Skip to Content

Changes for page Default Class Sheet

Last modified by Thomas Coelho (local) on 2023/08/09 10:59
From version 2.1
edited by Thomas Coelho
on 2022/10/18 14:09
Change comment: Install extension [org.xwiki.platform:xwiki-platform-xclass-ui/14.8]
To version 5.1
edited by Thomas Coelho (local)
on 2023/08/09 10:59
Change comment: Install extension [org.xwiki.platform:xwiki-platform-xclass-ui/15.5]

Summary

Details

Page properties
Author
... ... @@ -1,1 +1,1 @@
1 -xwiki:XWiki.thw
1 +xwiki:XWiki.coelho
Content
... ... @@ -30,6 +30,7 @@
30 30   ## inline action.
31 31   #set ($editAction = $xwiki.getDocument($request.template).getDefaultEditMode())
32 32   $response.sendRedirect($xwiki.getURL($targetDocRef, $editAction, $escapetool.url({
33 + 'form_token': $request.form_token,
33 33   'template': $request.template,
34 34   'parent': $request.parent,
35 35   'title': $request.docName
... ... @@ -45,7 +45,7 @@
45 45  ## sheet output. Class authors can put the description of the class in the class document content.
46 46  #set($classSheetReference = $services.model.createDocumentReference($doc.wiki, 'XWiki', 'ClassSheet'))
47 47  #if($services.sheet.getDocumentSheets($doc).contains($classSheetReference))
48 - {{include reference="" /}}
49 + {{include reference="" author="target"/}}
49 49  #end
50 50  {{/velocity}}
51 51  
... ... @@ -91,10 +91,17 @@
91 91  
92 92   #set ($classEditorURL = $doc.getURL('edit', 'editor=class'))
93 93   #if($doc.getxWikiClass().properties.size() == 0)
94 - {{warning}}$services.localization.render('platform.xclass.defaultClassSheet.properties.empty', [
95 - "{{html}}<a href='$classEditorURL'>",
96 - '</a>{{/html}}'
97 - ]){{/warning}}
95 + #set ($openLink = "<a href='$escapetool.xml($classEditorURL)'>")
96 + #set ($closeLink = '</a>')
97 + {{warning}}
98 + {{html}}
99 + ## First escape the content of the translation, then replace the placeholders with content that would otherwise be
100 + ## escaped during the first escaping.
101 + #set ($warningMessage = $services.localization.render('platform.xclass.defaultClassSheet.properties.empty',
102 + ['__OPEN_LINK__', '__CLOSE_LINK__']))
103 + $escapetool.xml($warningMessage).replace('__OPEN_LINK__', $openLink).replace('__CLOSE_LINK__', $closeLink)
104 + {{/html}}
105 + {{/warning}}
98 98   #else
99 99   (% id="HClassProperties" %)
100 100   = {{translation key="platform.xclass.defaultClassSheet.properties.heading"/}} =
... ... @@ -101,10 +101,12 @@
101 101   #foreach($property in $doc.getxWikiClass().properties)
102 102   * $services.rendering.escape("$property.prettyName ($property.name: $xwiki.metaclass.get($property.classType).prettyName)", $xwiki.currentContentSyntaxId)
103 103   #end
104 - * //$services.localization.render('platform.xclass.defaultClassSheet.properties.edit', [
105 - "{{html}}<a href='$classEditorURL'>",
106 - '</a>{{/html}}'
107 - ])//
112 + #set ($openLink = "<a href='$escapetool.xml($classEditorURL)'>")
113 + #set ($closeLink = '</a>')
114 + #set ($warningMessage = $escapetool.xml($services.localization.render('platform.xclass.defaultClassSheet.properties.edit', ['__OPEN_LINK__', '__CLOSE_LINK__'])))
115 + ## First escape the content of the translation, then replace the placeholders with content that would otherwise be
116 + ## escaped during the first escaping.
117 + * //{{html}}$warningMessage.replace('__OPEN_LINK__', $openLink).replace('__CLOSE_LINK__', $closeLink){{/html}}//
108 108  
109 109   #end
110 110   #if ($hasClassSheets && $hasClassTemplate)
... ... @@ -111,11 +111,16 @@
111 111   (% id="HCreatePage" %)
112 112   = {{translation key="platform.xclass.defaultClassSheet.createPage.heading"/}} =
113 113   #if("$!targetDocRef" != '' && $xwiki.exists($targetDocRef))
114 -
115 - {{warning}}$services.localization.render('platform.xclass.defaultClassSheet.createPage.pageAlreadyExists', [
116 - '[[',
117 - ">>$services.model.serialize($targetDocRef)]]"
118 - ]){{/warning}}
124 + {{warning}}
125 + {{html}}
126 + #set ($targetDocLink = $xwiki.getURL($targetDocRef))
127 + #set ($openLink = "<a href='$escapetool.xml($targetDocLink)'>")
128 + #set ($message = $escapetool.xml($services.localization.render('platform.xclass.defaultClassSheet.createPage.pageAlreadyExists', ['__OPEN_LINK__', '__CLOSE_LINK__'])))
129 + ## First escape the content of the translation, then replace the placeholders with content that would
130 + ## otherwise be escaped during the first escaping.
131 + $message.replace('__OPEN_LINK__', $openLink).replace('__CLOSE_LINK__', '</a>')
132 + {{/html}}
133 + {{/warning}}
119 119   #elseif("$!targetDocRef" != '')
120 120  
121 121   {{warning}}{{translation key="platform.xclass.defaultClassSheet.createPage.denied"/}}{{/warning}}
... ... @@ -126,8 +126,8 @@
126 126   <fieldset>
127 127   <div class="hidden">
128 128   <input type="hidden" name="form_token" value="$!{services.csrf.getToken()}" />
129 - <input type="hidden" name="parent" value="${defaultParent}"/>
130 - <input type="hidden" name="template" value="${classTemplateDoc}"/>
144 + <input type="hidden" name="parent" value="$escapetool.xml(${defaultParent})"/>
145 + <input type="hidden" name="template" value="$escapetool.xml(${classTemplateDoc})"/>
131 131   <input type="hidden" name="sheet" value="1"/>
132 132   </div>
133 133   #locationPicker({
... ... @@ -181,8 +181,8 @@
181 181   id="classEntries"
182 182   properties="doc.title,doc.location,doc.date,doc.author,doc.objectCount,_actions"
183 183   source="liveTable"
184 - className="${doc.fullName}"
185 - sourceParameters="${escapetool.url($options)}"
199 + className="$services.rendering.escape(${doc.fullName}, 'xwiki/2.1')"
200 + sourceParameters="$services.rendering.escape($escapetool.url($options), 'xwiki/2.1')"
186 186   }}
187 187   {
188 188   "meta": {
... ... @@ -209,7 +209,13 @@
209 209   {{translation key="platform.xclass.defaultClassSheet.sheets.missing"/}}
210 210   #end
211 211  
212 - {{info}}$services.localization.render('platform.xclass.defaultClassSheet.sheets.description', ['//', '//']){{/info}}
227 + {{info}}
228 + #set ($message = $services.localization.render('platform.xclass.defaultClassSheet.sheets.description', ['__START_EM__', '__END_EM__']))
229 + #set ($message = $escapetool.xml($message))
230 + ## First escape the content of the translation, then replace the placeholders with content that would
231 + ## otherwise be escaped during the first escaping.
232 + {{html}}$message.replace('__START_EM__', '<em>').replace('__END_EM__', '</em>'){{/html}}
233 + {{/info}}
213 213  
214 214   #if(!$hasClassSheets)
215 215   {{html}}
... ... @@ -216,8 +216,8 @@
216 216   <form action="$xwiki.getURL($defaultClassSheetReference, 'save', 'editor=wiki')" method="post">
217 217   <div>
218 218   <input type="hidden" name="form_token" value="$!{services.csrf.getToken()}" />
219 - <input type="hidden" name="parent" value="${doc.fullName}"/>
220 - <input type="hidden" name="xredirect" value="${doc.URL}"/>
240 + <input type="hidden" name="parent" value="$escapetool.xml(${doc.fullName})"/>
241 + <input type="hidden" name="xredirect" value="$escapetool.xml(${doc.URL})"/>
221 221   #set ($sheetContent = $xwiki.getDocument('XWiki.ObjectSheet').getContent().replace('XWiki.MyClass',
222 222   $doc.fullName))
223 223   ## We have to encode the new line characters in order to preserve them, otherwise they are replace with a
... ... @@ -242,7 +242,9 @@
242 242   {{translation key="platform.xclass.defaultClassSheet.sheets.notBound"/}} ##
243 243   #if ($hasEdit)
244 244   {{html}}
245 - <a href="$bindURL">$services.localization.render('platform.xclass.defaultClassSheet.sheets.bind') »</a>.
266 + <a href="$escapetool.xml($bindURL)">##
267 + $escapetool.xml($services.localization.render('platform.xclass.defaultClassSheet.sheets.bind')) »##
268 + </a>.
246 246   {{/html}}
247 247   #end
248 248   {{/warning}}
... ... @@ -254,7 +254,12 @@
254 254   #set($classSheetDoc = $xwiki.getDocument($classSheetReferences.get(0)))
255 255   #end
256 256   #set ($sheetPath = "#hierarchy($classSheetDoc.documentReference, {'plain': true, 'local': true, 'limit': 4})")
257 - [[$services.localization.render('platform.xclass.defaultClassSheet.sheets.view', [$sheetPath.trim()]) »>>${classSheetDoc.fullName}]]
280 + #set ($classSheetLink = "$services.localization.render('platform.xclass.defaultClassSheet.sheets.view', [$sheetPath.trim()]) »")
281 + #set ($classSheetLink = $services.rendering.escape($classSheetLink, 'xwiki/2.1'))
282 + #set ($classSheetLink = $services.rendering.escape($classSheetLink, 'xwiki/2.1'))
283 + #set ($classSheetText = ${classSheetDoc.fullName})
284 + #set ($classSheetText = $services.rendering.escape($classSheetText, 'xwiki/2.1'))
285 + [[$classSheetLink>>$classSheetText]]
258 258   #else
259 259   {{translation key="platform.xclass.defaultClassSheet.sheets.list"/}}
260 260  
... ... @@ -267,17 +267,22 @@
267 267   (% id="HClassTemplate" %)
268 268   = {{translation key="platform.xclass.defaultClassSheet.template.heading"/}} =
269 269  
270 - {{info}}$services.localization.render('platform.xclass.defaultClassSheet.template.description',
271 - ['//', '//']){{/info}}
298 + {{info}}
299 + #set ($message = $services.localization.render('platform.xclass.defaultClassSheet.template.description', ['__START_EM__', '__END_EM__']))
300 + #set ($message = $escapetool.xml($message))
301 + ## First escape the content of the translation, then replace the placeholders with content that would
302 + ## otherwise be escaped during the first escaping.
303 + {{html}}$message.replace('__START_EM__', '<em>').replace('__END_EM__', '</em>'){{/html}}
304 + {{/info}}
272 272  
273 273   #if (!$hasClassTemplate)
274 274   {{html}}
275 - <form action="$classTemplateDoc.getURL('save', 'editor=wiki')" method="post">
308 + <form action="$escapetool.xml($classTemplateDoc.getURL('save', 'editor=wiki'))" method="post">
276 276   <div>
277 277   <input type="hidden" name="form_token" value="$!{services.csrf.getToken()}" />
278 - <input type="hidden" name="parent" value="${doc.fullName}"/>
279 - <input type="hidden" name="xredirect" value="${doc.URL}"/>
280 - <input type="hidden" name="title" value="$className Template"/>
311 + <input type="hidden" name="parent" value="$escapetool.xml(${doc.fullName})"/>
312 + <input type="hidden" name="xredirect" value="$escapetool.xml(${doc.URL})"/>
313 + <input type="hidden" name="title" value="$escapetool.xml($className) Template"/>
281 281   <span class="buttonwrapper"><input type="submit" class="button" value="$escapetool.xml(
282 282   $services.localization.render('platform.xclass.defaultClassSheet.template.create'))"/></span>
283 283   </div>
... ... @@ -286,17 +286,30 @@
286 286   #else
287 287   #if(!$classTemplateDoc.getObject(${doc.fullName}))
288 288   #set($xredirect = $xwiki.relativeRequestURL)
289 - #set($createUrl = $classTemplateDoc.getURL('objectadd', "classname=${escapetool.url($doc.fullName)}&amp;xredirect=${escapetool.url($xredirect)}&amp;form_token=$!{services.csrf.getToken()}"))
322 + #set($createUrl = $classTemplateDoc.getURL('objectadd', "classname=${escapetool.url($doc.fullName)}&xredirect=${escapetool.url($xredirect)}&form_token=$!{services.csrf.getToken()}"))
290 290   {{warning}}
291 - $services.localization.render('platform.xclass.defaultClassSheet.template.missingObject', ["//$className//"]) ##
292 - {{html}}<a href="$createUrl">$escapetool.xml($services.localization.render(
293 - 'platform.xclass.defaultClassSheet.template.addObject', [$className])) »</a>.{{/html}}
324 + #set ($message = $services.localization.render('platform.xclass.defaultClassSheet.template.missingObject', ['__CLASS_NAME__']))
325 + #set ($message = $escapetool.xml($message))
326 + {{html}}
327 + ## First escape the content of the translation, then replace the placeholders with content that would
328 + ## otherwise be escaped during the first escaping.
329 + $message.replace('__CLASS_NAME__', "<em>$escapetool.xml($className)</em>")
330 + <a href="$escapetool.xml($createUrl)">##
331 + $escapetool.xml($services.localization.render('platform.xclass.defaultClassSheet.template.addObject', [$className])) »##
332 + </a>.
333 + {{/html}}
294 294   {{/warning}}
295 295  
296 296   #end
297 297   #set ($templatePath = "#hierarchy($classTemplateDoc.documentReference, {'plain': true, 'local': true, 'limit': 4})")
298 - [[$services.localization.render('platform.xclass.defaultClassSheet.template.view',
299 - [$templatePath.trim()]) »>>${classTemplateDoc.fullName}]]
338 + #set ($templateDocLink = "$services.localization.render('platform.xclass.defaultClassSheet.template.view', [$templatePath.trim()]) »")
339 + #set ($templateDocLink = $services.rendering.escape($templateDocLink, 'xwiki/2.1'))
340 + #set ($templateDocLink = $services.rendering.escape($templateDocLink, 'xwiki/2.1'))
341 + #set ($templateDocText = "${classTemplateDoc.fullName}")
342 + ## First escape the xwiki/2.1 syntax of the translation, then replace the placeholders with content that would
343 + ## otherwise be escaped during the first escaping.
344 + #set ($templateDocText = $services.rendering.escape($templateDocText, 'xwiki/2.1'))
345 + [[$templateDocLink>>$templateDocText]]
300 300   #end
301 301   ## Create a template provider only if a template for the current class exists.
302 302   #if ($classTemplateDoc.getObject(${doc.fullName}))
... ... @@ -303,8 +303,14 @@
303 303   (% id="HClassTemplateProvider" %)
304 304   = {{translation key="platform.xclass.defaultClassSheet.templateProvider.heading"/}} =
305 305  
306 - {{info}}$services.localization.render('platform.xclass.defaultClassSheet.templateProvider.description',
307 - ['//']){{/info}}
352 + {{info}}
353 + #set ($message = $services.localization.render('platform.xclass.defaultClassSheet.templateProvider.description', ['__EM__']))
354 + #set ($message = $services.rendering.escape($message, 'xwiki/2.1'))
355 + ## First escape the xwiki/2.1 syntax of the translation, then replace the placeholders with content that would
356 + ## otherwise be escaped during the first escaping.
357 + ## The replacement key is itself escaped, and it's escaped form needs to be used for the replacement.
358 + $message.replace('~_~_~E~M~_~_', '//')
359 + {{/info}}
308 308  
309 309   #if (!$hasClassTemplateProvider)
310 310   #set ($templateProviderClassName = 'XWiki.TemplateProviderClass')
... ... @@ -324,12 +324,12 @@
324 324   "${templateProviderClassName}_visibilityRestrictions": $restrictionSpace}))
325 325   #set ($createUrl = $classTemplateProviderDoc.getURL('objectadd', $createUrlQueryString))
326 326   {{html}}
327 - <form action="$classTemplateProviderDoc.getURL('save', 'editor=wiki')" method="post">
379 + <form action="$escapetool.xml($classTemplateProviderDoc.getURL('save', 'editor=wiki'))" method="post">
328 328   <div>
329 329   <input type="hidden" name="form_token" value="$!{services.csrf.getToken()}" />
330 - <input type="hidden" name="parent" value="${doc.fullName}"/>
331 - <input type="hidden" name="xredirect" value="$createUrl"/>
332 - <input type="hidden" name="title" value="$className Template Provider"/>
382 + <input type="hidden" name="parent" value="$escapetool.xml(${doc.fullName})"/>
383 + <input type="hidden" name="xredirect" value="$escapetool.xml($createUrl)"/>
384 + <input type="hidden" name="title" value="$escapetool.xml($className) Template Provider"/>
333 333   <span class="buttonwrapper"><input type="submit" class="button" value="$escapetool.xml(
334 334   $services.localization.render('platform.xclass.defaultClassSheet.templateProvider.create'))"/></span>
335 335   </div>
... ... @@ -337,8 +337,11 @@
337 337   {{/html}}
338 338   #else
339 339   #set ($templateProviderPath = "#hierarchy($classTemplateProviderDoc.documentReference, {'plain': true, 'local': true, 'limit': 4})")
340 - [[$services.localization.render('platform.xclass.defaultClassSheet.templateProvider.view',
341 - [$templateProviderPath.trim()]) »>>${classTemplateProviderDoc.fullName}]]
392 + #set ($linkTarget = "$services.localization.render('platform.xclass.defaultClassSheet.templateProvider.view', [$templateProviderPath.trim()]) »")
393 + #set ($linkTarget = $services.rendering.escape($linkTarget, 'xwiki/2.1'))
394 + #set ($linkTarget = $services.rendering.escape($linkTarget, 'xwiki/2.1'))
395 + #set ($linkLabel = $services.rendering.escape(${classTemplateProviderDoc.fullName}, 'xwiki/2.1'))
396 + [[$linkTarget>>$linkLabel]]
342 342   #end
343 343   #end
344 344