<
From version < 18.1 >
edited by Thomas Mortagne
on 2020/01/28
To version < 19.1
edited by Simon Urli
on 2022/10/27
Change comment: Install extension [org.xwiki.platform:xwiki-platform-tag-ui/14.4.6]

Summary

Details

Page properties
Author
... ... @@ -1,1 +1,1 @@
1 -XWiki.ThomasMortagne
1 +XWiki.surli
Content
... ... @@ -13,6 +13,7 @@
13 13  ##
14 14  #set ($do = "$!{request.get('do')}")
15 15  #set ($tag = "$!{request.get('tag')}")
16 +#set ($wikiEscapedTag = $services.rendering.escape($tag, 'xwiki/2.1'))
16 16  #set ($urlEscapedTag = $escapetool.url($tag))
17 17  #set ($htmlEscapedTag = $escapetool.xml($tag))
18 18  ##
... ... @@ -20,7 +20,7 @@
20 20  ##
21 21  #macro (displayTagAppTitle $urlEscapedTag $htmlEscapedTag $displayButtons)
22 22   (% class="xapp" %)
23 - = (% class="highlight tag" %)${tag}##
24 + = (% class="highlight tag" %)${wikiEscapedTag}##
24 24   #if ($xwiki.hasAdminRights() && $displayButtons) ##
25 25   [[$services.localization.render('xe.tag.rename.link')>>||queryString="do=prepareRename&tag=${urlEscapedTag}" class="button rename" rel="nofollow"]] [[$services.localization.render('xe.tag.delete.link')>>||queryString="do=prepareDelete&tag=${urlEscapedTag}" class="button delete" rel="nofollow"]]##
26 26   #end
... ... @@ -36,7 +36,7 @@
36 36   ##
37 37   #displayTagAppTitle($urlEscapedTag $htmlEscapedTag true)
38 38   #if ("$!{request.get('renamedTag')}" != '')
39 - {{info}}$services.localization.render('xe.tag.rename.success', ["//${request.get('renamedTag')}//"]){{/info}}
40 + {{info}}$services.localization.render('xe.tag.rename.success', ["//${services.rendering.escape(${request.get('renamedTag')}, 'xwiki/2.1')}//"]){{/info}}
40 40  
41 41   #end
42 42   #set ($list = $xwiki.tag.getDocumentsWithTag($tag))
... ... @@ -43,7 +43,7 @@
43 43   {{container layoutStyle="columns"}}
44 44   (((
45 45   (% class="xapp" %)
46 - === $services.localization.render('xe.tag.alldocs', ["//${tag}//"]) ===
47 + === $services.localization.render('xe.tag.alldocs', ["//${wikiEscapedTag}//"]) ===
47 47  
48 48   #if ($list.size()> 0)
49 49   {{html}}#displayDocumentList($list false $blacklistedSpaces){{/html}}
... ... @@ -53,8 +53,8 @@
53 53   )))
54 54   (((
55 55   (% class="xapp" %)
56 - === $services.localization.render('xe.tag.activity', ["//${tag}//"]) ===
57 - {{notifications useUserPreferences="false" displayOwnEvents="true" tags="$tag" displayRSSLink="true" /}}
57 + === $services.localization.render('xe.tag.activity', ["//${wikiEscapedTag}//"]) ===
58 + {{notifications useUserPreferences="false" displayOwnEvents="true" tags="$wikiEscapedTag" displayRSSLink="true" /}}
58 58   )))
59 59   {{/container}}
60 60  #elseif ($do == 'prepareRename')
... ... @@ -73,19 +73,23 @@
73 73   </form>
74 74  {{/html}}
75 75  #elseif ($do == 'renameTag')
76 - ##
77 - ## Rename tag
78 - ##
79 - #set ($renameTo = "$!{request.get('renameTo')}")
80 - #set ($success = false)
81 - #if ($renameTo != '')
82 - #set ($success = $xwiki.tag.renameTag($tag, $renameTo))
83 - #end
84 - #if ($success == true || $success == 'OK')
85 - #set ($urlEscapedRenameTo = $escapetool.url($renameTo))
86 - $response.sendRedirect($doc.getURL('view', "do=viewTag&tag=${urlEscapedRenameTo}&renamedTag=${urlEscapedTag}"))
77 + #if (!$services.csrf.isTokenValid($request.get('form_token')))
78 + #set ($discard = $response.sendError(401, "Wrong CSRF token"))
87 87   #else
88 - {{error}}$services.localization.render('xe.tag.rename.failure', ["//${tag}//", "//${renameTo}//"]){{/error}}
80 + ##
81 + ## Rename tag
82 + ##
83 + #set ($renameTo = "$!{request.get('renameTo')}")
84 + #set ($success = false)
85 + #if ($renameTo != '')
86 + #set ($success = $xwiki.tag.renameTag($tag, $renameTo))
87 + #end
88 + #if ($success == true || $success == 'OK')
89 + #set ($urlEscapedRenameTo = $escapetool.url($renameTo))
90 + $response.sendRedirect($doc.getURL('view', "do=viewTag&tag=${urlEscapedRenameTo}&renamedTag=${urlEscapedTag}"))
91 + #else
92 + {{error}}$services.localization.render('xe.tag.rename.failure', ["//${wikiEscapedTag}//", "//${services.rendering.escape($renameTo, 'xwiki/2.1')}//"]){{/error}}
93 + #end
89 89   #end
90 90  #elseif ($do == 'prepareDelete')
91 91   ##
... ... @@ -103,14 +103,18 @@
103 103   </form>
104 104  {{/html}}
105 105  #elseif ($do == 'deleteTag')
106 - ##
107 - ## Delete tag
108 - ##
109 - #set ($success = $xwiki.tag.deleteTag($tag))
110 - #if ($success == true || $success == 'OK')
111 - $response.sendRedirect($doc.getURL('view', "deletedTag=${urlEscapedTag}"))
111 + #if (!$services.csrf.isTokenValid($request.get('form_token')))
112 + #set ($discard = $response.sendError(401, "Wrong CSRF token"))
112 112   #else
113 - {{error}}$services.localization.render('xe.tag.delete.failure', ["//${tag}//"]){{/error}}
114 + ##
115 + ## Delete tag
116 + ##
117 + #set ($success = $xwiki.tag.deleteTag($tag))
118 + #if ($success == true || $success == 'OK')
119 + $response.sendRedirect($doc.getURL('view', "deletedTag=${urlEscapedTag}"))
120 + #else
121 + {{error}}$services.localization.render('xe.tag.delete.failure', ["//${wikiEscapedTag}//"]){{/error}}
122 + #end
114 114   #end
115 115  #else
116 116   ##
... ... @@ -118,7 +118,7 @@
118 118   ##
119 119   #set ($title = 'All Tags')
120 120   #if ("$!{request.get('deletedTag')}" != '')
121 - {{info}}$services.localization.render('xe.tag.delete.success', ["//${request.get('deletedTag')}//"]){{/info}}
130 + {{info}}$services.localization.render('xe.tag.delete.success', ["//${services.rendering.escape($request.get('deletedTag'), 'xwiki/2.1')}//"]){{/info}}
122 122  
123 123   #end
124 124   {{tagcloud/}}

Get Connected