sprockets 2.2.1 → 2.2.3

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of sprockets might be problematic. Click here for more details.

checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA1:
3
+ metadata.gz: be373494a4e64c06e55a9ad11e2c9efae09f1492
4
+ data.tar.gz: b683ce4b0ed64e683ea98d0b5af268bdeca3f584
5
+ SHA512:
6
+ metadata.gz: fa430704b4ef87304b8a128cb83fbb64c66e24d0bdae3d9e9e343bbebd56bf8823f65cba4a0ad1eb33204308c814910ebdd9c2b570c33fbbf89a2fadd2383b33
7
+ data.tar.gz: 785eb7a9f36afa38e6f010a573240768a9620ed216f4b20614835ffe9564d258a0e5340c9e8dbf3b538e8b960d9f7fd22342581b5e597dbbfc4e892bac7f7d3a
@@ -126,7 +126,7 @@ module Sprockets
126
126
  @directives ||= header.lines.each_with_index.map { |line, index|
127
127
  if directive = line[DIRECTIVE_PATTERN, 1]
128
128
  name, *args = Shellwords.shellwords(directive)
129
- if respond_to?("process_#{name}_directive")
129
+ if respond_to?("process_#{name}_directive", true)
130
130
  [index + 1, name, *args]
131
131
  end
132
132
  end
@@ -33,16 +33,16 @@ module Sprockets
33
33
  # Extract the path from everything after the leading slash
34
34
  path = unescape(env['PATH_INFO'].to_s.sub(/^\//, ''))
35
35
 
36
- # URLs containing a `".."` are rejected for security reasons.
37
- if forbidden_request?(path)
38
- return forbidden_response
39
- end
40
-
41
36
  # Strip fingerprint
42
37
  if fingerprint = path_fingerprint(path)
43
38
  path = path.sub("-#{fingerprint}", '')
44
39
  end
45
40
 
41
+ # URLs containing a `".."` are rejected for security reasons.
42
+ if forbidden_request?(path)
43
+ return forbidden_response
44
+ end
45
+
46
46
  # Look up the asset.
47
47
  asset = find_asset(path, :bundle => !body_only?(env))
48
48
 
@@ -90,7 +90,7 @@ module Sprockets
90
90
  #
91
91
  # http://example.org/assets/../../../etc/passwd
92
92
  #
93
- path.include?("..")
93
+ path.include?("..") || Pathname.new(path).absolute?
94
94
  end
95
95
 
96
96
  # Returns a 403 Forbidden response tuple
@@ -222,7 +222,7 @@ module Sprockets
222
222
  # # => "0aa2105d29558f3eb790d411d7d8fb66"
223
223
  #
224
224
  def path_fingerprint(path)
225
- path[/-([0-9a-f]{7,40})\.[^.]+$/, 1]
225
+ path[/-([0-9a-f]{7,40})\.[^.]+\z/, 1]
226
226
  end
227
227
 
228
228
  # URI.unescape is deprecated on 1.9. We need to use URI::Parser
@@ -1,3 +1,3 @@
1
1
  module Sprockets
2
- VERSION = "2.2.1"
2
+ VERSION = "2.2.3"
3
3
  end
metadata CHANGED
@@ -1,223 +1,205 @@
1
- --- !ruby/object:Gem::Specification
1
+ --- !ruby/object:Gem::Specification
2
2
  name: sprockets
3
- version: !ruby/object:Gem::Version
4
- hash: 5
5
- prerelease:
6
- segments:
7
- - 2
8
- - 2
9
- - 1
10
- version: 2.2.1
3
+ version: !ruby/object:Gem::Version
4
+ version: 2.2.3
11
5
  platform: ruby
12
- authors:
6
+ authors:
13
7
  - Sam Stephenson
14
8
  - Joshua Peek
15
9
  autorequire:
16
10
  bindir: bin
17
11
  cert_chain: []
18
-
19
- date: 2012-04-26 00:00:00 Z
20
- dependencies:
21
- - !ruby/object:Gem::Dependency
12
+ date: 2014-10-28 00:00:00.000000000 Z
13
+ dependencies:
14
+ - !ruby/object:Gem::Dependency
22
15
  name: hike
23
- prerelease: false
24
- requirement: &id001 !ruby/object:Gem::Requirement
25
- none: false
26
- requirements:
27
- - - ~>
28
- - !ruby/object:Gem::Version
29
- hash: 11
30
- segments:
31
- - 1
32
- - 2
33
- version: "1.2"
16
+ requirement: !ruby/object:Gem::Requirement
17
+ requirements:
18
+ - - "~>"
19
+ - !ruby/object:Gem::Version
20
+ version: '1.2'
34
21
  type: :runtime
35
- version_requirements: *id001
36
- - !ruby/object:Gem::Dependency
37
- name: multi_json
38
22
  prerelease: false
39
- requirement: &id002 !ruby/object:Gem::Requirement
40
- none: false
41
- requirements:
42
- - - ~>
43
- - !ruby/object:Gem::Version
44
- hash: 15
45
- segments:
46
- - 1
47
- - 0
48
- version: "1.0"
23
+ version_requirements: !ruby/object:Gem::Requirement
24
+ requirements:
25
+ - - "~>"
26
+ - !ruby/object:Gem::Version
27
+ version: '1.2'
28
+ - !ruby/object:Gem::Dependency
29
+ name: multi_json
30
+ requirement: !ruby/object:Gem::Requirement
31
+ requirements:
32
+ - - "~>"
33
+ - !ruby/object:Gem::Version
34
+ version: '1.0'
49
35
  type: :runtime
50
- version_requirements: *id002
51
- - !ruby/object:Gem::Dependency
52
- name: rack
53
36
  prerelease: false
54
- requirement: &id003 !ruby/object:Gem::Requirement
55
- none: false
56
- requirements:
57
- - - ~>
58
- - !ruby/object:Gem::Version
59
- hash: 15
60
- segments:
61
- - 1
62
- - 0
63
- version: "1.0"
37
+ version_requirements: !ruby/object:Gem::Requirement
38
+ requirements:
39
+ - - "~>"
40
+ - !ruby/object:Gem::Version
41
+ version: '1.0'
42
+ - !ruby/object:Gem::Dependency
43
+ name: rack
44
+ requirement: !ruby/object:Gem::Requirement
45
+ requirements:
46
+ - - "~>"
47
+ - !ruby/object:Gem::Version
48
+ version: '1.0'
64
49
  type: :runtime
65
- version_requirements: *id003
66
- - !ruby/object:Gem::Dependency
67
- name: tilt
68
50
  prerelease: false
69
- requirement: &id004 !ruby/object:Gem::Requirement
70
- none: false
71
- requirements:
72
- - - ~>
73
- - !ruby/object:Gem::Version
74
- hash: 13
75
- segments:
76
- - 1
77
- - 1
78
- version: "1.1"
51
+ version_requirements: !ruby/object:Gem::Requirement
52
+ requirements:
53
+ - - "~>"
54
+ - !ruby/object:Gem::Version
55
+ version: '1.0'
56
+ - !ruby/object:Gem::Dependency
57
+ name: tilt
58
+ requirement: !ruby/object:Gem::Requirement
59
+ requirements:
60
+ - - "~>"
61
+ - !ruby/object:Gem::Version
62
+ version: '1.1'
79
63
  - - "!="
80
- - !ruby/object:Gem::Version
81
- hash: 27
82
- segments:
83
- - 1
84
- - 3
85
- - 0
64
+ - !ruby/object:Gem::Version
86
65
  version: 1.3.0
87
66
  type: :runtime
88
- version_requirements: *id004
89
- - !ruby/object:Gem::Dependency
90
- name: coffee-script
91
67
  prerelease: false
92
- requirement: &id005 !ruby/object:Gem::Requirement
93
- none: false
94
- requirements:
95
- - - ~>
96
- - !ruby/object:Gem::Version
97
- hash: 3
98
- segments:
99
- - 2
100
- - 0
101
- version: "2.0"
68
+ version_requirements: !ruby/object:Gem::Requirement
69
+ requirements:
70
+ - - "~>"
71
+ - !ruby/object:Gem::Version
72
+ version: '1.1'
73
+ - - "!="
74
+ - !ruby/object:Gem::Version
75
+ version: 1.3.0
76
+ - !ruby/object:Gem::Dependency
77
+ name: coffee-script
78
+ requirement: !ruby/object:Gem::Requirement
79
+ requirements:
80
+ - - "~>"
81
+ - !ruby/object:Gem::Version
82
+ version: '2.0'
102
83
  type: :development
103
- version_requirements: *id005
104
- - !ruby/object:Gem::Dependency
105
- name: coffee-script-source
106
84
  prerelease: false
107
- requirement: &id006 !ruby/object:Gem::Requirement
108
- none: false
109
- requirements:
110
- - - ~>
111
- - !ruby/object:Gem::Version
112
- hash: 31
113
- segments:
114
- - 1
115
- - 2
116
- - 0
85
+ version_requirements: !ruby/object:Gem::Requirement
86
+ requirements:
87
+ - - "~>"
88
+ - !ruby/object:Gem::Version
89
+ version: '2.0'
90
+ - !ruby/object:Gem::Dependency
91
+ name: coffee-script-source
92
+ requirement: !ruby/object:Gem::Requirement
93
+ requirements:
94
+ - - "~>"
95
+ - !ruby/object:Gem::Version
117
96
  version: 1.2.0
118
97
  type: :development
119
- version_requirements: *id006
120
- - !ruby/object:Gem::Dependency
121
- name: eco
122
98
  prerelease: false
123
- requirement: &id007 !ruby/object:Gem::Requirement
124
- none: false
125
- requirements:
126
- - - ~>
127
- - !ruby/object:Gem::Version
128
- hash: 15
129
- segments:
130
- - 1
131
- - 0
132
- version: "1.0"
99
+ version_requirements: !ruby/object:Gem::Requirement
100
+ requirements:
101
+ - - "~>"
102
+ - !ruby/object:Gem::Version
103
+ version: 1.2.0
104
+ - !ruby/object:Gem::Dependency
105
+ name: eco
106
+ requirement: !ruby/object:Gem::Requirement
107
+ requirements:
108
+ - - "~>"
109
+ - !ruby/object:Gem::Version
110
+ version: '1.0'
133
111
  type: :development
134
- version_requirements: *id007
135
- - !ruby/object:Gem::Dependency
136
- name: ejs
137
112
  prerelease: false
138
- requirement: &id008 !ruby/object:Gem::Requirement
139
- none: false
140
- requirements:
141
- - - ~>
142
- - !ruby/object:Gem::Version
143
- hash: 15
144
- segments:
145
- - 1
146
- - 0
147
- version: "1.0"
113
+ version_requirements: !ruby/object:Gem::Requirement
114
+ requirements:
115
+ - - "~>"
116
+ - !ruby/object:Gem::Version
117
+ version: '1.0'
118
+ - !ruby/object:Gem::Dependency
119
+ name: ejs
120
+ requirement: !ruby/object:Gem::Requirement
121
+ requirements:
122
+ - - "~>"
123
+ - !ruby/object:Gem::Version
124
+ version: '1.0'
148
125
  type: :development
149
- version_requirements: *id008
150
- - !ruby/object:Gem::Dependency
151
- name: execjs
152
126
  prerelease: false
153
- requirement: &id009 !ruby/object:Gem::Requirement
154
- none: false
155
- requirements:
156
- - - ~>
157
- - !ruby/object:Gem::Version
158
- hash: 15
159
- segments:
160
- - 1
161
- - 0
162
- version: "1.0"
127
+ version_requirements: !ruby/object:Gem::Requirement
128
+ requirements:
129
+ - - "~>"
130
+ - !ruby/object:Gem::Version
131
+ version: '1.0'
132
+ - !ruby/object:Gem::Dependency
133
+ name: execjs
134
+ requirement: !ruby/object:Gem::Requirement
135
+ requirements:
136
+ - - "~>"
137
+ - !ruby/object:Gem::Version
138
+ version: '1.0'
163
139
  type: :development
164
- version_requirements: *id009
165
- - !ruby/object:Gem::Dependency
166
- name: json
167
140
  prerelease: false
168
- requirement: &id010 !ruby/object:Gem::Requirement
169
- none: false
170
- requirements:
141
+ version_requirements: !ruby/object:Gem::Requirement
142
+ requirements:
143
+ - - "~>"
144
+ - !ruby/object:Gem::Version
145
+ version: '1.0'
146
+ - !ruby/object:Gem::Dependency
147
+ name: json
148
+ requirement: !ruby/object:Gem::Requirement
149
+ requirements:
171
150
  - - ">="
172
- - !ruby/object:Gem::Version
173
- hash: 3
174
- segments:
175
- - 0
176
- version: "0"
151
+ - !ruby/object:Gem::Version
152
+ version: '0'
177
153
  type: :development
178
- version_requirements: *id010
179
- - !ruby/object:Gem::Dependency
180
- name: rack-test
181
154
  prerelease: false
182
- requirement: &id011 !ruby/object:Gem::Requirement
183
- none: false
184
- requirements:
155
+ version_requirements: !ruby/object:Gem::Requirement
156
+ requirements:
185
157
  - - ">="
186
- - !ruby/object:Gem::Version
187
- hash: 3
188
- segments:
189
- - 0
190
- version: "0"
158
+ - !ruby/object:Gem::Version
159
+ version: '0'
160
+ - !ruby/object:Gem::Dependency
161
+ name: rack-test
162
+ requirement: !ruby/object:Gem::Requirement
163
+ requirements:
164
+ - - ">="
165
+ - !ruby/object:Gem::Version
166
+ version: '0'
191
167
  type: :development
192
- version_requirements: *id011
193
- - !ruby/object:Gem::Dependency
194
- name: rake
195
168
  prerelease: false
196
- requirement: &id012 !ruby/object:Gem::Requirement
197
- none: false
198
- requirements:
169
+ version_requirements: !ruby/object:Gem::Requirement
170
+ requirements:
171
+ - - ">="
172
+ - !ruby/object:Gem::Version
173
+ version: '0'
174
+ - !ruby/object:Gem::Dependency
175
+ name: rake
176
+ requirement: !ruby/object:Gem::Requirement
177
+ requirements:
199
178
  - - ">="
200
- - !ruby/object:Gem::Version
201
- hash: 3
202
- segments:
203
- - 0
204
- version: "0"
179
+ - !ruby/object:Gem::Version
180
+ version: '0'
205
181
  type: :development
206
- version_requirements: *id012
207
- description: Sprockets is a Rack-based asset packaging system that concatenates and serves JavaScript, CoffeeScript, CSS, LESS, Sass, and SCSS.
208
- email:
182
+ prerelease: false
183
+ version_requirements: !ruby/object:Gem::Requirement
184
+ requirements:
185
+ - - ">="
186
+ - !ruby/object:Gem::Version
187
+ version: '0'
188
+ description: Sprockets is a Rack-based asset packaging system that concatenates and
189
+ serves JavaScript, CoffeeScript, CSS, LESS, Sass, and SCSS.
190
+ email:
209
191
  - sstephenson@gmail.com
210
192
  - josh@joshpeek.com
211
- executables:
193
+ executables:
212
194
  - sprockets
213
195
  extensions: []
214
-
215
196
  extra_rdoc_files: []
216
-
217
- files:
218
- - README.md
197
+ files:
219
198
  - LICENSE
199
+ - README.md
200
+ - bin/sprockets
220
201
  - lib/rake/sprocketstask.rb
202
+ - lib/sprockets.rb
221
203
  - lib/sprockets/asset.rb
222
204
  - lib/sprockets/asset_attributes.rb
223
205
  - lib/sprockets/base.rb
@@ -245,40 +227,27 @@ files:
245
227
  - lib/sprockets/trail.rb
246
228
  - lib/sprockets/utils.rb
247
229
  - lib/sprockets/version.rb
248
- - lib/sprockets.rb
249
- - bin/sprockets
250
230
  homepage: http://getsprockets.org/
251
231
  licenses: []
252
-
232
+ metadata: {}
253
233
  post_install_message:
254
234
  rdoc_options: []
255
-
256
- require_paths:
235
+ require_paths:
257
236
  - lib
258
- required_ruby_version: !ruby/object:Gem::Requirement
259
- none: false
260
- requirements:
237
+ required_ruby_version: !ruby/object:Gem::Requirement
238
+ requirements:
261
239
  - - ">="
262
- - !ruby/object:Gem::Version
263
- hash: 3
264
- segments:
265
- - 0
266
- version: "0"
267
- required_rubygems_version: !ruby/object:Gem::Requirement
268
- none: false
269
- requirements:
240
+ - !ruby/object:Gem::Version
241
+ version: '0'
242
+ required_rubygems_version: !ruby/object:Gem::Requirement
243
+ requirements:
270
244
  - - ">="
271
- - !ruby/object:Gem::Version
272
- hash: 3
273
- segments:
274
- - 0
275
- version: "0"
245
+ - !ruby/object:Gem::Version
246
+ version: '0'
276
247
  requirements: []
277
-
278
248
  rubyforge_project: sprockets
279
- rubygems_version: 1.8.15
249
+ rubygems_version: 2.2.2
280
250
  signing_key:
281
- specification_version: 3
251
+ specification_version: 4
282
252
  summary: Rack-based asset packaging system
283
253
  test_files: []
284
-