RubyGems - camaleon_cms - Versions diffs - 2.9.0 → 2.9.2 - Mend

camaleon_cms 2.9.0 → 2.9.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (116) hide show

data/app/views/camaleon_cms/admin/posts/index.html.erb CHANGED Viewed

@@ -60,10 +60,10 @@
                     <td><%= link_to raw(f.the_status), {action: :index, s: f.status}, class: "cama_ajax_request" %>  </td>
                     <td><%= f.author.fullname %></td>
                     <% if @post_type.manage_categories? %>
-                        <td><%= raw post_type_list_taxonomy(f.categories, "success") %></td>
+                        <td><%= post_type_list_taxonomy(f.categories, "success") %></td>
                     <% end %>
                     <% if @post_type.manage_tags? %>
-                        <td><%= raw post_type_list_taxonomy(f.post_tags, "default") %></td>
+                        <td><%= post_type_list_taxonomy(f.post_tags, "default") %></td>
                     <% end %>
                     <% extra_column = {post: f, post_type: @post_type, content: "", from_body: true};  hooks_run("list_post_extra_columns", extra_column) %>
                     <%= raw extra_column[:content] %>
@@ -107,6 +107,6 @@
             </tbody>
         </table>
         <%= content_tag("div", raw(t('camaleon_cms.admin.message.data_found_list')), class: "alert alert-warning") if @posts.empty? %>
-        <%= raw cama_do_pagination(@posts) %>
+        <%= cama_do_pagination(@posts) %>
     </div>
 </div>

data/app/views/camaleon_cms/admin/search.html.erb CHANGED Viewed

@@ -62,7 +62,7 @@
                                 </tbody>
                             </table>
                             <%= content_tag("div", raw(t('camaleon_cms.admin.message.data_found_list')), class: "alert alert-warning") if @items.empty? %>
-                            <%= raw cama_do_pagination(@items, panel_class: "cama_ajax_request") %>
+                            <%= cama_do_pagination(@items, panel_class: "cama_ajax_request") %>
                         </div>
                     </div>
                 </div>

data/app/views/camaleon_cms/admin/settings/custom_fields/_render.html.erb CHANGED Viewed

@@ -23,7 +23,7 @@
                                 <%= field.name %>
                                 <%= raw "<em class='text-danger'>*</em>" if field.options[:required].to_s.to_bool %>
                                 <% if current_site.get_option('custom_fields_show_shortcodes') && ["post", "posttype", "category", "postTag", "site", "user", "navmenu", "theme"].include?(obj_class) %>
-                                    <small class="shortcode_field"><br><%= raw cama_shortcode_print("[data field='#{field.slug}' #{"object='#{obj_class}' #{"id='#{record.id}'" if obj_class != "Theme" }" unless record.new_record?}]") %></small>
+                                    <small class="shortcode_field"><br><%= cama_shortcode_print("[data field='#{field.slug}' #{"object='#{obj_class}' #{"id='#{record.id}'" if obj_class != "Theme" }" unless record.new_record?}]") %></small>
                                 <% end %>
                             </label>
                             <% if field.description.present? %>
@@ -40,7 +40,28 @@
                         </div>
                     <% end %>
                 </div>
-                <script> jQuery(function(){ build_custom_field_group(<%= raw(params[:field_options].present? ? (r = []; params[:field_options].each{|k, v| val = {}; v.each{|kk, vv| val["#{kk}"] = (vv['values'].values rescue vv['values']); }; r << val }; r.to_json) : record.get_fields_grouped(fields.pluck(:slug).uniq).to_json) %>, '<%= group.id %>', <%= raw group_field_data.to_json %>, <%= group.is_repeat %>, '<%= field_name %>'); }); </script>
+                <%
+                  field_options_json = if params[:field_options].present?
+                                         params[:field_options].to_unsafe_h.each_with_object([]) do |(_k, v), r|
+                                           r << v.each_with_object({}) do |(kk, vv), val|
+                                             val[kk.to_s] = (vv['values'].values rescue vv['values'])
+                                           end
+                                         end.to_json
+                                       else
+                                         record.get_fields_grouped(fields.pluck(:slug).uniq).to_json
+                                       end
+                %>
+                <script>
+                    jQuery(function () {
+                        build_custom_field_group(
+                            <%= json_escape(field_options_json).html_safe %>,
+                            '<%= group.id %>',
+                            <%= json_escape(group_field_data.to_json).html_safe %>,
+                            <%= group.is_repeat %>,
+                            '<%= field_name %>'
+                        );
+                    });
+                </script>
             </div>
         </div>
         <% if group.is_repeat %>

data/app/views/camaleon_cms/admin/settings/custom_fields/fields/_select_eval.html.erb CHANGED Viewed

@@ -1,3 +1,3 @@
 <div class="group-input-fields-content">
-  <%= select_tag "#{field_name}[#{field.slug}][values][]", instance_eval(field.options[:command].to_s.strip), class: "form-control input-value #{'required' if field.options[:required].to_s.to_bool}"  %>
+  <%= select_tag "#{field_name}[#{field.slug}][values][]", instance_eval(field.options[:command].to_s.strip), class: "form-control input-value #{'required' if field.options[:required].to_s.to_bool}" %>
 </div>

data/app/views/camaleon_cms/admin/settings/custom_fields/form.html.erb CHANGED Viewed

@@ -126,7 +126,11 @@
                     <div class="panel-body padding-0">
                         <% fields =  @field_group.new_record? ? [] : @field_group.fields %>
                         <ul id="sortable-fields" class="clear list-unstyled">
-                            <% fields.each do |field| @item_value = field; @item_options_value = field.options; @key = field.options[:field_key] %>
+                            <% fields.each do |field|
+                              @item_value = field
+                              @item_options_value = field.options
+                              @key = field.options['field_key']
+                            %>
                                 <li class="item">
                                     <%= render "get_items" %>
                                 </li>
@@ -148,7 +152,7 @@
                     <div class="panel-body">
                         <div id="content-items-default" class="form-group input-group-sm">
                             <% cama_custom_field_elements.each do |i,item| %>
-                                <% next if item[:key] == "select_eval" %>
+                                <% next if item[:key] == 'select_eval' %>
                                 <a id="item-<%= item[:key] %>" class="btn btn-default" href="<%= get_items_cama_admin_settings_custom_fields_path(item[:key]) %>" style="margin-bottom: 4px"><%= item[:label] %></a>
                             <% end %>
                         </div>
@@ -162,6 +166,3 @@
         <% end %>
     </div>
 </div>

data/app/views/camaleon_cms/admin/settings/custom_fields/index.html.erb CHANGED Viewed

@@ -44,7 +44,7 @@
             </tbody>
           </table>
           <%= content_tag("div", raw(t('camaleon_cms.admin.message.data_found_list')), class: "alert alert-warning") if @field_groups.empty? %>
-            <%= raw cama_do_pagination(@field_groups) %>
+            <%= cama_do_pagination(@field_groups) %>
         </div>
       </div>
       <!-- END BASIC TABLE SAMPLE -->

data/app/views/camaleon_cms/admin/settings/post_types/index.html.erb CHANGED Viewed

@@ -42,7 +42,7 @@
             </tbody>
           </table>
           <%= content_tag("div", raw(t('camaleon_cms.admin.message.data_found_list')), class: "alert alert-warning") if @post_types.empty? %>
-            <%= raw cama_do_pagination(@post_types) %>
+            <%= cama_do_pagination(@post_types) %>
         </div>
       </div>
       <!-- END BASIC TABLE SAMPLE -->

data/app/views/camaleon_cms/admin/settings/sites/index.html.erb CHANGED Viewed

@@ -50,7 +50,7 @@
             </tbody>
           </table>
           <%= content_tag("div", raw(t('camaleon_cms.admin.message.data_found_list')), class: "alert alert-warning") if @sites.empty? %>
-            <%= raw cama_do_pagination(@sites) %>
+            <%= cama_do_pagination(@sites) %>
         </div>
       </div>
       <!-- END BASIC TABLE SAMPLE -->

data/app/views/camaleon_cms/admin/user_roles/form.html.erb CHANGED Viewed

@@ -61,12 +61,12 @@
                 </div>
                 <div class="">
-                  <h5><%= t('camaleon_cms.admin.users.others_permissions')%></h5>
+                  <h5><%= t('camaleon_cms.admin.users.other_permissions')%></h5>
                   <div class="row">
                     <% values = rol_values_manager || {}  %>
                     <% cama_get_roles_values[:manager].each do |value|  %>
                         <div class="col-md-4">
-                          <label><input type="checkbox" name="rol_values[manager][<%= value[:key] %>]" value="1" <%= "checked" if values[value[:key].to_sym].present?  %> <%= "disabled" unless @user_role.editable?  %> >&nbsp; <%= raw value[:label] %></label>
+                          <label><input type="checkbox" name="rol_values[manager][<%= value[:key] %>]" value="1" <%= "checked" if values[value[:key].to_sym].present?  %> <%= "disabled" unless @user_role.editable?  %> <%= 'data-danger-select-eval=1' if value[:key].to_s == 'select_eval' %> >&nbsp; <%= raw value[:label] %></label>
                           &nbsp;<%= raw cama_html_tooltip(value[:description], 'right') if value[:description].present? %>
                         </div>
                     <% end %>
@@ -119,20 +119,94 @@
   <!-- END PAGE CONTENT WRAPPER -->
 </div>
+<div class="modal fade" id="select-eval-danger-modal" tabindex="-1" role="dialog" aria-labelledby="select-eval-danger-modal-title" aria-hidden="true">
+  <div class="modal-dialog" role="document">
+    <div class="modal-content">
+      <div class="modal-header">
+        <button type="button" class="close" data-dismiss="modal" aria-label="<%= t('camaleon_cms.admin.button.cancel') %>">
+          <span aria-hidden="true">&times;</span>
+        </button>
+        <h4 class="modal-title" id="select-eval-danger-modal-title"><%= t('camaleon_cms.admin.users.select_eval_modal.title') %></h4>
+      </div>
+      <div class="modal-body">
+        <p><%= t('camaleon_cms.admin.users.select_eval_modal.description') %></p>
+      </div>
+      <div class="modal-footer">
+        <button type="button" class="btn btn-default" data-role="select-eval-cancel" data-dismiss="modal"><%= t('camaleon_cms.admin.button.cancel') %></button>
+        <button type="button" class="btn btn-danger" data-role="select-eval-confirm"><%= t('camaleon_cms.admin.button.accept') %></button>
+      </div>
+    </div>
+  </div>
+</div>
 <script>
     jQuery(function($){
+      var pendingDangerSelectEval = null
+      var pendingDangerSelectEvalConfirmed = false
+      var $allCheckboxes = $("#contents-checkbox input[type='checkbox']")
+      var $selectEvalCheckbox = $("#contents-checkbox input[data-danger-select-eval='1']")
+      var $selectEvalModal = $("#select-eval-danger-modal")
+      function openSelectEvalDangerModal(checkbox){
+          pendingDangerSelectEval = checkbox
+          pendingDangerSelectEvalConfirmed = false
+          checkbox.prop("checked", false)
+          $selectEvalModal.modal("show")
+      }
+      function shouldWarnForSelectEvalEnable(wasChecked){
+          return $selectEvalCheckbox.length && !$selectEvalCheckbox.prop("disabled") && !wasChecked
+      }
       $("#contents-checkbox input:checked").each(function(){$(this).attr("data-checked", 1)})
+      $("#contents-checkbox").on("change", "input[data-danger-select-eval='1']", function(){
+          if($(this).prop("checked")){
+              openSelectEvalDangerModal($(this))
+          }
+      })
+      $selectEvalModal.find("[data-role='select-eval-confirm']").on("click", function(){
+          if(pendingDangerSelectEval){
+              pendingDangerSelectEval.prop("checked", true)
+              pendingDangerSelectEvalConfirmed = true
+          }
+          $selectEvalModal.modal("hide")
+      })
+      $(document).on("keydown", function(event){
+          if(event.which === 27 && $selectEvalModal.hasClass("in")){
+              $selectEvalModal.modal("hide")
+          }
+      })
+      $selectEvalModal.on("hidden.bs.modal", function(){
+          if(pendingDangerSelectEval && !pendingDangerSelectEvalConfirmed){
+              pendingDangerSelectEval.prop("checked", false)
+          }
+          pendingDangerSelectEval = null
+          pendingDangerSelectEvalConfirmed = false
+      })
       $("#checked-actions a[data-type]").click(function(){
           switch ($(this).attr("data-type")){
               case 'all':
-                  $("#contents-checkbox input[type='checkbox']").prop('checked', true);
+                  var wasSelectEvalChecked = $selectEvalCheckbox.prop('checked');
+                  $allCheckboxes.prop('checked', true);
+                  if(shouldWarnForSelectEvalEnable(wasSelectEvalChecked)){
+                      openSelectEvalDangerModal($selectEvalCheckbox)
+                  }
               break;
               case 'none':
-                  $("#contents-checkbox input[type='checkbox']").prop('checked', false);
+                  $allCheckboxes.prop('checked', false);
               break;
               case 'restore':
-                  $("#contents-checkbox input[type='checkbox']").prop('checked', false);
+                  var wasSelectEvalCheckedBeforeRestore = $selectEvalCheckbox.prop('checked');
+                  $allCheckboxes.prop('checked', false);
                   $("#contents-checkbox input[data-checked]").prop('checked', true);
+                  if(shouldWarnForSelectEvalEnable(wasSelectEvalCheckedBeforeRestore) && $selectEvalCheckbox.is("[data-checked]")){
+                      openSelectEvalDangerModal($selectEvalCheckbox)
+                  }
               break;
           }
           return false;

data/app/views/camaleon_cms/admin/user_roles/index.html.erb CHANGED Viewed

@@ -45,7 +45,7 @@
             </tbody>
           </table>
           <%= content_tag("div", raw(t('camaleon_cms.admin.message.data_found_list')), class: "alert alert-warning") if @user_roles.empty? %>
-            <%= raw cama_do_pagination(@user_roles) %>
+            <%= cama_do_pagination(@user_roles) %>
         </div>

data/app/views/camaleon_cms/admin/users/index.html.erb CHANGED Viewed

@@ -53,7 +53,7 @@
             </tbody>
           </table>
           <%= content_tag("div", raw(t('camaleon_cms.admin.message.data_found_list')), class: "alert alert-warning") if @users.empty? %>
-            <%= raw cama_do_pagination(@users) %>
+            <%= cama_do_pagination(@users) %>
         </div>
       </div>
       <!-- END BASIC TABLE SAMPLE -->

data/app/views/layouts/camaleon_cms/admin/_flash_messages.html.erb CHANGED Viewed

@@ -6,11 +6,11 @@
         </div>
     </div>
 <% end %>
-<% if params[:info] %>
+<% if flash[:info].present? %>
     <div class="flash_messages">
         <div class="alert alert-info">
             <button type="button" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="true">&times;</span></button>
-            <%= raw(params[:info]) %>
+            <%= flash[:info] %>
         </div>
     </div>
 <% end %>

data/config/initializers/custom_initializers.rb CHANGED Viewed

@@ -4,10 +4,10 @@ Rails.application.config.to_prepare do |_config|
     next unless ap['path'].present?
     f = File.join(ap['path'], 'config', 'initializer.rb')
-    eval(File.read(f)) if File.exist?(f)
+    load f if File.exist?(f)
     f = File.join(ap['path'], 'config', 'custom_models.rb')
-    eval(File.read(f)) if File.exist?(f)
+    load f if File.exist?(f)
   end
   # This block can be overridden in the app initializer to wrap the sleep and delete_file in an async job,

data/config/locales/camaleon_cms/admin/ar.yml CHANGED Viewed

@@ -587,7 +587,10 @@ ar:
          requires_different_email: 'Requires different email'
          created_pending_validate_email: "The user has been created, please confirm your email"
         new_photo: 'New Photo'
-        others_permissions: 'Others permissions'
+        other_permissions: 'Others permissions'
+        select_eval_modal:
+          title: 'صلاحية خطيرة'
+          description: 'صلاحية select_eval تسمح بتنفيذ كود ديناميكي من خيارات الحقول المخصصة. تفعيلها قد يؤدي الى تنفيذ كود عشوائي، كشف البيانات، والسيطرة الكاملة على الموقع عند تقييم محتوى غير موثوق.'
         profile: 'Profile'
         slogan: 'Slogan'
         type_contents: 'Type of Contents'
@@ -613,7 +616,7 @@ ar:
           media: 'Permission to the midsection'
           publish: 'You need permits Create or Edit, Edit Other, Edit, Publish, to enable this permission'
           themes: 'Themes permission to section'
-          widgets: 'Widgets permission to section'
+          widgets: 'Allow editing widgets, including saving unsanitized code.'
           menus: 'Permission to the Menu section'
           plugins: 'Permission to the Plugins section'
           users: 'Permission to create, edit, delete Users'
@@ -664,6 +667,7 @@ ar:
           error_created: "No created sidebar."
           error_updated: "No Update sidebar."
           error_deleted: "Sidebar deleted."
+        warning: "Warning: Widgets can store unsanitized HTML and Javascript. Only enter code that you understand and trust."
       intro:
         profile: "In this place you can see your profile options."
         content: "This block contains all content groups of your site. Each content can have different structure configured in settings => Content Groups"

data/config/locales/camaleon_cms/admin/de.yml CHANGED Viewed

@@ -586,7 +586,10 @@ de:
           requires_different_email: 'Erfordert eine andere Email'
           created_pending_validate_email: 'Der Benutzer wurde erstellt, bitte bestätige deine Email.'
         new_photo: 'Neues Bild'
-        others_permissions: 'Rechte Anderer'
+        other_permissions: 'Rechte Anderer'
+        select_eval_modal:
+          title: 'Gefahrliche Berechtigung'
+          description: 'Die Berechtigung select_eval erlaubt die Ausfuhrung von dynamischem Code aus Optionen benutzerdefinierter Felder. Das Aktivieren kann zu beliebiger Codeausfuhrung, Datenoffenlegung und einer vollstandigen Kompromittierung der Website fuhren, wenn nicht vertrauenswurdige Inhalte ausgewertet werden.'
         profile: 'Profil'
         slogan: 'Slogan'
         type_contents: 'Art der Inhalte'
@@ -612,7 +615,7 @@ de:
           media: 'Rechte für den Mittelbereich'
           publish: 'Du benötigst die Rechte Erstellen oder Verarbeiten, Andere Bearbeiten, Bearbeiten, Veröffentlichen, um dieses Recht zu aktivieren'
           themes: 'Recht für den Themes-Bereich'
-          widgets: 'Widgets-Recht für den Bereich'
+          widgets: 'Ermöglichen Sie die Bearbeitung von Widgets, einschließlich des Speicherns von nicht bereinigtem Code.'
           menus: 'Recht für den Menübereich'
           plugins: 'Recht für den Plugin-Bereich'
           users: 'Recht zum Erstellen, Bearbeiten und Löschen von Benutzern'
@@ -663,6 +666,7 @@ de:
           error_created: 'Fehler beim Erstellen der Sidebar.'
           error_updated: 'Fehler beim Aktualisieren der Sidebar.'
           error_deleted: 'Fehler beim Löschen der Sidebar.'
+        warning: "Warnung: Widgets können nicht bereinigtes HTML und Javascript speichern. Geben Sie nur Code ein, den Sie verstehen und dem Sie vertrauen."
       intro:
         profile: 'Hier kannst du Einstellungen für dein Profil vornehmen.'
         content: 'Dieser Block enthält die Inhaltsgruppen deiner Seite. Jeder Inhalt kann auf verschiedene Weise konfiguriert werden. Siehe Einstellungen => Inhaltsgruppen'

data/config/locales/camaleon_cms/admin/en.yml CHANGED Viewed

@@ -640,7 +640,10 @@ en:
           role_can_not_be_deleted: Role can not be deleted
           user_can_not_delete_own_account: You cannot delete your own account
         new_photo: 'New Photo'
-        others_permissions: 'Others permissions'
+        other_permissions: 'Other permissions'
+        select_eval_modal:
+          title: 'Dangerous Permission'
+          description: 'The select_eval permission allows execution of dynamic code from custom field options. Enabling it can lead to arbitrary code execution, data exposure, and full site compromise if untrusted content is evaluated.'
         profile: 'Profile'
         slogan: 'Slogan'
         type_contents: 'Type of Contents'
@@ -666,7 +669,7 @@ en:
           media: 'Permission to the midsection'
           publish: 'You need permits Create or Edit, Edit Other, Edit, Publish, to enable this permission'
           themes: 'Themes permission to section'
-          widgets: 'Widgets permission to section'
+          widgets: 'Allow editing widgets, including saving unsanitized code.'
           menus: 'Permission to the Menu section'
           plugins: 'Permission to the Plugins section'
           users: 'Permission to create, edit, delete Users'
@@ -728,6 +731,7 @@ en:
           error_created: "No created sidebar."
           error_updated: "No Update sidebar."
           error_deleted: "Sidebar deleted."
+        warning: "Warning: Widgets can store unsanitized HTML and Javascript. Only enter code that you understand and trust."
       intro:
         profile: "In this place you can see your profile options."
         content: "This block contains all content groups of your site. Each content can have different structure configured in settings => Content Groups"

data/config/locales/camaleon_cms/admin/es.yml CHANGED Viewed

@@ -561,7 +561,10 @@ es:
          requires_different_email: 'Requiere diferente correo electrónico'
          created_pending_validate_email: 'El usuario ha sido creado, por favor confirma tu email'
         new_photo: 'Nueva Fotografía'
-        others_permissions: 'Otros permisos'
+        other_permissions: 'Otros permisos'
+        select_eval_modal:
+          title: 'Permiso peligroso'
+          description: 'El permiso select_eval permite ejecutar codigo dinamico desde opciones de campos personalizados. Al habilitarlo, puede provocar ejecucion arbitraria de codigo, exposicion de datos y compromiso total del sitio si se evalua contenido no confiable.'
         profile: 'Perfil'
         slogan: 'Eslogan'
         type_contents: 'Tipo de Contenidos'
@@ -587,7 +590,7 @@ es:
           media: 'Permiso a la seccion Media'
           publish: 'Necesitas tener los permisos de Crear o Editar, Editar Otros, Editar Publicar, para habilitar este permiso'
           themes: 'Permiso a la seccion Plantillas'
-          widgets: 'Permiso a la seccion Widgets'
+          widgets: 'Permitir la edición de widgets, incluido el almacenamiento de código sin desinfectar.'
           menus: 'Permiso a la seccion Menu'
           plugins: 'Permiso a la seccion Plugins'
           users: 'Permiso para crear, editar, eliminar Usuarios'
@@ -629,6 +632,7 @@ es:
           error_created: 'No se ha creado el Widget.'
           error_updated: 'No se ha actualizado el Widget.'
           not_registered_widgets: 'No existen widgets registrados'
+        warning: "Advertencia: Los widgets pueden almacenar HTML y Javascript sin desinfectar. Ingrese solo el código que comprenda y en el que confíe."
       appearances:
         nav_menus:
           menu_items:

data/config/locales/camaleon_cms/admin/fr.yml CHANGED Viewed

@@ -567,7 +567,10 @@ fr:
          requires_different_email: 'Un email différent est requis'
          created_pending_validate_email: "L'utilisateur a été créé, veuillez confirmer votre email"
         new_photo: 'Nouvelle photo'
-        others_permissions: 'Autres permissions'
+        other_permissions: 'Autres permissions'
+        select_eval_modal:
+          title: 'Permission dangereuse'
+          description: 'La permission select_eval autorise l execution de code dynamique depuis les options des champs personnalises. Son activation peut entrainer l execution de code arbitraire, l exposition de donnees et la compromission complete du site si du contenu non fiable est evalue.'
         profile: 'Profil'
         slogan: 'Slogan'
         type_contents: 'Type de contenus'
@@ -593,7 +596,7 @@ fr:
           media: 'Permission pour la section média'
           publish: 'Permissions Créer ou Editer, Editer autre, Editer, Publier, requises pour activer cette permission'
           themes: 'Permission pour la section thèmes'
-          widgets: 'Permission pour la section widgets'
+          widgets: "Autoriser la modification des widgets, y compris l'enregistrement de code non nettoyé."
           menus: 'Permission pour la section menus'
           plugins: 'Permission pour la section plugins'
           users: 'Permission de créer, éditer et supprimer des utilisateurs'
@@ -644,6 +647,7 @@ fr:
           error_created: "Sidebar non créée."
           error_updated: "Sidebar non mise à jour."
           error_deleted: "Sidebar supprimée."
+        warning: "Attention : les widgets peuvent stocker du HTML et du Javascript non nettoyés. Entrez uniquement du code que vous comprenez et auquel vous faites confiance."
       intro:
         profile: "Ici vous pouvez voir les options de votre profil."
         content: "Ce bloc contient tout les groupes de contenu de votre site. Chaque contenu peut avoir une structure différente configurable via Paramètres => Groupes de contenu"

data/config/locales/camaleon_cms/admin/it.yml CHANGED Viewed

@@ -565,7 +565,10 @@ it:
           requires_different_username: 'Inserisci uno username diverso'
           requires_different_email: 'Inserisci una email diversa'
         new_photo: 'Nuova foto'
-        others_permissions: 'Altri permessi'
+        other_permissions: 'Altri permessi'
+        select_eval_modal:
+          title: 'Permesso pericoloso'
+          description: 'Il permesso select_eval consente l esecuzione di codice dinamico dalle opzioni dei campi personalizzati. Se abilitato, puo causare esecuzione arbitraria di codice, esposizione dei dati e compromissione completa del sito quando viene valutato contenuto non attendibile.'
         profile: 'Profilo'
         slogan: 'Slogan'
         type_contents: 'Tipi di contenuti'
@@ -591,7 +594,7 @@ it:
           media: 'Permesso per la midsection'
           publish: 'Devi abilitare Crea o Modifica, Modifica Altro, Modifica, Pubblica, per abilitare questi permessi'
           themes: 'Permessi per la sezione temi'
-          widgets: 'Permessi per la sezione widget'
+          widgets: 'Consenti la modifica dei widget, incluso il salvataggio di codice non disinfettato.'
           menus: 'Permessi per la sezione menù'
           plugins: 'Permessi per la sezione plugin'
           users: 'Permesso di creare, modificare e cancellare utenti'
@@ -633,3 +636,4 @@ it:
           error_created: 'Widget non creato.'
           error_updated: 'Widget non aggiornato.'
           not_registered_widgets: 'Non ci sono widget registrati'
+        warning: "Attenzione: i widget possono memorizzare HTML e Javascript non sanificati. Inserisci solo il codice che comprendi e di cui ti fidi."

data/config/locales/camaleon_cms/admin/nl.yml CHANGED Viewed

@@ -563,7 +563,10 @@ nl:
          requires_different_email: 'Andere e-mail verplicht'
          created_pending_validate_email: "Gebruiker is aangemaakt, bevestig uw e-mail"
         new_photo: 'Nieuwe foto'
-        others_permissions: 'Andere rechten'
+        other_permissions: 'Andere rechten'
+        select_eval_modal:
+          title: 'Gevaarlijke toestemming'
+          description: 'De toestemming select_eval staat het uitvoeren van dynamische code toe vanuit opties van aangepaste velden. Inschakelen kan leiden tot willekeurige code-uitvoering, blootstelling van gegevens en volledige compromittering van de site als niet-vertrouwde inhoud wordt ge-evalueerd.'
         profile: 'Profiel'
         slogan: 'Slogan'
         type_contents: 'Type inhoud'
@@ -589,7 +592,7 @@ nl:
           media: 'Toegang tot media'
           publish: 'Je hebt de volgende rechten toevoegen en bewerken, bewerk andere, bewerk gepubliceerd nodig om dit aan te passen'
           themes: "Toegang tot thema's"
-          widgets: 'Toegang tot widgets'
+          widgets: 'Sta het bewerken van widgets toe, inclusief het opslaan van niet-opgeschoonde code.'
           menus: "Toegang tot menu's"
           plugins: 'Toegang tot plugins'
           users: 'Rechten om gebruikers aan te maken, te bewerken of te verwijderen'
@@ -640,6 +643,8 @@ nl:
           error_created: "FOUT! Sidebar is niet aangemaakt."
           error_updated: "FOUT! Sidebar is niet bijgewerkt."
           error_deleted: "Sidebar verwijderd."
+        warning: "Waarschuwing: Widgets kunnen niet-opgeschoonde HTML en Javascript opslaan. Voer alleen code in die u begrijpt en vertrouwt."
       intro:
         profile: "Hier kun je profiel opties bekijken."
         content: "Dit blok bevat alle inhoud types van uw site. Elk inhoud type kan in een andere structuur geconfigureerd worden in instellingen => Inhoud type's hebben"

data/config/locales/camaleon_cms/admin/pt-BR.yml CHANGED Viewed

@@ -555,7 +555,10 @@ pt-BR:
          requires_different_username: 'Requer usuário diferente'
          requires_different_email: 'Requer email diferente'
         new_photo: 'Nova foto'
-        others_permissions: 'Outras permissões'
+        other_permissions: 'Outras permissões'
+        select_eval_modal:
+          title: 'Permissao perigosa'
+          description: 'A permissao select_eval permite executar codigo dinamico a partir das opcoes de campos personalizados. Ao habilitar, pode causar execucao arbitraria de codigo, exposicao de dados e comprometimento total do site caso conteudo nao confiavel seja avaliado.'
         profile: 'Perfil'
         slogan: 'Slogan'
         type_contents: 'TIpo de conteúdos'
@@ -581,7 +584,7 @@ pt-BR:
           media: 'Permissão para o meio'
           publish: 'Você precisa permitir Criar ou Editar, Editar Outro, Editar, Publicar , para habilitar esta permissão'
           themes: 'Permissão para a seção Temas'
-          widgets: 'Permissão para a seção Widgets'
+          widgets: 'Permitir a edição de widgets, incluindo salvar código não higienizado.'
           menus: 'Permissão para a seção Menu'
           plugins: 'Permissão para a seção Plugins'
           users: 'Permissão to criar, editar, excluir Usuários'
@@ -623,6 +626,7 @@ pt-BR:
           error_created: 'Nenhum Widget criado.'
           error_updated: 'Nenhum Widget atualizado.'
           not_registered_widgets: 'Não há widgets registrados'
+        warning: "Aviso: Os widgets podem armazenar HTML e Javascript não higienizados. Insira apenas o código que você entende e confia."
       intro:
         profile: "Neste lugar você pode ver suas opções de perfis."
         content: "Este bloco contém todo o grupo de conteúdo de seu site. Cada conteúdo pode ter uma estrutura diferente configurada em Configurações => Grupos de conteúdo"

data/config/locales/camaleon_cms/admin/pt.yml CHANGED Viewed

@@ -553,7 +553,10 @@ pt:
          requires_different_username: 'Requer utilizador diferente'
          requires_different_email: 'Requer email diferente'
         new_photo: 'Nova foto'
-        others_permissions: 'Outras permissões'
+        other_permissions: 'Outras permissões'
+        select_eval_modal:
+          title: 'Permissao perigosa'
+          description: 'A permissao select_eval permite executar codigo dinamico a partir das opcoes dos campos personalizados. Ao ativar, pode causar execucao arbitraria de codigo, exposicao de dados e comprometimento total do site se conteudo nao confiavel for avaliado.'
         profile: 'Perfil'
         slogan: 'Slogan'
         type_contents: 'TIpo de conteúdos'
@@ -579,7 +582,7 @@ pt:
           media: 'Permissão para o meio'
           publish: 'Permissão para Criar ou Editar, Editar Outro, Editar, Publicar, para habilitar esta permissão'
           themes: 'Permissão para a secção Temas'
-          widgets: 'Permissão para a secção Widgets'
+          widgets: 'Permite a edição de widgets, incluindo salvar código não higienizado.'
           menus: 'Permissão para a secção Menu'
           plugins: 'Permissão para a secção Plugins'
           users: 'Permissão para criar, editar, apagar utilizadores'
@@ -621,6 +624,7 @@ pt:
           error_created: 'Nenhum Widget criado.'
           error_updated: 'Nenhum Widget atualizado.'
           not_registered_widgets: 'Não há widgets registados'
+        warning: "Aviso: Os widgets podem armazenar HTML e Javascript não higienizados. Introduza apenas o código que compreende e em que confia."
       intro:
         profile: "Neste lugar pode ver suas opções de perfis."
         content: "Este bloco contém todo o grupo de conteúdo de seu site. Cada conteúdo pode ter uma estrutura diferente configurada em Configurações => Grupos de conteúdo"

data/config/locales/camaleon_cms/admin/ru.yml CHANGED Viewed

@@ -574,7 +574,10 @@ ru:
          requires_different_email: 'Требуется другая эл. почта'
          created_pending_validate_email: "Пользователь был создан, пожалуйста, подтвердите вашу электронную почту"
         new_photo: 'Новая фотография'
-        others_permissions: 'Другие разрешения'
+        other_permissions: 'Другие разрешения'
+        select_eval_modal:
+          title: 'Опасное право доступа'
+          description: 'Поле типа select_eval позволяет выполнять динамический код из параметров, введённых пользователем. Это может привести к произвольному выполнению кода, утечке данных (в том числе паролей и ключей авторизации) и полной компрометации сайта. Включайте это правл доступа только для доверенных пользователей!'
         profile: 'Профиль'
         slogan: 'Слоган'
         type_contents: 'Тип контента'
@@ -600,7 +603,7 @@ ru:
           media: 'Permission to the midsection'
           publish: 'Вам требуется разрешение на Создание, Редактирование, Редактирование других или Опубликовать чтобы включить это разрешение'
           themes: 'Разрешение тем на раздел'
-          widgets: 'Разрешение виджетов на раздел'
+          widgets: 'Разрешите редактирование виджетов, в том числе сохранение неочищенного кода.'
           menus: 'Разрешение на раздел Меню'
           plugins: 'Разрешение на раздел Плагинов'
           users: 'Разрешение на создание, редактирование и удаление Пользователей'
@@ -651,6 +654,7 @@ ru:
           error_created: "Боковая панель не создана."
           error_updated: "Боковая панель не обновлена."
           error_deleted: "Боковая панель удалена."
+        warning: "Предупреждение: Виджеты могут хранить неочищенный HTML и Javascript. Вводите только тот код, который вы понимаете и которому доверяете."
       intro:
         profile: "Здесь вы можете увидеть настройки вашего профиля."
         content: "Этот блок содержит все группы контента вашего сайта. Каждый контент может иметь различную структуру, их можно настроить в Настройки => Группа контентов"