sprockets 2.5.0 → 2.5.1

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of sprockets might be problematic. Click here for more details.

@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA1:
3
+ metadata.gz: bc422a95c06732b838f61ec50895909c7a23b66b
4
+ data.tar.gz: 181162666f7aca9b032582e6a857f9ad19d0a568
5
+ SHA512:
6
+ metadata.gz: 55c68dc273cbdf040a5b11c5093548dcc66e37c652aced9162344e061a191966b9b50016559c29328e1827ba18c1c28418ea6c5e58c7da3884e4dcc85e190b68
7
+ data.tar.gz: 7d492ae84a013fab793f7f0beaee12d0614d27ea4e3e33b03c3432f78346d45ffddeca99930182646bbfd7eea5c42f7a324e285ae7d2cfa929a8118a3d18f001
@@ -33,16 +33,16 @@ module Sprockets
33
33
  # Extract the path from everything after the leading slash
34
34
  path = unescape(env['PATH_INFO'].to_s.sub(/^\//, ''))
35
35
 
36
- # URLs containing a `".."` are rejected for security reasons.
37
- if forbidden_request?(path)
38
- return forbidden_response
39
- end
40
-
41
36
  # Strip fingerprint
42
37
  if fingerprint = path_fingerprint(path)
43
38
  path = path.sub("-#{fingerprint}", '')
44
39
  end
45
40
 
41
+ # URLs containing a `".."` are rejected for security reasons.
42
+ if forbidden_request?(path)
43
+ return forbidden_response
44
+ end
45
+
46
46
  # Look up the asset.
47
47
  asset = find_asset(path, :bundle => !body_only?(env))
48
48
 
@@ -90,7 +90,7 @@ module Sprockets
90
90
  #
91
91
  # http://example.org/assets/../../../etc/passwd
92
92
  #
93
- path.include?("..")
93
+ path.include?("..") || Pathname.new(path).absolute?
94
94
  end
95
95
 
96
96
  # Returns a 403 Forbidden response tuple
@@ -222,7 +222,7 @@ module Sprockets
222
222
  # # => "0aa2105d29558f3eb790d411d7d8fb66"
223
223
  #
224
224
  def path_fingerprint(path)
225
- path[/-([0-9a-f]{7,40})\.[^.]+$/, 1]
225
+ path[/-([0-9a-f]{7,40})\.[^.]+\z/, 1]
226
226
  end
227
227
 
228
228
  # URI.unescape is deprecated on 1.9. We need to use URI::Parser
@@ -1,3 +1,3 @@
1
1
  module Sprockets
2
- VERSION = "2.5.0"
2
+ VERSION = "2.5.1"
3
3
  end
metadata CHANGED
@@ -1,8 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: sprockets
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.5.0
5
- prerelease:
4
+ version: 2.5.1
6
5
  platform: ruby
7
6
  authors:
8
7
  - Sam Stephenson
@@ -10,220 +9,194 @@ authors:
10
9
  autorequire:
11
10
  bindir: bin
12
11
  cert_chain: []
13
- date: 2012-09-04 00:00:00.000000000 Z
12
+ date: 2014-10-28 00:00:00.000000000 Z
14
13
  dependencies:
15
14
  - !ruby/object:Gem::Dependency
16
15
  name: hike
17
16
  requirement: !ruby/object:Gem::Requirement
18
- none: false
19
17
  requirements:
20
- - - ~>
18
+ - - "~>"
21
19
  - !ruby/object:Gem::Version
22
20
  version: '1.2'
23
21
  type: :runtime
24
22
  prerelease: false
25
23
  version_requirements: !ruby/object:Gem::Requirement
26
- none: false
27
24
  requirements:
28
- - - ~>
25
+ - - "~>"
29
26
  - !ruby/object:Gem::Version
30
27
  version: '1.2'
31
28
  - !ruby/object:Gem::Dependency
32
29
  name: multi_json
33
30
  requirement: !ruby/object:Gem::Requirement
34
- none: false
35
31
  requirements:
36
- - - ~>
32
+ - - "~>"
37
33
  - !ruby/object:Gem::Version
38
34
  version: '1.0'
39
35
  type: :runtime
40
36
  prerelease: false
41
37
  version_requirements: !ruby/object:Gem::Requirement
42
- none: false
43
38
  requirements:
44
- - - ~>
39
+ - - "~>"
45
40
  - !ruby/object:Gem::Version
46
41
  version: '1.0'
47
42
  - !ruby/object:Gem::Dependency
48
43
  name: rack
49
44
  requirement: !ruby/object:Gem::Requirement
50
- none: false
51
45
  requirements:
52
- - - ~>
46
+ - - "~>"
53
47
  - !ruby/object:Gem::Version
54
48
  version: '1.0'
55
49
  type: :runtime
56
50
  prerelease: false
57
51
  version_requirements: !ruby/object:Gem::Requirement
58
- none: false
59
52
  requirements:
60
- - - ~>
53
+ - - "~>"
61
54
  - !ruby/object:Gem::Version
62
55
  version: '1.0'
63
56
  - !ruby/object:Gem::Dependency
64
57
  name: tilt
65
58
  requirement: !ruby/object:Gem::Requirement
66
- none: false
67
59
  requirements:
68
- - - ~>
60
+ - - "~>"
69
61
  - !ruby/object:Gem::Version
70
62
  version: '1.1'
71
- - - ! '!='
63
+ - - "!="
72
64
  - !ruby/object:Gem::Version
73
65
  version: 1.3.0
74
66
  type: :runtime
75
67
  prerelease: false
76
68
  version_requirements: !ruby/object:Gem::Requirement
77
- none: false
78
69
  requirements:
79
- - - ~>
70
+ - - "~>"
80
71
  - !ruby/object:Gem::Version
81
72
  version: '1.1'
82
- - - ! '!='
73
+ - - "!="
83
74
  - !ruby/object:Gem::Version
84
75
  version: 1.3.0
85
76
  - !ruby/object:Gem::Dependency
86
77
  name: coffee-script
87
78
  requirement: !ruby/object:Gem::Requirement
88
- none: false
89
79
  requirements:
90
- - - ~>
80
+ - - "~>"
91
81
  - !ruby/object:Gem::Version
92
82
  version: '2.0'
93
83
  type: :development
94
84
  prerelease: false
95
85
  version_requirements: !ruby/object:Gem::Requirement
96
- none: false
97
86
  requirements:
98
- - - ~>
87
+ - - "~>"
99
88
  - !ruby/object:Gem::Version
100
89
  version: '2.0'
101
90
  - !ruby/object:Gem::Dependency
102
91
  name: coffee-script-source
103
92
  requirement: !ruby/object:Gem::Requirement
104
- none: false
105
93
  requirements:
106
- - - ~>
94
+ - - "~>"
107
95
  - !ruby/object:Gem::Version
108
96
  version: 1.2.0
109
97
  type: :development
110
98
  prerelease: false
111
99
  version_requirements: !ruby/object:Gem::Requirement
112
- none: false
113
100
  requirements:
114
- - - ~>
101
+ - - "~>"
115
102
  - !ruby/object:Gem::Version
116
103
  version: 1.2.0
117
104
  - !ruby/object:Gem::Dependency
118
105
  name: eco
119
106
  requirement: !ruby/object:Gem::Requirement
120
- none: false
121
107
  requirements:
122
- - - ~>
108
+ - - "~>"
123
109
  - !ruby/object:Gem::Version
124
110
  version: '1.0'
125
111
  type: :development
126
112
  prerelease: false
127
113
  version_requirements: !ruby/object:Gem::Requirement
128
- none: false
129
114
  requirements:
130
- - - ~>
115
+ - - "~>"
131
116
  - !ruby/object:Gem::Version
132
117
  version: '1.0'
133
118
  - !ruby/object:Gem::Dependency
134
119
  name: ejs
135
120
  requirement: !ruby/object:Gem::Requirement
136
- none: false
137
121
  requirements:
138
- - - ~>
122
+ - - "~>"
139
123
  - !ruby/object:Gem::Version
140
124
  version: '1.0'
141
125
  type: :development
142
126
  prerelease: false
143
127
  version_requirements: !ruby/object:Gem::Requirement
144
- none: false
145
128
  requirements:
146
- - - ~>
129
+ - - "~>"
147
130
  - !ruby/object:Gem::Version
148
131
  version: '1.0'
149
132
  - !ruby/object:Gem::Dependency
150
133
  name: execjs
151
134
  requirement: !ruby/object:Gem::Requirement
152
- none: false
153
135
  requirements:
154
- - - ~>
136
+ - - "~>"
155
137
  - !ruby/object:Gem::Version
156
138
  version: '1.0'
157
139
  type: :development
158
140
  prerelease: false
159
141
  version_requirements: !ruby/object:Gem::Requirement
160
- none: false
161
142
  requirements:
162
- - - ~>
143
+ - - "~>"
163
144
  - !ruby/object:Gem::Version
164
145
  version: '1.0'
165
146
  - !ruby/object:Gem::Dependency
166
147
  name: json
167
148
  requirement: !ruby/object:Gem::Requirement
168
- none: false
169
149
  requirements:
170
- - - ! '>='
150
+ - - ">="
171
151
  - !ruby/object:Gem::Version
172
152
  version: '0'
173
153
  type: :development
174
154
  prerelease: false
175
155
  version_requirements: !ruby/object:Gem::Requirement
176
- none: false
177
156
  requirements:
178
- - - ! '>='
157
+ - - ">="
179
158
  - !ruby/object:Gem::Version
180
159
  version: '0'
181
160
  - !ruby/object:Gem::Dependency
182
161
  name: rack-test
183
162
  requirement: !ruby/object:Gem::Requirement
184
- none: false
185
163
  requirements:
186
- - - ! '>='
164
+ - - ">="
187
165
  - !ruby/object:Gem::Version
188
166
  version: '0'
189
167
  type: :development
190
168
  prerelease: false
191
169
  version_requirements: !ruby/object:Gem::Requirement
192
- none: false
193
170
  requirements:
194
- - - ! '>='
171
+ - - ">="
195
172
  - !ruby/object:Gem::Version
196
173
  version: '0'
197
174
  - !ruby/object:Gem::Dependency
198
175
  name: rake
199
176
  requirement: !ruby/object:Gem::Requirement
200
- none: false
201
177
  requirements:
202
- - - ! '>='
178
+ - - ">="
203
179
  - !ruby/object:Gem::Version
204
180
  version: '0'
205
181
  type: :development
206
182
  prerelease: false
207
183
  version_requirements: !ruby/object:Gem::Requirement
208
- none: false
209
184
  requirements:
210
- - - ! '>='
185
+ - - ">="
211
186
  - !ruby/object:Gem::Version
212
187
  version: '0'
213
188
  - !ruby/object:Gem::Dependency
214
189
  name: sass
215
190
  requirement: !ruby/object:Gem::Requirement
216
- none: false
217
191
  requirements:
218
- - - ~>
192
+ - - "~>"
219
193
  - !ruby/object:Gem::Version
220
194
  version: '3.1'
221
195
  type: :development
222
196
  prerelease: false
223
197
  version_requirements: !ruby/object:Gem::Requirement
224
- none: false
225
198
  requirements:
226
- - - ~>
199
+ - - "~>"
227
200
  - !ruby/object:Gem::Version
228
201
  version: '3.1'
229
202
  description: Sprockets is a Rack-based asset packaging system that concatenates and
@@ -236,9 +209,11 @@ executables:
236
209
  extensions: []
237
210
  extra_rdoc_files: []
238
211
  files:
239
- - README.md
240
212
  - LICENSE
213
+ - README.md
214
+ - bin/sprockets
241
215
  - lib/rake/sprocketstask.rb
216
+ - lib/sprockets.rb
242
217
  - lib/sprockets/asset.rb
243
218
  - lib/sprockets/asset_attributes.rb
244
219
  - lib/sprockets/base.rb
@@ -272,30 +247,27 @@ files:
272
247
  - lib/sprockets/static_asset.rb
273
248
  - lib/sprockets/utils.rb
274
249
  - lib/sprockets/version.rb
275
- - lib/sprockets.rb
276
- - bin/sprockets
277
250
  homepage: http://getsprockets.org/
278
251
  licenses: []
252
+ metadata: {}
279
253
  post_install_message:
280
254
  rdoc_options: []
281
255
  require_paths:
282
256
  - lib
283
257
  required_ruby_version: !ruby/object:Gem::Requirement
284
- none: false
285
258
  requirements:
286
- - - ! '>='
259
+ - - ">="
287
260
  - !ruby/object:Gem::Version
288
261
  version: '0'
289
262
  required_rubygems_version: !ruby/object:Gem::Requirement
290
- none: false
291
263
  requirements:
292
- - - ! '>='
264
+ - - ">="
293
265
  - !ruby/object:Gem::Version
294
266
  version: '0'
295
267
  requirements: []
296
268
  rubyforge_project: sprockets
297
- rubygems_version: 1.8.24
269
+ rubygems_version: 2.2.2
298
270
  signing_key:
299
- specification_version: 3
271
+ specification_version: 4
300
272
  summary: Rack-based asset packaging system
301
273
  test_files: []