imagine_cms 3.0.33 → 4.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 3bf7289207050c175c1be6bc9765ac9836203aff
-  data.tar.gz: d8e9377fc8fcbfab30b47ee2f668e0b046a02a62
+  metadata.gz: c4924ffa8137573b21030d4e6f6b553e67cd092e
+  data.tar.gz: c285cd363f13dfdbed4c2ff566edee7388695aff
 SHA512:
-  metadata.gz: d0cc92cc05d455cf3239d07a816b3ffe04f8e4fe7bdbc99ea5c2a870f64f256ae3585b26bcf0540a0d079a44246fb86a08b04a0435c8336b10a8bcf168211237
-  data.tar.gz: 42addd9d003be5e8295db597a5a1518222f42190799c3b3c1d740b1c358c86638978ed00389c945523a19ea28dc6ceedbd01f8326893e5ae3321d25380d77f53
+  metadata.gz: 554ceaa5c17f2e223629180efcbf603f9bfe3cfcf5b3bbba489b06a08a323842fb7017c8a860e5e77251c636c3a2f0a95b55871723dfb263121932789a8f708e
+  data.tar.gz: f5c97979963f224c888129093f72a964684c06ff717454787751d972ff6adb967a86bbb98a68a4131214b6d5c38fc967d7e1156857c2b5be4d150ae50d7a9795

data/.ruby-version

@@ -1 +1 @@
-ruby-2.0.0
+ruby-2.1.3

data/README.rdoc

@@ -12,31 +12,41 @@ Imagine was created in the Rails 1.0 days, to run a large number of technically
 
 All that is now firmly in the past. By extracting Imagine functionality into a gem (a Rails Engine), we have achieved compatibility with Rails 3.2 and Ruby 1.9 and removed roadblocks to a future upgrade to Rails 4 and Ruby 2, all while remaining backwards compatible with the legacy Imagine CMS database structure.
 
-Of the three original phases of this project, two remain:
-
 * Imagine 3.0 (Rails 3.2, Ruby 1.9): [DONE] 90% restored functionality, no database changes.
-* Imagine 3.1 (Rails 3.2, Ruby 1.9/2.0): 100% restored functionality, plus a few extras. May require a few simple migrations.
-* Imagine 4.0 (Rails 4.0, Ruby 2.0): Upgrade to Rails 4; refactor & rewrite the worst parts (substitutions); drop ERB templating for something safer, like Liquid; switch to a cross-browser editor; drop Prototype for jQuery; modernize HTML, CSS, JS
+* Imagine 3.1 (Rails 3.2, Ruby 1.9/2.0): [DONE, but released as 3.0.x] 100% restored functionality, plus a few extras and fixes.
+* Imagine 4.0 (Rails 4.x, Ruby 2.1): [IN PROGRESS] Compatibility with Rails 4.0, 4.1, 4.2
+* Imagine 4.1 (Rails 4.x, Ruby 2.1): [PLANNED, Late 2014] Switch to a cross-browser editor
+* Imagine 5.0 (Rails 5.0, Ruby 2.2): [PLANNED, Early 2015] Compatibility with Rails 5.0
+
+In the future, there are plans to:
+* refactor & rewrite the worst parts (substitutions, galleries)
+* drop ERB templating for something safer
+* drop Prototype for jQuery
+* modernize the HTML, CSS, JS bits
+
+However, this will probably require forking off a separate project (imagine_cms_classic?) to avoid breaking existing sites, while also keeping up with Rails updates.
 
 (Imagine 1.x and 2.x version numbers have already been used internally, so we started at 3.0.)
 
 =Current Status
 
-Imagine 3.0 is finally ready for production use internally at Bigger Bird, but it's not quite ready for general use yet. Probably still buggy, not all functionality has been properly exercised, and there are no tests yet, I'll tackle this for 4.0 as I modernize the internals.
+Imagine 3.0 is ready for production use (v3.0-stable branch).
+
+Imagine 4.0 is in progress on master.
 
-One major feature is still missing: browser-based editing of view layouts and stylesheets. While convenient, this was probably not ever a good idea, so I'm working on a better solution. I've also added a new feature, uploaded images and files can be stored on S3 (galleries still live on the local disk).
+One major feature is still missing: browser-based editing of view layouts and stylesheets. While convenient, this was probably not ever a good idea, so I'm working on a better solution. We've also added a new feature, uploaded images and files can be stored on S3 (galleries still live on the local disk, so in a multiple app server setup, a shared filesystem is required).
 
-Unless you are already familiar with Imagine and/or interested in contributing to development, it might be best to wait until the second phase of this project (Imagine 4). Why? Well, the purpose of Imagine 3 is strictly to port legacy sites to Rails 3.2 as simply as possible. Imagine 3 will always be held back by its need to remain compatible with legacy installations dating back to 2006. The ERB templating language can be dangerous (it allows all Ruby, including shell escapes), and the editor (powered by an ancient version of Dojo) is still Firefox-only. It also uses Prototype, which has become a bit unfashionable these days.
+Unless you are already familiar with Imagine and/or interested in contributing to development, this project is not suitable for wider use just yet. Why? Well, the purpose of the Imagine gem at this point is strictly to upgrade legacy sites to modern versions of Rails as simply as possible. Until imagine_cms_classic is forked, this project will be held back by its need to remain compatible with legacy installations dating back to 2006. The ERB templating language can be dangerous (it allows all Ruby, including shell escapes), and the editor (powered by an ancient version of Dojo) is still Firefox-only. It also uses Prototype, which has become a bit unfashionable these days.
 
-Imagine 4 will be a clean break from all of these "traditions," and thus will be a good time to get on board.
+If we can make a clean break from all of these "traditions," that will be a good time to get on board.
 
 =Hosting
 
-Imagine 3 can run on most "standard" Rails hosting platforms, anything that uses Passenger, Unicorn, etc. On hosts that don't allow (or recommend) writing to the local filesystem (e.g. Heroku) you won't be able to use photo galleries or page caching, but other features should work (this has not been tested).
+Imagine can run on most "standard" Rails hosting platforms, anything that uses Passenger, Unicorn, etc. On hosts that don't allow (or recommend) writing to the local filesystem (e.g. Heroku) you won't be able to use photo galleries or page caching, but other features should work (this has not been tested).
 
 =Getting Help
 
-Get paid support and hosting for Imagine CMS straight from the people who made it: {Bigger Bird Creative, Inc.}[https://www.biggerbird.com] Neither is required, of course. :-) Free support is up top (Issues).
+Get paid support and hosting for Imagine CMS straight from the people who made it: {Bigger Bird Creative, Inc.}[https://www.biggerbird.com] Neither is required, of course. :-) (Free support via Issues.)
 
 =Customizing & Contributing
 
@@ -50,7 +60,7 @@ File/code changes:
 * Rename all .rhtml files to .html.erb, .rxml to .xml.builder
 * Find and replace: RAILS_ROOT => Rails.root
 * Find and replace: SITE_ROOT => Rails.root
-* Find and replace: RAILS_ENV => Rails.env (not all instances: constants only, leave environment variables)
+* Find and replace: RAILS_ENV => Rails.env (constants only! leave the environment variables)
 
 Assets:
 * Delete prototype.js, effect.js, controls.js, dragdrop.js, imagine.js, reset.css, manage.css; move everything else to assets

data/app/controllers/cms/content_controller.rb

@@ -1,5 +1,9 @@
 module Cms # :nodoc:
   class ContentController < ::ApplicationController # :nodoc:
+    include ActionController::Caching::Actions
+    include ActionController::Caching::Pages
+    self.page_cache_directory = "#{Rails.root}/public"
+    
     caches_action :rss_feed
     
     before_filter :convert_content_path
@@ -143,7 +147,7 @@ module Cms # :nodoc:
           params[:page] = 'index'
         end
         
-        if @pg = CmsPage.find_by_path(db_path.join('/'), :include => [ :template ])
+        if @pg = CmsPage.includes(:template).find_by_path(db_path.join('/'))
           if edit_mode
             redirect_to :controller => '/management/cms', :action => 'edit_page_content', :id => @pg and return true
           else
@@ -316,9 +320,10 @@ module Cms # :nodoc:
     end
     
     def preview_template
-      @pg = CmsPage.find(1)
+      @pg = CmsPage.new
       @pg.template = CmsTemplate.new
-      @pg.template.assign_attributes(params[:temp] || params[:snip] || {})
+      @pg.template.name = (params[:temp] || params[:snip])[:name] || 'New Template'
+      @pg.template.content = (params[:temp] || params[:snip])[:content]
       @page_objects = HashObject.new
       render :inline => substitute_placeholders(@pg.template.content, @pg), :layout => 'application'
     end
@@ -374,21 +379,21 @@ module Cms # :nodoc:
       template_content.gsub!(/<(%.*?\%x\s?\[.*?\s*%)>/, '&lt;\1&gt;')
       template_content.gsub!(/<(%.*?\`.*?\s*%)>/, '&lt;\1&gt;')
       
-      silence do
+      # silence do
         template_content = render_to_string(:inline => template_content,
                                             :locals => { :page => page, :safe_level => 0 })
-      end
+      # end
       
       template_content = substitute_placeholders(template_content, page)
       template_content.gsub!(/<(%.*?(exec|system)\s?\(.*?\s*%)>/, '&lt;\1&gt;')
       template_content.gsub!(/<(%.*?\%x\s?\[.*?\s*%)>/, '&lt;\1&gt;')
       template_content.gsub!(/<(%.*?\`.*?\s*%)>/, '&lt;\1&gt;')
       
-      silence do
+      # silence do
         template_content = render_to_string(:inline => template_content,
                                             :layout => 'application',
                                             :locals => { :page => page })
-      end
+      # end
       
       template_content
     end

data/app/controllers/management/cms_controller.rb

@@ -1,4 +1,7 @@
 class Management::CmsController < Management::ApplicationController # :nodoc:
+  include ActionController::Caching::Pages
+  self.page_cache_directory = "#{Rails.root}/public"
+  
   before_filter :check_permissions
   before_filter :block_basic_users, :except => [
     :index, :edit_page_content,
@@ -18,7 +21,7 @@ class Management::CmsController < Management::ApplicationController # :nodoc:
     :image_details, :update_caption,
     :delete_photo, :delete_gallery,
     
-    :pages, :list_pages, :edit_page, :page_attribute, :set_page_version
+    :pages, :list_pages, :edit_page, :show_template_options, :page_attribute, :set_page_version
   ]
   
   before_filter :convert_invalid_chars_in_params
@@ -30,7 +33,7 @@ class Management::CmsController < Management::ApplicationController # :nodoc:
   
   def check_permissions
     if !user_has_permission?(:manage_cms)
-      render '/imagine_cms/errors/permission_denied'
+      render '/imagine_cms/errors/permission_denied', :layout => false
       return false
     end
   end
@@ -66,7 +69,7 @@ class Management::CmsController < Management::ApplicationController # :nodoc:
       end
     end
     
-    return true
+    true
   end
   
   
@@ -74,14 +77,14 @@ class Management::CmsController < Management::ApplicationController # :nodoc:
   end
   
   def templates
-    @temps = CmsTemplate.find(:all, :order => 'name')
+    @temps = CmsTemplate.order(:name)
   end
   
   def edit_template
     @temp = CmsTemplate.find_by_id(params[:id]) || CmsTemplate.new
     
     if request.post?
-      @temp.assign_attributes(params[:temp])
+      @temp.assign_attributes(cms_template_params)
       
       begin
         @pg = CmsPage.new
@@ -108,14 +111,14 @@ class Management::CmsController < Management::ApplicationController # :nodoc:
   end
   
   def snippets
-    @snippets = CmsSnippet.find(:all, :order => 'name')
+    @snippets = CmsSnippet.order(:name)
   end
   
   def edit_snippet
     @snip = CmsSnippet.find_by_id(params[:id]) || CmsSnippet.new
     
     if request.post?
-      @snip.assign_attributes(params[:snip])
+      @snip.assign_attributes(cms_snippet_params)
       
       begin
         @pg = CmsPage.new
@@ -199,7 +202,7 @@ class Management::CmsController < Management::ApplicationController # :nodoc:
         params[:pg][:expiration_date] = date if params[:pg][:expires] == 'true'
       end
       
-      @pg.assign_attributes(params[:pg])
+      @pg.assign_attributes(cms_page_params)
       unless params[:use_article_date_range].to_i > 0
         @pg.article_end_date = nil
       end
@@ -207,9 +210,7 @@ class Management::CmsController < Management::ApplicationController # :nodoc:
       @pg.updated_by_username ||= session[:user_username]
       @pg.published_version = 0 if @pg.respond_to?(:redirect_enabled) && @pg.redirect_enabled
       
-      save_function = @pg.new_record? ? 'save' : 'save_without_revision'
-      
-      if @pg.send(save_function)
+      if @pg.send(@pg.new_record? ? :save : :save_without_revision)
         # now try to save tags
         # begin
           existing_tags = @pg.tags.map(&:name)
@@ -262,8 +263,9 @@ class Management::CmsController < Management::ApplicationController # :nodoc:
         
       else
         # save failed, display errors
+        logger.error "Save failed: #{CmsPage.without_revision { @pg.save }} #{@pg.errors.full_messages.join('; ')}"
         render :update do |page|
-          page.replace_html 'save_errors', @pg.errors.full_messages.join('<br/>')
+          page.replace_html 'save_errors', @pg.errors.full_messages.join('<br>')
           page << "try { $('btn_next').disabled = false; } catch (e) {}"
           page << "try { $('btn_finish').disabled = false; } catch (e) {}"
           page << "try { $('btn_save').disabled = false; $('btn_save').value = 'Save'; } catch (e) {}"
@@ -342,7 +344,7 @@ class Management::CmsController < Management::ApplicationController # :nodoc:
     
     if request.get?
       @pg.revert_to(params[:version]) if params[:version]
-      @pg.objects.find(:all, :conditions => [ 'cms_page_version = ?', @pg.version ]).each do |obj|
+      @pg.objects.where(:cms_page_version => @pg.version).each do |obj|
         key = "obj-#{obj.obj_type.to_s}-#{obj.name}"
         @page_objects[key] = obj.content.html_safe
       end
@@ -523,7 +525,7 @@ class Management::CmsController < Management::ApplicationController # :nodoc:
   end
   
   def page_tags_for_lookup
-    @tags = CmsPageTag.find(:all, :order => 'name').map { |tag| tag.name }.uniq
+    @tags = CmsPageTag.order(:name).map { |tag| tag.name }.uniq
     headers['content-type'] = 'text/javascript'
     render :layout => false
   end
@@ -568,7 +570,7 @@ class Management::CmsController < Management::ApplicationController # :nodoc:
       begin
         Mailer.deliver_cms_request_review(url_for(:controller => '/cms/content', :action => 'show', :content_path => []) + @pg.path, @pg.title, @version, u, @user, params[:change_description].to_s)
       rescue Exception => e
-        log_error(e)
+        logger.error(e)
       end
     end
     
@@ -796,7 +798,7 @@ class Management::CmsController < Management::ApplicationController # :nodoc:
           File.unlink(localfile) if localfile != jpgfile
           
         rescue Exception => e
-          log_error(e)
+          logger.error(e)
         end
       end
     end
@@ -1059,12 +1061,12 @@ class Management::CmsController < Management::ApplicationController # :nodoc:
             zipentry.extract(localfile)
             last_id += 1
           rescue Exception => e
-            log_error(e)
+            logger.error(e)
           end
         end
       rescue Exception => e
         logger.debug params.inspect
-        log_error(e)
+        logger.error(e)
         finish_upload_status "''" and return
       end
       
@@ -1357,27 +1359,42 @@ class Management::CmsController < Management::ApplicationController # :nodoc:
   
   
   protected
-  
+    
+    def cms_page_params
+      params.require(:pg).permit(:cms_template_id, :cms_template_version, :parent_id, :published_version,
+                                 :name, :title, :path, :html_head, :summary, :position,
+                                 :article_date, :article_end_date, :published_date, :expiration_date, :expires,
+                                 :thumbnail_path, :feature_image_path, :redirect_enabled, :redirect_to)
+    end
+    
+    def cms_template_params
+      params.require(:temp).permit(:name, :content)
+    end
+    
+    def cms_snippet_params
+      params.require(:snip).permit(:name, :content)
+    end
+    
     def load_page_objects
       @page_objects = HashObject.new
       @template_options = HashObject.new
       
       if @pg.new_record? && @parent
-        @parent.objects.find(:all, :conditions => [ "obj_type = 'attribute'" ]).each do |obj|
+        @parent.objects.where(:obj_type => 'attribute').each do |obj|
           key = "obj-#{obj.obj_type.to_s}-#{obj.name}"
           @page_objects[key] = obj.content
         end
-        @parent.objects.find(:all, :conditions => [ "obj_type = 'option'" ]).each do |obj|
+        @parent.objects.where(:obj_type => 'option').each do |obj|
           key = "obj-#{obj.obj_type.to_s}-#{obj.name}"
           @page_objects[key] = obj.content
         end
       else
-        @tags = @pg.tags.collect { |t| t.name }.join(', ')
-        @pg.objects.find(:all, :conditions => [ "obj_type = 'attribute'" ]).each do |obj|
+        @tags = @pg.tags.map { |t| t.name }.join(', ')
+        @pg.objects.where(:obj_type => 'attribute').each do |obj|
           key = "obj-#{obj.obj_type.to_s}-#{obj.name}"
           @page_objects[key] = obj.content
         end
-        @pg.objects.find(:all, :conditions => [ "obj_type = 'option'" ]).each do |obj|
+        @pg.objects.where(:obj_type => 'option').each do |obj|
           key = "obj-#{obj.obj_type.to_s}-#{obj.name}"
           @page_objects[key] = obj.content
         end
@@ -1503,7 +1520,7 @@ class Management::CmsController < Management::ApplicationController # :nodoc:
           # some error handling here
           session[:broken_galleries] << File.basename(g)
           
-          log_error(e)
+          logger.error(e)
         end
       end
     end

data/app/helpers/cms_application_helper.rb

@@ -1,69 +1,5 @@
 module CmsApplicationHelper
   
-  # Saves the current request to the session so that it can be replayed later
-  # (for example, after authentication). Only params of type String, Hash and
-  # Array will be saved. save_request is called in a before_filter in
-  # application.rb.
-  #
-  # Two levels of saved params are required so that params can be unsaved in
-  # the event of a 404 or other event that would make the current param set an
-  # unlikely or undesirable candidate for replaying.
-  def save_user_request
-    return if params[:action] == 'login'
-    
-    session[:old_saved_user_uri] = session[:saved_user_uri];
-    session[:old_saved_user_params] = session[:saved_user_params] || {};
-    saved_params = params.reject { |k, v| !(v.kind_of?(String) || v.kind_of?(Hash) || v.kind_of?(Array)) }
-    saved_params.each { |key, val| saved_params[key] = val.reject { |k, v| !(v.kind_of?(String) || v.kind_of?(Hash) || v.kind_of?(Array)) } if val.kind_of?(Hash) }
-    session[:saved_user_uri] = request.url
-    session[:saved_user_params] = saved_params
-  end
-  
-  # Returns a User object corresponding to the currently logged in user, or returns false
-  # and redirects to the login page if not logged in.
-  def authenticate_user
-    # if user is not logged in, record the current request and redirect
-    if !session[:user_authenticated]
-      if User.find(:all).size == 0
-        flash[:notice] = 'No users exist in the system. Please create one now.'
-        redirect_to :controller => '/management/user', :action => 'create_first'
-      else
-        flash[:notice] = 'This is an admin-only function. To continue, please log in.'
-        save_user_request
-        redirect_to :controller => '/management/user', :action => 'login'
-      end
-      
-      return false
-    end
-    
-    @user = User.find(session[:user_id]) rescue nil
-    session[:user_is_superuser] = @user.is_superuser? rescue nil
-    
-    @user
-  end
-  
-  # Takes a symbol/string or array of symbols/strings and returns true if user has all
-  # of the named permissions.
-  def user_has_permissions?(*permission_set)
-    return false if !(@user ||= authenticate_user)
-    
-    permission_set = [ permission_set ] unless permission_set.is_a?(Array)
-    
-    if session[:user_is_superuser]
-      permission_set.each { |perm| session["user_can_#{perm}".to_sym] = true }
-      return true
-    end
-    
-    has_permissions = true
-    permission_set.each do |perm|
-      session["user_can_#{perm}".to_sym] = (@user.send("can_#{perm}").to_i == 1)
-      has_permissions = has_permissions && session["user_can_#{perm}".to_sym]
-    end
-    
-    has_permissions
-  end
-  alias :user_has_permission? :user_has_permissions?
-  
   # Returns true if a Member is logged in.
   def is_logged_in?
     session[:authenticated]
@@ -104,21 +40,21 @@ module CmsApplicationHelper
   
   ### COMPAT: convert_content_path
   def convert_content_path
-    logger.debug "DEPRECATION WARNING (Imagine CMS) WARNING: convert_content_path called"
+    # logger.debug "DEPRECATION WARNING (Imagine CMS) WARNING: convert_content_path called"
     params[:content_path] = params[:content_path].to_s.split('/') rescue []
   end
   
   ### COMPAT - template_exists?
   def template_exists?(template, extension = nil)
     # ignore extension
-    logger.debug("DEPRECATION WARNING (Imagine CMS) WARNING: template_exists? called")
+    # logger.debug("DEPRECATION WARNING (Imagine CMS) WARNING: template_exists? called")
     partial = File.join(File.dirname(template), '_' + File.basename(template))
     lookup_context.find_all(template).any? || lookup_context.find_all(partial).any?
   end
   
   ### COMPAT - template_exists?
   def url_for_current
-    logger.debug("DEPRECATION WARNING (Imagine CMS) WARNING: url_for_current called")
+    # logger.debug("DEPRECATION WARNING (Imagine CMS) WARNING: url_for_current called")
     request.fullpath
   end
   
@@ -134,13 +70,6 @@ module CmsApplicationHelper
     return ''
   end
   
-  ### COMPAT - log_error
-  def log_error(e)
-    # noop
-    logger.debug("DEPRECATION WARNING (Imagine CMS) WARNING: log_error called")
-    logger.error(e)
-  end
-  
   def convert_invalid_chars_in_params
     dig_deep(params) { |s| convert_invalid_chars!(s) }
   end
@@ -291,21 +220,12 @@ module CmsApplicationHelper
     end
     
     @page_objects = HashObject.new
-    conditions = [ 'cms_page_version = ?' ]
-    cond_vars = [ @pg.version ]
-    
-    if obj_type
-      conditions << 'obj_type = ?'
-      cond_vars << obj_type
-    end
-    if name
-      conditions << 'name = ?'
-      cond_vars << name
-    end
+    query = @pg.objects.where(:cms_page_version => @pg.version)
+    query = query.where(:obj_type => obj_type) if obj_type
+    query = query.where(:name => name) if name
+    query.each { |obj| @page_objects["obj-#{obj.obj_type.to_s}-#{obj.name}"] = obj.content }
     
-    @pg.objects.find(:all, :conditions => [ conditions.join(' and ') ].concat(cond_vars)).each do |obj|
-      @page_objects["obj-#{obj.obj_type.to_s}-#{obj.name}"] = obj.content
-    end
+    @page_objects
   end
   
   def page_list_items(pg, key, options = {})
@@ -423,17 +343,17 @@ module CmsApplicationHelper
         if f.expand_folders && f.expand_folders == 'false'
           f.src = f.src.slice(1...f.src.length) if f.src.slice(0,1) == '/'
           parent_page = CmsPage.find_by_path(f.src)
-          pages.concat parent_page.children.find(:all, :include => [ :tags ], :conditions => [ conditions.join(' and ') ].concat(cond_vars))
+          pages.concat parent_page.children.includes(:tags).where([ conditions.join(' and ') ].concat(cond_vars)).to_a
         else
           if f.src == '/'
-            pages.concat CmsPage.find(:all, :include => [ :tags ], :conditions => [ conditions.join(' and ') ].concat(cond_vars))
+            pages.concat CmsPage.includes(:tags).where([ conditions.join(' and ') ].concat(cond_vars))
           else
             f.src = f.src.slice(1...f.src.length) if f.src.slice(0,1) == '/'
             fconditions = conditions.dup
             fconditions << 'path like ?'
             fcond_vars = cond_vars.dup
             fcond_vars << f.src+'/%'
-            pages.concat CmsPage.find(:all, :include => [ :tags ], :conditions => [ fconditions.join(' and ') ].concat(fcond_vars))
+            pages.concat CmsPage.includes(:tags).where([ fconditions.join(' and ') ].concat(fcond_vars))
           end
         end
       rescue Exception => e
@@ -443,7 +363,7 @@ module CmsApplicationHelper
     
     # pull all include tag content
     include_tags.each do |tag|
-      pages.concat CmsPageTag.find_all_by_name(tag, :include => [ :page ], :conditions => [ conditions.join(' and ') ].concat(cond_vars)).map { |cpt| cpt.page }
+      pages.concat CmsPageTag.where(:name => tag).includes(:page).references(:page).where([ conditions.join(' and ') ].concat(cond_vars)).map { |cpt| cpt.page }
     end
     
     # dump anything that has an excluded tag
@@ -533,10 +453,10 @@ module CmsApplicationHelper
     end
     
     # next, page object attributes and template options (from page properties)
-    page.objects.find(:all, :conditions => [ "obj_type = 'attribute'" ]).each do |obj|
+    page.objects.where(:obj_type => 'attribute').each do |obj|
       temp.gsub!(/<#\s*#{obj.name}\s*#>/, (obj.content || '').to_s)
     end
-    page.objects.find(:all, :conditions => [ "obj_type = 'option'" ]).each do |obj|
+    page.objects.where(:obj_type => 'option').each do |obj|
       temp.gsub!(/<#\s*option_#{obj.name.gsub(/[^\w\d]/, '_')}\s*#>/, obj.content || '')
     end
     
@@ -608,7 +528,7 @@ module CmsApplicationHelper
     @template_options[name] = type
     
     key = name.gsub(/[^\w\d]/, '_')
-    obj = @pg.objects.find_by_name("#{type}-#{key}", :conditions => [ "obj_type = 'option'" ])
+    obj = @pg.objects.where(:name => "#{type}-#{key}", :obj_type => 'option').first
     return nil unless obj
     
     case type
@@ -937,7 +857,7 @@ EOF
     
     first_of_month = Time.utc(@year, @month, 1)
     last_of_month = first_of_month.end_of_month
-    events = @calendar.events.find(:all, :conditions => [ 'start_date >= ? and start_date <= ?', first_of_month, last_of_month ])
+    events = @calendar.events.where('start_date >= ? and start_date <= ?', first_of_month, last_of_month)
       
     @event_days = {}
     events.each do |e|

data/app/models/cms_page.rb

@@ -2,13 +2,6 @@ class CmsPage < ActiveRecord::Base
   include ActiveModel::Dirty
   include ActsAsTree
   
-  attr_accessible :cms_template_id, :cms_template_version, :parent_id,
-                  :name, :title, :path, :html_head, :summary, :position,
-                  :article_date, :article_end_date, :published_date, :expiration_date, :expires,
-                  :thumbnail_path, :feature_image_path, :comment_count, :version, :published_version,
-                  :search_index, :updated_by, :updated_by_username,
-                  :redirect_enabled, :redirect_to
-  
   acts_as_versioned
   acts_as_tree :order => 'path'
   
@@ -16,7 +9,7 @@ class CmsPage < ActiveRecord::Base
   has_many :objects, :class_name => 'CmsPageObject', :dependent => :destroy
   has_many :tags, :class_name => 'CmsPageTag', :dependent => :destroy
   has_many :versions, :class_name => 'CmsPageVersion', :dependent => :destroy
-  has_many :sub_pages, :class_name => 'CmsPage', :foreign_key => :parent_id, :conditions => [ 'published_version >= 0' ], :order => 'position, title, name'
+  has_many :sub_pages, -> { where('published_version >= 0').order(:position, :title, :name) }, :class_name => 'CmsPage', :foreign_key => :parent_id
   
   validates_format_of :name, :with => /\A[-\w\d%]+\Z/
   validates_uniqueness_of :path, :message => 'conflicts with an existing page'
@@ -60,12 +53,12 @@ class CmsPage < ActiveRecord::Base
   end
   
   def self.index_all
-    CmsPage.find(:all, :conditions => [ 'search_index is null' ]).each { |pg| pg.update_index ; pg.save_without_revision }
+    where('search_index is null').each(&:update_index!)
     true
   end
   
   def self.reindex_all
-    CmsPage.find(:all).each { |pg| pg.update_index ; pg.save_without_revision }
+    find_each(&:update_index!)
     true
   end
   
@@ -102,6 +95,11 @@ class CmsPage < ActiveRecord::Base
     self.search_index = sanitize_index(content)
   end
   
+  def update_index!
+    update_index
+    self.class.without_revision { save }
+  end
+  
   def set_parent_id!(new_id)
     self.parent_id = new_id
     self.save_without_revision
@@ -116,24 +114,25 @@ class CmsPage < ActiveRecord::Base
   def article_date_yr    ; article_date.strftime("%y").to_i ; end
   
   
-  private
-  
-  def sanitize_index(html)
-    return html if html.blank?
-    if html.index("<")
-      text = ""
-      tokenizer = HTML::Tokenizer.new(html)
+  protected
+    
+    def sanitize_index(html)
+      return html if html.blank?
+      if html.index("<")
+        text = ""
+        tokenizer = HTML::Tokenizer.new(html)
       
-      while token = tokenizer.next
-        node = HTML::Node.parse(nil, 0, 0, token, false)
-        # result is only the content of any Text nodes
-        text << node.to_s if node.class == HTML::Text  
-      end
-      # strip any comments, and if they have a newline at the end (ie. line with
-      # only a comment) strip that too, as well as any erb stuff
-      text.gsub(/<!--(.*?)-->[\n]?/m, "").gsub(/\<%.*?%\>/m, '').gsub(/&\w+;/, '')
-    else
-      html # already plain text
-    end 
-  end
+        while token = tokenizer.next
+          node = HTML::Node.parse(nil, 0, 0, token, false)
+          # result is only the content of any Text nodes
+          text << node.to_s if node.class == HTML::Text  
+        end
+        # strip any comments, and if they have a newline at the end (ie. line with
+        # only a comment) strip that too, as well as any erb stuff
+        text.gsub(/<!--(.*?)-->[\n]?/m, "").gsub(/\<%.*?%\>/m, '').gsub(/&\w+;/, '')
+      else
+        html # already plain text
+      end 
+    end
+    
 end

data/app/models/cms_page_object.rb

@@ -1,5 +1,5 @@
 class CmsPageObject < ActiveRecord::Base
-  attr_accessible :name, :obj_type
+  # attr_accessible :name, :obj_type
   
   belongs_to :page, :class_name => 'CmsPage', :foreign_key => 'cms_page_id'
   

data/app/models/cms_page_tag.rb

@@ -1,5 +1,5 @@
 class CmsPageTag < ActiveRecord::Base
-  attr_accessible :name
+  # attr_accessible :name
   
   belongs_to :page, :class_name => 'CmsPage', :foreign_key => 'cms_page_id'
   

data/app/models/cms_snippet.rb

@@ -1,8 +1,6 @@
 class CmsSnippet < ActiveRecord::Base
   acts_as_versioned
   
-  attr_accessible :name, :content
-  
   def content=(value)
     if value && value.is_a?(String)
       # filter suspicious content... go overboard for now, fine-tune later perhaps

data/app/models/cms_template.rb

@@ -1,15 +1,12 @@
 class CmsTemplate < ActiveRecord::Base
   acts_as_versioned
   
-  attr_accessible :name, :content
   attr_accessor :options
   
   has_many :pages, :class_name => 'CmsPage'
   
-  def after_find
-    require 'yaml'
-    @options = YAML.load(self.options_yaml) if self.options_yaml
-  end
+  after_find :deserialize_yaml
+  before_save :serialize_yaml
   
   def content=(value)
     if value && value.is_a?(String)
@@ -21,8 +18,11 @@ class CmsTemplate < ActiveRecord::Base
     super(value)
   end
   
-  def before_save
-    require 'yaml'
+  def deserialize_yaml
+    @options = YAML.load(self.options_yaml) if self.options_yaml
+  end
+  
+  def serialize_yaml
     self.options_yaml = YAML.dump(@options)
   end
   

data/app/models/user.rb

@@ -2,7 +2,7 @@ class User < ActiveRecord::Base # :nodoc:
   require 'dynamic_methods'
   include DynamicMethods
   
-  attr_accessible :first_name, :last_name
+  # attr_accessible :first_name, :last_name
   attr_reader :password # :nodoc:
   
   has_and_belongs_to_many :groups, :class_name => 'UserGroup', :join_table => 'user_group_memberships'

data/app/sweepers/cms_content_sweeper.rb

@@ -10,12 +10,16 @@ class CmsContentSweeper < ActionController::Caching::Sweeper
   end
   
   def delete_all_cached_pages
-    # expire home page
-    expire_page :controller => 'cms/content', :action => 'show', :content_path => nil
-    
-    # expire all other pages
-    CmsPage.select([ :id, :path ]).find_each do |page|
-      expire_page :controller => 'cms/content', :action => 'show', :content_path => page.path.split('/')
+    if File.expand_path(Management::CmsController.page_cache_directory) == File.expand_path("#{Rails.root}/public")
+      # expire home page
+      expire_page :controller => 'cms/content', :action => 'show', :content_path => nil
+      
+      # expire all other pages
+      CmsPage.select([ :id, :path ]).find_each do |page|
+        expire_page :controller => 'cms/content', :action => 'show', :content_path => page.path.split('/')
+      end
+    else
+      FileUtils.rm_r(Dir.glob("#{cache_dir}/*")) rescue Errno::ENOENT
     end
   end
   

data/app/views/imagine_cms/_header.html.erb

@@ -38,4 +38,4 @@
 <%- end -%>
 
 <%=raw @cms_head %>
-<%= @pg.html_head.html_safe if @pg && @pg.respond_to?(:html_head) %>
+<%=raw @pg.html_head if @pg && @pg.respond_to?(:html_head) %>

data/app/views/management/cms/_edit_page.html.erb

@@ -53,7 +53,7 @@
   <tr class="page-field">
     <td valign="top"><div style="margin-top: 4px;">Template:</div></td>
     <td>
-      <%= select :pg, :cms_template_id, CmsTemplate.find(:all, :order => 'name').collect { |t| [ t.name, t.id ] }, {}, :class => 'form', :style => 'width: 100%;' %>
+      <%= select :pg, :cms_template_id, CmsTemplate.order(:name).map { |t| [ t.name, t.id ] }, {}, :class => 'form', :style => 'width: 100%;' %>
       
       <div id="edit_page_template_options">
         <%= render :partial => 'template_options' %>

data/app/views/management/cms/edit_template.html.erb

@@ -39,7 +39,7 @@
     </td>
   </tr>
 </table>
-<% end -%>
+<% end %>
 
 
 <%= form_tag({ :controller => '/cms/content', :action => 'preview_template' }, :id => 'preview_form', :target => 'preview_frame') do %>

data/config/routes.rb

@@ -1,13 +1,12 @@
 Rails.application.routes.draw do
-  
   # management
-  match 'manage'                                => 'management/default#index'
-  match 'manage/login'                          => 'management/user#login'
-  match 'manage/logout'                         => 'management/user#logout'
-  match 'manage/user(/:action(/:id))'           => 'management/user'
+  match 'manage'                                => 'management/default#index', :via => [ :get ]
+  match 'manage/login'                          => 'management/user#login', :via => [ :get, :post ]
+  match 'manage/logout'                         => 'management/user#logout', :via => [ :get, :post ]
+  match 'manage/user(/:action(/:id))'           => 'management/user', :via => [ :get, :post ]
   
-  match 'manage/cms/preview_template'           => 'cms/content#preview_template'
-  match 'manage/cms(/:action(/:id))'            => 'management/cms'
+  match 'manage/cms/preview_template'           => 'cms/content#preview_template', :via => [ :post ]
+  match 'manage/cms(/:action(/:id))'            => 'management/cms', :via => [ :get, :post ]
   
   # slowly convert to resourceful routes
   # match 'manage/users(/:action(/:id))'          => 'management/users'
@@ -20,11 +19,10 @@ Rails.application.routes.draw do
     end
   # end
   
-  match 'util/date_picker'                      => 'util#date_picker', :as => :date_picker
+  match 'util/date_picker'                      => 'util#date_picker', :as => :date_picker, :via => [ :get, :post ]
   
   # primary CMS content routes
   root :to => 'cms/content#show'
-  match 'rss/:page_id/:page_list_name'          => 'cms/content#rss_feed'
-  match '*content_path'                         => 'cms/content#show'
-  
+  match 'rss/:page_id/:page_list_name'          => 'cms/content#rss_feed', :via => [ :get ]
+  match '*content_path'                         => 'cms/content#show', :via => [ :get, :post ]
 end

data/db/migrate/20140423085358_add_redirect_fields_to_cms_page_versions.rb

@@ -0,0 +1,6 @@
+class AddRedirectFieldsToCmsPageVersions < ActiveRecord::Migration
+  def change
+    add_column :cms_page_versions, :redirect_enabled, :boolean, :null => false, :default => false
+    add_column :cms_page_versions, :redirect_to, :text
+  end
+end

data/imagine_cms.gemspec

@@ -19,23 +19,27 @@ Gem::Specification.new do |s|
   s.required_rubygems_version = '>= 1.8.11'
 
   s.license = 'AGPLv3'
-  
+
   s.rubyforge_project = "imagine_cms"
 
   s.files         = `git ls-files`.split("\n")
   s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
   s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
   s.require_paths = ["lib"]
-  
-  s.add_dependency "rails",               "~> 3.2.16"
-  s.add_dependency "prototype-rails",     "~> 3.2.0"
+
+  s.add_dependency "rails",               [ ">= 4.0.9", "< 5.0" ]
+  s.add_dependency "rails-observers",     "~> 0.1"
+  s.add_dependency "actionpack-action_caching", "~> 1.0"
+  s.add_dependency "actionpack-page_caching", "~> 1.0"
+  s.add_dependency "prototype-rails",     "~> 4.0.0"
   s.add_dependency "aws-s3",              "~> 0.6.3"
   s.add_dependency "rmagick"
   s.add_dependency "mini_magick",         "~> 3.3"
   s.add_dependency "rubyzip",             "~> 1.0"
   s.add_dependency "rinku",               "~> 1.7.2"
-  s.add_dependency "net-dns",             "~> 0.7.1"
+  s.add_dependency "net-dns",             "~> 0.7"
   s.add_dependency "acts_as_tree",        "~> 1.1"
-  
+  s.add_dependency "safe_yaml"
+
   s.add_development_dependency "sqlite3"
 end

data/lib/auto_link_email_addresses.rb

@@ -10,7 +10,7 @@ module ActionView::Helpers::TextHelper
     re = %r{
             (<\w+[^\<\>]*?\>|[\s[:punct:]]|mailto:|^) # leading text
             (
-              [\w\.\!\#\$\%\-\+\.]+                   # username
+              [\w\.\!\#\$\%\-\+\.\/]+                 # username
               \@
               [-\w]+                                  # subdomain or domain
               (?:\.[-\w]+)+                           # remaining subdomains or domain

data/lib/extensions/action_controller.rb

@@ -4,6 +4,64 @@ module ActionControllerExtensions
   end
   
   module InstanceMethods
+    
+    # Takes a symbol/string or array of symbols/strings and returns true if user has all
+    # of the named permissions.
+    def user_has_permissions?(*permission_set)
+      return false if !(@user ||= authenticate_user)
+      
+      permission_set = [ permission_set ] unless permission_set.is_a?(Array)
+      
+      if session[:user_is_superuser]
+        permission_set.each { |perm| session["user_can_#{perm}".to_sym] = true }
+        return true
+      end
+      
+      has_permissions = true
+      permission_set.each do |perm|
+        session["user_can_#{perm}".to_sym] = (@user.send("can_#{perm}").to_i == 1)
+        has_permissions = has_permissions && session["user_can_#{perm}".to_sym]
+      end
+      
+      has_permissions
+    end
+    alias :user_has_permission? :user_has_permissions?
+    
+    # Saves the current request to the session so that it can be replayed later
+    # (for example, after authentication). Only params of type String, Hash and
+    # Array will be saved. save_request is called in a before_filter in
+    # application.rb.
+    #
+    # Two levels of saved params are required so that params can be unsaved in
+    # the event of a 404 or other event that would make the current param set an
+    # unlikely or undesirable candidate for replaying.
+    def save_user_request
+      return if params[:action] == 'login'
+      
+      session[:old_saved_user_uri] = session[:saved_user_uri];
+      session[:old_saved_user_params] = session[:saved_user_params] || {};
+      saved_params = params.reject { |k, v| !(v.kind_of?(String) || v.kind_of?(Hash) || v.kind_of?(Array)) }
+      saved_params.each { |key, val| saved_params[key] = val.reject { |k, v| !(v.kind_of?(String) || v.kind_of?(Hash) || v.kind_of?(Array)) } if val.kind_of?(Hash) }
+      session[:saved_user_uri] = request.url
+      session[:saved_user_params] = saved_params
+    end
+    
+    # Returns a User object corresponding to the currently logged in user, or returns false
+    # and redirects to the login page if not logged in.
+    def authenticate_user
+      # if user is not logged in, record the current request and redirect
+      if !session[:user_authenticated]
+        flash[:notice] = 'This is an admin-only function. To continue, please log in.'
+        save_user_request
+        redirect_to :controller => '/management/user', :action => 'login' and return false
+      end
+      
+      @user = User.find(session[:user_id]) rescue nil
+      session[:user_is_superuser] = @user.is_superuser? rescue nil
+      
+      @user
+    end
+    
     def expire_session_data # :nodoc:
       # make sure this is not the first run (session being initialized)
       if session[:last_active]

data/lib/imagine_cms/engine.rb

@@ -8,6 +8,12 @@ module ImagineCms
     
     initializer "imagine_cms.assets.precompile" do |config|
       Rails.application.config.assets.precompile += %w( codepress/** dojo/** management.css imagine_controls.css reset.css )
+      # Rails.application.config.load_paths << File.dirname(__FILE__) + "/../app/helpers"
+    end
+    
+    initializer 'imagine_cms.load_helpers' do |app|
+      ActionController::Base.send :include, CmsApplicationHelper
+      # ActionView::Base.send :include, CmsApplicationHelper
     end
     
     def self.activate
@@ -24,6 +30,9 @@ module ImagineCms
     #
     # activate gems as needed
     #
+    require 'rails-observers'
+    require 'actionpack/action_caching'
+    require 'actionpack/page_caching'
     require 'prototype-rails'
     require 'aws/s3'
     require 'RMagick'
@@ -32,6 +41,7 @@ module ImagineCms
     require 'rails_rinku'
     require 'net/dns'
     require 'acts_as_tree'
+    require 'safe_yaml'
     
     #
     # rails plugins
@@ -70,9 +80,8 @@ module ImagineCms
       include PrototypeHelper  # from prototype_legacy_helper
       helper PrototypeHelper
       
-      include CmsApplicationHelper
-      helper CmsApplicationHelper
-      
+      helper_method :user_has_permission?
+      helper_method :user_has_permissions?
       helper_method :insert_object
       
       # before_filter :create_settings_object, :set_default_session_values, :check_ssl_requirement, :expire_session_data

data/lib/imagine_cms/version.rb

@@ -1,3 +1,3 @@
 module ImagineCms
-  VERSION = "3.0.33"
+  VERSION = "4.0.0"
 end

metadata

@@ -1,153 +1,215 @@
 --- !ruby/object:Gem::Specification
 name: imagine_cms
 version: !ruby/object:Gem::Version
-  version: 3.0.33
+  version: 4.0.0
 platform: ruby
 authors:
 - Aaron Namba
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-07-13 00:00:00.000000000 Z
+date: 2014-09-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 3.2.16
+        version: 4.0.9
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '5.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 4.0.9
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '5.0'
+- !ruby/object:Gem::Dependency
+  name: rails-observers
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.1'
+- !ruby/object:Gem::Dependency
+  name: actionpack-action_caching
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+- !ruby/object:Gem::Dependency
+  name: actionpack-page_caching
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.2.16
+        version: '1.0'
 - !ruby/object:Gem::Dependency
   name: prototype-rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.2.0
+        version: 4.0.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.2.0
+        version: 4.0.0
 - !ruby/object:Gem::Dependency
   name: aws-s3
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: 0.6.3
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: 0.6.3
 - !ruby/object:Gem::Dependency
   name: rmagick
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: mini_magick
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '3.3'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '3.3'
 - !ruby/object:Gem::Dependency
   name: rubyzip
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '1.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '1.0'
 - !ruby/object:Gem::Dependency
   name: rinku
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: 1.7.2
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: 1.7.2
 - !ruby/object:Gem::Dependency
   name: net-dns
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.7.1
+        version: '0.7'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.7.1
+        version: '0.7'
 - !ruby/object:Gem::Dependency
   name: acts_as_tree
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '1.1'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '1.1'
+- !ruby/object:Gem::Dependency
+  name: safe_yaml
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: sqlite3
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 description: See README for details.
@@ -156,9 +218,9 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- .gitignore
-- .ruby-gemset
-- .ruby-version
+- ".gitignore"
+- ".ruby-gemset"
+- ".ruby-version"
 - Gemfile
 - README.rdoc
 - Rakefile
@@ -416,6 +478,7 @@ files:
 - db/migrate/20121115083811_add_users_tables.rb
 - db/migrate/20121115084028_add_cms_tables.rb
 - db/migrate/20140423085357_add_redirect_fields_to_cms_pages.rb
+- db/migrate/20140423085358_add_redirect_fields_to_cms_page_versions.rb
 - imagine_cms.gemspec
 - lib/acts_as_versioned/.document
 - lib/acts_as_versioned/.gitignore
@@ -520,12 +583,12 @@ require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: 1.9.3
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: 1.8.11
 requirements: []