From: Tomas Doran Date: Mon, 30 Jan 2012 11:33:27 +0000 (+0000) Subject: Merge remote branch 'shadowcat/master' X-Git-Tag: 0.97~2 X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?a=commitdiff_plain;h=2814d7c92e9eae4474459e6dffb6bfa3bd91f53d;hp=89bf55aa770766ee3f18dd9b6dbf3f5f133e0266;p=catagits%2FCatalyst-Action-REST.git Merge remote branch 'shadowcat/master' * shadowcat/master: Fix a typo in Changes --- diff --git a/Changes b/Changes index 83322b9..312e10e 100644 --- a/Changes +++ b/Changes @@ -1,8 +1,11 @@ +Mon 20 Jan 2012 11:22:00 GMT - Release 0.96 + Added fix for RT 63537 (from Gerv) and tests to check it. + Wed 04 Jan 2012 19:34:00 GMT - Release 0.95 Fix regex for JSONP parameter name to be able to include the . character in Catalyst::Action::Serialize::JSONP. RT#73741 - Add optional location parameter to status_acceped handler. RT#73691 (ghenry) + Add optional location parameter to status_accepted handler. RT#73691 (ghenry) Fri 09 Dec 2011 08:35:00 GMT - Release 0.94 Add 403 Forbidden and 302 Not Found status methods to diff --git a/Makefile.PL b/Makefile.PL index 8b0ce01..317c0be 100644 --- a/Makefile.PL +++ b/Makefile.PL @@ -14,6 +14,7 @@ requires 'namespace::autoclean'; requires('Catalyst::Runtime' => '5.80030'); requires('Params::Validate' => '0.76'); requires('YAML::Syck' => '0.67'); +requires('HTML::Parser' => undef); requires('Module::Pluggable::Object' => undef); requires('LWP::UserAgent' => '2.033'); requires('Data::Serializer' => '0.36'); diff --git a/README b/README index f1259c4..ae77756 100644 --- a/README +++ b/README @@ -104,6 +104,10 @@ CONTRIBUTORS Gavin Henry + Gerv http://www.gerv.net/ + + Colin Newell + COPYRIGHT Copyright (c) 2006-2012 the above named AUTHOR and CONTRIBUTORS diff --git a/lib/Catalyst/Action/Deserialize.pm b/lib/Catalyst/Action/Deserialize.pm index d596a10..45b77b3 100644 --- a/lib/Catalyst/Action/Deserialize.pm +++ b/lib/Catalyst/Action/Deserialize.pm @@ -8,7 +8,7 @@ use Module::Pluggable::Object; use MRO::Compat; use Moose::Util::TypeConstraints; -our $VERSION = '0.95'; +our $VERSION = '0.96'; $VERSION = eval $VERSION; has plugins => ( is => 'rw' ); diff --git a/lib/Catalyst/Action/Deserialize/Callback.pm b/lib/Catalyst/Action/Deserialize/Callback.pm index d1b71f3..27e7d05 100644 --- a/lib/Catalyst/Action/Deserialize/Callback.pm +++ b/lib/Catalyst/Action/Deserialize/Callback.pm @@ -6,7 +6,7 @@ use Scalar::Util qw(openhandle); extends 'Catalyst::Action'; -our $VERSION = '0.95'; +our $VERSION = '0.96'; $VERSION = eval $VERSION; sub execute { diff --git a/lib/Catalyst/Action/Deserialize/Data/Serializer.pm b/lib/Catalyst/Action/Deserialize/Data/Serializer.pm index 7a52c95..b3cef43 100644 --- a/lib/Catalyst/Action/Deserialize/Data/Serializer.pm +++ b/lib/Catalyst/Action/Deserialize/Data/Serializer.pm @@ -10,7 +10,7 @@ use Scalar::Util qw(openhandle); my $compartment = Safe->new; $compartment->permit_only( qw(padany null lineseq const pushmark list anonhash anonlist refgen leaveeval undef) ); -our $VERSION = '0.95'; +our $VERSION = '0.96'; $VERSION = eval $VERSION; sub execute { diff --git a/lib/Catalyst/Action/Deserialize/JSON.pm b/lib/Catalyst/Action/Deserialize/JSON.pm index 63d412d..0925e8b 100644 --- a/lib/Catalyst/Action/Deserialize/JSON.pm +++ b/lib/Catalyst/Action/Deserialize/JSON.pm @@ -7,7 +7,7 @@ use Scalar::Util qw(openhandle); extends 'Catalyst::Action'; use JSON; -our $VERSION = '0.95'; +our $VERSION = '0.96'; $VERSION = eval $VERSION; sub execute { diff --git a/lib/Catalyst/Action/Deserialize/View.pm b/lib/Catalyst/Action/Deserialize/View.pm index bccd98c..1455ca0 100644 --- a/lib/Catalyst/Action/Deserialize/View.pm +++ b/lib/Catalyst/Action/Deserialize/View.pm @@ -5,7 +5,7 @@ use namespace::autoclean; extends 'Catalyst::Action'; -our $VERSION = '0.95'; +our $VERSION = '0.96'; $VERSION = eval $VERSION; sub execute { diff --git a/lib/Catalyst/Action/Deserialize/XML/Simple.pm b/lib/Catalyst/Action/Deserialize/XML/Simple.pm index c9fb157..4067555 100644 --- a/lib/Catalyst/Action/Deserialize/XML/Simple.pm +++ b/lib/Catalyst/Action/Deserialize/XML/Simple.pm @@ -6,7 +6,7 @@ use Scalar::Util qw(openhandle); extends 'Catalyst::Action'; -our $VERSION = '0.95'; +our $VERSION = '0.96'; $VERSION = eval $VERSION; sub execute { diff --git a/lib/Catalyst/Action/Deserialize/YAML.pm b/lib/Catalyst/Action/Deserialize/YAML.pm index cdce97b..7bb0b7a 100644 --- a/lib/Catalyst/Action/Deserialize/YAML.pm +++ b/lib/Catalyst/Action/Deserialize/YAML.pm @@ -7,7 +7,7 @@ use Scalar::Util qw(openhandle); extends 'Catalyst::Action'; use YAML::Syck; -our $VERSION = '0.95'; +our $VERSION = '0.96'; $VERSION = eval $VERSION; sub execute { diff --git a/lib/Catalyst/Action/DeserializeMultiPart.pm b/lib/Catalyst/Action/DeserializeMultiPart.pm index f5c5cae..138095c 100644 --- a/lib/Catalyst/Action/DeserializeMultiPart.pm +++ b/lib/Catalyst/Action/DeserializeMultiPart.pm @@ -6,7 +6,7 @@ use namespace::autoclean; extends 'Catalyst::Action::Deserialize'; use HTTP::Body; -our $VERSION = '0.95'; +our $VERSION = '0.96'; $VERSION = eval $VERSION; our $NO_HTTP_BODY_TYPES_INITIALIZATION; diff --git a/lib/Catalyst/Action/REST.pm b/lib/Catalyst/Action/REST.pm index 8568799..b6bf2af 100644 --- a/lib/Catalyst/Action/REST.pm +++ b/lib/Catalyst/Action/REST.pm @@ -10,7 +10,7 @@ use Catalyst::Controller::REST; BEGIN { require 5.008001; } -our $VERSION = '0.95'; +our $VERSION = '0.96'; $VERSION = eval $VERSION; sub BUILDARGS { @@ -226,6 +226,10 @@ J. Shirley Ejshirley@gmail.comE Gavin Henry Eghenry@surevoip.co.ukE +Gerv http://www.gerv.net/ + +Colin Newell + =head1 COPYRIGHT Copyright (c) 2006-2012 the above named AUTHOR and CONTRIBUTORS diff --git a/lib/Catalyst/Action/REST/ForBrowsers.pm b/lib/Catalyst/Action/REST/ForBrowsers.pm index c17b162..b967167 100644 --- a/lib/Catalyst/Action/REST/ForBrowsers.pm +++ b/lib/Catalyst/Action/REST/ForBrowsers.pm @@ -3,7 +3,7 @@ package Catalyst::Action::REST::ForBrowsers; use Moose; use namespace::autoclean; -our $VERSION = '0.95'; +our $VERSION = '0.96'; $VERSION = eval $VERSION; extends 'Catalyst::Action::REST'; diff --git a/lib/Catalyst/Action/Serialize.pm b/lib/Catalyst/Action/Serialize.pm index fd90d7c..74700ea 100644 --- a/lib/Catalyst/Action/Serialize.pm +++ b/lib/Catalyst/Action/Serialize.pm @@ -7,7 +7,7 @@ extends 'Catalyst::Action::SerializeBase'; use Module::Pluggable::Object; use MRO::Compat; -our $VERSION = '0.95'; +our $VERSION = '0.96'; $VERSION = eval $VERSION; has _encoders => ( diff --git a/lib/Catalyst/Action/Serialize/Callback.pm b/lib/Catalyst/Action/Serialize/Callback.pm index e85ce7c..6f96aa8 100644 --- a/lib/Catalyst/Action/Serialize/Callback.pm +++ b/lib/Catalyst/Action/Serialize/Callback.pm @@ -5,7 +5,7 @@ use namespace::autoclean; extends 'Catalyst::Action'; -our $VERSION = '0.95'; +our $VERSION = '0.96'; $VERSION = eval $VERSION; sub execute { diff --git a/lib/Catalyst/Action/Serialize/Data/Serializer.pm b/lib/Catalyst/Action/Serialize/Data/Serializer.pm index 49740a8..8e08aa3 100644 --- a/lib/Catalyst/Action/Serialize/Data/Serializer.pm +++ b/lib/Catalyst/Action/Serialize/Data/Serializer.pm @@ -6,7 +6,7 @@ use namespace::autoclean; extends 'Catalyst::Action'; use Data::Serializer; -our $VERSION = '0.95'; +our $VERSION = '0.96'; $VERSION = eval $VERSION; sub execute { diff --git a/lib/Catalyst/Action/Serialize/JSON.pm b/lib/Catalyst/Action/Serialize/JSON.pm index c55985f..9f4cf44 100644 --- a/lib/Catalyst/Action/Serialize/JSON.pm +++ b/lib/Catalyst/Action/Serialize/JSON.pm @@ -6,7 +6,7 @@ use namespace::autoclean; extends 'Catalyst::Action'; use JSON (); -our $VERSION = '0.95'; +our $VERSION = '0.96'; $VERSION = eval $VERSION; has encoder => ( diff --git a/lib/Catalyst/Action/Serialize/JSON/XS.pm b/lib/Catalyst/Action/Serialize/JSON/XS.pm index 5f57310..28866a7 100644 --- a/lib/Catalyst/Action/Serialize/JSON/XS.pm +++ b/lib/Catalyst/Action/Serialize/JSON/XS.pm @@ -6,7 +6,7 @@ use namespace::autoclean; extends 'Catalyst::Action::Serialize::JSON'; use JSON::XS (); -our $VERSION = '0.95'; +our $VERSION = '0.96'; $VERSION = eval $VERSION; sub _build_encoder { diff --git a/lib/Catalyst/Action/Serialize/JSONP.pm b/lib/Catalyst/Action/Serialize/JSONP.pm index 67ac584..4f1172c 100644 --- a/lib/Catalyst/Action/Serialize/JSONP.pm +++ b/lib/Catalyst/Action/Serialize/JSONP.pm @@ -4,7 +4,7 @@ use namespace::autoclean; extends 'Catalyst::Action::Serialize::JSON'; -our $VERSION = '0.95'; +our $VERSION = '0.96'; $VERSION = eval $VERSION; after 'execute' => sub { diff --git a/lib/Catalyst/Action/Serialize/View.pm b/lib/Catalyst/Action/Serialize/View.pm index 1a25f58..6f90003 100644 --- a/lib/Catalyst/Action/Serialize/View.pm +++ b/lib/Catalyst/Action/Serialize/View.pm @@ -4,7 +4,7 @@ use namespace::autoclean; extends 'Catalyst::Action'; -our $VERSION = '0.95'; +our $VERSION = '0.96'; $VERSION = eval $VERSION; sub execute { diff --git a/lib/Catalyst/Action/Serialize/XML/Simple.pm b/lib/Catalyst/Action/Serialize/XML/Simple.pm index 0126bb0..72ce025 100644 --- a/lib/Catalyst/Action/Serialize/XML/Simple.pm +++ b/lib/Catalyst/Action/Serialize/XML/Simple.pm @@ -5,7 +5,7 @@ use namespace::autoclean; extends 'Catalyst::Action'; -our $VERSION = '0.95'; +our $VERSION = '0.96'; $VERSION = eval $VERSION; sub execute { diff --git a/lib/Catalyst/Action/Serialize/YAML.pm b/lib/Catalyst/Action/Serialize/YAML.pm index 531e178..54dd4e3 100644 --- a/lib/Catalyst/Action/Serialize/YAML.pm +++ b/lib/Catalyst/Action/Serialize/YAML.pm @@ -6,7 +6,7 @@ use namespace::autoclean; extends 'Catalyst::Action'; use YAML::Syck; -our $VERSION = '0.95'; +our $VERSION = '0.96'; $VERSION = eval $VERSION; sub execute { diff --git a/lib/Catalyst/Action/Serialize/YAML/HTML.pm b/lib/Catalyst/Action/Serialize/YAML/HTML.pm index 717108d..cf48b4b 100644 --- a/lib/Catalyst/Action/Serialize/YAML/HTML.pm +++ b/lib/Catalyst/Action/Serialize/YAML/HTML.pm @@ -7,7 +7,7 @@ extends 'Catalyst::Action'; use YAML::Syck; use URI::Find; -our $VERSION = '0.95'; +our $VERSION = '0.96'; $VERSION = eval $VERSION; sub execute { @@ -23,7 +23,7 @@ sub execute { my $output = ""; $output .= "" . $app . ""; $output .= "
";
-    my $text = Dump($c->stash->{$stash_key});
+    my $text = HTML::Entities::encode(Dump($c->stash->{$stash_key}));
     # Straight from URI::Find
     my $finder = URI::Find->new(
                               sub {
diff --git a/lib/Catalyst/Action/SerializeBase.pm b/lib/Catalyst/Action/SerializeBase.pm
index aeb186a..8ba1100 100644
--- a/lib/Catalyst/Action/SerializeBase.pm
+++ b/lib/Catalyst/Action/SerializeBase.pm
@@ -8,7 +8,7 @@ use Module::Pluggable::Object;
 use Catalyst::Request::REST;
 use Catalyst::Utils ();
 
-our $VERSION = '0.95';
+our $VERSION = '0.96';
 $VERSION = eval $VERSION;
 
 after BUILDARGS => sub {
diff --git a/lib/Catalyst/Controller/REST.pm b/lib/Catalyst/Controller/REST.pm
index f10cf57..bc480f0 100644
--- a/lib/Catalyst/Controller/REST.pm
+++ b/lib/Catalyst/Controller/REST.pm
@@ -2,7 +2,7 @@ package Catalyst::Controller::REST;
 use Moose;
 use namespace::autoclean;
 
-our $VERSION = '0.95';
+our $VERSION = '0.96';
 $VERSION = eval $VERSION;
 
 =head1 NAME
diff --git a/lib/Catalyst/Request/REST.pm b/lib/Catalyst/Request/REST.pm
index 26a8b4a..3860860 100644
--- a/lib/Catalyst/Request/REST.pm
+++ b/lib/Catalyst/Request/REST.pm
@@ -7,7 +7,7 @@ use namespace::autoclean;
 extends 'Catalyst::Request';
 with 'Catalyst::TraitFor::Request::REST';
 
-our $VERSION = '0.95';
+our $VERSION = '0.96';
 $VERSION = eval $VERSION;
 
 # Please don't take this as a recommended way to do things.
diff --git a/lib/Catalyst/Request/REST/ForBrowsers.pm b/lib/Catalyst/Request/REST/ForBrowsers.pm
index 5a08fd1..49d5904 100644
--- a/lib/Catalyst/Request/REST/ForBrowsers.pm
+++ b/lib/Catalyst/Request/REST/ForBrowsers.pm
@@ -3,7 +3,7 @@ use Moose;
 
 use namespace::autoclean;
 
-our $VERSION = '0.95';
+our $VERSION = '0.96';
 $VERSION = eval $VERSION;
 
 extends 'Catalyst::Request::REST';
diff --git a/lib/Catalyst/TraitFor/Request/REST.pm b/lib/Catalyst/TraitFor/Request/REST.pm
index c4bcec0..43bb624 100644
--- a/lib/Catalyst/TraitFor/Request/REST.pm
+++ b/lib/Catalyst/TraitFor/Request/REST.pm
@@ -3,7 +3,7 @@ use Moose::Role;
 use HTTP::Headers::Util qw(split_header_words);
 use namespace::autoclean;
 
-our $VERSION = '0.95';
+our $VERSION = '0.96';
 $VERSION = eval $VERSION;
 
 has [qw/ data accept_only /] => ( is => 'rw' );
diff --git a/lib/Catalyst/TraitFor/Request/REST/ForBrowsers.pm b/lib/Catalyst/TraitFor/Request/REST/ForBrowsers.pm
index 0d5118c..da9238b 100644
--- a/lib/Catalyst/TraitFor/Request/REST/ForBrowsers.pm
+++ b/lib/Catalyst/TraitFor/Request/REST/ForBrowsers.pm
@@ -4,7 +4,7 @@ use namespace::autoclean;
 
 with 'Catalyst::TraitFor::Request::REST';
 
-our $VERSION = '0.95';
+our $VERSION = '0.96';
 $VERSION = eval $VERSION;
 
 has _determined_real_method => (
diff --git a/t/lib/Test/Serialize/Controller/REST.pm b/t/lib/Test/Serialize/Controller/REST.pm
index fa1cac2..8c1d5f2 100644
--- a/t/lib/Test/Serialize/Controller/REST.pm
+++ b/t/lib/Test/Serialize/Controller/REST.pm
@@ -55,4 +55,10 @@ sub monkey_get : Local : ActionClass('Serialize') {
     $c->stash->{'rest'} = { monkey => 'likes chicken!', };
 }
 
+sub xss_get : Local : ActionClass('Serialize') {
+    my ( $self, $c ) = @_;
+    $c->stash->{'rest'} = { monkey => 'likes chicken > sushi!', };
+}
+
+
 1;
diff --git a/t/yaml-html.t b/t/yaml-html.t
index a77f085..bf9bf10 100644
--- a/t/yaml-html.t
+++ b/t/yaml-html.t
@@ -28,6 +28,14 @@ SKIP: {
       request( $t->post( url => '/monkey_put', data => Dump($post_data) ) );
     ok( $mres_post->is_error, "POST to the monkey failed; no deserializer." );
 
+    # xss test - RT 63537
+    my $xss_template =
+"Test::Serialize
--- \nmonkey: likes chicken > sushi!\n
";
+    my $xres = request( $t->get( url => '/xss_get' ) );
+    ok( $xres->is_success, 'GET the xss succeeded' );
+    is( $xres->content, $xss_template, "GET returned the right data" );
+
+
 }
 1;