RubyGems - sprockets - Versions diffs - 2.4.5 → 2.4.6 - Mend

sprockets 2.4.5 → 2.4.6

Potentially problematic release.

This version of sprockets might be problematic. Click here for more details.

Files changed (4) hide show

checksums.yaml ADDED Viewed

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 1471328329eb1e6f3a8e218553de19ded2731956
+  data.tar.gz: 8bd2fc9eb30ab785ef04ed901a86ee3e9b416775
+SHA512:
+  metadata.gz: ade13ae863b06566bf143574ade26233e005dbf078ed400b6e7b5e0a3b370017b22f464c0e08da0416244c47e3044b1fb7e9705467620cf38e113424d432da1a
+  data.tar.gz: b50b7d1451f79a7d7446ac2ae428b36b6d006d1901e2ab86c0a489b642a30f217eed3a53dbc6f2414413fcad76b9bd427f22131bc853c68119d4a063608adaba

data/lib/sprockets/server.rb CHANGED Viewed

@@ -33,16 +33,16 @@ module Sprockets
       # Extract the path from everything after the leading slash
       path = unescape(env['PATH_INFO'].to_s.sub(/^\//, ''))
-      # URLs containing a `".."` are rejected for security reasons.
-      if forbidden_request?(path)
-        return forbidden_response
-      end
       # Strip fingerprint
       if fingerprint = path_fingerprint(path)
         path = path.sub("-#{fingerprint}", '')
       end
+      # URLs containing a `".."` are rejected for security reasons.
+      if forbidden_request?(path)
+        return forbidden_response
+      end
       # Look up the asset.
       asset = find_asset(path, :bundle => !body_only?(env))
@@ -90,7 +90,7 @@ module Sprockets
         #
         #     http://example.org/assets/../../../etc/passwd
         #
-        path.include?("..")
+        path.include?("..") || Pathname.new(path).absolute?
       end
       # Returns a 403 Forbidden response tuple
@@ -222,7 +222,7 @@ module Sprockets
       #     # => "0aa2105d29558f3eb790d411d7d8fb66"
       #
       def path_fingerprint(path)
-        path[/-([0-9a-f]{7,40})\.[^.]+$/, 1]
+        path[/-([0-9a-f]{7,40})\.[^.]+\z/, 1]
       end
       # URI.unescape is deprecated on 1.9. We need to use URI::Parser

data/lib/sprockets/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module Sprockets
-  VERSION = "2.4.5"
+  VERSION = "2.4.6"
 end

metadata CHANGED Viewed

@@ -1,238 +1,219 @@
---- !ruby/object:Gem::Specification
+--- !ruby/object:Gem::Specification
 name: sprockets
-version: !ruby/object:Gem::Version
-  hash: 21
-  prerelease:
-  segments:
-  - 2
-  - 4
-  - 5
-  version: 2.4.5
+version: !ruby/object:Gem::Version
+  version: 2.4.6
 platform: ruby
-authors:
+authors:
 - Sam Stephenson
 - Joshua Peek
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2012-07-10 00:00:00 Z
-dependencies:
-- !ruby/object:Gem::Dependency
+date: 2014-10-28 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
   name: hike
-  prerelease: false
-  requirement: &id001 !ruby/object:Gem::Requirement
-    none: false
-    requirements:
-    - - ~>
-      - !ruby/object:Gem::Version
-        hash: 11
-        segments:
-        - 1
-        - 2
-        version: "1.2"
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.2'
   type: :runtime
-  version_requirements: *id001
-- !ruby/object:Gem::Dependency
-  name: multi_json
   prerelease: false
-  requirement: &id002 !ruby/object:Gem::Requirement
-    none: false
-    requirements:
-    - - ~>
-      - !ruby/object:Gem::Version
-        hash: 15
-        segments:
-        - 1
-        - 0
-        version: "1.0"
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.2'
+- !ruby/object:Gem::Dependency
+  name: multi_json
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
   type: :runtime
-  version_requirements: *id002
-- !ruby/object:Gem::Dependency
-  name: rack
   prerelease: false
-  requirement: &id003 !ruby/object:Gem::Requirement
-    none: false
-    requirements:
-    - - ~>
-      - !ruby/object:Gem::Version
-        hash: 15
-        segments:
-        - 1
-        - 0
-        version: "1.0"
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+- !ruby/object:Gem::Dependency
+  name: rack
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
   type: :runtime
-  version_requirements: *id003
-- !ruby/object:Gem::Dependency
-  name: tilt
   prerelease: false
-  requirement: &id004 !ruby/object:Gem::Requirement
-    none: false
-    requirements:
-    - - ~>
-      - !ruby/object:Gem::Version
-        hash: 13
-        segments:
-        - 1
-        - 1
-        version: "1.1"
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+- !ruby/object:Gem::Dependency
+  name: tilt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.1'
     - - "!="
-      - !ruby/object:Gem::Version
-        hash: 27
-        segments:
-        - 1
-        - 3
-        - 0
+      - !ruby/object:Gem::Version
         version: 1.3.0
   type: :runtime
-  version_requirements: *id004
-- !ruby/object:Gem::Dependency
-  name: coffee-script
   prerelease: false
-  requirement: &id005 !ruby/object:Gem::Requirement
-    none: false
-    requirements:
-    - - ~>
-      - !ruby/object:Gem::Version
-        hash: 3
-        segments:
-        - 2
-        - 0
-        version: "2.0"
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.1'
+    - - "!="
+      - !ruby/object:Gem::Version
+        version: 1.3.0
+- !ruby/object:Gem::Dependency
+  name: coffee-script
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
   type: :development
-  version_requirements: *id005
-- !ruby/object:Gem::Dependency
-  name: coffee-script-source
   prerelease: false
-  requirement: &id006 !ruby/object:Gem::Requirement
-    none: false
-    requirements:
-    - - ~>
-      - !ruby/object:Gem::Version
-        hash: 31
-        segments:
-        - 1
-        - 2
-        - 0
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: coffee-script-source
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
         version: 1.2.0
   type: :development
-  version_requirements: *id006
-- !ruby/object:Gem::Dependency
-  name: eco
   prerelease: false
-  requirement: &id007 !ruby/object:Gem::Requirement
-    none: false
-    requirements:
-    - - ~>
-      - !ruby/object:Gem::Version
-        hash: 15
-        segments:
-        - 1
-        - 0
-        version: "1.0"
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.2.0
+- !ruby/object:Gem::Dependency
+  name: eco
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
   type: :development
-  version_requirements: *id007
-- !ruby/object:Gem::Dependency
-  name: ejs
   prerelease: false
-  requirement: &id008 !ruby/object:Gem::Requirement
-    none: false
-    requirements:
-    - - ~>
-      - !ruby/object:Gem::Version
-        hash: 15
-        segments:
-        - 1
-        - 0
-        version: "1.0"
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+- !ruby/object:Gem::Dependency
+  name: ejs
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
   type: :development
-  version_requirements: *id008
-- !ruby/object:Gem::Dependency
-  name: execjs
   prerelease: false
-  requirement: &id009 !ruby/object:Gem::Requirement
-    none: false
-    requirements:
-    - - ~>
-      - !ruby/object:Gem::Version
-        hash: 15
-        segments:
-        - 1
-        - 0
-        version: "1.0"
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+- !ruby/object:Gem::Dependency
+  name: execjs
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
   type: :development
-  version_requirements: *id009
-- !ruby/object:Gem::Dependency
-  name: json
   prerelease: false
-  requirement: &id010 !ruby/object:Gem::Requirement
-    none: false
-    requirements:
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+- !ruby/object:Gem::Dependency
+  name: json
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
     - - ">="
-      - !ruby/object:Gem::Version
-        hash: 3
-        segments:
-        - 0
-        version: "0"
+      - !ruby/object:Gem::Version
+        version: '0'
   type: :development
-  version_requirements: *id010
-- !ruby/object:Gem::Dependency
-  name: rack-test
   prerelease: false
-  requirement: &id011 !ruby/object:Gem::Requirement
-    none: false
-    requirements:
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rack-test
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
     - - ">="
-      - !ruby/object:Gem::Version
-        hash: 3
-        segments:
-        - 0
-        version: "0"
+      - !ruby/object:Gem::Version
+        version: '0'
   type: :development
-  version_requirements: *id011
-- !ruby/object:Gem::Dependency
-  name: rake
   prerelease: false
-  requirement: &id012 !ruby/object:Gem::Requirement
-    none: false
-    requirements:
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
     - - ">="
-      - !ruby/object:Gem::Version
-        hash: 3
-        segments:
-        - 0
-        version: "0"
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
   type: :development
-  version_requirements: *id012
-- !ruby/object:Gem::Dependency
-  name: sass
   prerelease: false
-  requirement: &id013 !ruby/object:Gem::Requirement
-    none: false
-    requirements:
-    - - ~>
-      - !ruby/object:Gem::Version
-        hash: 5
-        segments:
-        - 3
-        - 1
-        version: "3.1"
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: sass
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.1'
   type: :development
-  version_requirements: *id013
-description: Sprockets is a Rack-based asset packaging system that concatenates and serves JavaScript, CoffeeScript, CSS, LESS, Sass, and SCSS.
-email:
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.1'
+description: Sprockets is a Rack-based asset packaging system that concatenates and
+  serves JavaScript, CoffeeScript, CSS, LESS, Sass, and SCSS.
+email:
 - sstephenson@gmail.com
 - josh@joshpeek.com
-executables:
+executables:
 - sprockets
 extensions: []
 extra_rdoc_files: []
-files:
-- README.md
+files:
 - LICENSE
+- README.md
+- bin/sprockets
 - lib/rake/sprocketstask.rb
+- lib/sprockets.rb
 - lib/sprockets/asset.rb
 - lib/sprockets/asset_attributes.rb
 - lib/sprockets/base.rb
@@ -264,40 +245,27 @@ files:
 - lib/sprockets/static_asset.rb
 - lib/sprockets/utils.rb
 - lib/sprockets/version.rb
-- lib/sprockets.rb
-- bin/sprockets
 homepage: http://getsprockets.org/
 licenses: []
+metadata: {}
 post_install_message:
 rdoc_options: []
-require_paths:
+require_paths:
 - lib
-required_ruby_version: !ruby/object:Gem::Requirement
-  none: false
-  requirements:
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
   - - ">="
-    - !ruby/object:Gem::Version
-      hash: 3
-      segments:
-      - 0
-      version: "0"
-required_rubygems_version: !ruby/object:Gem::Requirement
-  none: false
-  requirements:
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
   - - ">="
-    - !ruby/object:Gem::Version
-      hash: 3
-      segments:
-      - 0
-      version: "0"
+    - !ruby/object:Gem::Version
+      version: '0'
 requirements: []
 rubyforge_project: sprockets
-rubygems_version: 1.8.15
+rubygems_version: 2.2.2
 signing_key:
-specification_version: 3
+specification_version: 4
 summary: Rack-based asset packaging system
 test_files: []