Změny dokumentu Značky
Naposledy změněno superadmin 06.01.2023 13:07
Od verze 1.1
změnil(a) XWiki Admin
k 26.05.2017 08:18
k 26.05.2017 08:18
Změnit komentář:
Install extension [org.xwiki.platform:xwiki-platform-tag-ui-9.3.1]
Na verzi 2.1
změnil(a) superadmin
k 06.01.2023 13:07
k 06.01.2023 13:07
Změnit komentář:
Install extension [org.xwiki.platform:xwiki-platform-tag-ui/14.10.2]
Summary
-
Page properties (2 modified, 0 added, 0 removed)
Details
- Page properties
-
- Autor dokumentu
-
... ... @@ -1,1 +1,1 @@ 1 -XWiki. Admin1 +XWiki.superadmin - Content
-
... ... @@ -13,6 +13,7 @@ 13 13 ## 14 14 #set ($do = "$!{request.get('do')}") 15 15 #set ($tag = "$!{request.get('tag')}") 16 +#set ($wikiEscapedTag = $services.rendering.escape($tag, 'xwiki/2.1')) 16 16 #set ($urlEscapedTag = $escapetool.url($tag)) 17 17 #set ($htmlEscapedTag = $escapetool.xml($tag)) 18 18 ## ... ... @@ -20,7 +20,7 @@ 20 20 ## 21 21 #macro (displayTagAppTitle $urlEscapedTag $htmlEscapedTag $displayButtons) 22 22 (% class="xapp" %) 23 - = (% class="highlight tag" %)${ tag}##24 + = (% class="highlight tag" %)${wikiEscapedTag}## 24 24 #if ($xwiki.hasAdminRights() && $displayButtons) ## 25 25 [[$services.localization.render('xe.tag.rename.link')>>||queryString="do=prepareRename&tag=${urlEscapedTag}" class="button rename" rel="nofollow"]] [[$services.localization.render('xe.tag.delete.link')>>||queryString="do=prepareDelete&tag=${urlEscapedTag}" class="button delete" rel="nofollow"]]## 26 26 #end ... ... @@ -36,7 +36,7 @@ 36 36 ## 37 37 #displayTagAppTitle($urlEscapedTag $htmlEscapedTag true) 38 38 #if ("$!{request.get('renamedTag')}" != '') 39 - {{info}}$services.localization.render('xe.tag.rename.success', ["//${request.get('renamedTag')}//"]){{/info}} 40 + {{info}}$services.localization.render('xe.tag.rename.success', ["//${services.rendering.escape(${request.get('renamedTag')}, 'xwiki/2.1')}//"]){{/info}} 40 40 41 41 #end 42 42 #set ($list = $xwiki.tag.getDocumentsWithTag($tag)) ... ... @@ -43,7 +43,7 @@ 43 43 {{container layoutStyle="columns"}} 44 44 ((( 45 45 (% class="xapp" %) 46 - === $services.localization.render('xe.tag.alldocs', ["//${ tag}//"]) ===47 + === $services.localization.render('xe.tag.alldocs', ["//${wikiEscapedTag}//"]) === 47 47 48 48 #if ($list.size()> 0) 49 49 {{html}}#displayDocumentList($list false $blacklistedSpaces){{/html}} ... ... @@ -53,9 +53,8 @@ 53 53 ))) 54 54 ((( 55 55 (% class="xapp" %) 56 - === $services.localization.render('xe.tag.activity', ["//${tag}//"]) === 57 - 58 - {{activity tags="$tag" rss='true'/}} 57 + === $services.localization.render('xe.tag.activity', ["//${wikiEscapedTag}//"]) === 58 + {{notifications useUserPreferences="false" displayOwnEvents="true" tags="$wikiEscapedTag" displayRSSLink="true" /}} 59 59 ))) 60 60 {{/container}} 61 61 #elseif ($do == 'prepareRename') ... ... @@ -74,19 +74,23 @@ 74 74 </form> 75 75 {{/html}} 76 76 #elseif ($do == 'renameTag') 77 - ## 78 - ## Rename tag 79 - ## 80 - #set ($renameTo = "$!{request.get('renameTo')}") 81 - #set ($success = false) 82 - #if ($renameTo != '') 83 - #set ($success = $xwiki.tag.renameTag($tag, $renameTo)) 84 - #end 85 - #if ($success == true || $success == 'OK') 86 - #set ($urlEscapedRenameTo = $escapetool.url($renameTo)) 87 - $response.sendRedirect($doc.getURL('view', "do=viewTag&tag=${urlEscapedRenameTo}&renamedTag=${urlEscapedTag}")) 77 + #if (!$services.csrf.isTokenValid($request.get('form_token'))) 78 + #set ($discard = $response.sendError(401, "Wrong CSRF token")) 88 88 #else 89 - {{error}}$services.localization.render('xe.tag.rename.failure', ["//${tag}//", "//${renameTo}//"]){{/error}} 80 + ## 81 + ## Rename tag 82 + ## 83 + #set ($renameTo = "$!{request.get('renameTo')}") 84 + #set ($success = false) 85 + #if ($renameTo != '') 86 + #set ($success = $xwiki.tag.renameTag($tag, $renameTo)) 87 + #end 88 + #if ($success == true || $success == 'OK') 89 + #set ($urlEscapedRenameTo = $escapetool.url($renameTo)) 90 + $response.sendRedirect($doc.getURL('view', "do=viewTag&tag=${urlEscapedRenameTo}&renamedTag=${urlEscapedTag}")) 91 + #else 92 + {{error}}$services.localization.render('xe.tag.rename.failure', ["//${wikiEscapedTag}//", "//${services.rendering.escape($renameTo, 'xwiki/2.1')}//"]){{/error}} 93 + #end 90 90 #end 91 91 #elseif ($do == 'prepareDelete') 92 92 ## ... ... @@ -104,14 +104,18 @@ 104 104 </form> 105 105 {{/html}} 106 106 #elseif ($do == 'deleteTag') 107 - ## 108 - ## Delete tag 109 - ## 110 - #set ($success = $xwiki.tag.deleteTag($tag)) 111 - #if ($success == true || $success == 'OK') 112 - $response.sendRedirect($doc.getURL('view', "deletedTag=${urlEscapedTag}")) 111 + #if (!$services.csrf.isTokenValid($request.get('form_token'))) 112 + #set ($discard = $response.sendError(401, "Wrong CSRF token")) 113 113 #else 114 - {{error}}$services.localization.render('xe.tag.delete.failure', ["//${tag}//"]){{/error}} 114 + ## 115 + ## Delete tag 116 + ## 117 + #set ($success = $xwiki.tag.deleteTag($tag)) 118 + #if ($success == true || $success == 'OK') 119 + $response.sendRedirect($doc.getURL('view', "deletedTag=${urlEscapedTag}")) 120 + #else 121 + {{error}}$services.localization.render('xe.tag.delete.failure', ["//${wikiEscapedTag}//"]){{/error}} 122 + #end 115 115 #end 116 116 #else 117 117 ## ... ... @@ -119,7 +119,7 @@ 119 119 ## 120 120 #set ($title = 'All Tags') 121 121 #if ("$!{request.get('deletedTag')}" != '') 122 - {{info}}$services.localization.render('xe.tag.delete.success', ["//${request.get('deletedTag')}//"]){{/info}} 130 + {{info}}$services.localization.render('xe.tag.delete.success', ["//${services.rendering.escape($request.get('deletedTag'), 'xwiki/2.1')}//"]){{/info}} 123 123 124 124 #end 125 125 {{tagcloud/}}