sprockets 2.10.1 → 2.10.2

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of sprockets might be problematic. Click here for more details.

@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA1:
3
+ metadata.gz: 6167b05106d5880b1503392338ae5515b4de54bb
4
+ data.tar.gz: b1854a6e29f475bc8ed18f7efd50969a1a80229a
5
+ SHA512:
6
+ metadata.gz: 5405b0f822829922c2a79214b3d86f8ff55104adb91eac88d6f647c15327f55d16372806edba3cd85e77df134c0a404824d2b39041c5ca69366c56409809fab5
7
+ data.tar.gz: 2cbda6d8dd90b7a9bce8471c2ad97f9cb88abaff403fc65c268775189bb84bb16e5064f4c3c7d5eb6fbf236278fa055cddf482bd542c8fa3281f08d53869f7d2
@@ -33,16 +33,16 @@ module Sprockets
33
33
  # Extract the path from everything after the leading slash
34
34
  path = unescape(env['PATH_INFO'].to_s.sub(/^\//, ''))
35
35
 
36
- # URLs containing a `".."` are rejected for security reasons.
37
- if forbidden_request?(path)
38
- return forbidden_response
39
- end
40
-
41
36
  # Strip fingerprint
42
37
  if fingerprint = path_fingerprint(path)
43
38
  path = path.sub("-#{fingerprint}", '')
44
39
  end
45
40
 
41
+ # URLs containing a `".."` are rejected for security reasons.
42
+ if forbidden_request?(path)
43
+ return forbidden_response
44
+ end
45
+
46
46
  # Look up the asset.
47
47
  asset = find_asset(path, :bundle => !body_only?(env))
48
48
 
@@ -90,7 +90,7 @@ module Sprockets
90
90
  #
91
91
  # http://example.org/assets/../../../etc/passwd
92
92
  #
93
- path.include?("..")
93
+ path.include?("..") || Pathname.new(path).absolute?
94
94
  end
95
95
 
96
96
  # Returns a 403 Forbidden response tuple
@@ -222,7 +222,7 @@ module Sprockets
222
222
  # # => "0aa2105d29558f3eb790d411d7d8fb66"
223
223
  #
224
224
  def path_fingerprint(path)
225
- path[/-([0-9a-f]{7,40})\.[^.]+$/, 1]
225
+ path[/-([0-9a-f]{7,40})\.[^.]+\z/, 1]
226
226
  end
227
227
 
228
228
  # URI.unescape is deprecated on 1.9. We need to use URI::Parser
@@ -1,3 +1,3 @@
1
1
  module Sprockets
2
- VERSION = "2.10.1"
2
+ VERSION = "2.10.2"
3
3
  end
metadata CHANGED
@@ -1,280 +1,261 @@
1
- --- !ruby/object:Gem::Specification
1
+ --- !ruby/object:Gem::Specification
2
2
  name: sprockets
3
- version: !ruby/object:Gem::Version
4
- hash: 37
5
- prerelease:
6
- segments:
7
- - 2
8
- - 10
9
- - 1
10
- version: 2.10.1
3
+ version: !ruby/object:Gem::Version
4
+ version: 2.10.2
11
5
  platform: ruby
12
- authors:
6
+ authors:
13
7
  - Sam Stephenson
14
8
  - Joshua Peek
15
9
  autorequire:
16
10
  bindir: bin
17
11
  cert_chain: []
18
-
19
- date: 2013-11-22 00:00:00 -08:00
20
- default_executable:
21
- dependencies:
22
- - !ruby/object:Gem::Dependency
12
+ date: 2014-10-28 00:00:00.000000000 Z
13
+ dependencies:
14
+ - !ruby/object:Gem::Dependency
23
15
  name: hike
24
- prerelease: false
25
- requirement: &id001 !ruby/object:Gem::Requirement
26
- none: false
27
- requirements:
28
- - - ~>
29
- - !ruby/object:Gem::Version
30
- hash: 11
31
- segments:
32
- - 1
33
- - 2
34
- version: "1.2"
16
+ requirement: !ruby/object:Gem::Requirement
17
+ requirements:
18
+ - - "~>"
19
+ - !ruby/object:Gem::Version
20
+ version: '1.2'
35
21
  type: :runtime
36
- version_requirements: *id001
37
- - !ruby/object:Gem::Dependency
38
- name: multi_json
39
22
  prerelease: false
40
- requirement: &id002 !ruby/object:Gem::Requirement
41
- none: false
42
- requirements:
43
- - - ~>
44
- - !ruby/object:Gem::Version
45
- hash: 15
46
- segments:
47
- - 1
48
- - 0
49
- version: "1.0"
23
+ version_requirements: !ruby/object:Gem::Requirement
24
+ requirements:
25
+ - - "~>"
26
+ - !ruby/object:Gem::Version
27
+ version: '1.2'
28
+ - !ruby/object:Gem::Dependency
29
+ name: multi_json
30
+ requirement: !ruby/object:Gem::Requirement
31
+ requirements:
32
+ - - "~>"
33
+ - !ruby/object:Gem::Version
34
+ version: '1.0'
50
35
  type: :runtime
51
- version_requirements: *id002
52
- - !ruby/object:Gem::Dependency
53
- name: rack
54
36
  prerelease: false
55
- requirement: &id003 !ruby/object:Gem::Requirement
56
- none: false
57
- requirements:
58
- - - ~>
59
- - !ruby/object:Gem::Version
60
- hash: 15
61
- segments:
62
- - 1
63
- - 0
64
- version: "1.0"
37
+ version_requirements: !ruby/object:Gem::Requirement
38
+ requirements:
39
+ - - "~>"
40
+ - !ruby/object:Gem::Version
41
+ version: '1.0'
42
+ - !ruby/object:Gem::Dependency
43
+ name: rack
44
+ requirement: !ruby/object:Gem::Requirement
45
+ requirements:
46
+ - - "~>"
47
+ - !ruby/object:Gem::Version
48
+ version: '1.0'
65
49
  type: :runtime
66
- version_requirements: *id003
67
- - !ruby/object:Gem::Dependency
68
- name: tilt
69
50
  prerelease: false
70
- requirement: &id004 !ruby/object:Gem::Requirement
71
- none: false
72
- requirements:
73
- - - ~>
74
- - !ruby/object:Gem::Version
75
- hash: 13
76
- segments:
77
- - 1
78
- - 1
79
- version: "1.1"
51
+ version_requirements: !ruby/object:Gem::Requirement
52
+ requirements:
53
+ - - "~>"
54
+ - !ruby/object:Gem::Version
55
+ version: '1.0'
56
+ - !ruby/object:Gem::Dependency
57
+ name: tilt
58
+ requirement: !ruby/object:Gem::Requirement
59
+ requirements:
60
+ - - "~>"
61
+ - !ruby/object:Gem::Version
62
+ version: '1.1'
80
63
  - - "!="
81
- - !ruby/object:Gem::Version
82
- hash: 27
83
- segments:
84
- - 1
85
- - 3
86
- - 0
64
+ - !ruby/object:Gem::Version
87
65
  version: 1.3.0
88
66
  type: :runtime
89
- version_requirements: *id004
90
- - !ruby/object:Gem::Dependency
91
- name: closure-compiler
92
67
  prerelease: false
93
- requirement: &id005 !ruby/object:Gem::Requirement
94
- none: false
95
- requirements:
68
+ version_requirements: !ruby/object:Gem::Requirement
69
+ requirements:
70
+ - - "~>"
71
+ - !ruby/object:Gem::Version
72
+ version: '1.1'
73
+ - - "!="
74
+ - !ruby/object:Gem::Version
75
+ version: 1.3.0
76
+ - !ruby/object:Gem::Dependency
77
+ name: closure-compiler
78
+ requirement: !ruby/object:Gem::Requirement
79
+ requirements:
96
80
  - - ">="
97
- - !ruby/object:Gem::Version
98
- hash: 3
99
- segments:
100
- - 0
101
- version: "0"
81
+ - !ruby/object:Gem::Version
82
+ version: '0'
102
83
  type: :development
103
- version_requirements: *id005
104
- - !ruby/object:Gem::Dependency
105
- name: coffee-script
106
84
  prerelease: false
107
- requirement: &id006 !ruby/object:Gem::Requirement
108
- none: false
109
- requirements:
110
- - - ~>
111
- - !ruby/object:Gem::Version
112
- hash: 3
113
- segments:
114
- - 2
115
- - 0
116
- version: "2.0"
85
+ version_requirements: !ruby/object:Gem::Requirement
86
+ requirements:
87
+ - - ">="
88
+ - !ruby/object:Gem::Version
89
+ version: '0'
90
+ - !ruby/object:Gem::Dependency
91
+ name: coffee-script
92
+ requirement: !ruby/object:Gem::Requirement
93
+ requirements:
94
+ - - "~>"
95
+ - !ruby/object:Gem::Version
96
+ version: '2.0'
117
97
  type: :development
118
- version_requirements: *id006
119
- - !ruby/object:Gem::Dependency
120
- name: coffee-script-source
121
98
  prerelease: false
122
- requirement: &id007 !ruby/object:Gem::Requirement
123
- none: false
124
- requirements:
125
- - - ~>
126
- - !ruby/object:Gem::Version
127
- hash: 11
128
- segments:
129
- - 1
130
- - 2
131
- version: "1.2"
99
+ version_requirements: !ruby/object:Gem::Requirement
100
+ requirements:
101
+ - - "~>"
102
+ - !ruby/object:Gem::Version
103
+ version: '2.0'
104
+ - !ruby/object:Gem::Dependency
105
+ name: coffee-script-source
106
+ requirement: !ruby/object:Gem::Requirement
107
+ requirements:
108
+ - - "~>"
109
+ - !ruby/object:Gem::Version
110
+ version: '1.2'
132
111
  type: :development
133
- version_requirements: *id007
134
- - !ruby/object:Gem::Dependency
135
- name: eco
136
112
  prerelease: false
137
- requirement: &id008 !ruby/object:Gem::Requirement
138
- none: false
139
- requirements:
140
- - - ~>
141
- - !ruby/object:Gem::Version
142
- hash: 15
143
- segments:
144
- - 1
145
- - 0
146
- version: "1.0"
113
+ version_requirements: !ruby/object:Gem::Requirement
114
+ requirements:
115
+ - - "~>"
116
+ - !ruby/object:Gem::Version
117
+ version: '1.2'
118
+ - !ruby/object:Gem::Dependency
119
+ name: eco
120
+ requirement: !ruby/object:Gem::Requirement
121
+ requirements:
122
+ - - "~>"
123
+ - !ruby/object:Gem::Version
124
+ version: '1.0'
147
125
  type: :development
148
- version_requirements: *id008
149
- - !ruby/object:Gem::Dependency
150
- name: ejs
151
126
  prerelease: false
152
- requirement: &id009 !ruby/object:Gem::Requirement
153
- none: false
154
- requirements:
155
- - - ~>
156
- - !ruby/object:Gem::Version
157
- hash: 15
158
- segments:
159
- - 1
160
- - 0
161
- version: "1.0"
127
+ version_requirements: !ruby/object:Gem::Requirement
128
+ requirements:
129
+ - - "~>"
130
+ - !ruby/object:Gem::Version
131
+ version: '1.0'
132
+ - !ruby/object:Gem::Dependency
133
+ name: ejs
134
+ requirement: !ruby/object:Gem::Requirement
135
+ requirements:
136
+ - - "~>"
137
+ - !ruby/object:Gem::Version
138
+ version: '1.0'
162
139
  type: :development
163
- version_requirements: *id009
164
- - !ruby/object:Gem::Dependency
165
- name: execjs
166
140
  prerelease: false
167
- requirement: &id010 !ruby/object:Gem::Requirement
168
- none: false
169
- requirements:
170
- - - ~>
171
- - !ruby/object:Gem::Version
172
- hash: 15
173
- segments:
174
- - 1
175
- - 0
176
- version: "1.0"
141
+ version_requirements: !ruby/object:Gem::Requirement
142
+ requirements:
143
+ - - "~>"
144
+ - !ruby/object:Gem::Version
145
+ version: '1.0'
146
+ - !ruby/object:Gem::Dependency
147
+ name: execjs
148
+ requirement: !ruby/object:Gem::Requirement
149
+ requirements:
150
+ - - "~>"
151
+ - !ruby/object:Gem::Version
152
+ version: '1.0'
177
153
  type: :development
178
- version_requirements: *id010
179
- - !ruby/object:Gem::Dependency
180
- name: json
181
154
  prerelease: false
182
- requirement: &id011 !ruby/object:Gem::Requirement
183
- none: false
184
- requirements:
155
+ version_requirements: !ruby/object:Gem::Requirement
156
+ requirements:
157
+ - - "~>"
158
+ - !ruby/object:Gem::Version
159
+ version: '1.0'
160
+ - !ruby/object:Gem::Dependency
161
+ name: json
162
+ requirement: !ruby/object:Gem::Requirement
163
+ requirements:
185
164
  - - ">="
186
- - !ruby/object:Gem::Version
187
- hash: 3
188
- segments:
189
- - 0
190
- version: "0"
165
+ - !ruby/object:Gem::Version
166
+ version: '0'
191
167
  type: :development
192
- version_requirements: *id011
193
- - !ruby/object:Gem::Dependency
194
- name: rack-test
195
168
  prerelease: false
196
- requirement: &id012 !ruby/object:Gem::Requirement
197
- none: false
198
- requirements:
169
+ version_requirements: !ruby/object:Gem::Requirement
170
+ requirements:
171
+ - - ">="
172
+ - !ruby/object:Gem::Version
173
+ version: '0'
174
+ - !ruby/object:Gem::Dependency
175
+ name: rack-test
176
+ requirement: !ruby/object:Gem::Requirement
177
+ requirements:
199
178
  - - ">="
200
- - !ruby/object:Gem::Version
201
- hash: 3
202
- segments:
203
- - 0
204
- version: "0"
179
+ - !ruby/object:Gem::Version
180
+ version: '0'
205
181
  type: :development
206
- version_requirements: *id012
207
- - !ruby/object:Gem::Dependency
208
- name: rake
209
182
  prerelease: false
210
- requirement: &id013 !ruby/object:Gem::Requirement
211
- none: false
212
- requirements:
183
+ version_requirements: !ruby/object:Gem::Requirement
184
+ requirements:
185
+ - - ">="
186
+ - !ruby/object:Gem::Version
187
+ version: '0'
188
+ - !ruby/object:Gem::Dependency
189
+ name: rake
190
+ requirement: !ruby/object:Gem::Requirement
191
+ requirements:
213
192
  - - ">="
214
- - !ruby/object:Gem::Version
215
- hash: 3
216
- segments:
217
- - 0
218
- version: "0"
193
+ - !ruby/object:Gem::Version
194
+ version: '0'
219
195
  type: :development
220
- version_requirements: *id013
221
- - !ruby/object:Gem::Dependency
222
- name: sass
223
196
  prerelease: false
224
- requirement: &id014 !ruby/object:Gem::Requirement
225
- none: false
226
- requirements:
227
- - - ~>
228
- - !ruby/object:Gem::Version
229
- hash: 5
230
- segments:
231
- - 3
232
- - 1
233
- version: "3.1"
197
+ version_requirements: !ruby/object:Gem::Requirement
198
+ requirements:
199
+ - - ">="
200
+ - !ruby/object:Gem::Version
201
+ version: '0'
202
+ - !ruby/object:Gem::Dependency
203
+ name: sass
204
+ requirement: !ruby/object:Gem::Requirement
205
+ requirements:
206
+ - - "~>"
207
+ - !ruby/object:Gem::Version
208
+ version: '3.1'
234
209
  type: :development
235
- version_requirements: *id014
236
- - !ruby/object:Gem::Dependency
237
- name: uglifier
238
210
  prerelease: false
239
- requirement: &id015 !ruby/object:Gem::Requirement
240
- none: false
241
- requirements:
211
+ version_requirements: !ruby/object:Gem::Requirement
212
+ requirements:
213
+ - - "~>"
214
+ - !ruby/object:Gem::Version
215
+ version: '3.1'
216
+ - !ruby/object:Gem::Dependency
217
+ name: uglifier
218
+ requirement: !ruby/object:Gem::Requirement
219
+ requirements:
242
220
  - - ">="
243
- - !ruby/object:Gem::Version
244
- hash: 3
245
- segments:
246
- - 0
247
- version: "0"
221
+ - !ruby/object:Gem::Version
222
+ version: '0'
248
223
  type: :development
249
- version_requirements: *id015
250
- - !ruby/object:Gem::Dependency
251
- name: yui-compressor
252
224
  prerelease: false
253
- requirement: &id016 !ruby/object:Gem::Requirement
254
- none: false
255
- requirements:
225
+ version_requirements: !ruby/object:Gem::Requirement
226
+ requirements:
227
+ - - ">="
228
+ - !ruby/object:Gem::Version
229
+ version: '0'
230
+ - !ruby/object:Gem::Dependency
231
+ name: yui-compressor
232
+ requirement: !ruby/object:Gem::Requirement
233
+ requirements:
256
234
  - - ">="
257
- - !ruby/object:Gem::Version
258
- hash: 3
259
- segments:
260
- - 0
261
- version: "0"
235
+ - !ruby/object:Gem::Version
236
+ version: '0'
262
237
  type: :development
263
- version_requirements: *id016
264
- description: Sprockets is a Rack-based asset packaging system that concatenates and serves JavaScript, CoffeeScript, CSS, LESS, Sass, and SCSS.
265
- email:
238
+ prerelease: false
239
+ version_requirements: !ruby/object:Gem::Requirement
240
+ requirements:
241
+ - - ">="
242
+ - !ruby/object:Gem::Version
243
+ version: '0'
244
+ description: Sprockets is a Rack-based asset packaging system that concatenates and
245
+ serves JavaScript, CoffeeScript, CSS, LESS, Sass, and SCSS.
246
+ email:
266
247
  - sstephenson@gmail.com
267
248
  - josh@joshpeek.com
268
- executables:
249
+ executables:
269
250
  - sprockets
270
251
  extensions: []
271
-
272
252
  extra_rdoc_files: []
273
-
274
- files:
275
- - README.md
253
+ files:
276
254
  - LICENSE
255
+ - README.md
256
+ - bin/sprockets
277
257
  - lib/rake/sprocketstask.rb
258
+ - lib/sprockets.rb
278
259
  - lib/sprockets/asset.rb
279
260
  - lib/sprockets/asset_attributes.rb
280
261
  - lib/sprockets/base.rb
@@ -312,41 +293,28 @@ files:
312
293
  - lib/sprockets/utils.rb
313
294
  - lib/sprockets/version.rb
314
295
  - lib/sprockets/yui_compressor.rb
315
- - lib/sprockets.rb
316
- - bin/sprockets
317
- has_rdoc: true
318
296
  homepage: http://getsprockets.org/
319
- licenses:
297
+ licenses:
320
298
  - MIT
299
+ metadata: {}
321
300
  post_install_message:
322
301
  rdoc_options: []
323
-
324
- require_paths:
302
+ require_paths:
325
303
  - lib
326
- required_ruby_version: !ruby/object:Gem::Requirement
327
- none: false
328
- requirements:
304
+ required_ruby_version: !ruby/object:Gem::Requirement
305
+ requirements:
329
306
  - - ">="
330
- - !ruby/object:Gem::Version
331
- hash: 3
332
- segments:
333
- - 0
334
- version: "0"
335
- required_rubygems_version: !ruby/object:Gem::Requirement
336
- none: false
337
- requirements:
307
+ - !ruby/object:Gem::Version
308
+ version: '0'
309
+ required_rubygems_version: !ruby/object:Gem::Requirement
310
+ requirements:
338
311
  - - ">="
339
- - !ruby/object:Gem::Version
340
- hash: 3
341
- segments:
342
- - 0
343
- version: "0"
312
+ - !ruby/object:Gem::Version
313
+ version: '0'
344
314
  requirements: []
345
-
346
315
  rubyforge_project: sprockets
347
- rubygems_version: 1.6.2
316
+ rubygems_version: 2.2.2
348
317
  signing_key:
349
- specification_version: 3
318
+ specification_version: 4
350
319
  summary: Rack-based asset packaging system
351
320
  test_files: []
352
-