sprockets 2.1.3 → 2.1.4

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: b51e06b67ce29e2f81d65f3ab796288e530749f2
+  data.tar.gz: bf24d81285d0f2e2c69b6669bba9213f7c038e57
+SHA512:
+  metadata.gz: fabae91920a5939f2bc995f144917bf962646f9ae11fc030a1e953fbe5ca44fe7bf9f1ee6994424a726400f9cbae2d8e279b961f2c9a4867bed92bca70461c55
+  data.tar.gz: f1926792b20cccc35f1af2c635bea28d55d5f9893b3efa5da36e854184f82f84292d03ad26a82fc70b0219629012993b1b260c2bbac233dab7490eea17bc1174

data/lib/sprockets/server.rb

@@ -33,16 +33,16 @@ module Sprockets
       # Extract the path from everything after the leading slash
       path = unescape(env['PATH_INFO'].to_s.sub(/^\//, ''))
 
-      # URLs containing a `".."` are rejected for security reasons.
-      if forbidden_request?(path)
-        return forbidden_response
-      end
-
       # Strip fingerprint
       if fingerprint = path_fingerprint(path)
         path = path.sub("-#{fingerprint}", '')
       end
 
+      # URLs containing a `".."` are rejected for security reasons.
+      if forbidden_request?(path)
+        return forbidden_response
+      end
+
       # Look up the asset.
       asset = find_asset(path, :bundle => !body_only?(env))
 
@@ -90,7 +90,7 @@ module Sprockets
         #
         #     http://example.org/assets/../../../etc/passwd
         #
-        path.include?("..")
+        path.include?("..") || Pathname.new(path).absolute?
       end
 
       # Returns a 403 Forbidden response tuple
@@ -222,7 +222,7 @@ module Sprockets
       #     # => "0aa2105d29558f3eb790d411d7d8fb66"
       #
       def path_fingerprint(path)
-        path[/-([0-9a-f]{7,40})\.[^.]+$/, 1]
+        path[/-([0-9a-f]{7,40})\.[^.]+\z/, 1]
       end
 
       # URI.unescape is deprecated on 1.9. We need to use URI::Parser

data/lib/sprockets/version.rb

@@ -1,3 +1,3 @@
 module Sprockets
-  VERSION = "2.1.3"
+  VERSION = "2.1.4"
 end

metadata

@@ -1,191 +1,174 @@
---- !ruby/object:Gem::Specification 
+--- !ruby/object:Gem::Specification
 name: sprockets
-version: !ruby/object:Gem::Version 
-  hash: 13
-  prerelease: 
-  segments: 
-  - 2
-  - 1
-  - 3
-  version: 2.1.3
+version: !ruby/object:Gem::Version
+  version: 2.1.4
 platform: ruby
-authors: 
+authors:
 - Sam Stephenson
 - Joshua Peek
 autorequire: 
 bindir: bin
 cert_chain: []
-
-date: 2012-04-26 00:00:00 Z
-dependencies: 
-- !ruby/object:Gem::Dependency 
+date: 2014-10-28 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
   name: hike
-  prerelease: false
-  requirement: &id001 !ruby/object:Gem::Requirement 
-    none: false
-    requirements: 
-    - - ~>
-      - !ruby/object:Gem::Version 
-        hash: 11
-        segments: 
-        - 1
-        - 2
-        version: "1.2"
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.2'
   type: :runtime
-  version_requirements: *id001
-- !ruby/object:Gem::Dependency 
-  name: rack
   prerelease: false
-  requirement: &id002 !ruby/object:Gem::Requirement 
-    none: false
-    requirements: 
-    - - ~>
-      - !ruby/object:Gem::Version 
-        hash: 15
-        segments: 
-        - 1
-        - 0
-        version: "1.0"
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.2'
+- !ruby/object:Gem::Dependency
+  name: rack
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
   type: :runtime
-  version_requirements: *id002
-- !ruby/object:Gem::Dependency 
-  name: tilt
   prerelease: false
-  requirement: &id003 !ruby/object:Gem::Requirement 
-    none: false
-    requirements: 
-    - - ~>
-      - !ruby/object:Gem::Version 
-        hash: 13
-        segments: 
-        - 1
-        - 1
-        version: "1.1"
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+- !ruby/object:Gem::Dependency
+  name: tilt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.1'
     - - "!="
-      - !ruby/object:Gem::Version 
-        hash: 27
-        segments: 
-        - 1
-        - 3
-        - 0
+      - !ruby/object:Gem::Version
         version: 1.3.0
   type: :runtime
-  version_requirements: *id003
-- !ruby/object:Gem::Dependency 
-  name: coffee-script
   prerelease: false
-  requirement: &id004 !ruby/object:Gem::Requirement 
-    none: false
-    requirements: 
-    - - ~>
-      - !ruby/object:Gem::Version 
-        hash: 3
-        segments: 
-        - 2
-        - 0
-        version: "2.0"
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.1'
+    - - "!="
+      - !ruby/object:Gem::Version
+        version: 1.3.0
+- !ruby/object:Gem::Dependency
+  name: coffee-script
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
   type: :development
-  version_requirements: *id004
-- !ruby/object:Gem::Dependency 
-  name: eco
   prerelease: false
-  requirement: &id005 !ruby/object:Gem::Requirement 
-    none: false
-    requirements: 
-    - - ~>
-      - !ruby/object:Gem::Version 
-        hash: 15
-        segments: 
-        - 1
-        - 0
-        version: "1.0"
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: eco
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
   type: :development
-  version_requirements: *id005
-- !ruby/object:Gem::Dependency 
-  name: ejs
   prerelease: false
-  requirement: &id006 !ruby/object:Gem::Requirement 
-    none: false
-    requirements: 
-    - - ~>
-      - !ruby/object:Gem::Version 
-        hash: 15
-        segments: 
-        - 1
-        - 0
-        version: "1.0"
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+- !ruby/object:Gem::Dependency
+  name: ejs
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
   type: :development
-  version_requirements: *id006
-- !ruby/object:Gem::Dependency 
-  name: execjs
   prerelease: false
-  requirement: &id007 !ruby/object:Gem::Requirement 
-    none: false
-    requirements: 
-    - - ~>
-      - !ruby/object:Gem::Version 
-        hash: 15
-        segments: 
-        - 1
-        - 0
-        version: "1.0"
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+- !ruby/object:Gem::Dependency
+  name: execjs
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
   type: :development
-  version_requirements: *id007
-- !ruby/object:Gem::Dependency 
-  name: json
   prerelease: false
-  requirement: &id008 !ruby/object:Gem::Requirement 
-    none: false
-    requirements: 
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+- !ruby/object:Gem::Dependency
+  name: json
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
     - - ">="
-      - !ruby/object:Gem::Version 
-        hash: 3
-        segments: 
-        - 0
-        version: "0"
+      - !ruby/object:Gem::Version
+        version: '0'
   type: :development
-  version_requirements: *id008
-- !ruby/object:Gem::Dependency 
-  name: rack-test
   prerelease: false
-  requirement: &id009 !ruby/object:Gem::Requirement 
-    none: false
-    requirements: 
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
     - - ">="
-      - !ruby/object:Gem::Version 
-        hash: 3
-        segments: 
-        - 0
-        version: "0"
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rack-test
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
   type: :development
-  version_requirements: *id009
-- !ruby/object:Gem::Dependency 
-  name: rake
   prerelease: false
-  requirement: &id010 !ruby/object:Gem::Requirement 
-    none: false
-    requirements: 
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
     - - ">="
-      - !ruby/object:Gem::Version 
-        hash: 3
-        segments: 
-        - 0
-        version: "0"
+      - !ruby/object:Gem::Version
+        version: '0'
   type: :development
-  version_requirements: *id010
-description: Sprockets is a Rack-based asset packaging system that concatenates and serves JavaScript, CoffeeScript, CSS, LESS, Sass, and SCSS.
-email: 
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Sprockets is a Rack-based asset packaging system that concatenates and
+  serves JavaScript, CoffeeScript, CSS, LESS, Sass, and SCSS.
+email:
 - sstephenson@gmail.com
 - josh@joshpeek.com
 executables: []
-
 extensions: []
-
 extra_rdoc_files: []
-
-files: 
-- README.md
+files:
 - LICENSE
+- README.md
+- lib/sprockets.rb
 - lib/sprockets/asset.rb
 - lib/sprockets/asset_attributes.rb
 - lib/sprockets/base.rb
@@ -212,39 +195,27 @@ files:
 - lib/sprockets/trail.rb
 - lib/sprockets/utils.rb
 - lib/sprockets/version.rb
-- lib/sprockets.rb
 homepage: http://getsprockets.org/
 licenses: []
-
+metadata: {}
 post_install_message: 
 rdoc_options: []
-
-require_paths: 
+require_paths:
 - lib
-required_ruby_version: !ruby/object:Gem::Requirement 
-  none: false
-  requirements: 
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
   - - ">="
-    - !ruby/object:Gem::Version 
-      hash: 3
-      segments: 
-      - 0
-      version: "0"
-required_rubygems_version: !ruby/object:Gem::Requirement 
-  none: false
-  requirements: 
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
   - - ">="
-    - !ruby/object:Gem::Version 
-      hash: 3
-      segments: 
-      - 0
-      version: "0"
+    - !ruby/object:Gem::Version
+      version: '0'
 requirements: []
-
 rubyforge_project: sprockets
-rubygems_version: 1.8.15
+rubygems_version: 2.2.2
 signing_key: 
-specification_version: 3
+specification_version: 4
 summary: Rack-based asset packaging system
 test_files: []
-