sprockets 2.8.2 → 2.8.3

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.

This version of sprockets might be problematic. Click here for more details.

Files changed (4) hide show
  1. checksums.yaml +7 -0
  2. data/lib/sprockets/server.rb +7 -7
  3. data/lib/sprockets/version.rb +1 -1
  4. metadata +44 -79
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA1:
3
+ metadata.gz: e052d0942ee921ab7a9fe73a1632d447e3c95602
4
+ data.tar.gz: 18566c457cdfadc3d3d9f51b635f67f4ef6a9aca
5
+ SHA512:
6
+ metadata.gz: b66b4567190ecfb16bfe96edd289fc2f3f4297b8aa8c3cca0be442dcf2318eca9f9cd31ac720e5346fab06a44d65082b12b7f1b62758eb496c160470782a37a4
7
+ data.tar.gz: 409f89e3075434825987e1db7d6b7eb7509c34f433ead60433981acd26013a1c0165bc1001ddeadc6912cbae4e3f8c5fbc1f0825fe41e233b9db88bc35c9f190
data/lib/sprockets/server.rb CHANGED
@@ -33,16 +33,16 @@ module Sprockets
33
33
  # Extract the path from everything after the leading slash
34
34
  path = unescape(env['PATH_INFO'].to_s.sub(/^\//, ''))
35
35
 
36
- # URLs containing a `".."` are rejected for security reasons.
37
- if forbidden_request?(path)
38
- return forbidden_response
39
- end
40
-
41
36
  # Strip fingerprint
42
37
  if fingerprint = path_fingerprint(path)
43
38
  path = path.sub("-#{fingerprint}", '')
44
39
  end
45
40
 
41
+ # URLs containing a `".."` are rejected for security reasons.
42
+ if forbidden_request?(path)
43
+ return forbidden_response
44
+ end
45
+
46
46
  # Look up the asset.
47
47
  asset = find_asset(path, :bundle => !body_only?(env))
48
48
 
@@ -90,7 +90,7 @@ module Sprockets
90
90
  #
91
91
  # http://example.org/assets/../../../etc/passwd
92
92
  #
93
- path.include?("..")
93
+ path.include?("..") || Pathname.new(path).absolute?
94
94
  end
95
95
 
96
96
  # Returns a 403 Forbidden response tuple
@@ -222,7 +222,7 @@ module Sprockets
222
222
  # # => "0aa2105d29558f3eb790d411d7d8fb66"
223
223
  #
224
224
  def path_fingerprint(path)
225
- path[/-([0-9a-f]{7,40})\.[^.]+$/, 1]
225
+ path[/-([0-9a-f]{7,40})\.[^.]+\z/, 1]
226
226
  end
227
227
 
228
228
  # URI.unescape is deprecated on 1.9. We need to use URI::Parser
data/lib/sprockets/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Sprockets
2
- VERSION = "2.8.2"
2
+ VERSION = "2.8.3"
3
3
  end
metadata CHANGED
@@ -1,8 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: sprockets
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.8.2
5
- prerelease:
4
+ version: 2.8.3
6
5
  platform: ruby
7
6
  authors:
8
7
  - Sam Stephenson
@@ -10,268 +9,236 @@ authors:
10
9
  autorequire:
11
10
  bindir: bin
12
11
  cert_chain: []
13
- date: 2012-12-10 00:00:00.000000000 Z
12
+ date: 2014-10-28 00:00:00.000000000 Z
14
13
  dependencies:
15
14
  - !ruby/object:Gem::Dependency
16
15
  name: hike
17
16
  requirement: !ruby/object:Gem::Requirement
18
- none: false
19
17
  requirements:
20
- - - ~>
18
+ - - "~>"
21
19
  - !ruby/object:Gem::Version
22
20
  version: '1.2'
23
21
  type: :runtime
24
22
  prerelease: false
25
23
  version_requirements: !ruby/object:Gem::Requirement
26
- none: false
27
24
  requirements:
28
- - - ~>
25
+ - - "~>"
29
26
  - !ruby/object:Gem::Version
30
27
  version: '1.2'
31
28
  - !ruby/object:Gem::Dependency
32
29
  name: multi_json
33
30
  requirement: !ruby/object:Gem::Requirement
34
- none: false
35
31
  requirements:
36
- - - ~>
32
+ - - "~>"
37
33
  - !ruby/object:Gem::Version
38
34
  version: '1.0'
39
35
  type: :runtime
40
36
  prerelease: false
41
37
  version_requirements: !ruby/object:Gem::Requirement
42
- none: false
43
38
  requirements:
44
- - - ~>
39
+ - - "~>"
45
40
  - !ruby/object:Gem::Version
46
41
  version: '1.0'
47
42
  - !ruby/object:Gem::Dependency
48
43
  name: rack
49
44
  requirement: !ruby/object:Gem::Requirement
50
- none: false
51
45
  requirements:
52
- - - ~>
46
+ - - "~>"
53
47
  - !ruby/object:Gem::Version
54
48
  version: '1.0'
55
49
  type: :runtime
56
50
  prerelease: false
57
51
  version_requirements: !ruby/object:Gem::Requirement
58
- none: false
59
52
  requirements:
60
- - - ~>
53
+ - - "~>"
61
54
  - !ruby/object:Gem::Version
62
55
  version: '1.0'
63
56
  - !ruby/object:Gem::Dependency
64
57
  name: tilt
65
58
  requirement: !ruby/object:Gem::Requirement
66
- none: false
67
59
  requirements:
68
- - - ~>
60
+ - - "~>"
69
61
  - !ruby/object:Gem::Version
70
62
  version: '1.1'
71
- - - ! '!='
63
+ - - "!="
72
64
  - !ruby/object:Gem::Version
73
65
  version: 1.3.0
74
66
  type: :runtime
75
67
  prerelease: false
76
68
  version_requirements: !ruby/object:Gem::Requirement
77
- none: false
78
69
  requirements:
79
- - - ~>
70
+ - - "~>"
80
71
  - !ruby/object:Gem::Version
81
72
  version: '1.1'
82
- - - ! '!='
73
+ - - "!="
83
74
  - !ruby/object:Gem::Version
84
75
  version: 1.3.0
85
76
  - !ruby/object:Gem::Dependency
86
77
  name: closure-compiler
87
78
  requirement: !ruby/object:Gem::Requirement
88
- none: false
89
79
  requirements:
90
- - - ! '>='
80
+ - - ">="
91
81
  - !ruby/object:Gem::Version
92
82
  version: '0'
93
83
  type: :development
94
84
  prerelease: false
95
85
  version_requirements: !ruby/object:Gem::Requirement
96
- none: false
97
86
  requirements:
98
- - - ! '>='
87
+ - - ">="
99
88
  - !ruby/object:Gem::Version
100
89
  version: '0'
101
90
  - !ruby/object:Gem::Dependency
102
91
  name: coffee-script
103
92
  requirement: !ruby/object:Gem::Requirement
104
- none: false
105
93
  requirements:
106
- - - ~>
94
+ - - "~>"
107
95
  - !ruby/object:Gem::Version
108
96
  version: '2.0'
109
97
  type: :development
110
98
  prerelease: false
111
99
  version_requirements: !ruby/object:Gem::Requirement
112
- none: false
113
100
  requirements:
114
- - - ~>
101
+ - - "~>"
115
102
  - !ruby/object:Gem::Version
116
103
  version: '2.0'
117
104
  - !ruby/object:Gem::Dependency
118
105
  name: coffee-script-source
119
106
  requirement: !ruby/object:Gem::Requirement
120
- none: false
121
107
  requirements:
122
- - - ~>
108
+ - - "~>"
123
109
  - !ruby/object:Gem::Version
124
110
  version: 1.2.0
125
111
  type: :development
126
112
  prerelease: false
127
113
  version_requirements: !ruby/object:Gem::Requirement
128
- none: false
129
114
  requirements:
130
- - - ~>
115
+ - - "~>"
131
116
  - !ruby/object:Gem::Version
132
117
  version: 1.2.0
133
118
  - !ruby/object:Gem::Dependency
134
119
  name: eco
135
120
  requirement: !ruby/object:Gem::Requirement
136
- none: false
137
121
  requirements:
138
- - - ~>
122
+ - - "~>"
139
123
  - !ruby/object:Gem::Version
140
124
  version: '1.0'
141
125
  type: :development
142
126
  prerelease: false
143
127
  version_requirements: !ruby/object:Gem::Requirement
144
- none: false
145
128
  requirements:
146
- - - ~>
129
+ - - "~>"
147
130
  - !ruby/object:Gem::Version
148
131
  version: '1.0'
149
132
  - !ruby/object:Gem::Dependency
150
133
  name: ejs
151
134
  requirement: !ruby/object:Gem::Requirement
152
- none: false
153
135
  requirements:
154
- - - ~>
136
+ - - "~>"
155
137
  - !ruby/object:Gem::Version
156
138
  version: '1.0'
157
139
  type: :development
158
140
  prerelease: false
159
141
  version_requirements: !ruby/object:Gem::Requirement
160
- none: false
161
142
  requirements:
162
- - - ~>
143
+ - - "~>"
163
144
  - !ruby/object:Gem::Version
164
145
  version: '1.0'
165
146
  - !ruby/object:Gem::Dependency
166
147
  name: execjs
167
148
  requirement: !ruby/object:Gem::Requirement
168
- none: false
169
149
  requirements:
170
- - - ~>
150
+ - - "~>"
171
151
  - !ruby/object:Gem::Version
172
152
  version: '1.0'
173
153
  type: :development
174
154
  prerelease: false
175
155
  version_requirements: !ruby/object:Gem::Requirement
176
- none: false
177
156
  requirements:
178
- - - ~>
157
+ - - "~>"
179
158
  - !ruby/object:Gem::Version
180
159
  version: '1.0'
181
160
  - !ruby/object:Gem::Dependency
182
161
  name: json
183
162
  requirement: !ruby/object:Gem::Requirement
184
- none: false
185
163
  requirements:
186
- - - ! '>='
164
+ - - ">="
187
165
  - !ruby/object:Gem::Version
188
166
  version: '0'
189
167
  type: :development
190
168
  prerelease: false
191
169
  version_requirements: !ruby/object:Gem::Requirement
192
- none: false
193
170
  requirements:
194
- - - ! '>='
171
+ - - ">="
195
172
  - !ruby/object:Gem::Version
196
173
  version: '0'
197
174
  - !ruby/object:Gem::Dependency
198
175
  name: rack-test
199
176
  requirement: !ruby/object:Gem::Requirement
200
- none: false
201
177
  requirements:
202
- - - ! '>='
178
+ - - ">="
203
179
  - !ruby/object:Gem::Version
204
180
  version: '0'
205
181
  type: :development
206
182
  prerelease: false
207
183
  version_requirements: !ruby/object:Gem::Requirement
208
- none: false
209
184
  requirements:
210
- - - ! '>='
185
+ - - ">="
211
186
  - !ruby/object:Gem::Version
212
187
  version: '0'
213
188
  - !ruby/object:Gem::Dependency
214
189
  name: rake
215
190
  requirement: !ruby/object:Gem::Requirement
216
- none: false
217
191
  requirements:
218
- - - ! '>='
192
+ - - ">="
219
193
  - !ruby/object:Gem::Version
220
194
  version: '0'
221
195
  type: :development
222
196
  prerelease: false
223
197
  version_requirements: !ruby/object:Gem::Requirement
224
- none: false
225
198
  requirements:
226
- - - ! '>='
199
+ - - ">="
227
200
  - !ruby/object:Gem::Version
228
201
  version: '0'
229
202
  - !ruby/object:Gem::Dependency
230
203
  name: sass
231
204
  requirement: !ruby/object:Gem::Requirement
232
- none: false
233
205
  requirements:
234
- - - ~>
206
+ - - "~>"
235
207
  - !ruby/object:Gem::Version
236
208
  version: '3.1'
237
209
  type: :development
238
210
  prerelease: false
239
211
  version_requirements: !ruby/object:Gem::Requirement
240
- none: false
241
212
  requirements:
242
- - - ~>
213
+ - - "~>"
243
214
  - !ruby/object:Gem::Version
244
215
  version: '3.1'
245
216
  - !ruby/object:Gem::Dependency
246
217
  name: uglifier
247
218
  requirement: !ruby/object:Gem::Requirement
248
- none: false
249
219
  requirements:
250
- - - ! '>='
220
+ - - ">="
251
221
  - !ruby/object:Gem::Version
252
222
  version: '0'
253
223
  type: :development
254
224
  prerelease: false
255
225
  version_requirements: !ruby/object:Gem::Requirement
256
- none: false
257
226
  requirements:
258
- - - ! '>='
227
+ - - ">="
259
228
  - !ruby/object:Gem::Version
260
229
  version: '0'
261
230
  - !ruby/object:Gem::Dependency
262
231
  name: yui-compressor
263
232
  requirement: !ruby/object:Gem::Requirement
264
- none: false
265
233
  requirements:
266
- - - ! '>='
234
+ - - ">="
267
235
  - !ruby/object:Gem::Version
268
236
  version: '0'
269
237
  type: :development
270
238
  prerelease: false
271
239
  version_requirements: !ruby/object:Gem::Requirement
272
- none: false
273
240
  requirements:
274
- - - ! '>='
241
+ - - ">="
275
242
  - !ruby/object:Gem::Version
276
243
  version: '0'
277
244
  description: Sprockets is a Rack-based asset packaging system that concatenates and
@@ -284,9 +251,11 @@ executables:
284
251
  extensions: []
285
252
  extra_rdoc_files: []
286
253
  files:
287
- - README.md
288
254
  - LICENSE
255
+ - README.md
256
+ - bin/sprockets
289
257
  - lib/rake/sprocketstask.rb
258
+ - lib/sprockets.rb
290
259
  - lib/sprockets/asset.rb
291
260
  - lib/sprockets/asset_attributes.rb
292
261
  - lib/sprockets/base.rb
@@ -324,31 +293,27 @@ files:
324
293
  - lib/sprockets/utils.rb
325
294
  - lib/sprockets/version.rb
326
295
  - lib/sprockets/yui_compressor.rb
327
- - lib/sprockets.rb
328
- - bin/sprockets
329
296
  homepage: http://getsprockets.org/
330
297
  licenses: []
298
+ metadata: {}
331
299
  post_install_message:
332
300
  rdoc_options: []
333
301
  require_paths:
334
302
  - lib
335
303
  required_ruby_version: !ruby/object:Gem::Requirement
336
- none: false
337
304
  requirements:
338
- - - ! '>='
305
+ - - ">="
339
306
  - !ruby/object:Gem::Version
340
307
  version: '0'
341
308
  required_rubygems_version: !ruby/object:Gem::Requirement
342
- none: false
343
309
  requirements:
344
- - - ! '>='
310
+ - - ">="
345
311
  - !ruby/object:Gem::Version
346
312
  version: '0'
347
313
  requirements: []
348
314
  rubyforge_project: sprockets
349
- rubygems_version: 1.8.24
315
+ rubygems_version: 2.2.2
350
316
  signing_key:
351
- specification_version: 3
317
+ specification_version: 4
352
318
  summary: Rack-based asset packaging system
353
319
  test_files: []
354
- has_rdoc: