DGNum/demarches-normaliennes
15
1
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity

Merge pull request #1575 from betagouv/frederic/fix_delayed_job_web

Browse source 
Fix XSS in delayed job web admin
This commit is contained in:
Mathieu Magnin 2018-03-07 17:22:14 +01:00 committed by GitHub
commit 2771ffc0b9
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 15 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
Gemfile
View file

@ -104,8 +104,10 @@ gem 'sanitize-url'
gem 'delayed_job_active_record'
gem "daemons"
gem 'delayed_cron_job'
gem "delayed_job_web"
# FIXME: this is a fork, go back to official version
# once https://github.com/ejschmitt/delayed_job_web/issues/101
# has been merged and released
gem "delayed_job_web", git: 'https://github.com/breckenedge/delayed_job_web.git', branch: 'cve_2017_12097'
gem 'select2-rails'
# PDF Generation

16
Gemfile.lock
View file

@ -1,3 +1,13 @@
GIT
remote: https://github.com/breckenedge/delayed_job_web.git
revision: 6bcb10e61ea2b9a44ffa16be8536dff46ad51449
branch: cve_2017_12097
specs:
delayed_job_web (1.4)
activerecord (> 3.0.0)
delayed_job (> 2.0.3)
sinatra (>= 1.4.4)
GIT
remote: https://github.com/hassox/warden.git
revision: a4b197e0b28e7b576b0745b0f6aeaed8dbb774a4
@ -172,10 +182,6 @@ GEM
delayed_job_active_record (4.1.2)
activerecord (>= 3.0, < 5.2)
delayed_job (>= 3.0, < 5)
delayed_job_web (1.4)
activerecord (> 3.0.0)
delayed_job (> 2.0.3)
sinatra (>= 1.4.4)
devise (4.4.1)
bcrypt (~> 3.0)
orm_adapter (~> 0.1)
@ -796,7 +802,7 @@ DEPENDENCIES
deep_cloneable
delayed_cron_job
delayed_job_active_record
delayed_job_web
delayed_job_web!
devise
dotenv-rails
draper