From version 1.1 >
edited by Admin
on 2009/09/09
To version < 2.1 >
edited by Admin
on 2010/03/02
>
Change comment: Imported from XAR

Summary

Details

Page properties
Content
... ... @@ -14,15 +14,17 @@
14 14  ##
15 15  #set($do = "$!{request.get('do')}")
16 16  #set($tag = "$!{request.get('tag')}")
17 +#set($urlEscapedTag = $escapetool.url($tag))
18 +#set($htmlEscapedTag = $escapetool.html($tag))
17 17  ##
18 18  ## Macro displayTagAppTitle. Display level1 title of this app.
19 19  ##
20 -#macro(displayTagAppTitle $tag $displayButtons)
22 +#macro(displayTagAppTitle $urlEscapedTag $htmlEscapedTag $displayButtons)
21 21   <h1 class="xapp">
22 22   <span class="highlight tag">
23 - <a href="$doc.getURL('view', "do=viewTag&amp;tag=${tag}")">$tag</a>
25 + <a href="$doc.getURL('view', "do=viewTag&amp;tag=${urlEscapedTag}")">$htmlEscapedTag</a>
24 24   #if($xwiki.hasAdminRights() && $displayButtons)
25 - <a href="$doc.getURL('view', "do=prepareRename&amp;tag=${tag}")" class="button rename" rel="nofollow">Rename</a>&nbsp;<a href="$doc.getURL('view', "do=prepareDelete&amp;tag=${tag}")" class="button delete" rel="nofollow">Delete</a>
27 + <a href="$doc.getURL('view', "do=prepareRename&amp;tag=${urlEscapedTag}")" class="button rename" rel="nofollow">Rename</a>&nbsp;<a href="$doc.getURL('view', "do=prepareDelete&amp;tag=${urlEscapedTag}")" class="button delete" rel="nofollow">Delete</a>
26 26   #end
27 27   </span>
28 28   </h1>
... ... @@ -36,21 +36,22 @@
36 36   ##
37 37   ## View tag
38 38   ##
39 - #displayTagAppTitle($tag true)
41 + #displayTagAppTitle($urlEscapedTag $htmlEscapedTag true)
40 40   #if("$!{request.get('renamedTag')}" != '')
41 - #info($msg.get('xe.tag.rename.success', [$request.get('renamedTag')]))
43 + #set($htmlEscapedRenamedTag = $escapetool.html($request.get('renamedTag')))
44 + #info($msg.get('xe.tag.rename.success', [$htmlEscapedRenamedTag]))
42 42   #end
43 - #set ($list = $xwiki.tag.getDocumentsWithTag($tag))
46 + #set($list = $xwiki.tag.getDocumentsWithTag($tag))
44 44   <div>
45 45   <div id="dashboardleft">
46 46   <div id="dashboardleftcontent">
47 - <h3 class="xapp"><span>$msg.get('xe.tag.alldocs', [$tag])</span></h3>
50 + <h3 class="xapp"><span>$msg.get('xe.tag.alldocs', [$htmlEscapedTag])</span></h3>
48 48   #displayDocumentList($list true $blacklistedSpaces)
49 49   </div>
50 50   </div>
51 51   <div id="dashboardright">
52 52   <div id="dashboardrightcontent">
53 - <h3 class="xapp"><span>$msg.get("xe.tag.recentchanges", [$tag])</span></h3>
56 + <h3 class="xapp"><span>$msg.get("xe.tag.recentchanges", [$htmlEscapedTag])</span></h3>
54 54   #set($rcTag = [$tag])
55 55   #includeInContext('Main.RecentChanges')
56 56   </div>
... ... @@ -61,12 +61,12 @@
61 61   ##
62 62   ## Prepare rename tag
63 63   ##
64 - #displayTagAppTitle($tag false)
67 + #displayTagAppTitle($urlEscapedTag $htmlEscapedTag false)
65 65   <form id="renameForm" action="$doc.getURL()" method="post">
66 66   <div>
67 67   <input name="do" type="hidden" value="renameTag" />
68 - <input name="tag" type="hidden" value="$tag" />
69 - $msg.get('xe.tag.rename.renameto', [$tag]) <input type="text" name="renameTo" /> <span class="buttonwrapper"><input type="submit" value="$msg.get('xe.tag.rename')"/></span>
71 + <input name="tag" type="hidden" value="$htmlEscapedTag" />
72 + $msg.get('xe.tag.rename.renameto', [$htmlEscapedTag]) <input type="text" name="renameTo" /> <span class="buttonwrapper"><input type="submit" value="$msg.get('xe.tag.rename')" class="button"/></span>
70 70   </div>
71 71   </form>
72 72  #elseif($do == 'renameTag')
... ... @@ -79,22 +79,22 @@
79 79   #set($success = $xwiki.tag.renameTag($tag, $renameTo))
80 80   #end
81 81   #if ($success == true || $success == 'OK')
82 - #set($encodedRenameTo = $util.encodeURI($renameTo))
83 - #set($encodedTag = $util.encodeURI($tag))
84 - $response.sendRedirect($doc.getURL('view', "do=viewTag&tag=${encodedRenameTo}&renamedTag=${encodedTag}"))
85 + #set($urlEscapedRenameTo = $escapetool.url($renameTo))
86 + $response.sendRedirect($doc.getURL('view', "do=viewTag&tag=${urlEscapedRenameTo}&renamedTag=${urlEscapedTag}"))
85 85   #else
86 - #error($msg.get('xe.tag.rename.failure', [$tag, $renameTo]))
88 + #set($htmlEscapedRenameTo = $escapetool.html($renameTo))
89 + #error($msg.get('xe.tag.rename.failure', [$htmlEscapedTag, $htmlEscapedRenameTo]))
87 87   #end
88 88  #elseif($do == 'prepareDelete')
89 89   ##
90 90   ## Prepare delete tag
91 91   ##
92 - #displayTagAppTitle($tag false)
95 + #displayTagAppTitle($urlEscapedTag $htmlEscapedTag false)
93 93   <form id="deleteForm" action="$doc.getURL()" method="post">
94 94   <div>
95 95   <input name="do" type="hidden" value="deleteTag" />
96 - <input name="tag" type="hidden" value="$tag" />
97 - <span class="buttonwrapper"><input type="submit" value="$msg.get("xe.tag.delete", [$tag])" /></span>
99 + <input name="tag" type="hidden" value="$htmlEscapedTag" />
100 + <span class="buttonwrapper"><input type="submit" value="$msg.get('xe.tag.delete', [$htmlEscapedTag])" class="button/></span>
98 98   </div>
99 99   </form>
100 100  #elseif($do == 'deleteTag')
... ... @@ -103,10 +103,9 @@
103 103   ##
104 104   #set($success = $xwiki.tag.deleteTag($tag))
105 105   #if ($success == true || $success == 'OK')
106 - #set($encodedTag = $util.encodeURI($tag))
107 - $response.sendRedirect($doc.getURL('view', "deletedTag=${encodedTag}"))
109 + $response.sendRedirect($doc.getURL('view', "deletedTag=${urlEscapedTag}"))
108 108   #else
109 - #error($msg.get('xe.tag.delete.failure', [$tag]))
111 + #error($msg.get('xe.tag.delete.failure', [$htmlEscapedTag]))
110 110   #end
111 111  #else
112 112   ##
... ... @@ -113,9 +113,10 @@
113 113   ## View all tags (Tag Cloud)
114 114   ##
115 115   #set($tags = $xwiki.tag.getTags(true))
116 - #set ($title = 'All Tags')
118 + #set($title = 'All Tags')
117 117   #if("$!{request.get('deletedTag')}" != '')
118 - #info($msg.get('xe.tag.delete.success', [$request.get('deletedTag')]))
120 + #set($htmlEscapedTag = $escapetool.html($request.get('deletedTag')))
121 + #info($msg.get('xe.tag.delete.success', [$htmlEscapedTag]))
119 119   #end
120 120   #set($docextras = [])
121 121   #includeInContext("XWiki.TagCloud")

Get Connected