deac/instiki
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Fix Category Listing Bugs

Browse source 
The links to the category listings
were bogus, and the category listing
page needed some XSS-unprotection.
This commit is contained in:
Jacques Distler 2010-05-27 00:27:49 -05:00
parent b5a4e2fd9c
commit a57152d743
6 changed files with 30 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
app/views/wiki/list.rhtml
View file

@ -6,7 +6,7 @@
<%- unless @pages_that_are_orphaned.empty? && @page_names_that_are_wanted.empty? -%> <%- unless @pages_that_are_orphaned.empty? && @page_names_that_are_wanted.empty? -%>
<h2> <h2>
All Pages All Pages
<br/><span class="pageType">All pages in <%= @set_name %> listed alphabetically</span> <br/><span class="pageType">All pages in <%= raw @set_name %> listed alphabetically</span>
</h2> </h2>
<%- end -%> <%- end -%>
@ -30,7 +30,7 @@
Wanted Pages Wanted Pages
<br/> <br/>
<span class="pageType"> <span class="pageType">
Nonexistent pages that other pages in <%= @set_name %> reference Nonexistent pages that other pages in <%= raw @set_name %> reference
</span> </span>
</h2> </h2>
@ -51,7 +51,7 @@
<%- unless @pages_that_are_orphaned.empty? -%> <%- unless @pages_that_are_orphaned.empty? -%>
<h2> <h2>
Orphaned Pages Orphaned Pages
<br/><span class="pageType">Pages in <%= @set_name %> that no other page reference</span> <br/><span class="pageType">Pages in <%= raw @set_name %> that no other page reference</span>
</h2> </h2>
<ul style="margin-bottom: 35px"> <ul style="margin-bottom: 35px">

5
lib/chunks/category.rb
View file

@ -17,8 +17,8 @@ class Category < Chunk::Abstract
def initialize(match_data, content) def initialize(match_data, content)
super(match_data, content) super(match_data, content)
@content = content
@hidden = match_data[1] @hidden = match_data[1]
# @list = match_data[2].split(',').map { |c| clean = c.purify; clean.strip.escapeHTML if clean }
@list = match_data[2].split(',').map { |c| clean = c.purify.strip.escapeHTML; clean if clean != ''} @list = match_data[2].split(',').map { |c| clean = c.purify.strip.escapeHTML; clean if clean != ''}
@list.compact! @list.compact!
@unmask_text = '' @unmask_text = ''
@ -32,6 +32,7 @@ def initialize(match_data, content)
# TODO move presentation of page metadata to controller/view # TODO move presentation of page metadata to controller/view
def url(category) def url(category)
%{<a class="category_link" href="../list/#{category}">#{category}</a>} %{<a class="category_link" href="#{@content.url_generator.url_for :web => @content.web.address,
:action => 'list'}/#{CGI.escape(category)}">#{category}</a>}
end end
end end

2
lib/wiki_content.rb
View file

@ -128,7 +128,7 @@ class WikiContent < ActiveSupport::SafeBuffer
:mode => :show :mode => :show
}.freeze }.freeze
attr_reader :web, :options, :revision, :not_rendered, :pre_rendered attr_reader :web, :options, :revision, :not_rendered, :pre_rendered, :url_generator
# Create a new wiki content string from the given one. # Create a new wiki content string from the given one.
# The options are explained at the top of this file. # The options are explained at the top of this file.

20
test/test_helper.rb
View file

@ -65,11 +65,25 @@ end
# It provides a easy way to test whether a chunk matches a particular string # It provides a easy way to test whether a chunk matches a particular string
# and any the values of any fields that should be set after a match. # and any the values of any fields that should be set after a match.
class ContentStub < String class ContentStub < String
attr_reader :web
include ChunkManager include ChunkManager
def initialize(str) def initialize(str)
super super
init_chunk_manager init_chunk_manager
@web = Object.new
class << @web
def address
'wiki1'
end
end
end end
def url_generator
StubUrlGenerator.new
end
def page_link(*); end def page_link(*); end
end end
@ -108,7 +122,11 @@ class StubUrlGenerator < AbstractUrlGenerator
end end
def url_for(hash = {}) def url_for(hash = {})
'../files/pngs' if(hash[:action] == 'list')
"http://example.com/#{hash[:web]}/list"
else
'../files/pngs'
end
end end
def file_link(mode, name, text, web_name, known_file, description) def file_link(mode, name, text, web_name, known_file, description)

6
test/unit/chunks/category_test.rb
View file

@ -7,8 +7,10 @@ class CategoryTest < Test::Unit::TestCase
include ChunkMatch include ChunkMatch
def test_single_category def test_single_category
match(Category, 'category: test', :list => ['test'], :hidden => nil) match(Category, 'category: test', :list => ['test'], :hidden => nil, :unmask_text =>
match(Category, 'category : chunk test ', :list => ['chunk test'], :hidden => nil) "<div class=\"property\"> category: <a class=\"category_link\" href=\"http://example.com/wiki1/list/test\">test</a></div>")
match(Category, 'category : chunk test ', :list => ['chunk test'], :hidden => nil, :unmask_text =>
"<div class=\"property\"> category: <a class=\"category_link\" href=\"http://example.com/wiki1/list/chunk+test\">chunk test</a></div>")
match(Category, ':category: test', :list => ['test'], :hidden => ':') match(Category, ':category: test', :list => ['test'], :hidden => ':')
end end

4
vendor/plugins/form_spam_protection/tasks/form_spam_protection_tasks.rake vendored
View file

@ -1,4 +0,0 @@
# desc "Explaining what the task does"
# task :form_spam_protection do
# # Task goes here
# end