sprockets 2.2.0 → 2.2.3

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of sprockets might be problematic. Click here for more details.

checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA1:
3
+ metadata.gz: be373494a4e64c06e55a9ad11e2c9efae09f1492
4
+ data.tar.gz: b683ce4b0ed64e683ea98d0b5af268bdeca3f584
5
+ SHA512:
6
+ metadata.gz: fa430704b4ef87304b8a128cb83fbb64c66e24d0bdae3d9e9e343bbebd56bf8823f65cba4a0ad1eb33204308c814910ebdd9c2b570c33fbbf89a2fadd2383b33
7
+ data.tar.gz: 785eb7a9f36afa38e6f010a573240768a9620ed216f4b20614835ffe9564d258a0e5340c9e8dbf3b538e8b960d9f7fd22342581b5e597dbbfc4e892bac7f7d3a
@@ -126,7 +126,7 @@ module Sprockets
126
126
  @directives ||= header.lines.each_with_index.map { |line, index|
127
127
  if directive = line[DIRECTIVE_PATTERN, 1]
128
128
  name, *args = Shellwords.shellwords(directive)
129
- if respond_to?("process_#{name}_directive")
129
+ if respond_to?("process_#{name}_directive", true)
130
130
  [index + 1, name, *args]
131
131
  end
132
132
  end
@@ -25,11 +25,6 @@ module Sprockets
25
25
 
26
26
  msg = "Served asset #{env['PATH_INFO']} -"
27
27
 
28
- # URLs containing a `".."` are rejected for security reasons.
29
- if forbidden_request?(env)
30
- return forbidden_response
31
- end
32
-
33
28
  # Mark session as "skipped" so no `Set-Cookie` header is set
34
29
  env['rack.session.options'] ||= {}
35
30
  env['rack.session.options'][:defer] = true
@@ -43,6 +38,11 @@ module Sprockets
43
38
  path = path.sub("-#{fingerprint}", '')
44
39
  end
45
40
 
41
+ # URLs containing a `".."` are rejected for security reasons.
42
+ if forbidden_request?(path)
43
+ return forbidden_response
44
+ end
45
+
46
46
  # Look up the asset.
47
47
  asset = find_asset(path, :bundle => !body_only?(env))
48
48
 
@@ -85,12 +85,12 @@ module Sprockets
85
85
  end
86
86
 
87
87
  private
88
- def forbidden_request?(env)
88
+ def forbidden_request?(path)
89
89
  # Prevent access to files elsewhere on the file system
90
90
  #
91
91
  # http://example.org/assets/../../../etc/passwd
92
92
  #
93
- env["PATH_INFO"].include?("..")
93
+ path.include?("..") || Pathname.new(path).absolute?
94
94
  end
95
95
 
96
96
  # Returns a 403 Forbidden response tuple
@@ -222,7 +222,7 @@ module Sprockets
222
222
  # # => "0aa2105d29558f3eb790d411d7d8fb66"
223
223
  #
224
224
  def path_fingerprint(path)
225
- path[/-([0-9a-f]{7,40})\.[^.]+$/, 1]
225
+ path[/-([0-9a-f]{7,40})\.[^.]+\z/, 1]
226
226
  end
227
227
 
228
228
  # URI.unescape is deprecated on 1.9. We need to use URI::Parser
@@ -1,3 +1,3 @@
1
1
  module Sprockets
2
- VERSION = "2.2.0"
2
+ VERSION = "2.2.3"
3
3
  end
metadata CHANGED
@@ -1,224 +1,205 @@
1
- --- !ruby/object:Gem::Specification
1
+ --- !ruby/object:Gem::Specification
2
2
  name: sprockets
3
- version: !ruby/object:Gem::Version
4
- hash: 7
5
- prerelease:
6
- segments:
7
- - 2
8
- - 2
9
- - 0
10
- version: 2.2.0
3
+ version: !ruby/object:Gem::Version
4
+ version: 2.2.3
11
5
  platform: ruby
12
- authors:
6
+ authors:
13
7
  - Sam Stephenson
14
8
  - Joshua Peek
15
9
  autorequire:
16
10
  bindir: bin
17
11
  cert_chain: []
18
-
19
- date: 2012-01-10 00:00:00 -06:00
20
- default_executable:
21
- dependencies:
22
- - !ruby/object:Gem::Dependency
12
+ date: 2014-10-28 00:00:00.000000000 Z
13
+ dependencies:
14
+ - !ruby/object:Gem::Dependency
23
15
  name: hike
24
- prerelease: false
25
- requirement: &id001 !ruby/object:Gem::Requirement
26
- none: false
27
- requirements:
28
- - - ~>
29
- - !ruby/object:Gem::Version
30
- hash: 11
31
- segments:
32
- - 1
33
- - 2
34
- version: "1.2"
16
+ requirement: !ruby/object:Gem::Requirement
17
+ requirements:
18
+ - - "~>"
19
+ - !ruby/object:Gem::Version
20
+ version: '1.2'
35
21
  type: :runtime
36
- version_requirements: *id001
37
- - !ruby/object:Gem::Dependency
38
- name: multi_json
39
22
  prerelease: false
40
- requirement: &id002 !ruby/object:Gem::Requirement
41
- none: false
42
- requirements:
43
- - - ~>
44
- - !ruby/object:Gem::Version
45
- hash: 15
46
- segments:
47
- - 1
48
- - 0
49
- version: "1.0"
23
+ version_requirements: !ruby/object:Gem::Requirement
24
+ requirements:
25
+ - - "~>"
26
+ - !ruby/object:Gem::Version
27
+ version: '1.2'
28
+ - !ruby/object:Gem::Dependency
29
+ name: multi_json
30
+ requirement: !ruby/object:Gem::Requirement
31
+ requirements:
32
+ - - "~>"
33
+ - !ruby/object:Gem::Version
34
+ version: '1.0'
50
35
  type: :runtime
51
- version_requirements: *id002
52
- - !ruby/object:Gem::Dependency
53
- name: rack
54
36
  prerelease: false
55
- requirement: &id003 !ruby/object:Gem::Requirement
56
- none: false
57
- requirements:
58
- - - ~>
59
- - !ruby/object:Gem::Version
60
- hash: 15
61
- segments:
62
- - 1
63
- - 0
64
- version: "1.0"
37
+ version_requirements: !ruby/object:Gem::Requirement
38
+ requirements:
39
+ - - "~>"
40
+ - !ruby/object:Gem::Version
41
+ version: '1.0'
42
+ - !ruby/object:Gem::Dependency
43
+ name: rack
44
+ requirement: !ruby/object:Gem::Requirement
45
+ requirements:
46
+ - - "~>"
47
+ - !ruby/object:Gem::Version
48
+ version: '1.0'
65
49
  type: :runtime
66
- version_requirements: *id003
67
- - !ruby/object:Gem::Dependency
68
- name: tilt
69
50
  prerelease: false
70
- requirement: &id004 !ruby/object:Gem::Requirement
71
- none: false
72
- requirements:
73
- - - ~>
74
- - !ruby/object:Gem::Version
75
- hash: 13
76
- segments:
77
- - 1
78
- - 1
79
- version: "1.1"
51
+ version_requirements: !ruby/object:Gem::Requirement
52
+ requirements:
53
+ - - "~>"
54
+ - !ruby/object:Gem::Version
55
+ version: '1.0'
56
+ - !ruby/object:Gem::Dependency
57
+ name: tilt
58
+ requirement: !ruby/object:Gem::Requirement
59
+ requirements:
60
+ - - "~>"
61
+ - !ruby/object:Gem::Version
62
+ version: '1.1'
80
63
  - - "!="
81
- - !ruby/object:Gem::Version
82
- hash: 27
83
- segments:
84
- - 1
85
- - 3
86
- - 0
64
+ - !ruby/object:Gem::Version
87
65
  version: 1.3.0
88
66
  type: :runtime
89
- version_requirements: *id004
90
- - !ruby/object:Gem::Dependency
91
- name: coffee-script
92
67
  prerelease: false
93
- requirement: &id005 !ruby/object:Gem::Requirement
94
- none: false
95
- requirements:
96
- - - ~>
97
- - !ruby/object:Gem::Version
98
- hash: 3
99
- segments:
100
- - 2
101
- - 0
102
- version: "2.0"
68
+ version_requirements: !ruby/object:Gem::Requirement
69
+ requirements:
70
+ - - "~>"
71
+ - !ruby/object:Gem::Version
72
+ version: '1.1'
73
+ - - "!="
74
+ - !ruby/object:Gem::Version
75
+ version: 1.3.0
76
+ - !ruby/object:Gem::Dependency
77
+ name: coffee-script
78
+ requirement: !ruby/object:Gem::Requirement
79
+ requirements:
80
+ - - "~>"
81
+ - !ruby/object:Gem::Version
82
+ version: '2.0'
103
83
  type: :development
104
- version_requirements: *id005
105
- - !ruby/object:Gem::Dependency
106
- name: coffee-script-source
107
84
  prerelease: false
108
- requirement: &id006 !ruby/object:Gem::Requirement
109
- none: false
110
- requirements:
111
- - - ~>
112
- - !ruby/object:Gem::Version
113
- hash: 31
114
- segments:
115
- - 1
116
- - 2
117
- - 0
85
+ version_requirements: !ruby/object:Gem::Requirement
86
+ requirements:
87
+ - - "~>"
88
+ - !ruby/object:Gem::Version
89
+ version: '2.0'
90
+ - !ruby/object:Gem::Dependency
91
+ name: coffee-script-source
92
+ requirement: !ruby/object:Gem::Requirement
93
+ requirements:
94
+ - - "~>"
95
+ - !ruby/object:Gem::Version
118
96
  version: 1.2.0
119
97
  type: :development
120
- version_requirements: *id006
121
- - !ruby/object:Gem::Dependency
122
- name: eco
123
98
  prerelease: false
124
- requirement: &id007 !ruby/object:Gem::Requirement
125
- none: false
126
- requirements:
127
- - - ~>
128
- - !ruby/object:Gem::Version
129
- hash: 15
130
- segments:
131
- - 1
132
- - 0
133
- version: "1.0"
99
+ version_requirements: !ruby/object:Gem::Requirement
100
+ requirements:
101
+ - - "~>"
102
+ - !ruby/object:Gem::Version
103
+ version: 1.2.0
104
+ - !ruby/object:Gem::Dependency
105
+ name: eco
106
+ requirement: !ruby/object:Gem::Requirement
107
+ requirements:
108
+ - - "~>"
109
+ - !ruby/object:Gem::Version
110
+ version: '1.0'
134
111
  type: :development
135
- version_requirements: *id007
136
- - !ruby/object:Gem::Dependency
137
- name: ejs
138
112
  prerelease: false
139
- requirement: &id008 !ruby/object:Gem::Requirement
140
- none: false
141
- requirements:
142
- - - ~>
143
- - !ruby/object:Gem::Version
144
- hash: 15
145
- segments:
146
- - 1
147
- - 0
148
- version: "1.0"
113
+ version_requirements: !ruby/object:Gem::Requirement
114
+ requirements:
115
+ - - "~>"
116
+ - !ruby/object:Gem::Version
117
+ version: '1.0'
118
+ - !ruby/object:Gem::Dependency
119
+ name: ejs
120
+ requirement: !ruby/object:Gem::Requirement
121
+ requirements:
122
+ - - "~>"
123
+ - !ruby/object:Gem::Version
124
+ version: '1.0'
149
125
  type: :development
150
- version_requirements: *id008
151
- - !ruby/object:Gem::Dependency
152
- name: execjs
153
126
  prerelease: false
154
- requirement: &id009 !ruby/object:Gem::Requirement
155
- none: false
156
- requirements:
157
- - - ~>
158
- - !ruby/object:Gem::Version
159
- hash: 15
160
- segments:
161
- - 1
162
- - 0
163
- version: "1.0"
127
+ version_requirements: !ruby/object:Gem::Requirement
128
+ requirements:
129
+ - - "~>"
130
+ - !ruby/object:Gem::Version
131
+ version: '1.0'
132
+ - !ruby/object:Gem::Dependency
133
+ name: execjs
134
+ requirement: !ruby/object:Gem::Requirement
135
+ requirements:
136
+ - - "~>"
137
+ - !ruby/object:Gem::Version
138
+ version: '1.0'
164
139
  type: :development
165
- version_requirements: *id009
166
- - !ruby/object:Gem::Dependency
167
- name: json
168
140
  prerelease: false
169
- requirement: &id010 !ruby/object:Gem::Requirement
170
- none: false
171
- requirements:
141
+ version_requirements: !ruby/object:Gem::Requirement
142
+ requirements:
143
+ - - "~>"
144
+ - !ruby/object:Gem::Version
145
+ version: '1.0'
146
+ - !ruby/object:Gem::Dependency
147
+ name: json
148
+ requirement: !ruby/object:Gem::Requirement
149
+ requirements:
172
150
  - - ">="
173
- - !ruby/object:Gem::Version
174
- hash: 3
175
- segments:
176
- - 0
177
- version: "0"
151
+ - !ruby/object:Gem::Version
152
+ version: '0'
178
153
  type: :development
179
- version_requirements: *id010
180
- - !ruby/object:Gem::Dependency
181
- name: rack-test
182
154
  prerelease: false
183
- requirement: &id011 !ruby/object:Gem::Requirement
184
- none: false
185
- requirements:
155
+ version_requirements: !ruby/object:Gem::Requirement
156
+ requirements:
186
157
  - - ">="
187
- - !ruby/object:Gem::Version
188
- hash: 3
189
- segments:
190
- - 0
191
- version: "0"
158
+ - !ruby/object:Gem::Version
159
+ version: '0'
160
+ - !ruby/object:Gem::Dependency
161
+ name: rack-test
162
+ requirement: !ruby/object:Gem::Requirement
163
+ requirements:
164
+ - - ">="
165
+ - !ruby/object:Gem::Version
166
+ version: '0'
192
167
  type: :development
193
- version_requirements: *id011
194
- - !ruby/object:Gem::Dependency
195
- name: rake
196
168
  prerelease: false
197
- requirement: &id012 !ruby/object:Gem::Requirement
198
- none: false
199
- requirements:
169
+ version_requirements: !ruby/object:Gem::Requirement
170
+ requirements:
171
+ - - ">="
172
+ - !ruby/object:Gem::Version
173
+ version: '0'
174
+ - !ruby/object:Gem::Dependency
175
+ name: rake
176
+ requirement: !ruby/object:Gem::Requirement
177
+ requirements:
200
178
  - - ">="
201
- - !ruby/object:Gem::Version
202
- hash: 3
203
- segments:
204
- - 0
205
- version: "0"
179
+ - !ruby/object:Gem::Version
180
+ version: '0'
206
181
  type: :development
207
- version_requirements: *id012
208
- description: Sprockets is a Rack-based asset packaging system that concatenates and serves JavaScript, CoffeeScript, CSS, LESS, Sass, and SCSS.
209
- email:
182
+ prerelease: false
183
+ version_requirements: !ruby/object:Gem::Requirement
184
+ requirements:
185
+ - - ">="
186
+ - !ruby/object:Gem::Version
187
+ version: '0'
188
+ description: Sprockets is a Rack-based asset packaging system that concatenates and
189
+ serves JavaScript, CoffeeScript, CSS, LESS, Sass, and SCSS.
190
+ email:
210
191
  - sstephenson@gmail.com
211
192
  - josh@joshpeek.com
212
- executables:
193
+ executables:
213
194
  - sprockets
214
195
  extensions: []
215
-
216
196
  extra_rdoc_files: []
217
-
218
- files:
219
- - README.md
197
+ files:
220
198
  - LICENSE
199
+ - README.md
200
+ - bin/sprockets
221
201
  - lib/rake/sprocketstask.rb
202
+ - lib/sprockets.rb
222
203
  - lib/sprockets/asset.rb
223
204
  - lib/sprockets/asset_attributes.rb
224
205
  - lib/sprockets/base.rb
@@ -246,41 +227,27 @@ files:
246
227
  - lib/sprockets/trail.rb
247
228
  - lib/sprockets/utils.rb
248
229
  - lib/sprockets/version.rb
249
- - lib/sprockets.rb
250
- - bin/sprockets
251
- has_rdoc: true
252
230
  homepage: http://getsprockets.org/
253
231
  licenses: []
254
-
232
+ metadata: {}
255
233
  post_install_message:
256
234
  rdoc_options: []
257
-
258
- require_paths:
235
+ require_paths:
259
236
  - lib
260
- required_ruby_version: !ruby/object:Gem::Requirement
261
- none: false
262
- requirements:
237
+ required_ruby_version: !ruby/object:Gem::Requirement
238
+ requirements:
263
239
  - - ">="
264
- - !ruby/object:Gem::Version
265
- hash: 3
266
- segments:
267
- - 0
268
- version: "0"
269
- required_rubygems_version: !ruby/object:Gem::Requirement
270
- none: false
271
- requirements:
240
+ - !ruby/object:Gem::Version
241
+ version: '0'
242
+ required_rubygems_version: !ruby/object:Gem::Requirement
243
+ requirements:
272
244
  - - ">="
273
- - !ruby/object:Gem::Version
274
- hash: 3
275
- segments:
276
- - 0
277
- version: "0"
245
+ - !ruby/object:Gem::Version
246
+ version: '0'
278
247
  requirements: []
279
-
280
248
  rubyforge_project: sprockets
281
- rubygems_version: 1.6.2
249
+ rubygems_version: 2.2.2
282
250
  signing_key:
283
- specification_version: 3
251
+ specification_version: 4
284
252
  summary: Rack-based asset packaging system
285
253
  test_files: []
286
-