You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@whimsical.apache.org by ru...@apache.org on 2018/04/06 02:20:19 UTC
[whimsy] branch master updated: switch back to erubis. untaint FTW!
This is an automated email from the ASF dual-hosted git repository.
rubys pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/whimsy.git
The following commit(s) were added to refs/heads/master by this push:
new 65f09d5 switch back to erubis. untaint FTW!
65f09d5 is described below
commit 65f09d5ec08a6b91b59ae110087a40d162bbcad2
Author: Sam Ruby <ru...@intertwingly.net>
AuthorDate: Thu Apr 5 22:20:00 2018 -0400
switch back to erubis. untaint FTW!
---
www/board/agenda/views/actions/post-data.json.rb | 8 +++-----
1 file changed, 3 insertions(+), 5 deletions(-)
diff --git a/www/board/agenda/views/actions/post-data.json.rb b/www/board/agenda/views/actions/post-data.json.rb
index 5a26826..2e32b9c 100644
--- a/www/board/agenda/views/actions/post-data.json.rb
+++ b/www/board/agenda/views/actions/post-data.json.rb
@@ -11,6 +11,7 @@ if $0 == __FILE__
Dir.chdir File.expand_path('../..', __dir__)
require './helpers/string'
require 'whimsy/asf'
+ require 'erubis'
require 'ostruct'
require 'pp'
$SAFE = 1
@@ -63,11 +64,8 @@ when 'change-chair'
@incoming_chair = ASF::Person[@chair]
return unless @outgoing_chair and @incoming_chair
- template = File.read('templates/change-chair.erb')
- draft = template.gsub /<%=\s*(.*?)\s*%>/ do
- var, method = $1.split('.')
- instance_variable_get(var).send(method)
- end
+ template = File.read('templates/change-chair.erb').untaint
+ draft = Erubis::Eruby.new(template).result(binding)
{draft: draft.reflow(0, 71)}
end
--
To stop receiving notification emails like this one, please contact
rubys@apache.org.