1
0
Fork 0
forked from fedi/mastodon

Security update

This commit is contained in:
Eugen Rochko 2016-03-21 10:08:19 +01:00
parent 2ba6537f52
commit 19a259915e
4 changed files with 45 additions and 43 deletions

View file

@ -1,6 +1,6 @@
source 'https://rubygems.org' source 'https://rubygems.org'
gem 'rails', '4.2.5.1' gem 'rails', '4.2.5.2'
gem 'sass-rails', '~> 5.0' gem 'sass-rails', '~> 5.0'
gem 'uglifier', '>= 1.3.0' gem 'uglifier', '>= 1.3.0'
gem 'coffee-rails', '~> 4.1.0' gem 'coffee-rails', '~> 4.1.0'

View file

@ -1,36 +1,36 @@
GEM GEM
remote: https://rubygems.org/ remote: https://rubygems.org/
specs: specs:
actionmailer (4.2.5.1) actionmailer (4.2.5.2)
actionpack (= 4.2.5.1) actionpack (= 4.2.5.2)
actionview (= 4.2.5.1) actionview (= 4.2.5.2)
activejob (= 4.2.5.1) activejob (= 4.2.5.2)
mail (~> 2.5, >= 2.5.4) mail (~> 2.5, >= 2.5.4)
rails-dom-testing (~> 1.0, >= 1.0.5) rails-dom-testing (~> 1.0, >= 1.0.5)
actionpack (4.2.5.1) actionpack (4.2.5.2)
actionview (= 4.2.5.1) actionview (= 4.2.5.2)
activesupport (= 4.2.5.1) activesupport (= 4.2.5.2)
rack (~> 1.6) rack (~> 1.6)
rack-test (~> 0.6.2) rack-test (~> 0.6.2)
rails-dom-testing (~> 1.0, >= 1.0.5) rails-dom-testing (~> 1.0, >= 1.0.5)
rails-html-sanitizer (~> 1.0, >= 1.0.2) rails-html-sanitizer (~> 1.0, >= 1.0.2)
actionview (4.2.5.1) actionview (4.2.5.2)
activesupport (= 4.2.5.1) activesupport (= 4.2.5.2)
builder (~> 3.1) builder (~> 3.1)
erubis (~> 2.7.0) erubis (~> 2.7.0)
rails-dom-testing (~> 1.0, >= 1.0.5) rails-dom-testing (~> 1.0, >= 1.0.5)
rails-html-sanitizer (~> 1.0, >= 1.0.2) rails-html-sanitizer (~> 1.0, >= 1.0.2)
activejob (4.2.5.1) activejob (4.2.5.2)
activesupport (= 4.2.5.1) activesupport (= 4.2.5.2)
globalid (>= 0.3.0) globalid (>= 0.3.0)
activemodel (4.2.5.1) activemodel (4.2.5.2)
activesupport (= 4.2.5.1) activesupport (= 4.2.5.2)
builder (~> 3.1) builder (~> 3.1)
activerecord (4.2.5.1) activerecord (4.2.5.2)
activemodel (= 4.2.5.1) activemodel (= 4.2.5.2)
activesupport (= 4.2.5.1) activesupport (= 4.2.5.2)
arel (~> 6.0) arel (~> 6.0)
activesupport (4.2.5.1) activesupport (4.2.5.2)
i18n (~> 0.7) i18n (~> 0.7)
json (~> 1.7, >= 1.7.7) json (~> 1.7, >= 1.7.7)
minitest (~> 5.1) minitest (~> 5.1)
@ -72,7 +72,7 @@ GEM
warden (~> 1.2.3) warden (~> 1.2.3)
diff-lcs (1.2.5) diff-lcs (1.2.5)
docile (1.1.5) docile (1.1.5)
domain_name (0.5.20160309) domain_name (0.5.20160310)
unf (>= 0.0.5, < 1.0.0) unf (>= 0.0.5, < 1.0.0)
doorkeeper (3.1.0) doorkeeper (3.1.0)
railties (>= 3.2) railties (>= 3.2)
@ -82,7 +82,7 @@ GEM
railties (>= 4.0, < 5.1) railties (>= 4.0, < 5.1)
erubis (2.7.0) erubis (2.7.0)
execjs (2.6.0) execjs (2.6.0)
fabrication (2.14.1) fabrication (2.15.0)
fast_blank (1.0.0) fast_blank (1.0.0)
font-awesome-rails (4.5.0.1) font-awesome-rails (4.5.0.1)
railties (>= 3.2, < 5.1) railties (>= 3.2, < 5.1)
@ -111,7 +111,7 @@ GEM
nokogiri (~> 1.6.0) nokogiri (~> 1.6.0)
ruby_parser (~> 3.5) ruby_parser (~> 3.5)
htmlentities (4.3.4) htmlentities (4.3.4)
http (1.0.2) http (1.0.4)
addressable (~> 2.3) addressable (~> 2.3)
http-cookie (~> 1.0) http-cookie (~> 1.0)
http-form_data (~> 1.0.1) http-form_data (~> 1.0.1)
@ -160,7 +160,7 @@ GEM
addressable (~> 2.4) addressable (~> 2.4)
http (~> 1.0) http (~> 1.0)
nokogiri (~> 1.6) nokogiri (~> 1.6)
paperclip (4.3.5) paperclip (4.3.6)
activemodel (>= 3.2.0) activemodel (>= 3.2.0)
activesupport (>= 3.2.0) activesupport (>= 3.2.0)
cocaine (~> 0.5.5) cocaine (~> 0.5.5)
@ -178,7 +178,7 @@ GEM
slop (~> 3.4) slop (~> 3.4)
pry-rails (0.3.4) pry-rails (0.3.4)
pry (>= 0.9.10) pry (>= 0.9.10)
puma (3.1.0) puma (3.2.0)
quiet_assets (1.1.0) quiet_assets (1.1.0)
railties (>= 3.1, < 5.0) railties (>= 3.1, < 5.0)
rabl (0.12.0) rabl (0.12.0)
@ -190,16 +190,16 @@ GEM
rack (>= 1.2.0) rack (>= 1.2.0)
rack-test (0.6.3) rack-test (0.6.3)
rack (>= 1.0) rack (>= 1.0)
rails (4.2.5.1) rails (4.2.5.2)
actionmailer (= 4.2.5.1) actionmailer (= 4.2.5.2)
actionpack (= 4.2.5.1) actionpack (= 4.2.5.2)
actionview (= 4.2.5.1) actionview (= 4.2.5.2)
activejob (= 4.2.5.1) activejob (= 4.2.5.2)
activemodel (= 4.2.5.1) activemodel (= 4.2.5.2)
activerecord (= 4.2.5.1) activerecord (= 4.2.5.2)
activesupport (= 4.2.5.1) activesupport (= 4.2.5.2)
bundler (>= 1.3.0, < 2.0) bundler (>= 1.3.0, < 2.0)
railties (= 4.2.5.1) railties (= 4.2.5.2)
sprockets-rails sprockets-rails
rails-deprecated_sanitizer (1.0.3) rails-deprecated_sanitizer (1.0.3)
activesupport (>= 4.2.0.alpha) activesupport (>= 4.2.0.alpha)
@ -216,13 +216,13 @@ GEM
rails (> 3.1) rails (> 3.1)
rails_serve_static_assets (0.0.5) rails_serve_static_assets (0.0.5)
rails_stdout_logging (0.0.4) rails_stdout_logging (0.0.4)
railties (4.2.5.1) railties (4.2.5.2)
actionpack (= 4.2.5.1) actionpack (= 4.2.5.2)
activesupport (= 4.2.5.1) activesupport (= 4.2.5.2)
rake (>= 0.8.7) rake (>= 0.8.7)
thor (>= 0.18.1, < 2.0) thor (>= 0.18.1, < 2.0)
rainbow (2.1.0) rainbow (2.1.0)
rake (11.1.0) rake (11.1.1)
rdoc (4.2.2) rdoc (4.2.2)
json (~> 1.4) json (~> 1.4)
redis (3.2.2) redis (3.2.2)
@ -351,7 +351,7 @@ DEPENDENCIES
rabl rabl
rack-attack rack-attack
rack-mini-profiler rack-mini-profiler
rails (= 4.2.5.1) rails (= 4.2.5.2)
rails_12factor rails_12factor
rails_autolink rails_autolink
redis (~> 3.2) redis (~> 3.2)

View file

@ -5,10 +5,8 @@ class AccountsController < ApplicationController
before_action :set_webfinger_header before_action :set_webfinger_header
def show def show
@statuses = @account.statuses.order('id desc').with_includes.with_counters
respond_to do |format| respond_to do |format|
format.html { @statuses = @statuses.paginate(page: params[:page], per_page: 10)} format.html { @statuses = @account.statuses.order('id desc').with_includes.with_counters.paginate(page: params[:page], per_page: 10)}
format.atom format.atom
end end
end end

View file

@ -126,9 +126,9 @@ module AtomBuilderHelper
end end
def link_avatar(xml, account) def link_avatar(xml, account)
xml.link('rel' => 'avatar', 'type' => account.avatar_content_type, 'media:width' => '300', 'media:height' =>'300', 'href' => asset_url(account.avatar.url(:large, false))) single_link_avatar(xml, account, :large, 300)
xml.link('rel' => 'avatar', 'type' => account.avatar_content_type, 'media:width' => '96', 'media:height' =>'96', 'href' => asset_url(account.avatar.url(:medium, false))) single_link_avatar(xml, account, :medium, 96)
xml.link('rel' => 'avatar', 'type' => account.avatar_content_type, 'media:width' => '48', 'media:height' =>'48', 'href' => asset_url(account.avatar.url(:small, false))) single_link_avatar(xml, account, :small, 48)
end end
def logo(xml, url) def logo(xml, url)
@ -207,4 +207,8 @@ module AtomBuilderHelper
def root_tag(xml, tag, &block) def root_tag(xml, tag, &block)
xml.send(tag, { :xmlns => 'http://www.w3.org/2005/Atom', 'xmlns:thr' => 'http://purl.org/syndication/thread/1.0', 'xmlns:activity' => 'http://activitystrea.ms/spec/1.0/', 'xmlns:poco' => 'http://portablecontacts.net/spec/1.0', 'xmlns:media' => 'http://purl.org/syndication/atommedia' }, &block) xml.send(tag, { :xmlns => 'http://www.w3.org/2005/Atom', 'xmlns:thr' => 'http://purl.org/syndication/thread/1.0', 'xmlns:activity' => 'http://activitystrea.ms/spec/1.0/', 'xmlns:poco' => 'http://portablecontacts.net/spec/1.0', 'xmlns:media' => 'http://purl.org/syndication/atommedia' }, &block)
end end
def single_link_avatar(xml, account, size, px)
xml.link('rel' => 'avatar', 'type' => account.avatar_content_type, 'media:width' => px, 'media:height' =>px, 'href' => asset_url(account.avatar.url(size, false)))
end
end end