You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@jspwiki.apache.org by br...@apache.org on 2013/01/20 21:29:55 UTC
svn commit: r1435944 - in /incubator/jspwiki/trunk: ./ src/org/apache/wiki/
src/webdocs/ src/webdocs/templates/default/editors/
Author: brushed
Date: Sun Jan 20 20:29:54 2013
New Revision: 1435944
URL: http://svn.apache.org/viewvc?rev=1435944&view=rev
Log:
2.9.1-svn-19
[JSPWIKI-712], fixing entities encoding in change-note, author and link fields.
Modified:
incubator/jspwiki/trunk/ChangeLog
incubator/jspwiki/trunk/src/org/apache/wiki/Release.java
incubator/jspwiki/trunk/src/webdocs/Edit.jsp
incubator/jspwiki/trunk/src/webdocs/templates/default/editors/FCK.jsp
incubator/jspwiki/trunk/src/webdocs/templates/default/editors/plain.jsp
incubator/jspwiki/trunk/src/webdocs/templates/default/editors/preview.jsp
Modified: incubator/jspwiki/trunk/ChangeLog
URL: http://svn.apache.org/viewvc/incubator/jspwiki/trunk/ChangeLog?rev=1435944&r1=1435943&r2=1435944&view=diff
==============================================================================
--- incubator/jspwiki/trunk/ChangeLog (original)
+++ incubator/jspwiki/trunk/ChangeLog Sun Jan 20 20:29:54 2013
@@ -1,3 +1,9 @@
+2013-01-20 Dirk Frederickx (brushed AT apache DOT org)
+
+ * 2.9.1-svn-19
+
+ * JSPWIKI-712, fixing entities encoding in change-note, author and link fields.
+
2013-01-15 Harry Metske <me...@apache.org>
* 2.9.1-svn-18
Modified: incubator/jspwiki/trunk/src/org/apache/wiki/Release.java
URL: http://svn.apache.org/viewvc/incubator/jspwiki/trunk/src/org/apache/wiki/Release.java?rev=1435944&r1=1435943&r2=1435944&view=diff
==============================================================================
--- incubator/jspwiki/trunk/src/org/apache/wiki/Release.java (original)
+++ incubator/jspwiki/trunk/src/org/apache/wiki/Release.java Sun Jan 20 20:29:54 2013
@@ -75,7 +75,7 @@ public final class Release
* <p>
* If the build identifier is empty, it is not added.
*/
- public static final String BUILD = "18";
+ public static final String BUILD = "19";
/**
* This is the generic version string you should use
Modified: incubator/jspwiki/trunk/src/webdocs/Edit.jsp
URL: http://svn.apache.org/viewvc/incubator/jspwiki/trunk/src/webdocs/Edit.jsp?rev=1435944&r1=1435943&r2=1435944&view=diff
==============================================================================
--- incubator/jspwiki/trunk/src/webdocs/Edit.jsp (original)
+++ incubator/jspwiki/trunk/src/webdocs/Edit.jsp Sun Jan 20 20:29:54 2013
@@ -14,7 +14,7 @@
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
- under the License.
+ under the License.
--%>
<%@ page import="org.apache.log4j.*" %>
@@ -62,8 +62,8 @@
String cancel = request.getParameter("cancel");
String append = request.getParameter("append");
String edit = request.getParameter("edit");
- String author = findParam( pageContext, "author" );
- String changenote = findParam( pageContext, "changenote" );
+ String author = TextUtil.replaceEntities( findParam( pageContext, "author" ) );
+ String changenote = TextUtil.replaceEntities( findParam( pageContext, "changenote" ) );
String text = EditorManager.getEditedText( pageContext );
String link = TextUtil.replaceEntities( findParam( pageContext, "link") );
String spamhash = findParam( pageContext, SpamFilter.getHashFieldName(request) );
@@ -112,12 +112,12 @@
//
// Check for session expiry
//
-
+
if( !SpamFilter.checkHash(wikiContext,pageContext) )
{
return;
}
-
+
WikiPage modifiedPage = (WikiPage)wikiContext.getPage().clone();
// FIXME: I am not entirely sure if the JSP page is the
@@ -159,7 +159,7 @@
if( changenote != null && changenote.length() > 0 )
{
- modifiedPage.setAttribute( WikiPage.CHANGENOTE, TextUtil.replaceEntities(changenote) );
+ modifiedPage.setAttribute( WikiPage.CHANGENOTE, changenote );
}
else
{
Modified: incubator/jspwiki/trunk/src/webdocs/templates/default/editors/FCK.jsp
URL: http://svn.apache.org/viewvc/incubator/jspwiki/trunk/src/webdocs/templates/default/editors/FCK.jsp?rev=1435944&r1=1435943&r2=1435944&view=diff
==============================================================================
--- incubator/jspwiki/trunk/src/webdocs/templates/default/editors/FCK.jsp (original)
+++ incubator/jspwiki/trunk/src/webdocs/templates/default/editors/FCK.jsp Sun Jan 20 20:29:54 2013
@@ -14,7 +14,7 @@
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
- under the License.
+ under the License.
--%>
<%@ page language="java" pageEncoding="UTF-8"%>
@@ -44,15 +44,15 @@
WikiPage wikiPage = context.getPage();
String originalCCLOption = (String)wikiPage.getAttribute( JSPWikiMarkupParser.PROP_CAMELCASELINKS );
wikiPage.setAttribute( JSPWikiMarkupParser.PROP_CAMELCASELINKS, "false" );
-
+
String usertext = EditorManager.getEditedText(pageContext);
- TemplateManager.addResourceRequest( context, TemplateManager.RESOURCE_SCRIPT,
- context.getURL( WikiContext.NONE, "scripts/fckeditor/fckeditor.js" ) ); %>
+ TemplateManager.addResourceRequest( context, TemplateManager.RESOURCE_SCRIPT,
+ context.getURL( WikiContext.NONE, "scripts/fckeditor/fckeditor.js" ) ); %>
<wiki:CheckRequestContext context="edit">
<wiki:NoSuchPage> <%-- this is a new page, check if we're cloning --%>
<%
- String clone = request.getParameter( "clone" );
+ String clone = request.getParameter( "clone" );
if( clone != null )
{
WikiPage p = engine.getPage( clone );
@@ -62,7 +62,7 @@
PagePermission pp = new PagePermission( p, PagePermission.VIEW_ACTION );
try
- {
+ {
if( mgr.checkPermission( context.getWikiSession(), pp ) )
{
usertext = engine.getPureText( p );
@@ -82,32 +82,32 @@
<% if( usertext == null ) usertext = "";
RenderingManager renderingManager = new RenderingManager();
-
+
// since the WikiProperties are shared, we'll want to make our own copy of it for modifying.
Properties copyOfWikiProperties = new Properties();
copyOfWikiProperties.putAll( engine.getWikiProperties() );
copyOfWikiProperties.setProperty( "jspwiki.renderingManager.renderer", WysiwygEditingRenderer.class.getName() );
renderingManager.initialize( engine, copyOfWikiProperties );
-
+
String pageAsHtml = StringEscapeUtils.escapeJavaScript( renderingManager.getHTML( context, usertext ) );
-
+
// Disable the WYSIWYG_EDITOR_MODE and reset the other properties immediately
// after the XHTML for FCK has been rendered.
context.setVariable( RenderingManager.WYSIWYG_EDITOR_MODE, Boolean.FALSE );
context.setVariable( WikiEngine.PROP_RUNFILTERS, null );
wikiPage.setAttribute( JSPWikiMarkupParser.PROP_CAMELCASELINKS, originalCCLOption );
-
+
String templateDir = (String)copyOfWikiProperties.get( WikiEngine.PROP_TEMPLATEDIR );
-
+
String protocol = "http://";
if( request.isSecure() )
{
protocol = "https://";
- }
+ }
%>
-<form accept-charset="<wiki:ContentEncoding/>" method="post"
- action="<wiki:CheckRequestContext context='edit'><wiki:EditLink format='url'/></wiki:CheckRequestContext><wiki:CheckRequestContext context='comment'><wiki:CommentLink format='url'/></wiki:CheckRequestContext>"
+<form accept-charset="<wiki:ContentEncoding/>" method="post"
+ action="<wiki:CheckRequestContext context='edit'><wiki:EditLink format='url'/></wiki:CheckRequestContext><wiki:CheckRequestContext context='comment'><wiki:CommentLink format='url'/></wiki:CheckRequestContext>"
name="editform" id="editform"
enctype="application/x-www-form-urlencoded">
<p>
@@ -142,21 +142,21 @@
<p>
<label for="changenote"><fmt:message key='editor.plain.changenote'/></label>
- <input type="text" id="changenote" name="changenote" size="80" maxlength="80" value="<c:out value='${changenote}'/>"/>
+ <input type="text" id="changenote" name="changenote" size="80" maxlength="80" value="${changenote}"/>
</p>
<wiki:CheckRequestContext context="comment">
<fieldset>
<legend><fmt:message key="editor.commentsignature"/></legend>
<p>
<label for="authorname" accesskey="n"><fmt:message key="editor.plain.name"/></label>
- <input type="text" name="author" id="authorname" value="<c:out value='${sessionScope.author}' />" />
+ <input type="text" name="author" id="authorname" value="${author}" />
<input type="checkbox" name="remember" id="rememberme" <%=TextUtil.isPositive((String)session.getAttribute("remember")) ? "checked='checked'" : ""%> />
<label for="rememberme"><fmt:message key="editor.plain.remember"/></label>
</p>
<%--FIXME: seems not to read the email of the user, but some odd previously cached value --%>
<p>
<label for="link" accesskey="m"><fmt:message key="editor.plain.email"/></label>
- <input type="text" name="link" id="link" size="24" value="<c:out value='${sessionScope.link}' />" />
+ <input type="text" name="link" id="link" size="24" value="${link}" />
</p>
</fieldset>
</wiki:CheckRequestContext>
Modified: incubator/jspwiki/trunk/src/webdocs/templates/default/editors/plain.jsp
URL: http://svn.apache.org/viewvc/incubator/jspwiki/trunk/src/webdocs/templates/default/editors/plain.jsp?rev=1435944&r1=1435943&r2=1435944&view=diff
==============================================================================
--- incubator/jspwiki/trunk/src/webdocs/templates/default/editors/plain.jsp (original)
+++ incubator/jspwiki/trunk/src/webdocs/templates/default/editors/plain.jsp Sun Jan 20 20:29:54 2013
@@ -14,7 +14,7 @@
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
- under the License.
+ under the License.
--%>
<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
@@ -35,21 +35,21 @@
<%--
This is a plain editor for JSPWiki.
--%>
-<%
- WikiContext context = WikiContext.findContext( pageContext );
+<%
+ WikiContext context = WikiContext.findContext( pageContext );
WikiEngine engine = context.getEngine();
-
- TemplateManager.addResourceRequest( context, TemplateManager.RESOURCE_SCRIPT,
+
+ TemplateManager.addResourceRequest( context, TemplateManager.RESOURCE_SCRIPT,
context.getURL( WikiContext.NONE, "scripts/jspwiki-edit.js" ) );
- TemplateManager.addResourceRequest( context, TemplateManager.RESOURCE_SCRIPT,
+ TemplateManager.addResourceRequest( context, TemplateManager.RESOURCE_SCRIPT,
context.getURL( WikiContext.NONE, "scripts/posteditor.js" ) );
-
+
String usertext = EditorManager.getEditedText( pageContext );
%>
<wiki:CheckRequestContext context="edit">
<wiki:NoSuchPage> <%-- this is a new page, check if we're cloning --%>
<%
- String clone = request.getParameter( "clone" );
+ String clone = request.getParameter( "clone" );
if( clone != null )
{
WikiPage p = engine.getPage( clone );
@@ -59,7 +59,7 @@
PagePermission pp = new PagePermission( p, PagePermission.VIEW_ACTION );
try
- {
+ {
if( mgr.checkPermission( context.getWikiSession(), pp ) )
{
usertext = engine.getPureText( p );
@@ -82,11 +82,11 @@
<div style="width:100%"> <%-- Required for IE6 on Windows --%>
-<form action="<wiki:CheckRequestContext
- context='edit'><wiki:EditLink format='url'/></wiki:CheckRequestContext><wiki:CheckRequestContext
- context='comment'><wiki:CommentLink format='url'/></wiki:CheckRequestContext>"
+<form action="<wiki:CheckRequestContext
+ context='edit'><wiki:EditLink format='url'/></wiki:CheckRequestContext><wiki:CheckRequestContext
+ context='comment'><wiki:CommentLink format='url'/></wiki:CheckRequestContext>"
class="wikiform"
- id="editform"
+ id="editform"
onsubmit="return Wiki.submitOnce(this);"
method="post" accept-charset="<wiki:ContentEncoding/>"
enctype="application/x-www-form-urlencoded" >
@@ -97,14 +97,14 @@
<input name="action" type="hidden" value="save" />
<%=SpamFilter.insertInputFields( pageContext )%>
<input name="<%=SpamFilter.getHashFieldName(request)%>" type="hidden" value="<c:out value='${lastchange}' />" />
- <input type="submit" name="ok" value="<fmt:message key='editor.plain.save.submit'/>"
+ <input type="submit" name="ok" value="<fmt:message key='editor.plain.save.submit'/>"
accesskey="s"
title="<fmt:message key='editor.plain.save.title'/>" />
- <input type="submit" name="preview" value="<fmt:message key='editor.plain.preview.submit'/>"
+ <input type="submit" name="preview" value="<fmt:message key='editor.plain.preview.submit'/>"
accesskey="v"
title="<fmt:message key='editor.plain.preview.title'/>" />
- <input type="submit" name="cancel" value="<fmt:message key='editor.plain.cancel.submit'/>"
- accesskey="q"
+ <input type="submit" name="cancel" value="<fmt:message key='editor.plain.cancel.submit'/>"
+ accesskey="q"
title="<fmt:message key='editor.plain.cancel.title'/>" />
</p>
<%-- This following field is only for the SpamFilter to catch bots which are just randomly filling all fields and submitting.
@@ -122,13 +122,14 @@
FIXME</td>
</tr>
</wiki:Permission>
---%>
+--%>
<tr>
<td><label for="changenote"><fmt:message key='editor.plain.changenote'/></label></td>
- <td><input type="text" name="changenote" id="changenote" size="80" maxlength="80" value="<c:out value='${changenote}'/>"/></td>
+ <td><input type="text" name="changenote" id="changenote" size="80" maxlength="80" value="${changenote}"/></td>
+
</tr>
</table>
-
+
<div id="tools">
<h4><fmt:message key='editor.plain.toolbar'/></h4>
<div id="toolbuttons">
@@ -176,7 +177,7 @@
</span>
<span>
<input type="checkbox" name="smartpairs" id="smartpairs" <%=TextUtil.isPositive((String)session.getAttribute("smartpairs")) ? "checked='checked'" : ""%>/>
- <label for="smartpairs" title="<fmt:message key='editor.plain.smartpairs.title'/>"><fmt:message key="editor.plain.smartpairs"/></label>
+ <label for="smartpairs" title="<fmt:message key='editor.plain.smartpairs.title'/>"><fmt:message key="editor.plain.smartpairs"/></label>
</span>
</div>
@@ -205,8 +206,8 @@
</div>
<div>
- <textarea id="editorarea" name="<%=EditorManager.REQ_EDITEDTEXT%>"
- class="editor"
+ <textarea id="editorarea" name="<%=EditorManager.REQ_EDITEDTEXT%>"
+ class="editor"
rows="20" cols="80"><%=TextUtil.replaceEntities(usertext)%></textarea>
<div class="clearbox" ></div>
</div>
@@ -216,13 +217,13 @@
<legend><fmt:message key="editor.commentsignature"/></legend>
<p>
<label for="authorname" accesskey="n"><fmt:message key="editor.plain.name"/></label>
- <input type="text" name="author" id="authorname" value="<c:out value='${sessionScope.author}' />" />
+ <input type="text" name="author" id="authorname" value="${author}" />
<input type="checkbox" name="remember" id="rememberme" <%=TextUtil.isPositive((String)session.getAttribute("remember")) ? "checked='checked'" : ""%> />
<label for="rememberme"><fmt:message key="editor.plain.remember"/></label>
</p>
<p>
- <label for="link" accesskey="m"><fmt:message key="editor.plain.email"/></label>
- <input type="text" name="link" id="link" size="24" value="<c:out value='${sessionScope.link}' />" />
+ <label for="link" accesskey="m"><fmt:message key="editor.plain.email"/></label>
+ <input type="text" name="link" id="link" size="24" value="${link}" />
</p>
</fieldset>
</wiki:CheckRequestContext>
@@ -231,7 +232,7 @@
<div id="sneakpreviewheader">
<input type="checkbox" name="autopreview" id="autopreview" <%=TextUtil.isPositive((String)session.getAttribute("autopreview")) ? "checked='checked'" : ""%> />
- <label for="autopreview" title="<fmt:message key='editor.plain.sneakpreview.title'/>"><fmt:message key="editor.plain.sneakpreview"/></label>
+ <label for="autopreview" title="<fmt:message key='editor.plain.sneakpreview.title'/>"><fmt:message key="editor.plain.sneakpreview"/></label>
<span id="previewSpin" class="spin" style="position:absolute;display:none;"></span>
</div>
<div id="sneakpreview" ></div>
Modified: incubator/jspwiki/trunk/src/webdocs/templates/default/editors/preview.jsp
URL: http://svn.apache.org/viewvc/incubator/jspwiki/trunk/src/webdocs/templates/default/editors/preview.jsp?rev=1435944&r1=1435943&r2=1435944&view=diff
==============================================================================
--- incubator/jspwiki/trunk/src/webdocs/templates/default/editors/preview.jsp (original)
+++ incubator/jspwiki/trunk/src/webdocs/templates/default/editors/preview.jsp Sun Jan 20 20:29:54 2013
@@ -14,7 +14,7 @@
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
- under the License.
+ under the License.
--%>
<%@ page language="java" pageEncoding="UTF-8"%>
@@ -30,17 +30,17 @@
<%--
This is a special editor component for JSPWiki preview storage.
--%>
-<%
- WikiContext context = WikiContext.findContext( pageContext );
- String usertext = (String)pageContext.getAttribute( EditorManager.ATTR_EDITEDTEXT, PageContext.REQUEST_SCOPE );
- if( usertext == null ) usertext = "";
-
- String action = "comment".equals(request.getParameter("action")) ?
- context.getURL(WikiContext.COMMENT,context.getName()) :
+<%
+ WikiContext context = WikiContext.findContext( pageContext );
+ String usertext = (String)pageContext.getAttribute( EditorManager.ATTR_EDITEDTEXT, PageContext.REQUEST_SCOPE );
+ if( usertext == null ) usertext = "";
+
+ String action = "comment".equals(request.getParameter("action")) ?
+ context.getURL(WikiContext.COMMENT,context.getName()) :
context.getURL(WikiContext.EDIT,context.getName());
%>
<form action="<%=action%>"
- method="post" accept-charset="<wiki:ContentEncoding/>"
+ method="post" accept-charset="<wiki:ContentEncoding/>"
class="wikiform"
id="editform"
onsubmit="return Wiki.submitOnce( this );"
@@ -48,31 +48,31 @@
<p>
<%-- Edit.jsp & Comment.jsp rely on these being found. So be careful, if you make changes. --%>
- <input type="hidden" name="author" value="<c:out value='${author}' />" />
- <input type="hidden" name="link" value="<c:out value='${link}' />" />
- <input type="hidden" name="remember" value="<c:out value='${remember}' />" />
- <input type="hidden" name="changenote" value="<c:out value='${changenote}' />" />
+ <input type="hidden" name="author" value="${author}" />
+ <input type="hidden" name="link" value="${link}" />
+ <input type="hidden" name="remember" value="${remember}" />
+ <input type="hidden" name="changenote" value="${changenote}" />
<input type="hidden" name="page" value="<wiki:Variable var='pagename' />" />
<input type="hidden" name="action" value="save" />
- <input name="<%=SpamFilter.getHashFieldName(request)%>" type="hidden" value="<c:out value='${lastchange}' />" />
+ <input name="<%=SpamFilter.getHashFieldName(request)%>" type="hidden" value="${lastchange}" />
</p>
<div>
<textarea style="display:none;" readonly="readonly"
- id="editorarea" name="<%=EditorManager.REQ_EDITEDTEXT%>"
- rows="4"
+ id="editorarea" name="<%=EditorManager.REQ_EDITEDTEXT%>"
+ rows="4"
cols="80"><%=TextUtil.replaceEntities(usertext)%></textarea>
</div>
<div id="submitbuttons">
- <input type="submit" name="edit" value="<fmt:message key='editor.preview.edit.submit'/>"
+ <input type="submit" name="edit" value="<fmt:message key='editor.preview.edit.submit'/>"
accesskey="e"
title="<fmt:message key='editor.preview.edit.title'/>" />
- <input type="submit" name="ok" value="<fmt:message key='editor.preview.save.submit'/>"
+ <input type="submit" name="ok" value="<fmt:message key='editor.preview.save.submit'/>"
accesskey="s"
title="<fmt:message key='editor.preview.save.title'/>" />
- <input type="submit" name="cancel" value="<fmt:message key='editor.preview.cancel.submit'/>"
- accesskey="q"
+ <input type="submit" name="cancel" value="<fmt:message key='editor.preview.cancel.submit'/>"
+ accesskey="q"
title="<fmt:message key='editor.preview.cancel.title'/>" />
</div>
-
+
</form>
\ No newline at end of file