camaleon_cms 2.9.1 → 2.9.2

data/config/locales/camaleon_cms/admin/ar.yml

@@ -587,7 +587,10 @@ ar:
          requires_different_email: 'Requires different email'
          created_pending_validate_email: "The user has been created, please confirm your email"
         new_photo: 'New Photo'
-        others_permissions: 'Others permissions'
+        other_permissions: 'Others permissions'
+        select_eval_modal:
+          title: 'صلاحية خطيرة'
+          description: 'صلاحية select_eval تسمح بتنفيذ كود ديناميكي من خيارات الحقول المخصصة. تفعيلها قد يؤدي الى تنفيذ كود عشوائي، كشف البيانات، والسيطرة الكاملة على الموقع عند تقييم محتوى غير موثوق.'
         profile: 'Profile'
         slogan: 'Slogan'
         type_contents: 'Type of Contents'
@@ -613,7 +616,7 @@ ar:
           media: 'Permission to the midsection'
           publish: 'You need permits Create or Edit, Edit Other, Edit, Publish, to enable this permission'
           themes: 'Themes permission to section'
-          widgets: 'Widgets permission to section'
+          widgets: 'Allow editing widgets, including saving unsanitized code.'
           menus: 'Permission to the Menu section'
           plugins: 'Permission to the Plugins section'
           users: 'Permission to create, edit, delete Users'
@@ -664,6 +667,7 @@ ar:
           error_created: "No created sidebar."
           error_updated: "No Update sidebar."
           error_deleted: "Sidebar deleted."
+        warning: "Warning: Widgets can store unsanitized HTML and Javascript. Only enter code that you understand and trust."
       intro:
         profile: "In this place you can see your profile options."
         content: "This block contains all content groups of your site. Each content can have different structure configured in settings => Content Groups"

data/config/locales/camaleon_cms/admin/de.yml

@@ -586,7 +586,10 @@ de:
           requires_different_email: 'Erfordert eine andere Email'
           created_pending_validate_email: 'Der Benutzer wurde erstellt, bitte bestätige deine Email.'
         new_photo: 'Neues Bild'
-        others_permissions: 'Rechte Anderer'
+        other_permissions: 'Rechte Anderer'
+        select_eval_modal:
+          title: 'Gefahrliche Berechtigung'
+          description: 'Die Berechtigung select_eval erlaubt die Ausfuhrung von dynamischem Code aus Optionen benutzerdefinierter Felder. Das Aktivieren kann zu beliebiger Codeausfuhrung, Datenoffenlegung und einer vollstandigen Kompromittierung der Website fuhren, wenn nicht vertrauenswurdige Inhalte ausgewertet werden.'
         profile: 'Profil'
         slogan: 'Slogan'
         type_contents: 'Art der Inhalte'
@@ -612,7 +615,7 @@ de:
           media: 'Rechte für den Mittelbereich'
           publish: 'Du benötigst die Rechte Erstellen oder Verarbeiten, Andere Bearbeiten, Bearbeiten, Veröffentlichen, um dieses Recht zu aktivieren'
           themes: 'Recht für den Themes-Bereich'
-          widgets: 'Widgets-Recht für den Bereich'
+          widgets: 'Ermöglichen Sie die Bearbeitung von Widgets, einschließlich des Speicherns von nicht bereinigtem Code.'
           menus: 'Recht für den Menübereich'
           plugins: 'Recht für den Plugin-Bereich'
           users: 'Recht zum Erstellen, Bearbeiten und Löschen von Benutzern'
@@ -663,6 +666,7 @@ de:
           error_created: 'Fehler beim Erstellen der Sidebar.'
           error_updated: 'Fehler beim Aktualisieren der Sidebar.'
           error_deleted: 'Fehler beim Löschen der Sidebar.'
+        warning: "Warnung: Widgets können nicht bereinigtes HTML und Javascript speichern. Geben Sie nur Code ein, den Sie verstehen und dem Sie vertrauen."
       intro:
         profile: 'Hier kannst du Einstellungen für dein Profil vornehmen.'
         content: 'Dieser Block enthält die Inhaltsgruppen deiner Seite. Jeder Inhalt kann auf verschiedene Weise konfiguriert werden. Siehe Einstellungen => Inhaltsgruppen'

data/config/locales/camaleon_cms/admin/en.yml

@@ -640,7 +640,10 @@ en:
           role_can_not_be_deleted: Role can not be deleted
           user_can_not_delete_own_account: You cannot delete your own account
         new_photo: 'New Photo'
-        others_permissions: 'Others permissions'
+        other_permissions: 'Other permissions'
+        select_eval_modal:
+          title: 'Dangerous Permission'
+          description: 'The select_eval permission allows execution of dynamic code from custom field options. Enabling it can lead to arbitrary code execution, data exposure, and full site compromise if untrusted content is evaluated.'
         profile: 'Profile'
         slogan: 'Slogan'
         type_contents: 'Type of Contents'
@@ -666,7 +669,7 @@ en:
           media: 'Permission to the midsection'
           publish: 'You need permits Create or Edit, Edit Other, Edit, Publish, to enable this permission'
           themes: 'Themes permission to section'
-          widgets: 'Widgets permission to section'
+          widgets: 'Allow editing widgets, including saving unsanitized code.'
           menus: 'Permission to the Menu section'
           plugins: 'Permission to the Plugins section'
           users: 'Permission to create, edit, delete Users'
@@ -728,6 +731,7 @@ en:
           error_created: "No created sidebar."
           error_updated: "No Update sidebar."
           error_deleted: "Sidebar deleted."
+        warning: "Warning: Widgets can store unsanitized HTML and Javascript. Only enter code that you understand and trust."
       intro:
         profile: "In this place you can see your profile options."
         content: "This block contains all content groups of your site. Each content can have different structure configured in settings => Content Groups"

data/config/locales/camaleon_cms/admin/es.yml

@@ -561,7 +561,10 @@ es:
          requires_different_email: 'Requiere diferente correo electrónico'
          created_pending_validate_email: 'El usuario ha sido creado, por favor confirma tu email'
         new_photo: 'Nueva Fotografía'
-        others_permissions: 'Otros permisos'
+        other_permissions: 'Otros permisos'
+        select_eval_modal:
+          title: 'Permiso peligroso'
+          description: 'El permiso select_eval permite ejecutar codigo dinamico desde opciones de campos personalizados. Al habilitarlo, puede provocar ejecucion arbitraria de codigo, exposicion de datos y compromiso total del sitio si se evalua contenido no confiable.'
         profile: 'Perfil'
         slogan: 'Eslogan'
         type_contents: 'Tipo de Contenidos'
@@ -587,7 +590,7 @@ es:
           media: 'Permiso a la seccion Media'
           publish: 'Necesitas tener los permisos de Crear o Editar, Editar Otros, Editar Publicar, para habilitar este permiso'
           themes: 'Permiso a la seccion Plantillas'
-          widgets: 'Permiso a la seccion Widgets'
+          widgets: 'Permitir la edición de widgets, incluido el almacenamiento de código sin desinfectar.'
           menus: 'Permiso a la seccion Menu'
           plugins: 'Permiso a la seccion Plugins'
           users: 'Permiso para crear, editar, eliminar Usuarios'
@@ -629,6 +632,7 @@ es:
           error_created: 'No se ha creado el Widget.'
           error_updated: 'No se ha actualizado el Widget.'
           not_registered_widgets: 'No existen widgets registrados'
+        warning: "Advertencia: Los widgets pueden almacenar HTML y Javascript sin desinfectar. Ingrese solo el código que comprenda y en el que confíe."
       appearances:
         nav_menus:
           menu_items:

data/config/locales/camaleon_cms/admin/fr.yml

@@ -567,7 +567,10 @@ fr:
          requires_different_email: 'Un email différent est requis'
          created_pending_validate_email: "L'utilisateur a été créé, veuillez confirmer votre email"
         new_photo: 'Nouvelle photo'
-        others_permissions: 'Autres permissions'
+        other_permissions: 'Autres permissions'
+        select_eval_modal:
+          title: 'Permission dangereuse'
+          description: 'La permission select_eval autorise l execution de code dynamique depuis les options des champs personnalises. Son activation peut entrainer l execution de code arbitraire, l exposition de donnees et la compromission complete du site si du contenu non fiable est evalue.'
         profile: 'Profil'
         slogan: 'Slogan'
         type_contents: 'Type de contenus'
@@ -593,7 +596,7 @@ fr:
           media: 'Permission pour la section média'
           publish: 'Permissions Créer ou Editer, Editer autre, Editer, Publier, requises pour activer cette permission'
           themes: 'Permission pour la section thèmes'
-          widgets: 'Permission pour la section widgets'
+          widgets: "Autoriser la modification des widgets, y compris l'enregistrement de code non nettoyé."
           menus: 'Permission pour la section menus'
           plugins: 'Permission pour la section plugins'
           users: 'Permission de créer, éditer et supprimer des utilisateurs'
@@ -644,6 +647,7 @@ fr:
           error_created: "Sidebar non créée."
           error_updated: "Sidebar non mise à jour."
           error_deleted: "Sidebar supprimée."
+        warning: "Attention : les widgets peuvent stocker du HTML et du Javascript non nettoyés. Entrez uniquement du code que vous comprenez et auquel vous faites confiance."
       intro:
         profile: "Ici vous pouvez voir les options de votre profil."
         content: "Ce bloc contient tout les groupes de contenu de votre site. Chaque contenu peut avoir une structure différente configurable via Paramètres => Groupes de contenu"

data/config/locales/camaleon_cms/admin/it.yml

@@ -565,7 +565,10 @@ it:
           requires_different_username: 'Inserisci uno username diverso'
           requires_different_email: 'Inserisci una email diversa'
         new_photo: 'Nuova foto'
-        others_permissions: 'Altri permessi'
+        other_permissions: 'Altri permessi'
+        select_eval_modal:
+          title: 'Permesso pericoloso'
+          description: 'Il permesso select_eval consente l esecuzione di codice dinamico dalle opzioni dei campi personalizzati. Se abilitato, puo causare esecuzione arbitraria di codice, esposizione dei dati e compromissione completa del sito quando viene valutato contenuto non attendibile.'
         profile: 'Profilo'
         slogan: 'Slogan'
         type_contents: 'Tipi di contenuti'
@@ -591,7 +594,7 @@ it:
           media: 'Permesso per la midsection'
           publish: 'Devi abilitare Crea o Modifica, Modifica Altro, Modifica, Pubblica, per abilitare questi permessi'
           themes: 'Permessi per la sezione temi'
-          widgets: 'Permessi per la sezione widget'
+          widgets: 'Consenti la modifica dei widget, incluso il salvataggio di codice non disinfettato.'
           menus: 'Permessi per la sezione menù'
           plugins: 'Permessi per la sezione plugin'
           users: 'Permesso di creare, modificare e cancellare utenti'
@@ -633,3 +636,4 @@ it:
           error_created: 'Widget non creato.'
           error_updated: 'Widget non aggiornato.'
           not_registered_widgets: 'Non ci sono widget registrati'
+        warning: "Attenzione: i widget possono memorizzare HTML e Javascript non sanificati. Inserisci solo il codice che comprendi e di cui ti fidi."

data/config/locales/camaleon_cms/admin/nl.yml

@@ -563,7 +563,10 @@ nl:
          requires_different_email: 'Andere e-mail verplicht'
          created_pending_validate_email: "Gebruiker is aangemaakt, bevestig uw e-mail"
         new_photo: 'Nieuwe foto'
-        others_permissions: 'Andere rechten'
+        other_permissions: 'Andere rechten'
+        select_eval_modal:
+          title: 'Gevaarlijke toestemming'
+          description: 'De toestemming select_eval staat het uitvoeren van dynamische code toe vanuit opties van aangepaste velden. Inschakelen kan leiden tot willekeurige code-uitvoering, blootstelling van gegevens en volledige compromittering van de site als niet-vertrouwde inhoud wordt ge-evalueerd.'
         profile: 'Profiel'
         slogan: 'Slogan'
         type_contents: 'Type inhoud'
@@ -589,7 +592,7 @@ nl:
           media: 'Toegang tot media'
           publish: 'Je hebt de volgende rechten toevoegen en bewerken, bewerk andere, bewerk gepubliceerd nodig om dit aan te passen'
           themes: "Toegang tot thema's"
-          widgets: 'Toegang tot widgets'
+          widgets: 'Sta het bewerken van widgets toe, inclusief het opslaan van niet-opgeschoonde code.'
           menus: "Toegang tot menu's"
           plugins: 'Toegang tot plugins'
           users: 'Rechten om gebruikers aan te maken, te bewerken of te verwijderen'
@@ -640,6 +643,8 @@ nl:
           error_created: "FOUT! Sidebar is niet aangemaakt."
           error_updated: "FOUT! Sidebar is niet bijgewerkt."
           error_deleted: "Sidebar verwijderd."
+        warning: "Waarschuwing: Widgets kunnen niet-opgeschoonde HTML en Javascript opslaan. Voer alleen code in die u begrijpt en vertrouwt."
+
       intro:
         profile: "Hier kun je profiel opties bekijken."
         content: "Dit blok bevat alle inhoud types van uw site. Elk inhoud type kan in een andere structuur geconfigureerd worden in instellingen => Inhoud type's hebben"

data/config/locales/camaleon_cms/admin/pt-BR.yml

@@ -555,7 +555,10 @@ pt-BR:
          requires_different_username: 'Requer usuário diferente'
          requires_different_email: 'Requer email diferente'
         new_photo: 'Nova foto'
-        others_permissions: 'Outras permissões'
+        other_permissions: 'Outras permissões'
+        select_eval_modal:
+          title: 'Permissao perigosa'
+          description: 'A permissao select_eval permite executar codigo dinamico a partir das opcoes de campos personalizados. Ao habilitar, pode causar execucao arbitraria de codigo, exposicao de dados e comprometimento total do site caso conteudo nao confiavel seja avaliado.'
         profile: 'Perfil'
         slogan: 'Slogan'
         type_contents: 'TIpo de conteúdos'
@@ -581,7 +584,7 @@ pt-BR:
           media: 'Permissão para o meio'
           publish: 'Você precisa permitir Criar ou Editar, Editar Outro, Editar, Publicar , para habilitar esta permissão'
           themes: 'Permissão para a seção Temas'
-          widgets: 'Permissão para a seção Widgets'
+          widgets: 'Permitir a edição de widgets, incluindo salvar código não higienizado.'
           menus: 'Permissão para a seção Menu'
           plugins: 'Permissão para a seção Plugins'
           users: 'Permissão to criar, editar, excluir Usuários'
@@ -623,6 +626,7 @@ pt-BR:
           error_created: 'Nenhum Widget criado.'
           error_updated: 'Nenhum Widget atualizado.'
           not_registered_widgets: 'Não há widgets registrados'
+        warning: "Aviso: Os widgets podem armazenar HTML e Javascript não higienizados. Insira apenas o código que você entende e confia."
       intro:
         profile: "Neste lugar você pode ver suas opções de perfis."
         content: "Este bloco contém todo o grupo de conteúdo de seu site. Cada conteúdo pode ter uma estrutura diferente configurada em Configurações => Grupos de conteúdo"

data/config/locales/camaleon_cms/admin/pt.yml

@@ -553,7 +553,10 @@ pt:
          requires_different_username: 'Requer utilizador diferente'
          requires_different_email: 'Requer email diferente'
         new_photo: 'Nova foto'
-        others_permissions: 'Outras permissões'
+        other_permissions: 'Outras permissões'
+        select_eval_modal:
+          title: 'Permissao perigosa'
+          description: 'A permissao select_eval permite executar codigo dinamico a partir das opcoes dos campos personalizados. Ao ativar, pode causar execucao arbitraria de codigo, exposicao de dados e comprometimento total do site se conteudo nao confiavel for avaliado.'
         profile: 'Perfil'
         slogan: 'Slogan'
         type_contents: 'TIpo de conteúdos'
@@ -579,7 +582,7 @@ pt:
           media: 'Permissão para o meio'
           publish: 'Permissão para Criar ou Editar, Editar Outro, Editar, Publicar, para habilitar esta permissão'
           themes: 'Permissão para a secção Temas'
-          widgets: 'Permissão para a secção Widgets'
+          widgets: 'Permite a edição de widgets, incluindo salvar código não higienizado.'
           menus: 'Permissão para a secção Menu'
           plugins: 'Permissão para a secção Plugins'
           users: 'Permissão para criar, editar, apagar utilizadores'
@@ -621,6 +624,7 @@ pt:
           error_created: 'Nenhum Widget criado.'
           error_updated: 'Nenhum Widget atualizado.'
           not_registered_widgets: 'Não há widgets registados'
+        warning: "Aviso: Os widgets podem armazenar HTML e Javascript não higienizados. Introduza apenas o código que compreende e em que confia."
       intro:
         profile: "Neste lugar pode ver suas opções de perfis."
         content: "Este bloco contém todo o grupo de conteúdo de seu site. Cada conteúdo pode ter uma estrutura diferente configurada em Configurações => Grupos de conteúdo"

data/config/locales/camaleon_cms/admin/ru.yml

@@ -574,7 +574,10 @@ ru:
          requires_different_email: 'Требуется другая эл. почта'
          created_pending_validate_email: "Пользователь был создан, пожалуйста, подтвердите вашу электронную почту"
         new_photo: 'Новая фотография'
-        others_permissions: 'Другие разрешения'
+        other_permissions: 'Другие разрешения'
+        select_eval_modal:
+          title: 'Опасное право доступа'
+          description: 'Поле типа select_eval позволяет выполнять динамический код из параметров, введённых пользователем. Это может привести к произвольному выполнению кода, утечке данных (в том числе паролей и ключей авторизации) и полной компрометации сайта. Включайте это правл доступа только для доверенных пользователей!'
         profile: 'Профиль'
         slogan: 'Слоган'
         type_contents: 'Тип контента'
@@ -600,7 +603,7 @@ ru:
           media: 'Permission to the midsection'
           publish: 'Вам требуется разрешение на Создание, Редактирование, Редактирование других или Опубликовать чтобы включить это разрешение'
           themes: 'Разрешение тем на раздел'
-          widgets: 'Разрешение виджетов на раздел'
+          widgets: 'Разрешите редактирование виджетов, в том числе сохранение неочищенного кода.'
           menus: 'Разрешение на раздел Меню'
           plugins: 'Разрешение на раздел Плагинов'
           users: 'Разрешение на создание, редактирование и удаление Пользователей'
@@ -651,6 +654,7 @@ ru:
           error_created: "Боковая панель не создана."
           error_updated: "Боковая панель не обновлена."
           error_deleted: "Боковая панель удалена."
+        warning: "Предупреждение: Виджеты могут хранить неочищенный HTML и Javascript. Вводите только тот код, который вы понимаете и которому доверяете."
       intro:
         profile: "Здесь вы можете увидеть настройки вашего профиля."
         content: "Этот блок содержит все группы контента вашего сайта. Каждый контент может иметь различную структуру, их можно настроить в Настройки => Группа контентов"

data/config/locales/camaleon_cms/admin/uk.yml

@@ -574,7 +574,10 @@ uk:
          requires_different_email: 'Потрібні інші ел. пошта '
          created_pending_validate_email: "Користувач був створений, будь ласка, підтвердіть вашу електронну пошту"
         new_photo: 'Нова фотографія'
-        others_permissions: 'Інші роздільності'
+        other_permissions: 'Інші роздільності'
+        select_eval_modal:
+          title: 'Небезпечний дозвіл'
+          description: 'Дозвіл select_eval дозволяє виконувати динамічний код з параметрів користувацьких полів. Увімкнення може призвести до довільного виконання коду, витоку даних і повної компрометації сайту, якщо обробляється недовірений вміст.'
         profile: 'Профіль'
         slogan: 'Слоган'
         type_contents: 'Тип Контенту'
@@ -600,7 +603,7 @@ uk:
           media: 'Permission to the midsection'
           publish: 'Вам потрібен дозвіл на Створення, редагування, Редагування інших або Опублікувати щоб включити цей дозвіл'
           themes: 'Дозвіл тим на розділ'
-          widgets: 'Дозвіл віджетів на розділ'
+          widgets: 'Уможливлено редагування віджетів, зокрема збереження непродезінфікованого коду.'
           menus: 'Дозвіл на розділ Меню'
           plugins: 'Дозвіл на розділ Плагінів'
           users: 'Дозвіл на створення, редагування і видалення користувачів'
@@ -651,6 +654,7 @@ uk:
           error_created: "Бічна панель не створена."
           error_updated: "Бічна панель не оновлена."
           error_deleted: "Бічна панель видалена."
+        warning: "Попередження: Віджети можуть зберігати непродезінфіковані HTML та Javascript. Вводьте лише той код, який ви розумієте та якому довіряєте."
       intro:
         profile: "Тут ви можете побачити налаштування вашого профілю."
         content: "Цей блок містить всі групи контенту вашого сайту. Кожен контент може мати різну структуру, яких можна налаштувати в Налаштування => Група контентів"

data/config/locales/camaleon_cms/admin/zh-CH.yml

@@ -607,7 +607,10 @@ zh-CN:
           role_can_not_be_deleted: '无法删除此角色'
           user_can_not_delete_own_account: '用户不能删除自己的帐户'
         new_photo: '新建照片'
-        others_permissions: '其他权限'
+        other_permissions: '其他权限'
+        select_eval_modal:
+          title: '危险权限'
+          description: 'select_eval 权限允许从自定义字段选项中执行动态代码。启用后，如果评估不受信任的内容，可能导致任意代码执行、数据泄露以及站点被完全攻陷。'
         profile: '资料'
         slogan: '标语'
         type_contents: '内容的类型'
@@ -633,7 +636,7 @@ zh-CN:
           media: '媒体资源部分'
           publish: '开启该权限,允许创建,编辑, 或公开'
           themes: '主题部分'
-          widgets: '插件部分'
+          widgets: '允许编辑小部件，包括保存未经清理的代码。'
           menus: '菜单部分'
           plugins: '插件部分'
           users: '创建,编辑,删除用户'
@@ -684,6 +687,7 @@ zh-CN:
           error_created: '侧边栏创建失败'
           error_updated: '侧边栏更新失败'
           error_deleted: "侧边栏已删除."
+        warning: "警告：小组件可以存储未经清理的 HTML 和 Javascript。仅输入您理解和信任的代码。"
       intro:
         profile: "在这个地方，您可以看到您的个人资料选项."
         content: "此块包含您网站的所有内容组。 每个内容可以具有在 设置 => 内容组"

data/db/migrate/20150611161134_post_table_into_utf8.rb

@@ -1,12 +1,12 @@
 class PostTableIntoUtf8 < CamaManager.migration_class
   def change
     if table_exists? CamaleonCms::User.table_name
-      add_column(CamaleonCms::User.table_name, :email, :string) unless column_exists?(CamaleonCms::User.table_name, :email)
-      add_column(CamaleonCms::User.table_name, :username, :string) unless column_exists?(CamaleonCms::User.table_name, :username)
-      add_column(CamaleonCms::User.table_name, :role, :string, default: 'client', index: true) unless column_exists?(CamaleonCms::User.table_name, :role)
-      add_column(CamaleonCms::User.table_name, :parent_id, :integer) unless column_exists?(CamaleonCms::User.table_name, :parent_id)
-      add_column(CamaleonCms::User.table_name, :site_id, :integer, index: true, default: -1) unless column_exists?(CamaleonCms::User.table_name, :site_id)
-      add_column(CamaleonCms::User.table_name, :auth_token, :string) unless column_exists?(CamaleonCms::User.table_name, :auth_token)
+      add_column(CamaleonCms::User.table_name, :email, :string, if_not_exists: true)
+      add_column(CamaleonCms::User.table_name, :username, :string, if_not_exists: true)
+      add_column(CamaleonCms::User.table_name, :role, :string, default: 'client', index: true, if_not_exists: true)
+      add_column(CamaleonCms::User.table_name, :parent_id, :integer, if_not_exists: true)
+      add_column(CamaleonCms::User.table_name, :site_id, :integer, index: true, default: -1, if_not_exists: true)
+      add_column(CamaleonCms::User.table_name, :auth_token, :string, if_not_exists: true)
     else
       create_table CamaleonCms::User.table_name do |t|
         t.string   "username", index: true
@@ -26,7 +26,7 @@ class PostTableIntoUtf8 < CamaManager.migration_class
       end
     end
 
-    create_table "#{PluginRoutes.static_system_info["db_prefix"]}term_taxonomy" do |t|
+    create_table "#{PluginRoutes.static_system_info["db_prefix"]}term_taxonomy", if_not_exists: true do |t|
       t.string   "taxonomy", index: true
       t.text     "description", limit: 1073741823
       t.integer  "parent_id", index: true
@@ -41,7 +41,7 @@ class PostTableIntoUtf8 < CamaManager.migration_class
       t.belongs_to :user, index: true#, foreign_key: true
     end
 
-    create_table "#{PluginRoutes.static_system_info["db_prefix"]}posts" do |t|
+    create_table "#{PluginRoutes.static_system_info["db_prefix"]}posts", if_not_exists: true do |t|
       t.string   "title"
       t.string   "slug", index: true
       t.text     "content",          limit: 1073741823
@@ -58,13 +58,13 @@ class PostTableIntoUtf8 < CamaManager.migration_class
       t.belongs_to :user, index: true#, foreign_key: true
     end
 
-    create_table "#{PluginRoutes.static_system_info["db_prefix"]}term_relationships" do |t|
+    create_table "#{PluginRoutes.static_system_info["db_prefix"]}term_relationships", if_not_exists: true do |t|
       t.integer "objectid", index: true
       t.integer "term_order", index: true
       t.belongs_to :term_taxonomy, index: true
     end
 
-    create_table "#{PluginRoutes.static_system_info["db_prefix"]}user_relationships" do |t|
+    create_table "#{PluginRoutes.static_system_info["db_prefix"]}user_relationships", if_not_exists: true do |t|
       t.integer "term_order"
       t.integer "active", default: 1
 
@@ -72,7 +72,7 @@ class PostTableIntoUtf8 < CamaManager.migration_class
       t.belongs_to :user, index: true
     end
 
-    create_table "#{PluginRoutes.static_system_info["db_prefix"]}comments" do |t|
+    create_table "#{PluginRoutes.static_system_info["db_prefix"]}comments", if_not_exists: true do |t|
       t.string   "author"
       t.string   "author_email"
       t.string   "author_url"
@@ -87,7 +87,7 @@ class PostTableIntoUtf8 < CamaManager.migration_class
       t.timestamps null: false
     end
 
-    create_table "#{PluginRoutes.static_system_info["db_prefix"]}custom_fields" do |t|
+    create_table "#{PluginRoutes.static_system_info["db_prefix"]}custom_fields", if_not_exists: true do |t|
       t.string  "object_class", index: true
       t.string  "name"
       t.string  "slug", index: true
@@ -100,7 +100,7 @@ class PostTableIntoUtf8 < CamaManager.migration_class
       t.string  "status"
     end
 
-    create_table "#{PluginRoutes.static_system_info["db_prefix"]}custom_fields_relationships" do |t|
+    create_table "#{PluginRoutes.static_system_info["db_prefix"]}custom_fields_relationships", if_not_exists: true do |t|
       t.integer "objectid", index: true
       t.integer "custom_field_id", index: true
       t.integer "term_order"
@@ -109,7 +109,7 @@ class PostTableIntoUtf8 < CamaManager.migration_class
       t.string  "custom_field_slug", index: true
     end
 
-    create_table "#{PluginRoutes.static_system_info["db_prefix"]}metas" do |t|
+    create_table "#{PluginRoutes.static_system_info["db_prefix"]}metas", if_not_exists: true do |t|
       t.string  "key", index: true
       t.text    "value", limit: 1073741823
       t.integer "objectid", index: true

data/db/migrate/20150926095310_rename_column_posts.rb

@@ -1,9 +1,9 @@
 # change post structure to optimize query speed
 class RenameColumnPosts < CamaManager.migration_class
   def change
-    remove_column "#{PluginRoutes.static_system_info["db_prefix"]}posts", :comment_count
-    add_column "#{PluginRoutes.static_system_info["db_prefix"]}posts", :post_order, :integer, default: 0
-    add_column "#{PluginRoutes.static_system_info["db_prefix"]}posts", :taxonomy_id, :integer, default: nil, index: true
+    remove_column "#{PluginRoutes.static_system_info["db_prefix"]}posts", :comment_count, if_exists: true
+    add_column "#{PluginRoutes.static_system_info["db_prefix"]}posts", :post_order, :integer, default: 0, if_not_exists: true
+    add_column "#{PluginRoutes.static_system_info["db_prefix"]}posts", :taxonomy_id, :integer, default: nil, index: true, if_not_exists: true
     CamaleonCms::Post.all.each do |post|
       begin
         post_id = post.get_post_type_depre.id

data/db/migrate/20151212095328_add_confirm_token_to_users.rb

@@ -1,7 +1,7 @@
 class AddConfirmTokenToUsers < CamaManager.migration_class
   def change
-    add_column CamaleonCms::User.table_name, :confirm_email_token, :string, default: nil
-    add_column CamaleonCms::User.table_name, :confirm_email_sent_at, :datetime, default: nil
-    add_column CamaleonCms::User.table_name, :is_valid_email, :boolean, default: true
+    add_column CamaleonCms::User.table_name, :confirm_email_token, :string, default: nil, if_not_exists: true
+    add_column CamaleonCms::User.table_name, :confirm_email_sent_at, :datetime, default: nil, if_not_exists: true
+    add_column CamaleonCms::User.table_name, :is_valid_email, :boolean, default: true, if_not_exists: true
   end
 end

data/db/migrate/20160504155652_add_feature_to_posts.rb

@@ -1,5 +1,5 @@
 class AddFeatureToPosts < CamaManager.migration_class
   def change
-    add_column "#{PluginRoutes.static_system_info["db_prefix"]}posts", :is_feature, :boolean, default: false
+    add_column "#{PluginRoutes.static_system_info["db_prefix"]}posts", :is_feature, :boolean, default: false, if_not_exists: true
   end
 end

data/db/migrate/20160504155653_move_first_name_of_users.rb

@@ -1,7 +1,7 @@
 class MoveFirstNameOfUsers < CamaManager.migration_class
   def change
-    add_column CamaleonCms::User.table_name, :first_name, :string unless column_exists?(CamaleonCms::User.table_name, :first_name)
-    add_column CamaleonCms::User.table_name, :last_name, :string unless column_exists?(CamaleonCms::User.table_name, :last_name)
+    add_column CamaleonCms::User.table_name, :first_name, :string, if_not_exists: true
+    add_column CamaleonCms::User.table_name, :last_name, :string, if_not_exists: true
     CamaleonCms::User.all.each do |u|
       u.update_columns(first_name: u.get_meta('first_name'), last_name: u.get_meta('last_name')) if u.get_meta('first_name').present?
     end

data/db/migrate/20160609121449_add_group_to_custom_field_values.rb

@@ -1,5 +1,5 @@
 class AddGroupToCustomFieldValues < CamaManager.migration_class
   def change
-    add_column "#{PluginRoutes.static_system_info["db_prefix"]}custom_fields_relationships", :group_number, :integer, default: 0
+    add_column "#{PluginRoutes.static_system_info["db_prefix"]}custom_fields_relationships", :group_number, :integer, default: 0, if_not_exists: true
   end
 end

data/db/migrate/20161215202255_drop_user_relationship_table.rb

@@ -1,5 +1,5 @@
 class DropUserRelationshipTable < CamaManager.migration_class
   def change
-    drop_table "#{PluginRoutes.static_system_info["db_prefix"]}user_relationships"
+    drop_table "#{PluginRoutes.static_system_info["db_prefix"]}user_relationships", if_exists: true
   end
 end

data/db/migrate/20180124132318_create_media.rb

@@ -1,6 +1,6 @@
 class CreateMedia < CamaManager.migration_class
   def change
-    create_table "#{PluginRoutes.static_system_info["db_prefix"]}media" do |t|
+    create_table "#{PluginRoutes.static_system_info["db_prefix"]}media", if_not_exists: true do |t|
       t.references :site, index: true
       t.string :name, index: true
       t.boolean :is_folder, index: true, default: false

data/db/migrate/20180704211100_adjust_field_length.rb

@@ -2,7 +2,7 @@ class AdjustFieldLength < CamaManager.migration_class
   def change
     post_table = CamaleonCms::Post.table_name
     change_column post_table, :title, :text
-    remove_index(post_table, :slug) if index_exists?(post_table, :slug)
+    remove_index(post_table, :slug, if_exists: true)
     change_column post_table, :slug, :text
     add_index post_table, :slug, length: 255
     change_column "#{PluginRoutes.static_system_info["db_prefix"]}term_taxonomy", :name, :text

data/lib/camaleon_cms/version.rb

@@ -1,3 +1,3 @@
 module CamaleonCms
-  VERSION = '2.9.1'.freeze
+  VERSION = '2.9.2'.freeze
 end

data/lib/ext/string.rb

@@ -1,7 +1,7 @@
 class String
   def to_bool
-    return true if self == true || self =~ (/(true|t|yes|y|1)$/i)
-    return false if self == false || blank? || self =~ (/(false|f|no|n|0)$/i)
+    return true if self == true || self =~ /(true|t|yes|y|1)$/i
+    return false if self == false || blank? || self =~ /(false|f|no|n|0)$/i
 
     raise ArgumentError, "invalid value for Boolean: \"#{self}\""
   end
@@ -111,7 +111,7 @@ class String
     name = name.gsub(sanitize_regexp, '_')
     name = "_#{name}" if name =~ /\A\.+\z/
     name = 'unnamed' if name.empty?
-    name.mb_chars.to_s
+    name
   end
 
   # return cleaned model class name

data/lib/plugin_routes.rb

@@ -174,12 +174,12 @@ class PluginRoutes
     @@all_sites = nil
     @@_vars.each { |v| class_variable_set("@@cache_#{v}", nil) }
     Rails.application.reload_routes!
-    @@_after_reload.uniq.each { |r| eval(r) }
+    @@_after_reload.uniq.each(&:call)
   end
 
-  # permit to add extra actions for reload routes
+  # Add a callable (Proc/Lambda) to run after routes reload; strings are not supported.
   def self.add_after_reload_routes(command)
-    @@_after_reload << command
+    @@_after_reload << (command.is_a?(String) ? raise(ArgumentError, 'Expected a callable (Proc/Lambda), not a String') : command)
   end
 
   # return all enabled plugins []

data/lib/tasks/custom_fields_roles.rake

@@ -0,0 +1,56 @@
+namespace :camaleon_cms do
+  desc 'Backfill user roles to include custom_fields manager permission'
+  task backfill_custom_fields_permission: :environment do
+    Rails.logger.info 'Backfilling custom_fields manager permission for existing user roles...'
+    CamaleonCms::UserRole.find_each do |role|
+      key = "_manager_#{role.parent_id}"
+      begin
+        current_role = role.get_meta(key)
+        # if the role already has settings/managers, skip; otherwise add custom_fields => 1
+        if current_role.blank? || (!current_role.is_a?(Hash) || current_role['custom_fields'].blank?)
+          current_role = (current_role.is_a?(Hash) ? current_role : {}).merge!('custom_fields' => 1)
+          role.set_meta(key, current_role)
+          Rails.logger.info "Updated role=#{role.slug} site_id=#{role.parent_id}"
+        else
+          Rails.logger.info "Skipped role=#{role.slug} site_id=#{role.parent_id} (already has custom_fields)"
+        end
+      rescue StandardError => e
+        Rails.logger.info "Failed to update role=#{role.slug}: #{e.message}"
+      end
+    end
+    Rails.logger.info 'Done.'
+  end
+
+  desc 'Backfill admin user roles to include select_eval permission'
+  task backfill_select_eval_permission: :environment do
+    Rails.logger.info 'Backfilling select_eval permission for admin roles...'
+    updated_count = 0
+    skipped_count = 0
+
+    CamaleonCms::UserRole.where(slug: 'admin', term_group: -1).find_each do |role|
+      site_id = role.parent_id
+      key = "_manager_#{site_id}"
+      begin
+        current_meta = role.get_meta(key, {})
+
+        # Only update if role doesn't already have select_eval
+        if !current_meta[:select_eval]
+          updated_meta = current_meta.merge(select_eval: 1)
+          role.set_meta(key, updated_meta)
+          Rails.logger.info "✓ Updated admin role site_id=#{site_id}"
+          updated_count += 1
+        else
+          Rails.logger.info "  Skipped admin role site_id=#{site_id} (already has select_eval)"
+          skipped_count += 1
+        end
+      rescue StandardError => e
+        Rails.logger.info "✗ Failed to update admin role site_id=#{site_id}: #{e.message}"
+      end
+    end
+
+    Rails.logger.info "\nSummary:"
+    Rails.logger.info "  Updated: #{updated_count} admin roles"
+    Rails.logger.info "  Skipped: #{skipped_count} admin roles"
+    Rails.logger.info "\nDone! All admin roles now have select_eval permission."
+  end
+end