RubyGems - camaleon_cms - Versions diffs - 2.8.3 → 2.9.0 - Mend

camaleon_cms 2.8.3 → 2.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of camaleon_cms might be problematic. Click here for more details.

Files changed (8) hide show

checksums.yaml +4 -4
data/app/controllers/camaleon_cms/admin/sessions_controller.rb +1 -1
data/app/helpers/camaleon_cms/uploader_helper.rb +10 -3
data/app/uploaders/camaleon_cms_aws_uploader.rb +8 -1
data/app/views/camaleon_cms/admin/settings/_file_system_settings.html.erb +5 -5
data/lib/camaleon_cms/version.rb +1 -1
data/lib/plugin_routes.rb +2 -0
metadata +3 -3

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: cb89eafe44387816835ea78ac7687f6f5fefdc62a8820890a6e89989145f523b
-  data.tar.gz: e264d13af7875ca0ffe973e56b7b817e7aa9e7b7bbdc95eaa5f727e2208b1551
+  metadata.gz: 7bbfa67257bf8efd2830d5c4d20d1e00ce5db6293c145205326fc5c496a6ffd1
+  data.tar.gz: 848c0feddb8c6dbe3be7d992d1b116c9b438006cea66af150468576e8096eb9c
 SHA512:
-  metadata.gz: 4b8a55768bfb86d2d87f0be9a0d608363a1fe690d43167a76d4961123102e8e1e4b84faf002e2d895501beb154b8d3fc1f67b836f90bb938b2f7a7d5b7229b32
-  data.tar.gz: 1428858be6276deaa85f84d25e1a3c36bc6526171f0ea49bc4cecf6143da49c12aa6b7c6a72b59190306ddc66b41f3b51e7dc645506d75c23a95fd5af14cb588
+  metadata.gz: 1ff798ffbe98e5906feed579e437f3da2b8636f99b2d22f508afbcc6981c70752ea464ac21af2457f73e94087fe4d88ee863ce3fadaca956d7570422710eebb3
+  data.tar.gz: 793bd8de6630499e71697966559066d74f38f1ccd225434fc2f4b101ce41fe1dbc62fbba94138bc57ca473a3abf9a9f48ecc820df1f0ec538b8ffed89b2268c4

data/app/controllers/camaleon_cms/admin/sessions_controller.rb CHANGED Viewed

@@ -26,7 +26,7 @@ module CamaleonCms
         hooks_run('user_before_login', r)
         return if r[:stop_process] # permit to redirect for data completion
-        if captcha_validate && @user && @user.authenticate(data_user[:password])
+        if captcha_validate && @user&.authenticate(data_user[:password])
           # Email validation if is necessary
           if @user.is_valid_email? || !current_site.need_validate_email?
             cama_captcha_reset_attack('login')

data/app/helpers/camaleon_cms/uploader_helper.rb CHANGED Viewed

@@ -2,16 +2,23 @@
 module CamaleonCms
   module UploaderHelper
-    SUSPICIOUS_PATTERNS = [
+    UNSAFE_EVENT_PATTERNS = %w[
+      onabort onafter onbefore onblur oncanplay onchange onclick oncontextmenu oncopy oncuechange oncut ondblclick
+      ondrag ondrop ondurationchange onended onerror onfocus onhashchange oninvalid oninput onkey onload onmessage
+      onmouse ononline onoffline onpagehide onpageshow onpage onpaste onpause onplay onpopstate onprogress
+      onpropertychange onratechange onreadystatechange onreset onresize onscroll onsearch onseek onselect onshow
+      onstalled onstorage onsuspend ontimeupdate ontoggle onunloadonsubmit onvolumechange onwaiting onwheel
+    ].map { |pattern| /#{pattern}\w*\s*=/i }.freeze
+    SUSPICIOUS_PATTERNS = (UNSAFE_EVENT_PATTERNS + [
       /<script[\s>]/i,  # Script tags
-      /on\w{3,}\s*=/i,  # Inline event handlers like oncut, onload, onclick, etc.
       /javascript:/i,   # JavaScript in href/src attributes
       /<iframe[\s>]/i,  # Iframes
       /<object[\s>]/i,  # Object tags
       /<embed[\s>]/i,   # Embed tags
       /<base[\s>]/i,    # Base tags (can be used to manipulate URLs)
       /data:/i          # data: URLs (which can include scripts)
-    ].freeze
+    ]).freeze
     include ActionView::Helpers::NumberHelper
     include CamaleonCms::CamaleonHelper

data/app/uploaders/camaleon_cms_aws_uploader.rb CHANGED Viewed

@@ -5,6 +5,7 @@ class CamaleonCmsAwsUploader < CamaleonCmsUploader
     @aws_akey = @aws_settings[:access_key] || @current_site.get_option('filesystem_s3_access_key')
     @aws_asecret = @aws_settings[:secret_key] || @current_site.get_option('filesystem_s3_secret_key')
     @aws_bucket = @aws_settings[:bucket] || @current_site.get_option('filesystem_s3_bucket_name')
+    @aws_endpoint = @aws_settings[:endpoint] || @current_site.get_option('filesystem_s3_endpoint')
     @aws_settings[:aws_file_upload_settings] ||= ->(settings) { settings }
     @aws_settings[:aws_file_read_settings] ||= ->(data, _s3_file) { data }
   end
@@ -140,8 +141,14 @@ class CamaleonCmsAwsUploader < CamaleonCmsUploader
   def bucket
     @bucket ||= lambda {
       Aws.config.update({ region: @aws_region, credentials: Aws::Credentials.new(@aws_akey, @aws_asecret) })
-      s3 = Aws::S3::Resource.new
+      s3 = Aws::S3::Resource.new(resource_parameters)
       s3.bucket(@aws_bucket)
     }.call
   end
+  def resource_parameters
+    return {} if @aws_endpoint.blank?
+    { endpoint: @aws_endpoint }
+  end
 end

data/app/views/camaleon_cms/admin/settings/_file_system_settings.html.erb CHANGED Viewed

@@ -20,13 +20,13 @@
             <%= label_tag t('camaleon_cms.admin.settings.filesystem_region', default: 'filesystem_region') %> <small>(*)</small><br>
             <%= text_field :options, :filesystem_region, :class => "form-control required", value: @site.get_option("filesystem_region"), placeholder: 'us-west-2' %>
         </div>
-        <!--<div class="form-group">
-            <%#= label_tag t('camaleon_cms.admin.settings.filesystem_s3_endpoint', default: 'filesystem_s3_endpoint') %> <small>(*)</small><br>
-            <%#= text_field :options, :filesystem_s3_endpoint, :class => "form-control required", value: @site.get_option("filesystem_s3_endpoint"), placeholder: 's3-us-west-2.amazonaws.com' %>
-        </div>-->
+        <div class="form-group">
+            <%= label_tag t('camaleon_cms.admin.settings.filesystem_s3_endpoint', default: 'filesystem_s3_endpoint') %><br>
+            <%= text_field :options, :filesystem_s3_endpoint, :class => "form-control required", value: @site.get_option("filesystem_s3_endpoint"), placeholder: 's3-us-west-2.amazonaws.com' %>
+        </div>
         <div class="form-group">
             <%= label_tag t('camaleon_cms.admin.settings.filesystem_s3_cloudfront', default: 'Cloudfront URL') %><br>
             <%= text_field :options, :filesystem_s3_cloudfront, :class => "form-control", value: @site.get_option("filesystem_s3_cloudfront"), placeholder: 'https://cloudfront_id.cloudfront.net' %>
         </div>
     </div>
-</div>
+</div>

data/lib/camaleon_cms/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module CamaleonCms
-  VERSION = '2.8.3'.freeze
+  VERSION = '2.9.0'.freeze
 end

data/lib/plugin_routes.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: false
 require 'json'
 class PluginRoutes
   @@_vars = []

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: camaleon_cms
 version: !ruby/object:Gem::Version
-  version: 2.8.3
+  version: 2.9.0
 platform: ruby
 authors:
 - Owen Peredo Diaz
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-09-16 00:00:00.000000000 Z
+date: 2025-01-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: addressable
@@ -1152,7 +1152,7 @@ requirements:
 - rails >= 6.1
 - ruby >= 3.0
 - imagemagick
-rubygems_version: 3.5.18
+rubygems_version: 3.5.17
 signing_key:
 specification_version: 4
 summary: Camaleon is a CMS for Ruby on Rails as an alternative to Wordpress.