trusty-cms 3.8.1 → 3.8.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: dcbafa19380e5c137beb9176eb345e496c317f5ae02af29dbf9596b4a946d7f4
-  data.tar.gz: 572ea0682bc3a4ae42aed982fc60da02a3df5d215e69d666c7807a737ec76b6e
+  metadata.gz: 3692c255ff72ea8bacc0f457e1d9ec4d17e24f6fbc42898a00e5af4d5d64fd1b
+  data.tar.gz: f09cdfa8786b2a032f9200a1e0d7537b6fb527a784412bac003c38f543f3ee1d
 SHA512:
-  metadata.gz: 836536ed680bb4bcdb6ac7d8e24a3af19c988ba8e81e9ca328388c73e9dafae2002f54d42eb61ec82c48f7c396465054a76fd82757fc1b680e42be4f7736a102
-  data.tar.gz: 14151229fe62788b174582850649b94697d914bfe97311e2acf30cf26fbea5fc105e07b4d92774e8f5037aadce6d4d181a573cd1d420546bda3fe285dbe942d8
+  metadata.gz: 4416a9fcb0f24f337fee5f589a0881cc0376bbddf6a9ca77ffe615a21eccf48e541c9ca9d37b0e18733d869a48c9b75d533b6d738c7c6449883c9e15af05b98b
+  data.tar.gz: 955e197762b016537768a1d4ed93f19a49547d33d67c893b387f09be44f70a5abce0afd9ba9527dd6b0304911d5db4c86febd9491eda4469766700fdbfefa040

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    trusty-cms (3.8.1)
+    trusty-cms (3.8.2)
       RedCloth (= 4.3.2)
       acts_as_list (~> 0.9.5)
       acts_as_tree (>= 2.6.1, < 2.9.0)
@@ -155,7 +155,7 @@ GEM
       multipart-post
     launchy (2.4.3)
       addressable (~> 2.3)
-    libv8 (7.3.492.27.1)
+    libv8 (7.3.492.27.1-x86_64-linux)
     loofah (2.4.0)
       crass (~> 1.0.2)
       nokogiri (>= 1.5.9)

data/app/models/standard_tags.rb

@@ -749,7 +749,7 @@ module StandardTags
       url << "&default=#{default_avatar_url}" unless request.host_with_port == 'testhost.tld'
       # Test the Gravatar url
       require 'open-uri'
-      begin; open "http:#{url}", :proxy => true
+      begin; open "http:#{sanitize(url)}", :proxy => true
       rescue; local_avatar_url
       else; url
       end

data/config/initializers/devise.rb

@@ -177,7 +177,7 @@ Devise.setup do |config|
 
   # ==> Configuration for :validatable
   # Range for password length.
-  # config.password_length = 12..128
+  config.password_length = 12..128
 
   # Email regex used to validate email formats. It simply asserts that
   # one (and only one) @ exists in the given string. This is mainly

data/lib/tasks/upgrade_to_devise.rake

@@ -4,13 +4,16 @@
 namespace :import do
   desc 'Imports the legacy user data into the Devise Admin table'
   task admins: :environment do
+    CHARS = ('0'..'9').to_a + ('A'..'Z').to_a + ('a'..'z').to_a + (1..9).to_a + ['`', '~', '!', '@', '#', '$', '%', '^', '&', '*']
+    password = CHARS.sort_by { rand }.join[0...15]
+
     LegacyUser.all.each do |legacy|
       u = User.new(
         email: legacy.email,
         first_name: legacy.name.split(' ')[0],
         last_name: legacy.name.split(' ')[1],
-        password: 'PleaseChangeMe1!',
-        password_confirmation: 'PleaseChangeMe1!',
+        password: password,
+        password_confirmation: password,
         admin: legacy.admin,
         designer: legacy.designer,
         content_editor: legacy.content_editor,

data/lib/trusty_cms.rb

@@ -2,6 +2,6 @@ TRUSTY_CMS_ROOT = File.expand_path(File.join(File.dirname(__FILE__), "..")) unle
 
 unless defined? TrustyCms::VERSION
   module TrustyCms
-    VERSION = '3.8.1'
+    VERSION = '3.8.2'
   end
 end

data/lib/trusty_cms/extension_migrator.rb

@@ -12,7 +12,7 @@ module TrustyCms
       end
 
       def get_all_versions
-        ActiveRecord::Base.connection.select_values("SELECT version FROM #{schema_migrations_table_name}").
+        ActiveRecord::Base.connection.select_values("SELECT version FROM #{sanitize(schema_migrations_table_name)}").
           select { |version| version.starts_with?("#{@extension.extension_name}-")}.
           map { |version| version.sub("#{@extension.extension_name}-", '').to_i }.sort
       end
@@ -38,17 +38,17 @@ module TrustyCms
       end
 
       def initialize_extension_schema_migrations
-        current_version = ActiveRecord::Base.connection.select_value("SELECT schema_version FROM extension_meta WHERE name = #{quote(extension_name)}")
+        current_version = ActiveRecord::Base.connection.select_value("SELECT schema_version FROM extension_meta WHERE name = #{sanitize(quote(extension_name))}")
         if current_version
           assume_migrated_upto_version(current_version.to_i)
-          ActiveRecord::Base.connection.delete("DELETE FROM extension_meta WHERE name = #{quote(extension_name)}")
+          ActiveRecord::Base.connection.delete("DELETE FROM extension_meta WHERE name = #{sanitize(Aquote(extension_name))}")
         end
       end
 
       def initialize_received_migrations
         if donors = self.class.extension.migrates_from
           donors.each do |extension_name, until_migration|
-            replaced = ActiveRecord::Base.connection.select_values("SELECT version FROM #{ActiveRecord::Migrator.schema_migrations_table_name} WHERE version LIKE '#{extension_name}-%'").map{|v| v.sub(/^#{extension_name}\-/, '').to_i}
+            replaced = ActiveRecord::Base.connection.select_values("SELECT version FROM #{sanitize(ActiveRecord::Migrator.schema_migrations_table_name)} WHERE version LIKE '#{extension_name}-%'").map{|v| v.sub(/^#{extension_name}\-/, '').to_i}
             replaced.delete_if{|v| v > until_migration.to_i} if until_migration
             assume_migrated_upto_version(replaced.max) if replaced.any?
           end
@@ -65,7 +65,7 @@ module TrustyCms
         end
 
         unless migrated.include?(version)
-          ActiveRecord::Base.connection.execute "INSERT INTO #{sm_table} (version) VALUES (#{quote(version_string(version))})"
+          ActiveRecord::Base.connection.execute "INSERT INTO #{sm_table} (version) VALUES (#{sanitize(quote(version_string(version)))})"
         end
 
         inserted = Set.new
@@ -73,22 +73,10 @@ module TrustyCms
           if inserted.include?(v)
             raise "Duplicate migration #{v}. Please renumber your migrations to resolve the conflict."
           elsif v < version
-            ActiveRecord::Base.connection.execute "INSERT INTO #{sm_table} (version) VALUES (#{quote(version_string(v))})"
+            ActiveRecord::Base.connection.execute "INSERT INTO #{sm_table} (version) VALUES (#{sanitize(quote(version_string(v)))})"
             inserted << v
           end
         end
       end
-
-      def record_version_state_after_migrating(version)
-        sm_table = self.class.schema_migrations_table_name
-        @migrated_versions ||= []
-        if down?
-          @migrated_versions.delete(version.to_i)
-          ActiveRecord::Base.connection.update("DELETE FROM #{sm_table} WHERE version = #{quote(version_string(version))}")
-        else
-          @migrated_versions.add(version.to_i)
-          ActiveRecord::Base.connection.insert("INSERT INTO #{sm_table} (version) VALUES (#{quote(version_string(version))})")
-        end
-      end
   end
 end

data/vendor/extensions/clipped-extension/lib/tasks/clipped_extension_tasks.rake

@@ -71,54 +71,6 @@ namespace :radiant do
           end
         end
       end
-      
-      desc "Migrates page attachments from the original page attachments extension into new Assets"
-      task :migrate_from_page_attachments => :environment do
-        puts "This task can clean up traces of the page_attachments (think table records and files currently in /public/page_attachments).
-If you would like to use this mode type \"yes\", type \"no\" or just hit enter to leave them untouched for now."
-        answer = STDIN.gets.chomp
-        erase_tracks = answer.eql?('yes') ? true : false
-        OldPageAttachment.find_all_by_parent_id(nil).each do |opa|
-          asset = opa.create_paperclipped_record
-          # move the actual file
-          old_dir = "#{Rails.root}/public/page_attachments/0000/#{opa.id.to_s.rjust(4,'0')}"
-          new_dir = "#{Rails.root}/public/assets/#{asset.id}"
-          puts "Copying #{old_dir.gsub(Rails.root, '')}/#{opa.filename} to #{new_dir.gsub(Rails.root, '')}/#{opa.filename}..."
-          mkdir_p new_dir
-          cp old_dir + "/#{opa.filename}", new_dir + "/#{opa.filename}"
-          # remove old record and remainings
-          if erase_tracks
-            rm_rf old_dir
-          end
-        end
-        # regenerate thumbnails
-        puts "Regenerating asset thumbnails"
-        ENV['CLASS'] = 'Asset'
-        Rake::Task['paperclip:refresh'].invoke
-        puts "Done."
-      end
-      
-      desc "Migrates from old 'assets' extension."
-      task :migrate_from_assets => :environment do
-        Asset.delete_all("thumbnail IS NOT NULL OR parent_id IS NOT NULL")
-        ActiveRecord::Base.connection.tap do |c|
-          c.rename_column :assets, :filename, :asset_file_name
-          c.rename_column :assets, :content_type, :asset_content_type
-          c.rename_column :assets, :size, :asset_file_size
-          c.remove_column :assets, :parent_id
-          c.remove_column :assets, :thumbnail
-        end
-
-        ClippedExtension.migrator.new(:up, ClippedExtension.migrations_path).send(:assume_migrated_upto_version, 3)
-        ClippedExtension.migrator.migrate
-      end
-
-      desc "Generate an example initializer"
-      task :initialize do
-        puts "Copying initializer from ClippedExtension"
-        cp ClippedExtension.root + "/lib/generators/templates/clipped_config.rb", Rails.root + "/config/initializers/", :verbose => false
-      end
-
     end
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: trusty-cms
 version: !ruby/object:Gem::Version
-  version: 3.8.1
+  version: 3.8.2
 platform: ruby
 authors:
 - TrustyCms CMS dev team
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-01-29 00:00:00.000000000 Z
+date: 2020-01-31 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: acts_as_list
@@ -675,7 +675,6 @@ files:
 - app/models/layout.rb
 - app/models/legacy_user.rb
 - app/models/menu_renderer.rb
-- app/models/old_page_attachment.rb
 - app/models/page.rb
 - app/models/page_attachment.rb
 - app/models/page_context.rb
@@ -998,7 +997,6 @@ files:
 - lib/trusty_cms/config/definition.rb
 - lib/trusty_cms/engine.rb
 - lib/trusty_cms/extension.rb
-- lib/trusty_cms/extension/script.rb
 - lib/trusty_cms/extension_loader.rb
 - lib/trusty_cms/extension_migrator.rb
 - lib/trusty_cms/extension_path.rb

data/app/models/old_page_attachment.rb

@@ -1,26 +0,0 @@
-class OldPageAttachment < ActiveRecord::Base
-    def create_paperclipped_record
-      options = {
-        :asset_file_size => size,
-        :asset_file_name => filename,
-        :asset_content_type => content_type,
-        :created_by_id => created_by
-      }
-      
-      # In newer versions of page_attachments we have title and description fields.
-      options[:title] = title if respond_to?(:title)
-      options[:caption] = description if respond_to?(:description)
-      
-      a = Asset.new(options)
-      a.save
-      
-      # Re-attach the asset to it's page
-      page = Page.find(page_id)
-      p = PageAttachment.create(:asset_id => a.id, :page_id => page.id)
-      
-      # Circumvent acts_as_list before_create filter to set the original page_attachment position.
-      PageAttachment.update_all("position=#{position}", "id=#{p.id}") if respond_to?(:position)
-      
-      a
-    end          
-end

data/lib/trusty_cms/extension/script.rb

@@ -1,376 +0,0 @@
-require 'active_resource'
-require 'tmpdir'
-require 'fileutils'
-require 'rake'
-
-module Registry
-  class Extension < ActiveResource::Base
-    self.site = ENV['REGISTRY_URL'] || "http://ext.radiantcms.org/"
-
-    def install
-      Registry.const_get(install_type).new(self).install
-    end
-
-    def uninstall
-      Uninstaller.new(self).uninstall
-    end
-
-    def inspect
-%{
-Name:           #{name}
-Description:
-  #{description}
-Author:         #{author.name} <#{author.email}>
-Source code:    #{repository_url}
-Download:       #{download_url}
-Install type:   #{install_type}
-Supports:       TrustyCms #{supports_radiant_version}
-}.strip
-    end
-  end
-
-  class Action
-    def rake(command)
-      puts "rake #{command}"
-      puts `rake #{command} Rails.env=#{Rails.env}` if tasks_include? command
-    end
-
-    def tasks_include?(command)
-      command = command.split(':')
-      if command.length > 1 && command[0..1] == ['radiant','extensions']
-        extension = command[2]
-        task = "radiant:extensions:#{extension}:#{command[3].split[0]}"
-      else
-        extension = task = command[0]
-      end
-      rake_file = File.join(Rails.root, 'vendor', 'extensions', extension) + '/lib/tasks/' + extension + '_extension_tasks.rake'
-      load rake_file if File.exist? rake_file
-      tasks = Rake.application.tasks.map(&:name)
-      tasks.include? task
-    end
-
-    def file_utils
-      FileUtils
-    end
-
-    delegate :cd, :cp_r, :rm_r, :to => :file_utils
-  end
-
-  class Installer < Action
-    attr_accessor :url, :path, :name
-    def initialize(url, name)
-      self.url, self.name = url, name
-    end
-
-    def install
-      copy_to_vendor_extensions
-      migrate
-      update
-    end
-
-    def copy_to_vendor_extensions
-      cp_r(self.path, File.expand_path(File.join(Rails.root, 'vendor', 'extensions', name)))
-      rm_r(self.path)
-    end
-
-    def migrate
-      rake "radiant:extensions:#{name}:migrate"
-    end
-
-    def update
-      rake "radiant:extensions:#{name}:update"
-    end
-  end
-
-  class Uninstaller < Action
-    attr_accessor :name
-    def initialize(extension)
-      self.name = extension.name
-    end
-
-    def uninstall
-      migrate_down
-      remove_extension_directory
-    end
-
-    def migrate_down
-      rake "radiant:extensions:#{name}:migrate VERSION=0"
-    end
-
-    def remove_extension_directory
-      rm_r(File.join(Rails.root, 'vendor', 'extensions', name))
-    end
-  end
-
-  class Checkout < Installer
-    def initialize(extension)
-      super(extension.repository_url, extension.name)
-    end
-
-    def checkout_command
-      raise "Not Implemented!"
-    end
-
-    def install
-      checkout
-      super
-    end
-
-    def checkout
-      self.path = File.join(Dir.tmpdir, name)
-      cd(Dir.tmpdir) { system "#{checkout_command}" }
-    end
-  end
-
-  class Download < Installer
-    def initialize(extension)
-      super(extension.download_url, extension.name)
-    end
-
-    def install
-      download
-      unpack
-      super
-    end
-
-    def unpack
-      raise "Not Implemented!"
-    end
-
-    def filename
-      File.basename(self.url)
-    end
-
-    def download
-      require 'open-uri'
-      File.open(File.join(Dir.tmpdir, self.filename), 'w') {|f| f.write open(self.url).read }
-    end
-  end
-
-  class Git < Checkout
-    def project_in_git?
-      @in_git ||= File.directory?(".git")
-    end
-
-    def checkout_command
-      "git clone #{url} #{name}"
-    end
-
-    def checkout
-      if project_in_git?
-        system "git submodule add #{url} vendor/extensions/#{name}"
-        cd(File.join('vendor', 'extensions', name)) do
-          system "git submodule init && git submodule update"
-        end
-      else
-        super
-        cd(path) do
-          system "git submodule init && git submodule update"
-        end
-      end
-    end
-
-    def copy_to_vendor_extensions
-      super unless project_in_git?
-    end
-  end
-
-  class Subversion < Checkout
-    def checkout_command
-      "svn checkout #{url} #{name}"
-    end
-  end
-
-  class Gem < Download
-    def gem_name(name)
-      name.gsub(/-\d+\.\d+\.\d+(.+)?\.gem/, '')
-    end
-
-    def download
-      # Don't download the gem if it's already installed
-      extension = gem_name(filename)
-      begin
-        gem extension
-      rescue ::Gem::LoadError
-        super
-        `gem install #{extension}`
-      end
-    end
-
-    def unpack
-      output = nil
-      cd(Dir.tmpdir) do
-        output = `gem unpack #{gem_name(filename)}`
-      end
-      self.path = output.match(/'(.*)'/)[1]
-    end
-  end
-
-  class Tarball < Download
-    def filename
-      "#{self.name}.tar"
-    end
-
-    def unpack
-      output = nil
-      cd(Dir.tmpdir) { output = `tar xvf #{filename}` }
-      self.path = File.join(Dir.tmpdir, output.split(/\n/).first.split('/').first)
-    end
-  end
-
-  class Gzip < Tarball
-    def filename
-      @unpacked ? super : "#{self.name}.tar.gz"
-    end
-
-    def unpack
-      cd(Dir.tmpdir) { system "gunzip #{self.filename}" }
-      @unpacked = true
-      super
-    end
-  end
-
-end
-
-module TrustyCms
-  class Extension
-    module Script
-      class << self
-        def execute(args)
-          command = args.shift || 'help'
-          begin
-            const_get(command.camelize).new(args)
-          rescue ArgumentError => e
-            puts e.message
-            Help.new [command]
-          end
-        end
-      end
-
-      module Util
-        attr_accessor :extension_name, :extension
-
-        def to_extension_name(string)
-          string.to_s.underscore
-        end
-
-        def installed?
-          path_match = Regexp.compile("(^|/|\\\\)#{extension_name}$")
-          extension_paths.any? {|p| p =~ path_match }
-        end
-
-        def registered?
-          self.extension
-        end
-
-        def extension_paths
-          paths = [Rails.root, TRUSTY_CMS_ROOT].uniq.map { |p| Dir["#{p}/vendor/extensions/*"] }
-          paths.unshift Dir["#{TRUSTY_CMS_ROOT}/test/fixtures/extensions/*"] if Rails.env == 'test'    #nasty
-          paths.flatten
-        end
-
-        def load_extensions
-          Registry::Extension.find(:all)
-        end
-
-        def find_extension
-          self.extension = load_extensions.find{|e| e.name == self.extension_name }
-        end
-      end
-
-      class Install
-        include Util
-
-        def initialize(args=[])
-          raise ArgumentError, "You must specify an extension to install." if args.blank?
-          self.extension_name = to_extension_name(args.shift)
-          if installed?
-            puts "#{extension_name} is already installed."
-          else
-            find_extension
-            if registered?
-              extension.install
-            else
-              raise ArgumentError, "#{extension_name} is not available in the registry."
-            end
-          end
-        end
-      end
-
-      class Uninstall
-        include Util
-
-        def initialize(args=[])
-          raise ArgumentError, "You must specify an extension to uninstall." if args.blank?
-          self.extension_name = to_extension_name(args.shift)
-          if installed?
-            find_extension && extension.uninstall
-          else
-            puts "#{extension_name} is not installed."
-          end
-        end
-      end
-
-      class Info
-        include Util
-
-        def initialize(args=[])
-          raise ArgumentError, "You must specify an extension to get info on" if args.blank?
-          self.extension_name = to_extension_name(args.shift)
-          find_extension and puts extension.inspect
-        end
-      end
-
-      class Help
-        def initialize(args=[])
-          command = args.shift
-          command = 'help' unless self.class.instance_methods(false).collect {|im| im.to_s}.include?(command.to_s)
-          send(command)
-        end
-
-        def help
-          $stdout.puts %{Usage:   script/extension command [arguments]
-
-  Available commands:
-      #{command_names}
-
-  For help on an individual command:
-      script/extension help command
-
-  You may install extensions from another registry by setting the REGISTRY_URL
-  By default the REGISTRY_URL is set to http://ext.radiantcms.org
-
-  Code for the registry application may be found at:
-  http://github.com/radiant/radiant-extension-registry/
-            }
-        end
-
-        def install
-          $stdout.puts %{Usage:    script/extension install extension_name
-
-  Installs an extension from information in the global registry.
-          }
-        end
-
-        def uninstall
-          $stdout.puts %{Usage:    script/extension uninstall extension_name
-
-  Removes a previously installed extension from the current project.
-            }
-        end
-
-        def info
-          $stdout.puts %{Usage:    script/extension info extension_name
-
-  Displays registry information about the extension.
-          }
-        end
-
-        private
-          def command_names
-            (TrustyCms::Extension::Script.constants - ['Util']).sort.map {|n| n.to_s.underscore }.join(", ")
-          end
-      end
-    end
-  end
-end