add a more restricted codepath for templates fixes #13390

2022-11-09 12:12:34 -05:00 · 2014-01-08 15:06:53 -08:00 · 2014-01-08 15:06:53 -08:00 · 2875b4a66e
commit 2875b4a66e
parent e4e750ba1a
2 changed files with 51 additions and 12 deletions
--- a/railties/lib/rails/generators/app_base.rb
+++ b/railties/lib/rails/generators/app_base.rb
@ -14,6 +14,7 @@ module Rails
      DATABASES.concat(JDBC_DATABASES)

      attr_accessor :rails_template
+      attr_accessor :app_template
      add_shebang_option!

      argument :app_path, type: :string
@ -26,6 +27,9 @@ module Rails
        class_option :template,           type: :string, aliases: '-m',
                                          desc: "Path to some #{name} template (can be a filesystem path or URL)"

+        class_option :app_template,       type: :string, aliases: '-n',
+                                          desc: "Path to some #{name} template (can be a filesystem path or URL)"
+
        class_option :skip_gemfile,       type: :boolean, default: false,
                                          desc: "Don't create a Gemfile"

@ -122,6 +126,10 @@ module Rails
        }.curry[@gem_filter]
      end

+      def remove_gem(name)
+        add_gem_entry_filter { |gem| gem.name != name }
+      end
+
      def builder
        @builder ||= begin
          builder_class = get_builder_class
@ -162,6 +170,10 @@ module Rails
          @target.send :add_gem_entry_filter, *args, &block
        end

+        def remove_gem(*args, &block)
+          @target.send :remove_gem, *args, &block
+        end
+
        def method_missing(name, *args, &block)
          @commands << [name, args, block]
        end
@ -180,7 +192,8 @@ module Rails
      def apply_rails_template
        @recorder = TemplateRecorder.new self

-        apply(rails_template, target: @recorder) if rails_template
+        apply(rails_template, target: self) if rails_template
+        apply(app_template, target: @recorder) if app_template
      rescue Thor::Error, LoadError, Errno::ENOENT => e
        raise Error, "The template [#{rails_template}] could not be loaded. Error: #{e}"
      end
@ -210,13 +223,18 @@ module Rails

      def set_default_accessors!
        self.destination_root = File.expand_path(app_path, destination_root)
-        self.rails_template = case options[:template]
-          when /^https?:\/\//
-            options[:template]
-          when String
-            File.expand_path(options[:template], Dir.pwd)
-          else
-            options[:template]
+        self.rails_template = expand_template options[:template]
+        self.app_template = expand_template options[:app_template]
+      end
+
+      def expand_template(name)
+        case name
+        when /^https?:\/\//
+          name
+        when String
+          File.expand_path(name, Dir.pwd)
+        else
+          name
        end
      end

--- a/railties/test/generators/app_generator_test.rb
+++ b/railties/test/generators/app_generator_test.rb
@ -163,12 +163,21 @@ class AppGeneratorTest < Rails::Generators::TestCase
    end
  end

+  def test_arbitrary_code
+    output = Tempfile.open('my_template') do |template|
+      template.puts 'puts "You are using Rails version #{Rails::VERSION::STRING}."'
+      template.close
+      run_generator([destination_root, "-m", template.path])
+    end
+    assert_match 'You are using', output
+  end
+
  def test_add_gemfile_entry
    Tempfile.open('my_template') do |template|
      template.puts 'gemfile_entry "tenderlove"'
      template.flush
      template.close
-      run_generator([destination_root, "-m", template.path])
+      run_generator([destination_root, "-n", template.path])
      assert_file "Gemfile", /tenderlove/
    end
  end
@ -176,9 +185,21 @@ class AppGeneratorTest < Rails::Generators::TestCase
  def test_add_skip_entry
    Tempfile.open 'my_template' do |template|
      template.puts 'add_gem_entry_filter { |gem| gem.name != "jbuilder" }'
-      template.flush
+      template.close

-      run_generator([destination_root, "-m", template.path])
+      run_generator([destination_root, "-n", template.path])
+      assert_file "Gemfile" do |contents|
+        assert_no_match 'jbuilder', contents
+      end
+    end
+  end
+
+  def test_remove_gem
+    Tempfile.open 'my_template' do |template|
+      template.puts 'remove_gem "jbuilder"'
+      template.close
+
+      run_generator([destination_root, "-n", template.path])
      assert_file "Gemfile" do |contents|
        assert_no_match 'jbuilder', contents
      end
@ -190,7 +211,7 @@ class AppGeneratorTest < Rails::Generators::TestCase
      template.puts 'add_gem_entry_filter { |gem| gem.name != "turbolinks" }'
      template.flush

-      run_generator([destination_root, "-m", template.path])
+      run_generator([destination_root, "-n", template.path])
      assert_file "Gemfile" do |contents|
        assert_no_match 'turbolinks', contents
      end