camaleon_cms 2.8.1 → 2.8.3

data/app/controllers/camaleon_cms/admin/media_controller.rb

@@ -57,7 +57,8 @@ module CamaleonCms
         case params[:media_action]
         when 'new_folder'
           params[:folder] = slugify_folder(params[:folder])
-          return render partial: 'render_file_item', locals: { files: [cama_uploader.add_folder(params[:folder])] }
+          r = cama_uploader.add_folder(params[:folder])
+          return render partial: 'render_file_item', locals: { files: [r] } if r[:error].blank?
         when 'del_folder'
           r = cama_uploader.delete_folder(params[:folder])
         when 'del_file'

data/app/helpers/camaleon_cms/uploader_helper.rb

@@ -76,7 +76,7 @@ module CamaleonCms
       res = { error: nil }
 
       # guard against path traversal
-      return { error: 'Invalid file path' } unless cama_uploader.class.valid_folder_path?(settings[:folder])
+      return { error: 'Invalid file path' } unless cama_uploader.valid_folder_path?(settings[:folder])
 
       # formats validations
       return { error: "#{ct('file_format_error')} (#{settings[:formats]})" } unless cama_uploader.class.validate_file_format(

data/app/models/camaleon_cms/term_taxonomy.rb

@@ -3,6 +3,12 @@ module CamaleonCms
     include CamaleonCms::Metas
     include CamaleonCms::CustomFieldsRead
 
+    TRANSLATION_TAG_HIDE_MAP = { '<!--' => '!--', '-->' => '--!' }.freeze
+    TRANSLATION_TAG_HIDE_REGEX = Regexp.new(TRANSLATION_TAG_HIDE_MAP.keys.map { |x| Regexp.escape(x) }.join('|')).freeze
+    TRANSLATION_TAG_RESTORE_MAP = { '--!' => '-->', '!--' => '<!--' }.freeze
+    TRANSLATION_TAG_RESTORE_REGEX =
+      Regexp.new(TRANSLATION_TAG_RESTORE_MAP.keys.map { |x| Regexp.escape(x) }.join('|')).freeze
+
     def self.inherited(subclass)
       super
 
@@ -22,11 +28,16 @@ module CamaleonCms
         %i[name description].each do |attr|
           next unless new_record? || attribute_changed?(attr)
 
-          self[attr] = ActionController::Base.helpers.sanitize(__send__(attr))
+          self[attr] = ActionController::Base.helpers.sanitize(
+            __send__(attr)&.gsub(TRANSLATION_TAG_HIDE_REGEX, TRANSLATION_TAG_HIDE_MAP)
+          )&.gsub(TRANSLATION_TAG_RESTORE_REGEX, TRANSLATION_TAG_RESTORE_MAP)
         end
       end
     else
-      normalizes :name, :description, with: ->(field) { ActionController::Base.helpers.sanitize(field) }
+      normalizes :name, :description, with: lambda { |field|
+        ActionController::Base.helpers.sanitize(field.gsub(TRANSLATION_TAG_HIDE_REGEX, TRANSLATION_TAG_HIDE_MAP))
+                              .gsub(TRANSLATION_TAG_RESTORE_REGEX, TRANSLATION_TAG_RESTORE_MAP)
+      }
     end
 
     # callbacks

data/app/uploaders/camaleon_cms_aws_uploader.rb

@@ -105,6 +105,8 @@ class CamaleonCmsAwsUploader < CamaleonCmsUploader
 
   # add new folder to AWS with :key
   def add_folder(key)
+    return { error: 'Invalid folder path' } unless valid_folder_path?(key)
+
     key = "#{@aws_settings['inner_folder']}/#{key}" if @aws_settings['inner_folder'].present?
     key = key.cama_fix_media_key
     s3_file = bucket.object(key.slice(1..-1) << '/')

data/app/uploaders/camaleon_cms_local_uploader.rb

@@ -25,7 +25,7 @@ class CamaleonCmsLocalUploader < CamaleonCmsUploader
   end
 
   def fetch_file(file_name)
-    return { error: 'Invalid file path' } if file_name.include?('..')
+    return { error: 'Invalid file path' } unless valid_folder_path?(file_name)
 
     return file_name if file_exists?(file_name)
 
@@ -96,6 +96,8 @@ class CamaleonCmsLocalUploader < CamaleonCmsUploader
 
   # create a new folder into local directory
   def add_folder(key)
+    return { error: 'Invalid folder path' } unless valid_folder_path?(key)
+
     d = File.join(@root_folder, key).to_s
     is_new_folder = false
     unless Dir.exist?(d)

data/app/uploaders/camaleon_cms_uploader.rb

@@ -125,10 +125,8 @@ class CamaleonCmsUploader
     valid_formats.include?(File.extname(key).sub('.', '').split('?').first.try(:downcase))
   end
 
-  def self.valid_folder_path?(path)
-    return true if path == '/'
-
-    return false if path.include?('..') || File.absolute_path?(path) || path.include?('://')
+  def valid_folder_path?(path)
+    return false if path.include?('..') || path.include?('://')
 
     true
   end

data/app/views/layouts/camaleon_cms/admin.html.erb

@@ -18,7 +18,13 @@
     </script>
     <%= javascript_include_tag "camaleon_cms/admin/admin-manifest" %>
 
-    <%= javascript_include_tag "camaleon_cms/admin/jquery_validate/#{current_locale}.js" if current_locale != 'en' %>
+    <%= javascript_include_tag "camaleon_cms/admin/jquery_validate/messages_#{current_locale}.js" if current_locale != 'en' %>
+
+    <% jquery_validate_localized_methods = "camaleon_cms/admin/jquery_validate/methods_#{current_locale}.js"%>
+    <% jquery_validate_localized_methods_exist =
+         File.file?(Rails.root.join('app', 'assets', 'javascripts', jquery_validate_localized_methods))%>
+    <%= javascript_include_tag jquery_validate_localized_methods if jquery_validate_localized_methods_exist %>
+
     <%= javascript_include_tag "camaleon_cms/admin/momentjs/#{current_locale}.js" if current_locale != 'en' %>
 
     <%= raw the_head({}, false) %>

data/lib/camaleon_cms/version.rb

@@ -1,3 +1,3 @@
 module CamaleonCms
-  VERSION = '2.8.1'.freeze
+  VERSION = '2.8.3'.freeze
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: camaleon_cms
 version: !ruby/object:Gem::Version
-  version: 2.8.1
+  version: 2.8.3
 platform: ruby
 authors:
 - Owen Peredo Diaz
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-08-21 00:00:00.000000000 Z
+date: 2024-09-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: addressable
@@ -582,25 +582,29 @@ files:
 - app/assets/javascripts/camaleon_cms/admin/_post.js
 - app/assets/javascripts/camaleon_cms/admin/_posttype.js
 - app/assets/javascripts/camaleon_cms/admin/_translator.js
-- app/assets/javascripts/camaleon_cms/admin/_underscore.js
 - app/assets/javascripts/camaleon_cms/admin/_user_profile.js
 - app/assets/javascripts/camaleon_cms/admin/admin-basic-manifest.js
 - app/assets/javascripts/camaleon_cms/admin/admin-manifest.js
 - app/assets/javascripts/camaleon_cms/admin/bootstrap-colorpicker.js
 - app/assets/javascripts/camaleon_cms/admin/custom_fields_form.js
-- app/assets/javascripts/camaleon_cms/admin/introjs/_intro.min.js
+- app/assets/javascripts/camaleon_cms/admin/introjs/intro.min.js
+- app/assets/javascripts/camaleon_cms/admin/introjs/intro.min.js.map
 - app/assets/javascripts/camaleon_cms/admin/jquery-sieve.js
 - app/assets/javascripts/camaleon_cms/admin/jquery.nestable.js
 - app/assets/javascripts/camaleon_cms/admin/jquery.validate.js
-- app/assets/javascripts/camaleon_cms/admin/jquery_validate/de.js
-- app/assets/javascripts/camaleon_cms/admin/jquery_validate/es.js
-- app/assets/javascripts/camaleon_cms/admin/jquery_validate/fr.js
-- app/assets/javascripts/camaleon_cms/admin/jquery_validate/it.js
-- app/assets/javascripts/camaleon_cms/admin/jquery_validate/nl.js
-- app/assets/javascripts/camaleon_cms/admin/jquery_validate/pt-BR.js
-- app/assets/javascripts/camaleon_cms/admin/jquery_validate/ru.js
-- app/assets/javascripts/camaleon_cms/admin/jquery_validate/uk.js
-- app/assets/javascripts/camaleon_cms/admin/jquery_validate/zh-CN.js
+- app/assets/javascripts/camaleon_cms/admin/jquery_validate/messages_ar.js
+- app/assets/javascripts/camaleon_cms/admin/jquery_validate/messages_de.js
+- app/assets/javascripts/camaleon_cms/admin/jquery_validate/messages_es.js
+- app/assets/javascripts/camaleon_cms/admin/jquery_validate/messages_fr.js
+- app/assets/javascripts/camaleon_cms/admin/jquery_validate/messages_it.js
+- app/assets/javascripts/camaleon_cms/admin/jquery_validate/messages_nl.js
+- app/assets/javascripts/camaleon_cms/admin/jquery_validate/messages_pt-BR.js
+- app/assets/javascripts/camaleon_cms/admin/jquery_validate/messages_ru.js
+- app/assets/javascripts/camaleon_cms/admin/jquery_validate/messages_uk.js
+- app/assets/javascripts/camaleon_cms/admin/jquery_validate/messages_zh-CN.js
+- app/assets/javascripts/camaleon_cms/admin/jquery_validate/methods_de.js
+- app/assets/javascripts/camaleon_cms/admin/jquery_validate/methods_nl.js
+- app/assets/javascripts/camaleon_cms/admin/jquery_validate/methods_pt.js
 - app/assets/javascripts/camaleon_cms/admin/lte/app.js
 - app/assets/javascripts/camaleon_cms/admin/momentjs/_moment.js
 - app/assets/javascripts/camaleon_cms/admin/momentjs/ar.js
@@ -657,7 +661,8 @@ files:
 - app/assets/stylesheets/camaleon_cms/admin/img/no_image.jpg
 - app/assets/stylesheets/camaleon_cms/admin/img/rormeleon-white.png
 - app/assets/stylesheets/camaleon_cms/admin/img/thumb_no_found.jpg
-- app/assets/stylesheets/camaleon_cms/admin/introjs/_introjs.min.css
+- app/assets/stylesheets/camaleon_cms/admin/introjs/introjs.min.css
+- app/assets/stylesheets/camaleon_cms/admin/introjs/introjs.min.css.map
 - app/assets/stylesheets/camaleon_cms/admin/jquery/_jquery-ui.scss
 - app/assets/stylesheets/camaleon_cms/admin/jquery/images/ui-bg_flat_0_aaaaaa_40x100.png
 - app/assets/stylesheets/camaleon_cms/admin/jquery/images/ui-bg_flat_75_ffffff_40x100.png
@@ -692,6 +697,7 @@ files:
 - app/assets/stylesheets/camaleon_cms/admin/uploader/uploader_manifest.css
 - app/assets/stylesheets/camaleon_cms/admin/widgets.css.scss
 - app/assets/stylesheets/camaleon_cms/bootstrap.min.css
+- app/assets/stylesheets/camaleon_cms/bootstrap.min.css.map
 - app/assets/stylesheets/fonts/glyphicons-halflings-regular.eot
 - app/assets/stylesheets/fonts/glyphicons-halflings-regular.svg
 - app/assets/stylesheets/fonts/glyphicons-halflings-regular.ttf
@@ -1146,7 +1152,7 @@ requirements:
 - rails >= 6.1
 - ruby >= 3.0
 - imagemagick
-rubygems_version: 3.5.11
+rubygems_version: 3.5.18
 signing_key:
 specification_version: 4
 summary: Camaleon is a CMS for Ruby on Rails as an alternative to Wordpress.