camaleon_cms 2.7.4 → 2.7.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: db5860768212ca0703d01e3d2b16a691d5972917905bab1740cf16a1fb79ab58
-  data.tar.gz: cd0b90107912e5281d49d4a0070734a9db641deadb27f9671d27a13a297c8c71
+  metadata.gz: db43005ef92c135dec7d3ef6871aeac761dd01d904e3f5707bee706f2dd65aa3
+  data.tar.gz: e99b9643fba7ab169ede5758bedfd1b8c7c569c7972363782f79ec91770da3da
 SHA512:
-  metadata.gz: bfc9b376433413768f22e2b191f0f977697c8789004ef91eab78edd683ae22914a4a194c1e8568fa4d074a3eb5f7773b1d492298121b8afb64731c87bd390f8b
-  data.tar.gz: 99f90a12596bc5d24a8dd73555cba291d3140f84f4c5373931b6b62a8a79301126020c7de1a82b4fea7b4c5019062bbfc3573ad5e614584ab8777fc7e6767a2a
+  metadata.gz: 7e4d609bf25dfbfe2c994f1393dbfe7bc9aa060f07e10bd6446f3273fbecc1646868a1efcae9b14dd32dd206c64a986e0210ea1199c3f1e2cda680953824ada2
+  data.tar.gz: fb39191112e373c198578073e5b317bd94749b4ef2956afd2e3baa07a98e91d3a30af9c1f5c9e98822f9338a8ab5f86aea6be405335a71794c55317bc68e285e

data/app/assets/javascripts/camaleon_cms/admin/_posttype.js

@@ -9,18 +9,18 @@ window.cama_init_posttype_form = function() {
 
     item.parent().siblings().find('input').prop('disabled', $(this).is(':checked'))
     if ($(this).is(':checked'))
-      return item.prop('checked', true).prop('disabled', false)
+      item.prop('checked', true).prop('disabled', false)
     else
-      return item.prop('disabled', true)
+      item.prop('disabled', true)
   }).trigger('change')
 
   form.find('[name="meta[has_picture]"]').change(function() {
     const items = form.find('.picture_settings input')
 
     if ($(this).is(':checked'))
-      return items.prop('disabled', false)
+      items.prop('disabled', false)
     else
-      return items.prop('disabled', true)
+      items.prop('disabled', true)
   }).trigger('change')
 
   // toggle single and multiple categories checkbox
@@ -28,9 +28,10 @@ window.cama_init_posttype_form = function() {
     'input:checkbox[name="meta[has_category]"], input:checkbox[name="meta[has_single_category]"]'
   )
 
-  return catChecks.change(
+  catChecks.change(
     function() {
-      if ($(this).is(':checked')) return catChecks.not(this).prop('checked', false)
+      if ($(this).is(':checked'))
+        catChecks.not(this).prop('checked', false)
     }
   ).filter(':checked').trigger('change')
 }

data/app/assets/javascripts/camaleon_cms/admin/nav_menu.js

@@ -1,9 +1,3 @@
-/*
- * decaffeinate suggestions:
- * DS102: Remove unnecessary code created because of implicit returns
- * Full docs: https://github.com/decaffeinate/decaffeinate/blob/main/docs/suggestions.md
- */
-
 /* eslint-env jquery */
 $(function() {
   const panel = $('#menu_content')
@@ -21,11 +15,11 @@ $(function() {
       return
 
     panel.find('#menu_reoreder_loading').show()
-    return $.post(listPanel.attr('data-reorder_url'), data, function(res) {
+    $.post(listPanel.attr('data-reorder_url'), data, function(res) {
       lastData = data
       panel.find('#menu_reoreder_loading').hide()
       if (res)
-        return alert(res)
+        alert(res)
     })
   })
 
@@ -33,13 +27,10 @@ $(function() {
   const saveMenu = function(data) {
     showLoading()
 
-    return $.post(
-      listPanel.attr('data-url'),
-      data,
-      function(res) {
-        listPanel.children('.dd-list').append($(res).children())
-        return hideLoading()
-      })
+    $.post(listPanel.attr('data-url'), data, function(res) {
+      listPanel.children('.dd-list').append($(res).children())
+      hideLoading()
+    })
   }
 
   // add menu items (non-external)
@@ -48,7 +39,7 @@ $(function() {
     let flag = false
     $(this).closest('.panel').find('input:checkbox:checked').each(function() {
       flag = true
-      return data.items.push({ id: $(this).val(), kind: $(this).closest('.class_type').attr('data-type') })
+      data.items.push({ id: $(this).val(), kind: $(this).closest('.class_type').attr('data-type') })
     }).prop('checked', false)
 
     if (!flag)
@@ -64,7 +55,7 @@ $(function() {
     let flag = false
     $(this).closest('.panel').find('input:checkbox:checked').each(function() {
       flag = true
-      return data.custom_items.push({ url: $(this).val(), kind: $(this).attr('data-kind'), label: $(this).attr('data-label') })
+      data.custom_items.push({ url: $(this).val(), kind: $(this).attr('data-kind'), label: $(this).attr('data-label') })
     }).prop('checked', false)
 
     if (!flag)
@@ -93,10 +84,10 @@ $(function() {
       title: link.attr('data-original-title') || link.attr('title'),
       url: link.attr('href'),
       mode: 'ajax',
-      callback(modal) {
+      callback: (modal) => {
         const form = modal.find('form')
         init_form_validations(form)
-        return form.submit(function() {
+        form.submit(function() {
           if (!form.valid())
             return false
 
@@ -104,7 +95,7 @@ $(function() {
           $.post(form.attr('action'), form.serialize(), function(res) {
             link.closest('li').replaceWith($(res).html())
             modal.modal('hide')
-            return hideLoading()
+            hideLoading()
           })
           return false
         })
@@ -122,39 +113,39 @@ $(function() {
     showLoading()
     $.get(link.attr('href'), function() {
       link.closest('.dd-item').remove()
-      return hideLoading()
+      hideLoading()
     })
     return false
   })
 
   // new menu
   panel.find('.new_menu_link, .edit_menu_link').ajax_modal({
-    callback(modal) {
+    callback: (modal) => {
       const form = modal.find('form')
 
-      return setTimeout(() => init_form_validations(form), 1000)
+      setTimeout(() => init_form_validations(form), 1000)
     }
   })
 
   // menus list - change dropdown
-  panel.find('#menu_items #switch_nav_menuForm select').change(function() {
+  panel.find('#menu_items #switch_nav_menu_form select').change(function() {
     if (!$(this).val())
       return
 
-    return $(this).closest('form').submit()
+    $(this).closest('form').submit()
   })
 
   // custom fields
-  return listPanel.on('click', '.custom_settings_link', function() {
+  listPanel.on('click', '.custom_settings_link', function() {
     const link = $(this)
     open_modal({
       title: link.attr('data-original-title') || link.attr('title'),
       url: link.attr('href'),
       mode: 'ajax',
-      callback(modal) {
+      callback: (modal) => {
         const form = modal.find('form')
         init_form_validations(form)
-        return form.submit(function() {
+        form.submit(function() {
           if (!form.valid())
             return false
 
@@ -164,7 +155,7 @@ $(function() {
               alert(res)
 
             modal.modal('hide')
-            return hideLoading()
+            hideLoading()
           })
           return false
         })

data/app/controllers/camaleon_cms/admin/media_controller.rb

@@ -6,15 +6,6 @@ module CamaleonCms
       skip_before_action :verify_authenticity_token, only: :upload, raise: false
       before_action :init_media_vars, except: :download_private_file
 
-      LOCALHOST_DOMAIN_MATCHER = /
-        localhost|
-        127\.0\.0\.1|
-        0\.0\.0\.0|
-        0x7f\.0x0\.0x0\.0x1| # hex encoding
-        0177\.0\.0\.01| # octal encoding
-        2130706433 # dword encoding
-      /x.freeze
-
       # render media section
       def index
         authorize! :manage, :media
@@ -71,13 +62,13 @@ module CamaleonCms
           cama_uploader.delete_file(params[:folder].gsub('//', '/'))
           render plain: ''
         when 'crop_url'
-          unless params[:url].start_with?('data:')
-            params[:url] = (params[:url].start_with?('http') ? '' : current_site.the_url(locale: nil)) + params[:url]
-          end
-          r = if local_url?(params[:url])
-                { error: t('camaleon_cms.admin.media.local_upload_denied') }
+          user_url = params[:url].to_s
+          user_url = "#{current_site.the_url(locale: nil)}#{user_url}" unless user_url.start_with?('data:', 'http')
+          url_validation_result = UserUrlValidator.validate(user_url)
+          r = if url_validation_result.is_a?(Array)
+                { error: url_validation_result.join(', ') }
               else
-                cama_tmp_upload(params[:url], formats: params[:formats], name: params[:name])
+                cama_tmp_upload(user_url, formats: params[:formats], name: params[:name])
               end
           if r[:error].present?
             render plain: helpers.sanitize(r[:error])
@@ -91,10 +82,6 @@ module CamaleonCms
         end
       end
 
-      def local_url?(url)
-        url.try :match?, LOCALHOST_DOMAIN_MATCHER
-      end
-
       # upload files from media uploader
       def upload(settings = {})
         params[:dimension] = nil if params[:skip_auto_crop].present?

data/app/controllers/camaleon_cms/admin/settings_controller.rb

@@ -70,7 +70,8 @@ module CamaleonCms
 
       # send email test
       def test_email
-        CamaleonCms::HtmlMailer.sender(params[:email], 'Test', { content: 'Test content' }).deliver_now
+        data = { content: 'Test content', current_site: current_site, url_base: cama_root_url }
+        CamaleonCms::HtmlMailer.sender(params[:email], 'Test', data).deliver_now
         head :ok
       rescue StandardError => e
         render inline: e.message, status: 502

data/app/decorators/camaleon_cms/category_decorator.rb

@@ -29,7 +29,8 @@ module CamaleonCms
     # return a child category from this category with id (integer) or by slug (string)
     def the_category(slug_or_id)
       return object.categories.where(id: slug_or_id).first if slug_or_id.is_a?(Integer)
-      return object.categories.find_by_slug(slug_or_id) if slug_or_id.is_a?(String)
+
+      object.categories.find_by_slug(slug_or_id) if slug_or_id.is_a?(String)
     end
 
     # ---------------------

data/app/decorators/camaleon_cms/post_type_decorator.rb

@@ -70,7 +70,8 @@ module CamaleonCms
     # return a category from this post_type with id (integer) or by slug (string)
     def the_category(slug_or_id)
       return the_categories.where(id: slug_or_id).first if slug_or_id.is_a?(Integer)
-      return the_categories.find_by_slug(slug_or_id) if slug_or_id.is_a?(String)
+
+      the_categories.find_by_slug(slug_or_id) if slug_or_id.is_a?(String)
     end
 
     # return all post_tags for the post_type (active_record) filtered by permissions + hidden posts + roles + etc...

data/app/decorators/camaleon_cms/site_decorator.rb

@@ -80,7 +80,8 @@ module CamaleonCms
     # slug_or_id: string => return all main categories of the post_type with slug = slug_or_id
     def the_categories(slug_or_id = nil)
       return the_post_type(slug_or_id).the_categories if slug_or_id.present?
-      return object.categories unless slug_or_id.present?
+
+      object.categories unless slug_or_id.present?
     end
 
     # return the category object with id or slug = slug_or_id from this site

data/app/mailers/camaleon_cms/html_mailer.rb

@@ -58,8 +58,11 @@ module CamaleonCms
       prepend_view_path(Rails.root.join(views_dir).to_s)
 
       theme = @current_site.get_theme
-      lookup_context.prefixes.prepend("themes/#{theme.slug}") if theme.settings['gem_mode']
-      lookup_context.prefixes.prepend("themes/#{theme.slug}/views") unless theme.settings['gem_mode']
+      if theme.settings && theme.settings['gem_mode']
+        lookup_context.prefixes.prepend("themes/#{theme.slug}")
+      else
+        lookup_context.prefixes.prepend("themes/#{theme.slug}/views")
+      end
       lookup_context.use_camaleon_partial_prefixes = true
       ((data[:files] || []) + (data[:attachments] || [])).each do |attach|
         if File.exist?(attach) && !File.directory?(attach)

data/app/validators/camaleon_cms/post_uniq_validator.rb

@@ -8,9 +8,10 @@ module CamaleonCms
       return unless ptype.present? # only for posts that belongs to a post type model
 
       posts = ptype.site.posts
-                   .where("(#{slug_array.map do |s|
-                                "#{CamaleonCms::Post.table_name}.slug LIKE '%-->#{s}<!--%'"
-                              end.join(' OR ')} ) OR #{CamaleonCms::Post.table_name}.slug = ?", record.slug)
+                   .where(
+                     "(#{slug_array.map { |s| "#{CamaleonCms::Post.table_name}.slug LIKE '%-->#{s}<!--%'" }
+                                        .join(' OR ')} ) OR #{CamaleonCms::Post.table_name}.slug = ?", record.slug
+                   )
                    .where.not(id: record.id)
                    .where.not(status: %i[draft draft_child trash])
       if posts.size.positive?

data/app/validators/camaleon_cms/user_url_validator.rb

@@ -0,0 +1,207 @@
+# frozen_string_literal: true
+
+# Copyright (c) 2011-present GitLab B.V.
+#
+# See https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/url_blocker.rb
+#
+# Portions of this software are licensed under the "MIT Expat" license as defined below.
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in all
+# copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+
+# require 'resolv'
+require 'ipaddress'
+require 'addressable/uri'
+
+module CamaleonCms
+  class UserUrlValidator
+    LOCAL_IPS = %w[0.0.0.0 ::].freeze
+
+    def self.validate(...)
+      new.validate(...)
+    end
+
+    def initialize
+      @errors = []
+    end
+
+    # Validates the given url according to the constraints specified by the received arguments.
+    #
+    # allow_localhost - Registers error if URL resolves to a localhost IP address and argument is false.
+    # allow_local_network - Registers error if URL resolves to a link-local address and argument is false.
+    # enforce_user - Registers error if URL user doesn't start with alphanumeric characters and argument is true.
+    # enforce_sanitizing - Registers error if URL includes any HTML/CSS/JS tags and argument is true.
+    #
+    # Returns an array with [<uri>, <original-hostname>].
+    def validate(url, allow_localhost: false, allow_local_network: false, enforce_user: true, enforce_sanitizing: true)
+      return invalid_url unless url.present?
+
+      # Param url can be a string, URI or Addressable::URI
+      return invalid_url unless (uri = parse_url(url))
+
+      validate_uri(uri: uri, enforce_sanitizing: enforce_sanitizing, enforce_user: enforce_user)
+      return @errors if @errors.any?
+
+      address_info = get_address_info(uri)
+      return @errors if @errors.any?
+
+      validate_local_request(
+        address_info: address_info,
+        allow_localhost: allow_localhost,
+        allow_local_network: allow_local_network
+      )
+
+      @errors.empty? || @errors
+    end
+
+    private
+
+    def validate_uri(uri:, enforce_sanitizing:, enforce_user:)
+      validate_html_tags(uri) if enforce_sanitizing
+
+      validate_user(uri.user) if enforce_user
+      validate_hostname(uri.hostname)
+    end
+
+    # @param uri [Addressable::URI]
+    # @return [Array<Addrinfo>] addrinfo object for the URI
+    def get_address_info(uri)
+      Addrinfo.getaddrinfo(uri.hostname, get_port(uri), nil, :STREAM).map do |addr|
+        addr.ipv6_v4mapped? ? addr.ipv6_to_ipv4 : addr
+      end
+    rescue ArgumentError => e
+      # Addrinfo.getaddrinfo errors if the domain exceeds 1024 characters.
+      @errors << I18n.t('camaleon_cms.admin.validate.hostname_long') if e.message.include?('hostname too long')
+
+      @errors << "#{e.message}: #{I18n.t('camaleon_cms.admin.validate.url')}" if @errors.blank?
+    rescue SocketError
+      @errors << I18n.t('camaleon_cms.admin.validate.host_invalid')
+    end
+
+    def validate_local_request(address_info:, allow_localhost:, allow_local_network:)
+      return if allow_local_network && allow_localhost
+
+      unless allow_localhost
+        validate_localhost(address_info)
+        validate_loopback(address_info)
+      end
+
+      return if allow_local_network
+
+      validate_local_network(address_info)
+      validate_link_local(address_info)
+      validate_shared_address(address_info)
+      validate_limited_broadcast_address(address_info)
+    end
+
+    def get_port(uri)
+      uri.port || uri.default_port
+    end
+
+    def validate_html_tags(uri)
+      uri_str = uri.to_s
+      sanitized_uri = ActionController::Base.helpers.sanitize(uri_str, tags: [])
+      @errors << I18n.t('camaleon_cms.admin.validate.html_tags') unless sanitized_uri == uri_str
+    end
+
+    # @param [String, Addressable::URI, #to_str] url The URL string to parse
+    # @return [Addressable::URI, nil] URI object based on the parsed string, or `nil` if the `url` is invalid
+    def parse_url(url)
+      invalid = nil
+      uri = Addressable::URI.parse(url).tap do |parsed_url|
+        invalid = true if multiline_blocked?(parsed_url)
+      end
+      return if invalid
+
+      uri
+    rescue Addressable::URI::InvalidURIError, URI::InvalidURIError
+      nil
+    end
+
+    def multiline_blocked?(parsed_url)
+      url = parsed_url.to_s
+
+      return true if url =~ /[\n\r]/
+      # Google Cloud Storage uses a multi-line, encoded Signature query string
+      return false if %w[http https].include?(parsed_url.scheme&.downcase)
+
+      CGI.unescape(url) =~ /[\n\r]/
+    end
+
+    def validate_user(value)
+      return if value.blank?
+      return if value =~ /\A\p{Alnum}/
+
+      @errors << I18n.t('camaleon_cms.admin.validate.username_alphanumeric')
+    end
+
+    def validate_hostname(value)
+      return if value.blank?
+      return if IPAddress.valid?(value)
+      return if value =~ /\A\p{Alnum}/
+
+      @errors << I18n.t('camaleon_cms.admin.validate.host_or_ip_invalid')
+    end
+
+    def validate_localhost(addrs_info)
+      return if (Socket.ip_address_list.map(&:ip_address).concat(LOCAL_IPS) & addrs_info.map(&:ip_address)).empty?
+
+      @errors << I18n.t('camaleon_cms.admin.validate.no_localhost_requests')
+    end
+
+    def validate_loopback(addrs_info)
+      return unless addrs_info.any? { |addr| addr.ipv4_loopback? || addr.ipv6_loopback? }
+
+      @errors << I18n.t('camaleon_cms.admin.validate.no_loopback_requests')
+    end
+
+    def validate_local_network(addrs_info)
+      return unless addrs_info.any? { |addr| addr.ipv4_private? || addr.ipv6_sitelocal? || addr.ipv6_unique_local? }
+
+      @errors << I18n.t('camaleon_cms.admin.validate.no_local_net_requests')
+    end
+
+    def validate_link_local(addrs_info)
+      netmask = IPAddr.new('169.254.0.0/16')
+      return unless addrs_info.any? { |addr| addr.ipv6_linklocal? || netmask.include?(addr.ip_address) }
+
+      @errors << I18n.t('camaleon_cms.admin.validate.no_link_local_net_requests')
+    end
+
+    def validate_shared_address(addrs_info)
+      netmask = IPAddr.new('100.64.0.0/10')
+      return unless addrs_info.any? { |addr| netmask.include?(addr.ip_address) }
+
+      @errors << I18n.t('camaleon_cms.admin.validate.no_shared_address_requests')
+    end
+
+    # Registers an error if any IP in `addrs_info` is the limited broadcast address.
+    # https://datatracker.ietf.org/doc/html/rfc919#section-7
+    def validate_limited_broadcast_address(addrs_info)
+      blocked_ips = ['255.255.255.255']
+
+      return if (blocked_ips & addrs_info.map(&:ip_address)).empty?
+
+      @errors << I18n.t('camaleon_cms.admin.validate.no_limited_broadcast_address_requests')
+    end
+
+    def invalid_url
+      @errors << I18n.t('camaleon_cms.admin.validate.url')
+    end
+  end
+end

data/config/locales/camaleon_cms/admin/en.yml

@@ -212,7 +212,6 @@ en:
         reload: 'Reload'
         clear_cache: 'Clear Cache'
         name_required: 'File name is required'
-        local_upload_denied: 'Cannot upload from localhost'
       menus:
         menus: Menus
         link_url: 'Link URL'
@@ -684,6 +683,16 @@ en:
         required: 'This field is required.'
         remote: 'Please fix this field.'
         email: 'Please enter a valid email address.'
+        host_invalid: 'Host cannot be resolved or invalid'
+        host_or_ip_invalid: 'Hostname or IP address invalid'
+        hostname_long: 'Host is too long (maximum is 1024 characters)'
+        html_tags: 'HTML/CSS/JS tags are not allowed'
+        no_localhost_requests: 'Requests to localhost are not allowed'
+        no_loopback_requests: 'Requests to loopback addresses are not allowed'
+        no_local_net_requests: 'Requests to the local network are not allowed'
+        no_link_local_net_requests: 'Requests to the link local network are not allowed'
+        no_shared_address_requests: 'Requests to the shared address space are not allowed'
+        no_limited_broadcast_address_requests: 'Requests to the limited broadcast address are not allowed'
         url: 'Please enter a valid URL.'
         date: 'Please enter a valid date.'
         dateiso: 'Please enter a valid date ( ISO ).'
@@ -697,6 +706,7 @@ en:
         range: 'Please enter a value between {0} and {1}.'
         max: 'Please enter a value less than or equal to {0}.'
         min: 'Please enter a value greater than or equal to {0}.'
+        username_alphanumeric: 'Username needs to start with an alphanumeric character'
       widgets:
         create_widget: 'Create Widget'
         create_sidebar: 'Create Sidebar'

data/lib/camaleon_cms/version.rb

@@ -1,3 +1,3 @@
 module CamaleonCms
-  VERSION = '2.7.4'.freeze
+  VERSION = '2.7.5'.freeze
 end

metadata

@@ -1,15 +1,29 @@
 --- !ruby/object:Gem::Specification
 name: camaleon_cms
 version: !ruby/object:Gem::Version
-  version: 2.7.4
+  version: 2.7.5
 platform: ruby
 authors:
 - Owen Peredo Diaz
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-04-11 00:00:00.000000000 Z
+date: 2023-12-22 00:00:00.000000000 Z
 dependencies:
+- !ruby/object:Gem::Dependency
+  name: addressable
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: bcrypt
   requirement: !ruby/object:Gem::Requirement
@@ -86,6 +100,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: ipaddress
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: jquery-rails
   requirement: !ruby/object:Gem::Requirement
@@ -766,6 +794,7 @@ files:
 - app/uploaders/camaleon_cms_uploader.rb
 - app/validators/camaleon_cms/post_uniq_validator.rb
 - app/validators/camaleon_cms/uniq_validator.rb
+- app/validators/camaleon_cms/user_url_validator.rb
 - app/views/camaleon_cms/404.html.erb
 - app/views/camaleon_cms/500.html.erb
 - app/views/camaleon_cms/_flash_messages.html.erb
@@ -1103,7 +1132,7 @@ requirements:
 - rails >= 6.0
 - ruby >= 2.7
 - imagemagick
-rubygems_version: 3.4.10
+rubygems_version: 3.5.1
 signing_key:
 specification_version: 4
 summary: Camaleon is a CMS for Ruby on Rails as an alternative to Wordpress.