RubyGems - camaleon_cms - Versions diffs - 2.2.1 → 2.3.0 - Mend

camaleon_cms 2.2.1 → 2.3.0

Potentially problematic release.

This version of camaleon_cms might be problematic. Click here for more details.

Files changed (139) hide show

data/app/controllers/camaleon_cms/admin/categories_controller.rb CHANGED Viewed

@@ -1,11 +1,3 @@
-=begin
-  Camaleon CMS is a content management system
-  Copyright (C) 2015 by Owen Peredo Diaz
-  Email: owenperedo@gmail.com
-  This program is free software: you can redistribute it and/or modify   it under the terms of the GNU Affero General Public License as  published by the Free Software Foundation, either version 3 of the  License, or (at your option) any later version.
-  This program is distributed in the hope that it will be useful,  but WITHOUT ANY WARRANTY; without even the implied warranty of  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
-  See the  GNU Affero General Public License (GPLv3) for more details.
-=end
 class CamaleonCms::Admin::CategoriesController < CamaleonCms::AdminController
   add_breadcrumb I18n.t("camaleon_cms.admin.sidebar.contents")
   before_action :set_post_type
@@ -25,7 +17,7 @@ class CamaleonCms::Admin::CategoriesController < CamaleonCms::AdminController
   end
   def update
-    if @category.update(params[:category])
+    if @category.update(params.require(:category).permit!)
       @category.set_options(params[:meta])
       @category.set_field_values(params[:field_options])
       flash[:notice] = t('camaleon_cms.admin.post_type.message.updated')
@@ -36,8 +28,7 @@ class CamaleonCms::Admin::CategoriesController < CamaleonCms::AdminController
   end
   def create
-    data_term = params[:category]
-    @category = @post_type.categories.new(data_term)
+    @category = @post_type.categories.new(params.require(:category).permit!)
     if @category.save
       @category.set_options(params[:meta])
       @category.set_field_values(params[:field_options])
@@ -55,7 +46,6 @@ class CamaleonCms::Admin::CategoriesController < CamaleonCms::AdminController
   def destroy
     flash[:notice] = t('camaleon_cms.admin.post_type.message.deleted') if @category.destroy
     redirect_to action: :index
   end

data/app/controllers/camaleon_cms/admin/comments_controller.rb CHANGED Viewed

@@ -1,11 +1,3 @@
-=begin
-  Camaleon CMS is a content management system
-  Copyright (C) 2015 by Owen Peredo Diaz
-  Email: owenperedo@gmail.com
-  This program is free software: you can redistribute it and/or modify   it under the terms of the GNU Affero General Public License as  published by the Free Software Foundation, either version 3 of the  License, or (at your option) any later version.
-  This program is distributed in the hope that it will be useful,  but WITHOUT ANY WARRANTY; without even the implied warranty of  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
-  See the  GNU Affero General Public License (GPLv3) for more details.
-=end
 class CamaleonCms::Admin::CommentsController < CamaleonCms::AdminController
   include CamaleonCms::CommentHelper
   add_breadcrumb I18n.t("camaleon_cms.admin.sidebar.comments"), :cama_admin_comments_url

data/app/controllers/camaleon_cms/admin/installers_controller.rb CHANGED Viewed

@@ -1,11 +1,3 @@
-=begin
-  Camaleon CMS is a content management system
-  Copyright (C) 2015 by Owen Peredo Diaz
-  Email: owenperedo@gmail.com
-  This program is free software: you can redistribute it and/or modify   it under the terms of the GNU Affero General Public License as  published by the Free Software Foundation, either version 3 of the  License, or (at your option) any later version.
-  This program is distributed in the hope that it will be useful,  but WITHOUT ANY WARRANTY; without even the implied warranty of  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
-  See the  GNU Affero General Public License (GPLv3) for more details.
-=end
 class CamaleonCms::Admin::InstallersController < CamaleonCms::CamaleonController
   skip_before_action :cama_site_check_existence
   skip_before_action :cama_before_actions
@@ -37,4 +29,4 @@ class CamaleonCms::Admin::InstallersController < CamaleonCms::CamaleonController
   def installer_verification
     redirect_to cama_root_url unless CamaleonCms::Site.count == 0
   end
-end
+end

data/app/controllers/camaleon_cms/admin/media_controller.rb CHANGED Viewed

@@ -1,14 +1,6 @@
-=begin
-  Camaleon CMS is a content management system
-  Copyright (C) 2015 by Owen Peredo Diaz
-  Email: owenperedo@gmail.com
-  This program is free software: you can redistribute it and/or modify   it under the terms of the GNU Affero General Public License as  published by the Free Software Foundation, either version 3 of the  License, or (at your option) any later version.
-  This program is distributed in the hope that it will be useful,  but WITHOUT ANY WARRANTY; without even the implied warranty of  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
-  See the  GNU Affero General Public License (GPLv3) for more details.
-=end
 class CamaleonCms::Admin::MediaController < CamaleonCms::AdminController
-  skip_before_filter :admin_logged_actions, except: [:index, :download_private_file]
-  skip_before_filter :verify_authenticity_token, only: :upload
+  skip_before_action :admin_logged_actions, except: [:index, :download_private_file], raise: false
+  skip_before_action :verify_authenticity_token, only: :upload, raise: false
   before_action :init_media_vars, except: :download_private_file
   # render media section

data/app/controllers/camaleon_cms/admin/plugins_controller.rb CHANGED Viewed

@@ -1,11 +1,3 @@
-=begin
-  Camaleon CMS is a content management system
-  Copyright (C) 2015 by Owen Peredo Diaz
-  Email: owenperedo@gmail.com
-  This program is free software: you can redistribute it and/or modify   it under the terms of the GNU Affero General Public License as  published by the Free Software Foundation, either version 3 of the  License, or (at your option) any later version.
-  This program is distributed in the hope that it will be useful,  but WITHOUT ANY WARRANTY; without even the implied warranty of  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
-  See the  GNU Affero General Public License (GPLv3) for more details.
-=end
 class CamaleonCms::Admin::PluginsController < CamaleonCms::AdminController
   before_action :validate_role
   add_breadcrumb I18n.t("camaleon_cms.admin.sidebar.plugins")

data/app/controllers/camaleon_cms/admin/post_tags_controller.rb CHANGED Viewed

@@ -1,11 +1,3 @@
-=begin
-  Camaleon CMS is a content management system
-  Copyright (C) 2015 by Owen Peredo Diaz
-  Email: owenperedo@gmail.com
-  This program is free software: you can redistribute it and/or modify   it under the terms of the GNU Affero General Public License as  published by the Free Software Foundation, either version 3 of the  License, or (at your option) any later version.
-  This program is distributed in the hope that it will be useful,  but WITHOUT ANY WARRANTY; without even the implied warranty of  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
-  See the  GNU Affero General Public License (GPLv3) for more details.
-=end
 class CamaleonCms::Admin::PostTagsController < CamaleonCms::AdminController
   add_breadcrumb I18n.t("camaleon_cms.admin.sidebar.contents")
   before_action :set_post_type
@@ -13,7 +5,6 @@ class CamaleonCms::Admin::PostTagsController < CamaleonCms::AdminController
   def index
     @post_tags = @post_type.post_tags
     @post_tags = @post_tags.paginate(:page => params[:page], :per_page => current_site.admin_per_page)
   end
@@ -28,7 +19,7 @@ class CamaleonCms::Admin::PostTagsController < CamaleonCms::AdminController
   # save changes of a post tag
   def update
-    if @post_tag.update(params[:post_tag])
+    if @post_tag.update(params.require(:post_tag).permit!)
       @post_tag.set_options(params[:meta]) if params[:meta].present?
       @post_tag.set_field_values(params[:field_options])
       flash[:notice] = t('camaleon_cms.admin.post_type.message.updated')
@@ -40,8 +31,7 @@ class CamaleonCms::Admin::PostTagsController < CamaleonCms::AdminController
   # render post tag create form
   def create
-    data_term = params[:post_tag]
-    @post_tag = @post_type.post_tags.new(data_term)
+    @post_tag = @post_type.post_tags.new(params.require(:post_tag).permit!)
     if @post_tag.save
       @post_tag.set_options(params[:meta]) if params[:meta].present?
       @post_tag.set_field_values(params[:field_options])

data/app/controllers/camaleon_cms/admin/posts/drafts_controller.rb CHANGED Viewed

@@ -1,11 +1,3 @@
-=begin
-  Camaleon CMS is a content management system
-  Copyright (C) 2015 by Owen Peredo Diaz
-  Email: owenperedo@gmail.com
-  This program is free software: you can redistribute it and/or modify   it under the terms of the GNU Affero General Public License as  published by the Free Software Foundation, either version 3 of the  License, or (at your option) any later version.
-  This program is distributed in the hope that it will be useful,  but WITHOUT ANY WARRANTY; without even the implied warranty of  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
-  See the  GNU Affero General Public License (GPLv3) for more details.
-=end
 class CamaleonCms::Admin::Posts::DraftsController < CamaleonCms::Admin::PostsController
   before_action :set_post_data_params, only: [:create, :update]
@@ -39,7 +31,7 @@ class CamaleonCms::Admin::Posts::DraftsController < CamaleonCms::Admin::PostsCon
     @post_draft.attributes = @post_data
     r = {post: @post_draft, post_type: @post_type}; hooks_run("update_post", r)
     if @post_draft.save(validate: false)
-      @post_draft.set_params(params[:meta], params[:field_options], @post_data[:keywords])
+      @post_draft.set_params(params[:meta], params[:field_options], params[:options])
       hooks_run("updated_post_draft", {post: @post_draft, post_type: ""})
       msg = {draft: {id: @post_draft.id}}
     else
@@ -53,7 +45,7 @@ class CamaleonCms::Admin::Posts::DraftsController < CamaleonCms::Admin::PostsCon
   private
   def set_post_data_params
-    post_data = params[:post]
+    post_data = params.require(:post).permit!
     post_data[:status] = 'draft'
     post_data[:post_parent] = params[:post_id]
     post_data[:user_id] = cama_current_user.id unless post_data[:user_id].present?

data/app/controllers/camaleon_cms/admin/posts_controller.rb CHANGED Viewed

@@ -1,17 +1,9 @@
-=begin
-  Camaleon CMS is a content management system
-  Copyright (C) 2015 by Owen Peredo Diaz
-  Email: owenperedo@gmail.com
-  This program is free software: you can redistribute it and/or modify   it under the terms of the GNU Affero General Public License as  published by the Free Software Foundation, either version 3 of the  License, or (at your option) any later version.
-  This program is distributed in the hope that it will be useful,  but WITHOUT ANY WARRANTY; without even the implied warranty of  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
-  See the  GNU Affero General Public License (GPLv3) for more details.
-=end
 class CamaleonCms::Admin::PostsController < CamaleonCms::AdminController
   add_breadcrumb I18n.t("camaleon_cms.admin.sidebar.contents")
   before_action :set_post_type, :except => [:ajax]
   before_action :set_post, only: ['show','edit','update','destroy']
-  skip_before_filter :admin_logged_actions, only: [:trash, :restore, :destroy, :ajax]
-  skip_before_filter :verify_authenticity_token, only: [:ajax]
+  skip_before_action :admin_logged_actions, only: [:trash, :restore, :destroy, :ajax], raise: false
+  skip_before_action :verify_authenticity_token, only: [:ajax], raise: false
   def index
     authorize! :posts, @post_type
@@ -74,13 +66,13 @@ class CamaleonCms::Admin::PostsController < CamaleonCms::AdminController
     authorize! :create_post, @post_type
     post_data = get_post_data(true)
     CamaleonCms::Post.drafts.find(post_data[:draft_id]).destroy rescue nil
-    @post = @post_type.posts.create(post_data)
+    @post = @post_type.posts.new(post_data)
     r = {post: @post, post_type: @post_type}; hooks_run("create_post", r)
     @post = r[:post]
-    if @post.valid?
+    if @post.save
       @post.set_metas(params[:meta])
       @post.set_field_values(params[:field_options])
-      @post.set_option("keywords", post_data[:keywords])
+      @post.set_options(params[:options])
       flash[:notice] = t('camaleon_cms.admin.post.message.created', post_type: @post_type.decorate.the_title)
       r = {post: @post, post_type: @post_type}; hooks_run("created_post", r)
       redirect_to action: :edit, id: @post.id
@@ -108,7 +100,7 @@ class CamaleonCms::Admin::PostsController < CamaleonCms::AdminController
     if @post.update(post_data)
       @post.set_metas(params[:meta])
       @post.set_field_values(params[:field_options])
-      @post.set_option("keywords", post_data[:keywords])
+      @post.set_options(params[:options])
       hooks_run("updated_post", {post: @post, post_type: @post_type})
       flash[:notice] = t('camaleon_cms.admin.post.message.updated', post_type: @post_type.decorate.the_title)
       redirect_to action: :edit, id: @post.id
@@ -188,7 +180,7 @@ class CamaleonCms::Admin::PostsController < CamaleonCms::AdminController
   # return common params data for posts
   # is_create: indicate if this info is for create a new post
   def get_post_data(is_create = false)
-    post_data = params[:post]
+    post_data = params.require(:post).permit!
     post_data[:user_id] = cama_current_user.id if is_create
     post_data[:status] == 'pending' if post_data[:status] == 'published' && cannot?(:publish_post, @post_type)
     post_data[:data_tags] = params[:tags].to_s

data/app/controllers/camaleon_cms/admin/sessions_controller.rb CHANGED Viewed

@@ -1,13 +1,5 @@
-=begin
-  Camaleon CMS is a content management system
-  Copyright (C) 2015 by Owen Peredo Diaz
-  Email: owenperedo@gmail.com
-  This program is free software: you can redistribute it and/or modify   it under the terms of the GNU Affero General Public License as  published by the Free Software Foundation, either version 3 of the  License, or (at your option) any later version.
-  This program is distributed in the hope that it will be useful,  but WITHOUT ANY WARRANTY; without even the implied warranty of  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
-  See the  GNU Affero General Public License (GPLv3) for more details.
-=end
 class CamaleonCms::Admin::SessionsController < CamaleonCms::CamaleonController
-  skip_before_filter :cama_authenticate
+  skip_before_action :cama_authenticate, raise: false
   before_action :before_hook_session
   after_action :after_hook_session
   before_action :verificate_register_permission, only: [:register]
@@ -111,7 +103,7 @@ class CamaleonCms::Admin::SessionsController < CamaleonCms::CamaleonController
     if params[:user].present?
       params[:user][:role] = PluginRoutes.system_info["default_user_role"]
       params[:user][:is_valid_email] = false if current_site.need_validate_email?
-      user_data = params[:user]
+      user_data = params.require(:user).permit!
       result = cama_register_user(user_data, params[:meta])
       if result[:result] == false && result[:type] == :captcha_error
         @user.errors[:captcha] = t('camaleon_cms.admin.users.message.error_captcha')

data/app/controllers/camaleon_cms/admin/settings/custom_fields_controller.rb CHANGED Viewed

@@ -1,11 +1,3 @@
-=begin
-  Camaleon CMS is a content management system
-  Copyright (C) 2015 by Owen Peredo Diaz
-  Email: owenperedo@gmail.com
-  This program is free software: you can redistribute it and/or modify   it under the terms of the GNU Affero General Public License as  published by the Free Software Foundation, either version 3 of the  License, or (at your option) any later version.
-  This program is distributed in the hope that it will be useful,  but WITHOUT ANY WARRANTY; without even the implied warranty of  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
-  See the  GNU Affero General Public License (GPLv3) for more details.
-=end
 class CamaleonCms::Admin::Settings::CustomFieldsController < CamaleonCms::Admin::SettingsController
   add_breadcrumb I18n.t("camaleon_cms.admin.sidebar.custom_fields"), :cama_admin_settings_custom_fields_path
   before_action :set_custom_field_group, only: [:show,:edit,:update,:destroy]
@@ -74,8 +66,9 @@ class CamaleonCms::Admin::Settings::CustomFieldsController < CamaleonCms::Admin:
   private
   def set_post_data
-    @post_data = params[:custom_field_group]
-    @post_data[:object_class], @post_data[:objectid] = @post_data[:assign_group].split(',')
+    @post_data = params.require(:custom_field_group).permit!
+    @post_data[:object_class], @post_data[:objectid] = @post_data.delete(:assign_group).split(',')
+    @caption = @post_data.delete(:caption)
   end
   def set_custom_field_group
@@ -89,8 +82,8 @@ class CamaleonCms::Admin::Settings::CustomFieldsController < CamaleonCms::Admin:
   # return boolean: true if all fields were saved successfully
   def _save_fields(group)
-    errors_saved, all_fields = group.add_fields(params[:fields], params[:field_options])
-    group.set_option('caption', @post_data[:caption])
+    errors_saved, all_fields = group.add_fields(params.require(:fields).permit!, params.require(:field_options).permit!)
+    group.set_option('caption', @caption)
     if errors_saved.present?
       flash[:error] = "<b>#{t('camaleon_cms.errors_found_msg', default: 'Several errors were found, please check.')}</b><br>#{errors_saved.map{|field| "#{field.name}: " + "#{field.errors.messages.map{|k,v| "#{k.to_s.titleize}: #{v.join('|')}"}.join(', ')}" }.join('<br>')}"
     else

data/app/controllers/camaleon_cms/admin/settings/post_types_controller.rb CHANGED Viewed

@@ -1,11 +1,3 @@
-=begin
-  Camaleon CMS is a content management system
-  Copyright (C) 2015 by Owen Peredo Diaz
-  Email: owenperedo@gmail.com
-  This program is free software: you can redistribute it and/or modify   it under the terms of the GNU Affero General Public License as  published by the Free Software Foundation, either version 3 of the  License, or (at your option) any later version.
-  This program is distributed in the hope that it will be useful,  but WITHOUT ANY WARRANTY; without even the implied warranty of  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
-  See the  GNU Affero General Public License (GPLv3) for more details.
-=end
 class CamaleonCms::Admin::Settings::PostTypesController < CamaleonCms::Admin::SettingsController
   before_action :set_post_type, only: [:show,:edit,:update, :destroy]
   before_action :set_data_term, only: [:create, :update]
@@ -51,7 +43,7 @@ class CamaleonCms::Admin::Settings::PostTypesController < CamaleonCms::Admin::Se
   private
   def set_data_term
-    data_term = params[:post_type]
+    data_term = params.require(:post_type).permit!
     data_term[:data_options] = params[:meta]
     @data_term = data_term
   end

data/app/controllers/camaleon_cms/admin/settings/sites_controller.rb CHANGED Viewed

@@ -1,11 +1,3 @@
-=begin
-  Camaleon CMS is a content management system
-  Copyright (C) 2015 by Owen Peredo Diaz
-  Email: owenperedo@gmail.com
-  This program is free software: you can redistribute it and/or modify   it under the terms of the GNU Affero General Public License as  published by the Free Software Foundation, either version 3 of the  License, or (at your option) any later version.
-  This program is distributed in the hope that it will be useful,  but WITHOUT ANY WARRANTY; without even the implied warranty of  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
-  See the  GNU Affero General Public License (GPLv3) for more details.
-=end
 class CamaleonCms::Admin::Settings::SitesController < CamaleonCms::Admin::SettingsController
   before_action :set_site, only: [:show, :edit, :update, :destroy]
   before_action :check_shared_status
@@ -29,7 +21,7 @@ class CamaleonCms::Admin::Settings::SitesController < CamaleonCms::Admin::Settin
   def update
     tmp = @site.slug
-    if @site.update(params[:site])
+    if @site.update(params.require(:site).permit!)
       save_metas(@site)
       flash[:notice] = t('camaleon_cms.admin.sites.message.updated')
       if @site.id == Cama::Site.main_site.id && tmp != @site.slug
@@ -49,7 +41,7 @@ class CamaleonCms::Admin::Settings::SitesController < CamaleonCms::Admin::Settin
   end
   def create
-    site_data = params[:site]
+    site_data = params.require(:site).permit!
     @site = CamaleonCms::Site.new(site_data)
     if @site.save
       save_metas(@site)

data/app/controllers/camaleon_cms/admin/settings_controller.rb CHANGED Viewed

@@ -1,11 +1,3 @@
-=begin
-  Camaleon CMS is a content management system
-  Copyright (C) 2015 by Owen Peredo Diaz
-  Email: owenperedo@gmail.com
-  This program is free software: you can redistribute it and/or modify   it under the terms of the GNU Affero General Public License as  published by the Free Software Foundation, either version 3 of the  License, or (at your option) any later version.
-  This program is distributed in the hope that it will be useful,  but WITHOUT ANY WARRANTY; without even the implied warranty of  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
-  See the  GNU Affero General Public License (GPLv3) for more details.
-=end
 class CamaleonCms::Admin::SettingsController < CamaleonCms::AdminController
   before_action :validate_role, except: [:theme, :save_theme]
   before_action :validate_role_theme, only: [:theme, :save_theme]
@@ -23,7 +15,7 @@ class CamaleonCms::Admin::SettingsController < CamaleonCms::AdminController
   def site_saved
     @site = current_site
-    if @site.update(params[:site])
+    if @site.update(params.require(:site).permit!)
       @site.set_options(params[:meta]) if params[:meta].present?
       @site.set_multiple_options(params[:options])
       @site.set_field_values(params[:field_options])

data/app/controllers/camaleon_cms/admin/user_roles_controller.rb CHANGED Viewed

@@ -1,11 +1,3 @@
-=begin
-  Camaleon CMS is a content management system
-  Copyright (C) 2015 by Owen Peredo Diaz
-  Email: owenperedo@gmail.com
-  This program is free software: you can redistribute it and/or modify   it under the terms of the GNU Affero General Public License as  published by the Free Software Foundation, either version 3 of the  License, or (at your option) any later version.
-  This program is distributed in the hope that it will be useful,  but WITHOUT ANY WARRANTY; without even the implied warranty of  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
-  See the  GNU Affero General Public License (GPLv3) for more details.
-=end
 class CamaleonCms::Admin::UserRolesController < CamaleonCms::AdminController
   before_action :validate_role
   add_breadcrumb I18n.t("camaleon_cms.admin.sidebar.users"), :cama_admin_users_url
@@ -27,7 +19,7 @@ class CamaleonCms::Admin::UserRolesController < CamaleonCms::AdminController
   end
   def create
-    user_role_data = params[:user_role]
+    user_role_data = params.require(:user_role).permit!
     @user_role = current_site.user_roles.new(user_role_data)
     if @user_role.save
       @user_role.set_meta("_post_type_#{current_site.id.to_s}", defined?(params[:rol_values][:post_type]) ? params[:rol_values][:post_type] : {})
@@ -45,7 +37,7 @@ class CamaleonCms::Admin::UserRolesController < CamaleonCms::AdminController
   end
   def update
-    if @user_role.editable? && @user_role.update(params[:user_role])
+    if @user_role.editable? && @user_role.update(params.require(:user_role).permit!)
       @user_role.set_meta("_post_type_#{current_site.id.to_s}", defined?(params[:rol_values][:post_type]) ? params[:rol_values][:post_type] : {})
       @user_role.set_meta("_manager_#{current_site.id.to_s}", defined?(params[:rol_values][:post_type]) ? params[:rol_values][:manager] : {})
       flash[:notice] = t('camaleon_cms.admin.users.message.rol_updated')

data/app/controllers/camaleon_cms/admin/users_controller.rb CHANGED Viewed

@@ -1,11 +1,3 @@
-=begin
-  Camaleon CMS is a content management system
-  Copyright (C) 2015 by Owen Peredo Diaz
-  Email: owenperedo@gmail.com
-  This program is free software: you can redistribute it and/or modify   it under the terms of the GNU Affero General Public License as  published by the Free Software Foundation, either version 3 of the  License, or (at your option) any later version.
-  This program is distributed in the hope that it will be useful,  but WITHOUT ANY WARRANTY; without even the implied warranty of  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
-  See the  GNU Affero General Public License (GPLv3) for more details.
-=end
 class CamaleonCms::Admin::UsersController < CamaleonCms::AdminController
   before_action :validate_role, except: [:profile, :profile_edit]
   add_breadcrumb I18n.t("camaleon_cms.admin.sidebar.users"), :cama_admin_users_url
@@ -34,7 +26,7 @@ class CamaleonCms::Admin::UsersController < CamaleonCms::AdminController
   end
   def update
-    if @user.update(params[:user])
+    if @user.update(params.require(:user).permit!)
       @user.set_metas(params[:meta]) if params[:meta].present?
       @user.set_field_values(params[:field_options])
       r = {user: @user, message: t('camaleon_cms.admin.users.message.updated'), params: params}; hooks_run('user_after_edited', r)
@@ -52,7 +44,7 @@ class CamaleonCms::Admin::UsersController < CamaleonCms::AdminController
   # update som ajax requests from profile or user form
   def updated_ajax
     @user = current_site.users.find(params[:user_id])
-    render inline: @user.update(params[:password]) ? "" : @user.errors.full_messages.join(', ')
+    render inline: @user.update(params.require(:password).permit!) ? "" : @user.errors.full_messages.join(', ')
   end
   def edit
@@ -71,7 +63,7 @@ class CamaleonCms::Admin::UsersController < CamaleonCms::AdminController
   end
   def create
-    user_data = params[:user]
+    user_data = params.require(:user).permit!
     @user = current_site.users.new(user_data)
     if @user.save
       @user.set_metas(params[:meta]) if params[:meta].present?

data/app/controllers/camaleon_cms/admin_controller.rb CHANGED Viewed

@@ -1,11 +1,3 @@
-=begin
-  Camaleon CMS is a content management system
-  Copyright (C) 2015 by Owen Peredo Diaz
-  Email: owenperedo@gmail.com
-  This program is free software: you can redistribute it and/or modify   it under the terms of the GNU Affero General Public License as  published by the Free Software Foundation, either version 3 of the  License, or (at your option) any later version.
-  This program is distributed in the hope that it will be useful,  but WITHOUT ANY WARRANTY; without even the implied warranty of  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
-  See the  GNU Affero General Public License (GPLv3) for more details.
-=end
 class CamaleonCms::AdminController < CamaleonCms::CamaleonController
   rescue_from CanCan::AccessDenied do |exception|
     flash[:error] = "Error: #{exception.message}"

data/app/controllers/camaleon_cms/apps/plugins_admin_controller.rb CHANGED Viewed

@@ -1,11 +1,3 @@
-=begin
-  Camaleon CMS is a content management system
-  Copyright (C) 2015 by Owen Peredo Diaz
-  Email: owenperedo@gmail.com
-  This program is free software: you can redistribute it and/or modify   it under the terms of the GNU Affero General Public License as  published by the Free Software Foundation, either version 3 of the  License, or (at your option) any later version.
-  This program is distributed in the hope that it will be useful,  but WITHOUT ANY WARRANTY; without even the implied warranty of  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
-  See the  GNU Affero General Public License (GPLv3) for more details.
-=end
 class CamaleonCms::Apps::PluginsAdminController < CamaleonCms::AdminController
   before_action :init_plugin