forked from fedi/mastodon
Security update
This commit is contained in:
parent
2ba6537f52
commit
19a259915e
2
Gemfile
2
Gemfile
|
@ -1,6 +1,6 @@
|
||||||
source 'https://rubygems.org'
|
source 'https://rubygems.org'
|
||||||
|
|
||||||
gem 'rails', '4.2.5.1'
|
gem 'rails', '4.2.5.2'
|
||||||
gem 'sass-rails', '~> 5.0'
|
gem 'sass-rails', '~> 5.0'
|
||||||
gem 'uglifier', '>= 1.3.0'
|
gem 'uglifier', '>= 1.3.0'
|
||||||
gem 'coffee-rails', '~> 4.1.0'
|
gem 'coffee-rails', '~> 4.1.0'
|
||||||
|
|
72
Gemfile.lock
72
Gemfile.lock
|
@ -1,36 +1,36 @@
|
||||||
GEM
|
GEM
|
||||||
remote: https://rubygems.org/
|
remote: https://rubygems.org/
|
||||||
specs:
|
specs:
|
||||||
actionmailer (4.2.5.1)
|
actionmailer (4.2.5.2)
|
||||||
actionpack (= 4.2.5.1)
|
actionpack (= 4.2.5.2)
|
||||||
actionview (= 4.2.5.1)
|
actionview (= 4.2.5.2)
|
||||||
activejob (= 4.2.5.1)
|
activejob (= 4.2.5.2)
|
||||||
mail (~> 2.5, >= 2.5.4)
|
mail (~> 2.5, >= 2.5.4)
|
||||||
rails-dom-testing (~> 1.0, >= 1.0.5)
|
rails-dom-testing (~> 1.0, >= 1.0.5)
|
||||||
actionpack (4.2.5.1)
|
actionpack (4.2.5.2)
|
||||||
actionview (= 4.2.5.1)
|
actionview (= 4.2.5.2)
|
||||||
activesupport (= 4.2.5.1)
|
activesupport (= 4.2.5.2)
|
||||||
rack (~> 1.6)
|
rack (~> 1.6)
|
||||||
rack-test (~> 0.6.2)
|
rack-test (~> 0.6.2)
|
||||||
rails-dom-testing (~> 1.0, >= 1.0.5)
|
rails-dom-testing (~> 1.0, >= 1.0.5)
|
||||||
rails-html-sanitizer (~> 1.0, >= 1.0.2)
|
rails-html-sanitizer (~> 1.0, >= 1.0.2)
|
||||||
actionview (4.2.5.1)
|
actionview (4.2.5.2)
|
||||||
activesupport (= 4.2.5.1)
|
activesupport (= 4.2.5.2)
|
||||||
builder (~> 3.1)
|
builder (~> 3.1)
|
||||||
erubis (~> 2.7.0)
|
erubis (~> 2.7.0)
|
||||||
rails-dom-testing (~> 1.0, >= 1.0.5)
|
rails-dom-testing (~> 1.0, >= 1.0.5)
|
||||||
rails-html-sanitizer (~> 1.0, >= 1.0.2)
|
rails-html-sanitizer (~> 1.0, >= 1.0.2)
|
||||||
activejob (4.2.5.1)
|
activejob (4.2.5.2)
|
||||||
activesupport (= 4.2.5.1)
|
activesupport (= 4.2.5.2)
|
||||||
globalid (>= 0.3.0)
|
globalid (>= 0.3.0)
|
||||||
activemodel (4.2.5.1)
|
activemodel (4.2.5.2)
|
||||||
activesupport (= 4.2.5.1)
|
activesupport (= 4.2.5.2)
|
||||||
builder (~> 3.1)
|
builder (~> 3.1)
|
||||||
activerecord (4.2.5.1)
|
activerecord (4.2.5.2)
|
||||||
activemodel (= 4.2.5.1)
|
activemodel (= 4.2.5.2)
|
||||||
activesupport (= 4.2.5.1)
|
activesupport (= 4.2.5.2)
|
||||||
arel (~> 6.0)
|
arel (~> 6.0)
|
||||||
activesupport (4.2.5.1)
|
activesupport (4.2.5.2)
|
||||||
i18n (~> 0.7)
|
i18n (~> 0.7)
|
||||||
json (~> 1.7, >= 1.7.7)
|
json (~> 1.7, >= 1.7.7)
|
||||||
minitest (~> 5.1)
|
minitest (~> 5.1)
|
||||||
|
@ -72,7 +72,7 @@ GEM
|
||||||
warden (~> 1.2.3)
|
warden (~> 1.2.3)
|
||||||
diff-lcs (1.2.5)
|
diff-lcs (1.2.5)
|
||||||
docile (1.1.5)
|
docile (1.1.5)
|
||||||
domain_name (0.5.20160309)
|
domain_name (0.5.20160310)
|
||||||
unf (>= 0.0.5, < 1.0.0)
|
unf (>= 0.0.5, < 1.0.0)
|
||||||
doorkeeper (3.1.0)
|
doorkeeper (3.1.0)
|
||||||
railties (>= 3.2)
|
railties (>= 3.2)
|
||||||
|
@ -82,7 +82,7 @@ GEM
|
||||||
railties (>= 4.0, < 5.1)
|
railties (>= 4.0, < 5.1)
|
||||||
erubis (2.7.0)
|
erubis (2.7.0)
|
||||||
execjs (2.6.0)
|
execjs (2.6.0)
|
||||||
fabrication (2.14.1)
|
fabrication (2.15.0)
|
||||||
fast_blank (1.0.0)
|
fast_blank (1.0.0)
|
||||||
font-awesome-rails (4.5.0.1)
|
font-awesome-rails (4.5.0.1)
|
||||||
railties (>= 3.2, < 5.1)
|
railties (>= 3.2, < 5.1)
|
||||||
|
@ -111,7 +111,7 @@ GEM
|
||||||
nokogiri (~> 1.6.0)
|
nokogiri (~> 1.6.0)
|
||||||
ruby_parser (~> 3.5)
|
ruby_parser (~> 3.5)
|
||||||
htmlentities (4.3.4)
|
htmlentities (4.3.4)
|
||||||
http (1.0.2)
|
http (1.0.4)
|
||||||
addressable (~> 2.3)
|
addressable (~> 2.3)
|
||||||
http-cookie (~> 1.0)
|
http-cookie (~> 1.0)
|
||||||
http-form_data (~> 1.0.1)
|
http-form_data (~> 1.0.1)
|
||||||
|
@ -160,7 +160,7 @@ GEM
|
||||||
addressable (~> 2.4)
|
addressable (~> 2.4)
|
||||||
http (~> 1.0)
|
http (~> 1.0)
|
||||||
nokogiri (~> 1.6)
|
nokogiri (~> 1.6)
|
||||||
paperclip (4.3.5)
|
paperclip (4.3.6)
|
||||||
activemodel (>= 3.2.0)
|
activemodel (>= 3.2.0)
|
||||||
activesupport (>= 3.2.0)
|
activesupport (>= 3.2.0)
|
||||||
cocaine (~> 0.5.5)
|
cocaine (~> 0.5.5)
|
||||||
|
@ -178,7 +178,7 @@ GEM
|
||||||
slop (~> 3.4)
|
slop (~> 3.4)
|
||||||
pry-rails (0.3.4)
|
pry-rails (0.3.4)
|
||||||
pry (>= 0.9.10)
|
pry (>= 0.9.10)
|
||||||
puma (3.1.0)
|
puma (3.2.0)
|
||||||
quiet_assets (1.1.0)
|
quiet_assets (1.1.0)
|
||||||
railties (>= 3.1, < 5.0)
|
railties (>= 3.1, < 5.0)
|
||||||
rabl (0.12.0)
|
rabl (0.12.0)
|
||||||
|
@ -190,16 +190,16 @@ GEM
|
||||||
rack (>= 1.2.0)
|
rack (>= 1.2.0)
|
||||||
rack-test (0.6.3)
|
rack-test (0.6.3)
|
||||||
rack (>= 1.0)
|
rack (>= 1.0)
|
||||||
rails (4.2.5.1)
|
rails (4.2.5.2)
|
||||||
actionmailer (= 4.2.5.1)
|
actionmailer (= 4.2.5.2)
|
||||||
actionpack (= 4.2.5.1)
|
actionpack (= 4.2.5.2)
|
||||||
actionview (= 4.2.5.1)
|
actionview (= 4.2.5.2)
|
||||||
activejob (= 4.2.5.1)
|
activejob (= 4.2.5.2)
|
||||||
activemodel (= 4.2.5.1)
|
activemodel (= 4.2.5.2)
|
||||||
activerecord (= 4.2.5.1)
|
activerecord (= 4.2.5.2)
|
||||||
activesupport (= 4.2.5.1)
|
activesupport (= 4.2.5.2)
|
||||||
bundler (>= 1.3.0, < 2.0)
|
bundler (>= 1.3.0, < 2.0)
|
||||||
railties (= 4.2.5.1)
|
railties (= 4.2.5.2)
|
||||||
sprockets-rails
|
sprockets-rails
|
||||||
rails-deprecated_sanitizer (1.0.3)
|
rails-deprecated_sanitizer (1.0.3)
|
||||||
activesupport (>= 4.2.0.alpha)
|
activesupport (>= 4.2.0.alpha)
|
||||||
|
@ -216,13 +216,13 @@ GEM
|
||||||
rails (> 3.1)
|
rails (> 3.1)
|
||||||
rails_serve_static_assets (0.0.5)
|
rails_serve_static_assets (0.0.5)
|
||||||
rails_stdout_logging (0.0.4)
|
rails_stdout_logging (0.0.4)
|
||||||
railties (4.2.5.1)
|
railties (4.2.5.2)
|
||||||
actionpack (= 4.2.5.1)
|
actionpack (= 4.2.5.2)
|
||||||
activesupport (= 4.2.5.1)
|
activesupport (= 4.2.5.2)
|
||||||
rake (>= 0.8.7)
|
rake (>= 0.8.7)
|
||||||
thor (>= 0.18.1, < 2.0)
|
thor (>= 0.18.1, < 2.0)
|
||||||
rainbow (2.1.0)
|
rainbow (2.1.0)
|
||||||
rake (11.1.0)
|
rake (11.1.1)
|
||||||
rdoc (4.2.2)
|
rdoc (4.2.2)
|
||||||
json (~> 1.4)
|
json (~> 1.4)
|
||||||
redis (3.2.2)
|
redis (3.2.2)
|
||||||
|
@ -351,7 +351,7 @@ DEPENDENCIES
|
||||||
rabl
|
rabl
|
||||||
rack-attack
|
rack-attack
|
||||||
rack-mini-profiler
|
rack-mini-profiler
|
||||||
rails (= 4.2.5.1)
|
rails (= 4.2.5.2)
|
||||||
rails_12factor
|
rails_12factor
|
||||||
rails_autolink
|
rails_autolink
|
||||||
redis (~> 3.2)
|
redis (~> 3.2)
|
||||||
|
|
|
@ -5,10 +5,8 @@ class AccountsController < ApplicationController
|
||||||
before_action :set_webfinger_header
|
before_action :set_webfinger_header
|
||||||
|
|
||||||
def show
|
def show
|
||||||
@statuses = @account.statuses.order('id desc').with_includes.with_counters
|
|
||||||
|
|
||||||
respond_to do |format|
|
respond_to do |format|
|
||||||
format.html { @statuses = @statuses.paginate(page: params[:page], per_page: 10)}
|
format.html { @statuses = @account.statuses.order('id desc').with_includes.with_counters.paginate(page: params[:page], per_page: 10)}
|
||||||
format.atom
|
format.atom
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -126,9 +126,9 @@ module AtomBuilderHelper
|
||||||
end
|
end
|
||||||
|
|
||||||
def link_avatar(xml, account)
|
def link_avatar(xml, account)
|
||||||
xml.link('rel' => 'avatar', 'type' => account.avatar_content_type, 'media:width' => '300', 'media:height' =>'300', 'href' => asset_url(account.avatar.url(:large, false)))
|
single_link_avatar(xml, account, :large, 300)
|
||||||
xml.link('rel' => 'avatar', 'type' => account.avatar_content_type, 'media:width' => '96', 'media:height' =>'96', 'href' => asset_url(account.avatar.url(:medium, false)))
|
single_link_avatar(xml, account, :medium, 96)
|
||||||
xml.link('rel' => 'avatar', 'type' => account.avatar_content_type, 'media:width' => '48', 'media:height' =>'48', 'href' => asset_url(account.avatar.url(:small, false)))
|
single_link_avatar(xml, account, :small, 48)
|
||||||
end
|
end
|
||||||
|
|
||||||
def logo(xml, url)
|
def logo(xml, url)
|
||||||
|
@ -207,4 +207,8 @@ module AtomBuilderHelper
|
||||||
def root_tag(xml, tag, &block)
|
def root_tag(xml, tag, &block)
|
||||||
xml.send(tag, { :xmlns => 'http://www.w3.org/2005/Atom', 'xmlns:thr' => 'http://purl.org/syndication/thread/1.0', 'xmlns:activity' => 'http://activitystrea.ms/spec/1.0/', 'xmlns:poco' => 'http://portablecontacts.net/spec/1.0', 'xmlns:media' => 'http://purl.org/syndication/atommedia' }, &block)
|
xml.send(tag, { :xmlns => 'http://www.w3.org/2005/Atom', 'xmlns:thr' => 'http://purl.org/syndication/thread/1.0', 'xmlns:activity' => 'http://activitystrea.ms/spec/1.0/', 'xmlns:poco' => 'http://portablecontacts.net/spec/1.0', 'xmlns:media' => 'http://purl.org/syndication/atommedia' }, &block)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def single_link_avatar(xml, account, size, px)
|
||||||
|
xml.link('rel' => 'avatar', 'type' => account.avatar_content_type, 'media:width' => px, 'media:height' =>px, 'href' => asset_url(account.avatar.url(size, false)))
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in a new issue