Fix Category Listing Bugs

The links to the category listings were bogus, and the category listing page needed some XSS-unprotection.
2010-05-27 00:27:49 -05:00 · 2010-05-27 00:27:49 -05:00 · a57152d743
parent b5a4e2fd9c
commit a57152d743
6 changed files with 30 additions and 13 deletions
--- a/app/views/wiki/list.rhtml
+++ b/app/views/wiki/list.rhtml
@ -6,7 +6,7 @@
 <%- unless @pages_that_are_orphaned.empty? && @page_names_that_are_wanted.empty? -%>
  <h2>
    All Pages
-    <br/><span class="pageType">All pages in <%= @set_name %> listed alphabetically</span>
+    <br/><span class="pageType">All pages in <%= raw @set_name %> listed alphabetically</span>
  </h2>
 <%- end -%>

@ -30,7 +30,7 @@
    Wanted Pages
    <br/>
    <span class="pageType">
-      Nonexistent pages that other pages in <%= @set_name %> reference
+      Nonexistent pages that other pages in <%= raw @set_name %> reference
    </span>
  </h2>

@ -51,7 +51,7 @@
 <%- unless @pages_that_are_orphaned.empty? -%>
  <h2>
    Orphaned Pages
-    <br/><span class="pageType">Pages in <%= @set_name %> that no other page reference</span>
+    <br/><span class="pageType">Pages in <%= raw @set_name %> that no other page reference</span>
  </h2>

  <ul style="margin-bottom: 35px">
--- a/lib/chunks/category.rb
+++ b/lib/chunks/category.rb
@ -17,8 +17,8 @@ class Category < Chunk::Abstract

 def initialize(match_data, content)
    super(match_data, content)
+    @content = content
    @hidden = match_data[1]
-#    @list = match_data[2].split(',').map { |c| clean = c.purify; clean.strip.escapeHTML if clean }
    @list = match_data[2].split(',').map { |c| clean = c.purify.strip.escapeHTML; clean if clean != ''}
    @list.compact!
    @unmask_text = ''
@ -32,6 +32,7 @@ def initialize(match_data, content)

  # TODO move presentation of page metadata to controller/view
  def url(category)
-    %{<a class="category_link" href="../list/#{category}">#{category}</a>}
+    %{<a class="category_link" href="#{@content.url_generator.url_for :web => @content.web.address,
+                                        :action => 'list'}/#{CGI.escape(category)}">#{category}</a>}
  end
 end
--- a/lib/wiki_content.rb
+++ b/lib/wiki_content.rb
@ -128,7 +128,7 @@ class WikiContent < ActiveSupport::SafeBuffer
    :mode                => :show
  }.freeze

-  attr_reader :web, :options, :revision, :not_rendered, :pre_rendered
+  attr_reader :web, :options, :revision, :not_rendered, :pre_rendered, :url_generator

  # Create a new wiki content string from the given one.
  # The options are explained at the top of this file.
--- a/test/test_helper.rb
+++ b/test/test_helper.rb
@ -65,11 +65,25 @@ end
 # It provides a easy way to test whether a chunk matches a particular string
 # and any the values of any fields that should be set after a match.
 class ContentStub < String
+
+  attr_reader :web
+
  include ChunkManager
  def initialize(str)
    super
    init_chunk_manager
+    @web = Object.new
+    class << @web
+      def address
+        'wiki1'
+      end
+    end
  end
+
+  def url_generator
+     StubUrlGenerator.new
+  end
+     
  def page_link(*); end
 end

@ -108,7 +122,11 @@ class StubUrlGenerator < AbstractUrlGenerator
  end

  def url_for(hash = {})
-    '../files/pngs'
+    if(hash[:action] == 'list')
+      "http://example.com/#{hash[:web]}/list"
+    else
+      '../files/pngs'
+    end
  end

  def file_link(mode, name, text, web_name, known_file, description)
--- a/test/unit/chunks/category_test.rb
+++ b/test/unit/chunks/category_test.rb
@ -7,8 +7,10 @@ class CategoryTest < Test::Unit::TestCase
  include ChunkMatch

  def test_single_category
-	match(Category, 'category: test', :list => ['test'], :hidden => nil)
-	match(Category, 'category :   chunk test   ', :list => ['chunk test'], :hidden => nil)
+	match(Category, 'category: test', :list => ['test'], :hidden => nil, :unmask_text => 
+	"<div class=\"property\"> category: <a class=\"category_link\" href=\"http://example.com/wiki1/list/test\">test</a></div>")
+	match(Category, 'category :   chunk test   ', :list => ['chunk test'], :hidden => nil, :unmask_text => 
+	"<div class=\"property\"> category: <a class=\"category_link\" href=\"http://example.com/wiki1/list/chunk+test\">chunk test</a></div>")
 	match(Category, ':category: test', :list => ['test'], :hidden => ':')
  end

--- a/vendor/plugins/form_spam_protection/tasks/form_spam_protection_tasks.rake
+++ b/vendor/plugins/form_spam_protection/tasks/form_spam_protection_tasks.rake
@ -1,4 +0,0 @@
-# desc "Explaining what the task does"
-# task :form_spam_protection do
-#   # Task goes here
-# end