Release 4.1.4

Depend on newest gollum-lib for patched sanitize version
Update README.md
2018-10-01 13:30:14 +02:00 · 2018-10-01 13:30:07 +02:00 · 2018-09-24 19:41:36 +02:00 · 2018-09-24 18:40:08 +02:00 · 2018-09-24 18:34:14 +02:00 · 2018-09-24 18:11:50 +02:00
14 changed files with 80 additions and 20 deletions
@@ -30,3 +30,11 @@ gollum text
 # Denote all files that are truly binary and should not be modified.
 *.png binary
 *.jpg binary
+
+# Make github-linguist ignore files that aren't our own
+
+lib/gollum/public/gollum/* linguist-vendored
+lib/gollum/public/gollum/javascript/gollum* linguist-vendored=false
+lib/gollum/public/gollum/javascript/*/gollum* linguist-vendored=false
+lib/gollum/public/gollum/css linguist-vendored=false
+
@@ -1,11 +1,12 @@
 rvm:
-  - 2.0.0
  - 2.1.0
  - 2.1.1
  - 2.2.2
  - 2.3.0
  - 2.4.0
-  - jruby-19mode
+  - jruby-9.1.8.0
+jdk:
+  - oraclejdk8
 before_install:
 - sudo apt-get update
 - sudo apt-get install libicu-dev
@@ -19,8 +19,17 @@ Before submitting an issue, **please carefully look through the following places
 1. The [README](https://github.com/gollum/gollum/blob/master/README.md).
 1. The project's [wiki](https://github.com/gollum/gollum/wiki).

+Security vulnerabilities can be reported directly to the maintainers using these GPG keys:
+
+* [@dometto](https://pgp.mit.edu/pks/lookup?op=vindex&search=0xD637E455CD3E27BF)
+
 Lastly, please **consider helping out** by opening a Pull Request!

+## Triaging Issues [![Open Source Helpers](https://www.codetriage.com/gollum/gollum/badges/users.svg)](https://www.codetriage.com/gollum/gollum)
+
+You can triage issues which may include reproducing bug reports or asking for vital information, such as version numbers or reproduction instructions. If you would like to start triaging issues, one easy way to get started is to [subscribe to gollum on CodeTriage](https://www.codetriage.com/gollum/gollum).
+
+
 ## Opening a Pull Request

 Pull Requests fixing bugs, implementing new features, or updating documentation and dependencies are all very welcome! If you would like to help out with the project, you can pick an open issue from the issue tracker. We're more than happy to help you get started! Here's how you can proceed:
@@ -1,4 +1,16 @@
-# 4.1.0 /2016-03-09
+# 4.1.4 /2018-01-10
+
+* Depend on new version of gollum-lib that relies on a patched version of sanitize, which solves a vulnerability (CVE-2018-3740). See https://github.com/gollum/gollum-lib/pull/296.
+
+# 4.1.3 /2018-17-09
+
+* Solves a vulnerability in the File view and All Pages view that would allow XSS.
+
+# 4.1.2 /2017-08-07
+
+* Lock to a newer version of gollum-lib to avoid installing an outdated and vulnerable dependency (nokogiri) on ruby 2.0. See https://github.com/gollum/gollum-lib/pull/279. Note: this breaks semantic versioning so those using outdated rubies will discover the problem on update.
+
+# 4.1.0 /2017-03-09

 * Added file deletion functionality to file view
 * Various performance improvements
@@ -0,0 +1,7 @@
+**Note**: we are currently working on version 5.0 of gollum in an attempt to make it, better, faster, and easier to maintain. We will **not** be fixing issues with previous versions of gollum (4.x), except for security issues.
+
+Please submit only issues that are present in the `5.x` branch of this project. When submitting issues with `5.x`, please include the output of `gollum --versions` in your ticket. 
+
+Please read [these guidelines](https://github.com/gollum/gollum/blob/master/CONTRIBUTING.md) before submitting your issue, and for info on reporting vulnerabilities.
+
+Finally: we need your help! Please consider chipping in by submitting a PR rather than just by reporting your issue.
@@ -3,7 +3,7 @@ gollum -- A git-based Wiki

 [![Gem Version](https://badge.fury.io/rb/gollum.svg)](http://badge.fury.io/rb/gollum)
 [![Build Status](https://travis-ci.org/gollum/gollum.svg?branch=master)](https://travis-ci.org/gollum/gollum)
-[![Dependency Status](https://gemnasium.com/gollum/gollum.svg)](https://gemnasium.com/gollum/gollum)
+[![Open Source Helpers](https://www.codetriage.com/gollum/gollum/badges/users.svg)](https://www.codetriage.com/gollum/gollum)

 ## DESCRIPTION

@@ -33,9 +33,9 @@ For more information on Gollum's capabilities and pitfalls:

 | Operating System | Ruby           | Adapters           | Supported |
 | ---------------- | -------------- | ------------------ | --------- |
-| Unix/Linux-like  | Ruby 1.9.3+    | all except [RJGit](https://github.com/repotag/rjgit) | yes |
+| Unix/Linux-like  | Ruby (MRI) 2.1.0+   | all except [RJGit](https://github.com/repotag/rjgit) | yes |
 | Unix/Linux-like  | [JRuby](https://github.com/jruby/jruby) (1.9.3+ compatible) | [RJGit](https://github.com/repotag/rjgit) | yes |
-| Windows          | Ruby 1.9.3+    | all except [RJGit](https://github.com/repotag/rjgit) | no  |
+| Windows          | Ruby (MRI) 2.1.0+  | all except [RJGit](https://github.com/repotag/rjgit) | no  |
 | Windows          | [JRuby](https://github.com/jruby/jruby) (1.9.3+ compatible) | [RJGit](https://github.com/repotag/rjgit) | almost<sup>1</sup> |

 **Notes:**
@@ -5,8 +5,8 @@ Gem::Specification.new do |s|
  s.required_ruby_version = '>= 1.9'

  s.name              = 'gollum'
-  s.version           = '4.1.0'
-  s.date              = '2017-03-09'
+  s.version           = '4.1.4'
+  s.date              = '2018-10-01'
  s.rubyforge_project = 'gollum'
  s.license           = 'MIT'

@@ -24,12 +24,12 @@ Gem::Specification.new do |s|
  s.rdoc_options = ['--charset=UTF-8']
  s.extra_rdoc_files = %w[README.md LICENSE]

-  s.add_dependency 'gollum-lib', '~> 4.0', '>= 4.0.1'
+  s.add_dependency 'gollum-lib', '~> 4.2', '>= 4.2.10'
  s.add_dependency 'kramdown', '~> 1.9.0'
  s.add_dependency 'sinatra', '~> 1.4', '>= 1.4.4'
  s.add_dependency 'mustache', ['>= 0.99.5', '< 1.0.0']
  s.add_dependency 'useragent', '~> 0.16.2'
-  s.add_dependency 'gemojione', '~> 2'
+  s.add_dependency 'gemojione', '~> 3.2'

  s.add_development_dependency 'rack-test', '~> 0.6.2'
  s.add_development_dependency 'shoulda', '~> 3.5.0'
@@ -44,6 +44,7 @@ Gem::Specification.new do |s|
    CONTRIBUTING.md
    Gemfile
    HISTORY.md
+    ISSUE_TEMPLATE.md
    LICENSE
    README.md
    Rakefile
@@ -16,7 +16,7 @@ require File.expand_path('../gollum/uri_encode_component', __FILE__)
 $KCODE = 'U' if RUBY_VERSION[0, 3] == '1.8'

 module Gollum
-  VERSION = '4.1.0'
+  VERSION = '4.1.4'

  def self.assets_path
    ::File.expand_path('gollum/public', ::File.dirname(__FILE__))
@@ -348,7 +348,7 @@ module Precious
        wiki.write_page(name, format, params[:content], commit_message, path)

        page_dir = settings.wiki_options[:page_file_dir].to_s
-        redirect to("/#{clean_url(::File.join(page_dir, path, encodeURIComponent(name)))}")
+        redirect to("/#{clean_url(::File.join(encodeURIComponent(page_dir), encodeURIComponent(path), encodeURIComponent(name)))}")
      rescue Gollum::DuplicatePageError => e
        @message = "Duplicate page: #{e.message}"
        mustache :error
@@ -464,6 +464,7 @@ module Precious
        @name    = name
        @content = page.formatted_data
        @version = version
+        @bar_side = wikip.wiki.bar_side
        mustache :page
      elsif file = wikip.wiki.file("#{file_path}", version, true)
        show_file(file)
@@ -489,11 +490,11 @@ module Precious
    }x do |path|
      @path        = extract_path(path) if path
      wiki_options = settings.wiki_options.merge({ :page_file_dir => @path })
-      wiki         = Gollum::Wiki.new(settings.gollum_path, wiki_options)
-      @results     = wiki.pages
-      @results     += wiki.files if settings.wiki_options[:show_all]
+      @wiki         = Gollum::Wiki.new(settings.gollum_path, wiki_options)
+      @results     = @wiki.pages
+      @results     += @wiki.files if settings.wiki_options[:show_all]
      @results     = @results.sort_by { |p| p.name.downcase } # Sort Results alphabetically, fixes 922
-      @ref         = wiki.ref
+      @ref         = @wiki.ref
      mustache :pages
    end

@@ -4,7 +4,7 @@ require 'gemojione'
 module Precious
  module Helpers

-    EMOJI_PATHNAME = Pathname.new(Gemojione.index.images_path).freeze
+    EMOJI_PATHNAME = Pathname.new(Gemojione.images_path).freeze

    # Extract the path string that Gollum::Wiki expects
    def extract_path(file_path)
@@ -23,7 +23,7 @@ module Precious
            end
          end

-          breadcrumb.join(" / ")
+          @wiki.sanitizer.clean(breadcrumb.join(" / "))
        else
          "Home"
        end
@@ -60,7 +60,7 @@ module Precious
          result = Hash[folders.sort_by{| key, value | key.downcase} ].values.join("\n") + "\n"
          result += Hash[page_files.sort_by{ | key, value | key.downcase } ].values.join("\n")

-          result
+          @wiki.sanitizer.clean(result)
        else
          ""
        end
@@ -30,6 +30,11 @@ context "Frontend" do
    # and in file names saved to disk
    # urls are not case sensitive
    assert_equal 'Title-Space', 'Title Space'.to_url
+  end
+
+  test "translation" do
+    # we transliterate only when adapter is grit
+    return if defined?(Gollum::GIT_ADAPTER) && Gollum::GIT_ADAPTER != 'grit'

    # ascii only file names prevent UTF8 issues
    # when using git repos across operating systems
@@ -2,6 +2,18 @@
 require File.expand_path(File.join(File.dirname(__FILE__), 'helper'))
 require File.expand_path '../../lib/gollum/views/pages', __FILE__

+class FakeSane
+  def clean(data)
+    data
+  end
+end
+
+class FakeWiki
+  def sanitizer
+    FakeSane.new
+  end
+end
+
 FakePageResult = Struct.new(:path) do
  def name
    File.basename(path, File.extname(path)).gsub("-", " ")
@@ -27,6 +39,7 @@ end
 context "Precious::Views::Pages" do
  setup do
    @page = Precious::Views::Pages.new
+    @page.instance_variable_set("@wiki", FakeWiki.new)
  end

  test "breadcrumb" do
@@ -90,8 +90,11 @@ context "Frontend Unicode support" do
  end

  test 'transliteration' do
+    # we transliterate only when adapter is grit
+    return if defined?(Gollum::GIT_ADAPTER) && Gollum::GIT_ADAPTER != 'grit'
+
    # TODO: Remove to_url once write_page changes are merged.
-    @wiki.write_page('ééééé'.to_url, :markdown, '한글 text', { :name => '', :email => '' })
+    @wiki.write_page('ééééé'.to_url, :markdown, '한글 text', commit_details)
    page = @wiki.page('eeeee')
    assert_equal '한글 text', utf8(page.raw_data)
  end
Author	SHA1	Message	Date
Dawa Ometto	02fd12339f	Release 4.1.4	2018-10-01 13:30:14 +02:00
Dawa Ometto	9048d6a03d	Depend on newest gollum-lib for patched sanitize version	2018-10-01 13:30:07 +02:00
Dawa Ometto	93f6b0373a	Update README.md Update supported rubies.	2018-09-24 19:41:36 +02:00
Dawa Ometto	43d3271b4e	Update .gitattributes Make github-linguist ignore files that aren't our own	2018-09-24 18:40:08 +02:00
Dawa Ometto	66d09b76c7	Update README.md Remove badges that aren't working.	2018-09-24 18:34:14 +02:00
Dawa Ometto	90043a66cb	Update README.md Update badges	2018-09-24 18:11:50 +02:00
README Bot	317ccef7c8	Add CodeTriage badge to gollum/gollum (#1291 ) Adds a badge showing the number of people helping this repo on CodeTriage.	2018-09-24 17:34:40 +02:00
Dawa Ometto	771ca331e9	Create ISSUE_TEMPLATE.md	2018-09-17 22:44:09 +02:00
Dawa Ometto	7ada448bce	Release 4.1.3	2018-09-17 22:29:34 +02:00
Dawa Ometto	c2258c449e	Added necessary escaping	2018-09-17 22:20:38 +02:00
Dawa Ometto	612267d322	Update CONTRIBUTING.md Add GPG key	2018-08-14 09:36:26 +02:00
Dawa Ometto	6de0914788	Release 4.1.2	2017-08-07 17:54:00 +02:00
Dawa Ometto	e4f702d1e2	Lock to newer gollum-lib to avoid falling back to unsafe nokogiri	2017-08-07 17:40:49 +02:00
Dawa Ometto	2f864c5e15	Stop support for ruby 2.0.0 because it is not compatible with a safe nokogiri. See https://github.com/gollum/gollum-lib/issues/278	2017-07-31 18:09:32 +02:00
Dawa Ometto	7139590798	Try fix travis	2017-07-31 18:01:37 +02:00
Dawa Ometto	0870655455	Release 4.1.1	2017-04-17 11:20:06 +02:00
Dawa Ometto	ba24a7bb8c	Update gemijione dependency. Closes #1227	2017-04-17 11:01:50 +02:00
Dawa Ometto	f32d7465a2	Set bar_side for versioned pages. Closes #1226	2017-04-14 00:31:09 +02:00
Dawa Ometto	e202698bf1	Merge pull request #1189 from nimag42/patch-1 Solve bug when folder contains non-ascii character	2017-04-09 11:49:54 +02:00
Dawa Ometto	11c2bf7dae	Fix date. Closes #1211	2017-04-05 23:05:24 +02:00
Dawa Ometto	53cf0e1148	Merge pull request #1201 from adamniedzielski/skip-transliteration-tests-rugged Skip tests for transliteration for adapters different than grit	2017-03-11 20:35:53 +01:00
Adam Niedzielski	2d1e49e3f2	Skip tests for transliteration for adapters different than grit	2017-03-11 19:28:31 +01:00
Dawa Ometto	199161f611	Merge pull request #1188 from adamniedzielski/pass-non-empty-author-details Pass non-empty commit author details in transliteration test	2017-03-10 12:00:57 +01:00
Jacquin Théo	a0f5a60ea0	Solve bug when folder contain non-ascii character When you create a file in a folder with non-ascii character, for exemple "Réseau", after creating the page, it throwed an "URI::InvalidURIError", given the fact that the url returned was "/Réseau/H%C3%A9y", only the part with the name of the file was correctly encoded. So I propose to encode every part of the url to solve this issue So I just	2017-01-29 00:39:39 +01:00
Adam Niedzielski	af29c6e441	Pass non-empty commit author details in transliteration test Empty name or email are not allowed by libgit2 and cause a test failure when the test suite is run against rugged_adapter.	2017-01-27 15:15:50 +01:00