From 292932bb75b7639f48cc0ee2dd6aeaa9e6a0e99f Mon Sep 17 00:00:00 2001
From: texpert <branzeanu.aurel@gmail.com>
Date: Mon, 20 Jan 2025 00:53:34 +0200
Subject: [PATCH 01/10] Sanitize user fields and posts comments against XSS
 attacks

---
 app/models/camaleon_cms/post_comment.rb       | 18 ++++++++++++++
 app/models/camaleon_cms/term_taxonomy.rb      |  6 -----
 app/models/camaleon_record.rb                 |  6 +++++
 .../concerns/camaleon_cms/user_methods.rb     | 24 +++++++++++++++++--
 spec/models/post_comment_spec.rb              |  7 ++++++
 spec/models/term_taxonomy_spec.rb             |  1 -
 spec/models/user_spec.rb                      |  4 +++-
 7 files changed, 56 insertions(+), 10 deletions(-)
 create mode 100644 spec/models/post_comment_spec.rb

diff --git a/app/models/camaleon_cms/post_comment.rb b/app/models/camaleon_cms/post_comment.rb
index 079bfb35..06df778c 100644
--- a/app/models/camaleon_cms/post_comment.rb
+++ b/app/models/camaleon_cms/post_comment.rb
@@ -21,6 +21,24 @@ class PostComment < CamaleonRecord
     scope :comment_parent, -> { where(comment_parent: 'is not null') }
     scope :approveds, -> { where(approved: 'approved') }
 
+    # TODO: Remove the 1st branch when support will be dropped of Rails < 7.1
+    if ::Rails::VERSION::STRING < '7.1.0'
+      before_validation(on: %i[create update]) do
+        %i[content].each do |attr|
+          next unless new_record? || attribute_changed?(attr)
+
+          self[attr] = ActionController::Base.helpers.sanitize(
+            __send__(attr)&.gsub(TRANSLATION_TAG_HIDE_REGEX, TRANSLATION_TAG_HIDE_MAP)
+          )&.gsub(TRANSLATION_TAG_RESTORE_REGEX, TRANSLATION_TAG_RESTORE_MAP)
+        end
+      end
+    else
+      normalizes :content, with: lambda { |field|
+        ActionController::Base.helpers.sanitize(field.gsub(TRANSLATION_TAG_HIDE_REGEX, TRANSLATION_TAG_HIDE_MAP))
+                              .gsub(TRANSLATION_TAG_RESTORE_REGEX, TRANSLATION_TAG_RESTORE_MAP)
+      }
+    end
+
     validates :content, presence: true
     validates_presence_of :author, :author_email, if: proc { |c| c.is_anonymous.present? }
     after_create :update_counter
diff --git a/app/models/camaleon_cms/term_taxonomy.rb b/app/models/camaleon_cms/term_taxonomy.rb
index abe88f86..57a549f3 100644
--- a/app/models/camaleon_cms/term_taxonomy.rb
+++ b/app/models/camaleon_cms/term_taxonomy.rb
@@ -3,12 +3,6 @@ class TermTaxonomy < CamaleonRecord
     include CamaleonCms::Metas
     include CamaleonCms::CustomFieldsRead
 
-    TRANSLATION_TAG_HIDE_MAP = { '<!--' => '!--', '-->' => '--!' }.freeze
-    TRANSLATION_TAG_HIDE_REGEX = Regexp.new(TRANSLATION_TAG_HIDE_MAP.keys.map { |x| Regexp.escape(x) }.join('|')).freeze
-    TRANSLATION_TAG_RESTORE_MAP = { '--!' => '-->', '!--' => '<!--' }.freeze
-    TRANSLATION_TAG_RESTORE_REGEX =
-      Regexp.new(TRANSLATION_TAG_RESTORE_MAP.keys.map { |x| Regexp.escape(x) }.join('|')).freeze
-
     def self.inherited(subclass)
       super
 
diff --git a/app/models/camaleon_record.rb b/app/models/camaleon_record.rb
index 9ef50e33..15b1333d 100644
--- a/app/models/camaleon_record.rb
+++ b/app/models/camaleon_record.rb
@@ -1,6 +1,12 @@
 # frozen_string_literal: true
 
 class CamaleonRecord < ActiveRecord::Base
+  TRANSLATION_TAG_HIDE_MAP = { '<!--' => '!--', '-->' => '--!' }.freeze
+  TRANSLATION_TAG_HIDE_REGEX = Regexp.new(TRANSLATION_TAG_HIDE_MAP.keys.map { |x| Regexp.escape(x) }.join('|')).freeze
+  TRANSLATION_TAG_RESTORE_MAP = { '--!' => '-->', '!--' => '<!--' }.freeze
+  TRANSLATION_TAG_RESTORE_REGEX =
+    Regexp.new(TRANSLATION_TAG_RESTORE_MAP.keys.map { |x| Regexp.escape(x) }.join('|')).freeze
+
   include ActiveRecordExtras::Relation
 
   self.abstract_class = true
diff --git a/app/models/concerns/camaleon_cms/user_methods.rb b/app/models/concerns/camaleon_cms/user_methods.rb
index f6a22808..b42e92e5 100644
--- a/app/models/concerns/camaleon_cms/user_methods.rb
+++ b/app/models/concerns/camaleon_cms/user_methods.rb
@@ -12,11 +12,31 @@ module UserMethods
                                       message: I18n.t('camaleon_cms.admin.users.message.requires_different_email', default: 'Requires different email')
 
       # callbacks
+      #
+      # TODO: Remove the 1st branch when support will be dropped of Rails < 7.1
+      if ::Rails::VERSION::STRING < '7.1.0'
+        before_validation(on: %i[create update]) do
+          %i[first_name last_name slogan username].each do |attr|
+            next unless new_record? || attribute_changed?(attr)
+
+            self[attr] = ActionController::Base.helpers.sanitize(
+              __send__(attr)&.gsub(CamaleonRecord::TRANSLATION_TAG_HIDE_REGEX, CamaleonRecord::TRANSLATION_TAG_HIDE_MAP)
+            )&.gsub(CamaleonRecord::TRANSLATION_TAG_RESTORE_REGEX, CamaleonRecord::TRANSLATION_TAG_RESTORE_MAP)
+          end
+        end
+      else
+        normalizes(*%i[first_name last_name slogan username], with: lambda { |field|
+          ActionController::Base.helpers.sanitize(
+            field.gsub(CamaleonRecord::TRANSLATION_TAG_HIDE_REGEX, CamaleonRecord::TRANSLATION_TAG_HIDE_MAP)
+          ).gsub(CamaleonRecord::TRANSLATION_TAG_RESTORE_REGEX, CamaleonRecord::TRANSLATION_TAG_RESTORE_MAP)
+        })
+      end
+
       before_validation :cama_before_validation
       before_destroy :reassign_posts
       after_destroy :reassign_comments
       before_create { generate_token(:auth_token) }
-      # invaliidate sessions when changing password
+      # invalidate sessions when changing password
       before_update { generate_token :auth_token if will_save_change_to_password_digest? }
 
       # relations
@@ -117,7 +137,7 @@ def set_all_sites
 
     # reassign all posts of this user to first admin
     # reassign all comments of this user to first admin
-    # if doesn't exist any other administrator, this will cancel the user destroy
+    # if it doesn't exist any other administrator, this will cancel the user destroy
     def reassign_posts
       all_posts.each do |p|
         s = p.post_type.site
diff --git a/spec/models/post_comment_spec.rb b/spec/models/post_comment_spec.rb
new file mode 100644
index 00000000..a81a6cf1
--- /dev/null
+++ b/spec/models/post_comment_spec.rb
@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+require 'shared_specs/sanitize_attrs'
+
+RSpec.describe CamaleonCms::PostComment, type: :model do
+  it_behaves_like 'sanitize attrs', model: described_class, attrs_to_sanitize: %i[content]
+end
diff --git a/spec/models/term_taxonomy_spec.rb b/spec/models/term_taxonomy_spec.rb
index 3c94596e..83cad674 100644
--- a/spec/models/term_taxonomy_spec.rb
+++ b/spec/models/term_taxonomy_spec.rb
@@ -1,6 +1,5 @@
 # frozen_string_literal: true
 
-require 'rails_helper'
 require 'shared_specs/sanitize_attrs'
 
 RSpec.describe CamaleonCms::TermTaxonomy, type: :model do
diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb
index c0f4140a..2b392476 100644
--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@@ -1,8 +1,10 @@
 # frozen_string_literal: true
 
-require 'rails_helper'
+require 'shared_specs/sanitize_attrs'
 
 RSpec.describe CamaleonCms::User, type: :model do
+  it_behaves_like 'sanitize attrs', model: described_class, attrs_to_sanitize: %i[first_name last_name slogan username]
+
   describe 'email' do
     it 'is lowercased' do
       user = described_class.create!(email: 'FOO@BAR.COM', username: 'test', password: 'test')

From df67c216e34af250aff5c04c2ff1253060b43c16 Mon Sep 17 00:00:00 2001
From: texpert <branzeanu.aurel@gmail.com>
Date: Mon, 20 Jan 2025 01:17:04 +0200
Subject: [PATCH 02/10] Slogan field is a meta, so don't sanitize it on user,
 but sanitize Meta's values

---
 app/models/camaleon_cms/meta.rb               | 19 +++++++++++++++++++
 .../concerns/camaleon_cms/user_methods.rb     |  4 ++--
 spec/models/meta_spec.rb                      |  7 +++++++
 spec/models/user_spec.rb                      |  2 +-
 4 files changed, 29 insertions(+), 3 deletions(-)
 create mode 100644 spec/models/meta_spec.rb

diff --git a/app/models/camaleon_cms/meta.rb b/app/models/camaleon_cms/meta.rb
index e2e01fbc..2bca8fc6 100644
--- a/app/models/camaleon_cms/meta.rb
+++ b/app/models/camaleon_cms/meta.rb
@@ -2,5 +2,24 @@ module CamaleonCms
   class Meta < CamaleonRecord
     self.table_name = "#{PluginRoutes.static_system_info['db_prefix']}metas"
     # attr_accessible :objectid, :key, :value, :object_class
+
+    # TODO: Remove the 1st branch when support will be dropped of Rails < 7.1
+    if ::Rails::VERSION::STRING < '7.1.0'
+      before_validation(on: %i[create update]) do
+        %i[value].each do |attr|
+          next unless new_record? || attribute_changed?(attr)
+
+          self[attr] = ActionController::Base.helpers.sanitize(
+            __send__(attr)&.gsub(CamaleonRecord::TRANSLATION_TAG_HIDE_REGEX, CamaleonRecord::TRANSLATION_TAG_HIDE_MAP)
+          )&.gsub(CamaleonRecord::TRANSLATION_TAG_RESTORE_REGEX, CamaleonRecord::TRANSLATION_TAG_RESTORE_MAP)
+        end
+      end
+    else
+      normalizes :value, with: lambda { |field|
+        ActionController::Base.helpers.sanitize(
+          field.gsub(CamaleonRecord::TRANSLATION_TAG_HIDE_REGEX, CamaleonRecord::TRANSLATION_TAG_HIDE_MAP)
+        ).gsub(CamaleonRecord::TRANSLATION_TAG_RESTORE_REGEX, CamaleonRecord::TRANSLATION_TAG_RESTORE_MAP)
+      }
+    end
   end
 end
diff --git a/app/models/concerns/camaleon_cms/user_methods.rb b/app/models/concerns/camaleon_cms/user_methods.rb
index b42e92e5..28be2b59 100644
--- a/app/models/concerns/camaleon_cms/user_methods.rb
+++ b/app/models/concerns/camaleon_cms/user_methods.rb
@@ -16,7 +16,7 @@ module UserMethods
       # TODO: Remove the 1st branch when support will be dropped of Rails < 7.1
       if ::Rails::VERSION::STRING < '7.1.0'
         before_validation(on: %i[create update]) do
-          %i[first_name last_name slogan username].each do |attr|
+          %i[first_name last_name username].each do |attr|
             next unless new_record? || attribute_changed?(attr)
 
             self[attr] = ActionController::Base.helpers.sanitize(
@@ -25,7 +25,7 @@ module UserMethods
           end
         end
       else
-        normalizes(*%i[first_name last_name slogan username], with: lambda { |field|
+        normalizes(*%i[first_name last_name username], with: lambda { |field|
           ActionController::Base.helpers.sanitize(
             field.gsub(CamaleonRecord::TRANSLATION_TAG_HIDE_REGEX, CamaleonRecord::TRANSLATION_TAG_HIDE_MAP)
           ).gsub(CamaleonRecord::TRANSLATION_TAG_RESTORE_REGEX, CamaleonRecord::TRANSLATION_TAG_RESTORE_MAP)
diff --git a/spec/models/meta_spec.rb b/spec/models/meta_spec.rb
new file mode 100644
index 00000000..669292ed
--- /dev/null
+++ b/spec/models/meta_spec.rb
@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+require 'shared_specs/sanitize_attrs'
+
+RSpec.describe CamaleonCms::Meta, type: :model do
+  it_behaves_like 'sanitize attrs', model: described_class, attrs_to_sanitize: %i[value]
+end
diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb
index 2b392476..8bc9702b 100644
--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@@ -3,7 +3,7 @@
 require 'shared_specs/sanitize_attrs'
 
 RSpec.describe CamaleonCms::User, type: :model do
-  it_behaves_like 'sanitize attrs', model: described_class, attrs_to_sanitize: %i[first_name last_name slogan username]
+  it_behaves_like 'sanitize attrs', model: described_class, attrs_to_sanitize: %i[first_name last_name username]
 
   describe 'email' do
     it 'is lowercased' do

From 777405f3932f48583f1b22208d42257ffc1aaef5 Mon Sep 17 00:00:00 2001
From: texpert <branzeanu.aurel@gmail.com>
Date: Mon, 20 Jan 2025 02:31:13 +0200
Subject: [PATCH 03/10] Don't escape JSON string in `fix_meta_value`, we're
 sanitizing it in the model, so use JSON.generate(value), which is not
 escaping, instead of value.to_json, which is using ActiveSupport's escaping
 method `to_json`

---
 app/models/concerns/camaleon_cms/custom_fields_read.rb | 2 +-
 app/models/concerns/camaleon_cms/metas.rb              | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/models/concerns/camaleon_cms/custom_fields_read.rb b/app/models/concerns/camaleon_cms/custom_fields_read.rb
index 3111eb14..5198386b 100644
--- a/app/models/concerns/camaleon_cms/custom_fields_read.rb
+++ b/app/models/concerns/camaleon_cms/custom_fields_read.rb
@@ -304,7 +304,7 @@ def set_field_value(key, value, args = {})
     private
 
     def fix_meta_value(value)
-      value = value.to_json if value.is_a?(Array) || value.is_a?(Hash) || value.is_a?(ActionController::Parameters)
+      value = JSON.generate(value) if value.is_a?(Array) || value.is_a?(Hash) || value.is_a?(ActionController::Parameters)
       value
     end
 
diff --git a/app/models/concerns/camaleon_cms/metas.rb b/app/models/concerns/camaleon_cms/metas.rb
index 3bf6b913..fb7cc06f 100644
--- a/app/models/concerns/camaleon_cms/metas.rb
+++ b/app/models/concerns/camaleon_cms/metas.rb
@@ -133,7 +133,7 @@ def save_metas_options
 
     # fix to parse value
     def fix_meta_value(value)
-      value = value.to_json if value.is_a?(Array) || value.is_a?(Hash) || value.is_a?(ActionController::Parameters)
+      value = JSON.generate(value) if value.is_a?(Array) || value.is_a?(Hash) || value.is_a?(ActionController::Parameters)
       fix_meta_var(value)
     end
 

From fd8e70ed1b0e9b04eb6e7216b368db385ea4bc36 Mon Sep 17 00:00:00 2001
From: texpert <branzeanu.aurel@gmail.com>
Date: Wed, 26 Feb 2025 18:36:44 +0200
Subject: [PATCH 04/10] Add capybara-lockstep gem to replace wait_for_ajax
 method

---
 Gemfile      | 1 +
 Gemfile.lock | 6 ++++++
 2 files changed, 7 insertions(+)

diff --git a/Gemfile b/Gemfile
index 841320a8..69476baf 100644
--- a/Gemfile
+++ b/Gemfile
@@ -7,6 +7,7 @@ gem 'rails', '~> 8.0.1'
 gem 'selenium-webdriver'
 gem 'sprockets-rails', '>= 3.5.2'
 
+gem 'capybara-lockstep'
 gem 'capybara-screenshot'
 
 gem 'rspec_junit_formatter'
diff --git a/Gemfile.lock b/Gemfile.lock
index a59944e4..73a3b90a 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -145,6 +145,11 @@ GEM
       rack-test (>= 0.6.3)
       regexp_parser (>= 1.5, < 3.0)
       xpath (~> 3.2)
+    capybara-lockstep (2.2.2)
+      activesupport (>= 4.2)
+      capybara (>= 3.0)
+      ruby2_keywords
+      selenium-webdriver (>= 4.0)
     capybara-screenshot (1.0.26)
       capybara (>= 1.0, < 4)
       launchy
@@ -414,6 +419,7 @@ DEPENDENCIES
   byebug
   camaleon_cms!
   capybara
+  capybara-lockstep
   capybara-screenshot
   factory_bot_rails
   faker

From 369891b387eb2d23c449b5cebd49b2f6d0e91bb4 Mon Sep 17 00:00:00 2001
From: texpert <branzeanu.aurel@gmail.com>
Date: Wed, 26 Feb 2025 18:37:56 +0200
Subject: [PATCH 05/10] Add capybara_lockstep to admin layout <head>

---
 app/views/layouts/camaleon_cms/admin.html.erb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/app/views/layouts/camaleon_cms/admin.html.erb b/app/views/layouts/camaleon_cms/admin.html.erb
index 05196c4d..4be85800 100644
--- a/app/views/layouts/camaleon_cms/admin.html.erb
+++ b/app/views/layouts/camaleon_cms/admin.html.erb
@@ -6,6 +6,7 @@
     <title><%= raw cama_admin_title_draw %></title>
     <meta http-equiv="X-UA-Compatible" content="IE=edge"/>
     <meta name="viewport" content="width=device-width, initial-scale=1"/>
+    <%= capybara_lockstep if defined?(Capybara::Lockstep) %>
     <%= stylesheet_link_tag "camaleon_cms/admin/admin-manifest", media: "all" %>
     <script>
         var root_url = '<%= cama_root_url(locale: nil) %>';

From 3da8e0c1806a1785a1ffd8b67783a84059af894c Mon Sep 17 00:00:00 2001
From: texpert <branzeanu.aurel@gmail.com>
Date: Wed, 26 Feb 2025 18:38:48 +0200
Subject: [PATCH 06/10] Add Capybara::Lockstep::Middleware to
 config/environments/test of the Dummy app

---
 spec/dummy/config/environments/test.rb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/spec/dummy/config/environments/test.rb b/spec/dummy/config/environments/test.rb
index bbb98a45..66ef33ba 100644
--- a/spec/dummy/config/environments/test.rb
+++ b/spec/dummy/config/environments/test.rb
@@ -49,4 +49,5 @@
   # config.action_view.raise_on_missing_translations = true
 
   config.middleware.use RackSessionAccess::Middleware
+  config.middleware.insert_before 0, Capybara::Lockstep::Middleware
 end

From 5fdae3024d7d2dfdef7eb6bf4b4093159c71d863 Mon Sep 17 00:00:00 2001
From: texpert <branzeanu.aurel@gmail.com>
Date: Wed, 26 Feb 2025 18:41:33 +0200
Subject: [PATCH 07/10] Add `:unhandled_prompt_behavior` option to Chrome
 drivers configurations to not automatically dismiss user prompts like alerts
 or modals. Also set increased `Capybara::Lockstep.timeout = 10` and
 `Capybara::Lockstep.timeout_with = :error`

---
 spec/spec_helper.rb | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)

diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb
index a81f54d7..f21a44c5 100644
--- a/spec/spec_helper.rb
+++ b/spec/spec_helper.rb
@@ -13,6 +13,34 @@
 require 'rack_session_access/capybara'
 require 'capybara-screenshot/rspec'
 
+Capybara.register_driver :selenium_chrome do |app|
+  version = Capybara::Selenium::Driver.load_selenium
+  options_key = Capybara::Selenium::Driver::CAPS_VERSION.satisfied_by?(version) ? :capabilities : :options
+  browser_options = Selenium::WebDriver::Chrome::Options.new.tap do |opts|
+    # Workaround https://bugs.chromium.org/p/chromedriver/issues/detail?id=2650&q=load&sort=-id&colspec=ID%20Status%20Pri%20Owner%20Summary
+    opts.add_argument('--disable-site-isolation-trials')
+  end
+
+  browser_options.add_option(:unhandled_prompt_behavior, 'ignore')
+
+  Capybara::Selenium::Driver.new(app, **{ browser: :chrome, options_key => browser_options })
+end
+
+Capybara.register_driver :selenium_chrome_headless do |app|
+  version = Capybara::Selenium::Driver.load_selenium
+  options_key = Capybara::Selenium::Driver::CAPS_VERSION.satisfied_by?(version) ? :capabilities : :options
+  browser_options = Selenium::WebDriver::Chrome::Options.new.tap do |opts|
+    opts.add_argument('--headless=new')
+    opts.add_argument('--disable-gpu') if Gem.win_platform?
+    # Workaround https://bugs.chromium.org/p/chromedriver/issues/detail?id=2650&q=load&sort=-id&colspec=ID%20Status%20Pri%20Owner%20Summary
+    opts.add_argument('--disable-site-isolation-trials')
+  end
+
+  browser_options.add_option(:unhandled_prompt_behavior, 'ignore')
+
+  Capybara::Selenium::Driver.new(app, **{ :browser => :chrome, options_key => browser_options })
+end
+
 # Next 2 are Chrome drivers
 # Capybara.javascript_driver = :selenium_chrome
 Capybara.javascript_driver = :selenium_chrome_headless
@@ -26,6 +54,9 @@
   "screenshot_#{example.description.gsub(' ', '-').gsub(%r{^.*/spec/}, '')}"
 end
 
+Capybara::Lockstep.timeout = 10 # seconds
+Capybara::Lockstep.timeout_with = :error
+
 RSpec.configure do |config|
   # rspec-expectations config goes here. You can use an alternate
   # assertion/expectation library such as wrong or the stdlib/minitest

From bc64da1c38e651133959af8f3114a0f4f92b6f97 Mon Sep 17 00:00:00 2001
From: texpert <branzeanu.aurel@gmail.com>
Date: Wed, 26 Feb 2025 18:44:22 +0200
Subject: [PATCH 08/10] Replace spec_helper with `rails_helper` in the `.rspec`
 file, and remove redundant `rails_helper` from all the specs. Also add
 `RSpec.` to specs' `describe` to avoid polluting the common object-space.

---
 .rspec                                        |  2 +-
 spec/decorators/application_decorator_spec.rb |  2 --
 spec/features/admin/categories_spec.rb        |  4 +--
 spec/features/admin/comments_spec.rb          | 31 ++++++++--------
 spec/features/admin/contact_form_spec.rb      | 26 +++++++-------
 spec/features/admin/content_groups_spec.rb    | 30 ++++++++--------
 spec/features/admin/custom_fields_spec.rb     |  4 +--
 spec/features/admin/languages_spec.rb         |  4 +--
 spec/features/admin/media_spec.rb             |  4 +--
 spec/features/admin/menus_spec.rb             |  4 +--
 spec/features/admin/not_found_spec.rb         |  4 +--
 spec/features/admin/pages_spec.rb             |  4 +--
 spec/features/admin/plugins_spec.rb           |  4 +--
 spec/features/admin/posts_spec.rb             |  4 +--
 spec/features/admin/session_spec.rb           |  5 ++-
 spec/features/admin/settings_spec.rb          |  4 +--
 spec/features/admin/shortcodes_spec.rb        |  4 +--
 spec/features/admin/sites_spec.rb             | 32 ++++++++---------
 spec/features/admin/tags_spec.rb              | 24 ++++++-------
 spec/features/admin/themes_spec.rb            |  4 +--
 spec/features/admin/user_roles_spec.rb        | 36 +++++++++----------
 spec/features/admin/users_spec.rb             |  6 ++--
 spec/features/admin/widgets_spec.rb           | 30 ++++++++--------
 spec/features/frontend/pages_spec.rb          |  4 +--
 spec/features/frontend/post_type_spec.rb      |  4 +--
 spec/helpers/email_helper_spec.rb             |  4 +--
 spec/helpers/seo_helper_spec.rb               |  4 +--
 spec/helpers/short_code_helper_spec.rb        |  4 +--
 spec/helpers/uploader_helper_spec.rb          |  4 +--
 spec/mailers/send_mail_spec.rb                |  4 +--
 spec/models/category_spec.rb                  |  1 -
 spec/models/nav_menu_item_spec.rb             |  1 -
 spec/models/nav_menu_spec.rb                  |  1 -
 spec/models/plugin_spec.rb                    |  1 -
 spec/models/post_spec.rb                      |  3 +-
 spec/models/post_tag_spec.rb                  |  1 -
 spec/models/post_type_spec.rb                 |  1 -
 spec/models/site_spec.rb                      |  1 -
 spec/models/theme_spec.rb                     |  1 -
 spec/models/user_role_spec.rb                 |  1 -
 spec/models/widget/widget_main_spec.rb        |  1 -
 spec/models/widget/widget_sidebar_spec.rb     |  1 -
 .../download_private_file_spec.rb             |  2 --
 .../admin/media_controller/new_folder_spec.rb |  2 --
 .../users_controller/updated_ajax_spec.rb     |  2 --
 spec/routing/post_type_routes_spec.rb         |  2 +-
 spec/support/webfont_icon_check.rb            |  2 +-
 spec/uploaders/local_uploader_spec.rb         |  2 --
 48 files changed, 127 insertions(+), 199 deletions(-)

diff --git a/.rspec b/.rspec
index c99d2e73..a35c44f4 100644
--- a/.rspec
+++ b/.rspec
@@ -1 +1 @@
---require spec_helper
+--require rails_helper
diff --git a/spec/decorators/application_decorator_spec.rb b/spec/decorators/application_decorator_spec.rb
index b1c66ea2..4cc2bfb0 100644
--- a/spec/decorators/application_decorator_spec.rb
+++ b/spec/decorators/application_decorator_spec.rb
@@ -1,7 +1,5 @@
 # frozen_string_literal: true
 
-require 'rails_helper'
-
 RSpec.describe CamaleonCms::SiteDecorator, type: :model do
   %i[post_type post site user].each do |klass|
     describe 'Marshal compatibility' do
diff --git a/spec/features/admin/categories_spec.rb b/spec/features/admin/categories_spec.rb
index f7eb55a5..9dd1c89e 100644
--- a/spec/features/admin/categories_spec.rb
+++ b/spec/features/admin/categories_spec.rb
@@ -1,8 +1,6 @@
 # frozen_string_literal: true
 
-require 'rails_helper'
-
-describe 'the signin process', :js do
+RSpec.describe 'the signin process', :js do
   init_site
 
   it 'create new category' do
diff --git a/spec/features/admin/comments_spec.rb b/spec/features/admin/comments_spec.rb
index 0c1f0f5c..f143b6a3 100644
--- a/spec/features/admin/comments_spec.rb
+++ b/spec/features/admin/comments_spec.rb
@@ -1,24 +1,23 @@
 # frozen_string_literal: true
 
-require 'rails_helper'
-
-# add a new comment for a post
-def add_new_comment
-  visit "#{cama_root_relative_path}/admin/posts/#{@site.posts.last.id}/comments"
-  page.execute_script('$("#comments_answer_list .panel-heading .btn-primary").click()')
-  wait_for_ajax
-  within 'form#new_comment' do
-    fill_in 'comment_content', with: 'Test comment'
-    find('button[type="submit"]').click
-  end
-end
-
-describe 'the Comments', :js do
+RSpec.describe 'the Comments', :js do
   init_site
 
+  # add a new comment for a post
+  def add_new_comment
+    visit "#{cama_root_relative_path}/admin/posts/#{@site.posts.last.id}/comments"
+    page.execute_script('$("#comments_answer_list .panel-heading .btn-primary").click()')
+
+    within 'form#new_comment' do
+      fill_in 'comment_content', with: 'Test comment'
+      find('button[type="submit"]').click
+    end
+  end
+
   it 'Add Comment' do
     admin_sign_in
     add_new_comment
+
     expect(page).to have_css('.alert-success')
   end
 
@@ -42,9 +41,9 @@ def add_new_comment
     # answer comment
     within '#comments_answer_list' do
       first('.reply').click
-      wait_for_ajax
     end
-    within '#new_comment' do
+
+    within 'form#new_comment' do
       fill_in 'comment_content', with: 'test answer comment'
       find('button[type="submit"]').click
     end
diff --git a/spec/features/admin/contact_form_spec.rb b/spec/features/admin/contact_form_spec.rb
index 1d35beb9..a8724862 100644
--- a/spec/features/admin/contact_form_spec.rb
+++ b/spec/features/admin/contact_form_spec.rb
@@ -1,21 +1,19 @@
 # frozen_string_literal: true
 
-require 'rails_helper'
-
-# create a new form
-def create_form
-  visit "#{cama_root_relative_path}/admin/plugins/cama_contact_form/admin_forms"
-  expect(page).to have_content('Contact Form')
-  within('#new_plugins_cama_contact_form_cama_contact_form') do
-    fill_in 'plugins_cama_contact_form_cama_contact_form_name', with: 'Test form'
-    fill_in 'plugins_cama_contact_form_cama_contact_form_slug', with: 'test-form'
-    first('button[type="submit"]').click
-  end
-end
-
-describe 'the Contact Form', :js do
+RSpec.describe 'the Contact Form', :js do
   init_site
 
+  # create a new form
+  def create_form
+    visit "#{cama_root_relative_path}/admin/plugins/cama_contact_form/admin_forms"
+    expect(page).to have_content('Contact Form')
+    within('#new_plugins_cama_contact_form_cama_contact_form') do
+      fill_in 'plugins_cama_contact_form_cama_contact_form_name', with: 'Test form'
+      fill_in 'plugins_cama_contact_form_cama_contact_form_slug', with: 'test-form'
+      first('button[type="submit"]').click
+    end
+  end
+
   it 'create new contact form' do
     admin_sign_in
     create_form
diff --git a/spec/features/admin/content_groups_spec.rb b/spec/features/admin/content_groups_spec.rb
index a927947b..eff09657 100644
--- a/spec/features/admin/content_groups_spec.rb
+++ b/spec/features/admin/content_groups_spec.rb
@@ -1,23 +1,21 @@
 # frozen_string_literal: true
 
-require 'rails_helper'
+RSpec.describe 'the Content Groups', :js do
+  init_site
 
-# create a new post type
-def create_post_type
-  visit "#{cama_root_relative_path}/admin/settings/post_types"
-  expect(page).to have_content('Post')
-  expect(page).to have_content('Page')
-  within('#post_type_form') do
-    fill_in 'post_type_name', with: 'Test cat'
-    fill_in 'post_type_slug', with: 'test-content'
-    fill_in 'post_type_description', with: 'test-content descri'
-    check('Manage Multiple Categories')
-    click_button 'Submit'
+  # create a new post type
+  def create_post_type
+    visit "#{cama_root_relative_path}/admin/settings/post_types"
+    expect(page).to have_content('Post')
+    expect(page).to have_content('Page')
+    within('#post_type_form') do
+      fill_in 'post_type_name', with: 'Test cat'
+      fill_in 'post_type_slug', with: 'test-content'
+      fill_in 'post_type_description', with: 'test-content descri'
+      check('Manage Multiple Categories')
+      click_button 'Submit'
+    end
   end
-end
-
-describe 'the Content Groups', :js do
-  init_site
 
   it 'create new content group' do
     admin_sign_in
diff --git a/spec/features/admin/custom_fields_spec.rb b/spec/features/admin/custom_fields_spec.rb
index 6aae40e1..1e87f955 100644
--- a/spec/features/admin/custom_fields_spec.rb
+++ b/spec/features/admin/custom_fields_spec.rb
@@ -1,8 +1,6 @@
 # frozen_string_literal: true
 
-require 'rails_helper'
-
-describe 'the Custom Fields', :js do
+RSpec.describe 'the Custom Fields', :js do
   init_site
 
   it 'Custom fields list' do
diff --git a/spec/features/admin/languages_spec.rb b/spec/features/admin/languages_spec.rb
index 2a928e65..4fa074be 100644
--- a/spec/features/admin/languages_spec.rb
+++ b/spec/features/admin/languages_spec.rb
@@ -1,8 +1,6 @@
 # frozen_string_literal: true
 
-require 'rails_helper'
-
-describe 'the Languages', :js do
+RSpec.describe 'the Languages', :js do
   init_site
 
   it 'Languages list' do
diff --git a/spec/features/admin/media_spec.rb b/spec/features/admin/media_spec.rb
index ad56c068..1af517bb 100644
--- a/spec/features/admin/media_spec.rb
+++ b/spec/features/admin/media_spec.rb
@@ -1,8 +1,6 @@
 # frozen_string_literal: true
 
-require 'rails_helper'
-
-describe 'the Media', :js do
+RSpec.describe 'the Media', :js do
   init_site
 
   it 'list media' do
diff --git a/spec/features/admin/menus_spec.rb b/spec/features/admin/menus_spec.rb
index 9f7904f6..7cc2b04e 100644
--- a/spec/features/admin/menus_spec.rb
+++ b/spec/features/admin/menus_spec.rb
@@ -1,8 +1,6 @@
 # frozen_string_literal: true
 
-require 'rails_helper'
-
-describe 'the Menus', :js do
+RSpec.describe 'the Menus', :js do
   init_site
 
   it 'Menus list' do
diff --git a/spec/features/admin/not_found_spec.rb b/spec/features/admin/not_found_spec.rb
index 77727503..e2cdc3d3 100644
--- a/spec/features/admin/not_found_spec.rb
+++ b/spec/features/admin/not_found_spec.rb
@@ -1,8 +1,6 @@
 # frozen_string_literal: true
 
-require 'rails_helper'
-
-describe 'no found', :js do
+RSpec.describe 'no found', :js do
   init_site
 
   it '404s' do
diff --git a/spec/features/admin/pages_spec.rb b/spec/features/admin/pages_spec.rb
index 4402e77e..49b3f77a 100644
--- a/spec/features/admin/pages_spec.rb
+++ b/spec/features/admin/pages_spec.rb
@@ -1,8 +1,6 @@
 # frozen_string_literal: true
 
-require 'rails_helper'
-
-describe 'the signin process', :js do
+RSpec.describe 'the signin process', :js do
   let(:post_type_id) { @site.post_types.where(slug: :page).pick(:id) }
 
   init_site
diff --git a/spec/features/admin/plugins_spec.rb b/spec/features/admin/plugins_spec.rb
index 8e767ee0..677d7459 100644
--- a/spec/features/admin/plugins_spec.rb
+++ b/spec/features/admin/plugins_spec.rb
@@ -1,8 +1,6 @@
 # frozen_string_literal: true
 
-require 'rails_helper'
-
-describe 'the Menus', :js do
+RSpec.describe 'the Menus', :js do
   init_site
 
   it 'Plugins list' do
diff --git a/spec/features/admin/posts_spec.rb b/spec/features/admin/posts_spec.rb
index d2a91e3e..1155fc07 100644
--- a/spec/features/admin/posts_spec.rb
+++ b/spec/features/admin/posts_spec.rb
@@ -1,8 +1,6 @@
 # frozen_string_literal: true
 
-require 'rails_helper'
-
-describe 'Posts workflows for Admin', :js do
+RSpec.describe 'Posts workflows for Admin', :js do
   let(:post) { site.the_post('sample-post').decorate }
   let(:post_type_id) { site.post_types.where(slug: :post).pick(:id) }
   let!(:site) { create(:site).decorate }
diff --git a/spec/features/admin/session_spec.rb b/spec/features/admin/session_spec.rb
index f39ddf66..51fd5436 100644
--- a/spec/features/admin/session_spec.rb
+++ b/spec/features/admin/session_spec.rb
@@ -1,9 +1,8 @@
 # frozen_string_literal: true
 
-require 'rails_helper'
-
-describe 'the signin process', :js do
+RSpec.describe 'the signin process', :js do
   init_site
+
   it 'signs me in not valid' do
     visit "#{cama_root_relative_path}/admin/login"
     within('#login_user') do
diff --git a/spec/features/admin/settings_spec.rb b/spec/features/admin/settings_spec.rb
index 363345c0..dd4848e6 100644
--- a/spec/features/admin/settings_spec.rb
+++ b/spec/features/admin/settings_spec.rb
@@ -1,8 +1,6 @@
 # frozen_string_literal: true
 
-require 'rails_helper'
-
-describe 'the Site Settings SideBar options', :js do
+RSpec.describe 'the Site Settings SideBar options', :js do
   init_site
 
   before { admin_sign_in }
diff --git a/spec/features/admin/shortcodes_spec.rb b/spec/features/admin/shortcodes_spec.rb
index 8a15abaa..311c4ba9 100644
--- a/spec/features/admin/shortcodes_spec.rb
+++ b/spec/features/admin/shortcodes_spec.rb
@@ -1,8 +1,6 @@
 # frozen_string_literal: true
 
-require 'rails_helper'
-
-describe 'the Shortcodes', :js do
+RSpec.describe 'the Shortcodes', :js do
   init_site
 
   it 'Shortcodes list' do
diff --git a/spec/features/admin/sites_spec.rb b/spec/features/admin/sites_spec.rb
index 855fc4ce..88d376cf 100644
--- a/spec/features/admin/sites_spec.rb
+++ b/spec/features/admin/sites_spec.rb
@@ -1,25 +1,23 @@
 # frozen_string_literal: true
 
-require 'rails_helper'
+RSpec.describe 'the Sites', :js do
+  init_site
 
-def create_site
-  visit "#{cama_root_relative_path}/admin/settings/sites"
-  expect(page).to have_content('List Sites')
+  def create_site
+    visit "#{cama_root_relative_path}/admin/settings/sites"
+    expect(page).to have_content('List Sites')
 
-  # create user role
-  within '#admin_content' do
-    click_link 'Add Site'
-  end
-  expect(page).to have_css('#new_site')
-  within '#new_site' do
-    fill_in 'site_slug', with: 'owen'
-    fill_in 'site_name', with: 'Owen sub site'
-    click_button 'Submit'
+    # create user role
+    within '#admin_content' do
+      click_link 'Add Site'
+    end
+    expect(page).to have_css('#new_site')
+    within '#new_site' do
+      fill_in 'site_slug', with: 'owen'
+      fill_in 'site_name', with: 'Owen sub site'
+      click_button 'Submit'
+    end
   end
-end
-
-describe 'the Sites', :js do
-  init_site
 
   it 'Sites list' do
     admin_sign_in
diff --git a/spec/features/admin/tags_spec.rb b/spec/features/admin/tags_spec.rb
index a2a001a8..dbc6192b 100644
--- a/spec/features/admin/tags_spec.rb
+++ b/spec/features/admin/tags_spec.rb
@@ -1,21 +1,19 @@
 # frozen_string_literal: true
 
-require 'rails_helper'
-
-# create a new post tag
-def create_tag
-  visit "#{cama_root_relative_path}/admin/post_type/#{post_type_id}/post_tags"
-  within('#new_post_tag') do
-    fill_in 'post_tag_name', with: 'Test tag'
-    fill_in 'post_tag_slug', with: 'test-tag'
-  end
-  click_button 'Submit'
-end
+RSpec.describe 'the signin process', :js do
+  init_site
 
-describe 'the signin process', :js do
   let(:post_type_id) { @site.post_types.where(slug: :post).pick(:id) }
 
-  init_site
+  # create a new post tag
+  def create_tag
+    visit "#{cama_root_relative_path}/admin/post_type/#{post_type_id}/post_tags"
+    within('#new_post_tag') do
+      fill_in 'post_tag_name', with: 'Test tag'
+      fill_in 'post_tag_slug', with: 'test-tag'
+    end
+    click_button 'Submit'
+  end
 
   it 'create new tag' do
     admin_sign_in
diff --git a/spec/features/admin/themes_spec.rb b/spec/features/admin/themes_spec.rb
index e470e943..b8a42f4f 100644
--- a/spec/features/admin/themes_spec.rb
+++ b/spec/features/admin/themes_spec.rb
@@ -1,8 +1,6 @@
 # frozen_string_literal: true
 
-require 'rails_helper'
-
-describe 'the Themes', :js do
+RSpec.describe 'the Themes', :js do
   init_site
 
   it 'Themes list' do
diff --git a/spec/features/admin/user_roles_spec.rb b/spec/features/admin/user_roles_spec.rb
index 33f52856..4f6df860 100644
--- a/spec/features/admin/user_roles_spec.rb
+++ b/spec/features/admin/user_roles_spec.rb
@@ -1,26 +1,24 @@
 # frozen_string_literal: true
 
-require 'rails_helper'
+RSpec.describe 'the User Roles', :js do
+  init_site
 
-# create a new user role
-def create_role
-  visit "#{cama_root_relative_path}/admin/user_roles"
-  within '#admin_content' do
-    click_link 'Add User Role'
-  end
-  expect(page).to have_css('#new_user_role')
-  within '#new_user_role' do
-    fill_in 'user_role_name', with: 'Test Role'
-    fill_in 'user_role_slug', with: 'tester-role'
-    fill_in 'user_role_description', with: 'tester descr'
-    check 'Comments'
-    check 'Themes'
-    click_button 'Submit'
+  # create a new user role
+  def create_role
+    visit "#{cama_root_relative_path}/admin/user_roles"
+    within '#admin_content' do
+      click_link 'Add User Role'
+    end
+    expect(page).to have_css('#new_user_role')
+    within '#new_user_role' do
+      fill_in 'user_role_name', with: 'Test Role'
+      fill_in 'user_role_slug', with: 'tester-role'
+      fill_in 'user_role_description', with: 'tester descr'
+      check 'Comments'
+      check 'Themes'
+      click_button 'Submit'
+    end
   end
-end
-
-describe 'the User Roles', :js do
-  init_site
 
   it 'User Roles list' do
     admin_sign_in
diff --git a/spec/features/admin/users_spec.rb b/spec/features/admin/users_spec.rb
index dae9a121..945955a7 100644
--- a/spec/features/admin/users_spec.rb
+++ b/spec/features/admin/users_spec.rb
@@ -1,11 +1,11 @@
 # frozen_string_literal: true
 
-require 'rails_helper'
-
-describe 'the Users', :js do
+RSpec.describe 'the Users', :js do
   init_site
+
   uname = "testerr_#{Time.current.to_i}"
   uemail = "testerr_#{Time.current.to_i}@gmail.com"
+
   it 'Users list' do
     admin_sign_in
     visit "#{cama_root_relative_path}/admin/users"
diff --git a/spec/features/admin/widgets_spec.rb b/spec/features/admin/widgets_spec.rb
index b2f00e55..9a0b81b9 100644
--- a/spec/features/admin/widgets_spec.rb
+++ b/spec/features/admin/widgets_spec.rb
@@ -1,23 +1,21 @@
 # frozen_string_literal: true
 
-require 'rails_helper'
+RSpec.describe 'the Widgets', :js do
+  init_site
 
-# create a widget
-def create_widget
-  within '#view_widget_list' do
-    first('#new_widget_link').click
-    wait_for_ajax
-  end
-  within '#widget_form' do
-    fill_in 'widget_main_name', with: 'test widget'
-    fill_in 'widget_main_slug', with: 'test-widget'
-    fill_in 'widget_main_description', with: 'lorem ipsum'
-    click_button 'Submit'
+  # create a widget
+  def create_widget
+    within '#view_widget_list' do
+      first('#new_widget_link').click
+      wait_for_ajax
+    end
+    within '#widget_form' do
+      fill_in 'widget_main_name', with: 'test widget'
+      fill_in 'widget_main_slug', with: 'test-widget'
+      fill_in 'widget_main_description', with: 'lorem ipsum'
+      click_button 'Submit'
+    end
   end
-end
-
-describe 'the Widgets', :js do
-  init_site
 
   it 'Widgets list' do
     admin_sign_in
diff --git a/spec/features/frontend/pages_spec.rb b/spec/features/frontend/pages_spec.rb
index bc2a0b40..753a0c3d 100644
--- a/spec/features/frontend/pages_spec.rb
+++ b/spec/features/frontend/pages_spec.rb
@@ -1,10 +1,8 @@
 # frozen_string_literal: true
 
-require 'rails_helper'
-
 include CamaleonCms::PluginsHelper
 
-describe 'Post frontend', :js do
+RSpec.describe 'Post frontend', :js do
   init_site
 
   it 'visit post' do
diff --git a/spec/features/frontend/post_type_spec.rb b/spec/features/frontend/post_type_spec.rb
index c32d711d..8f1abc20 100644
--- a/spec/features/frontend/post_type_spec.rb
+++ b/spec/features/frontend/post_type_spec.rb
@@ -1,8 +1,6 @@
 # frozen_string_literal: true
 
-require 'rails_helper'
-
-describe 'Posttype frontend', :js do
+RSpec.describe 'Posttype frontend', :js do
   before do
     @site = create(:site).decorate
     @post = @site.the_post('sample-post').decorate
diff --git a/spec/helpers/email_helper_spec.rb b/spec/helpers/email_helper_spec.rb
index a2fcec7e..41293993 100644
--- a/spec/helpers/email_helper_spec.rb
+++ b/spec/helpers/email_helper_spec.rb
@@ -1,8 +1,6 @@
 # frozen_string_literal: true
 
-require 'rails_helper'
-
-describe 'CamaleonCms::EmailHelper' do
+RSpec.describe 'CamaleonCms::EmailHelper' do
   init_site
 
   describe '#send_email (old way)' do
diff --git a/spec/helpers/seo_helper_spec.rb b/spec/helpers/seo_helper_spec.rb
index cf964e57..e42432a2 100644
--- a/spec/helpers/seo_helper_spec.rb
+++ b/spec/helpers/seo_helper_spec.rb
@@ -1,8 +1,6 @@
 # frozen_string_literal: true
 
-require 'rails_helper'
-
-describe CamaleonCms::Frontend::SeoHelper do
+RSpec.describe CamaleonCms::Frontend::SeoHelper do
   let(:host) { request_env['HTTP_HOST'] }
   let(:request_env) { ActionDispatch::TestRequest.__send__(:default_env) }
   let(:url_scheme) { request_env['rack.url_scheme'] }
diff --git a/spec/helpers/short_code_helper_spec.rb b/spec/helpers/short_code_helper_spec.rb
index f9b1bd79..23c3c4e8 100644
--- a/spec/helpers/short_code_helper_spec.rb
+++ b/spec/helpers/short_code_helper_spec.rb
@@ -1,7 +1,5 @@
 # frozen_string_literal: true
 
-require 'rails_helper'
-
 def shortcode_tests
   before do
     helper.shortcodes_init
@@ -29,7 +27,7 @@ def shortcode_tests
   end
 end
 
-describe 'CamaleonCms::ShortCodeHelper' do
+RSpec.describe 'CamaleonCms::ShortCodeHelper' do
   describe 'Shortcode Simple' do
     shortcode_tests
     it 'No attributes' do
diff --git a/spec/helpers/uploader_helper_spec.rb b/spec/helpers/uploader_helper_spec.rb
index cab35fda..fa9a59c9 100644
--- a/spec/helpers/uploader_helper_spec.rb
+++ b/spec/helpers/uploader_helper_spec.rb
@@ -1,8 +1,6 @@
 # frozen_string_literal: true
 
-require 'rails_helper'
-
-describe CamaleonCms::UploaderHelper do
+RSpec.describe CamaleonCms::UploaderHelper do
   init_site
 
   before do
diff --git a/spec/mailers/send_mail_spec.rb b/spec/mailers/send_mail_spec.rb
index 81384462..d32d916c 100644
--- a/spec/mailers/send_mail_spec.rb
+++ b/spec/mailers/send_mail_spec.rb
@@ -1,6 +1,6 @@
-require 'rails_helper'
+# frozen_string_literal: true
 
-describe 'CamaleonCms::HtmlMailer' do
+RSpec.describe 'CamaleonCms::HtmlMailer' do
   before do
     @site = create(:site).decorate
   end
diff --git a/spec/models/category_spec.rb b/spec/models/category_spec.rb
index ec50212f..bc9539ea 100644
--- a/spec/models/category_spec.rb
+++ b/spec/models/category_spec.rb
@@ -1,6 +1,5 @@
 # frozen_string_literal: true
 
-require 'rails_helper'
 require 'shared_specs/sanitize_attrs'
 
 RSpec.describe CamaleonCms::Category, type: :model do
diff --git a/spec/models/nav_menu_item_spec.rb b/spec/models/nav_menu_item_spec.rb
index fce51f38..d1b35d60 100644
--- a/spec/models/nav_menu_item_spec.rb
+++ b/spec/models/nav_menu_item_spec.rb
@@ -1,6 +1,5 @@
 # frozen_string_literal: true
 
-require 'rails_helper'
 require 'shared_specs/sanitize_attrs'
 
 RSpec.describe CamaleonCms::NavMenuItem, type: :model do
diff --git a/spec/models/nav_menu_spec.rb b/spec/models/nav_menu_spec.rb
index 397b5020..7f0b4f51 100644
--- a/spec/models/nav_menu_spec.rb
+++ b/spec/models/nav_menu_spec.rb
@@ -1,6 +1,5 @@
 # frozen_string_literal: true
 
-require 'rails_helper'
 require 'shared_specs/sanitize_attrs'
 
 RSpec.describe CamaleonCms::NavMenu, type: :model do
diff --git a/spec/models/plugin_spec.rb b/spec/models/plugin_spec.rb
index b620b8d9..c498c47f 100644
--- a/spec/models/plugin_spec.rb
+++ b/spec/models/plugin_spec.rb
@@ -1,6 +1,5 @@
 # frozen_string_literal: true
 
-require 'rails_helper'
 require 'shared_specs/sanitize_attrs'
 
 RSpec.describe CamaleonCms::Plugin, type: :model do
diff --git a/spec/models/post_spec.rb b/spec/models/post_spec.rb
index 9dff55e0..d64a3e68 100644
--- a/spec/models/post_spec.rb
+++ b/spec/models/post_spec.rb
@@ -1,11 +1,10 @@
 # frozen_string_literal: true
 
-require 'rails_helper'
-
 include CamaleonCms::Frontend::ApplicationHelper
 
 RSpec.describe 'PostDecorator' do
   init_site
+
   it 'next and previous post related to post type' do
     post_type = create(:post_type, slug: 'test-post-type', site: @site)
     post3 = create(:post, post_type: post_type, slug: 'test3', post_order: 3).decorate
diff --git a/spec/models/post_tag_spec.rb b/spec/models/post_tag_spec.rb
index 910f2e7f..1a25d5bf 100644
--- a/spec/models/post_tag_spec.rb
+++ b/spec/models/post_tag_spec.rb
@@ -1,6 +1,5 @@
 # frozen_string_literal: true
 
-require 'rails_helper'
 require 'shared_specs/sanitize_attrs'
 
 RSpec.describe CamaleonCms::PostTag, type: :model do
diff --git a/spec/models/post_type_spec.rb b/spec/models/post_type_spec.rb
index 869c64c9..5cecbcbd 100644
--- a/spec/models/post_type_spec.rb
+++ b/spec/models/post_type_spec.rb
@@ -1,6 +1,5 @@
 # frozen_string_literal: true
 
-require 'rails_helper'
 require 'shared_specs/sanitize_attrs'
 
 RSpec.describe CamaleonCms::PostType, type: :model do
diff --git a/spec/models/site_spec.rb b/spec/models/site_spec.rb
index 2f301731..71951ebd 100644
--- a/spec/models/site_spec.rb
+++ b/spec/models/site_spec.rb
@@ -1,6 +1,5 @@
 # frozen_string_literal: true
 
-require 'rails_helper'
 require 'shared_specs/sanitize_attrs'
 
 RSpec.describe CamaleonCms::Site, type: :model do
diff --git a/spec/models/theme_spec.rb b/spec/models/theme_spec.rb
index 7fb7eb94..cde53375 100644
--- a/spec/models/theme_spec.rb
+++ b/spec/models/theme_spec.rb
@@ -1,6 +1,5 @@
 # frozen_string_literal: true
 
-require 'rails_helper'
 require 'shared_specs/sanitize_attrs'
 
 RSpec.describe CamaleonCms::Theme, type: :model do
diff --git a/spec/models/user_role_spec.rb b/spec/models/user_role_spec.rb
index 487d56b8..9a208a0c 100644
--- a/spec/models/user_role_spec.rb
+++ b/spec/models/user_role_spec.rb
@@ -1,6 +1,5 @@
 # frozen_string_literal: true
 
-require 'rails_helper'
 require 'shared_specs/sanitize_attrs'
 
 RSpec.describe CamaleonCms::UserRole, type: :model do
diff --git a/spec/models/widget/widget_main_spec.rb b/spec/models/widget/widget_main_spec.rb
index 1d9dc835..18e97dde 100644
--- a/spec/models/widget/widget_main_spec.rb
+++ b/spec/models/widget/widget_main_spec.rb
@@ -1,6 +1,5 @@
 # frozen_string_literal: true
 
-require 'rails_helper'
 require 'shared_specs/sanitize_attrs'
 
 RSpec.describe CamaleonCms::Widget::Main, type: :model do
diff --git a/spec/models/widget/widget_sidebar_spec.rb b/spec/models/widget/widget_sidebar_spec.rb
index 104f6de5..b3f5a590 100644
--- a/spec/models/widget/widget_sidebar_spec.rb
+++ b/spec/models/widget/widget_sidebar_spec.rb
@@ -1,6 +1,5 @@
 # frozen_string_literal: true
 
-require 'rails_helper'
 require 'shared_specs/sanitize_attrs'
 
 RSpec.describe CamaleonCms::Widget::Sidebar, type: :model do
diff --git a/spec/requests/admin/media_controller/download_private_file_spec.rb b/spec/requests/admin/media_controller/download_private_file_spec.rb
index c15b6c1a..18eabba4 100644
--- a/spec/requests/admin/media_controller/download_private_file_spec.rb
+++ b/spec/requests/admin/media_controller/download_private_file_spec.rb
@@ -1,7 +1,5 @@
 # frozen_string_literal: true
 
-require 'rails_helper'
-
 RSpec.describe 'Download private file requests', type: :request do
   init_site
 
diff --git a/spec/requests/admin/media_controller/new_folder_spec.rb b/spec/requests/admin/media_controller/new_folder_spec.rb
index faa96d6c..fc1262df 100644
--- a/spec/requests/admin/media_controller/new_folder_spec.rb
+++ b/spec/requests/admin/media_controller/new_folder_spec.rb
@@ -1,7 +1,5 @@
 # frozen_string_literal: true
 
-require 'rails_helper'
-
 RSpec.describe 'New folder request', type: :request do
   init_site
 
diff --git a/spec/requests/admin/users_controller/updated_ajax_spec.rb b/spec/requests/admin/users_controller/updated_ajax_spec.rb
index a377b075..f12c6a30 100644
--- a/spec/requests/admin/users_controller/updated_ajax_spec.rb
+++ b/spec/requests/admin/users_controller/updated_ajax_spec.rb
@@ -1,7 +1,5 @@
 # frozen_string_literal: true
 
-require 'rails_helper'
-
 RSpec.describe 'updated_ajax request', type: :request do
   init_site
 
diff --git a/spec/routing/post_type_routes_spec.rb b/spec/routing/post_type_routes_spec.rb
index e85a0938..204a80ff 100644
--- a/spec/routing/post_type_routes_spec.rb
+++ b/spec/routing/post_type_routes_spec.rb
@@ -1,4 +1,4 @@
-require 'rails_helper'
+# frozen_string_literal: true
 
 RSpec.describe 'routes for Post Types', type: :routing do
   init_site
diff --git a/spec/support/webfont_icon_check.rb b/spec/support/webfont_icon_check.rb
index 88791f24..1bc53273 100644
--- a/spec/support/webfont_icon_check.rb
+++ b/spec/support/webfont_icon_check.rb
@@ -1,4 +1,4 @@
-# require 'rails_helper'
+# frozen_string_literal: true
 
 def webfont_icon_fetch_status(icon_class, filnam_distinct_part, filnam_extension)
   icon_font_faces = page.execute_script(<<~JS, icon_class)
diff --git a/spec/uploaders/local_uploader_spec.rb b/spec/uploaders/local_uploader_spec.rb
index 08914f7d..fd4903d0 100644
--- a/spec/uploaders/local_uploader_spec.rb
+++ b/spec/uploaders/local_uploader_spec.rb
@@ -1,7 +1,5 @@
 # frozen_string_literal: true
 
-require 'rails_helper'
-
 RSpec.describe CamaleonCmsLocalUploader do
   init_site
 

From 257abfcb297d192e38304c270ee0cdd541398492 Mon Sep 17 00:00:00 2001
From: texpert <branzeanu.aurel@gmail.com>
Date: Wed, 26 Feb 2025 19:25:10 +0200
Subject: [PATCH 09/10] Add capybara-lockstep' to all the gemfiles

---
 gemfiles/rails_6_1.gemfile  | 1 +
 gemfiles/rails_7_0.gemfile  | 1 +
 gemfiles/rails_7_1.gemfile  | 1 +
 gemfiles/rails_7_2.gemfile  | 1 +
 gemfiles/rails_8_0.gemfile  | 1 +
 gemfiles/rails_edge.gemfile | 1 +
 6 files changed, 6 insertions(+)

diff --git a/gemfiles/rails_6_1.gemfile b/gemfiles/rails_6_1.gemfile
index d3fe0a85..0a2bd9f8 100644
--- a/gemfiles/rails_6_1.gemfile
+++ b/gemfiles/rails_6_1.gemfile
@@ -3,6 +3,7 @@ source 'https://rubygems.org'
 gemspec path: '..'
 
 gem 'cancancan', '~> 3.0'
+gem 'capybara-lockstep'
 gem 'capybara-screenshot'
 gem 'drb'
 gem 'factory_bot_rails'
diff --git a/gemfiles/rails_7_0.gemfile b/gemfiles/rails_7_0.gemfile
index 8e19e408..18b57fa5 100644
--- a/gemfiles/rails_7_0.gemfile
+++ b/gemfiles/rails_7_0.gemfile
@@ -3,6 +3,7 @@ source 'https://rubygems.org'
 gemspec path: '..'
 
 gem 'cancancan', '~> 3.0'
+gem 'capybara-lockstep'
 gem 'capybara-screenshot'
 gem 'drb'
 gem 'factory_bot_rails'
diff --git a/gemfiles/rails_7_1.gemfile b/gemfiles/rails_7_1.gemfile
index 07073607..676a9351 100644
--- a/gemfiles/rails_7_1.gemfile
+++ b/gemfiles/rails_7_1.gemfile
@@ -3,6 +3,7 @@ source 'https://rubygems.org'
 gemspec path: '..'
 
 gem 'cancancan', '~> 3.0'
+gem 'capybara-lockstep'
 gem 'capybara-screenshot'
 gem 'factory_bot_rails'
 gem 'faker'
diff --git a/gemfiles/rails_7_2.gemfile b/gemfiles/rails_7_2.gemfile
index e2297744..0d440572 100644
--- a/gemfiles/rails_7_2.gemfile
+++ b/gemfiles/rails_7_2.gemfile
@@ -3,6 +3,7 @@ source 'https://rubygems.org'
 gemspec path: '..'
 
 gem 'cancancan', '~> 3.0'
+gem 'capybara-lockstep'
 gem 'capybara-screenshot'
 gem 'factory_bot_rails'
 gem 'faker'
diff --git a/gemfiles/rails_8_0.gemfile b/gemfiles/rails_8_0.gemfile
index d8fd5488..7deab230 100644
--- a/gemfiles/rails_8_0.gemfile
+++ b/gemfiles/rails_8_0.gemfile
@@ -3,6 +3,7 @@ source 'https://rubygems.org'
 gemspec path: '..'
 
 gem 'cancancan', '~> 3.0'
+gem 'capybara-lockstep'
 gem 'capybara-screenshot'
 gem 'factory_bot_rails'
 gem 'faker'
diff --git a/gemfiles/rails_edge.gemfile b/gemfiles/rails_edge.gemfile
index a120f3f1..0f5fb656 100644
--- a/gemfiles/rails_edge.gemfile
+++ b/gemfiles/rails_edge.gemfile
@@ -3,6 +3,7 @@ source 'https://rubygems.org'
 gemspec path: '..'
 
 gem 'cancancan', '~> 3.0'
+gem 'capybara-lockstep'
 gem 'capybara-screenshot'
 gem 'factory_bot_rails'
 gem 'faker'

From 5ae7bcbb79d1549e8f32df6a369157dd586d72d8 Mon Sep 17 00:00:00 2001
From: texpert <branzeanu.aurel@gmail.com>
Date: Tue, 11 Mar 2025 17:05:12 +0200
Subject: [PATCH 10/10] Use value.to_json for ActionController::Parameters in
 `fix_meta_value`, because JSON.generate and fast_generate is escaping
 ActionController::Parameters

---
 .../concerns/camaleon_cms/custom_fields_read.rb  |  8 ++++----
 app/models/concerns/camaleon_cms/metas.rb        | 16 ++++++++++------
 .../admin/settings/custom_fields/form.html.erb   |  9 +++++----
 3 files changed, 19 insertions(+), 14 deletions(-)

diff --git a/app/models/concerns/camaleon_cms/custom_fields_read.rb b/app/models/concerns/camaleon_cms/custom_fields_read.rb
index 5198386b..29396009 100644
--- a/app/models/concerns/camaleon_cms/custom_fields_read.rb
+++ b/app/models/concerns/camaleon_cms/custom_fields_read.rb
@@ -95,9 +95,7 @@ def get_field_values(_key, group_number = 0)
           f.custom_field_slug == _key && f.group_number == group_number
         end.map(&:value)
       else
-        custom_field_values.where(
-          custom_field_slug: _key, group_number: group_number
-        ).pluck(:value)
+        custom_field_values.where(custom_field_slug: _key, group_number: group_number).pluck(:value)
       end
     end
     alias get_fields get_field_values
@@ -304,7 +302,9 @@ def set_field_value(key, value, args = {})
     private
 
     def fix_meta_value(value)
-      value = JSON.generate(value) if value.is_a?(Array) || value.is_a?(Hash) || value.is_a?(ActionController::Parameters)
+      return value.to_json if value.is_a?(ActionController::Parameters)
+      return JSON.fast_generate(value) if value.is_a?(Array) || value.is_a?(Hash)
+
       value
     end
 
diff --git a/app/models/concerns/camaleon_cms/metas.rb b/app/models/concerns/camaleon_cms/metas.rb
index fb7cc06f..8c8cbd61 100644
--- a/app/models/concerns/camaleon_cms/metas.rb
+++ b/app/models/concerns/camaleon_cms/metas.rb
@@ -19,8 +19,7 @@ def set_meta(key, value)
     end
 
     # return value of meta with key: key,
-    # if meta not exist, return default
-    # return default if meta value == ""
+    # if meta not exist, or its value == "", return default
     def get_meta(key, default = nil)
       key_str = key.is_a?(Symbol) ? key.to_s : key
       cama_fetch_cache("meta_#{key_str}") do
@@ -70,8 +69,7 @@ def set_option(key, value = nil, meta_key = '_default')
 
     # return configuration for current object
     # key: attribute name
-    # default: if attribute not exist, return default
-    # return default if option value == ""
+    # default: if the attribute doesn't exist, or its value == "", return default
     # return value for attribute
     def get_option(key = nil, default = nil, meta_key = '_default')
       values = cama_options(meta_key)
@@ -133,8 +131,14 @@ def save_metas_options
 
     # fix to parse value
     def fix_meta_value(value)
-      value = JSON.generate(value) if value.is_a?(Array) || value.is_a?(Hash) || value.is_a?(ActionController::Parameters)
-      fix_meta_var(value)
+      changed_value = if value.is_a?(ActionController::Parameters)
+                        value.to_json
+                      elsif value.is_a?(Array) || value.is_a?(Hash)
+                        JSON.fast_generate(value)
+                      else
+                        value
+                      end
+      fix_meta_var(changed_value)
     end
 
     # fix to detect type of the variable
diff --git a/app/views/camaleon_cms/admin/settings/custom_fields/form.html.erb b/app/views/camaleon_cms/admin/settings/custom_fields/form.html.erb
index 2cfadc38..4afa39ba 100644
--- a/app/views/camaleon_cms/admin/settings/custom_fields/form.html.erb
+++ b/app/views/camaleon_cms/admin/settings/custom_fields/form.html.erb
@@ -126,7 +126,11 @@
                     <div class="panel-body padding-0">
                         <% fields =  @field_group.new_record? ? [] : @field_group.fields %>
                         <ul id="sortable-fields" class="clear list-unstyled">
-                            <% fields.each do |field| @item_value = field; @item_options_value = field.options; @key = field.options[:field_key] %>
+                            <% fields.each do |field|
+                              @item_value = field
+                              @item_options_value = field.options
+                              @key = field.options['field_key']
+                            %>
                                 <li class="item">
                                     <%= render "get_items" %>
                                 </li>
@@ -162,6 +166,3 @@
         <% end %>
     </div>
 </div>
-
-
-