web-console 3.6.0 → 3.6.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.markdown +4 -0
- data/lib/web_console.rb +1 -1
- data/lib/web_console/injector.rb +21 -0
- data/lib/web_console/middleware.rb +7 -9
- data/lib/web_console/version.rb +1 -1
- metadata +3 -3
- data/lib/web_console/response.rb +0 -27
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: d439be9277cff602e612a47dd3186aaa0ab3800040f978d2ca68d3dd330b8379
|
4
|
+
data.tar.gz: bdf788f4b48c2a615235a180db5b5b3b9d3a8d0d20326c5ed4157875a04503c5
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 3ae6bec4c77114a1930b367211b2b093b3378e7618f59c27dfa88fb6824179e68c13d4d57a8bf54e92eb4587e7e77b0fe5b625d83623f57a55dbac2066c988d3
|
7
|
+
data.tar.gz: e9282ecc93234e6dc296d65583d8028b3274a87ac83d46e8d4c429f06b965e5ba0de39ea4fc1355be0c0a616a99ca97dcbaf7e5f2c27cbd490be24467ab01fdf
|
data/CHANGELOG.markdown
CHANGED
@@ -2,6 +2,10 @@
|
|
2
2
|
|
3
3
|
## master (unreleased)
|
4
4
|
|
5
|
+
## 3.6.1
|
6
|
+
|
7
|
+
* [#252](https://github.com/rails/web-console/pull/252) Fix improper injection in Rack bodies like ActionDispatch::Response::RackBody ([@gsamokovarov])
|
8
|
+
|
5
9
|
## 3.6.0
|
6
10
|
|
7
11
|
* [#254](https://github.com/rails/web-console/pull/254) Rescue ActionDispatch::RemoteIp::IpSpoofAttackError ([@wjordan])
|
data/lib/web_console.rb
CHANGED
@@ -0,0 +1,21 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module WebConsole
|
4
|
+
# Injects content into a Rack body.
|
5
|
+
class Injector
|
6
|
+
def initialize(body)
|
7
|
+
@body = "".dup
|
8
|
+
|
9
|
+
body.each { |part| @body << part }
|
10
|
+
body.close if body.respond_to?(:close)
|
11
|
+
end
|
12
|
+
|
13
|
+
def inject(content)
|
14
|
+
if position = @body.rindex("</body>")
|
15
|
+
[ @body.insert(position, content) ]
|
16
|
+
else
|
17
|
+
[ @body << content ]
|
18
|
+
end
|
19
|
+
end
|
20
|
+
end
|
21
|
+
end
|
@@ -30,16 +30,14 @@ module WebConsole
|
|
30
30
|
status, headers, body = call_app(env)
|
31
31
|
|
32
32
|
if (session = Session.from(Thread.current)) && acceptable_content_type?(headers)
|
33
|
-
|
34
|
-
|
33
|
+
headers["X-Web-Console-Session-Id"] = session.id
|
34
|
+
headers["X-Web-Console-Mount-Point"] = mount_point
|
35
35
|
|
36
|
-
|
37
|
-
|
38
|
-
response.write(template.render("index"))
|
39
|
-
response.finish
|
40
|
-
else
|
41
|
-
[ status, headers, body ]
|
36
|
+
template = Template.new(env, session)
|
37
|
+
body = Injector.new(body).inject(template.render("index"))
|
42
38
|
end
|
39
|
+
|
40
|
+
[ status, headers, body ]
|
43
41
|
end
|
44
42
|
rescue => e
|
45
43
|
WebConsole.logger.error("\n#{e.class}: #{e}\n\tfrom #{e.backtrace.join("\n\tfrom ")}")
|
@@ -64,7 +62,7 @@ module WebConsole
|
|
64
62
|
headers = { "Content-Type" => "application/json; charset = utf-8" }
|
65
63
|
body = yield.to_json
|
66
64
|
|
67
|
-
|
65
|
+
[ status, headers, [ body ] ]
|
68
66
|
end
|
69
67
|
|
70
68
|
def json_response_with_session(id, request, opts = {})
|
data/lib/web_console/version.rb
CHANGED
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: web-console
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 3.6.
|
4
|
+
version: 3.6.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Charlie Somerville
|
@@ -11,7 +11,7 @@ authors:
|
|
11
11
|
autorequire:
|
12
12
|
bindir: bin
|
13
13
|
cert_chain: []
|
14
|
-
date: 2018-04-
|
14
|
+
date: 2018-04-19 00:00:00.000000000 Z
|
15
15
|
dependencies:
|
16
16
|
- !ruby/object:Gem::Dependency
|
17
17
|
name: railties
|
@@ -90,11 +90,11 @@ files:
|
|
90
90
|
- lib/web_console/evaluator.rb
|
91
91
|
- lib/web_console/exception_mapper.rb
|
92
92
|
- lib/web_console/extensions.rb
|
93
|
+
- lib/web_console/injector.rb
|
93
94
|
- lib/web_console/locales/en.yml
|
94
95
|
- lib/web_console/middleware.rb
|
95
96
|
- lib/web_console/railtie.rb
|
96
97
|
- lib/web_console/request.rb
|
97
|
-
- lib/web_console/response.rb
|
98
98
|
- lib/web_console/session.rb
|
99
99
|
- lib/web_console/tasks/extensions.rake
|
100
100
|
- lib/web_console/tasks/templates.rake
|
data/lib/web_console/response.rb
DELETED
@@ -1,27 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
module WebConsole
|
4
|
-
# A response object that writes content before the closing </body> tag, if
|
5
|
-
# possible.
|
6
|
-
#
|
7
|
-
# The object quacks like Rack::Response.
|
8
|
-
class Response < Struct.new(:body, :status, :headers)
|
9
|
-
def write(content)
|
10
|
-
raw_body = Array(body).first.to_s
|
11
|
-
|
12
|
-
# We're done with the original body object, so make sure to close it to comply with the Rack SPEC
|
13
|
-
body.close if body.respond_to?(:close)
|
14
|
-
|
15
|
-
self.body =
|
16
|
-
if position = raw_body.rindex("</body>")
|
17
|
-
raw_body.dup.insert(position, content)
|
18
|
-
else
|
19
|
-
raw_body.dup << content
|
20
|
-
end
|
21
|
-
end
|
22
|
-
|
23
|
-
def finish
|
24
|
-
Rack::Response.new(body, status, headers).finish
|
25
|
-
end
|
26
|
-
end
|
27
|
-
end
|