Merge pull request #451 from gollum/6.x_rebased

Merge 6.x into master

Gemfile

@@ -1,3 +1,9 @@
 source 'https://rubygems.org'
-
 gemspec :name => 'gollum-lib'
+gem 'irb'
+
+if RUBY_PLATFORM == 'java' then
+  group :development do
+    gem 'activesupport', '~> 6.0'
+  end
+end

HISTORY.md

@@ -2,13 +2,10 @@
 
 * Bugfix release: address XSS vulnerability ( @6661620a, @dometto)
 
-
 # 5.2.3 / 2023-03-13
 
 * Bugfix release: update adapter dependencies for Ruby 3.2 support.
 
-
-
 # 5.2.2 / 2023-01-18
 
 * Bugfix release: set Nokogiri default XHTML conversion options more relaibly. See https://github.com/sparklemotion/nokogiri/issues/2761

LATEST_CHANGES.md

@@ -1,3 +1,21 @@
+<<<<<<< HEAD
 # 5.2.4 / 2023-03-22
 
 * Bugfix release: address XSS vulnerability ( @6661620a, @dometto)
+=======
+# 6.0
+
+* Default to local PlantUML server for security. #412. (@manofstick)
+* Allow use of default branch name `main` or `master. Resolves https://github.com/gollum/gollum/issues/1813. (@dometto)
+<<<<<<< HEAD
+>>>>>>> 462ce53 (Implement default branch detection, move away from master as default. (#424))
+=======
+* Support use of commit notes in Gollum::Committer. (@dometto, @bartkamphorst)
+<<<<<<< HEAD
+>>>>>>> 8384b51 (Support for git notes (#435))
+=======
+
+### Bugfixes
+
+* Fix the use of boolean arguments in Macros. #441. (@dometto)
+>>>>>>> 0db2ff5 (Ensure boolean Macro arguments are parsed as boolean. Resolves #441 (#447))

gemspec.rb

@@ -26,14 +26,13 @@ def specification(version, default_adapter, platform = nil)
     s.add_dependency 'loofah', '~> 2.3'
     s.add_dependency 'github-markup', '~> 4.0'
     s.add_dependency 'gemojione', '~> 4.1'
-    s.add_dependency 'octicons', '~> 12.0'
     s.add_dependency 'twitter-text', '1.14.7'
 
     s.add_development_dependency 'org-ruby', '~> 0.9.9'
     s.add_development_dependency 'kramdown', '~> 2.3'
     s.add_development_dependency 'kramdown-parser-gfm', '~> 1.1.0'
     s.add_development_dependency 'RedCloth', '~> 4.2.9'
-    s.add_development_dependency 'mocha', '~> 1.11'
+    s.add_development_dependency 'mocha', '~> 2.0'
     s.add_development_dependency 'shoulda', '~> 4.0'
     s.add_development_dependency 'wikicloth', '~> 0.8.3'
     s.add_development_dependency 'bibtex-ruby', '~> 6.0'
@@ -45,7 +44,7 @@ def specification(version, default_adapter, platform = nil)
     s.add_development_dependency 'rb-readline', '~> 0.5.1'
     # updating minitest-reporters requires a new minitest which fails with gollum's tests.
     s.add_development_dependency 'test-unit', '~> 3.3'
-    s.add_development_dependency 'minitest-reporters', '~> 1.4'
+    s.add_development_dependency 'minitest-reporters', '~> 1.5'
     s.add_development_dependency 'nokogiri-diff', '~> 0.2.0'
     s.add_development_dependency 'guard', '~> 2.16'
     s.add_development_dependency 'guard-minitest', '~> 2.4'
@@ -93,7 +92,7 @@ def specification(version, default_adapter, platform = nil)
     lib/gollum-lib/macro/global_toc.rb
     lib/gollum-lib/macro/navigation.rb
     lib/gollum-lib/macro/note.rb
-    lib/gollum-lib/macro/octicon.rb
+    lib/gollum-lib/macro/icon.rb
     lib/gollum-lib/macro/series.rb
     lib/gollum-lib/macro/video.rb
     lib/gollum-lib/macro/warn.rb

gollum-lib.gemspec

@@ -3,8 +3,8 @@ require File.join(File.dirname(__FILE__), 'lib', 'gollum-lib', 'version.rb')
 # This file needs to conditionally define the default adapter for MRI and Java, because this is the file that is included from the Gemfile.
 # In addition, the default Java adapter needs to be defined in gollum-lib_java.gemspec beause that file is used to *build* the Java gem.
 if RUBY_PLATFORM == 'java' then
-  default_adapter = ['gollum-rjgit_adapter', '~> 1.0']
+  default_adapter = ['gollum-rjgit_adapter', '~> 2.0']
 else
-  default_adapter = ['gollum-rugged_adapter', '~> 2.0']
+  default_adapter = ['gollum-rugged_adapter', '~> 3.0']
 end
 Gem::Specification.new &specification(Gollum::Lib::VERSION, default_adapter)

gollum-lib_java.gemspec

@@ -1,4 +1,4 @@
 require File.join(File.dirname(__FILE__), 'gemspec.rb')
 require File.join(File.dirname(__FILE__), 'lib', 'gollum-lib', 'version.rb')
-default_adapter = ['gollum-rjgit_adapter', '~> 0.6']
+default_adapter = ['gollum-rjgit_adapter', '~> 2.0']
 Gem::Specification.new &specification(Gollum::Lib::VERSION, default_adapter, "java") 

lib/gollum-lib/committer.rb

@@ -18,6 +18,7 @@ class Committer
     #           :message   - The String commit message.
     #           :name      - The String author full name.
     #           :email     - The String email address.
+    #           :note      - Optional String containing info about the commit. Not used, but can be accessed from inside the :post_commit Hook.
     #           :parent    - Optional Gollum::Git::Commit parent to this update.
     #           :tree      - Optional String SHA of the tree to create the
     #                        index from.
@@ -128,6 +129,7 @@ def commit
       @callbacks.each do |cb|
         cb.call(self, sha1)
       end
+      @wiki.repo.commit(sha1).note=@options[:note] if @options[:note]
       Hook.execute(:post_commit, self, sha1)
       sha1
     end

lib/gollum-lib/file.rb

@@ -8,18 +8,21 @@ class File
 
     class << self
 
-      # For use with self.find: returns true if the given query corresponds to the in-repo path of the BlobEntry.
-      #
-      # query     - The String path to match.
-      # entry     - The BlobEntry to check against.
-      # global_match - (Not implemented for File, see Page.path_match)
-      # hyphened_tags  - If true, replace spaces in match_path with hyphens.
-      # case_insensitive - If true, compare query and match_path case-insensitively
-      def path_match(query, entry, global_match = false, hyphened_tags = false, case_insensitive = false)
-        path_compare(query, ::File.join('/', entry.path), hyphened_tags, case_insensitive)
-      end
+    # Get a canonical path to a file.
+    # Ensures that the result is always under page_file_dir (prevents path traversal), if set.
+    # Removes leading slashes.
+    #
+    # path           - One or more String path elements to join together. `nil` values are ignored.
+    # page_file_dir  - kwarg String, default: nil
+    def canonical_path(*path, page_file_dir: nil)
+      prefix = Pathname.new('/') + page_file_dir.to_s
+      rest = Pathname.new('/').join(*path.compact).cleanpath.to_s[1..-1]
+      result = (prefix + rest).cleanpath.to_s[1..-1]
+      result.sub!(/^\/+/, '') if Gem.win_platform? # On Windows, Pathname#cleanpath will leave double slashes at the start of a path, so replace all (not just the first) leading slashes
+      result
+    end
 
-      # For use with self.path_match: returns true if 'query' and 'match_path' match, strictly or taking account of the following parameters:
+      # For use with self.find: returns true if 'query' and 'match_path' match, strictly or taking account of the following parameters:
       # hyphened_tags  - If true, replace spaces in match_path with hyphens.
       # case_insensitive - If true, compare query and match_path case-insensitively
       def path_compare(query, match_path, hyphened_tags, case_insensitive)
@@ -41,24 +44,31 @@ def path_compare(query, match_path, hyphened_tags, case_insensitive)
     # version - The String version ID to find.
     # try_on_disk - If true, try to return just a reference to a file
     #               that exists on the disk.
-    # global_match - If true, find a File matching path's filename, but not it's directory (so anywhere in the repo)
+    # global_match - If true, find a File matching path's filename, but not its directory (so anywhere in the repo)
     #
     # Returns a Gollum::File or nil if the file could not be found. Note
     # that if you specify try_on_disk=true, you may or may not get a file
     # for which on_disk? is actually true.
     def self.find(wiki, path, version, try_on_disk = false, global_match = false)
-      map = wiki.tree_map_for(version.to_s)
-
-      query_path = Pathname.new(::File.join(['/', wiki.page_file_dir, path].compact)).cleanpath.to_s
-      query_path.sub!(/^\/\//, '/') if Gem.win_platform? # On Windows, Pathname#cleanpath will leave double slashes at the start of a path intact, so sub them out.
+      query_path =  self.canonical_path(path, page_file_dir: wiki.page_file_dir)
+      dir, filename = Pathname.new(query_path).split
+      dir = dir.to_s
 
-      begin
-        entry = map.detect do |entry|
-          path_match(query_path, entry, global_match, wiki.hyphened_tag_lookup, wiki.case_insensitive_tag_lookup)
+      if global_match && self.respond_to?(:global_find) # Only implemented for Gollum::Page
+        return self.global_find(wiki, version, query_path, try_on_disk) 
+      else
+        begin
+          root = wiki.commit_for(version)
+          return nil unless root
+          tree = dir == '.' ? root.tree : root.tree / dir
+          return nil unless tree
+          entry = tree.find_blob do |blob_name|
+            path_compare(filename.to_s, blob_name, wiki.hyphened_tag_lookup, wiki.case_insensitive_tag_lookup)
+          end
+          entry ? self.new(wiki, entry, dir, version, try_on_disk) : nil
+        rescue Gollum::Git::NoSuchShaFound
+          nil
         end
-        entry ? self.new(wiki, entry.blob(wiki.repo), entry.dir, version, try_on_disk) : nil
-      rescue Gollum::Git::NoSuchShaFound
-        nil
       end
     end
 
@@ -74,7 +84,7 @@ def self.find(wiki, path, version, try_on_disk = false, global_match = false)
     def initialize(wiki, blob, path, version, try_on_disk = false)
       @wiki         = wiki
       @blob         = blob
-      @path         = "#{path}/#{blob.name}"[1..-1]
+      @path         = self.class.canonical_path(path, blob.name)
       @version      = version.is_a?(Gollum::Git::Commit) ? version : @wiki.commit_for(version)
       get_disk_reference if try_on_disk
     end

lib/gollum-lib/filter/macro.rb

@@ -1,5 +1,5 @@
 # ~*~ encoding: utf-8 ~*~
-require 'octicons'
+
 
 # Replace specified tokens with dynamically generated content.
 class Gollum::Filter::Macro < Gollum::Filter
@@ -22,13 +22,18 @@ def extract(data)
       argstr.scan(/,?\s*(#{arg})\s*/) do |arguments|
       	# Stabstabstab
       	argument = arguments.first
-
-        if argument =~ /^([a-z0-9_]+)="(.*?)"/
-      		opts[Regexp.last_match[1]] = Regexp.last_match[2]
-			  elsif argument =~ /^"(.*)"$/
-				  args << Regexp.last_match[1].gsub("\\\"", "\"")
-			  else
-				  args << argument
+
+        case argument
+        in /^([a-z0-9_]+)="(.*?)"/
+          opts[Regexp.last_match[1]] = Regexp.last_match[2]
+        in /^"(.*)"$/
+          args << Regexp.last_match[1].gsub("\\\"", "\"")
+        in /\s*false\s*/
+          args << false
+        in /\s*true\s*/
+          args << true
+        else
+          args << argument
         end
       end
 
@@ -48,13 +53,11 @@ def process(data)
         begin
           Gollum::Macro.instance(macro, @markup.wiki, @markup.page).render(*args)
         rescue StandardError => e
-          icon = Octicons::Octicon.new('zap', {width: 24, height: 24})
-          icon.options[:class] << ' mr-2'
-          "<div class='flash flash-error'>#{icon.to_svg}Macro Error for #{macro}: #{e.message}</div>"
+          %Q(<div class="flash flash-error gollum-macro-error my-2">Macro Error for #{macro}: #{e.message}</div>)
         end
       end
     end
 
-    sanitize(data)
+    data
   end
 end

lib/gollum-lib/filter/plantuml.rb

@@ -37,7 +37,7 @@
 #
 class Gollum::Filter::PlantUML < Gollum::Filter
 
-  DEFAULT_URL = "http://www.plantuml.com/plantuml/png"
+  DEFAULT_URL = "http://localhost:8080/plantuml/png"
 
   # Configuration class used to change the behaviour of the PlatnUML filter.
   #

lib/gollum-lib/filter/render.rb

@@ -6,7 +6,11 @@ def extract(data)
       working_dir = Pathname.new(@markup.wiki.path).join(@markup.dir)
       working_dir = working_dir.exist? ? working_dir.to_s : '.'
       Dir.chdir(working_dir) do
-        data = GitHub::Markup.render_s(@markup.format, data)
+        if block = @markup.custom_renderer
+          data = block.call(data)
+        else
+          data = GitHub::Markup.render_s(@markup.format, data)
+        end
       end
       if data.nil?
         raise "There was an error converting #{@markup.name} to HTML."

lib/gollum-lib/filter/tags.rb

@@ -231,7 +231,13 @@ def process_page_link_tag(link_part, pretty_name = nil)
       name = page ? path_to_link_text(link) : link
     end
 
-    link = page ? page.escaped_url_path : ERB::Util.url_encode(link).force_encoding('utf-8')
+    if page
+      link = page.escaped_url_path
+    else
+      link = Pathname.new(link).relative? ? "#{@markup.dir.to_s}/#{link}" : link
+      link = ERB::Util.url_encode(link).force_encoding('utf-8')
+    end
+
     generate_link(link, name, extra, presence)
   end
 

lib/gollum-lib/git_access.rb

@@ -161,15 +161,11 @@ def tree!(sha)
       items = []
       tree.each do |entry|
         if entry[:type] == 'blob'
-          items << BlobEntry.new(entry[:sha], entry[:path], entry[:size], entry[:mode].to_i(8))
+          next if @page_file_dir && !entry[:path].start_with?("#{@page_file_dir}/")
+          items << BlobEntry.new(entry[:sha], entry[:path], entry[:size], entry[:mode])
         end
       end
-      if (dir = @page_file_dir)
-        regex = /^#{dir}\//
-        items.select { |i| i.path =~ regex }
-      else
-        items
-      end
+      items
     end
 
     # Reads the content from the Git db at the given SHA.

lib/gollum-lib/helpers.rb

@@ -3,12 +3,12 @@
 module Gollum
   module Helpers
 
-    # If url starts with a leading slash, trim down its number of leading slashes to 1. Else, return url unchanged.
+    # Replace url-encoded slashes ('%2F') with slashes
+    # Clean up double slashes
     def trim_leading_slashes(url)
       return nil if url.nil?
       url.gsub!('%2F', '/')
-      return '/' + url.gsub(/^\/+/, '') if url[0, 1] == '/'
-      url
+      Pathname.new(url).cleanpath.to_s
     end
 
     # Take a link path and turn it into a string for display as link text.

lib/gollum-lib/macro.rb

@@ -38,7 +38,7 @@ def initialize(macro_name)
       end
 
       def render(*_args)
-        "!!!Unknown macro: #{@macro_name}!!!"
+        html_error("Unknown macro: #{@macro_name}")
       end
     end
   end

lib/gollum-lib/macro/flash.rb

@@ -0,0 +1,11 @@
+module Gollum
+  class Macro
+    class Flash < Gollum::Macro
+      def render(message, icon='', type='')
+        flash_type = ['warn', 'error', 'success'].include?(type) ? "flash-#{type}" : '' 
+        flash_icon = icon.empty? ? '' : %Q(data-gollum-icon="#{icon}")
+        %Q(<div class="flash #{flash_type} my-2" #{flash_icon}>#{message}</div>)
+      end
+    end
+  end
+end

lib/gollum-lib/macro/icon.rb

@@ -0,0 +1,9 @@
+module Gollum
+  class Macro
+    class Icon < Gollum::Macro
+      def render(icon)
+        %Q(<div class="gollum-icon" data-gollum-icon="#{icon}"></div>)
+      end
+    end
+  end
+end

lib/gollum-lib/macro/note.rb

@@ -1,18 +1,8 @@
 module Gollum
   class Macro
     class Note < Gollum::Macro
-      def render(notice, octicon = 'info')
-        icon = ""
-        unless octicon.empty?
-          begin
-            icon = Octicons::Octicon.new(octicon, {width: 24, height: 24})
-          rescue RuntimeError
-            icon = Octicons::Octicon.new('info', {width: 24, height: 24})
-          end
-          icon.options[:class] << ' mr-2'
-          icon = icon.to_svg
-        end
-        "<div class='flash'>#{icon}#{notice}</div>"
+      def render(notice)
+        %Q(<div class="flash gollum-note my-2">#{notice}</div>)
       end
     end
   end

lib/gollum-lib/macro/warn.rb

@@ -2,9 +2,7 @@ module Gollum
   class Macro
     class Warn < Gollum::Macro
       def render(warning)
-        icon = Octicons::Octicon.new('alert', {width: 24, height: 24})
-        icon.options[:class] << ' mr-2'
-        "<div class='flash flash-warn'>#{icon.to_svg}#{warning}</div>"
+        %Q(<div class="flash flash-warn gollum-warning my-2">#{warning}</div>)
       end
     end
   end