Normalize the page contents used to create a PreviewPage. Fixes #1617 .

Filter _Template content. Proposed solution to #1603 .
Release 5.1.1
2020-09-20 18:32:15 +02:00 · 2020-08-25 16:55:00 +02:00 · 2020-08-11 12:57:42 +02:00
5 changed files with 12 additions and 6 deletions
@@ -5,6 +5,8 @@ gollum -- A git-based Wiki
 [![Build Status](https://travis-ci.org/gollum/gollum.svg?branch=master)](https://travis-ci.org/gollum/gollum)
 [![Open Source Helpers](https://www.codetriage.com/gollum/gollum/badges/users.svg)](https://www.codetriage.com/gollum/gollum)
 **Please update to gollum 5.1.1 to counter a recent exploit in the kramdown rendering gem, [CVE-2020-14001](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14001)**
 **Gollum version 5.0 is out!** See [here](https://github.com/gollum/gollum/wiki/5.0-release-notes) for a list of changes and new features compared to Gollum version 4.x, and see some [Screenshots](https://github.com/gollum/gollum/wiki/Screenshots) of Gollum's features.
 ## DESCRIPTION
@@ -5,8 +5,8 @@ Gem::Specification.new do |s|
  s.required_ruby_version = '>= 1.9'
  s.name              = 'gollum'
-  s.version           = '5.1'
+  s.version           = '5.1.1'
-  s.date              = '2020-08-03'
+  s.date              = '2020-08-11'
  s.license           = 'MIT'
  s.summary     = 'A simple, Git-powered wiki.'
@@ -24,7 +24,7 @@ Gem::Specification.new do |s|
  s.extra_rdoc_files = %w[README.md LICENSE]
  s.add_dependency 'gollum-lib', '~> 5.0'
-  s.add_dependency 'kramdown', '~> 2.1.0'
+  s.add_dependency 'kramdown', '~> 2.3'
  s.add_dependency 'kramdown-parser-gfm', '~> 1.0.0'
  s.add_dependency 'sinatra', '~> 2.0'
  s.add_dependency 'sinatra-contrib', '~> 2.0'
@@ -12,7 +12,7 @@ require 'rhino' if RUBY_PLATFORM == 'java'
 require File.expand_path('../gollum/uri_encode_component', __FILE__)
 module Gollum
-  VERSION = '5.1'
+  VERSION = '5.1.1'
  def self.assets_path
    ::File.expand_path('gollum/public', ::File.dirname(__FILE__))
@@ -355,6 +355,9 @@ module Precious
        if settings.wiki_options[:template_page] then
          temppage = wiki_page('/_Template')
          @template_page = (temppage.page != nil) ? temppage.page.raw_data : 'Template page option is set, but no /_Template page is present or committed.'
          if defined?(Gollum::TemplateFilter)
            @template_page = Gollum::TemplateFilter.filter(@template_page)
          end
        end
        wikip = wiki_page(params[:splat].first)
        @name = wikip.name
@@ -418,7 +421,7 @@ module Precious
      post '/preview' do
        wiki           = wiki_new
        @name          = params[:page] ? strip_page_name(CGI.unescape(params[:page])) : 'Preview'
-        @page          = wiki.preview_page(@name, params[:content], params[:format])
+        @page          = wiki.preview_page(@name, wiki.normalize(params[:content]), params[:format])
        ['sidebar', 'header', 'footer'].each do |subpage|
          @page.send("set_#{subpage}".to_sym, params[subpage]) if params[subpage]
        end
@@ -345,7 +345,8 @@ $(document).ready(function() {
    var formData = new FormData($('#gollum-editor-form').get(0));
    var paths = window.location.pathname.split('/');
    var sectionAnchor = window.location.hash.substr(1);
-    formData.append('page', paths[ paths.length - 1 ] || '')
+    formData.append('page', paths[ paths.length - 1 ] || '');
    $.ajax({
      url: routePath('preview'),
      data: formData,
Author	SHA1	Message	Date
Bart Kamphorst	906dab700f	Normalize the page contents used to create a PreviewPage. Fixes #1617 .	2020-09-20 18:32:15 +02:00
Bart Kamphorst	c5894dd4df	Filter _Template content. Proposed solution to #1603 .	2020-08-25 16:55:00 +02:00
Dawa Ometto	986a76cf8e	Release 5.1.1	2020-08-11 12:57:42 +02:00