Changes for page Tags

Last modified by Vincent Massol on 2022/07/06 09:12
From version 7.1
edited by Vincent Massol
on 2016/03/17 15:43
Change comment: Install extension [org.xwiki.platform:xwiki-platform-tag-ui-8.0]
To version 10.1
edited by Vincent Massol
on 2022/07/06 09:12
Change comment: Install extension [org.xwiki.platform:xwiki-platform-tag-ui/14.5]

Summary

Details

Page properties
Author
... ... @@ -1,1 +1,1 @@
1 -XWiki.VincentMassol
1 +xwiki:XWiki.VincentMassol
Default language
... ... @@ -1,1 +1,0 @@
1 -en
Content
... ... @@ -13,6 +13,7 @@
13 13  ##
14 14  #set ($do = "$!{request.get('do')}")
15 15  #set ($tag = "$!{request.get('tag')}")
16 +#set ($wikiEscapedTag = $services.rendering.escape($tag, 'xwiki/2.1'))
16 16  #set ($urlEscapedTag = $escapetool.url($tag))
17 17  #set ($htmlEscapedTag = $escapetool.xml($tag))
18 18  ##
... ... @@ -20,7 +20,7 @@
20 20  ##
21 21  #macro (displayTagAppTitle $urlEscapedTag $htmlEscapedTag $displayButtons)
22 22   (% class="xapp" %)
23 - = (% class="highlight tag" %)${tag}##
24 + = (% class="highlight tag" %)${wikiEscapedTag}##
24 24   #if ($xwiki.hasAdminRights() && $displayButtons) ##
25 25   [[$services.localization.render('xe.tag.rename.link')>>||queryString="do=prepareRename&tag=${urlEscapedTag}" class="button rename" rel="nofollow"]] [[$services.localization.render('xe.tag.delete.link')>>||queryString="do=prepareDelete&tag=${urlEscapedTag}" class="button delete" rel="nofollow"]]##
26 26   #end
... ... @@ -36,7 +36,7 @@
36 36   ##
37 37   #displayTagAppTitle($urlEscapedTag $htmlEscapedTag true)
38 38   #if ("$!{request.get('renamedTag')}" != '')
39 - {{info}}$services.localization.render('xe.tag.rename.success', ["//${request.get('renamedTag')}//"]){{/info}}
40 + {{info}}$services.localization.render('xe.tag.rename.success', ["//${services.rendering.escape(${request.get('renamedTag')}, 'xwiki/2.1')}//"]){{/info}}
40 40  
41 41   #end
42 42   #set ($list = $xwiki.tag.getDocumentsWithTag($tag))
... ... @@ -43,7 +43,7 @@
43 43   {{container layoutStyle="columns"}}
44 44   (((
45 45   (% class="xapp" %)
46 - === $services.localization.render('xe.tag.alldocs', ["//${tag}//"]) ===
47 + === $services.localization.render('xe.tag.alldocs', ["//${wikiEscapedTag}//"]) ===
47 47  
48 48   #if ($list.size()> 0)
49 49   {{html}}#displayDocumentList($list false $blacklistedSpaces){{/html}}
... ... @@ -53,9 +53,8 @@
53 53   )))
54 54   (((
55 55   (% class="xapp" %)
56 - === $services.localization.render('xe.tag.activity', ["//${tag}//"]) ===
57 -
58 - {{activity tags="$tag" rss='true'/}}
57 + === $services.localization.render('xe.tag.activity', ["//${wikiEscapedTag}//"]) ===
58 + {{notifications useUserPreferences="false" displayOwnEvents="true" tags="$wikiEscapedTag" displayRSSLink="true" /}}
59 59   )))
60 60   {{/container}}
61 61  #elseif ($do == 'prepareRename')
... ... @@ -74,19 +74,23 @@
74 74   </form>
75 75  {{/html}}
76 76  #elseif ($do == 'renameTag')
77 - ##
78 - ## Rename tag
79 - ##
80 - #set ($renameTo = "$!{request.get('renameTo')}")
81 - #set ($success = false)
82 - #if ($renameTo != '')
83 - #set ($success = $xwiki.tag.renameTag($tag, $renameTo))
84 - #end
85 - #if ($success == true || $success == 'OK')
86 - #set ($urlEscapedRenameTo = $escapetool.url($renameTo))
87 - $response.sendRedirect($doc.getURL('view', "do=viewTag&tag=${urlEscapedRenameTo}&renamedTag=${urlEscapedTag}"))
77 + #if (!$services.csrf.isTokenValid($request.get('form_token')))
78 + #set ($discard = $response.sendError(401, "Wrong CSRF token"))
88 88   #else
89 - {{error}}$services.localization.render('xe.tag.rename.failure', ["//${tag}//", "//${renameTo}//"]){{/error}}
80 + ##
81 + ## Rename tag
82 + ##
83 + #set ($renameTo = "$!{request.get('renameTo')}")
84 + #set ($success = false)
85 + #if ($renameTo != '')
86 + #set ($success = $xwiki.tag.renameTag($tag, $renameTo))
87 + #end
88 + #if ($success == true || $success == 'OK')
89 + #set ($urlEscapedRenameTo = $escapetool.url($renameTo))
90 + $response.sendRedirect($doc.getURL('view', "do=viewTag&tag=${urlEscapedRenameTo}&renamedTag=${urlEscapedTag}"))
91 + #else
92 + {{error}}$services.localization.render('xe.tag.rename.failure', ["//${wikiEscapedTag}//", "//${services.rendering.escape($renameTo, 'xwiki/2.1')}//"]){{/error}}
93 + #end
90 90   #end
91 91  #elseif ($do == 'prepareDelete')
92 92   ##
... ... @@ -104,14 +104,18 @@
104 104   </form>
105 105  {{/html}}
106 106  #elseif ($do == 'deleteTag')
107 - ##
108 - ## Delete tag
109 - ##
110 - #set ($success = $xwiki.tag.deleteTag($tag))
111 - #if ($success == true || $success == 'OK')
112 - $response.sendRedirect($doc.getURL('view', "deletedTag=${urlEscapedTag}"))
111 + #if (!$services.csrf.isTokenValid($request.get('form_token')))
112 + #set ($discard = $response.sendError(401, "Wrong CSRF token"))
113 113   #else
114 - {{error}}$services.localization.render('xe.tag.delete.failure', ["//${tag}//"]){{/error}}
114 + ##
115 + ## Delete tag
116 + ##
117 + #set ($success = $xwiki.tag.deleteTag($tag))
118 + #if ($success == true || $success == 'OK')
119 + $response.sendRedirect($doc.getURL('view', "deletedTag=${urlEscapedTag}"))
120 + #else
121 + {{error}}$services.localization.render('xe.tag.delete.failure', ["//${wikiEscapedTag}//"]){{/error}}
122 + #end
115 115   #end
116 116  #else
117 117   ##
... ... @@ -119,7 +119,7 @@
119 119   ##
120 120   #set ($title = 'All Tags')
121 121   #if ("$!{request.get('deletedTag')}" != '')
122 - {{info}}$services.localization.render('xe.tag.delete.success', ["//${request.get('deletedTag')}//"]){{/info}}
130 + {{info}}$services.localization.render('xe.tag.delete.success', ["//${services.rendering.escape($request.get('deletedTag'), 'xwiki/2.1')}//"]){{/info}}
123 123  
124 124   #end
125 125   {{tagcloud/}}