sprockets 2.5.0 → 2.5.1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of sprockets might be problematic. Click here for more details.
- checksums.yaml +7 -0
- data/lib/sprockets/server.rb +7 -7
- data/lib/sprockets/version.rb +1 -1
- metadata +38 -66
checksums.yaml
ADDED
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
---
|
|
2
|
+
SHA1:
|
|
3
|
+
metadata.gz: bc422a95c06732b838f61ec50895909c7a23b66b
|
|
4
|
+
data.tar.gz: 181162666f7aca9b032582e6a857f9ad19d0a568
|
|
5
|
+
SHA512:
|
|
6
|
+
metadata.gz: 55c68dc273cbdf040a5b11c5093548dcc66e37c652aced9162344e061a191966b9b50016559c29328e1827ba18c1c28418ea6c5e58c7da3884e4dcc85e190b68
|
|
7
|
+
data.tar.gz: 7d492ae84a013fab793f7f0beaee12d0614d27ea4e3e33b03c3432f78346d45ffddeca99930182646bbfd7eea5c42f7a324e285ae7d2cfa929a8118a3d18f001
|
data/lib/sprockets/server.rb
CHANGED
|
@@ -33,16 +33,16 @@ module Sprockets
|
|
|
33
33
|
# Extract the path from everything after the leading slash
|
|
34
34
|
path = unescape(env['PATH_INFO'].to_s.sub(/^\//, ''))
|
|
35
35
|
|
|
36
|
-
# URLs containing a `".."` are rejected for security reasons.
|
|
37
|
-
if forbidden_request?(path)
|
|
38
|
-
return forbidden_response
|
|
39
|
-
end
|
|
40
|
-
|
|
41
36
|
# Strip fingerprint
|
|
42
37
|
if fingerprint = path_fingerprint(path)
|
|
43
38
|
path = path.sub("-#{fingerprint}", '')
|
|
44
39
|
end
|
|
45
40
|
|
|
41
|
+
# URLs containing a `".."` are rejected for security reasons.
|
|
42
|
+
if forbidden_request?(path)
|
|
43
|
+
return forbidden_response
|
|
44
|
+
end
|
|
45
|
+
|
|
46
46
|
# Look up the asset.
|
|
47
47
|
asset = find_asset(path, :bundle => !body_only?(env))
|
|
48
48
|
|
|
@@ -90,7 +90,7 @@ module Sprockets
|
|
|
90
90
|
#
|
|
91
91
|
# http://example.org/assets/../../../etc/passwd
|
|
92
92
|
#
|
|
93
|
-
path.include?("..")
|
|
93
|
+
path.include?("..") || Pathname.new(path).absolute?
|
|
94
94
|
end
|
|
95
95
|
|
|
96
96
|
# Returns a 403 Forbidden response tuple
|
|
@@ -222,7 +222,7 @@ module Sprockets
|
|
|
222
222
|
# # => "0aa2105d29558f3eb790d411d7d8fb66"
|
|
223
223
|
#
|
|
224
224
|
def path_fingerprint(path)
|
|
225
|
-
path[/-([0-9a-f]{7,40})\.[^.]
|
|
225
|
+
path[/-([0-9a-f]{7,40})\.[^.]+\z/, 1]
|
|
226
226
|
end
|
|
227
227
|
|
|
228
228
|
# URI.unescape is deprecated on 1.9. We need to use URI::Parser
|
data/lib/sprockets/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,8 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: sprockets
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.5.
|
|
5
|
-
prerelease:
|
|
4
|
+
version: 2.5.1
|
|
6
5
|
platform: ruby
|
|
7
6
|
authors:
|
|
8
7
|
- Sam Stephenson
|
|
@@ -10,220 +9,194 @@ authors:
|
|
|
10
9
|
autorequire:
|
|
11
10
|
bindir: bin
|
|
12
11
|
cert_chain: []
|
|
13
|
-
date:
|
|
12
|
+
date: 2014-10-28 00:00:00.000000000 Z
|
|
14
13
|
dependencies:
|
|
15
14
|
- !ruby/object:Gem::Dependency
|
|
16
15
|
name: hike
|
|
17
16
|
requirement: !ruby/object:Gem::Requirement
|
|
18
|
-
none: false
|
|
19
17
|
requirements:
|
|
20
|
-
- - ~>
|
|
18
|
+
- - "~>"
|
|
21
19
|
- !ruby/object:Gem::Version
|
|
22
20
|
version: '1.2'
|
|
23
21
|
type: :runtime
|
|
24
22
|
prerelease: false
|
|
25
23
|
version_requirements: !ruby/object:Gem::Requirement
|
|
26
|
-
none: false
|
|
27
24
|
requirements:
|
|
28
|
-
- - ~>
|
|
25
|
+
- - "~>"
|
|
29
26
|
- !ruby/object:Gem::Version
|
|
30
27
|
version: '1.2'
|
|
31
28
|
- !ruby/object:Gem::Dependency
|
|
32
29
|
name: multi_json
|
|
33
30
|
requirement: !ruby/object:Gem::Requirement
|
|
34
|
-
none: false
|
|
35
31
|
requirements:
|
|
36
|
-
- - ~>
|
|
32
|
+
- - "~>"
|
|
37
33
|
- !ruby/object:Gem::Version
|
|
38
34
|
version: '1.0'
|
|
39
35
|
type: :runtime
|
|
40
36
|
prerelease: false
|
|
41
37
|
version_requirements: !ruby/object:Gem::Requirement
|
|
42
|
-
none: false
|
|
43
38
|
requirements:
|
|
44
|
-
- - ~>
|
|
39
|
+
- - "~>"
|
|
45
40
|
- !ruby/object:Gem::Version
|
|
46
41
|
version: '1.0'
|
|
47
42
|
- !ruby/object:Gem::Dependency
|
|
48
43
|
name: rack
|
|
49
44
|
requirement: !ruby/object:Gem::Requirement
|
|
50
|
-
none: false
|
|
51
45
|
requirements:
|
|
52
|
-
- - ~>
|
|
46
|
+
- - "~>"
|
|
53
47
|
- !ruby/object:Gem::Version
|
|
54
48
|
version: '1.0'
|
|
55
49
|
type: :runtime
|
|
56
50
|
prerelease: false
|
|
57
51
|
version_requirements: !ruby/object:Gem::Requirement
|
|
58
|
-
none: false
|
|
59
52
|
requirements:
|
|
60
|
-
- - ~>
|
|
53
|
+
- - "~>"
|
|
61
54
|
- !ruby/object:Gem::Version
|
|
62
55
|
version: '1.0'
|
|
63
56
|
- !ruby/object:Gem::Dependency
|
|
64
57
|
name: tilt
|
|
65
58
|
requirement: !ruby/object:Gem::Requirement
|
|
66
|
-
none: false
|
|
67
59
|
requirements:
|
|
68
|
-
- - ~>
|
|
60
|
+
- - "~>"
|
|
69
61
|
- !ruby/object:Gem::Version
|
|
70
62
|
version: '1.1'
|
|
71
|
-
- -
|
|
63
|
+
- - "!="
|
|
72
64
|
- !ruby/object:Gem::Version
|
|
73
65
|
version: 1.3.0
|
|
74
66
|
type: :runtime
|
|
75
67
|
prerelease: false
|
|
76
68
|
version_requirements: !ruby/object:Gem::Requirement
|
|
77
|
-
none: false
|
|
78
69
|
requirements:
|
|
79
|
-
- - ~>
|
|
70
|
+
- - "~>"
|
|
80
71
|
- !ruby/object:Gem::Version
|
|
81
72
|
version: '1.1'
|
|
82
|
-
- -
|
|
73
|
+
- - "!="
|
|
83
74
|
- !ruby/object:Gem::Version
|
|
84
75
|
version: 1.3.0
|
|
85
76
|
- !ruby/object:Gem::Dependency
|
|
86
77
|
name: coffee-script
|
|
87
78
|
requirement: !ruby/object:Gem::Requirement
|
|
88
|
-
none: false
|
|
89
79
|
requirements:
|
|
90
|
-
- - ~>
|
|
80
|
+
- - "~>"
|
|
91
81
|
- !ruby/object:Gem::Version
|
|
92
82
|
version: '2.0'
|
|
93
83
|
type: :development
|
|
94
84
|
prerelease: false
|
|
95
85
|
version_requirements: !ruby/object:Gem::Requirement
|
|
96
|
-
none: false
|
|
97
86
|
requirements:
|
|
98
|
-
- - ~>
|
|
87
|
+
- - "~>"
|
|
99
88
|
- !ruby/object:Gem::Version
|
|
100
89
|
version: '2.0'
|
|
101
90
|
- !ruby/object:Gem::Dependency
|
|
102
91
|
name: coffee-script-source
|
|
103
92
|
requirement: !ruby/object:Gem::Requirement
|
|
104
|
-
none: false
|
|
105
93
|
requirements:
|
|
106
|
-
- - ~>
|
|
94
|
+
- - "~>"
|
|
107
95
|
- !ruby/object:Gem::Version
|
|
108
96
|
version: 1.2.0
|
|
109
97
|
type: :development
|
|
110
98
|
prerelease: false
|
|
111
99
|
version_requirements: !ruby/object:Gem::Requirement
|
|
112
|
-
none: false
|
|
113
100
|
requirements:
|
|
114
|
-
- - ~>
|
|
101
|
+
- - "~>"
|
|
115
102
|
- !ruby/object:Gem::Version
|
|
116
103
|
version: 1.2.0
|
|
117
104
|
- !ruby/object:Gem::Dependency
|
|
118
105
|
name: eco
|
|
119
106
|
requirement: !ruby/object:Gem::Requirement
|
|
120
|
-
none: false
|
|
121
107
|
requirements:
|
|
122
|
-
- - ~>
|
|
108
|
+
- - "~>"
|
|
123
109
|
- !ruby/object:Gem::Version
|
|
124
110
|
version: '1.0'
|
|
125
111
|
type: :development
|
|
126
112
|
prerelease: false
|
|
127
113
|
version_requirements: !ruby/object:Gem::Requirement
|
|
128
|
-
none: false
|
|
129
114
|
requirements:
|
|
130
|
-
- - ~>
|
|
115
|
+
- - "~>"
|
|
131
116
|
- !ruby/object:Gem::Version
|
|
132
117
|
version: '1.0'
|
|
133
118
|
- !ruby/object:Gem::Dependency
|
|
134
119
|
name: ejs
|
|
135
120
|
requirement: !ruby/object:Gem::Requirement
|
|
136
|
-
none: false
|
|
137
121
|
requirements:
|
|
138
|
-
- - ~>
|
|
122
|
+
- - "~>"
|
|
139
123
|
- !ruby/object:Gem::Version
|
|
140
124
|
version: '1.0'
|
|
141
125
|
type: :development
|
|
142
126
|
prerelease: false
|
|
143
127
|
version_requirements: !ruby/object:Gem::Requirement
|
|
144
|
-
none: false
|
|
145
128
|
requirements:
|
|
146
|
-
- - ~>
|
|
129
|
+
- - "~>"
|
|
147
130
|
- !ruby/object:Gem::Version
|
|
148
131
|
version: '1.0'
|
|
149
132
|
- !ruby/object:Gem::Dependency
|
|
150
133
|
name: execjs
|
|
151
134
|
requirement: !ruby/object:Gem::Requirement
|
|
152
|
-
none: false
|
|
153
135
|
requirements:
|
|
154
|
-
- - ~>
|
|
136
|
+
- - "~>"
|
|
155
137
|
- !ruby/object:Gem::Version
|
|
156
138
|
version: '1.0'
|
|
157
139
|
type: :development
|
|
158
140
|
prerelease: false
|
|
159
141
|
version_requirements: !ruby/object:Gem::Requirement
|
|
160
|
-
none: false
|
|
161
142
|
requirements:
|
|
162
|
-
- - ~>
|
|
143
|
+
- - "~>"
|
|
163
144
|
- !ruby/object:Gem::Version
|
|
164
145
|
version: '1.0'
|
|
165
146
|
- !ruby/object:Gem::Dependency
|
|
166
147
|
name: json
|
|
167
148
|
requirement: !ruby/object:Gem::Requirement
|
|
168
|
-
none: false
|
|
169
149
|
requirements:
|
|
170
|
-
- -
|
|
150
|
+
- - ">="
|
|
171
151
|
- !ruby/object:Gem::Version
|
|
172
152
|
version: '0'
|
|
173
153
|
type: :development
|
|
174
154
|
prerelease: false
|
|
175
155
|
version_requirements: !ruby/object:Gem::Requirement
|
|
176
|
-
none: false
|
|
177
156
|
requirements:
|
|
178
|
-
- -
|
|
157
|
+
- - ">="
|
|
179
158
|
- !ruby/object:Gem::Version
|
|
180
159
|
version: '0'
|
|
181
160
|
- !ruby/object:Gem::Dependency
|
|
182
161
|
name: rack-test
|
|
183
162
|
requirement: !ruby/object:Gem::Requirement
|
|
184
|
-
none: false
|
|
185
163
|
requirements:
|
|
186
|
-
- -
|
|
164
|
+
- - ">="
|
|
187
165
|
- !ruby/object:Gem::Version
|
|
188
166
|
version: '0'
|
|
189
167
|
type: :development
|
|
190
168
|
prerelease: false
|
|
191
169
|
version_requirements: !ruby/object:Gem::Requirement
|
|
192
|
-
none: false
|
|
193
170
|
requirements:
|
|
194
|
-
- -
|
|
171
|
+
- - ">="
|
|
195
172
|
- !ruby/object:Gem::Version
|
|
196
173
|
version: '0'
|
|
197
174
|
- !ruby/object:Gem::Dependency
|
|
198
175
|
name: rake
|
|
199
176
|
requirement: !ruby/object:Gem::Requirement
|
|
200
|
-
none: false
|
|
201
177
|
requirements:
|
|
202
|
-
- -
|
|
178
|
+
- - ">="
|
|
203
179
|
- !ruby/object:Gem::Version
|
|
204
180
|
version: '0'
|
|
205
181
|
type: :development
|
|
206
182
|
prerelease: false
|
|
207
183
|
version_requirements: !ruby/object:Gem::Requirement
|
|
208
|
-
none: false
|
|
209
184
|
requirements:
|
|
210
|
-
- -
|
|
185
|
+
- - ">="
|
|
211
186
|
- !ruby/object:Gem::Version
|
|
212
187
|
version: '0'
|
|
213
188
|
- !ruby/object:Gem::Dependency
|
|
214
189
|
name: sass
|
|
215
190
|
requirement: !ruby/object:Gem::Requirement
|
|
216
|
-
none: false
|
|
217
191
|
requirements:
|
|
218
|
-
- - ~>
|
|
192
|
+
- - "~>"
|
|
219
193
|
- !ruby/object:Gem::Version
|
|
220
194
|
version: '3.1'
|
|
221
195
|
type: :development
|
|
222
196
|
prerelease: false
|
|
223
197
|
version_requirements: !ruby/object:Gem::Requirement
|
|
224
|
-
none: false
|
|
225
198
|
requirements:
|
|
226
|
-
- - ~>
|
|
199
|
+
- - "~>"
|
|
227
200
|
- !ruby/object:Gem::Version
|
|
228
201
|
version: '3.1'
|
|
229
202
|
description: Sprockets is a Rack-based asset packaging system that concatenates and
|
|
@@ -236,9 +209,11 @@ executables:
|
|
|
236
209
|
extensions: []
|
|
237
210
|
extra_rdoc_files: []
|
|
238
211
|
files:
|
|
239
|
-
- README.md
|
|
240
212
|
- LICENSE
|
|
213
|
+
- README.md
|
|
214
|
+
- bin/sprockets
|
|
241
215
|
- lib/rake/sprocketstask.rb
|
|
216
|
+
- lib/sprockets.rb
|
|
242
217
|
- lib/sprockets/asset.rb
|
|
243
218
|
- lib/sprockets/asset_attributes.rb
|
|
244
219
|
- lib/sprockets/base.rb
|
|
@@ -272,30 +247,27 @@ files:
|
|
|
272
247
|
- lib/sprockets/static_asset.rb
|
|
273
248
|
- lib/sprockets/utils.rb
|
|
274
249
|
- lib/sprockets/version.rb
|
|
275
|
-
- lib/sprockets.rb
|
|
276
|
-
- bin/sprockets
|
|
277
250
|
homepage: http://getsprockets.org/
|
|
278
251
|
licenses: []
|
|
252
|
+
metadata: {}
|
|
279
253
|
post_install_message:
|
|
280
254
|
rdoc_options: []
|
|
281
255
|
require_paths:
|
|
282
256
|
- lib
|
|
283
257
|
required_ruby_version: !ruby/object:Gem::Requirement
|
|
284
|
-
none: false
|
|
285
258
|
requirements:
|
|
286
|
-
- -
|
|
259
|
+
- - ">="
|
|
287
260
|
- !ruby/object:Gem::Version
|
|
288
261
|
version: '0'
|
|
289
262
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
290
|
-
none: false
|
|
291
263
|
requirements:
|
|
292
|
-
- -
|
|
264
|
+
- - ">="
|
|
293
265
|
- !ruby/object:Gem::Version
|
|
294
266
|
version: '0'
|
|
295
267
|
requirements: []
|
|
296
268
|
rubyforge_project: sprockets
|
|
297
|
-
rubygems_version:
|
|
269
|
+
rubygems_version: 2.2.2
|
|
298
270
|
signing_key:
|
|
299
|
-
specification_version:
|
|
271
|
+
specification_version: 4
|
|
300
272
|
summary: Rack-based asset packaging system
|
|
301
273
|
test_files: []
|