sprockets 2.9.3 → 2.9.4

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of sprockets might be problematic. Click here for more details.

checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 69cea6adf3e8edfdf13b4571748baccc821088ed
4
- data.tar.gz: e7d07c83f120e4c7db45f2938c5b4f8bd3c2bee0
3
+ metadata.gz: d9ed58b5858c82ee8e09af61c14775254301c82e
4
+ data.tar.gz: da40a68e1d104a56006cd29575565aa2e6991226
5
5
  SHA512:
6
- metadata.gz: 7b33eca814d3704f913773eb6a9fd4682979bc5a31768d4917468d6479e791ef5fadf456089618880fcc29cc3fb279da742457de4b3ecae8deadea9617f814a5
7
- data.tar.gz: 26335167d936417165358891b15bff41be35acdb0f7c8f1e44c7060a9435d959b07c5b8a5119a82a5667ef7e144b275f1641ba37daa826127dc6fe61d4fed037
6
+ metadata.gz: da267888b1e3a92346eed0ebbcc8ec6953d0e78dc50d5e6a62d859d1cacb7969a3360f215ed7d3d6a591efd22781e344095f5e5daf7b4b68352f770040010d82
7
+ data.tar.gz: b1f39eb9e66457dcd95725406caa82555d24f897e8b3efcca8e688389afc5aed6cb0fab0f737ce158f44429fdb6d9a20c8662662b0f2c17a2e91acc38e3b55d6
@@ -33,16 +33,16 @@ module Sprockets
33
33
  # Extract the path from everything after the leading slash
34
34
  path = unescape(env['PATH_INFO'].to_s.sub(/^\//, ''))
35
35
 
36
- # URLs containing a `".."` are rejected for security reasons.
37
- if forbidden_request?(path)
38
- return forbidden_response
39
- end
40
-
41
36
  # Strip fingerprint
42
37
  if fingerprint = path_fingerprint(path)
43
38
  path = path.sub("-#{fingerprint}", '')
44
39
  end
45
40
 
41
+ # URLs containing a `".."` are rejected for security reasons.
42
+ if forbidden_request?(path)
43
+ return forbidden_response
44
+ end
45
+
46
46
  # Look up the asset.
47
47
  asset = find_asset(path, :bundle => !body_only?(env))
48
48
 
@@ -90,7 +90,7 @@ module Sprockets
90
90
  #
91
91
  # http://example.org/assets/../../../etc/passwd
92
92
  #
93
- path.include?("..")
93
+ path.include?("..") || Pathname.new(path).absolute?
94
94
  end
95
95
 
96
96
  # Returns a 403 Forbidden response tuple
@@ -222,7 +222,7 @@ module Sprockets
222
222
  # # => "0aa2105d29558f3eb790d411d7d8fb66"
223
223
  #
224
224
  def path_fingerprint(path)
225
- path[/-([0-9a-f]{7,40})\.[^.]+$/, 1]
225
+ path[/-([0-9a-f]{7,40})\.[^.]+\z/, 1]
226
226
  end
227
227
 
228
228
  # URI.unescape is deprecated on 1.9. We need to use URI::Parser
@@ -1,3 +1,3 @@
1
1
  module Sprockets
2
- VERSION = "2.9.3"
2
+ VERSION = "2.9.4"
3
3
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: sprockets
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.9.3
4
+ version: 2.9.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - Sam Stephenson
@@ -9,236 +9,236 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2013-04-20 00:00:00.000000000 Z
12
+ date: 2014-10-28 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: hike
16
16
  requirement: !ruby/object:Gem::Requirement
17
17
  requirements:
18
- - - ~>
18
+ - - "~>"
19
19
  - !ruby/object:Gem::Version
20
20
  version: '1.2'
21
21
  type: :runtime
22
22
  prerelease: false
23
23
  version_requirements: !ruby/object:Gem::Requirement
24
24
  requirements:
25
- - - ~>
25
+ - - "~>"
26
26
  - !ruby/object:Gem::Version
27
27
  version: '1.2'
28
28
  - !ruby/object:Gem::Dependency
29
29
  name: multi_json
30
30
  requirement: !ruby/object:Gem::Requirement
31
31
  requirements:
32
- - - ~>
32
+ - - "~>"
33
33
  - !ruby/object:Gem::Version
34
34
  version: '1.0'
35
35
  type: :runtime
36
36
  prerelease: false
37
37
  version_requirements: !ruby/object:Gem::Requirement
38
38
  requirements:
39
- - - ~>
39
+ - - "~>"
40
40
  - !ruby/object:Gem::Version
41
41
  version: '1.0'
42
42
  - !ruby/object:Gem::Dependency
43
43
  name: rack
44
44
  requirement: !ruby/object:Gem::Requirement
45
45
  requirements:
46
- - - ~>
46
+ - - "~>"
47
47
  - !ruby/object:Gem::Version
48
48
  version: '1.0'
49
49
  type: :runtime
50
50
  prerelease: false
51
51
  version_requirements: !ruby/object:Gem::Requirement
52
52
  requirements:
53
- - - ~>
53
+ - - "~>"
54
54
  - !ruby/object:Gem::Version
55
55
  version: '1.0'
56
56
  - !ruby/object:Gem::Dependency
57
57
  name: tilt
58
58
  requirement: !ruby/object:Gem::Requirement
59
59
  requirements:
60
- - - ~>
60
+ - - "~>"
61
61
  - !ruby/object:Gem::Version
62
62
  version: '1.1'
63
- - - '!='
63
+ - - "!="
64
64
  - !ruby/object:Gem::Version
65
65
  version: 1.3.0
66
66
  type: :runtime
67
67
  prerelease: false
68
68
  version_requirements: !ruby/object:Gem::Requirement
69
69
  requirements:
70
- - - ~>
70
+ - - "~>"
71
71
  - !ruby/object:Gem::Version
72
72
  version: '1.1'
73
- - - '!='
73
+ - - "!="
74
74
  - !ruby/object:Gem::Version
75
75
  version: 1.3.0
76
76
  - !ruby/object:Gem::Dependency
77
77
  name: closure-compiler
78
78
  requirement: !ruby/object:Gem::Requirement
79
79
  requirements:
80
- - - '>='
80
+ - - ">="
81
81
  - !ruby/object:Gem::Version
82
82
  version: '0'
83
83
  type: :development
84
84
  prerelease: false
85
85
  version_requirements: !ruby/object:Gem::Requirement
86
86
  requirements:
87
- - - '>='
87
+ - - ">="
88
88
  - !ruby/object:Gem::Version
89
89
  version: '0'
90
90
  - !ruby/object:Gem::Dependency
91
91
  name: coffee-script
92
92
  requirement: !ruby/object:Gem::Requirement
93
93
  requirements:
94
- - - ~>
94
+ - - "~>"
95
95
  - !ruby/object:Gem::Version
96
96
  version: '2.0'
97
97
  type: :development
98
98
  prerelease: false
99
99
  version_requirements: !ruby/object:Gem::Requirement
100
100
  requirements:
101
- - - ~>
101
+ - - "~>"
102
102
  - !ruby/object:Gem::Version
103
103
  version: '2.0'
104
104
  - !ruby/object:Gem::Dependency
105
105
  name: coffee-script-source
106
106
  requirement: !ruby/object:Gem::Requirement
107
107
  requirements:
108
- - - ~>
108
+ - - "~>"
109
109
  - !ruby/object:Gem::Version
110
110
  version: '1.2'
111
111
  type: :development
112
112
  prerelease: false
113
113
  version_requirements: !ruby/object:Gem::Requirement
114
114
  requirements:
115
- - - ~>
115
+ - - "~>"
116
116
  - !ruby/object:Gem::Version
117
117
  version: '1.2'
118
118
  - !ruby/object:Gem::Dependency
119
119
  name: eco
120
120
  requirement: !ruby/object:Gem::Requirement
121
121
  requirements:
122
- - - ~>
122
+ - - "~>"
123
123
  - !ruby/object:Gem::Version
124
124
  version: '1.0'
125
125
  type: :development
126
126
  prerelease: false
127
127
  version_requirements: !ruby/object:Gem::Requirement
128
128
  requirements:
129
- - - ~>
129
+ - - "~>"
130
130
  - !ruby/object:Gem::Version
131
131
  version: '1.0'
132
132
  - !ruby/object:Gem::Dependency
133
133
  name: ejs
134
134
  requirement: !ruby/object:Gem::Requirement
135
135
  requirements:
136
- - - ~>
136
+ - - "~>"
137
137
  - !ruby/object:Gem::Version
138
138
  version: '1.0'
139
139
  type: :development
140
140
  prerelease: false
141
141
  version_requirements: !ruby/object:Gem::Requirement
142
142
  requirements:
143
- - - ~>
143
+ - - "~>"
144
144
  - !ruby/object:Gem::Version
145
145
  version: '1.0'
146
146
  - !ruby/object:Gem::Dependency
147
147
  name: execjs
148
148
  requirement: !ruby/object:Gem::Requirement
149
149
  requirements:
150
- - - ~>
150
+ - - "~>"
151
151
  - !ruby/object:Gem::Version
152
152
  version: '1.0'
153
153
  type: :development
154
154
  prerelease: false
155
155
  version_requirements: !ruby/object:Gem::Requirement
156
156
  requirements:
157
- - - ~>
157
+ - - "~>"
158
158
  - !ruby/object:Gem::Version
159
159
  version: '1.0'
160
160
  - !ruby/object:Gem::Dependency
161
161
  name: json
162
162
  requirement: !ruby/object:Gem::Requirement
163
163
  requirements:
164
- - - '>='
164
+ - - ">="
165
165
  - !ruby/object:Gem::Version
166
166
  version: '0'
167
167
  type: :development
168
168
  prerelease: false
169
169
  version_requirements: !ruby/object:Gem::Requirement
170
170
  requirements:
171
- - - '>='
171
+ - - ">="
172
172
  - !ruby/object:Gem::Version
173
173
  version: '0'
174
174
  - !ruby/object:Gem::Dependency
175
175
  name: rack-test
176
176
  requirement: !ruby/object:Gem::Requirement
177
177
  requirements:
178
- - - '>='
178
+ - - ">="
179
179
  - !ruby/object:Gem::Version
180
180
  version: '0'
181
181
  type: :development
182
182
  prerelease: false
183
183
  version_requirements: !ruby/object:Gem::Requirement
184
184
  requirements:
185
- - - '>='
185
+ - - ">="
186
186
  - !ruby/object:Gem::Version
187
187
  version: '0'
188
188
  - !ruby/object:Gem::Dependency
189
189
  name: rake
190
190
  requirement: !ruby/object:Gem::Requirement
191
191
  requirements:
192
- - - '>='
192
+ - - ">="
193
193
  - !ruby/object:Gem::Version
194
194
  version: '0'
195
195
  type: :development
196
196
  prerelease: false
197
197
  version_requirements: !ruby/object:Gem::Requirement
198
198
  requirements:
199
- - - '>='
199
+ - - ">="
200
200
  - !ruby/object:Gem::Version
201
201
  version: '0'
202
202
  - !ruby/object:Gem::Dependency
203
203
  name: sass
204
204
  requirement: !ruby/object:Gem::Requirement
205
205
  requirements:
206
- - - ~>
206
+ - - "~>"
207
207
  - !ruby/object:Gem::Version
208
208
  version: '3.1'
209
209
  type: :development
210
210
  prerelease: false
211
211
  version_requirements: !ruby/object:Gem::Requirement
212
212
  requirements:
213
- - - ~>
213
+ - - "~>"
214
214
  - !ruby/object:Gem::Version
215
215
  version: '3.1'
216
216
  - !ruby/object:Gem::Dependency
217
217
  name: uglifier
218
218
  requirement: !ruby/object:Gem::Requirement
219
219
  requirements:
220
- - - '>='
220
+ - - ">="
221
221
  - !ruby/object:Gem::Version
222
222
  version: '0'
223
223
  type: :development
224
224
  prerelease: false
225
225
  version_requirements: !ruby/object:Gem::Requirement
226
226
  requirements:
227
- - - '>='
227
+ - - ">="
228
228
  - !ruby/object:Gem::Version
229
229
  version: '0'
230
230
  - !ruby/object:Gem::Dependency
231
231
  name: yui-compressor
232
232
  requirement: !ruby/object:Gem::Requirement
233
233
  requirements:
234
- - - '>='
234
+ - - ">="
235
235
  - !ruby/object:Gem::Version
236
236
  version: '0'
237
237
  type: :development
238
238
  prerelease: false
239
239
  version_requirements: !ruby/object:Gem::Requirement
240
240
  requirements:
241
- - - '>='
241
+ - - ">="
242
242
  - !ruby/object:Gem::Version
243
243
  version: '0'
244
244
  description: Sprockets is a Rack-based asset packaging system that concatenates and
@@ -251,9 +251,11 @@ executables:
251
251
  extensions: []
252
252
  extra_rdoc_files: []
253
253
  files:
254
- - README.md
255
254
  - LICENSE
255
+ - README.md
256
+ - bin/sprockets
256
257
  - lib/rake/sprocketstask.rb
258
+ - lib/sprockets.rb
257
259
  - lib/sprockets/asset.rb
258
260
  - lib/sprockets/asset_attributes.rb
259
261
  - lib/sprockets/base.rb
@@ -291,8 +293,6 @@ files:
291
293
  - lib/sprockets/utils.rb
292
294
  - lib/sprockets/version.rb
293
295
  - lib/sprockets/yui_compressor.rb
294
- - lib/sprockets.rb
295
- - bin/sprockets
296
296
  homepage: http://getsprockets.org/
297
297
  licenses:
298
298
  - MIT
@@ -303,17 +303,17 @@ require_paths:
303
303
  - lib
304
304
  required_ruby_version: !ruby/object:Gem::Requirement
305
305
  requirements:
306
- - - '>='
306
+ - - ">="
307
307
  - !ruby/object:Gem::Version
308
308
  version: '0'
309
309
  required_rubygems_version: !ruby/object:Gem::Requirement
310
310
  requirements:
311
- - - '>='
311
+ - - ">="
312
312
  - !ruby/object:Gem::Version
313
313
  version: '0'
314
314
  requirements: []
315
315
  rubyforge_project: sprockets
316
- rubygems_version: 2.0.0
316
+ rubygems_version: 2.2.2
317
317
  signing_key:
318
318
  specification_version: 4
319
319
  summary: Rack-based asset packaging system