RubyGems - unpoly-rails - Versions diffs - 3.9.1 → 3.9.2.1 - Mend

unpoly-rails 3.9.1 → 3.9.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

checksums.yaml +4 -4
data/assets/unpoly/unpoly.es6.js +21 -10
data/assets/unpoly/unpoly.es6.min.js +1 -1
data/assets/unpoly/unpoly.js +21 -10
data/assets/unpoly/unpoly.min.js +1 -1
data/lib/unpoly/rails/util.rb +13 -7
data/lib/unpoly/rails/version.rb +1 -1
metadata +2 -2

data/lib/unpoly/rails/util.rb CHANGED Viewed

@@ -5,13 +5,19 @@ module Unpoly
         def guard_json_decode(raw, &default)
           if raw.present?
-            begin
-              ActiveSupport::JSON.decode(raw)
-            rescue ActiveSupport::JSON.parse_error
-              # We would love to crash here, as it might indicate a bug in the frontend code.
-              # Unfortunately security scanners may be spamming malformed JSON in X-Up headers,
-              # DOSing us with error notifications.
-              ::Rails.logger.error('unpoly-rails: Ignoring malformed JSON in X-Up header')
+            if raw.is_a?(String)
+              begin
+                ActiveSupport::JSON.decode(raw)
+              rescue ActiveSupport::JSON.parse_error
+                # We would love to crash here, as it might indicate a bug in the frontend code.
+                # Unfortunately security scanners may be spamming malformed JSON in X-Up headers,
+                # DOSing us with error notifications.
+                ::Rails.logger.error('unpoly-rails: Ignoring malformed JSON in X-Up header')
+                default&.call
+              end
+            else
+              # Security spammers may pass nested param values in params like _up_context_changes.
+              ::Rails.logger.error('unpoly-rails: Ignoring nested value in _up param')
               default&.call
             end
           else

data/lib/unpoly/rails/version.rb CHANGED Viewed

@@ -3,6 +3,6 @@ module Unpoly
     ##
     # The current version of the unpoly-rails gem.
     # The first 3 digits should match the version of the Unpoly frontend code.
-    VERSION = '3.9.1'
+    VERSION = '3.9.2.1'
   end
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: unpoly-rails
 version: !ruby/object:Gem::Version
-  version: 3.9.1
+  version: 3.9.2.1
 platform: ruby
 authors:
 - Henning Koch
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-09-16 00:00:00.000000000 Z
+date: 2024-10-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: railties