From 0bd8a2243e88db85da363ad2101056c9361aeec2 Mon Sep 17 00:00:00 2001 From: f Date: Wed, 11 Aug 2021 10:25:05 -0300 Subject: [PATCH 1/7] Solo permitir URLs web al sanitizar fixes #2382 --- app/models/metadata_content.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/models/metadata_content.rb b/app/models/metadata_content.rb index 437a0dd9..9d3a1040 100644 --- a/app/models/metadata_content.rb +++ b/app/models/metadata_content.rb @@ -56,7 +56,7 @@ class MetadataContent < MetadataTemplate uri = URI element['src'] # No permitimos recursos externos - element.remove unless uri.hostname.end_with? Site.domain + element.remove unless uri.scheme == 'https' && uri.hostname.end_with?(Site.domain) rescue URI::Error element.remove end From c601845a27c5f1a7244c4b88b3736cd115b498ff Mon Sep 17 00:00:00 2001 From: f Date: Wed, 15 Sep 2021 19:50:24 -0300 Subject: [PATCH 2/7] Garantizar que todas las lecturas se hacen dentro del directorio del sitio fixes ##2667 fixes ##2655 fixes ##2640 fixes #2675 fixes #2653 fixes #2635 fixes #2624 fixes #2626 fixes #2627 fixes #2629 fixes #2634 fixes #2636 fixes #2637 fixes #2641 fixes #2642 fixes #2643 fixes #2644 fixes #2645 fixes #2646 fixes #2648 fixes #2649 fixes #2650 fixes #2651 fixes #2654 fixes #2657 fixes #2672 fixes #2676 fixes #2677 fixes #2678 fixes #2681 fixes #2682 fixes #2687 fixes #2688 fixes #2689 fixes #2691 fixes #2692 fixes #2693 --- app/models/site.rb | 43 ++++++++++++++++++++++++------------------- 1 file changed, 24 insertions(+), 19 deletions(-) diff --git a/app/models/site.rb b/app/models/site.rb index 58f20745..ddfe2bc9 100644 --- a/app/models/site.rb +++ b/app/models/site.rb @@ -65,9 +65,6 @@ class Site < ApplicationRecord accepts_nested_attributes_for :deploys, allow_destroy: true - # El sitio en Jekyll - attr_reader :jekyll - # XXX: Es importante incluir luego de los callbacks de :load_jekyll include Site::Index @@ -180,29 +177,28 @@ class Site < ApplicationRecord # Trae los datos del directorio _data dentro del sitio def data - unless @jekyll.data.present? - @jekyll.reader.read_data - - # Define los valores por defecto según la llave buscada - @jekyll.data.default_proc = proc do |data, key| - data[key] = case key - when 'layout' then {} - end + unless jekyll.data.present? + run_in_path do + jekyll.reader.read_data + jekyll.data['layouts'] ||= {} end end - @jekyll.data + jekyll.data end # Traer las colecciones. Todos los artículos van a estar dentro de # colecciones. def collections unless @read - @jekyll.reader.read_collections + run_in_path do + jekyll.reader.read_collections + end + @read = true end - @jekyll.collections + jekyll.collections end # Traer la configuración de forma modificable @@ -290,7 +286,9 @@ class Site < ApplicationRecord # # @return [Hash] def theme_layouts - @jekyll.reader.read_layouts + run_in_path do + jekyll.reader.read_layouts + end end # Trae todos los valores disponibles para un campo @@ -332,6 +330,12 @@ class Site < ApplicationRecord status == 'building' end + def jekyll + run_in_path do + @jekyll ||= Jekyll::Site.new(configuration) + end + end + # Cargar el sitio Jekyll # # TODO: En lugar de leer todo junto de una vez, extraer la carga de @@ -345,10 +349,7 @@ class Site < ApplicationRecord def reload_jekyll! reset - - Dir.chdir(path) do - @jekyll = Jekyll::Site.new(configuration) - end + jekyll end def reload @@ -526,4 +527,8 @@ class Site < ApplicationRecord errors.add(:design_id, I18n.t('activerecord.errors.models.site.attributes.design_id.layout_incompatible.error')) end + + def run_in_path(&block) + Dir.chdir path, &block + end end From 5a324ae71f29616b4661c6b364ee5a3282a5dd14 Mon Sep 17 00:00:00 2001 From: f Date: Wed, 15 Sep 2021 21:00:10 -0300 Subject: [PATCH 3/7] No cortar las columnas --- app/views/posts/index.haml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/app/views/posts/index.haml b/app/views/posts/index.haml index 8b776590..c00d59af 100644 --- a/app/views/posts/index.haml +++ b/app/views/posts/index.haml @@ -112,11 +112,11 @@ %span{ lang: post.locale, dir: dir }= category = '/' unless post.front_matter['categories'].last == category - %td + %td.text-nowrap = post.created_at.strftime('%F') %br/ = post.order - %td + %td.text-nowrap - if @usuarie || policy(post).edit? = link_to t('posts.edit'), edit_site_post_path(@site, post.path), class: 'btn btn-block' - if @usuarie || policy(post).destroy? From 859b8518c0f722cfd06aaab0bc59259870c67609 Mon Sep 17 00:00:00 2001 From: f Date: Wed, 15 Sep 2021 21:00:48 -0300 Subject: [PATCH 4/7] =?UTF-8?q?Mostrar=20el=20tipo=20de=20art=C3=ADculo?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app/views/posts/index.haml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/app/views/posts/index.haml b/app/views/posts/index.haml index c00d59af..5c47f679 100644 --- a/app/views/posts/index.haml +++ b/app/views/posts/index.haml @@ -104,13 +104,13 @@ %span{ lang: post.locale, dir: dir }= post.title - if post.front_matter['draft'].present? %span.badge.badge-primary= I18n.t('posts.attributes.draft.label') - - if post.front_matter['categories'].present? - %br - %small - - post.front_matter['categories'].each do |category| - = link_to site_posts_path(@site, **@filter_params.merge(category: category)) do - %span{ lang: post.locale, dir: dir }= category - = '/' unless post.front_matter['categories'].last == category + %br + %small + = link_to @site.layouts[post.layout].humanized_name, site_posts_path(@site, **@filter_params.merge(layout: post.layout)) + - post.front_matter['categories']&.each do |category| + = link_to site_posts_path(@site, **@filter_params.merge(category: category)) do + %span{ lang: post.locale, dir: dir }= category + = '/' unless post.front_matter['categories'].last == category %td.text-nowrap = post.created_at.strftime('%F') From 8e1f5c5558627efa0721703591d940aa288f9b85 Mon Sep 17 00:00:00 2001 From: f Date: Wed, 15 Sep 2021 21:02:09 -0300 Subject: [PATCH 5/7] =?UTF-8?q?Paginaci=C3=B3n?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Gemfile | 1 + Gemfile.lock | 17 ++++++++++++++++- app/controllers/posts_controller.rb | 4 ++-- config/routes.rb | 1 + 4 files changed, 20 insertions(+), 3 deletions(-) diff --git a/Gemfile b/Gemfile index 4256e307..db06827d 100644 --- a/Gemfile +++ b/Gemfile @@ -67,6 +67,7 @@ gem 'terminal-table' gem 'validates_hostname' gem 'webpacker' gem 'yaml_db', git: 'https://0xacab.org/sutty/yaml_db.git' +gem 'kaminari' # database gem 'hairtrigger' diff --git a/Gemfile.lock b/Gemfile.lock index 33fba3a0..e08bcb05 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -309,6 +309,18 @@ GEM jekyll-write-and-commit-changes (0.1.2) jekyll (~> 4) rugged (~> 1) + kaminari (1.2.1) + activesupport (>= 4.1.0) + kaminari-actionview (= 1.2.1) + kaminari-activerecord (= 1.2.1) + kaminari-core (= 1.2.1) + kaminari-actionview (1.2.1) + actionview + kaminari-core (= 1.2.1) + kaminari-activerecord (1.2.1) + activerecord + kaminari-core (= 1.2.1) + kaminari-core (1.2.1) kramdown (2.3.1) rexml kramdown-parser-gfm (1.1.0) @@ -345,6 +357,7 @@ GEM mini_histogram (0.3.1) mini_magick (4.11.0) mini_mime (1.1.0) + mini_portile2 (2.5.3) minima (2.5.1) jekyll (>= 3.5, < 5.0) jekyll-feed (~> 0.9) @@ -357,7 +370,8 @@ GEM net-ssh (6.1.0) netaddr (2.0.4) nio4r (2.5.7-x86_64-linux-musl) - nokogiri (1.11.7-x86_64-linux) + nokogiri (1.11.7-x86_64-linux-musl) + mini_portile2 (~> 2.5.0) racc (~> 1.4) orm_adapter (0.5.0) parallel (1.20.1) @@ -667,6 +681,7 @@ DEPENDENCIES jekyll-data! jekyll-images jekyll-include-cache + kaminari letter_opener listen (>= 3.0.5, < 3.2) loaf diff --git a/app/controllers/posts_controller.rb b/app/controllers/posts_controller.rb index 3ef26720..05ae2736 100644 --- a/app/controllers/posts_controller.rb +++ b/app/controllers/posts_controller.rb @@ -24,7 +24,7 @@ class PostsController < ApplicationController # más simple saber si hubo cambios. if stale?([current_usuarie, site, filter_params]) # Todos los artículos de este sitio para el idioma actual - @posts = site.indexed_posts.where(locale: locale) + @posts = site.indexed_posts.where(locale: locale).page(filter_params.delete(:page)) # De este tipo @posts = @posts.where(layout: filter_params[:layout]) if filter_params[:layout] # Que estén dentro de la categoría @@ -154,7 +154,7 @@ class PostsController < ApplicationController # # @return [Hash] def filter_params - @filter_params ||= params.permit(:q, :category, :layout).to_h.select { |_, v| v.present? } + @filter_params ||= params.permit(:q, :category, :layout, :page).to_h.select { |_, v| v.present? } end def site diff --git a/config/routes.rb b/config/routes.rb index 2c5f1c60..15ee4150 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -60,6 +60,7 @@ Rails.application.routes.draw do scope '(:locale)' do post :'posts/reorder', to: 'posts#reorder' resources :posts do + get 'p/:page', action: :index, on: :collection get :preview, to: 'posts#preview' end end From f90c92dc26ff5e69385153ee1547c461d44210a1 Mon Sep 17 00:00:00 2001 From: f Date: Wed, 15 Sep 2021 21:03:07 -0300 Subject: [PATCH 6/7] =?UTF-8?q?Poder=20navegar=20p=C3=A1ginas=20en=20la=20?= =?UTF-8?q?lista=20de=20art=C3=ADculos?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app/views/posts/index.haml | 22 ++++++++++++++-------- config/locales/en.yml | 2 ++ config/locales/es.yml | 2 ++ 3 files changed, 18 insertions(+), 8 deletions(-) diff --git a/app/views/posts/index.haml b/app/views/posts/index.haml index 5c47f679..654210f2 100644 --- a/app/views/posts/index.haml +++ b/app/views/posts/index.haml @@ -72,14 +72,20 @@ %thead %tr %th.border-0.background-white.position-sticky{ style: 'top: 0; z-index: 2', colspan: '4' } - = submit_tag t('posts.reorder.submit'), class: 'btn' - %button.btn{ data: { action: 'reorder#unselect' } } - = t('posts.reorder.unselect') - %span.badge{ data: { target: 'reorder.counter' } } 0 - %button.btn{ data: { action: 'reorder#up' } }= t('posts.reorder.up') - %button.btn{ data: { action: 'reorder#down' } }= t('posts.reorder.down') - %button.btn{ data: { action: 'reorder#top' } }= t('posts.reorder.top') - %button.btn{ data: { action: 'reorder#bottom' } }= t('posts.reorder.bottom') + .d-flex.flex-row.justify-content-between + %div + = submit_tag t('posts.reorder.submit'), class: 'btn' + %button.btn{ data: { action: 'reorder#unselect' } } + = t('posts.reorder.unselect') + %span.badge{ data: { target: 'reorder.counter' } } 0 + %button.btn{ data: { action: 'reorder#up' } }= t('posts.reorder.up') + %button.btn{ data: { action: 'reorder#down' } }= t('posts.reorder.down') + %button.btn{ data: { action: 'reorder#top' } }= t('posts.reorder.top') + %button.btn{ data: { action: 'reorder#bottom' } }= t('posts.reorder.bottom') + + %div + = link_to_prev_page @posts, t('posts.prev'), class: 'btn' + = link_to_next_page @posts, t('posts.next'), class: 'btn' %tbody - dir = t("locales.#{@locale}.dir") - size = @posts.size diff --git a/config/locales/en.yml b/config/locales/en.yml index fc194eab..e950fc32 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -376,6 +376,8 @@ en: en: 'English' ar: 'Arabic' posts: + prev: Previous page + next: Next page empty: "There are no results for those search parameters." caption: Post list attribute_ro: diff --git a/config/locales/es.yml b/config/locales/es.yml index e8185391..459d643b 100644 --- a/config/locales/es.yml +++ b/config/locales/es.yml @@ -384,6 +384,8 @@ es: en: 'inglés' ar: 'árabe' posts: + prev: Página anterior + next: Página siguiente empty: No hay artículos con estos parámetros de búsqueda. caption: Lista de artículos attribute_ro: From 0dece732aadc407b10674158fd86a4460e42e622 Mon Sep 17 00:00:00 2001 From: f Date: Wed, 15 Sep 2021 21:03:28 -0300 Subject: [PATCH 7/7] =?UTF-8?q?Al=20buscar=20eliminar=20la=20paginaci?= =?UTF-8?q?=C3=B3n?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app/views/posts/index.haml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/views/posts/index.haml b/app/views/posts/index.haml index 654210f2..90e30966 100644 --- a/app/views/posts/index.haml +++ b/app/views/posts/index.haml @@ -40,7 +40,7 @@ %section.col = render 'layouts/flash' .d-flex.justify-content-between.align-items-center.pl-2-plus.pr-2-plus.mb-2 - %form + %form{ action: site_posts_path } - @filter_params.each do |param, value| - next if param == 'q' %input{ type: 'hidden', name: param, value: value }