Category lists and WikiReferences restrict to current Web.

Fix one sanitization test.
This commit is contained in:
Jacques Distler 2007-09-28 03:57:52 +00:00
parent 2cd2b2746e
commit 10b0561aca
5 changed files with 41 additions and 31 deletions

View file

@ -22,7 +22,7 @@ class RevisionSweeper < ActionController::Caching::Sweeper
def expire_caches(page)
expire_cached_summary_pages(page.web)
pages_to_expire = ([page.name] + WikiReference.pages_that_reference(page.name)).uniq
pages_to_expire = ([page.name] + WikiReference.pages_that_reference(page.web, page.name)).uniq
pages_to_expire.each { |page_name| expire_cached_page(page.web, page_name) }
end

View file

@ -348,11 +348,11 @@ class WikiController < ApplicationController
end
def parse_category
@categories = WikiReference.list_categories.sort
@categories = WikiReference.list_categories(@web).sort
@category = params['category']
if @category
@set_name = "category '#{@category}'"
pages = WikiReference.pages_in_category(@category).sort.map { |page_name| @web.page(page_name) }
pages = WikiReference.pages_in_category(@web, @category).sort.map { |page_name| @web.page(page_name) }
@pages_in_category = PageSet.new(@web, pages)
else
# no category specified, return all pages of the web

View file

@ -31,17 +31,17 @@ class PageSet < Array
end
def pages_that_reference(page_name)
all_referring_pages = WikiReference.pages_that_reference(page_name)
all_referring_pages = WikiReference.pages_that_reference(@web, page_name)
self.select { |page| all_referring_pages.include?(page.name) }
end
def pages_that_link_to(page_name)
all_linking_pages = WikiReference.pages_that_link_to(page_name)
all_linking_pages = WikiReference.pages_that_link_to(@web, page_name)
self.select { |page| all_linking_pages.include?(page.name) }
end
def pages_that_include(page_name)
all_including_pages = WikiReference.pages_that_include(page_name)
all_including_pages = WikiReference.pages_that_include(@web, page_name)
self.select { |page| all_including_pages.include?(page.name) }
end
@ -85,7 +85,7 @@ class PageSet < Array
def wiki_words
self.inject([]) { |wiki_words, page|
wiki_words + page.wiki_words
wiki_words + page.wiki_words
}.flatten.uniq.sort
end

View file

@ -11,43 +11,53 @@ class WikiReference < ActiveRecord::Base
belongs_to :page
validates_inclusion_of :link_type, :in => [LINKED_PAGE, WANTED_PAGE, INCLUDED_PAGE, CATEGORY, AUTHOR, FILE, WANTED_FILE]
# FIXME all finders below MUST restrict their results to pages belonging to a particular web
def self.link_type(web, page_name)
web.has_page?(page_name) ? LINKED_PAGE : WANTED_PAGE
end
def self.pages_that_reference(page_name)
query = 'SELECT name FROM pages JOIN wiki_references ON pages.id = wiki_references.page_id ' +
'WHERE wiki_references.referenced_name = ?' +
"AND wiki_references.link_type in ('#{LINKED_PAGE}', '#{WANTED_PAGE}', '#{INCLUDED_PAGE}')"
def self.pages_that_reference(web, page_name)
query = 'SELECT name FROM pages JOIN wiki_references ' +
'ON pages.id = wiki_references.page_id ' +
'WHERE wiki_references.referenced_name = ? ' +
"AND wiki_references.link_type in ('#{LINKED_PAGE}', '#{WANTED_PAGE}', '#{INCLUDED_PAGE}') " +
"AND pages.web_id = '#{web.id}'"
names = connection.select_all(sanitize_sql([query, page_name])).map { |row| row['name'] }
end
def self.pages_that_link_to(page_name)
query = 'SELECT name FROM pages JOIN wiki_references ON pages.id = wiki_references.page_id ' +
'WHERE wiki_references.referenced_name = ? ' +
"AND wiki_references.link_type in ('#{LINKED_PAGE}', '#{WANTED_PAGE}')"
def self.pages_that_link_to(web, page_name)
query = 'SELECT name FROM pages JOIN wiki_references ' +
'ON pages.id = wiki_references.page_id ' +
'WHERE wiki_references.referenced_name = ? ' +
"AND wiki_references.link_type in ('#{LINKED_PAGE}','#{WANTED_PAGE}') " +
"AND pages.web_id = '#{web.id}'"
names = connection.select_all(sanitize_sql([query, page_name])).map { |row| row['name'] }
end
def self.pages_that_include(web, page_name)
query = 'SELECT name FROM pages JOIN wiki_references ' +
'ON pages.id = wiki_references.page_id ' +
'WHERE wiki_references.referenced_name = ? ' +
"AND wiki_references.link_type = '#{INCLUDED_PAGE}' " +
"AND pages.web_id = '#{web.id}'"
names = connection.select_all(sanitize_sql([query, page_name])).map { |row| row['name'] }
end
def self.pages_that_include(page_name)
query = 'SELECT name FROM pages JOIN wiki_references ON pages.id = wiki_references.page_id ' +
'WHERE wiki_references.referenced_name = ? ' +
"AND wiki_references.link_type = '#{INCLUDED_PAGE}'"
names = connection.select_all(sanitize_sql([query, page_name])).map { |row| row['name'] }
end
def self.pages_in_category(category)
def self.pages_in_category(web, category)
query =
'SELECT name FROM pages JOIN wiki_references ON pages.id = wiki_references.page_id ' +
'WHERE wiki_references.referenced_name = ? ' +
"AND wiki_references.link_type = '#{CATEGORY}'"
"SELECT name FROM pages JOIN wiki_references " +
"ON pages.id = wiki_references.page_id " +
"WHERE wiki_references.referenced_name = ? " +
"AND wiki_references.link_type = '#{CATEGORY}' " +
"AND pages.web_id = '#{web.id}'"
names = connection.select_all(sanitize_sql([query, category])).map { |row| row['name'] }
end
def self.list_categories
query = "SELECT DISTINCT referenced_name FROM wiki_references WHERE link_type = '#{CATEGORY}'"
def self.list_categories(web)
query = "SELECT DISTINCT wiki_references.referenced_name " +
"FROM wiki_references LEFT OUTER JOIN pages " +
"ON wiki_references.page_id = pages.id " +
"WHERE wiki_references.link_type = '#{CATEGORY}' " +
"AND pages.web_id = '#{web.id}'"
connection.select_all(query).map { |row| row['referenced_name'] }
end

View file

@ -14,7 +14,7 @@ class NoWikiTest < Test::Unit::TestCase
def test_sanitized_nowiki
match(NoWiki, 'This sentence contains <nowiki><span>a b</span> <script>alert("XSS!");</script></nowiki>. Do not touch!',
:plain_text => '<span>a b</span> &lt;script&gt;alert("XSS!");&lt;/script&gt;'
:plain_text => '<span>a b</span> &lt;script>alert("XSS!");&lt;/script>'
)
end