camaleon_cms 2.8.3 → 2.9.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of camaleon_cms might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/app/controllers/camaleon_cms/admin/sessions_controller.rb +1 -1
- data/app/helpers/camaleon_cms/uploader_helper.rb +10 -3
- data/app/uploaders/camaleon_cms_aws_uploader.rb +8 -1
- data/app/views/camaleon_cms/admin/settings/_file_system_settings.html.erb +5 -5
- data/lib/camaleon_cms/version.rb +1 -1
- data/lib/plugin_routes.rb +2 -0
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 7bbfa67257bf8efd2830d5c4d20d1e00ce5db6293c145205326fc5c496a6ffd1
|
|
4
|
+
data.tar.gz: 848c0feddb8c6dbe3be7d992d1b116c9b438006cea66af150468576e8096eb9c
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 1ff798ffbe98e5906feed579e437f3da2b8636f99b2d22f508afbcc6981c70752ea464ac21af2457f73e94087fe4d88ee863ce3fadaca956d7570422710eebb3
|
|
7
|
+
data.tar.gz: 793bd8de6630499e71697966559066d74f38f1ccd225434fc2f4b101ce41fe1dbc62fbba94138bc57ca473a3abf9a9f48ecc820df1f0ec538b8ffed89b2268c4
|
|
@@ -26,7 +26,7 @@ module CamaleonCms
|
|
|
26
26
|
hooks_run('user_before_login', r)
|
|
27
27
|
return if r[:stop_process] # permit to redirect for data completion
|
|
28
28
|
|
|
29
|
-
if captcha_validate && @user
|
|
29
|
+
if captcha_validate && @user&.authenticate(data_user[:password])
|
|
30
30
|
# Email validation if is necessary
|
|
31
31
|
if @user.is_valid_email? || !current_site.need_validate_email?
|
|
32
32
|
cama_captcha_reset_attack('login')
|
|
@@ -2,16 +2,23 @@
|
|
|
2
2
|
|
|
3
3
|
module CamaleonCms
|
|
4
4
|
module UploaderHelper
|
|
5
|
-
|
|
5
|
+
UNSAFE_EVENT_PATTERNS = %w[
|
|
6
|
+
onabort onafter onbefore onblur oncanplay onchange onclick oncontextmenu oncopy oncuechange oncut ondblclick
|
|
7
|
+
ondrag ondrop ondurationchange onended onerror onfocus onhashchange oninvalid oninput onkey onload onmessage
|
|
8
|
+
onmouse ononline onoffline onpagehide onpageshow onpage onpaste onpause onplay onpopstate onprogress
|
|
9
|
+
onpropertychange onratechange onreadystatechange onreset onresize onscroll onsearch onseek onselect onshow
|
|
10
|
+
onstalled onstorage onsuspend ontimeupdate ontoggle onunloadonsubmit onvolumechange onwaiting onwheel
|
|
11
|
+
].map { |pattern| /#{pattern}\w*\s*=/i }.freeze
|
|
12
|
+
|
|
13
|
+
SUSPICIOUS_PATTERNS = (UNSAFE_EVENT_PATTERNS + [
|
|
6
14
|
/<script[\s>]/i, # Script tags
|
|
7
|
-
/on\w{3,}\s*=/i, # Inline event handlers like oncut, onload, onclick, etc.
|
|
8
15
|
/javascript:/i, # JavaScript in href/src attributes
|
|
9
16
|
/<iframe[\s>]/i, # Iframes
|
|
10
17
|
/<object[\s>]/i, # Object tags
|
|
11
18
|
/<embed[\s>]/i, # Embed tags
|
|
12
19
|
/<base[\s>]/i, # Base tags (can be used to manipulate URLs)
|
|
13
20
|
/data:/i # data: URLs (which can include scripts)
|
|
14
|
-
].freeze
|
|
21
|
+
]).freeze
|
|
15
22
|
|
|
16
23
|
include ActionView::Helpers::NumberHelper
|
|
17
24
|
include CamaleonCms::CamaleonHelper
|
|
@@ -5,6 +5,7 @@ class CamaleonCmsAwsUploader < CamaleonCmsUploader
|
|
|
5
5
|
@aws_akey = @aws_settings[:access_key] || @current_site.get_option('filesystem_s3_access_key')
|
|
6
6
|
@aws_asecret = @aws_settings[:secret_key] || @current_site.get_option('filesystem_s3_secret_key')
|
|
7
7
|
@aws_bucket = @aws_settings[:bucket] || @current_site.get_option('filesystem_s3_bucket_name')
|
|
8
|
+
@aws_endpoint = @aws_settings[:endpoint] || @current_site.get_option('filesystem_s3_endpoint')
|
|
8
9
|
@aws_settings[:aws_file_upload_settings] ||= ->(settings) { settings }
|
|
9
10
|
@aws_settings[:aws_file_read_settings] ||= ->(data, _s3_file) { data }
|
|
10
11
|
end
|
|
@@ -140,8 +141,14 @@ class CamaleonCmsAwsUploader < CamaleonCmsUploader
|
|
|
140
141
|
def bucket
|
|
141
142
|
@bucket ||= lambda {
|
|
142
143
|
Aws.config.update({ region: @aws_region, credentials: Aws::Credentials.new(@aws_akey, @aws_asecret) })
|
|
143
|
-
s3 = Aws::S3::Resource.new
|
|
144
|
+
s3 = Aws::S3::Resource.new(resource_parameters)
|
|
144
145
|
s3.bucket(@aws_bucket)
|
|
145
146
|
}.call
|
|
146
147
|
end
|
|
148
|
+
|
|
149
|
+
def resource_parameters
|
|
150
|
+
return {} if @aws_endpoint.blank?
|
|
151
|
+
|
|
152
|
+
{ endpoint: @aws_endpoint }
|
|
153
|
+
end
|
|
147
154
|
end
|
|
@@ -20,13 +20,13 @@
|
|
|
20
20
|
<%= label_tag t('camaleon_cms.admin.settings.filesystem_region', default: 'filesystem_region') %> <small>(*)</small><br>
|
|
21
21
|
<%= text_field :options, :filesystem_region, :class => "form-control required", value: @site.get_option("filesystem_region"), placeholder: 'us-west-2' %>
|
|
22
22
|
</div>
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
</div
|
|
23
|
+
<div class="form-group">
|
|
24
|
+
<%= label_tag t('camaleon_cms.admin.settings.filesystem_s3_endpoint', default: 'filesystem_s3_endpoint') %><br>
|
|
25
|
+
<%= text_field :options, :filesystem_s3_endpoint, :class => "form-control required", value: @site.get_option("filesystem_s3_endpoint"), placeholder: 's3-us-west-2.amazonaws.com' %>
|
|
26
|
+
</div>
|
|
27
27
|
<div class="form-group">
|
|
28
28
|
<%= label_tag t('camaleon_cms.admin.settings.filesystem_s3_cloudfront', default: 'Cloudfront URL') %><br>
|
|
29
29
|
<%= text_field :options, :filesystem_s3_cloudfront, :class => "form-control", value: @site.get_option("filesystem_s3_cloudfront"), placeholder: 'https://cloudfront_id.cloudfront.net' %>
|
|
30
30
|
</div>
|
|
31
31
|
</div>
|
|
32
|
-
</div>
|
|
32
|
+
</div>
|
data/lib/camaleon_cms/version.rb
CHANGED
data/lib/plugin_routes.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: camaleon_cms
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.
|
|
4
|
+
version: 2.9.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Owen Peredo Diaz
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2025-01-06 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: addressable
|
|
@@ -1152,7 +1152,7 @@ requirements:
|
|
|
1152
1152
|
- rails >= 6.1
|
|
1153
1153
|
- ruby >= 3.0
|
|
1154
1154
|
- imagemagick
|
|
1155
|
-
rubygems_version: 3.5.
|
|
1155
|
+
rubygems_version: 3.5.17
|
|
1156
1156
|
signing_key:
|
|
1157
1157
|
specification_version: 4
|
|
1158
1158
|
summary: Camaleon is a CMS for Ruby on Rails as an alternative to Wordpress.
|