7 éve · 154c058729
--- a/.env.example
+++ b/.env.example
@@ -195,10 +195,6 @@ FARADAY_HTTP_BACKEND=typhoeus
 
				 # by Agents that allow overriding the User-Agent header value.
			
 
				 DEFAULT_HTTP_USER_AGENT="Huginn - https://github.com/cantino/huginn"
			
 
				 
			
 
				-# Allow JSONPath eval expresions. i.e., $..price[?(@ < 20)]
			
 
				-# You should not allow this on a shared Huginn box because it is not secure.
			
 
				-ALLOW_JSONPATH_EVAL=false
			
 
				-
			
 
				 # Enable this setting to allow insecure Agents like the ShellCommandAgent.  Only do this
			
 
				 # when you trust everyone using your Huginn installation.
			
 
				 ENABLE_INSECURE_AGENTS=false
			
--- a/Gemfile
+++ b/Gemfile
@@ -108,7 +108,7 @@ gem 'httmultiparty', '~> 0.3.16'
 
				 gem 'jquery-rails', '~> 4.2.1'
			
 
				 gem 'huginn_agent', '~> 0.4.0'
			
 
				 gem 'json', '~> 1.8.1'
			
 
				-gem 'jsonpath', '~> 0.7.2'
			
 
				+gem 'jsonpath', '~> 0.8.3'
			
 
				 gem 'kaminari', github: "amatsuda/kaminari", branch: '0-17-stable', ref: 'abbf93d557208ee1d0b612c612cd079f86ed54f4'
			
 
				 gem 'kramdown', '~> 1.3.3'
			
 
				 gem 'liquid', '~> 4.0'
			
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -324,7 +324,7 @@ GEM
 
				       railties (>= 4.2.0)
			
 
				       thor (>= 0.14, < 2.0)
			
 
				     json (1.8.6)
			
 
				-    jsonpath (0.7.2)
			
 
				+    jsonpath (0.8.3)
			
 
				       multi_json
			
 
				     jwt (1.4.1)
			
 
				     kgio (2.10.0)
			
@@ -659,7 +659,7 @@ DEPENDENCIES
 
				   hypdf (~> 1.0.10)
			
 
				   jquery-rails (~> 4.2.1)
			
 
				   json (~> 1.8.1)
			
 
				-  jsonpath (~> 0.7.2)
			
 
				+  jsonpath (~> 0.8.3)
			
 
				   kaminari!
			
 
				   kramdown (~> 1.3.3)
			
 
				   letter_opener_web (~> 1.3.1)
			
--- a/lib/utils.rb
+++ b/lib/utils.rb
@@ -87,7 +87,7 @@ module Utils
 
				       escape = false
			
 
				     end
			
 
				 
			
 
				-    result = JsonPath.new(path, :allow_eval => ENV['ALLOW_JSONPATH_EVAL'] == "true").on(data.is_a?(String) ? data : data.to_json)
			
 
				+    result = JsonPath.new(path).on(data.is_a?(String) ? data : data.to_json)
			
 
				     if escape
			
 
				       result.map {|r| CGI::escape r }
			
 
				     else
			
--- a/spec/lib/utils_spec.rb
+++ b/spec/lib/utils_spec.rb
@@ -68,17 +68,12 @@ describe Utils do
 
				     it "returns the value at a JSON path" do
			
 
				       expect(Utils.value_at({ :foo => { :bar => :baz }}.to_json, "foo.bar")).to eq("baz")
			
 
				       expect(Utils.value_at({ :foo => { :bar => { :bing => 2 } }}, "foo.bar.bing")).to eq(2)
			
 
				+      expect(Utils.value_at({ :foo => { :bar => { :bing => 2 } }}, "foo.bar[?(@.bing == 2)].bing")).to eq(2)
			
 
				     end
			
 
				 
			
 
				     it "returns nil when the path cannot be followed" do
			
 
				       expect(Utils.value_at({ :foo => { :bar => :baz }}, "foo.bing")).to be_nil
			
 
				     end
			
 
				-
			
 
				-    it "does not eval" do
			
 
				-      expect {
			
 
				-        Utils.value_at({ :foo => 2 }, "foo[?(@ > 1)]")
			
 
				-      }.to raise_error(RuntimeError, /Cannot use .*? eval/)
			
 
				-    end
			
 
				   end
			
 
				 
			
 
				   describe "#values_at" do