camaleon_cms 2.7.4 → 2.8.0

data/app/models/camaleon_cms/post_type.rb

@@ -101,7 +101,7 @@ module CamaleonCms
     # add a post for current model
     #   title: title for post,    => required
     #   content: html text content, => required
-    #   thumb: image url, => default (empty). check http://camaleon.tuzitio.com/api-methods.html#section_fileuploads
+    #   thumb: image url, => default (empty). check https://camaleon.website/api-methods.html#section_fileuploads
     #   categories: [1,3,4,5],    => default (empty)
     #   tags: String comma separated, => default (empty)
     #   slug: string key for post,    => default (empty)
@@ -111,7 +111,7 @@ module CamaleonCms
     #   settings: Hash of post settings, sample => settings:
     #     {has_content: false, has_summary: true, default_layout: 'my_layout', default_template: 'my_template' } (optional, see more in post.set_setting(...))
     #   data_metas: {template: "", layout: ""}
-    # sample: my_posttype.add_post(title: "My Title", post_order: 5, content: 'lorem_ipsum', settings: {default_template: "home/counters", has_content: false, has_seo: false, skip_fields: ["sub_tite", 'banner']}, fields: {pattern: true, bg: 'http://www.reallusion.com/de/images/3dx5/whatsnew/3dx5_features_banner_bg_02.jpg'})
+    # sample: my_posttype.add_post(title: "My Title", post_order: 5, content: 'lorem_ipsum', settings: {default_template: "home/counters", has_content: false, has_seo: false, skip_fields: ["sub_tite", 'banner']}, fields: {pattern: true, bg: 'https://www.reallusion.com/de/images/3dx5/whatsnew/3dx5_features_banner_bg_02.jpg'})
     #   More samples here: https://gist.github.com/owen2345/eba9691585ed78ad6f7b52e9591357bf
     # return created post if it was created, else return errors
     def add_post(args)
@@ -139,12 +139,12 @@ module CamaleonCms
     # return all available route formats of this post type for content posts
     def contents_route_formats
       {
-        'post_of_post_type' => '<code>/group/:post_type_id-:title/:slug</code><br>  (Sample: http://localhost.com/group/17-services/myservice.html)',
-        'post_of_category' => '<code>/category/:category_id-:title/:slug</code><br>  (Sample: http://localhost.com/category/17-services/myservice.html)',
-        'post_of_category_post_type' => '<code>/:post_type_title/category/:category_id-:title/:slug</code><br>  (Sample: http://localhost.com/services/category/17-services/myservice.html)',
-        'post_of_posttype' => '<code>/:post_type_title/:slug</code><br>  (Sample: http://localhost.com/services/myservice.html)',
-        'post' => '<code>/:slug</code><br>  (Sample: http://localhost.com/myservice.html)',
-        'hierarchy_post' => '<code>/:parent1_slug/:parent2_slug/.../:slug</code><br>  (Sample: http://localhost.com/item-1/item-1-1/item-111.html)'
+        'post_of_post_type' => '<code>/group/:post_type_id-:title/:slug</code><br>  (Sample: https://localhost.com/group/17-services/myservice.html)',
+        'post_of_category' => '<code>/category/:category_id-:title/:slug</code><br>  (Sample: https://localhost.com/category/17-services/myservice.html)',
+        'post_of_category_post_type' => '<code>/:post_type_title/category/:category_id-:title/:slug</code><br>  (Sample: https://localhost.com/services/category/17-services/myservice.html)',
+        'post_of_posttype' => '<code>/:post_type_title/:slug</code><br>  (Sample: https://localhost.com/services/myservice.html)',
+        'post' => '<code>/:slug</code><br>  (Sample: https://localhost.com/myservice.html)',
+        'hierarchy_post' => '<code>/:parent1_slug/:parent2_slug/.../:slug</code><br>  (Sample: https://localhost.com/item-1/item-1-1/item-111.html)'
       }
     end
 

data/app/models/camaleon_cms/site.rb

@@ -91,7 +91,7 @@ module CamaleonCms
     # return theme model with slug theme_slug for this site
     # theme_slug: (optional) if it is null, this will return current theme for this site
     def get_theme(theme_slug = nil)
-      themes.where(slug: (theme_slug || get_theme_slug), status: nil).first_or_create!
+      themes.where(slug: theme_slug || get_theme_slug, status: nil).first_or_create!
     end
 
     # return plugin model with slug plugin_slug

data/app/models/camaleon_cms/term_taxonomy.rb

@@ -16,6 +16,19 @@ module CamaleonCms
     # attr_accessible :data_options
     # attr_accessible :data_metas
 
+    # TODO: Remove the 1st branch when support will be dropped of Rails < 7.1
+    if ::Rails::VERSION::STRING < '7.1.0'
+      before_validation(on: %i[create update]) do
+        %i[name description].each do |attr|
+          next unless new_record? || attribute_changed?(attr)
+
+          self[attr] = ActionController::Base.helpers.sanitize(__send__(attr))
+        end
+      end
+    else
+      normalizes :name, :description, with: ->(field) { ActionController::Base.helpers.sanitize(field) }
+    end
+
     # callbacks
     before_validation :before_validating
     before_destroy :destroy_dependencies

data/app/models/concerns/camaleon_cms/custom_fields_read.rb

@@ -3,18 +3,6 @@ module CamaleonCms
     extend ActiveSupport::Concern
     included do
       before_destroy :_destroy_custom_field_groups
-      # DEPRECATED, INSTEAD USE: custom_fields
-      has_many :fields, lambda { |object|
-                          where(object_class: object.class.to_s.gsub('Decorator', '').gsub('CamaleonCms::', ''))
-                        }, class_name: 'CamaleonCms::CustomField', foreign_key: :objectid
-      # DEPRECATED, INSTEAD USE: custom_field_values
-      has_many :field_values, lambda { |object|
-                                where(object_class: object.class.to_s.gsub('Decorator', '').gsub('CamaleonCms::', ''))
-                              }, class_name: 'CamaleonCms::CustomFieldsRelationship', foreign_key: :objectid, dependent: :delete_all
-      # DEPRECATED, INSTEAD USE: custom_field_groups
-      has_many :field_groups, lambda { |object|
-                                where(object_class: object.class.to_s.parseCamaClass)
-                              }, class_name: 'CamaleonCms::CustomFieldGroup', foreign_key: :objectid
     end
 
     # get custom field groups for current object
@@ -38,7 +26,7 @@ module CamaleonCms
                { kind: args,
                  include_parent: false }
              else
-               { kind: 'Post', include_parent: false }.merge(args)
+               { kind: 'Post', include_parent: false }.merge!(args)
              end
       class_name = self.class.to_s.parseCamaClass
       case class_name
@@ -73,7 +61,7 @@ module CamaleonCms
           CamaleonCms::CustomFieldGroup.where(object_class: "PostType_#{args[:kind]}", objectid: id)
         end
       else # 'Plugin' or other classes
-        field_groups
+        custom_field_groups
       end
     end
 
@@ -131,7 +119,7 @@ module CamaleonCms
     #   puts res[0]['my_slug1'].first ==> "val 1"
     def get_fields_grouped(field_keys)
       res = []
-      custom_field_values.where(custom_field_slug: field_keys).order(group_number: :asc).group_by(&:group_number).each do |_group_number, group_fields|
+      custom_field_values.where(custom_field_slug: field_keys).order(group_number: :asc).group_by(&:group_number).each_value do |group_fields|
         group = {}
         field_keys.each do |field_key|
           _tmp = []
@@ -196,8 +184,8 @@ module CamaleonCms
     # kind: argument only for PostType model: (Post | Category | PostTag), default => Post. If kind = "" this will add group for all post_types
     def add_custom_field_group(values, kind = 'Post')
       values = values.with_indifferent_access
-      group = get_field_groups(kind).where(slug: values[:slug]).first
-      unless group.present?
+      group = get_field_groups(kind).find_by(slug: values[:slug])
+      unless group
         site = _cama_get_field_site
         values[:parent_id] = site.id if site.present?
         group = if is_a?(CamaleonCms::Post) # harcoded for post to support custom field groups
@@ -206,6 +194,7 @@ module CamaleonCms
                   get_field_groups(kind).create!(values)
                 end
       end
+
       group
     end
     alias add_field_group add_custom_field_group
@@ -215,8 +204,8 @@ module CamaleonCms
     # more details in add_manual_field(item, options) from custom field groups
     # kind: argument only for PostType model: (Post | Category | PostTag), default => Post
     def add_custom_field_to_default_group(item, options, kind = 'Post')
-      g = get_field_groups(kind).where(slug: '_default').first
-      g = add_custom_field_group({ name: 'Default Field Group', slug: '_default' }, kind) unless g.present?
+      g = get_field_groups(kind).find_by(slug: '_default')
+      g ||= add_custom_field_group({ name: 'Default Field Group', slug: '_default' }, kind)
       g.add_manual_field(item, options)
     end
     alias add_field add_custom_field_to_default_group
@@ -243,7 +232,7 @@ module CamaleonCms
 
       ActiveRecord::Base.transaction do
         custom_field_values.delete_all
-        datas.each do |_index, fields_data|
+        datas.each_value do |fields_data|
           fields_data.each do |field_key, values|
             next unless values[:values].present?
 
@@ -260,7 +249,7 @@ module CamaleonCms
     # update new value for field with slug _key
     # Sample: my_posy.update_field_value('sub_title', 'Test Sub Title')
     def update_field_value(_key, value = nil, group_number = 0)
-      custom_field_values.where(custom_field_slug: _key, group_number: group_number).first.update_column('value', value)
+      custom_field_values.find_by(custom_field_slug: _key, group_number: group_number)&.update_column('value', value)
     rescue StandardError
       nil
     end
@@ -287,7 +276,7 @@ module CamaleonCms
     # sample: my_post.set_field_value('subtitle', 'Sub Title', {group_number: 1})
     # sample: my_post.set_field_value('subtitle', 'Sub Title', {group_number: 1, group_number: 1}) # add field values for fields in group 1
     def set_field_value(key, value, args = {})
-      args = { order: 0, group_number: 0, field_id: nil, clear: true }.merge(args)
+      args = { order: 0, group_number: 0, field_id: nil, clear: true }.merge!(args)
       unless args[:field_id].present?
         args[:field_id] = begin
           get_field_object(key).id

data/app/models/concerns/camaleon_cms/site_default_settings.rb

@@ -25,7 +25,7 @@ module CamaleonCms
           else
             title = 'Welcome'
             slug = 'welcome'
-            content = "<p style='text-align: center;'><img width='155' height='155' src='http://camaleon.tuzitio.com/media/132/logo2.png' alt='logo' /></p><p><strong>Camaleon CMS</strong>&nbsp;is a free and open-source tool and a fexible content management system (CMS) based on <a href='http://rubyonrails.org'>Ruby on Rails</a>.</p> <p>With Camaleon you can do the following:</p> <ul> <li>Create instantly a lot of sites&nbsp;in the same installation</li> <li>Manage your content information in several languages</li> <li>Extend current functionality by&nbsp;plugins (MVC structure and no more echo or prints anywhere)</li> <li>Create or install different themes for each site</li> <li>Create your own structure without coding anything (adapt Camaleon as you want&nbsp;and not you for Camaleon)</li> <li>Create your store and start to sell your products using our plugins</li> <li>Avoid web attacks</li> <li>Compare the speed and enjoy the speed of your new Camaleon site</li> <li>Customize or create your themes for mobile support</li> <li>Support&nbsp;more visitors at the same time</li> <li>Manage your information with a panel like wordpress&nbsp;</li> <li>All urls are oriented for SEO</li> <li>Multiples roles of users</li> </ul>"
+            content = "<p style='text-align: center;'><img width='155' height='155' src='https://camaleon.website/media/132/logo2.png' alt='logo' /></p><p><strong>Camaleon CMS</strong>&nbsp;is a free and open-source tool and a fexible content management system (CMS) based on <a href='https://rubyonrails.org'>Ruby on Rails</a>.</p> <p>With Camaleon you can do the following:</p> <ul> <li>Create instantly a lot of sites&nbsp;in the same installation</li> <li>Manage your content information in several languages</li> <li>Extend current functionality by&nbsp;plugins (MVC structure and no more echo or prints anywhere)</li> <li>Create or install different themes for each site</li> <li>Create your own structure without coding anything (adapt Camaleon as you want&nbsp;and not you for Camaleon)</li> <li>Create your store and start to sell your products using our plugins</li> <li>Avoid web attacks</li> <li>Compare the speed and enjoy the speed of your new Camaleon site</li> <li>Customize or create your themes for mobile support</li> <li>Support&nbsp;more visitors at the same time</li> <li>Manage your information with a panel like wordpress&nbsp;</li> <li>All urls are oriented for SEO</li> <li>Multiples roles of users</li> </ul>"
           end
           user = users.admin_scope.first
           unless user.present?

data/app/uploaders/camaleon_cms_uploader.rb

@@ -158,6 +158,11 @@ class CamaleonCmsUploader
     File.exist?(file_name)
   end
 
+  def self.delete_block(&block)
+    @delete_block = block if block
+    @delete_block
+  end
+
   private
 
   def cache_key

data/app/validators/camaleon_cms/post_uniq_validator.rb

@@ -8,23 +8,23 @@ module CamaleonCms
       return unless ptype.present? # only for posts that belongs to a post type model
 
       posts = ptype.site.posts
-                   .where("(#{slug_array.map do |s|
-                                "#{CamaleonCms::Post.table_name}.slug LIKE '%-->#{s}<!--%'"
-                              end.join(' OR ')} ) OR #{CamaleonCms::Post.table_name}.slug = ?", record.slug)
+                   .where(
+                     "(#{slug_array.map { |s| "#{CamaleonCms::Post.table_name}.slug LIKE '%-->#{s}<!--%'" }
+                                        .join(' OR ')} ) OR #{CamaleonCms::Post.table_name}.slug = ?", record.slug
+                   )
                    .where.not(id: record.id)
                    .where.not(status: %i[draft draft_child trash])
-      if posts.size.positive?
-        record.errors[:base] << if slug_array.size > 1
-                                  "#{I18n.t('camaleon_cms.admin.post.message.requires_different_slug')}: #{posts.pluck(:slug).map do |slug|
-                                                                                                             record.slug.to_s.translations.map do |lng, r_slug|
-                                                                                                               if slug.translations_array.include?(r_slug)
-                                                                                                                 "#{r_slug} (#{lng})"
-                                                                                                               end
-                                                                                                             end.join(',')
-                                                                                                           end.join(',').split(',').uniq.clean_empty.join(', ')} "
-                                else
-                                  "#{I18n.t('camaleon_cms.admin.post.message.requires_different_slug')}: #{record.slug} "
-                                end
+      unless posts.empty?
+        record.errors[:base] <<
+          if slug_array.size > 1
+            "#{I18n.t('camaleon_cms.admin.post.message.requires_different_slug')}: #{posts.pluck(:slug).map do |slug|
+              record.slug.to_s.translations.map do |lng, r_slug|
+                "#{r_slug} (#{lng})" if slug.translations_array.include?(r_slug)
+              end.join(',')
+            end.join(',').split(',').uniq.clean_empty.join(', ')} "
+          else
+            "#{I18n.t('camaleon_cms.admin.post.message.requires_different_slug')}: #{record.slug} "
+          end
       end
 
       # avoid recursive page parent

data/app/validators/camaleon_cms/uniq_validator.rb

@@ -3,9 +3,15 @@ module CamaleonCms
     def validate(record)
       return if record.skip_slug_validation?
 
-      if CamaleonCms::TermTaxonomy.where(slug: record.slug).where.not(id: record.id).where("#{CamaleonCms::TermTaxonomy.table_name}.taxonomy" => record.taxonomy).where("#{CamaleonCms::TermTaxonomy.table_name}.parent_id" => record.parent_id).size.positive?
-        record.errors[:base] << I18n.t('camaleon_cms.admin.post.message.requires_different_slug').to_s
-      end
+      taxonomy_table = CamaleonCms::TermTaxonomy.table_name
+      slug_exists = CamaleonCms::TermTaxonomy.where(slug: record.slug)
+                                             .where.not(id: record.id)
+                                             .where("#{taxonomy_table}.taxonomy" => record.taxonomy)
+                                             .where("#{taxonomy_table}.parent_id" => record.parent_id).exists?
+
+      return unless slug_exists
+
+      record.errors[:base] << I18n.t('camaleon_cms.admin.post.message.requires_different_slug').to_s
     end
   end
 end

data/app/validators/camaleon_cms/user_url_validator.rb

@@ -0,0 +1,207 @@
+# frozen_string_literal: true
+
+# Copyright (c) 2011-present GitLab B.V.
+#
+# See https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/url_blocker.rb
+#
+# Portions of this software are licensed under the "MIT Expat" license as defined below.
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in all
+# copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+
+# require 'resolv'
+require 'ipaddress'
+require 'addressable/uri'
+
+module CamaleonCms
+  class UserUrlValidator
+    LOCAL_IPS = %w[0.0.0.0 ::].freeze
+
+    def self.validate(...)
+      new.validate(...)
+    end
+
+    def initialize
+      @errors = []
+    end
+
+    # Validates the given url according to the constraints specified by the received arguments.
+    #
+    # allow_localhost - Registers error if URL resolves to a localhost IP address and argument is false.
+    # allow_local_network - Registers error if URL resolves to a link-local address and argument is false.
+    # enforce_user - Registers error if URL user doesn't start with alphanumeric characters and argument is true.
+    # enforce_sanitizing - Registers error if URL includes any HTML/CSS/JS tags and argument is true.
+    #
+    # Returns an array with [<uri>, <original-hostname>].
+    def validate(url, allow_localhost: false, allow_local_network: false, enforce_user: true, enforce_sanitizing: true)
+      return invalid_url unless url.present?
+
+      # Param url can be a string, URI or Addressable::URI
+      return invalid_url unless (uri = parse_url(url))
+
+      validate_uri(uri: uri, enforce_sanitizing: enforce_sanitizing, enforce_user: enforce_user)
+      return @errors if @errors.any?
+
+      address_info = get_address_info(uri)
+      return @errors if @errors.any?
+
+      validate_local_request(
+        address_info: address_info,
+        allow_localhost: allow_localhost,
+        allow_local_network: allow_local_network
+      )
+
+      @errors.empty? || @errors
+    end
+
+    private
+
+    def validate_uri(uri:, enforce_sanitizing:, enforce_user:)
+      validate_html_tags(uri) if enforce_sanitizing
+
+      validate_user(uri.user) if enforce_user
+      validate_hostname(uri.hostname)
+    end
+
+    # @param uri [Addressable::URI]
+    # @return [Array<Addrinfo>] addrinfo object for the URI
+    def get_address_info(uri)
+      Addrinfo.getaddrinfo(uri.hostname, get_port(uri), nil, :STREAM).map do |addr|
+        addr.ipv6_v4mapped? ? addr.ipv6_to_ipv4 : addr
+      end
+    rescue ArgumentError => e
+      # Addrinfo.getaddrinfo errors if the domain exceeds 1024 characters.
+      @errors << I18n.t('camaleon_cms.admin.validate.hostname_long') if e.message.include?('hostname too long')
+
+      @errors << "#{e.message}: #{I18n.t('camaleon_cms.admin.validate.url')}" if @errors.blank?
+    rescue SocketError
+      @errors << I18n.t('camaleon_cms.admin.validate.host_invalid')
+    end
+
+    def validate_local_request(address_info:, allow_localhost:, allow_local_network:)
+      return if allow_local_network && allow_localhost
+
+      unless allow_localhost
+        validate_localhost(address_info)
+        validate_loopback(address_info)
+      end
+
+      return if allow_local_network
+
+      validate_local_network(address_info)
+      validate_link_local(address_info)
+      validate_shared_address(address_info)
+      validate_limited_broadcast_address(address_info)
+    end
+
+    def get_port(uri)
+      uri.port || uri.default_port
+    end
+
+    def validate_html_tags(uri)
+      uri_str = uri.to_s
+      sanitized_uri = ActionController::Base.helpers.sanitize(uri_str, tags: [])
+      @errors << I18n.t('camaleon_cms.admin.validate.html_tags') unless sanitized_uri == uri_str
+    end
+
+    # @param [String, Addressable::URI, #to_str] url The URL string to parse
+    # @return [Addressable::URI, nil] URI object based on the parsed string, or `nil` if the `url` is invalid
+    def parse_url(url)
+      invalid = nil
+      uri = Addressable::URI.parse(url).tap do |parsed_url|
+        invalid = true if multiline_blocked?(parsed_url)
+      end
+      return if invalid
+
+      uri
+    rescue Addressable::URI::InvalidURIError, URI::InvalidURIError
+      nil
+    end
+
+    def multiline_blocked?(parsed_url)
+      url = parsed_url.to_s
+
+      return true if url =~ /[\n\r]/
+      # Google Cloud Storage uses a multi-line, encoded Signature query string
+      return false if %w[http https].include?(parsed_url.scheme&.downcase)
+
+      CGI.unescape(url) =~ /[\n\r]/
+    end
+
+    def validate_user(value)
+      return if value.blank?
+      return if value =~ /\A\p{Alnum}/
+
+      @errors << I18n.t('camaleon_cms.admin.validate.username_alphanumeric')
+    end
+
+    def validate_hostname(value)
+      return if value.blank?
+      return if IPAddress.valid?(value)
+      return if value =~ /\A\p{Alnum}/
+
+      @errors << I18n.t('camaleon_cms.admin.validate.host_or_ip_invalid')
+    end
+
+    def validate_localhost(addrs_info)
+      return if (Socket.ip_address_list.map(&:ip_address).concat(LOCAL_IPS) & addrs_info.map(&:ip_address)).empty?
+
+      @errors << I18n.t('camaleon_cms.admin.validate.no_localhost_requests')
+    end
+
+    def validate_loopback(addrs_info)
+      return unless addrs_info.any? { |addr| addr.ipv4_loopback? || addr.ipv6_loopback? }
+
+      @errors << I18n.t('camaleon_cms.admin.validate.no_loopback_requests')
+    end
+
+    def validate_local_network(addrs_info)
+      return unless addrs_info.any? { |addr| addr.ipv4_private? || addr.ipv6_sitelocal? || addr.ipv6_unique_local? }
+
+      @errors << I18n.t('camaleon_cms.admin.validate.no_local_net_requests')
+    end
+
+    def validate_link_local(addrs_info)
+      netmask = IPAddr.new('169.254.0.0/16')
+      return unless addrs_info.any? { |addr| addr.ipv6_linklocal? || netmask.include?(addr.ip_address) }
+
+      @errors << I18n.t('camaleon_cms.admin.validate.no_link_local_net_requests')
+    end
+
+    def validate_shared_address(addrs_info)
+      netmask = IPAddr.new('100.64.0.0/10')
+      return unless addrs_info.any? { |addr| netmask.include?(addr.ip_address) }
+
+      @errors << I18n.t('camaleon_cms.admin.validate.no_shared_address_requests')
+    end
+
+    # Registers an error if any IP in `addrs_info` is the limited broadcast address.
+    # https://datatracker.ietf.org/doc/html/rfc919#section-7
+    def validate_limited_broadcast_address(addrs_info)
+      blocked_ips = ['255.255.255.255']
+
+      return if (blocked_ips & addrs_info.map(&:ip_address)).empty?
+
+      @errors << I18n.t('camaleon_cms.admin.validate.no_limited_broadcast_address_requests')
+    end
+
+    def invalid_url
+      @errors << I18n.t('camaleon_cms.admin.validate.url')
+    end
+  end
+end

data/app/views/camaleon_cms/admin/media/index.html.erb

@@ -48,7 +48,7 @@
                     <fieldset>
                         <legend><%= t("camaleon_cms.admin.media.external", default: 'From URL') %></legend>
                         <div class="form-group">
-                            <input type="text" name="remote_file" class="form-control" placeholder="http://..." class="required">
+                            <input type="text" name="remote_file" class="form-control" placeholder="https://..." class="required">
                         </div>
                         <div class="form-group">
                             <button type="submit" class="btn btn-primary"><%= t("camaleon_cms.admin.button.submit") %></button>

data/app/views/camaleon_cms/admin/settings/_email_settings.html.erb

@@ -10,7 +10,7 @@
     <hr>
     <div class="alert alert-info">Gmail Need Permissions:
         <div class="pull-left">
-            <a href="http://know.mailsbestfriend.com/smtp_error_password_command_failed_5345714-1194946499.shtml" target="_blank">Check
+            <a href="https://know.mailsbestfriend.com/smtp_error_password_command_failed_5345714-1194946499.shtml" target="_blank">Check
                 here.</a>
         </div>
         <div class="pull-right">
@@ -55,4 +55,4 @@
             return false;
         });
     });
-</script>
+</script>

data/app/views/camaleon_cms/default_theme/index.html.erb

@@ -12,19 +12,19 @@
             <!-- Wrapper for slides -->
             <div class="carousel-inner">
                 <div class="item active">
-                    <img src="http://placehold.it/800x400" alt="...">
+                    <img src="https://placehold.it/800x400" alt="...">
                     <div class="carousel-caption">
                         <h2>Heading</h2>
                     </div>
                 </div>
                 <div class="item">
-                    <img src="http://placehold.it/800x400" alt="...">
+                    <img src="https://placehold.it/800x400" alt="...">
                     <div class="carousel-caption">
                         <h2>Heading</h2>
                     </div>
                 </div>
                 <div class="item">
-                    <img src="http://placehold.it/800x400" alt="...">
+                    <img src="https://placehold.it/800x400" alt="...">
                     <div class="carousel-caption">
                         <h2>Heading</h2>
                     </div>
@@ -67,4 +67,4 @@
         </div>
 
     </div>
-</section>
+</section>

data/app/views/camaleon_cms/default_theme/sitemap.xml.builder

@@ -1,7 +1,7 @@
 xml.instruct! :xml, version: '1.0'
-xml.urlset 'xmlns' => 'http://www.sitemaps.org/schemas/sitemap/0.9' do
+xml.urlset 'xmlns' => 'https://www.sitemaps.org/schemas/sitemap/0.9' do
   current_site.get_languages.each_with_index do |lang, index|
-    lang = (index.zero? ? nil : lang)
+    lang = (index == 0 ? nil : lang)
     xml.url do
       xml.loc current_site.the_url(locale: lang)
       xml.lastmod current_site.updated_at.to_date
@@ -54,7 +54,7 @@ xml.urlset 'xmlns' => 'http://www.sitemaps.org/schemas/sitemap/0.9' do
     end
   end
 
-  @r[:custom].each do |_key, item|
+  @r[:custom].each_value do |item|
     xml.url do
       xml.loc item[:url]
       xml.lastmod item[:lastmod] || Date.today.to_s

data/app/views/layouts/camaleon_cms/admin/_footer.html.erb

@@ -1,6 +1,6 @@
 <footer class="main-footer" id="main-footer">
     <div class="row">
-      <div class="col-md-6"><strong>Copyright &copy; 2015 - <%= Time.now.year %> <a href="http://camaleon.tuzitio.com">Camaleon CMS.</a> </strong></div>
+      <div class="col-md-6"><strong>Copyright &copy; 2015 - <%= Time.now.year %> <a href="https://camaleon.website">Camaleon CMS.</a> </strong></div>
         <div class="col-md-6 hidden-xs">
             <div class="pull-left">
                 <a id="link_see_intro" href="#" onclick="init_intro(); return false;"><i class="fa fa-tv"></i> <%= I18n.t('camaleon_cms.see_intro') %>.</a>

data/config/initializers/custom_initializers.rb

@@ -9,4 +9,18 @@ Rails.application.config.to_prepare do |_config|
     f = File.join(ap['path'], 'config', 'custom_models.rb')
     eval(File.read(f)) if File.exist?(f)
   end
+
+  # This block can be overridden in the app initializer to wrap the sleep and delete_file in an async job,
+  # something like this:
+  #
+  # CamaleonDeleteFileJob.set(wait: temporal_time).perform_later(file_key)
+  # # put this in app/jobs/camaleon_delete_file_job.rb:
+  # include CamaleonCms::UploaderHelper
+  # cama_uploader.delete_file(file_key)
+  CamaleonCmsUploader.delete_block do |settings, cama_uploader, file_key|
+    next unless Rails.env.test?
+
+    sleep(settings[:temporal_time])
+    cama_uploader.delete_file(file_key)
+  end
 end

data/config/locales/camaleon_cms/admin/en.yml

@@ -212,7 +212,6 @@ en:
         reload: 'Reload'
         clear_cache: 'Clear Cache'
         name_required: 'File name is required'
-        local_upload_denied: 'Cannot upload from localhost'
       menus:
         menus: Menus
         link_url: 'Link URL'
@@ -684,6 +683,16 @@ en:
         required: 'This field is required.'
         remote: 'Please fix this field.'
         email: 'Please enter a valid email address.'
+        host_invalid: 'Host cannot be resolved or invalid'
+        host_or_ip_invalid: 'Hostname or IP address invalid'
+        hostname_long: 'Host is too long (maximum is 1024 characters)'
+        html_tags: 'HTML/CSS/JS tags are not allowed'
+        no_localhost_requests: 'Requests to localhost are not allowed'
+        no_loopback_requests: 'Requests to loopback addresses are not allowed'
+        no_local_net_requests: 'Requests to the local network are not allowed'
+        no_link_local_net_requests: 'Requests to the link local network are not allowed'
+        no_shared_address_requests: 'Requests to the shared address space are not allowed'
+        no_limited_broadcast_address_requests: 'Requests to the limited broadcast address are not allowed'
         url: 'Please enter a valid URL.'
         date: 'Please enter a valid date.'
         dateiso: 'Please enter a valid date ( ISO ).'
@@ -697,6 +706,7 @@ en:
         range: 'Please enter a value between {0} and {1}.'
         max: 'Please enter a value less than or equal to {0}.'
         min: 'Please enter a value greater than or equal to {0}.'
+        username_alphanumeric: 'Username needs to start with an alphanumeric character'
       widgets:
         create_widget: 'Create Widget'
         create_sidebar: 'Create Sidebar'

data/lib/camaleon_cms/engine.rb

@@ -59,7 +59,7 @@ module CamaleonCms
       app.config.assets.paths << File.join($camaleon_engine_dir, 'app', 'assets', 'fonts')
       app.config.encoding = 'utf-8'
 
-      # add prefix url, like: http://localhost.com/blog/
+      # add prefix url, like: https://localhost.com/blog/
       # config.action_controller.relative_url_root = PluginRoutes.system_info["relative_url_root"] if PluginRoutes.system_info["relative_url_root"].present?
 
       # multiple route files

data/lib/camaleon_cms/version.rb

@@ -1,3 +1,3 @@
 module CamaleonCms
-  VERSION = '2.7.4'.freeze
+  VERSION = '2.8.0'.freeze
 end

data/lib/ext/hash.rb

@@ -19,7 +19,7 @@ class Hash
 
   # used for hash of objects
   def find_by(val, attr = 'id')
-    each do |_key, p|
+    each_value do |p|
       return p if p[attr].to_s == val.to_s
     end
     nil

data/lib/ext/string.rb

@@ -66,11 +66,11 @@ class String
   end
 
   # parse string into domain
-  # http://owem.tuzitio.com into owem.tuzitio.com
+  # https://owen.camaleon.website into owen.camaleon.website
   def parse_domain
     url = self
     uri = URI.parse(url)
-    uri = URI.parse("http://#{url}") if uri.scheme.nil?
+    uri = URI.parse("https://#{url}") if uri.scheme.nil?
     host = (uri.host || self).downcase
     h = host.start_with?('www.') ? host[4..] : host
     "#{h}#{":#{uri.port}" unless [80, 443].include?(uri.port)}"