sprockets 2.3.2 → 2.3.3

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of sprockets might be problematic. Click here for more details.

checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA1:
3
+ metadata.gz: 7d49453908a650a88e75856c3002fc529139583d
4
+ data.tar.gz: c4032fb6c3197b5872097d55365b1e3c8547369d
5
+ SHA512:
6
+ metadata.gz: eeaf6c406818a6736564bad41f732b7f45c18504625caa8e4a71cb0466e6238656ade799b1f4c4c1a5e37c4142f8180e0136cfa6489a88a93e59e70cbf9a5346
7
+ data.tar.gz: 1d3f359e15024afc8828d45f868b73a8685d21d69a9e93e4dfd57afb7a4043f5e06f84f49d714ebb879e0855ae6c866a83b042770756bf03dbf64fe2288fcfe5
@@ -33,16 +33,16 @@ module Sprockets
33
33
  # Extract the path from everything after the leading slash
34
34
  path = unescape(env['PATH_INFO'].to_s.sub(/^\//, ''))
35
35
 
36
- # URLs containing a `".."` are rejected for security reasons.
37
- if forbidden_request?(path)
38
- return forbidden_response
39
- end
40
-
41
36
  # Strip fingerprint
42
37
  if fingerprint = path_fingerprint(path)
43
38
  path = path.sub("-#{fingerprint}", '')
44
39
  end
45
40
 
41
+ # URLs containing a `".."` are rejected for security reasons.
42
+ if forbidden_request?(path)
43
+ return forbidden_response
44
+ end
45
+
46
46
  # Look up the asset.
47
47
  asset = find_asset(path, :bundle => !body_only?(env))
48
48
 
@@ -90,7 +90,7 @@ module Sprockets
90
90
  #
91
91
  # http://example.org/assets/../../../etc/passwd
92
92
  #
93
- path.include?("..")
93
+ path.include?("..") || Pathname.new(path).absolute?
94
94
  end
95
95
 
96
96
  # Returns a 403 Forbidden response tuple
@@ -222,7 +222,7 @@ module Sprockets
222
222
  # # => "0aa2105d29558f3eb790d411d7d8fb66"
223
223
  #
224
224
  def path_fingerprint(path)
225
- path[/-([0-9a-f]{7,40})\.[^.]+$/, 1]
225
+ path[/-([0-9a-f]{7,40})\.[^.]+\z/, 1]
226
226
  end
227
227
 
228
228
  # URI.unescape is deprecated on 1.9. We need to use URI::Parser
@@ -1,3 +1,3 @@
1
1
  module Sprockets
2
- VERSION = "2.3.2"
2
+ VERSION = "2.3.3"
3
3
  end
metadata CHANGED
@@ -1,239 +1,219 @@
1
- --- !ruby/object:Gem::Specification
1
+ --- !ruby/object:Gem::Specification
2
2
  name: sprockets
3
- version: !ruby/object:Gem::Version
4
- hash: 7
5
- prerelease:
6
- segments:
7
- - 2
8
- - 3
9
- - 2
10
- version: 2.3.2
3
+ version: !ruby/object:Gem::Version
4
+ version: 2.3.3
11
5
  platform: ruby
12
- authors:
6
+ authors:
13
7
  - Sam Stephenson
14
8
  - Joshua Peek
15
9
  autorequire:
16
10
  bindir: bin
17
11
  cert_chain: []
18
-
19
- date: 2012-03-26 00:00:00 -05:00
20
- default_executable:
21
- dependencies:
22
- - !ruby/object:Gem::Dependency
12
+ date: 2014-10-28 00:00:00.000000000 Z
13
+ dependencies:
14
+ - !ruby/object:Gem::Dependency
23
15
  name: hike
24
- prerelease: false
25
- requirement: &id001 !ruby/object:Gem::Requirement
26
- none: false
27
- requirements:
28
- - - ~>
29
- - !ruby/object:Gem::Version
30
- hash: 11
31
- segments:
32
- - 1
33
- - 2
34
- version: "1.2"
16
+ requirement: !ruby/object:Gem::Requirement
17
+ requirements:
18
+ - - "~>"
19
+ - !ruby/object:Gem::Version
20
+ version: '1.2'
35
21
  type: :runtime
36
- version_requirements: *id001
37
- - !ruby/object:Gem::Dependency
38
- name: multi_json
39
22
  prerelease: false
40
- requirement: &id002 !ruby/object:Gem::Requirement
41
- none: false
42
- requirements:
43
- - - ~>
44
- - !ruby/object:Gem::Version
45
- hash: 15
46
- segments:
47
- - 1
48
- - 0
49
- version: "1.0"
23
+ version_requirements: !ruby/object:Gem::Requirement
24
+ requirements:
25
+ - - "~>"
26
+ - !ruby/object:Gem::Version
27
+ version: '1.2'
28
+ - !ruby/object:Gem::Dependency
29
+ name: multi_json
30
+ requirement: !ruby/object:Gem::Requirement
31
+ requirements:
32
+ - - "~>"
33
+ - !ruby/object:Gem::Version
34
+ version: '1.0'
50
35
  type: :runtime
51
- version_requirements: *id002
52
- - !ruby/object:Gem::Dependency
53
- name: rack
54
36
  prerelease: false
55
- requirement: &id003 !ruby/object:Gem::Requirement
56
- none: false
57
- requirements:
58
- - - ~>
59
- - !ruby/object:Gem::Version
60
- hash: 15
61
- segments:
62
- - 1
63
- - 0
64
- version: "1.0"
37
+ version_requirements: !ruby/object:Gem::Requirement
38
+ requirements:
39
+ - - "~>"
40
+ - !ruby/object:Gem::Version
41
+ version: '1.0'
42
+ - !ruby/object:Gem::Dependency
43
+ name: rack
44
+ requirement: !ruby/object:Gem::Requirement
45
+ requirements:
46
+ - - "~>"
47
+ - !ruby/object:Gem::Version
48
+ version: '1.0'
65
49
  type: :runtime
66
- version_requirements: *id003
67
- - !ruby/object:Gem::Dependency
68
- name: tilt
69
50
  prerelease: false
70
- requirement: &id004 !ruby/object:Gem::Requirement
71
- none: false
72
- requirements:
73
- - - ~>
74
- - !ruby/object:Gem::Version
75
- hash: 13
76
- segments:
77
- - 1
78
- - 1
79
- version: "1.1"
51
+ version_requirements: !ruby/object:Gem::Requirement
52
+ requirements:
53
+ - - "~>"
54
+ - !ruby/object:Gem::Version
55
+ version: '1.0'
56
+ - !ruby/object:Gem::Dependency
57
+ name: tilt
58
+ requirement: !ruby/object:Gem::Requirement
59
+ requirements:
60
+ - - "~>"
61
+ - !ruby/object:Gem::Version
62
+ version: '1.1'
80
63
  - - "!="
81
- - !ruby/object:Gem::Version
82
- hash: 27
83
- segments:
84
- - 1
85
- - 3
86
- - 0
64
+ - !ruby/object:Gem::Version
87
65
  version: 1.3.0
88
66
  type: :runtime
89
- version_requirements: *id004
90
- - !ruby/object:Gem::Dependency
91
- name: coffee-script
92
67
  prerelease: false
93
- requirement: &id005 !ruby/object:Gem::Requirement
94
- none: false
95
- requirements:
96
- - - ~>
97
- - !ruby/object:Gem::Version
98
- hash: 3
99
- segments:
100
- - 2
101
- - 0
102
- version: "2.0"
68
+ version_requirements: !ruby/object:Gem::Requirement
69
+ requirements:
70
+ - - "~>"
71
+ - !ruby/object:Gem::Version
72
+ version: '1.1'
73
+ - - "!="
74
+ - !ruby/object:Gem::Version
75
+ version: 1.3.0
76
+ - !ruby/object:Gem::Dependency
77
+ name: coffee-script
78
+ requirement: !ruby/object:Gem::Requirement
79
+ requirements:
80
+ - - "~>"
81
+ - !ruby/object:Gem::Version
82
+ version: '2.0'
103
83
  type: :development
104
- version_requirements: *id005
105
- - !ruby/object:Gem::Dependency
106
- name: coffee-script-source
107
84
  prerelease: false
108
- requirement: &id006 !ruby/object:Gem::Requirement
109
- none: false
110
- requirements:
111
- - - ~>
112
- - !ruby/object:Gem::Version
113
- hash: 31
114
- segments:
115
- - 1
116
- - 2
117
- - 0
85
+ version_requirements: !ruby/object:Gem::Requirement
86
+ requirements:
87
+ - - "~>"
88
+ - !ruby/object:Gem::Version
89
+ version: '2.0'
90
+ - !ruby/object:Gem::Dependency
91
+ name: coffee-script-source
92
+ requirement: !ruby/object:Gem::Requirement
93
+ requirements:
94
+ - - "~>"
95
+ - !ruby/object:Gem::Version
118
96
  version: 1.2.0
119
97
  type: :development
120
- version_requirements: *id006
121
- - !ruby/object:Gem::Dependency
122
- name: eco
123
98
  prerelease: false
124
- requirement: &id007 !ruby/object:Gem::Requirement
125
- none: false
126
- requirements:
127
- - - ~>
128
- - !ruby/object:Gem::Version
129
- hash: 15
130
- segments:
131
- - 1
132
- - 0
133
- version: "1.0"
99
+ version_requirements: !ruby/object:Gem::Requirement
100
+ requirements:
101
+ - - "~>"
102
+ - !ruby/object:Gem::Version
103
+ version: 1.2.0
104
+ - !ruby/object:Gem::Dependency
105
+ name: eco
106
+ requirement: !ruby/object:Gem::Requirement
107
+ requirements:
108
+ - - "~>"
109
+ - !ruby/object:Gem::Version
110
+ version: '1.0'
134
111
  type: :development
135
- version_requirements: *id007
136
- - !ruby/object:Gem::Dependency
137
- name: ejs
138
112
  prerelease: false
139
- requirement: &id008 !ruby/object:Gem::Requirement
140
- none: false
141
- requirements:
142
- - - ~>
143
- - !ruby/object:Gem::Version
144
- hash: 15
145
- segments:
146
- - 1
147
- - 0
148
- version: "1.0"
113
+ version_requirements: !ruby/object:Gem::Requirement
114
+ requirements:
115
+ - - "~>"
116
+ - !ruby/object:Gem::Version
117
+ version: '1.0'
118
+ - !ruby/object:Gem::Dependency
119
+ name: ejs
120
+ requirement: !ruby/object:Gem::Requirement
121
+ requirements:
122
+ - - "~>"
123
+ - !ruby/object:Gem::Version
124
+ version: '1.0'
149
125
  type: :development
150
- version_requirements: *id008
151
- - !ruby/object:Gem::Dependency
152
- name: execjs
153
126
  prerelease: false
154
- requirement: &id009 !ruby/object:Gem::Requirement
155
- none: false
156
- requirements:
157
- - - ~>
158
- - !ruby/object:Gem::Version
159
- hash: 15
160
- segments:
161
- - 1
162
- - 0
163
- version: "1.0"
127
+ version_requirements: !ruby/object:Gem::Requirement
128
+ requirements:
129
+ - - "~>"
130
+ - !ruby/object:Gem::Version
131
+ version: '1.0'
132
+ - !ruby/object:Gem::Dependency
133
+ name: execjs
134
+ requirement: !ruby/object:Gem::Requirement
135
+ requirements:
136
+ - - "~>"
137
+ - !ruby/object:Gem::Version
138
+ version: '1.0'
164
139
  type: :development
165
- version_requirements: *id009
166
- - !ruby/object:Gem::Dependency
167
- name: json
168
140
  prerelease: false
169
- requirement: &id010 !ruby/object:Gem::Requirement
170
- none: false
171
- requirements:
141
+ version_requirements: !ruby/object:Gem::Requirement
142
+ requirements:
143
+ - - "~>"
144
+ - !ruby/object:Gem::Version
145
+ version: '1.0'
146
+ - !ruby/object:Gem::Dependency
147
+ name: json
148
+ requirement: !ruby/object:Gem::Requirement
149
+ requirements:
172
150
  - - ">="
173
- - !ruby/object:Gem::Version
174
- hash: 3
175
- segments:
176
- - 0
177
- version: "0"
151
+ - !ruby/object:Gem::Version
152
+ version: '0'
178
153
  type: :development
179
- version_requirements: *id010
180
- - !ruby/object:Gem::Dependency
181
- name: rack-test
182
154
  prerelease: false
183
- requirement: &id011 !ruby/object:Gem::Requirement
184
- none: false
185
- requirements:
155
+ version_requirements: !ruby/object:Gem::Requirement
156
+ requirements:
157
+ - - ">="
158
+ - !ruby/object:Gem::Version
159
+ version: '0'
160
+ - !ruby/object:Gem::Dependency
161
+ name: rack-test
162
+ requirement: !ruby/object:Gem::Requirement
163
+ requirements:
186
164
  - - ">="
187
- - !ruby/object:Gem::Version
188
- hash: 3
189
- segments:
190
- - 0
191
- version: "0"
165
+ - !ruby/object:Gem::Version
166
+ version: '0'
192
167
  type: :development
193
- version_requirements: *id011
194
- - !ruby/object:Gem::Dependency
195
- name: rake
196
168
  prerelease: false
197
- requirement: &id012 !ruby/object:Gem::Requirement
198
- none: false
199
- requirements:
169
+ version_requirements: !ruby/object:Gem::Requirement
170
+ requirements:
200
171
  - - ">="
201
- - !ruby/object:Gem::Version
202
- hash: 3
203
- segments:
204
- - 0
205
- version: "0"
172
+ - !ruby/object:Gem::Version
173
+ version: '0'
174
+ - !ruby/object:Gem::Dependency
175
+ name: rake
176
+ requirement: !ruby/object:Gem::Requirement
177
+ requirements:
178
+ - - ">="
179
+ - !ruby/object:Gem::Version
180
+ version: '0'
206
181
  type: :development
207
- version_requirements: *id012
208
- - !ruby/object:Gem::Dependency
209
- name: sass
210
182
  prerelease: false
211
- requirement: &id013 !ruby/object:Gem::Requirement
212
- none: false
213
- requirements:
214
- - - ~>
215
- - !ruby/object:Gem::Version
216
- hash: 5
217
- segments:
218
- - 3
219
- - 1
220
- version: "3.1"
183
+ version_requirements: !ruby/object:Gem::Requirement
184
+ requirements:
185
+ - - ">="
186
+ - !ruby/object:Gem::Version
187
+ version: '0'
188
+ - !ruby/object:Gem::Dependency
189
+ name: sass
190
+ requirement: !ruby/object:Gem::Requirement
191
+ requirements:
192
+ - - "~>"
193
+ - !ruby/object:Gem::Version
194
+ version: '3.1'
221
195
  type: :development
222
- version_requirements: *id013
223
- description: Sprockets is a Rack-based asset packaging system that concatenates and serves JavaScript, CoffeeScript, CSS, LESS, Sass, and SCSS.
224
- email:
196
+ prerelease: false
197
+ version_requirements: !ruby/object:Gem::Requirement
198
+ requirements:
199
+ - - "~>"
200
+ - !ruby/object:Gem::Version
201
+ version: '3.1'
202
+ description: Sprockets is a Rack-based asset packaging system that concatenates and
203
+ serves JavaScript, CoffeeScript, CSS, LESS, Sass, and SCSS.
204
+ email:
225
205
  - sstephenson@gmail.com
226
206
  - josh@joshpeek.com
227
- executables:
207
+ executables:
228
208
  - sprockets
229
209
  extensions: []
230
-
231
210
  extra_rdoc_files: []
232
-
233
- files:
234
- - README.md
211
+ files:
235
212
  - LICENSE
213
+ - README.md
214
+ - bin/sprockets
236
215
  - lib/rake/sprocketstask.rb
216
+ - lib/sprockets.rb
237
217
  - lib/sprockets/asset.rb
238
218
  - lib/sprockets/asset_attributes.rb
239
219
  - lib/sprockets/base.rb
@@ -265,41 +245,27 @@ files:
265
245
  - lib/sprockets/trail.rb
266
246
  - lib/sprockets/utils.rb
267
247
  - lib/sprockets/version.rb
268
- - lib/sprockets.rb
269
- - bin/sprockets
270
- has_rdoc: true
271
248
  homepage: http://getsprockets.org/
272
249
  licenses: []
273
-
250
+ metadata: {}
274
251
  post_install_message:
275
252
  rdoc_options: []
276
-
277
- require_paths:
253
+ require_paths:
278
254
  - lib
279
- required_ruby_version: !ruby/object:Gem::Requirement
280
- none: false
281
- requirements:
255
+ required_ruby_version: !ruby/object:Gem::Requirement
256
+ requirements:
282
257
  - - ">="
283
- - !ruby/object:Gem::Version
284
- hash: 3
285
- segments:
286
- - 0
287
- version: "0"
288
- required_rubygems_version: !ruby/object:Gem::Requirement
289
- none: false
290
- requirements:
258
+ - !ruby/object:Gem::Version
259
+ version: '0'
260
+ required_rubygems_version: !ruby/object:Gem::Requirement
261
+ requirements:
291
262
  - - ">="
292
- - !ruby/object:Gem::Version
293
- hash: 3
294
- segments:
295
- - 0
296
- version: "0"
263
+ - !ruby/object:Gem::Version
264
+ version: '0'
297
265
  requirements: []
298
-
299
266
  rubyforge_project: sprockets
300
- rubygems_version: 1.6.2
267
+ rubygems_version: 2.2.2
301
268
  signing_key:
302
- specification_version: 3
269
+ specification_version: 4
303
270
  summary: Rack-based asset packaging system
304
271
  test_files: []
305
-