Permalink
Commits on Apr 26, 2012
  1. Sprockets 2.0.4

    josh committed Apr 26, 2012
  2. Check for directory traversal after unescaping

    jfirebaugh committed with josh Feb 9, 2012
    The `forbidden_request?` check could be trivially bypassed
    by percent encoding .. as %2e%2e.
    
    After auditing Sprockets and Hike and fuzzing a simple
    server, I don't believe this is exploitable. However,
    better safe than sorry/defense in depth/etc.
    
    Conflicts:
    
            lib/sprockets/server.rb
Commits on Oct 17, 2011
  1. Sprockets 2.0.3

    josh committed Oct 17, 2011
  2. Detect format extension from right to left

    josh committed Oct 17, 2011
    Fixes #226
Commits on Oct 11, 2011
  1. Make JST namespace configurable

    josh committed Oct 11, 2011
Commits on Oct 5, 2011
  1. Merge pull request #217 from lmarburger/patch-1

    josh committed Oct 5, 2011
    Fix typo
Commits on Oct 4, 2011
  1. Fix typo

    lmarburger committed Oct 4, 2011
  2. Sprockets 2.0.2

    josh committed Oct 4, 2011
  3. 🍺

    trevorturk committed with josh Oct 4, 2011
  4. Fix silly test counts

    josh committed Oct 4, 2011
Commits on Sep 30, 2011
  1. Sprockets 2.0.1

    josh committed Sep 30, 2011
  2. Only loaded once

    josh committed Sep 30, 2011
  3. Revert "Evaluate Context in an Index"

    josh committed Sep 30, 2011
    This reverts commit ec3ec28.
Commits on Sep 20, 2011
  1. Merge pull request #201 from stevenh512/documentation

    josh committed Sep 20, 2011
    Fixed a documentation typo
  2. Fixed a documentation typo

    stevenh512 committed Sep 20, 2011
Commits on Sep 19, 2011
  1. Merge pull request #197 from colszowka/patch-1

    sstephenson committed Sep 19, 2011
    Extended config.ru example instructions.
Commits on Sep 15, 2011
  1. Extended config.ru example instructions.

    colszowka committed Sep 15, 2011
    When adding sprockets to a Sinatra app, I kept getting weird Rack exceptions until I finally figured out that you have to map your app to '/' instead of directly doing a plain `run`. To avoid other people bumping into this as well, I added this to the Rack example.
Commits on Sep 14, 2011
  1. Update logical path check error

    josh committed Sep 14, 2011
  2. Test requiring missing absolute paths

    josh committed Sep 14, 2011
    Fixes #196
  3. each_entry iterator

    josh committed Sep 14, 2011
  4. Test traversing symlinked directories

    josh committed Sep 14, 2011
    Fixes #189
  5. Merge pull request #193 from sstephenson/path-encoding

    josh committed Sep 14, 2011
    Unescape URIs
  6. Proper casing

    josh committed Sep 14, 2011
Commits on Sep 12, 2011
Commits on Sep 9, 2011
  1. Fix digest injection with multiple dots

    josh committed Sep 9, 2011
    Fixes #188
Commits on Sep 6, 2011
  1. Evaluate Context in an Index

    josh committed Sep 6, 2011
    Ensures environment calls within processors share the same cache.
    Related #184
  2. Remove deprecated methods

    josh committed Sep 6, 2011
    Missed these before I released 2.0
Commits on Aug 29, 2011
  1. Sprockets 2.0.0

    josh committed Aug 29, 2011
  2. Fix typo

    josh committed Aug 29, 2011
  3. Add JST example

    sstephenson committed Aug 29, 2011