github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-11-22 12:42:16 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

ok, we now dual boot rails 4 and rails 3 ... to run in rails 4 mode: RAILS4=1 bundle exec thin start

Browse Source
This commit is contained in:
Sam 2013-07-21 10:56:48 +10:00
parent 857813271f
commit e7e00601c6
6 changed files with 720 additions and 112 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

64
Gemfile
View File

@ -1,5 +1,56 @@
source 'https://rubygems.org' source 'https://rubygems.org'
# monkey patching to support dual booting
module Bundler::SharedHelpers
def default_lockfile=(path)
@default_lockfile = path
end
def default_lockfile
@default_lockfile ||= Pathname.new("#{default_gemfile}.lock")
end
end
def rails4?
!!ENV["RAILS4"]
end
if rails4?
Bundler::SharedHelpers.default_lockfile = Pathname.new("#{Bundler::SharedHelpers.default_gemfile}_rails4.lock")
# Bundler::Dsl.evaluate already called with an incorrect lockfile ... fix it
class Bundler::Dsl
# A bit messy, this can be called multiple times by bundler, avoid blowing the stack
unless self.method_defined? :to_definition_unpatched
alias_method :to_definition_unpatched, :to_definition
puts "Booting in Rails 4 mode"
end
def to_definition(bad_lockfile, unlock)
to_definition_unpatched(Bundler::SharedHelpers.default_lockfile, unlock)
end
end
end
if rails4?
gem 'rails', '4.0.0'
gem 'redis-rails', :git => 'git://github.com/SamSaffron/redis-store.git'
gem 'rails-observers'
gem 'protected_attributes'
gem 'actionpack-action_caching'
else
# we had pain with the 3.2.13 upgrade so monkey patch the security fix
# next time around we hope to upgrade
gem 'rails', '3.2.12'
gem 'strong_parameters' # remove when we upgrade to Rails 4
# we are using a custom sprockets repo to work around: https://github.com/rails/rails/issues/8099#issuecomment-16137638
# REVIEW EVERY RELEASE
gem 'sprockets', git: 'https://github.com/SamSaffron/sprockets.git', branch: 'rails-compat'
gem 'redis-rails'
end
gem 'redis'
gem 'hiredis'
gem 'em-redis'
gem 'active_model_serializers', git: 'https://github.com/rails-api/active_model_serializers.git' gem 'active_model_serializers', git: 'https://github.com/rails-api/active_model_serializers.git'
# we had issues with latest, stick to the rev till we figure this out # we had issues with latest, stick to the rev till we figure this out
@ -20,13 +71,11 @@ gem 'activerecord-postgres-hstore'
gem 'active_attr' # until we get ActiveModel::Model with Rails 4 gem 'active_attr' # until we get ActiveModel::Model with Rails 4
gem 'airbrake', '3.1.2', require: false # errbit is broken with 3.1.3 for now gem 'airbrake', '3.1.2', require: false # errbit is broken with 3.1.3 for now
gem 'clockwork', require: false gem 'clockwork', require: false
gem 'em-redis'
gem 'eventmachine' gem 'eventmachine'
gem 'fast_xs' gem 'fast_xs'
gem 'fast_xor', git: 'https://github.com/CodeMonkeySteve/fast_xor.git' gem 'fast_xor', git: 'https://github.com/CodeMonkeySteve/fast_xor.git'
gem 'fastimage' gem 'fastimage'
gem 'fog', require: false gem 'fog', require: false
gem 'hiredis'
gem 'email_reply_parser', git: 'https://github.com/lawrencepit/email_reply_parser.git' gem 'email_reply_parser', git: 'https://github.com/lawrencepit/email_reply_parser.git'
@ -49,12 +98,9 @@ gem 'omniauth-browserid', git: 'https://github.com/callahad/omniauth-browserid.g
gem 'omniauth-cas' gem 'omniauth-cas'
gem 'oj' gem 'oj'
gem 'pg' gem 'pg'
# we had pain with the 3.2.13 upgrade so monkey patch the security fix
# next time around we hope to upgrade
gem 'rails', '3.2.12'
gem 'rake' gem 'rake'
gem 'redis'
gem 'redis-rails'
gem 'rest-client' gem 'rest-client'
gem 'rinku' gem 'rinku'
gem 'sanitize' gem 'sanitize'
@ -64,7 +110,6 @@ gem 'sidekiq'
gem 'sidekiq-failures' gem 'sidekiq-failures'
gem 'sinatra', require: nil gem 'sinatra', require: nil
gem 'slim' # required for sidekiq-web gem 'slim' # required for sidekiq-web
gem 'strong_parameters' # remove when we upgrade to Rails 4
gem 'therubyracer', require: 'v8' gem 'therubyracer', require: 'v8'
gem 'thin', require: false gem 'thin', require: false
gem 'diffy', require: false gem 'diffy', require: false
@ -123,9 +168,6 @@ group :development do
gem 'annotate', :git => 'https://github.com/SamSaffron/annotate_models.git' gem 'annotate', :git => 'https://github.com/SamSaffron/annotate_models.git'
end end
# we are using a custom sprockets repo to work around: https://github.com/rails/rails/issues/8099#issuecomment-16137638
# REVIEW EVERY RELEASE
gem 'sprockets', git: 'https://github.com/SamSaffron/sprockets.git', branch: 'rails-compat'
# this is an optional gem, it provides a high performance replacement # this is an optional gem, it provides a high performance replacement

2
Gemfile.lock
View File

@ -93,7 +93,7 @@ PATH
remote: vendor/gems/simple_handlebars_rails remote: vendor/gems/simple_handlebars_rails
specs: specs:
simple_handlebars_rails (0.0.1) simple_handlebars_rails (0.0.1)
rails (~> 3.1) rails (> 3.1)
GEM GEM
remote: https://rubygems.org/ remote: https://rubygems.org/

565
Gemfile_rails4.lock Normal file
View File

@ -0,0 +1,565 @@
GIT
remote: git://github.com/SamSaffron/redis-store.git
revision: 1eafaa3d8bfbcb61ad89d1a2831adbba4ea8e1e1
specs:
redis-actionpack (3.2.3)
actionpack (>= 3.2.3)
redis-rack (~> 1.4.0)
redis-store (~> 1.1.0)
redis-activesupport (3.2.3)
activesupport (>= 3.2.3)
redis-store (~> 1.1.0)
redis-rack (1.4.2)
rack (> 1.4.1)
redis-store (~> 1.1.0)
redis-rails (3.2.3)
redis-actionpack (>= 3.2.3)
redis-activesupport (>= 3.2.3)
redis-store (~> 1.1.0)
GIT
remote: https://github.com/CodeMonkeySteve/fast_xor.git
revision: 85b79ec6d116f9680f23bd2c5c8c2c2039d477d8
specs:
fast_xor (1.1.2)
rake
rake-compiler
GIT
remote: https://github.com/SamSaffron/annotate_models.git
revision: ebe4ba7e3f6ceeb43e4e40078da2b261a1bb71b2
specs:
annotate (2.6.0.beta1)
activerecord (>= 2.3.0)
rake (>= 0.8.7)
GIT
remote: https://github.com/SamSaffron/message_bus
revision: 09392967940daf77943d1489ed3f1f71d6f8450a
specs:
message_bus (0.0.2)
eventmachine
rack (>= 1.1.3)
redis
thin
GIT
remote: https://github.com/SamSaffron/redis-rack-cache.git
revision: 379ef30e31d4e185cb1d7f8badca0cc06403eba2
specs:
redis-rack-cache (1.2.1)
rack-cache (~> 1.2)
redis-store (~> 1.1.0)
GIT
remote: https://github.com/callahad/omniauth-browserid.git
revision: af62d667626c1622de6fe13b60849c3640765ab1
branch: observer_api
specs:
omniauth-browserid (0.0.2)
faraday
multi_json
omniauth (~> 1.0)
GIT
remote: https://github.com/lawrencepit/email_reply_parser.git
revision: 67408dfb1b99fb8d5f145f782b9e22d1851a8e5a
specs:
email_reply_parser (0.6)
GIT
remote: https://github.com/rails-api/active_model_serializers.git
revision: 8ac4bf90067eef442a6208848f86e55892d724f1
specs:
active_model_serializers (0.8.1)
activemodel (>= 3.2)
GIT
remote: https://github.com/zhangyuan/vestal_versions
revision: 0ea75ec4e269b5a9e609639919ade0f36381a446
specs:
vestal_versions (1.2.2)
activerecord (>= 3.0.0)
activesupport (>= 3.0.0)
PATH
remote: vendor/gems/discourse_emoji
specs:
discourse_emoji (0.0.1)
PATH
remote: vendor/gems/discourse_plugin
specs:
discourse_plugin (0.0.1)
PATH
remote: vendor/gems/rails_multisite
specs:
rails_multisite (0.0.1)
PATH
remote: vendor/gems/simple_handlebars_rails
specs:
simple_handlebars_rails (0.0.1)
rails (> 3.1)
GEM
remote: https://rubygems.org/
specs:
actionmailer (4.0.0)
actionpack (= 4.0.0)
mail (~> 2.5.3)
actionpack (4.0.0)
activesupport (= 4.0.0)
builder (~> 3.1.0)
erubis (~> 2.7.0)
rack (~> 1.5.2)
rack-test (~> 0.6.2)
actionpack-action_caching (1.0.0)
actionpack (>= 4.0.0.beta, < 5.0)
active_attr (0.8.2)
activemodel (>= 3.0.2, < 4.1)
activesupport (>= 3.0.2, < 4.1)
activemodel (4.0.0)
activesupport (= 4.0.0)
builder (~> 3.1.0)
activerecord (4.0.0)
activemodel (= 4.0.0)
activerecord-deprecated_finders (~> 1.0.2)
activesupport (= 4.0.0)
arel (~> 4.0.0)
activerecord-deprecated_finders (1.0.3)
activerecord-postgres-hstore (0.7.6)
activerecord (>= 3.1)
pg-hstore (>= 1.1.5)
rake
activesupport (4.0.0)
i18n (~> 0.6, >= 0.6.4)
minitest (~> 4.2)
multi_json (~> 1.3)
thread_safe (~> 0.1)
tzinfo (~> 0.3.37)
addressable (2.3.5)
airbrake (3.1.2)
activesupport
builder
arel (4.0.0)
atomic (1.1.10)
barber (0.4.2)
ember-source
execjs
handlebars-source
better_errors (0.9.0)
coderay (>= 1.0.0)
erubis (>= 2.6.6)
binding_of_caller (0.7.2)
debug_inspector (>= 0.0.1)
builder (3.1.4)
celluloid (0.14.1)
timers (>= 1.0.0)
certified (0.1.1)
childprocess (0.3.9)
ffi (~> 1.0, >= 1.0.11)
clockwork (0.5.3)
activesupport (~> 4.0.0)
tzinfo (~> 0.3.35)
coderay (1.0.9)
connection_pool (1.1.0)
daemons (1.1.9)
debug_inspector (0.0.2)
diff-lcs (1.2.4)
diffy (3.0.1)
em-redis (0.3.0)
eventmachine
ember-data-source (0.13)
ember-source
ember-rails (0.13.0)
active_model_serializers
barber (>= 0.4.1)
ember-data-source
ember-source
execjs (>= 1.2)
handlebars-source
railties (>= 3.1)
ember-source (1.0.0.rc6.2)
handlebars-source (= 1.0.12)
erubis (2.7.0)
eventmachine (1.0.3)
excon (0.25.3)
execjs (1.4.0)
multi_json (~> 1.0)
fabrication (2.7.2)
fakeweb (1.3.0)
faraday (0.8.7)
multipart-post (~> 1.1)
fast_blank (0.0.1)
rake
rake-compiler
fast_xs (0.8.0)
fastimage (1.5.0)
ffi (1.9.0)
fog (1.14.0)
builder
excon (~> 0.25.0)
formatador (~> 0.2.0)
mime-types
multi_json (~> 1.0)
net-scp (~> 1.1)
net-ssh (>= 2.1.3)
nokogiri (~> 1.5)
ruby-hmac
formatador (0.2.4)
fspath (2.0.4)
given_core (3.0.0)
sorcerer (>= 0.3.7)
guard (1.8.1)
formatador (>= 0.2.4)
listen (>= 1.0.0)
lumberjack (>= 1.0.2)
pry (>= 0.9.10)
thor (>= 0.14.6)
guard-rspec (3.0.2)
guard (>= 1.8)
rspec (~> 2.13)
guard-spork (1.5.1)
childprocess (>= 0.2.3)
guard (>= 1.1)
spork (>= 0.8.4)
handlebars-source (1.0.12)
hashie (2.0.5)
highline (1.6.19)
hike (1.2.3)
hiredis (0.4.5)
httpauth (0.2.0)
i18n (0.6.4)
image_optim (0.8.1)
fspath (~> 2.0.3)
image_size (~> 1.1.2)
in_threads (~> 1.1.1)
progress (~> 2.4.0)
image_size (1.1.2)
image_sorcery (1.1.0)
in_threads (1.1.1)
json (1.8.0)
jwt (0.1.8)
multi_json (>= 1.5)
kgio (2.8.0)
librarian (0.1.0)
highline
thor (~> 0.15)
libv8 (3.11.8.17)
listen (1.2.2)
rb-fsevent (>= 0.9.3)
rb-inotify (>= 0.9)
rb-kqueue (>= 0.2)
lru_redux (0.0.6)
lumberjack (1.0.4)
mail (2.5.4)
mime-types (~> 1.16)
treetop (~> 1.4.8)
metaclass (0.0.1)
method_source (0.8.1)
mime-types (1.23)
mini_portile (0.5.1)
minitest (4.7.5)
mocha (0.14.0)
metaclass (~> 0.0.1)
multi_json (1.7.7)
multipart-post (1.2.0)
mustache (0.99.4)
net-scp (1.1.2)
net-ssh (>= 2.6.5)
net-ssh (2.6.8)
nokogiri (1.6.0)
mini_portile (~> 0.5.0)
oauth (0.4.7)
oauth2 (0.8.1)
faraday (~> 0.8)
httpauth (~> 0.1)
jwt (~> 0.1.4)
multi_json (~> 1.0)
rack (~> 1.2)
oj (2.1.4)
omniauth (1.1.4)
hashie (>= 1.2, < 3)
rack
omniauth-cas (1.0.4)
addressable (~> 2.3)
nokogiri (~> 1.6)
omniauth (~> 1.1.0)
omniauth-facebook (1.4.1)
omniauth-oauth2 (~> 1.1.0)
omniauth-github (1.1.1)
omniauth (~> 1.0)
omniauth-oauth2 (~> 1.1)
omniauth-oauth (1.0.1)
oauth
omniauth (~> 1.0)
omniauth-oauth2 (1.1.1)
oauth2 (~> 0.8.0)
omniauth (~> 1.0)
omniauth-openid (1.0.1)
omniauth (~> 1.0)
rack-openid (~> 1.3.1)
omniauth-twitter (1.0.0)
multi_json (~> 1.3)
omniauth-oauth (~> 1.0)
openid-redis-store (0.0.2)
redis
ruby-openid
pg (0.15.1)
pg-hstore (1.1.7)
polyglot (0.3.3)
progress (2.4.0)
protected_attributes (1.0.3)
activemodel (>= 4.0.0, < 5.0)
pry (0.9.12.2)
coderay (~> 1.0.5)
method_source (~> 0.8)
slop (~> 3.4)
pry-nav (0.2.3)
pry (~> 0.9.10)
pry-rails (0.3.1)
pry (>= 0.9.10)
qunit-rails (0.0.3)
railties (>= 3.2.3)
rack (1.5.2)
rack-cache (1.2)
rack (>= 0.4)
rack-cors (0.2.8)
rack
rack-mini-profiler (0.1.27)
rack (>= 1.1.3)
rack-openid (1.3.1)
rack (>= 1.1.0)
ruby-openid (>= 2.1.8)
rack-protection (1.5.0)
rack
rack-test (0.6.2)
rack (>= 1.0)
rails (4.0.0)
actionmailer (= 4.0.0)
actionpack (= 4.0.0)
activerecord (= 4.0.0)
activesupport (= 4.0.0)
bundler (>= 1.3.0, < 2.0)
railties (= 4.0.0)
sprockets-rails (~> 2.0.0)
rails-observers (0.1.2)
activemodel (~> 4.0)
railties (4.0.0)
actionpack (= 4.0.0)
activesupport (= 4.0.0)
rake (>= 0.8.7)
thor (>= 0.18.1, < 2.0)
raindrops (0.11.0)
rake (10.1.0)
rake-compiler (0.8.3)
rake
rb-fsevent (0.9.3)
rb-inotify (0.9.0)
ffi (>= 0.5.0)
rb-kqueue (0.2.0)
ffi (>= 0.5.0)
redcarpet (3.0.0)
redis (3.0.4)
redis-namespace (1.3.0)
redis (~> 3.0.0)
redis-store (1.1.2)
redis (>= 2.2.0)
ref (1.0.5)
rest-client (1.6.7)
mime-types (>= 1.16)
rinku (1.7.3)
rspec (2.14.1)
rspec-core (~> 2.14.0)
rspec-expectations (~> 2.14.0)
rspec-mocks (~> 2.14.0)
rspec-core (2.14.3)
rspec-expectations (2.14.0)
diff-lcs (>= 1.1.3, < 2.0)
rspec-given (3.0.0)
given_core (= 3.0.0)
rspec (>= 2.12)
rspec-mocks (2.14.1)
rspec-rails (2.14.0)
actionpack (>= 3.0)
activesupport (>= 3.0)
railties (>= 3.0)
rspec-core (~> 2.14.0)
rspec-expectations (~> 2.14.0)
rspec-mocks (~> 2.14.0)
ruby-hmac (0.4.0)
ruby-openid (2.2.3)
sanitize (2.0.6)
nokogiri (>= 1.4.4)
sass (3.2.9)
sass-rails (4.0.0)
railties (>= 4.0.0.beta, < 5.0)
sass (>= 3.1.10)
sprockets-rails (~> 2.0.0)
seed-fu (1.2.3)
rails (>= 2.1)
shoulda (3.5.0)
shoulda-context (~> 1.0, >= 1.0.1)
shoulda-matchers (>= 1.4.1, < 3.0)
shoulda-context (1.1.4)
shoulda-matchers (2.2.0)
activesupport (>= 3.0.0)
sidekiq (2.13.0)
celluloid (>= 0.14.1)
connection_pool (>= 1.0.0)
json
redis (>= 3.0)
redis-namespace
sidekiq-failures (0.2.1)
sidekiq (>= 2.2.1)
simplecov (0.7.1)
multi_json (~> 1.0)
simplecov-html (~> 0.7.1)
simplecov-html (0.7.1)
sinatra (1.4.3)
rack (~> 1.4)
rack-protection (~> 1.4)
tilt (~> 1.3, >= 1.3.4)
slim (2.0.0)
temple (~> 0.6.5)
tilt (~> 1.3, >= 1.3.3)
slop (3.4.5)
sorcerer (1.0.0)
spork (0.9.2)
sprockets (2.10.0)
hike (~> 1.2)
multi_json (~> 1.0)
rack (~> 1.0)
tilt (~> 1.1, != 1.3.0)
sprockets-rails (2.0.0)
actionpack (>= 3.0)
activesupport (>= 3.0)
sprockets (~> 2.8)
temple (0.6.5)
terminal-notifier-guard (1.5.3)
therubyracer (0.11.4)
libv8 (~> 3.11.8.12)
ref
thin (1.5.1)
daemons (>= 1.0.9)
eventmachine (>= 0.12.6)
rack (>= 1.0.0)
thor (0.18.1)
thread_safe (0.1.0)
atomic
tilt (1.4.1)
timecop (0.6.2.2)
timers (1.1.0)
treetop (1.4.14)
polyglot
polyglot (>= 0.3.1)
turbo-sprockets-rails3 (0.2.9)
railties (>= 3.1.0)
sprockets (>= 2.0.0)
tzinfo (0.3.37)
uglifier (2.1.2)
execjs (>= 0.3.0)
multi_json (~> 1.0, >= 1.0.2)
unicorn (4.6.3)
kgio (~> 2.6)
rack
raindrops (~> 0.7)
PLATFORMS
ruby
DEPENDENCIES
actionpack-action_caching
active_attr
active_model_serializers!
activerecord-postgres-hstore
airbrake (= 3.1.2)
annotate!
barber
better_errors
binding_of_caller
certified
clockwork
diffy
discourse_emoji!
discourse_plugin!
em-redis
email_reply_parser!
ember-rails
ember-source (= 1.0.0.rc6.2)
eventmachine
fabrication
fakeweb (~> 1.3.0)
fast_blank
fast_xor!
fast_xs
fastimage
fog
guard-rspec
guard-spork
handlebars-source (= 1.0.12)
highline
hiredis
image_optim
image_sorcery
librarian (>= 0.0.25)
listen
lru_redux
message_bus!
minitest
mocha
multi_json
mustache
nokogiri
oj
omniauth
omniauth-browserid!
omniauth-cas
omniauth-facebook
omniauth-github
omniauth-openid
omniauth-twitter
openid-redis-store
pg
protected_attributes
pry-nav
pry-rails
qunit-rails
rack-cache
rack-cors
rack-mini-profiler (= 0.1.27)
rails (= 4.0.0)
rails-observers
rails_multisite!
rake
rb-fsevent
rb-inotify (~> 0.9)
redcarpet
redis
redis-rack-cache!
redis-rails!
rest-client
rinku
rspec-given
rspec-rails
sanitize
sass
sass-rails
seed-fu
shoulda
sidekiq
sidekiq-failures
simple_handlebars_rails!
simplecov
sinatra
slim
terminal-notifier-guard
therubyracer
thin
timecop
turbo-sprockets-rails3
uglifier
unicorn
vestal_versions!

2
lib/avatar_lookup.rb
View File

@ -1,7 +1,7 @@
class AvatarLookup class AvatarLookup
def initialize(user_ids=[]) def initialize(user_ids=[])
@user_ids = user_ids.tap(&:compact!).tap(&:uniq!) @user_ids = user_ids.tap(&:compact!).tap(&:uniq!).tap(&:flatten!)
end end
# Lookup a user by id # Lookup a user by id

193
lib/freedom_patches/rails_security_fixes.rb
View File

@ -1,124 +1,125 @@
module HTML unless Rails.version =~ /^4/
class WhiteListSanitizer module HTML
# Sanitizes a block of css code. Used by #sanitize when it comes across a style attribute class WhiteListSanitizer
def sanitize_css(style) # Sanitizes a block of css code. Used by #sanitize when it comes across a style attribute
# disallow urls def sanitize_css(style)
style = style.to_s.gsub(/url\s*\(\s*[^\s)]+?\s*\)\s*/, ' ') # disallow urls
style = style.to_s.gsub(/url\s*\(\s*[^\s)]+?\s*\)\s*/, ' ')
# gauntlet # gauntlet
if style !~ /\A([:,;#%.\sa-zA-Z0-9!]|\w-\w|\'[\s\w]+\'|\"[\s\w]+\"|\([\d,\s]+\))*\z/ || if style !~ /\A([:,;#%.\sa-zA-Z0-9!]|\w-\w|\'[\s\w]+\'|\"[\s\w]+\"|\([\d,\s]+\))*\z/ ||
style !~ /\A(\s*[-\w]+\s*:\s*[^:;]*(;|$)\s*)*\z/ style !~ /\A(\s*[-\w]+\s*:\s*[^:;]*(;|$)\s*)*\z/
return '' return ''
end end
clean = [] clean = []
style.scan(/([-\w]+)\s*:\s*([^:;]*)/) do |prop,val| style.scan(/([-\w]+)\s*:\s*([^:;]*)/) do |prop,val|
if allowed_css_properties.include?(prop.downcase) if allowed_css_properties.include?(prop.downcase)
clean << prop + ': ' + val + ';' clean << prop + ': ' + val + ';'
elsif shorthand_css_properties.include?(prop.split('-')[0].downcase) elsif shorthand_css_properties.include?(prop.split('-')[0].downcase)
unless val.split().any? do |keyword| unless val.split().any? do |keyword|
!allowed_css_keywords.include?(keyword) && !allowed_css_keywords.include?(keyword) &&
keyword !~ /\A(#[0-9a-f]+|rgb\(\d+%?,\d*%?,?\d*%?\)?|\d{0,2}\.?\d{0,2}(cm|em|ex|in|mm|pc|pt|px|%|,|\))?)\z/ keyword !~ /\A(#[0-9a-f]+|rgb\(\d+%?,\d*%?,?\d*%?\)?|\d{0,2}\.?\d{0,2}(cm|em|ex|in|mm|pc|pt|px|%|,|\))?)\z/
end end
clean << prop + ': ' + val + ';' clean << prop + ': ' + val + ';'
end
end end
end end
clean.join(' ')
end end
clean.join(' ')
end end
end end
end
module HTML module HTML
class WhiteListSanitizer class WhiteListSanitizer
self.protocol_separator = /:|(&#0*58)|(&#x70)|(&#x0*3a)|(%|&#37;)3A/i self.protocol_separator = /:|(&#0*58)|(&#x70)|(&#x0*3a)|(%|&#37;)3A/i
def contains_bad_protocols?(attr_name, value) def contains_bad_protocols?(attr_name, value)
uri_attributes.include?(attr_name) && uri_attributes.include?(attr_name) &&
(value =~ /(^[^\/:]*):|(&#0*58)|(&#x70)|(&#x0*3a)|(%|&#37;)3A/i && !allowed_protocols.include?(value.split(protocol_separator).first.downcase.strip)) (value =~ /(^[^\/:]*):|(&#0*58)|(&#x70)|(&#x0*3a)|(%|&#37;)3A/i && !allowed_protocols.include?(value.split(protocol_separator).first.downcase.strip))
end
end end
end end
end
module ActiveRecord module ActiveRecord
class Relation class Relation
def where_values_hash def where_values_hash
equalities = with_default_scope.where_values.grep(Arel::Nodes::Equality).find_all { |node| equalities = with_default_scope.where_values.grep(Arel::Nodes::Equality).find_all { |node|
node.left.relation.name == table_name node.left.relation.name == table_name
} }
Hash[equalities.map { |where| [where.left.name, where.right] }].with_indifferent_access
end
Hash[equalities.map { |where| [where.left.name, where.right] }].with_indifferent_access
end end
end end
end
module ActiveRecord module ActiveRecord
class PredicateBuilder # :nodoc: class PredicateBuilder # :nodoc:
def self.build_from_hash(engine, attributes, default_table, allow_table_name = true) def self.build_from_hash(engine, attributes, default_table, allow_table_name = true)
predicates = attributes.map do |column, value| predicates = attributes.map do |column, value|
table = default_table table = default_table
if allow_table_name && value.is_a?(Hash) if allow_table_name && value.is_a?(Hash)
table = Arel::Table.new(column, engine) table = Arel::Table.new(column, engine)
if value.empty? if value.empty?
'1 = 2' '1 = 2'
else
build_from_hash(engine, value, table, false)
end
else
column = column.to_s
if allow_table_name && column.include?('.')
table_name, column = column.split('.', 2)
table = Arel::Table.new(table_name, engine)
end
attribute = table[column]
case value
when ActiveRecord::Relation
value = value.select(value.klass.arel_table[value.klass.primary_key]) if value.select_values.empty?
attribute.in(value.arel.ast)
when Array, ActiveRecord::Associations::CollectionProxy
values = value.to_a.map {|x| x.is_a?(ActiveRecord::Base) ? x.id : x}
ranges, values = values.partition {|v| v.is_a?(Range) || v.is_a?(Arel::Relation)}
array_predicates = ranges.map {|range| attribute.in(range)}
if values.include?(nil)
values = values.compact
if values.empty?
array_predicates << attribute.eq(nil)
else
array_predicates << attribute.in(values.compact).or(attribute.eq(nil))
end
else else
array_predicates << attribute.in(values) build_from_hash(engine, value, table, false)
end
else
column = column.to_s
if allow_table_name && column.include?('.')
table_name, column = column.split('.', 2)
table = Arel::Table.new(table_name, engine)
end end
array_predicates.inject {|composite, predicate| composite.or(predicate)} attribute = table[column]
when Range, Arel::Relation
attribute.in(value) case value
when ActiveRecord::Base when ActiveRecord::Relation
attribute.eq(value.id) value = value.select(value.klass.arel_table[value.klass.primary_key]) if value.select_values.empty?
when Class attribute.in(value.arel.ast)
# FIXME: I think we need to deprecate this behavior when Array, ActiveRecord::Associations::CollectionProxy
attribute.eq(value.name) values = value.to_a.map {|x| x.is_a?(ActiveRecord::Base) ? x.id : x}
when Integer, ActiveSupport::Duration ranges, values = values.partition {|v| v.is_a?(Range) || v.is_a?(Arel::Relation)}
# Arel treats integers as literals, but they should be quoted when compared with strings
column = engine.connection.schema_cache.columns_hash[table.name][attribute.name.to_s] array_predicates = ranges.map {|range| attribute.in(range)}
attribute.eq(Arel::Nodes::SqlLiteral.new(engine.connection.quote(value, column)))
else if values.include?(nil)
attribute.eq(value) values = values.compact
if values.empty?
array_predicates << attribute.eq(nil)
else
array_predicates << attribute.in(values.compact).or(attribute.eq(nil))
end
else
array_predicates << attribute.in(values)
end
array_predicates.inject {|composite, predicate| composite.or(predicate)}
when Range, Arel::Relation
attribute.in(value)
when ActiveRecord::Base
attribute.eq(value.id)
when Class
# FIXME: I think we need to deprecate this behavior
attribute.eq(value.name)
when Integer, ActiveSupport::Duration
# Arel treats integers as literals, but they should be quoted when compared with strings
column = engine.connection.schema_cache.columns_hash[table.name][attribute.name.to_s]
attribute.eq(Arel::Nodes::SqlLiteral.new(engine.connection.quote(value, column)))
else
attribute.eq(value)
end
end end
end end
end
predicates.flatten predicates.flatten
end
end end
end end
end end

6
vendor/gems/simple_handlebars_rails/simple_handlebars_rails.gemspec vendored
View File

@ -10,9 +10,9 @@ Gem::Specification.new do |s|
s.summary = %q{Basic Mustache Support for Rails} s.summary = %q{Basic Mustache Support for Rails}
s.description = %q{Adds the Mustache plugin and a corresponding Sprockets engine to the asset pipeline in Rails applications.} s.description = %q{Adds the Mustache plugin and a corresponding Sprockets engine to the asset pipeline in Rails applications.}
s.add_development_dependency "rails", ["~> 3.1"] s.add_development_dependency "rails", ["> 3.1"]
s.add_dependency 'rails', ['~> 3.1'] s.add_dependency 'rails', ['> 3.1']
s.files = Dir["lib/**/*"] s.files = Dir["lib/**/*"]
s.require_paths = ["lib"] s.require_paths = ["lib"]
end end