Skip to content

Commit

Permalink
Fixed confirm message escaping to prevent breaking html code with apos.
Browse files Browse the repository at this point in the history
  • Loading branch information
@gaspard
gaspard committed Apr 16, 2013
1 parent 62d03bb commit 0181581
Show file tree
Hide file tree
Showing 12 changed files with 75 additions and 59 deletions.
2 changes: 1 addition & 1 deletion bricks/sphinx/zena/tasks.rb
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
# The ThinkingSphinx::Configuration needs RAILS_ROOT and RAILS_ENV in order to function. Only 'setup' needs the
# environment since it needs to get configuration settings from the classes in zena.
require 'tempfile'
require 'yaml'
require 'safe_yaml'
require 'thinking_sphinx'
require 'zlib'

Expand Down
1 change: 1 addition & 0 deletions config/gems.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ simple_xlsx_writer: # spreadsheet

querybuilder: '= 1.2.1'
yamltest: '= 0.7.0'
safe_yaml: '= 0.9.0'
rubyless: '= 0.8.8'
property: '= 2.3.2'
versions: '= 0.3.1'
Expand Down
2 changes: 1 addition & 1 deletion lib/bricks/requirements_validation.rb
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
require 'yaml'
require 'safe_yaml'

module Bricks
module RequirementsValidation
Expand Down
2 changes: 1 addition & 1 deletion lib/log_recorder/lib/log_recorder.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
# on debian install ?????
require 'rubygems'
require 'mysql' # to have Mysql class
require 'yaml'
require 'safe_yaml'
require 'date'

# Use this custom format (we do not record the logname or user):
Expand Down
2 changes: 1 addition & 1 deletion lib/tasks/zena.rake
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
require 'yaml'
require 'safe_yaml'
require 'fileutils'

# We need to make sure the RAILS_ENV is set before brick activation or the wrong bricks will
Expand Down
2 changes: 1 addition & 1 deletion lib/zena.rb
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
# FIXME: ========== cleanup and remove ====================
require 'yaml'
require 'safe_yaml'
require 'date'
require 'fileutils'
require 'zena/info'
Expand Down
2 changes: 1 addition & 1 deletion lib/zena/use/relations.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -266,7 +266,7 @@ def relation_links
#if relation.record_count > 5
# # FIXME: show message ?
#end
links = rel.records(:limit => 5, :order => "link_id DESC")
links = rel.records(:limit => 25, :order => "link_id DESC")
res << [rel, links] if links
end
res
Expand Down
4 changes: 2 additions & 2 deletions lib/zena/use/urls.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -416,7 +416,7 @@ def make_link(options = {})
if confirm.literal
markup.set_param(:"data-confirm", confirm.literal)
else
markup.set_dyn_param(:"data-confirm", "<%= #{confirm} %>")
markup.set_dyn_param(:"data-confirm", "<%= fquote(#{confirm}) %>")
end
end

Expand All @@ -429,7 +429,7 @@ def make_link(options = {})
if true
# Use onclick with Ajax.
if confirm
markup.set_dyn_param(:onclick, "if(confirm(\"<%= #{confirm} %>\")) {new Ajax.Request(\"<%= #{href} %>\", {asynchronous:true, evalScripts:true, method:\"#{http_method}\"});} return false;")
markup.set_dyn_param(:onclick, "if(confirm(\"<%= fquote(#{confirm}) %>\")) {new Ajax.Request(\"<%= #{href} %>\", {asynchronous:true, evalScripts:true, method:\"#{http_method}\"});} return false;")
else
markup.set_dyn_param(:onclick, "new Ajax.Request(\"<%= #{href} %>\", {asynchronous:true, evalScripts:true, method:\"#{http_method}\"}); return false;")
end
Expand Down
2 changes: 1 addition & 1 deletion test/integration/zafu_compiler/action.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ login_link_with_blocks_not_logged_in:
context:
visitor: 'anon'
src: "<r:login_link><r:title/><r:else do='title'/></r:login_link>"
res: "<a rel='nofollow' href='/login'>status title</a>"
res: "<a rel='nofollow' href='/login'>status title</a>"

visitor_link_not_logged_in:
context:
Expand Down
12 changes: 12 additions & 0 deletions test/integration/zafu_compiler/urls.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -266,6 +266,18 @@ action_destroy:
src: "<r:link action='destroy'/>"
res: "<a data-confirm='Destroy status title ?' href='/nodes/22' onclick='return Zena.m(this,\"delete\")'>status title</a>"

action_destroy_message_apos:
context:
p: "O'Hear"
src: "<r:link action='destroy' confirm='#{params[:p]}'/>"
res: "<a data-confirm='O&apos;Hear' href='/nodes/22' onclick='return Zena.m(this,\"delete\")'>status title</a>"

action_destroy_message_apos_remote:
context:
p: "O'Hear"
src: "<div id='foo' do='block'></div><r:link action='destroy' confirm='#{params[:p]}' update='foo'/>"
res: "/confirm\(\"O&apos;Hear\"\)/"

action_publish:
src: "<r:link action='publish'/>"
res: "<a href='/nodes/22/versions/0/publish' onclick='return Zena.m(this,\"put\")'>status title</a>"
Expand Down
2 changes: 1 addition & 1 deletion vendor/plugins/selenium-on-rails/lib/selenium_on_rails_config.rb
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
require 'yaml'
require 'safe_yaml'
require 'erb'

class SeleniumOnRailsConfig
Expand Down
101 changes: 52 additions & 49 deletions zena.gemspec
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ Gem::Specification.new do |s|

s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
s.authors = ["Gaspard Bucher"]
s.date = %q{2013-03-23}
s.date = %q{2013-04-16}
s.default_executable = %q{zena}
s.description = %q{zena is a Ruby on Rails CMS (content managment system) with a focus on usability, ease of customization and web 2.0 goodness (application like behaviour).}
s.email = %q{gaspard@teti.ch}
Expand Down Expand Up @@ -2475,83 +2475,86 @@ Gem::Specification.new do |s|

if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
s.add_runtime_dependency(%q<versions>, ["= 0.3.1"])
s.add_runtime_dependency(%q<jeweler>, [">= 0"])
s.add_runtime_dependency(%q<gettext>, ["= 2.1.0"])
s.add_runtime_dependency(%q<querybuilder>, ["= 1.2.1"])
s.add_runtime_dependency(%q<RedCloth>, ["= 3.0.4"])
s.add_runtime_dependency(%q<uuidtools>, ["= 2.0.0"])
s.add_runtime_dependency(%q<open4>, [">= 0"])
s.add_runtime_dependency(%q<gem_plugin>, [">= 0"])
s.add_runtime_dependency(%q<rails>, ["= 2.3.11"])
s.add_runtime_dependency(%q<syntax>, ["= 1.0.0"])
s.add_runtime_dependency(%q<rubyless>, ["= 0.8.8"])
s.add_runtime_dependency(%q<json>, ["= 1.5.1"])
s.add_runtime_dependency(%q<safe_yaml>, ["= 0.9.0"])
s.add_runtime_dependency(%q<tzinfo>, [">= 0"])
s.add_runtime_dependency(%q<httmultiparty>, ["= 0.3.8"])
s.add_runtime_dependency(%q<property>, ["= 2.3.2"])
s.add_runtime_dependency(%q<RedCloth>, ["= 3.0.4"])
s.add_runtime_dependency(%q<gettext>, ["= 2.1.0"])
s.add_runtime_dependency(%q<ruby-recaptcha>, ["= 1.0.3"])
s.add_runtime_dependency(%q<syntax>, ["= 1.0.0"])
s.add_runtime_dependency(%q<fast_gettext>, ["~> 0.4.16"])
s.add_runtime_dependency(%q<will_paginate>, ["~> 2.3.12"])
s.add_runtime_dependency(%q<differ>, ["= 0.1.2"])
s.add_runtime_dependency(%q<rails>, ["= 2.3.11"])
s.add_runtime_dependency(%q<uuidtools>, ["= 2.0.0"])
s.add_runtime_dependency(%q<simple_xlsx_writer>, [">= 0"])
s.add_runtime_dependency(%q<jeweler>, [">= 0"])
s.add_runtime_dependency(%q<hpricot>, [">= 0"])
s.add_runtime_dependency(%q<fast_gettext>, ["~> 0.4.16"])
s.add_runtime_dependency(%q<gem_plugin>, [">= 0"])
s.add_runtime_dependency(%q<simple_xlsx_writer>, [">= 0"])
s.add_runtime_dependency(%q<shoulda>, ["= 2.10.3"])
s.add_runtime_dependency(%q<daemons>, [">= 0"])
s.add_runtime_dependency(%q<rubyless>, ["= 0.8.8"])
s.add_runtime_dependency(%q<tzinfo>, [">= 0"])
s.add_runtime_dependency(%q<authlogic>, ["= 2.1.3"])
s.add_runtime_dependency(%q<ruby-recaptcha>, ["= 1.0.3"])
s.add_runtime_dependency(%q<yamltest>, ["= 0.7.0"])
s.add_runtime_dependency(%q<querybuilder>, ["= 1.2.1"])
s.add_runtime_dependency(%q<will_paginate>, ["~> 2.3.12"])
s.add_runtime_dependency(%q<property>, ["= 2.3.2"])
s.add_runtime_dependency(%q<authlogic>, ["= 2.1.3"])
else
s.add_dependency(%q<versions>, ["= 0.3.1"])
s.add_dependency(%q<jeweler>, [">= 0"])
s.add_dependency(%q<gettext>, ["= 2.1.0"])
s.add_dependency(%q<querybuilder>, ["= 1.2.1"])
s.add_dependency(%q<RedCloth>, ["= 3.0.4"])
s.add_dependency(%q<uuidtools>, ["= 2.0.0"])
s.add_dependency(%q<open4>, [">= 0"])
s.add_dependency(%q<gem_plugin>, [">= 0"])
s.add_dependency(%q<rails>, ["= 2.3.11"])
s.add_dependency(%q<syntax>, ["= 1.0.0"])
s.add_dependency(%q<rubyless>, ["= 0.8.8"])
s.add_dependency(%q<json>, ["= 1.5.1"])
s.add_dependency(%q<safe_yaml>, ["= 0.9.0"])
s.add_dependency(%q<tzinfo>, [">= 0"])
s.add_dependency(%q<httmultiparty>, ["= 0.3.8"])
s.add_dependency(%q<property>, ["= 2.3.2"])
s.add_dependency(%q<RedCloth>, ["= 3.0.4"])
s.add_dependency(%q<gettext>, ["= 2.1.0"])
s.add_dependency(%q<ruby-recaptcha>, ["= 1.0.3"])
s.add_dependency(%q<syntax>, ["= 1.0.0"])
s.add_dependency(%q<fast_gettext>, ["~> 0.4.16"])
s.add_dependency(%q<will_paginate>, ["~> 2.3.12"])
s.add_dependency(%q<differ>, ["= 0.1.2"])
s.add_dependency(%q<rails>, ["= 2.3.11"])
s.add_dependency(%q<uuidtools>, ["= 2.0.0"])
s.add_dependency(%q<simple_xlsx_writer>, [">= 0"])
s.add_dependency(%q<jeweler>, [">= 0"])
s.add_dependency(%q<hpricot>, [">= 0"])
s.add_dependency(%q<fast_gettext>, ["~> 0.4.16"])
s.add_dependency(%q<gem_plugin>, [">= 0"])
s.add_dependency(%q<simple_xlsx_writer>, [">= 0"])
s.add_dependency(%q<shoulda>, ["= 2.10.3"])
s.add_dependency(%q<daemons>, [">= 0"])
s.add_dependency(%q<rubyless>, ["= 0.8.8"])
s.add_dependency(%q<tzinfo>, [">= 0"])
s.add_dependency(%q<authlogic>, ["= 2.1.3"])
s.add_dependency(%q<ruby-recaptcha>, ["= 1.0.3"])
s.add_dependency(%q<yamltest>, ["= 0.7.0"])
s.add_dependency(%q<querybuilder>, ["= 1.2.1"])
s.add_dependency(%q<will_paginate>, ["~> 2.3.12"])
s.add_dependency(%q<property>, ["= 2.3.2"])
s.add_dependency(%q<authlogic>, ["= 2.1.3"])
end
else
s.add_dependency(%q<versions>, ["= 0.3.1"])
s.add_dependency(%q<jeweler>, [">= 0"])
s.add_dependency(%q<gettext>, ["= 2.1.0"])
s.add_dependency(%q<querybuilder>, ["= 1.2.1"])
s.add_dependency(%q<RedCloth>, ["= 3.0.4"])
s.add_dependency(%q<uuidtools>, ["= 2.0.0"])
s.add_dependency(%q<open4>, [">= 0"])
s.add_dependency(%q<gem_plugin>, [">= 0"])
s.add_dependency(%q<rails>, ["= 2.3.11"])
s.add_dependency(%q<syntax>, ["= 1.0.0"])
s.add_dependency(%q<rubyless>, ["= 0.8.8"])
s.add_dependency(%q<json>, ["= 1.5.1"])
s.add_dependency(%q<safe_yaml>, ["= 0.9.0"])
s.add_dependency(%q<tzinfo>, [">= 0"])
s.add_dependency(%q<httmultiparty>, ["= 0.3.8"])
s.add_dependency(%q<property>, ["= 2.3.2"])
s.add_dependency(%q<RedCloth>, ["= 3.0.4"])
s.add_dependency(%q<gettext>, ["= 2.1.0"])
s.add_dependency(%q<ruby-recaptcha>, ["= 1.0.3"])
s.add_dependency(%q<syntax>, ["= 1.0.0"])
s.add_dependency(%q<fast_gettext>, ["~> 0.4.16"])
s.add_dependency(%q<will_paginate>, ["~> 2.3.12"])
s.add_dependency(%q<differ>, ["= 0.1.2"])
s.add_dependency(%q<rails>, ["= 2.3.11"])
s.add_dependency(%q<uuidtools>, ["= 2.0.0"])
s.add_dependency(%q<simple_xlsx_writer>, [">= 0"])
s.add_dependency(%q<jeweler>, [">= 0"])
s.add_dependency(%q<hpricot>, [">= 0"])
s.add_dependency(%q<fast_gettext>, ["~> 0.4.16"])
s.add_dependency(%q<gem_plugin>, [">= 0"])
s.add_dependency(%q<simple_xlsx_writer>, [">= 0"])
s.add_dependency(%q<shoulda>, ["= 2.10.3"])
s.add_dependency(%q<daemons>, [">= 0"])
s.add_dependency(%q<rubyless>, ["= 0.8.8"])
s.add_dependency(%q<tzinfo>, [">= 0"])
s.add_dependency(%q<authlogic>, ["= 2.1.3"])
s.add_dependency(%q<ruby-recaptcha>, ["= 1.0.3"])
s.add_dependency(%q<yamltest>, ["= 0.7.0"])
s.add_dependency(%q<querybuilder>, ["= 1.2.1"])
s.add_dependency(%q<will_paginate>, ["~> 2.3.12"])
s.add_dependency(%q<property>, ["= 2.3.2"])
s.add_dependency(%q<authlogic>, ["= 2.1.3"])
end
end

0 comments on commit 0181581

Please sign in to comment.