Skip to content

Commit

Permalink
Release Instiki 0.30.3
Browse files Browse the repository at this point in the history
This is a Security-Release. Please update
  • Loading branch information
distler committed May 30, 2022
1 parent 90efa50 commit 8214d51
Show file tree
Hide file tree
Showing 6 changed files with 66 additions and 3 deletions.
26 changes: 26 additions & 0 deletions CHANGELOG
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,32 @@ N.B.: You *must* run

after installing the new software, to enjoy the benefits of this new version.

------------------------------------------------------------------------------
* 0.30.3

Security:

* Cleverly-crafted pages could be cached outside the cache
directory (credit to Christian Sattler).

New Features:

* Ruby 3.0 compatibility
* Update for itextomml 1.6.1
* Heroku-related updates
* Requires Rack 2.x (should make Passenger deployments a lot easier). You'll
definitely need to do a `ruby bundle update` for this one.
* You can now [[!include Web name:Some page]], rather than being restricted
to including pages from the same web (which still works, of course [[!include Some page]]).
* Backlinks work in Published webs, and more Views are available (by popular demand).

Bugs Fixed:

* Caching fixes
* Well-formedness of the Search page
* Latest SVG-Edit broke itex plugin
* Browsers have tightened cookie policy

------------------------------------------------------------------------------
* 0.30.2

Expand Down
19 changes: 19 additions & 0 deletions app/controllers/application_controller.rb
Original file line number Diff line number Diff line change
Expand Up @@ -327,3 +327,22 @@ def set_content_type!(controller, extension)
end
end
end

# Monkey patch Rails truncate() method
class String
def truncate(truncate_at, options = {})
return dup unless length > truncate_at

options[:omission] ||= '...'
length_with_room_for_omission = truncate_at - options[:omission].length
stop = if options[:separator]
rindex(options[:separator], length_with_room_for_omission) ||
length_with_room_for_omission
else
length_with_room_for_omission
end

"#{self[0...stop]}#{options[:omission]}"
end
end

4 changes: 2 additions & 2 deletions app/controllers/wiki_controller.rb
Original file line number Diff line number Diff line change
Expand Up @@ -370,7 +370,7 @@ def save
filter_spam(the_content)
cookies['author'] = { :value => author_name.dup.as_bytes, :expires => Time.utc(2030) }
if @page
new_name = params['new_name'] ? params['new_name'].purify.strip : @page_name
new_name = params['new_name'] ? params['new_name'].purify.strip.truncate(242-@web_name.gsub(/\./, '%2E').length) : @page_name
new_name = @page_name if new_name.empty?
prev_content = @page.current_revision.content
raise Instiki::ValidationError.new('A page named "' + new_name.escapeHTML + '" already exists.') if
Expand Down Expand Up @@ -506,7 +506,7 @@ def do_caching?
end

def load_page
@page_name = params['id'] ? params['id'].purify : nil
@page_name = params['id'] ? params['id'].purify.truncate(242-@web_name.gsub(/\./, '%2E').length) : nil
@page = @wiki.read_page(@web_name, @page_name) if @page_name
end

Expand Down
1 change: 1 addition & 0 deletions lib/tasks/upgrade_instiki.rake
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ class InstikiUpgrade
def self.migrate_db
ActiveRecord::Base.establish_connection ENV['RAILS_ENV']
Rake::Task["db:migrate"].invoke
Rake::Task["db:schema:dump"].invoke
end

def self.move_uploaded_files
Expand Down
17 changes: 17 additions & 0 deletions test/functional/wiki_controller_test.rb
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@ class << @request.session
@request.session.dbman = FakeSessionDbMan
@wiki = Wiki.new
@web = webs(:test_wiki)
@web_name = @web.to_s
@home = @page = pages(:home_page)
@oak = pages(:oak)
@liquor = pages(:liquor)
Expand Down Expand Up @@ -892,6 +893,22 @@ def test_save_new_revision_identical_to_last_but_new_name_stripped
assert !@booze.locked?(Time.now), 'booze should be unlocked if an edit was unsuccessful'
end

def test_save_new_revision_identical_to_last_but_overlong_new_name
revisions_before = @liquor.revisions.size
@liquor.lock(Time.now, 'AnAuthor')

process 'save', {'web' => 'wiki1', 'id' => 'liquor',
'content' => @liquor.revisions.last.content.dup, 'new_name' => 'booze'*51,
'author' => 'SomeOtherAuthor'}, {:return_to => '/wiki1/show/booze'}

assert_redirected_to :action => 'show', :controller => 'wiki', :web => 'wiki1', :id => 'booze'*46 + 'booz...'

revisions_after = @liquor.revisions.size
assert_equal revisions_before + 1, revisions_after
@booze = Page.find(@liquor.id)
assert !@booze.locked?(Time.now), 'booze should be unlocked if an edit was unsuccessful'
end

def test_save_blank_author
process 'save', 'web' => 'wiki1', 'id' => 'NewPage', 'content' => 'Contents of a new page',
'author' => ''
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -155,7 +155,7 @@ def initialize(controller, options = {}, infer_extension = true)
path = controller.url_for(options).split('://').last
normalize!(path)
add_extension!(path, @extension)
@path = UriEncoder.unescape(path)
@path = UriEncoder.unescape(path).gsub(/\./, '%2E')
end

private
Expand Down

0 comments on commit 8214d51

Please sign in to comment.