When setting up a rewritten base URL like /sites/ the generated menu should also make use of it instead of linking to /index.php/apps/cms_pico/pico/...

Hi,

I would like to create an FAQ with all the questions and when you click them, the answer in form of a text block will expand below this question. Before HTML5 this was usually achieved by Java script.

Now trying out Pico CMS I would like to go without any Java script and use only HTML5 instead.
The following works on a "normal" web page:

<details>
<summary>Short text</summary>
<p>Long, hidden text, that unfolds if visitor clicks on the summary text</p>
</details>

But using this in cms_pico these tags (details and summary) are removed on the web site and consequently there is no hidden text that unfolds/ expands.

Could these tags please be kept and not filtered out?

Thanks a lot.

Serverinfo:
Nextcloud 12.3
cms_pico 0.9.6
nginx 1.12
PHP 7.1

The title is self-explanatory. I had a custom theme in apps/cms_pico/Pico/themes (that I have backuped), then it disappeared when I used the web updater to upgrade cms_pico to 0.9.6.
I could restore it, but it is pretty annoying if I need to do it at every new update. Also, the other admin users of my nextcloud installation do not know how to restore a theme, and may update the app

Sorry i can't create a pull requests but if we could have an option so that only the administrator could create websites; not all the users

Thanks,

Just updated to version 0.95 and now the link in the personal settings page has an issue. I am using the mod rewrite.

When I click on the link to the newly created page "newsite" it redirects to:
...index.php/apps/cms_pico/pico/newsite/newsite
Instead of
...index.php/apps/cms_pico/pico/newsite/
or
...index.php/apps/cms_pico/pico/newsite/index
like it should

For that reason all elements get highlighted on hover (even the paragraphs).

cc @nextcloud/designers

I am not sure if this is a PicoCMS limitation or a cms_pico limitation but I would like to have links to markdown files directly. Right now to link to a page you need to do this: [some page](%base_url%?somepage) and what I would rather have is [some page](somepage.md) or even [some page](somepage)

hello to all

I'm having a difficulty to understand the configuration of apache to cms pico to work.

In https://github.com/nextcloud/cms_pico/wiki/Admin-Settings#customizing, it is indicated what should be copied to the configuration of Apache, but it does not say how to do it.

What is the config file in cause?
is /etc/apache2/apache2.config or something else.
I'm skeptical to touch in these files because it may damage may nextcloud instance

Hi, I have some problem to make a working rewrite rule for the caddy server. Has anyone a working rewrite rule for this HTTP-Server?

My problem is that, that the picoCMS url redirect to the nextcloud file app.
Here an example:
https://example.com/sites/thinktank => https://example.com/index.php/apps/files/

Here my current nextcloud CaddyFile

example {
  log syslog
  errors syslog

  gzip {
    level 6
  }

  header / Strict-Transport-Security "max-age=31536000;"

  root /var/www/example

# picoCMS
  rewrite /sites/ {
    to /index.php/apps/cms_pico/pico/{path}&{query}
  }

# normale commands
  rewrite {
    r ^/index.php/.*$
    to /index.php?{query}
  }

  # client support (e.g. os x calendar / contacts)
  redir /.well-known/carddav /remote.php/carddav 301
  redir /.well-known/caldav /remote.php/caldav 301

  # remove trailing / as it causes errors with php-fpm
  rewrite {
    r ^/remote.php/(webdav|caldav|carddav|dav)(\/?)$
    to /remote.php/{1}
  }

  # .htaccess / data / config / ... shouldn't be accessible from outside
  status 403 {
    /.htacces
    /data
    /config
    /db_structure
    /.xml
    /README
  }

#####################################################
# PHP
   fastcgi / 127.0.0.1:9000 php {
     env Path /bin
   }

}

Hi. The markdown specification says that a link destination should not contain spaces, but sometimes my .md files do contain spaces.

It would be great if underscores in a link target could match a space in a markdown file name. For instance if I have a link [some text](hello_world), it would match hello_world.md if it exists (exact match first), then hello world.md if it exists (underscore space matching).

What do you think?

As a nextcloud beginner I'm not sure if this is my own handling error...
Some markups are correctly displayed in markdown preview, but not in browser's window and vice versa. I've marked two distinctive examples in the screenshots: a picture from /assets folder (red) and a prezi video-link (yellow).

I installed the Dimension theme featured on the Pico CMS website into apps/cms_pico/Pico/themes, I enabled the theme and set the demo website found in the Dimension github repository as my website content.

When going to the index at https://<mydomain>/index.php/apps/cms_pico/pico/<sitename>/index, the site is quite broken because it can't load jQuery. I can see the following message in the console.

Refused to load the script 'https://<mydomain>/apps/cms_pico/Pico/themes/dimension/assets/js/jquery.min.js' because it violates the following Content Security Policy directive: "script-src 'nonce-<big-ass string>' 'unsafe-eval'".

How should I go about fixing this?

Hello,
You present the configuration for apache. But what should we do for nginx?
Thank you

While the body is now properly sanitized using HtmlPurifier, the default theme is still vulnerable to XSS for example in the title as shown in below PoC.

Probably we need to adjust https://github.com/nextcloud/cms_pico/blob/ecb34dbf7368d01480abd193cdd3766c9ae801d3/Pico/themes/default/index.twig to use https://twig.symfony.com/doc/2.x/filters/escape.html on all values except {{ content }} (which is sanitized by HtmlPurifier)

---
Title: Welcome"><h1>a<script>alert(1)</script>
---

## Welcome to Pico

Content is properly sanitized as [we see](javascript:alert(1)). <script>alert(1);</script><h1>TEst</h1>

<!DOCTYPE html>
<html lang="en" class="no-js">
<head>
    <meta charset="utf-8" />

    <title>Welcome"><h1>a<script>alert(1)</script> | mytest1</title>
    
    <link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Open+Sans:400,700" type="text/css" />
    <link rel="stylesheet" href="/apps/cms_pico/Pico/themes/default/style.css" type="text/css" />
    <link rel="stylesheet" href="/apps/cms_pico/Pico/themes/default/fontello.css" type="text/css" />

    <script src="/apps/cms_pico/Pico/themes/default/scripts/modernizr-2.6.1.min.js"></script>
</head>
<body>

    <header id="header">
        <div class="inner clearfix">
            <h1><a href="/stable9mytest1/?index" id="logo">mytest1</a></h1>
            <nav>
                <ul>
                                            <li class="active">
                            <a href="/stable9mytest1/?index">Welcome"><h1>a<script>alert(1)</script></a>
                        </li>
                                            <li>
                            <a href="/stable9mytest1/?sub%2Findex">Sub Page Index</a>
                        </li>
                                            <li>
                            <a href="/stable9mytest1/?sub%2Fpage">Sub Page</a>
                        </li>
                                    </ul>
            </nav>
        </div>
    </header>

    <section id="content">
        <div class="inner">
            <h2>Welcome to Pico</h2>
<p>COntent is properly sanitized as <a>we see</a>. </p><h1>TEst</h1>
        </div>
    </section>

    <footer id="footer">
        <div class="inner">
            <div class="social">
                            </div>
            <a href="http://picocms.org/">Pico</a> was made by <a href="http://gilbert.pellegrom.me">Gilbert Pellegrom</a>
            and is maintained by <a href="https://github.com/picocms/Pico/graphs/contributors">The Pico Community</a>.
            Released under the <a href="https://github.com/picocms/Pico/blob/master/LICENSE.md">MIT license</a>.
        </div>
    </footer>

</body>
</html>

Before rendering the Pico page, verify that the plugin is available.

Seems like there is some issue loading the theme files when nextcloud is not in the web-root.

My nextcloud setup is like the following:
www.mysite.com/nextcloud/ (www.mysite.com runs another web-site)

This plugin with mod_rewrite (on a share host, only .htaccess and thus no mod_proxy I think) shows pico user websites under
www.mysite.com/sites/picouserwebsite
(as explained in the docs, at first I was a bit confused that it isn't www.mysite.com/nextcloud/sites/picouserwebsite but now I actually like it that way)

However it just renders the plain html as converted from the markdown files (including pictures from the assets folder).

When I check the web-console it tells me that it fails to load:
modernizr-2.6.1.min.js, style.css & fontello.css
as it looks for them under:
www.mysite.com/apps/cms_pico/Pico/themes/default/
www.mysite.com/apps/cms_pico/Pico/themes/default/scripts/

and not
www.mysite.com/nextcloud/apps/cms_pico/Pico/themes/default/
like it should.

Oo????

Hi !

How can I can include audio files (and the associated audio player) to a pico page using the markdown syntax ?

Now, I generate a public link with my files and use it in my markdown page but the user is obliged to access the download page with this link, download the file and read it with a local player. It could be far more simpler to read an audio file directly with the brower's player but I don't find how to do it (markdown syntax or/and nextcloud access).

Thanks!

Hi,

I was trying to use Cms Pico App with nextcloud 12. Since i have encryption enabled i had added an un-encrypyed external mount point for local storage. I can edit the .md file on the external storage and can see it is not encrpted.

Problem I found:

1. An error is displayed that encryption is enabled which is not true for the external local storage location. The check for encrption need to be specific to the mount point if possible. I guess it is very common to have encryption for user files activated.
2. I commented out the encryption check but then get another error on the page "Webpage cannot be rendered"

I wouldlike to debug/trace but dont know a good way to output the content of the exception that is thrown in the code

Commit 2a6113b7 updated templates/settings.admin.php, displaying the actual directory where the user should place new themes, rather than just saying 'apps/cms_pico/Pico/themes/'. Displaying the directory where themes should be placed is done with $_['pathToThemes'].

This is a good change and potentially very helpful to the user. However, in my case $_['pathToThemes'] displays as /var/ncdata/appdata_ocmnpoor4wsx/cms_pico/themes/, i.e. the APPDATA directory, not the INSTALL directory. Themes in the $APPDATA/cms_pico/themes directory are indeed detected by the admin panel JS, but, at least to me, they don't work when "installed" through the admin panel. I need them to be in the install directory, which in my case is /var/www/nextcloud/apps/cms_pico/Pico/themes/, before the themes work. Otherwise the various css and js files aren't found.

I assume one of the following is the issue:

1. There is something wrong with my nextcloud/pico setup, or
2. The wrong directory is displayed with $_['pathToThemes'] (i.e. it should show the install directory, not the appdata directory), or
3. The installation of the themes in APPDATA goes wrong and the themes are not properly installed.
4. There is a bug somewhere which means that themes in $APPDATA/cms_pico/themes aren't found, only the files in $INSTALL/apps/cms_pico/Pico/themes.

I have manually resolved my issue by making symlinks in /var/www/nextcloud/apps/cms_pico/Pico/themes/ (the INSTALL directory) which points to the themes in /var/ncdata/appdata_ocmnpoor4wsx/cms_pico/themes/ (the APPDATA directory).

/apps/cms_pico/vendor/picocms/pico/index.php:

When adding {% include '/etc/passwd' %} to a Twig template the following error message is displayed to the user:

"Unable to find template "/etc/passwd" (looked into: /tmp/asdsadsads/admin/files/my_site1/themes/default) in "index.twig" at line 5."

I'm struggling to get this awesome looking app to work (Nextcloud 13, Ubuntu 16.04). I've installed as per instructions (as far as I can understand them - the apache stuff is a bit light), and set up a demo page called welcome. Calling https://mycloud/sites/welcome/?sub/welcome and https://mycloud/sites/welcome both return Internal Server Error. The error log reports:

{
  "reqId": "9HBvrcZtg5BmSKzXyovD",
  "level": 3,
  "time": "2018-04-19T17:03:58+01:00",
  "remoteAddr": "x.x.x.x",
  "user": "myuser",
  "app": "index",
  "method": "GET",
  "url": "\/index.php\/apps\/cms_pico\/pico\/welcome",
  "message": "Exception: {\"Exception\":\"ParseError\",\"Message\":\"syntax error, unexpected '?'\",\"Code\":0,\"Trace\":\"#0 \\\/var\\\/www\\\/nextcloud\\\/lib\\\/composer\\\/composer\\\/ClassLoader.php(321): Composer\\\\Autoload\\\\includeFile('\\\/var\\\/www\\\/nextcl...')\\n#1 [internal function]: Composer\\\\Autoload\\\\ClassLoader->loadClass('Symfony\\\\\\\\Compone...')\\n#2 \\\/var\\\/www\\\/nextcloud\\\/apps\\\/cms_pico\\\/vendor\\\/picocms\\\/pico\\\/lib\\\/Pico.php(785): spl_autoload_call('Symfony\\\\\\\\Compone...')\\n#3 \\\/var\\\/www\\\/nextcloud\\\/apps\\\/cms_pico\\\/lib\\\/Pico.php(81): Pico->parseFileMeta('---\\\\nTitle: Welc...', Array)\\n#4 \\\/var\\\/www\\\/nextcloud\\\/apps\\\/cms_pico\\\/vendor\\\/picocms\\\/pico\\\/lib\\\/Pico.php(321): OCA\\\\CMSPico\\\\Pico->parseFileMeta('---\\\\nTitle: Welc...', Array)\\n#5 \\\/var\\\/www\\\/nextcloud\\\/apps\\\/cms_pico\\\/lib\\\/Service\\\/PicoService.php(166): Pico->run()\\n#6 \\\/var\\\/www\\\/nextcloud\\\/apps\\\/cms_pico\\\/lib\\\/Service\\\/PicoService.php(109): OCA\\\\CMSPico\\\\Service\\\\PicoService->getContentFromPico(Object(OCA\\\\CMSPico\\\\Model\\\\Website))\\n#7 \\\/var\\\/www\\\/nextcloud\\\/apps\\\/cms_pico\\\/lib\\\/Service\\\/WebsitesService.php(249): OCA\\\\CMSPico\\\\Service\\\\PicoService->getContent(Object(OCA\\\\CMSPico\\\\Model\\\\Website))\\n#8 \\\/var\\\/www\\\/nextcloud\\\/apps\\\/cms_pico\\\/lib\\\/Controller\\\/PicoController.php(103): OCA\\\\CMSPico\\\\Service\\\\WebsitesService->getWebpageFromSite('welcome', 'myuser', '')\\n#9 \\\/var\\\/www\\\/nextcloud\\\/apps\\\/cms_pico\\\/lib\\\/Controller\\\/PicoController.php(88): OCA\\\\CMSPico\\\\Controller\\\\PicoController->getPage('welcome', '')\\n#10 [internal function]: OCA\\\\CMSPico\\\\Controller\\\\PicoController->getRoot('welcome')\\n#11 \\\/var\\\/www\\\/nextcloud\\\/lib\\\/private\\\/AppFramework\\\/Http\\\/Dispatcher.php(161): call_user_func_array(Array, Array)\\n#12 \\\/var\\\/www\\\/nextcloud\\\/lib\\\/private\\\/AppFramework\\\/Http\\\/Dispatcher.php(91): OC\\\\AppFramework\\\\Http\\\\Dispatcher->executeController(Object(OCA\\\\CMSPico\\\\Controller\\\\PicoController), 'getRoot')\\n#13 \\\/var\\\/www\\\/nextcloud\\\/lib\\\/private\\\/AppFramework\\\/App.php(115): OC\\\\AppFramework\\\\Http\\\\Dispatcher->dispatch(Object(OCA\\\\CMSPico\\\\Controller\\\\PicoController), 'getRoot')\\n#14 \\\/var\\\/www\\\/nextcloud\\\/lib\\\/private\\\/AppFramework\\\/Routing\\\/RouteActionHandler.php(47): OC\\\\AppFramework\\\\App::main('OCA\\\\\\\\CMSPico\\\\\\\\Con...', 'getRoot', Object(OC\\\\AppFramework\\\\DependencyInjection\\\\DIContainer), Array)\\n#15 [internal function]: OC\\\\AppFramework\\\\Routing\\\\RouteActionHandler->__invoke(Array)\\n#16 \\\/var\\\/www\\\/nextcloud\\\/lib\\\/private\\\/Route\\\/Router.php(297): call_user_func(Object(OC\\\\AppFramework\\\\Routing\\\\RouteActionHandler), Array)\\n#17 \\\/var\\\/www\\\/nextcloud\\\/lib\\\/base.php(998): OC\\\\Route\\\\Router->match('\\\/apps\\\/cms_pico\\\/...')\\n#18 \\\/var\\\/www\\\/nextcloud\\\/index.php(37): OC::handleRequest()\\n#19 {main}\",\"File\":\"\\\/var\\\/www\\\/nextcloud\\\/apps\\\/news\\\/vendor\\\/symfony\\\/yaml\\\/Parser.php\",\"Line\":510}",
  "userAgent": "Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_13_4) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/65.0.3325.181 Safari\/537.36",
  "version": "13.0.1.1"
}

From what I can tell the critical bit is ParseError Message: syntax error, unexpected '?', and this relates to line 510 of /var/www/nextcloud/apps/news/vendor/symfony/yaml/Parser.php. That line is:

    510     private function getNextEmbedBlock(int $indentation = null, bool $inSequence = false): ?string
    511     {
    512         $oldLineIndentation = $this->getCurrentLineIndentation();
    ...

Possibly the issue related to the ?string at the end of that line?

I've been wondering if this is related to the version of PHP we're running. I've been trying to upgrade to 7.2, so my /var/apache2/ contains:

lrwxrwxrwx 1 root root   29 Apr  6 08:03 php7.0.conf -> ../mods-available/php7.0.conf
lrwxrwxrwx 1 root root   29 Apr  6 08:03 php7.0.load -> ../mods-available/php7.0.load
lrwxrwxrwx 1 root root   29 Apr 19 14:56 php7.2.conf -> ../mods-available/php7.2.conf
lrwxrwxrwx 1 root root   29 Apr 19 14:56 php7.2.load -> ../mods-available/php7.2.load

However, when I run a2dismod php7.0 and a2enmod php7.2 Nextcloud completely breaks with HTTP ERROR 500.

Very grateful for assistance.

should be replaced with an approach such as

https://github.com/nextcloud/user_saml/blob/610efe21451dad8b6dbe0f39e78132140dad463c/appinfo/info.xml#L38-L41

Hello,

I am on nextcloud 11.0.5.1, if i change in appinfo the file info.xml the section:
dependencies
nextcloud min-version="11" max-version="13"
dependencies
I have a error when i try to activate this application:
Erreur lors de l'activation de l'application - error application activation

How can i resolv this error, please ?

In my nextcloud log i see this error line:
"PHP","message":"Interface 'OCP\Settings\IIconSection' not found at /var/www/nextcloud/apps/cms_pico/lib/Settings/AdminSection.php#34"

I have found this:
https://fossies.org/diffs/nextcloud/11.0.3_vs_12.0.0/settings/Controller/AdminSettingsController.php-diff.html

iiconSection not exist in 11.0.5.1...

I've been creating my notes in .md files, and I want them to be accessible from the outside world.
I've been using MDwiki, and it works perfectly, but I'd like to give CMS pico a try, because my home server might not be accessible form the outside on port 80 anymore.

Nevertheless, I run into an issue when using local links from the index.md to another files. If I use [detailed page](detailed_page) construction (which should work fine, because the file is in the same directory), the link fails, because it is trying to open ../sites/detailed_page, which obviously doesn't exist. I have to update the links to [detailed page](notes/detailed_page), which is very inconsistent.

Why is that? Is there a way to fix it?

P.S.
I also think that the correct construction should be [detailed page](detailed_page.md), so that it corresponds with the actual filename (as it should).

Could this be fixed?
.

I've been trying to use the content filter that is registered as a simple twig extension in pico with no luck. Trying to include content from other pages (e.g. below) in a template produces nothing.

{% for page in pages %}
	{{ page.id|content }}<br/><br/>
{% endfor %}

I haven't tried it with a standalone instance of pico, but it appears to be a working filter according to other posts (picocms/Pico#403) on the picocms github repo.

{"name":"myCloud","error":"Die Adresse der Website darf nur alphanumerische Zeichen enthalten"}

I've got an alphnumberic Letter in my Nextcloud Web-Address ..so this message means,that PICO is not able to create the Web-Site because of that.

Can this be corrected, because i think .. it's common used, that WEB-Sites does contain alpha-numeric letters.

Thx a lot
Mike

Would be cool if there was a more wiki like template that makes it easy for users to quickly make a wiki.
At best if this plugin was also included:
https://github.com/arckauss/Pico-Categorized-Pages

And maybe:
https://github.com/mwgg/Pico-Search

I couldn't get Picocms plugin running on my site, so I started to investigate a bit, and found out that the "occ"-command does not think this app is compliant.

Is this a bug, or is it a user error when enabling the app?

Nextcloud info / cms_pico:

PHP 7.0.10 (cli) (built: Nov  3 2016 08:06:03) ( NTS )```
```# sudo -u apache /opt/rh/rh-php70/root/bin/php /var/www/html/nextcloud/occ status
  - installed: true
  - version: 12.0.3.3
  - versionstring: 12.0.3

- cms_pico: 0.9.6

Analysing /var/www/html/nextcloud/apps/cms_pico/lib/Pico.php
 1 errors
    line  134: OC_App - Static method of private class must not be called
App is not compliant

This could be done in Apache config, I guess, but anyway ...

Some sites I have only make sense on the same network as the Nextcloud server (eg an internal wiki). I don't need it to be "private" (that is, anyone should be able to look a it), but only from, say, 192.168.1.0/24.

When creating a page on master of the app and Nextcloud and then accessing it at https://10.211.55.7/stable9/index.php/apps/cms_pico/pico/my_site all I get is:

"Invalid content directory "/tmp/oc_tmp_xOamFW/content-sample/""

Markdown:

Congratulations, you have successfully installed [Pico](javascript:alert(1)).

Rendered HTML:

<p>Congratulations, you have successfully installed <a href="javascript:alert(1)">Pico</a>.

Steps to reproduce

1. Install nextcloud 13 and pico_cms app.
2. Turn on mod_rewrite in nextcloud server configuration

RewriteEngine On
RewriteRule /sites/(.*) https://server/nextcloud/index.php/apps/cms_pico/pico/$1 [QSA,L]

3. Create a website in pico and try to access it.

Expected behaviour

Site should open without any error.

Actual behaviour

Internal server error while accessing a site.

Server configuration detail

Operating system: Linux 4.9.59-v7+ #1047 SMP Sun Oct 29 12:19:23 GMT 2017 armv7l

Webserver: Apache/2.4.25 (Raspbian) (apache2handler)

Database: mysql 10.1.23

PHP version: 7.0.27-0+deb9u1
Modules loaded: Core, date, libxml, openssl, pcre, zlib, filter, hash, Reflection, SPL, session, standard, apache2handler, mysqlnd, PDO, xml, apcu, apc, calendar, ctype, curl, dom, mbstring, fileinfo, ftp, gd, gettext, iconv, imagick, intl, json, exif, mcrypt, mysqli, pdo_mysql, Phar, posix, readline, shmop, SimpleXML, sockets, sysvmsg, sysvsem, sysvshm, tokenizer, wddx, xmlreader, xmlwriter, xsl, zip, Zend OPcache

Nextcloud version: 13.0.0 - 13.0.0.14

Updated from an older Nextcloud/ownCloud or fresh install: fresh install

Where did you install Nextcloud from: using tar file from nextcloud.com

Enabled:
 - activity: 2.6.1
 - admin_notifications: 1.0.1
 - apporder: 0.4.1
 - bookmarks: 0.10.1
 - bruteforcesettings: 1.0.3
 - calendar: 1.6.0
 - checksum: 0.3.5
 - cms_pico: 0.9.7
 - comments: 1.3.0
 - contacts: 2.0.1
 - dashboard: 4.0.5
 - dav: 1.4.6
 - deck: 0.3.0
 - federatedfilesharing: 1.3.1
 - federation: 1.3.0
 - files: 1.8.0
 - files_accesscontrol: 1.3.0
 - files_automatedtagging: 1.3.0
 - files_downloadactivity: 1.2.0
 - files_markdown: 2.0.1
 - files_pdfviewer: 1.2.0
 - files_sharing: 1.5.0
 - files_texteditor: 2.5.1
 - files_trashbin: 1.3.0
 - files_versions: 1.6.0
 - files_videoplayer: 1.2.0
 - firstrunwizard: 2.2.1
 - gallery: 18.0.0
 - issuetemplate: 0.3.0
 - limit_login_to_ip: 1.0.2
 - logreader: 2.0.0
 - lookup_server_connector: 1.1.0
 - mail: 0.7.9
 - metadata: 0.6.0
 - news: 12.0.1
 - nextcloud_announcements: 1.2.0
 - notes: 2.3.2
 - notifications: 2.1.2
 - oauth2: 1.1.0
 - orcid: 0.9.1
 - password_policy: 1.3.0
 - provisioning_api: 1.3.0
 - ransomware_protection: 1.1.0
 - serverinfo: 1.3.0
 - sharebymail: 1.3.0
 - survey_client: 1.1.0
 - systemtags: 1.3.0
 - tasks: 0.9.6
 - theming: 1.4.1
 - twofactor_backupcodes: 1.2.3
 - unsplash: 1.0.5
 - updatenotification: 1.3.0
 - workflowengine: 1.3.0
Disabled:
 - admin_audit
 - encryption
 - files_external
 - user_external
 - user_ldap

{
    "instanceid": "***REMOVED SENSITIVE VALUE***",
    "passwordsalt": "***REMOVED SENSITIVE VALUE***",
    "secret": "***REMOVED SENSITIVE VALUE***",
    "trusted_domains": [
        "10.103.15.200",
        "server"
    ],
    "datadirectory": "***REMOVED SENSITIVE VALUE***",
    "overwrite.cli.url": "http:\/\/10.103.15.200\/nextcloud",
    "dbtype": "mysql",
    "version": "13.0.0.14",
    "dbname": "***REMOVED SENSITIVE VALUE***",
    "dbhost": "***REMOVED SENSITIVE VALUE***",
    "dbport": "",
    "dbtableprefix": "oc_",
    "mysql.utf8mb4": true,
    "dbuser": "***REMOVED SENSITIVE VALUE***",
    "dbpassword": "***REMOVED SENSITIVE VALUE***",
    "memcache.local": "\\OC\\Memcache\\APCu",
    "proxy": "http:\/\/172.16.2.30:8080",
    "installed": true,
    "loglevel": 0
}

Are you using external storage, if yes which one: local

Are you using encryption: no

Are you using an external user-backend, if yes which one: No

Client configuration

Browser: Mozilla/5.0 (X11; Linux x86_64; rv:58.0) Gecko/20100101 Firefox/58.0

Operating system: Debian Testing

Logs

{"reqId":"7QDKAPhcPsC18SQygqWI","level":3,"time":"2018-02-11T02:45:09+00:00","remoteAddr":"10.103.15.150","user":"user","app":"index","method":"GET","url":"\/nextcloud\/index.php\/apps\/cms_pico\/pico\/dddd","message":"Exception: {\"Exception\":\"ParseError\",\"Message\":\"syntax error, unexpected '?'\",\"Code\":0,\"Trace\":\"#0 \\\/data\\\/web_data\\\/nextcloud\\\/lib\\\/composer\\\/composer\\\/ClassLoader.php(321): Composer\\\\Autoload\\\\includeFile('\\\/data\\\/web_data\\\/...')\\n#1 [internal function]: Composer\\\\Autoload\\\\ClassLoader->loadClass('Symfony\\\\\\\\Compone...')\\n#2 \\\/data\\\/web_data\\\/nextcloud\\\/apps\\\/cms_pico\\\/vendor\\\/picocms\\\/pico\\\/lib\\\/Pico.php(785): spl_autoload_call('Symfony\\\\\\\\Compone...')\\n#3 \\\/data\\\/web_data\\\/nextcloud\\\/apps\\\/cms_pico\\\/lib\\\/Pico.php(81): Pico->parseFileMeta('---\\\\nTitle: Sub ...', Array)\\n#4 \\\/data\\\/web_data\\\/nextcloud\\\/apps\\\/cms_pico\\\/vendor\\\/picocms\\\/pico\\\/lib\\\/Pico.php(994): OCA\\\\CMSPico\\\\Pico->parseFileMeta('---\\\\nTitle: Sub ...', Array)\\n#5 \\\/data\\\/web_data\\\/nextcloud\\\/apps\\\/cms_pico\\\/vendor\\\/picocms\\\/pico\\\/lib\\\/Pico.php(340): Pico->readPages()\\n#6 \\\/data\\\/web_data\\\/nextcloud\\\/apps\\\/cms_pico\\\/lib\\\/Service\\\/PicoService.php(166): Pico->run()\\n#7 \\\/data\\\/web_data\\\/nextcloud\\\/apps\\\/cms_pico\\\/lib\\\/Service\\\/PicoService.php(109): OCA\\\\CMSPico\\\\Service\\\\PicoService->getContentFromPico(Object(OCA\\\\CMSPico\\\\Model\\\\Website))\\n#8 \\\/data\\\/web_data\\\/nextcloud\\\/apps\\\/cms_pico\\\/lib\\\/Service\\\/WebsitesService.php(249): OCA\\\\CMSPico\\\\Service\\\\PicoService->getContent(Object(OCA\\\\CMSPico\\\\Model\\\\Website))\\n#9 \\\/data\\\/web_data\\\/nextcloud\\\/apps\\\/cms_pico\\\/lib\\\/Controller\\\/PicoController.php(103): OCA\\\\CMSPico\\\\Service\\\\WebsitesService->getWebpageFromSite('dddd', 'user', '')\\n#10 \\\/data\\\/web_data\\\/nextcloud\\\/apps\\\/cms_pico\\\/lib\\\/Controller\\\/PicoController.php(88): OCA\\\\CMSPico\\\\Controller\\\\PicoController->getPage('dddd', '')\\n#11 [internal function]: OCA\\\\CMSPico\\\\Controller\\\\PicoController->getRoot('dddd')\\n#12 \\\/data\\\/web_data\\\/nextcloud\\\/lib\\\/private\\\/AppFramework\\\/Http\\\/Dispatcher.php(161): call_user_func_array(Array, Array)\\n#13 \\\/data\\\/web_data\\\/nextcloud\\\/lib\\\/private\\\/AppFramework\\\/Http\\\/Dispatcher.php(91): OC\\\\AppFramework\\\\Http\\\\Dispatcher->executeController(Object(OCA\\\\CMSPico\\\\Controller\\\\PicoController), 'getRoot')\\n#14 \\\/data\\\/web_data\\\/nextcloud\\\/lib\\\/private\\\/AppFramework\\\/App.php(115): OC\\\\AppFramework\\\\Http\\\\Dispatcher->dispatch(Object(OCA\\\\CMSPico\\\\Controller\\\\PicoController), 'getRoot')\\n#15 \\\/data\\\/web_data\\\/nextcloud\\\/lib\\\/private\\\/AppFramework\\\/Routing\\\/RouteActionHandler.php(47): OC\\\\AppFramework\\\\App::main('OCA\\\\\\\\CMSPico\\\\\\\\Con...', 'getRoot', Object(OC\\\\AppFramework\\\\DependencyInjection\\\\DIContainer), Array)\\n#16 [internal function]: OC\\\\AppFramework\\\\Routing\\\\RouteActionHandler->__invoke(Array)\\n#17 \\\/data\\\/web_data\\\/nextcloud\\\/lib\\\/private\\\/Route\\\/Router.php(297): call_user_func(Object(OC\\\\AppFramework\\\\Routing\\\\RouteActionHandler), Array)\\n#18 \\\/data\\\/web_data\\\/nextcloud\\\/lib\\\/base.php(998): OC\\\\Route\\\\Router->match('\\\/apps\\\/cms_pico\\\/...')\\n#19 \\\/data\\\/web_data\\\/nextcloud\\\/index.php(37): OC::handleRequest()\\n#20 {main}\",\"File\":\"\\\/data\\\/web_data\\\/nextcloud\\\/apps\\\/news\\\/vendor\\\/symfony\\\/yaml\\\/Parser.php\",\"Line\":510}","userAgent":"Mozilla\/5.0 (X11; Linux x86_64; rv:58.0) Gecko\/20100101 Firefox\/58.0","version":"13.0.0.14"}

there are currently no plans to add filesystem abstraction to Pico, as it kinda objects the "stupidly simple" approach regarding Pico's own code. Thus it's unlikely that this will be implemented on Pico's side. However, another solution is to let Nextcloud cache external storages locally, allowing Pico to access the files locally. That's what persistent federated data basically is about. Thus it's tracked in this issue. However, this is nothing we can carry out ourselves.

See server issue #8459 on allowing federated data to be optionally stored across multiple Nextcloud instances in order to avoid a single point of failure! This would benefit apps such as PicoCMS hosting live websites and files to the public.

If someone uploads a malicious config/config.php it is executed as the web server user. For example the following content:

<?php
echo("Hacked");
exit();

I tried to use iFrames an failed.
First I got error massages on my webbrowser Console regarding CSP.
To fix it I ajusted my CSP, until no errors were shown in the Browser Console.
I tried very simple Sites in my iFrame e.g. GoogleMaps.

What am I doing wrong or is it disabled/impossible ?

Just updated to version 0.95 and now there is an issue with the redirection. I am using the mod rewrite.

When I go to
https://myurl.com/sites/newsite/
it gives me the pico cms 404 page because it redirects to:
...index.php/apps/cms_pico/pico/newsite/newsite

Probably the same cause as this:
#22

After app installation, composer install and extending the apache configuration, Pico sites only display a blank, white page.

The apache error log mentions this single line:
PHP Fatal error: Class 'Pico' not found in /var/www/nextcloud/apps/cms_pico/lib/Pico.php on line 32

Many of the custom themes available for Pico require you to add things to config.php for them to display properly. It's be great to be able to put a custom config.php in the Nextcloud directory to enable using such themes.

Example: https://github.com/xupefei/Travelify#installation

"Copy one of the example below and paste the line in your Apache configuration " is the line in the Pico CMS settings area, but it does not specify where to paste this line. When I attempted to do so Apache would not start any longer and I had to revert the change.

A clearer example should be given.

in the personal menu if I leave untouched private in my current websites, the site is not accessible publicly only after authentication with my server nextcloud.

Dear all,

I want to make my own template copied from the default template.
When i copy the 'default' template directory to my own version say 'MyOwn' i can select this new template in NextCloud. But when i assign it to a site all external files in the template will not be rendered.
No css files, no javascript files etc.
In the codeviewer of the webbrowser i can see the URL's to the files but when i access them i get the loginscreen of Nextcloud.

Why ??

I'm running nextcloud 13.

Thanks in advance,

Klaas Eenkhoorn.

There doesn't seem to be an option (nor documented manual config currently) that supports to make a cms_pico site in nextcloud available as the "root folder" of a domain.

Either

1. In the root of the main nextcloud domain (and the Nextcloud interface only being available in a subfolder, like for example /login ).
2. Under separate domains used to access specific cms_pico sites.

Until there is a configuration option, it would be good to document a manual solution at:
https://github.com/nextcloud/cms_pico/wiki/Admin-Settings#apache-configuration

the "WWW" in a circle logo shows up under the admin settings, but not under the personal settings side bar.

When you limit the app to groups than pages are not publicly accessible anymore unless you are logged into the nextcloud as a member of the group.

At my company, we use cms_pico as a wiki, thanks to the markdown editor plugin the pages are easy to edit, thanks to nextant we can search for content in our .md files, and thanks to nextcloud, files are versioned.

It would be perfect, but we are missing a feature: We would like to be able to search from the rendered website, instead of searching from the nextcloud interface. It would be great to have a search box in the rendered interface, that would return results from the website content (and only from the website content).

What do you think? Is it a planned feature? We may consider to develop it ourselves and propose a pull request or a plugin (but not in a near future). If so, do you have technical clues to give us?

Steps to reproduce:

1. Create a PicoCMS site in tab 1
2. Load PicoCMS site in tab 2
3. Make changes to the index.md frontpage in tab 1
4. Reload the site in tab 2 to show the changes

This will cause a CSRF failure in tab 1, forcing me to refresh the page before I can continue editing the site.

My NC installation doesn't use its own subdomain but resides in DOMAIN/cloud. Installing PicoCMS is fine but seems not to work correctly since adding a test site yields DOMAIN/sites/test whereas I'd expect it to go to DOMAIN/cloud/sites/test. Actually, DOMAIN/sites/test yields 404.