this).children('.object-infos').data('object-label') + '</a></li>');
172
+ field.find('> .controls .add_nested_fields').removeClass('add_nested_fields').text($(this).children('.object-infos').data('object-label'));
173
+ nav.append(
174
+ $('<li></li>').append(
175
+ $('<a></a>').attr('data-toggle', 'tab').attr('href', '#' + this.id).text($(this).children('.object-infos').data('object-label'))
176
+ )
177
+ );
170
178
  });
171
179
  first_tab = nav.find("> li > a[data-toggle='tab']:first");
172
180
  first_tab.tab('show');
data/app/views/rails_admin/main/index.html.haml CHANGED
@@ -53,7 +53,7 @@
53
53
  %button.btn.btn-primary{type: 'submit', :'data-disable-with' => '<i class="icon-white icon-refresh"></i> '.html_safe + t('admin.misc.refresh')}
54
54
  %i.icon-white.icon-refresh
55
55
  = t('admin.misc.refresh')
56
- %button#remove_filter.btn.btn-info{title: "Reset filters"}
56
+ %button#remove_filter.btn.btn-info{title: t('admin.misc.reset_filters')}
57
57
  %i.icon-white.icon-remove
58
58
  - if export_action
59
59
  %span{style: 'float:right'}= link_to wording_for(:link, export_action), export_path(params.except('set').except('page')), class: 'btn btn-info'
data/config/locales/rails_admin.en.yml CHANGED
@@ -29,6 +29,7 @@ en:
29
29
  misc:
30
30
  search: "Search"
31
31
  filter: "Filter"
32
+ reset_filters: "Reset filters"
32
33
  refresh: "Refresh"
33
34
  show_all: "Show all"
34
35
  add_filter: "Add filter"
data/lib/rails_admin/adapters/active_record/abstract_object.rb CHANGED
@@ -23,8 +23,8 @@ module RailsAdmin
23
23
  object.save(options)
24
24
  end
25
25
 
26
- def method_missing(name, *args, &block)
27
- object.send(name, *args, &block)
26
+ def method_missing(method_name, *args, &block)
27
+ object.send(method_name, *args, &block)
28
28
  end
29
29
  end
30
30
  end
data/lib/rails_admin/config/lazy_model.rb CHANGED
@@ -56,12 +56,12 @@ module RailsAdmin
56
56
  @model
57
57
  end
58
58
 
59
- def method_missing(method, *args, &block)
60
- target.send(method, *args, &block)
59
+ def method_missing(method_name, *args, &block)
60
+ target.send(method_name, *args, &block)
61
61
  end
62
62
 
63
- def respond_to?(method, include_private = false)
64
- super || target.respond_to?(method, include_private)
63
+ def respond_to?(method_name, include_private = false)
64
+ super || target.respond_to?(method_name, include_private)
65
65
  end
66
66
  end
67
67
  end
data/lib/rails_admin/config/model.rb CHANGED
@@ -100,8 +100,8 @@ module RailsAdmin
100
100
 
101
101
  # Act as a proxy for the base section configuration that actually
102
102
  # store the configurations.
103
- def method_missing(m, *args, &block)
104
- send(:base).send(m, *args, &block)
103
+ def method_missing(method_name, *args, &block)
104
+ send(:base).send(method_name, *args, &block)
105
105
  end
106
106
  end
107
107
  end
data/lib/rails_admin/config/proxyable/proxy.rb CHANGED
@@ -17,18 +17,18 @@ module RailsAdmin
17
17
  self
18
18
  end
19
19
 
20
- def method_missing(name, *args, &block)
21
- if @object.respond_to?(name)
20
+ def method_missing(method_name, *args, &block)
21
+ if @object.respond_to?(method_name)
22
22
  reset = @object.bindings
23
23
  begin
24
24
  @object.bindings = @bindings
25
- response = @object.__send__(name, *args, &block)
25
+ response = @object.__send__(method_name, *args, &block)
26
26
  ensure
27
27
  @object.bindings = reset
28
28
  end
29
29
  response
30
30
  else
31
- super(name, *args, &block)
31
+ super(method_name, *args, &block)
32
32
  end
33
33
  end
34
34
  end
data/lib/rails_admin/extension.rb CHANGED
@@ -33,7 +33,7 @@ module RailsAdmin
33
33
  (AUTHORIZATION_ADAPTERS.values + AUDITING_ADAPTERS.values).each do |klass|
34
34
  begin
35
35
  klass.setup if klass.respond_to? :setup
36
- rescue # rubocop:disable Lint/HandleExceptions
36
+ rescue # rubocop:disable Lint/HandleExceptions, Style/RescueStandardError
37
37
  # ignore errors
38
38
  end
39
39
  end
data/lib/rails_admin/version.rb CHANGED
@@ -2,7 +2,7 @@ module RailsAdmin
2
2
  class Version
3
3
  MAJOR = 2
4
4
  MINOR = 0
5
- PATCH = 1
5
+ PATCH = 2
6
6
  PRE = nil
7
7
 
8
8
  class << self
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rails_admin
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.0.1
4
+ version: 2.0.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Erik Michaels-Ober
@@ -12,7 +12,7 @@ authors:
12
12
  autorequire:
13
13
  bindir: bin
14
14
  cert_chain: []
15
- date: 2019-12-31 00:00:00.000000000 Z
15
+ date: 2020-03-17 00:00:00.000000000 Z
16
16
  dependencies:
17
17
  - !ruby/object:Gem::Dependency
18
18
  name: builder