xwiki-devs September 2010

xwiki-devs@xwiki.org

40 participants
96 discussions

[xwiki-devs] [ANN] XWiki Enterprise and XWiki Enterprise Manager 2.4.1 Released

by Thomas Mortagne

The XWiki development team is pleased to announce the release of XWiki Enterprise and XWiki Enterprise Manager 2.4.1. This is a bug fix release for the 2.4 branch. Important Bugs fixed: * XWIKI-5511 - In some conditions a newly created wiki does not have the standard classes * XWIKI-5492 - Can't move the focus outside of the rich text area in Opera * XWIKI-5440 - user.isUserInGroup return false if User in Master and group in virtual * XWIKI-5452 - "cache.path" configuration is not taken into account by JBossCache module * XWIKI-5414 - Keyboard shortcuts are not ignored when trying to navigate with keys in a select input * XWIKI-5391 - MediaWikiScanner#docElements() raises unexpected ParseException when encountering <D_TABLE_CAPTION> tokens * XWIKI-5515 - NPE when accessing an not existing wiki and autowww = 0 * XWIKI-5363 - PeriodFactory#createSinceMonthsPeriod creates a "since weeks" period instead * XWIKI-5476 - Problem with non-px image dimensions in wysiwyg mode only with IE7 * XWIKI-5457 - Propeditor cannot work anymore with recent livetable code * XWIKI-5243 - Reflected XSS in edit(wiki|wysiwyg|wysiwygnew).vm * XWIKI-5450 - SQL injection in suggest.vm * XWIKI-5428 - Save and Continue doesn't validate the mandatory document title * XWIKI-5434 - Saved request parameters are not restored on relogin * XWIKI-5244 - Stored XSS via user/group name * XWIKI-5510 - Text and background color don't match the color themev * XWIKI-5417 - xwiki/2.0 renderer should escape any (% it can find * XWIKI-5453 - includeMacro() no longer works in XE 2.4 * XASEARCH-10 - Escaping issue in Main.DatabaseSearch * XAADMINISTRATION-156 - Cannot add "global" user in groups * XAADMINISTRATION-155 - Improper search icon position in Administration Application * XAADMINISTRATION-168 - Small inconsistency in DOM of some elements that use ConfigurationClass Class For more information see the Releases notes at: http://www.xwiki.org/xwiki/bin/view/Main/ReleaseNotesXWikiEnterprise241 and http://www.xwiki.org/xwiki/bin/view/Main/ReleaseNotesXEM241 Thanks -The XWiki dev team

14 years, 2 months

[xwiki-devs] [Vote] Resize images on the server side to reduce page loading time

by Marius Dumitru Florea

Hi devs, Currently the image plugin [1] allows us to create image thumbnails by specifying the image width and/or height in the query string of the image attachment download URL: /xwiki/bin/download/Spage/Page/image.jpg?width=100 I propose that we: (A) Use the image width and/or height (when they are specified in the image syntax using pixel unit) to resize the image on the server side. For instance: [[image:logo.jpg||width="100px"]] will be linked to /xwiki/bin/download/Spage/Page/logo.jpg?width=100 and [[image:logo.jpg||style="height: 50px; width: 70px"]] will be linked to /xwiki/bin/download/Spage/Page/logo.jpg?width=70&height=50 The image plugin also accepts a quality parameter that controls the compression quality when encoding jpeg images. The default value of this parameter (i.e. when not specified in the URL) is configurable. I propose we use 0.3 by default, 1 representing the best quality. (B) Add the ability to limit the image dimensions (preserving aspect ratio) when the image width and/or height are not specified in the image syntax (or when they are not using pixel unit). The width and height limit will be configurable and -1 by default (i.e. no limitation). For instance: image:logo.jpg will be linked to /xwiki/bin/download/Spage/Page/logo.jpg?width=1024 when width limit is 1024, and to /xwiki/bin/download/Spage/Page/logo.jpg?width=1024&height=768&keepAspectRatio=true when width limit is 1024 and height limit is 768. Note that in this case the image aspect ratio is preserved. The image is resized to best fit the limits. If the user want to bypass the limit he has to specify the image width/height in the image syntax. I'm +1 for both (A) and (B). WDYT? Thanks, Marius [1] http://svn.xwiki.org/svnroot/xwiki/platform/core/trunk/xwiki-core/src/main/…

14 years, 2 months

[xwiki-devs] Extend model service with methods for creating and resolving attachment references

by Marius Dumitru Florea

Hi devs, I created http://jira.xwiki.org/jira/browse/XWIKI-5519 and attached a patch. I'd like to commit this before 2.5M2. Let me know if you don't agree. Thanks, Marius

14 years, 2 months

Re: [xwiki-devs] [xwiki-notifications] r31271 - platform/core/trunk/xwiki-core/src/main/java/com/xpn/xwiki/web

by Vincent Massol

Hi Alex, Couldn't we add the check in some Abstract<XXX>XWikiAction where <XXX> qualifies actions that modify data in order to prevent code duplication and in order to prevent forgetting to do the check when people add new actions (at least make it easier)? Thanks -Vincent On Sep 22, 2010, at 11:00 PM, abusenius (SVN) wrote: > Author: abusenius > Date: 2010-09-22 23:00:46 +0200 (Wed, 22 Sep 2010) > New Revision: 31271 > > Modified: > platform/core/trunk/xwiki-core/src/main/java/com/xpn/xwiki/web/AbstractPropChangeAction.java > platform/core/trunk/xwiki-core/src/main/java/com/xpn/xwiki/web/CommentAddAction.java > platform/core/trunk/xwiki-core/src/main/java/com/xpn/xwiki/web/DeleteAction.java > platform/core/trunk/xwiki-core/src/main/java/com/xpn/xwiki/web/DeleteAttachmentAction.java > platform/core/trunk/xwiki-core/src/main/java/com/xpn/xwiki/web/DeleteVersionsAction.java > platform/core/trunk/xwiki-core/src/main/java/com/xpn/xwiki/web/ObjectAddAction.java > platform/core/trunk/xwiki-core/src/main/java/com/xpn/xwiki/web/ObjectRemoveAction.java > platform/core/trunk/xwiki-core/src/main/java/com/xpn/xwiki/web/PropAddAction.java > platform/core/trunk/xwiki-core/src/main/java/com/xpn/xwiki/web/PropUpdateAction.java > platform/core/trunk/xwiki-core/src/main/java/com/xpn/xwiki/web/RegisterAction.java > platform/core/trunk/xwiki-core/src/main/java/com/xpn/xwiki/web/ResetVersionsAction.java > platform/core/trunk/xwiki-core/src/main/java/com/xpn/xwiki/web/RollbackAction.java > platform/core/trunk/xwiki-core/src/main/java/com/xpn/xwiki/web/SaveAction.java > platform/core/trunk/xwiki-core/src/main/java/com/xpn/xwiki/web/SaveAndContinueAction.java > platform/core/trunk/xwiki-core/src/main/java/com/xpn/xwiki/web/UndeleteAction.java > platform/core/trunk/xwiki-core/src/main/java/com/xpn/xwiki/web/UploadAction.java > Log: > XWIKI-5464: Added CSRF checks to all actions that modify data > > Modified: platform/core/trunk/xwiki-core/src/main/java/com/xpn/xwiki/web/AbstractPropChangeAction.java > =================================================================== > --- platform/core/trunk/xwiki-core/src/main/java/com/xpn/xwiki/web/AbstractPropChangeAction.java 2010-09-22 21:00:42 UTC (rev 31270) > +++ platform/core/trunk/xwiki-core/src/main/java/com/xpn/xwiki/web/AbstractPropChangeAction.java 2010-09-22 21:00:46 UTC (rev 31271) > @@ -55,6 +55,10 @@ > BaseClass xclass = doc.getXClass(); > > if (propertyName != null && xclass.get(propertyName) != null) { > + // CSRF prevention > + if (!csrfTokenCheck(context)) { > + return false; > + } > changePropertyDefinition(xclass, propertyName, context); > } else { > return true; > > Modified: platform/core/trunk/xwiki-core/src/main/java/com/xpn/xwiki/web/CommentAddAction.java > =================================================================== > --- platform/core/trunk/xwiki-core/src/main/java/com/xpn/xwiki/web/CommentAddAction.java 2010-09-22 21:00:42 UTC (rev 31270) > +++ platform/core/trunk/xwiki-core/src/main/java/com/xpn/xwiki/web/CommentAddAction.java 2010-09-22 21:00:46 UTC (rev 31271) > @@ -54,6 +54,11 @@ > @Override > public boolean action(XWikiContext context) throws XWikiException > { > + // CSRF prevention > + if (!csrfTokenCheck(context)) { > + return false; > + } > + > XWiki xwiki = context.getWiki(); > XWikiResponse response = context.getResponse(); > XWikiDocument doc = context.getDoc(); > > Modified: platform/core/trunk/xwiki-core/src/main/java/com/xpn/xwiki/web/DeleteAction.java > =================================================================== > --- platform/core/trunk/xwiki-core/src/main/java/com/xpn/xwiki/web/DeleteAction.java 2010-09-22 21:00:42 UTC (rev 31270) > +++ platform/core/trunk/xwiki-core/src/main/java/com/xpn/xwiki/web/DeleteAction.java 2010-09-22 21:00:46 UTC (rev 31271) > @@ -55,6 +55,10 @@ > if (!"1".equals(request.getParameter(CONFIRM_PARAM))) { > return true; > } > + // CSRF prevention > + if (!csrfTokenCheck(context)) { > + return false; > + } > > String sindex = request.getParameter("id"); > if (sindex != null && xwiki.hasRecycleBin(context)) { > > Modified: platform/core/trunk/xwiki-core/src/main/java/com/xpn/xwiki/web/DeleteAttachmentAction.java > =================================================================== > --- platform/core/trunk/xwiki-core/src/main/java/com/xpn/xwiki/web/DeleteAttachmentAction.java 2010-09-22 21:00:42 UTC (rev 31270) > +++ platform/core/trunk/xwiki-core/src/main/java/com/xpn/xwiki/web/DeleteAttachmentAction.java 2010-09-22 21:00:46 UTC (rev 31271) > @@ -46,6 +46,11 @@ > @Override > public boolean action(XWikiContext context) throws XWikiException > { > + // CSRF prevention > + if (!csrfTokenCheck(context)) { > + return false; > + } > + > XWikiRequest request = context.getRequest(); > XWikiResponse response = context.getResponse(); > XWikiDocument doc = context.getDoc(); > > Modified: platform/core/trunk/xwiki-core/src/main/java/com/xpn/xwiki/web/DeleteVersionsAction.java > =================================================================== > --- platform/core/trunk/xwiki-core/src/main/java/com/xpn/xwiki/web/DeleteVersionsAction.java 2010-09-22 21:00:42 UTC (rev 31270) > +++ platform/core/trunk/xwiki-core/src/main/java/com/xpn/xwiki/web/DeleteVersionsAction.java 2010-09-22 21:00:46 UTC (rev 31271) > @@ -40,21 +40,24 @@ > @Override > public boolean action(XWikiContext context) throws XWikiException > { > + // CSRF prevention > + if (!csrfTokenCheck(context)) { > + return false; > + } > + > DeleteVersionsForm form = (DeleteVersionsForm) context.getForm(); > - > if (!form.isConfirmed()) { > return true; > } > > Version v1; > Version v2; > - Version rev = form.getRev(); > - if (rev == null) { > + if (form.getRev() == null) { > v1 = form.getRev1(); > v2 = form.getRev2(); > } else { > - v1 = rev; > - v2 = rev; > + v1 = form.getRev(); > + v2 = form.getRev(); > } > > if (v1 != null && v2 != null) { > > Modified: platform/core/trunk/xwiki-core/src/main/java/com/xpn/xwiki/web/ObjectAddAction.java > =================================================================== > --- platform/core/trunk/xwiki-core/src/main/java/com/xpn/xwiki/web/ObjectAddAction.java 2010-09-22 21:00:42 UTC (rev 31270) > +++ platform/core/trunk/xwiki-core/src/main/java/com/xpn/xwiki/web/ObjectAddAction.java 2010-09-22 21:00:46 UTC (rev 31271) > @@ -39,6 +39,11 @@ > @Override > public boolean action(XWikiContext context) throws XWikiException > { > + // CSRF prevention > + if (!csrfTokenCheck(context)) { > + return false; > + } > + > XWiki xwiki = context.getWiki(); > XWikiResponse response = context.getResponse(); > String username = context.getUser(); > > Modified: platform/core/trunk/xwiki-core/src/main/java/com/xpn/xwiki/web/ObjectRemoveAction.java > =================================================================== > --- platform/core/trunk/xwiki-core/src/main/java/com/xpn/xwiki/web/ObjectRemoveAction.java 2010-09-22 21:00:42 UTC (rev 31270) > +++ platform/core/trunk/xwiki-core/src/main/java/com/xpn/xwiki/web/ObjectRemoveAction.java 2010-09-22 21:00:46 UTC (rev 31271) > @@ -66,6 +66,11 @@ > @Override > public boolean action(XWikiContext context) throws XWikiException > { > + // CSRF prevention > + if (!csrfTokenCheck(context)) { > + return false; > + } > + > XWiki xwiki = context.getWiki(); > XWikiResponse response = context.getResponse(); > String username = context.getUser(); > @@ -74,6 +79,7 @@ > if (obj == null) { > return true; > } > + > doc.removeObject(obj); > doc.setAuthor(username); > xwiki.saveDocument(doc, context.getMessageTool().get("core.comment.deleteObject"), true, context); > > Modified: platform/core/trunk/xwiki-core/src/main/java/com/xpn/xwiki/web/PropAddAction.java > =================================================================== > --- platform/core/trunk/xwiki-core/src/main/java/com/xpn/xwiki/web/PropAddAction.java 2010-09-22 21:00:42 UTC (rev 31270) > +++ platform/core/trunk/xwiki-core/src/main/java/com/xpn/xwiki/web/PropAddAction.java 2010-09-22 21:00:46 UTC (rev 31271) > @@ -37,6 +37,11 @@ > @Override > public boolean action(XWikiContext context) throws XWikiException > { > + // CSRF prevention > + if (!csrfTokenCheck(context)) { > + return false; > + } > + > XWiki xwiki = context.getWiki(); > XWikiResponse response = context.getResponse(); > XWikiDocument doc = context.getDoc(); > > Modified: platform/core/trunk/xwiki-core/src/main/java/com/xpn/xwiki/web/PropUpdateAction.java > =================================================================== > --- platform/core/trunk/xwiki-core/src/main/java/com/xpn/xwiki/web/PropUpdateAction.java 2010-09-22 21:00:42 UTC (rev 31270) > +++ platform/core/trunk/xwiki-core/src/main/java/com/xpn/xwiki/web/PropUpdateAction.java 2010-09-22 21:00:46 UTC (rev 31271) > @@ -105,6 +105,11 @@ > @Override > public boolean action(XWikiContext context) throws XWikiException > { > + // CSRF prevention > + if (!csrfTokenCheck(context)) { > + return false; > + } > + > try { > if (propUpdate(context)) { > return true; > > Modified: platform/core/trunk/xwiki-core/src/main/java/com/xpn/xwiki/web/RegisterAction.java > =================================================================== > --- platform/core/trunk/xwiki-core/src/main/java/com/xpn/xwiki/web/RegisterAction.java 2010-09-22 21:00:42 UTC (rev 31270) > +++ platform/core/trunk/xwiki-core/src/main/java/com/xpn/xwiki/web/RegisterAction.java 2010-09-22 21:00:46 UTC (rev 31271) > @@ -50,6 +50,11 @@ > > String register = request.getParameter(REGISTER); > if (register != null && register.equals("1")) { > + // CSRF prevention > + if (!csrfTokenCheck(context)) { > + return false; > + } > + > int useemail = xwiki.getXWikiPreferenceAsInt("use_email_verification", 0, context); > int result; > if (useemail == 1) { > > Modified: platform/core/trunk/xwiki-core/src/main/java/com/xpn/xwiki/web/ResetVersionsAction.java > =================================================================== > --- platform/core/trunk/xwiki-core/src/main/java/com/xpn/xwiki/web/ResetVersionsAction.java 2010-09-22 21:00:42 UTC (rev 31270) > +++ platform/core/trunk/xwiki-core/src/main/java/com/xpn/xwiki/web/ResetVersionsAction.java 2010-09-22 21:00:46 UTC (rev 31271) > @@ -17,6 +17,11 @@ > > String confirm = request.getParameter("confirm"); > if ((confirm != null) && (confirm.equals("1"))) { > + // CSRF prevention > + if (!csrfTokenCheck(context)) { > + return false; > + } > + > XWikiDocument tdoc = getTranslatedDocument(doc, language, context); > // Do it > tdoc.resetArchive(context); > > Modified: platform/core/trunk/xwiki-core/src/main/java/com/xpn/xwiki/web/RollbackAction.java > =================================================================== > --- platform/core/trunk/xwiki-core/src/main/java/com/xpn/xwiki/web/RollbackAction.java 2010-09-22 21:00:42 UTC (rev 31270) > +++ platform/core/trunk/xwiki-core/src/main/java/com/xpn/xwiki/web/RollbackAction.java 2010-09-22 21:00:46 UTC (rev 31271) > @@ -30,6 +30,11 @@ > @Override > public boolean action(XWikiContext context) throws XWikiException > { > + // CSRF prevention > + if (!csrfTokenCheck(context)) { > + return false; > + } > + > XWiki xwiki = context.getWiki(); > XWikiResponse response = context.getResponse(); > XWikiDocument doc = context.getDoc(); > > Modified: platform/core/trunk/xwiki-core/src/main/java/com/xpn/xwiki/web/SaveAction.java > =================================================================== > --- platform/core/trunk/xwiki-core/src/main/java/com/xpn/xwiki/web/SaveAction.java 2010-09-22 21:00:42 UTC (rev 31270) > +++ platform/core/trunk/xwiki-core/src/main/java/com/xpn/xwiki/web/SaveAction.java 2010-09-22 21:00:46 UTC (rev 31271) > @@ -176,6 +176,11 @@ > @Override > public boolean action(XWikiContext context) throws XWikiException > { > + // CSRF prevention > + if (!csrfTokenCheck(context)) { > + return false; > + } > + > if (save(context)) { > return true; > } > > Modified: platform/core/trunk/xwiki-core/src/main/java/com/xpn/xwiki/web/SaveAndContinueAction.java > =================================================================== > --- platform/core/trunk/xwiki-core/src/main/java/com/xpn/xwiki/web/SaveAndContinueAction.java 2010-09-22 21:00:42 UTC (rev 31270) > +++ platform/core/trunk/xwiki-core/src/main/java/com/xpn/xwiki/web/SaveAndContinueAction.java 2010-09-22 21:00:46 UTC (rev 31271) > @@ -43,6 +43,11 @@ > */ > @Override > public boolean action(XWikiContext context) throws XWikiException { > + // CSRF prevention > + if (!csrfTokenCheck(context)) { > + return false; > + } > + > // Try to find the URL of the edit page which we came from > String back = findBackURL(context); > > > Modified: platform/core/trunk/xwiki-core/src/main/java/com/xpn/xwiki/web/UndeleteAction.java > =================================================================== > --- platform/core/trunk/xwiki-core/src/main/java/com/xpn/xwiki/web/UndeleteAction.java 2010-09-22 21:00:42 UTC (rev 31270) > +++ platform/core/trunk/xwiki-core/src/main/java/com/xpn/xwiki/web/UndeleteAction.java 2010-09-22 21:00:46 UTC (rev 31271) > @@ -42,6 +42,11 @@ > @Override > public boolean action(XWikiContext context) throws XWikiException > { > + // CSRF prevention > + if (!csrfTokenCheck(context)) { > + return false; > + } > + > XWiki xwiki = context.getWiki(); > XWikiRequest request = context.getRequest(); > XWikiResponse response = context.getResponse(); > > Modified: platform/core/trunk/xwiki-core/src/main/java/com/xpn/xwiki/web/UploadAction.java > =================================================================== > --- platform/core/trunk/xwiki-core/src/main/java/com/xpn/xwiki/web/UploadAction.java 2010-09-22 21:00:42 UTC (rev 31270) > +++ platform/core/trunk/xwiki-core/src/main/java/com/xpn/xwiki/web/UploadAction.java 2010-09-22 21:00:46 UTC (rev 31271) > @@ -80,6 +80,11 @@ > } > } > > + // CSRF prevention > + if (!csrfTokenCheck(context)) { > + return false; > + } > + > XWikiDocument doc = (XWikiDocument) context.getDoc().clone(); > > // The document is saved for each attachment in the group.

14 years, 2 months

by Sergiu Dumitriu

On 09/23/2010 12:23 PM, tmortagne (SVN) wrote: > Author: tmortagne > Date: 2010-09-23 12:23:25 +0200 (Thu, 23 Sep 2010) > New Revision: 31277 You should have used a serverside move instead of a local copy, since the sandbox history is now lost. > Added: > platform/core/trunk/xwiki-extension/ > platform/core/trunk/xwiki-extension/pom.xml > platform/core/trunk/xwiki-extension/src/ > platform/core/trunk/xwiki-extension/src/main/ > platform/core/trunk/xwiki-extension/src/main/java/ > platform/core/trunk/xwiki-extension/src/main/java/org/ > platform/core/trunk/xwiki-extension/src/main/java/org/xwiki/ > platform/core/trunk/xwiki-extension/src/main/java/org/xwiki/extension/ > platform/core/trunk/xwiki-extension/src/main/java/org/xwiki/extension/CoreExtension.java > platform/core/trunk/xwiki-extension/src/main/java/org/xwiki/extension/Extension.java > platform/core/trunk/xwiki-extension/src/main/java/org/xwiki/extension/ExtensionDependency.java > platform/core/trunk/xwiki-extension/src/main/java/org/xwiki/extension/ExtensionException.java > platform/core/trunk/xwiki-extension/src/main/java/org/xwiki/extension/ExtensionId.java > platform/core/trunk/xwiki-extension/src/main/java/org/xwiki/extension/ExtensionManager.java > platform/core/trunk/xwiki-extension/src/main/java/org/xwiki/extension/ExtensionManagerConfiguration.java > platform/core/trunk/xwiki-extension/src/main/java/org/xwiki/extension/InstallException.java > platform/core/trunk/xwiki-extension/src/main/java/org/xwiki/extension/LocalExtension.java > platform/core/trunk/xwiki-extension/src/main/java/org/xwiki/extension/ResolveException.java > platform/core/trunk/xwiki-extension/src/main/java/org/xwiki/extension/UninstallException.java > platform/core/trunk/xwiki-extension/src/main/java/org/xwiki/extension/install/ > platform/core/trunk/xwiki-extension/src/main/java/org/xwiki/extension/install/ExtensionHandler.java > platform/core/trunk/xwiki-extension/src/main/java/org/xwiki/extension/install/ExtensionHandlerManager.java > platform/core/trunk/xwiki-extension/src/main/java/org/xwiki/extension/install/internal/ > platform/core/trunk/xwiki-extension/src/main/java/org/xwiki/extension/install/internal/AbstractExtensionHandler.java > platform/core/trunk/xwiki-extension/src/main/java/org/xwiki/extension/install/internal/DefaultExtensionHandlerManager.java > platform/core/trunk/xwiki-extension/src/main/java/org/xwiki/extension/install/internal/jar/ > platform/core/trunk/xwiki-extension/src/main/java/org/xwiki/extension/install/internal/jar/DefaultJarExtensionClassLoader.java > platform/core/trunk/xwiki-extension/src/main/java/org/xwiki/extension/install/internal/jar/JarExtensionClassLoader.java > platform/core/trunk/xwiki-extension/src/main/java/org/xwiki/extension/install/internal/jar/JarExtensionExecutionContextInitializer.java > platform/core/trunk/xwiki-extension/src/main/java/org/xwiki/extension/install/internal/jar/JarExtensionHandler.java > platform/core/trunk/xwiki-extension/src/main/java/org/xwiki/extension/install/internal/jar/JarHandlerApplicationStartedListener.java > platform/core/trunk/xwiki-extension/src/main/java/org/xwiki/extension/internal/ > platform/core/trunk/xwiki-extension/src/main/java/org/xwiki/extension/internal/DefaultExtensionManager.java > platform/core/trunk/xwiki-extension/src/main/java/org/xwiki/extension/internal/DefaultExtensionManagerConfiguration.java > platform/core/trunk/xwiki-extension/src/main/java/org/xwiki/extension/internal/DefaultVersionManager.java > platform/core/trunk/xwiki-extension/src/main/java/org/xwiki/extension/internal/VersionManager.java > platform/core/trunk/xwiki-extension/src/main/java/org/xwiki/extension/internal/script/ > platform/core/trunk/xwiki-extension/src/main/java/org/xwiki/extension/internal/script/ExtensionManagerScriptService.java > platform/core/trunk/xwiki-extension/src/main/java/org/xwiki/extension/repository/ > platform/core/trunk/xwiki-extension/src/main/java/org/xwiki/extension/repository/CoreExtensionRepository.java > platform/core/trunk/xwiki-extension/src/main/java/org/xwiki/extension/repository/ExtensionRepository.java > platform/core/trunk/xwiki-extension/src/main/java/org/xwiki/extension/repository/ExtensionRepositoryException.java > platform/core/trunk/xwiki-extension/src/main/java/org/xwiki/extension/repository/ExtensionRepositoryFactory.java > platform/core/trunk/xwiki-extension/src/main/java/org/xwiki/extension/repository/ExtensionRepositoryId.java > platform/core/trunk/xwiki-extension/src/main/java/org/xwiki/extension/repository/ExtensionRepositoryManager.java > platform/core/trunk/xwiki-extension/src/main/java/org/xwiki/extension/repository/ExtensionRepositorySource.java > platform/core/trunk/xwiki-extension/src/main/java/org/xwiki/extension/repository/LocalExtensionRepository.java > platform/core/trunk/xwiki-extension/src/main/java/org/xwiki/extension/repository/internal/ > platform/core/trunk/xwiki-extension/src/main/java/org/xwiki/extension/repository/internal/ConfigurationExtensionRepositorySource.java > platform/core/trunk/xwiki-extension/src/main/java/org/xwiki/extension/repository/internal/DefaultCoreExtension.java > platform/core/trunk/xwiki-extension/src/main/java/org/xwiki/extension/repository/internal/DefaultCoreExtensionRepository.java > platform/core/trunk/xwiki-extension/src/main/java/org/xwiki/extension/repository/internal/DefaultExtensionRepositoryManager.java > platform/core/trunk/xwiki-extension/src/main/java/org/xwiki/extension/repository/internal/DefaultLocalExtension.java > platform/core/trunk/xwiki-extension/src/main/java/org/xwiki/extension/repository/internal/DefaultLocalExtensionRepository.java > platform/core/trunk/xwiki-extension/src/main/java/org/xwiki/extension/repository/internal/LocalExtensionDependency.java > platform/core/trunk/xwiki-extension/src/main/java/org/xwiki/extension/repository/internal/aether/ > platform/core/trunk/xwiki-extension/src/main/java/org/xwiki/extension/repository/internal/aether/AetherExtension.java > platform/core/trunk/xwiki-extension/src/main/java/org/xwiki/extension/repository/internal/aether/AetherExtensionDependency.java > platform/core/trunk/xwiki-extension/src/main/java/org/xwiki/extension/repository/internal/aether/AetherExtensionRepository.java > platform/core/trunk/xwiki-extension/src/main/java/org/xwiki/extension/repository/internal/aether/AetherExtensionRepositoryFactory.java > platform/core/trunk/xwiki-extension/src/main/java/org/xwiki/extension/repository/internal/aether/XWikiLogger.java > platform/core/trunk/xwiki-extension/src/main/java/org/xwiki/extension/repository/internal/aether/XWikiLoggerManager.java > platform/core/trunk/xwiki-extension/src/main/java/org/xwiki/extension/repository/internal/aether/configuration/ > platform/core/trunk/xwiki-extension/src/main/java/org/xwiki/extension/repository/internal/aether/configuration/AetherConfiguration.java > platform/core/trunk/xwiki-extension/src/main/java/org/xwiki/extension/repository/internal/aether/configuration/DefaultAetherConfiguration.java > platform/core/trunk/xwiki-extension/src/main/java/org/xwiki/extension/repository/internal/plexus/ > platform/core/trunk/xwiki-extension/src/main/java/org/xwiki/extension/repository/internal/plexus/DefaultPlexusComponentManager.java > platform/core/trunk/xwiki-extension/src/main/java/org/xwiki/extension/repository/internal/plexus/PlexusComponentManager.java > platform/core/trunk/xwiki-extension/src/main/resources/ > platform/core/trunk/xwiki-extension/src/main/resources/META-INF/ > platform/core/trunk/xwiki-extension/src/main/resources/META-INF/components.txt > platform/core/trunk/xwiki-extension/src/test/ > platform/core/trunk/xwiki-extension/src/test/java/ > platform/core/trunk/xwiki-extension/src/test/java/org/ > platform/core/trunk/xwiki-extension/src/test/java/org/xwiki/ > platform/core/trunk/xwiki-extension/src/test/java/org/xwiki/extension/ > platform/core/trunk/xwiki-extension/src/test/java/org/xwiki/extension/repository/ > platform/core/trunk/xwiki-extension/src/test/java/org/xwiki/extension/repository/AetherDefaultRepositoryManagerTest.java > platform/core/trunk/xwiki-extension/src/test/java/org/xwiki/extension/repository/DefaultCoreExtensionRepositoryTest.java > platform/core/trunk/xwiki-extension/src/test/java/org/xwiki/extension/repository/DefaultExtensionManagerTest.java > platform/core/trunk/xwiki-extension/src/test/java/org/xwiki/extension/repository/DefaultLocalExtensionRepositoryTest.java > platform/core/trunk/xwiki-extension/src/test/java/org/xwiki/extension/test/ > platform/core/trunk/xwiki-extension/src/test/java/org/xwiki/extension/test/ConfigurableDefaultCoreExtensionRepository.java > platform/core/trunk/xwiki-extension/src/test/resources/ > platform/core/trunk/xwiki-extension/src/test/resources/localextensions/ > platform/core/trunk/xwiki-extension/src/test/resources/localextensions/existingextension-version.type > platform/core/trunk/xwiki-extension/src/test/resources/localextensions/existingextension-version.xed > platform/core/trunk/xwiki-extension/src/test/resources/localextensions/existingextensiondependency-version.type > platform/core/trunk/xwiki-extension/src/test/resources/localextensions/existingextensiondependency-version.xed > platform/xwiki-applications/trunk/extension/ > platform/xwiki-applications/trunk/extension/pom.xml > platform/xwiki-applications/trunk/extension/src/ > platform/xwiki-applications/trunk/extension/src/main/ > platform/xwiki-applications/trunk/extension/src/main/resources/ > platform/xwiki-applications/trunk/extension/src/main/resources/ExtensionManager/ > platform/xwiki-applications/trunk/extension/src/main/resources/ExtensionManager/WebHome.xml > Modified: > enterprise/trunk/pom.xml > platform/core/trunk/pom.xml > platform/web/trunk/standard/pom.xml > platform/xwiki-applications/trunk/pom.xml > platform/xwiki-tools/trunk/xem-web-debug-eclipse/pom.xml > Log: > XWIKI-5518: Introduce Extension Manager -- Sergiu Dumitriu http://purl.org/net/sergiu/

14 years, 2 months

[xwiki-devs] [proposal] Make form generation/validation code a top level application.

by Caleb James DeLisle

Hi, I have started creating the classes for representing forms, form fields and form field validation constraints. I now have: FormTextAreaFieldClass FormSelectFieldClass FormTextFieldClass FormFieldConstraintClass and I plan to add: FormClass and FormGenerator Since there seem to be a lot of documents associated with this project, I am proposing to make it a top level application and put the documents in a new space called Forms. WDYT?

14 years, 2 months

Re: [xwiki-devs] [xwiki-notifications] r31216 - in platform/xwiki-applications/trunk: administration/src/main/resources/XWiki blog/src/main/resources/Blog invitation/src/main/resources/Invitation officeimporter/src/main/resources/XWiki panels/src/main/resources/P

by Thomas Mortagne

You just broke pretty much all applications for stable branch... On Wed, Sep 22, 2010 at 03:44, abusenius <platform-notifications(a)xwiki.org> wrote: > Author: abusenius > Date: 2010-09-22 03:44:29 +0200 (Wed, 22 Sep 2010) > New Revision: 31216 > > Modified: > platform/xwiki-applications/trunk/administration/src/main/resources/XWiki/Registration.xml > platform/xwiki-applications/trunk/blog/src/main/resources/Blog/CategoriesCode.xml > platform/xwiki-applications/trunk/blog/src/main/resources/Blog/Migration.xml > platform/xwiki-applications/trunk/blog/src/main/resources/Blog/Publisher.xml > platform/xwiki-applications/trunk/invitation/src/main/resources/Invitation/InvitationGuestActions.xml > platform/xwiki-applications/trunk/invitation/src/main/resources/Invitation/InvitationMemberActions.xml > platform/xwiki-applications/trunk/invitation/src/main/resources/Invitation/WebHome.xml > platform/xwiki-applications/trunk/officeimporter/src/main/resources/XWiki/OfficeImporterAdmin.xml > platform/xwiki-applications/trunk/panels/src/main/resources/Panels/DocumentInformation.xml > platform/xwiki-applications/trunk/panels/src/main/resources/Panels/PanelLayoutUpdate.xml > platform/xwiki-applications/trunk/wiki-manager/src/main/resources/XWiki/XWikiServerClassSheet.xml > Log: > XWIKI-5463: Checking for CSRF tokens in applications > > Modified: platform/xwiki-applications/trunk/administration/src/main/resources/XWiki/Registration.xml > =================================================================== > --- platform/xwiki-applications/trunk/administration/src/main/resources/XWiki/Registration.xml 2010-09-22 01:44:21 UTC (rev 31215) > +++ platform/xwiki-applications/trunk/administration/src/main/resources/XWiki/Registration.xml 2010-09-22 01:44:29 UTC (rev 31216) > @@ -686,11 +686,16 @@ > * @param $doAfterRegistration code block to run after registration completes successfully. > *### > #macro(createUser, $fields, $request, $response, $doAfterRegistration) > - ## See if email verification is required and register the user. > - #if($xwiki.getXWikiPreferenceAsInt('use_email_verification', 0) == 1) > - #set($reg = $xwiki.createUser(true)) > + ## CSRF check > + #if(${services.csrf.isTokenValid("$!{request.getParameter('form_token')}")}) > + ## See if email verification is required and register the user. > + #if($xwiki.getXWikiPreferenceAsInt('use_email_verification', 0) == 1) > + #set($reg = $xwiki.createUser(true)) > + #else > + #set($reg = $xwiki.createUser(false)) > + #end > #else > - #set($reg = $xwiki.createUser(false)) > + $response.sendRedirect("$!{services.csrf.getResubmissionURL()}") > #end > ## > ## Handle output from the registration. > > Modified: platform/xwiki-applications/trunk/blog/src/main/resources/Blog/CategoriesCode.xml > =================================================================== > --- platform/xwiki-applications/trunk/blog/src/main/resources/Blog/CategoriesCode.xml 2010-09-22 01:44:21 UTC (rev 31215) > +++ platform/xwiki-applications/trunk/blog/src/main/resources/Blog/CategoriesCode.xml 2010-09-22 01:44:29 UTC (rev 31216) > @@ -397,7 +397,7 @@ > #end > #set($query = "${query}obj.name = doc.fullName and obj.className = '${blogCategoryClassname}' and doc.fullName <> 'Blog.CategoryTemplate' and doc.parent = ? order by doc.name") > #foreach($item in $xwiki.searchDocuments($query, $parameterValues)) > - #if($xwiki.hasAccessLevel('edit', $xcontext.user, $item)) > + #if($xwiki.hasAccessLevel('edit', $xcontext.user, $item) && $!{services.csrf.isTokenValid("$!{request.getParameter('form_token')}")}) > #set($subcategoryDoc = $xwiki.getDocument($item)) > $subcategoryDoc.setParent($categoryParent) > $subcategoryDoc.save($msg.get('xe.blog.manageCategories.comment.updatedParent'), true) > @@ -409,7 +409,7 @@ > #end > #set($query = "${query}obj.name = doc.fullName and obj.className = '${blogPostClassname}' and doc.fullName <> 'Blog.BlogPostTemplate' and categories.id.id = obj.id and categories.id.name = 'category' and category = ? order by doc.name") > #foreach($item in $xwiki.searchDocuments($query, $parameterValues)) > - #if($xwiki.hasAccessLevel('edit', $xcontext.user, $item)) > + #if($xwiki.hasAccessLevel('edit', $xcontext.user, $item) && $!{services.csrf.isTokenValid("$!{request.getParameter('form_token')}")}) > #set($blogEntryDoc = $xwiki.getDocument($item)) > #set($discard = $blogEntryDoc.getObject(${blogPostClassname}).getProperty('category').value.remove($category)) > $blogEntryDoc.save($msg.get('xe.blog.manageCategories.comment.removedDeletedCategory'), true) > @@ -433,7 +433,7 @@ > #set($query = ', BaseObject obj where ') > #set($query = "${query}obj.name = doc.fullName and obj.className = '${blogCategoryClassname}' and doc.fullName <> 'Blog.CategoryTemplate' and doc.parent = ? order by doc.name") > #foreach($item in $xwiki.searchDocuments($query, $parameterValues)) > - #if($xwiki.hasAccessLevel('edit', $xcontext.user, $item)) > + #if($xwiki.hasAccessLevel('edit', $xcontext.user, $item) && $!{services.csrf.isTokenValid("$!{request.getParameter('form_token')}")}) > #set($subcategoryDoc = $xwiki.getDocument($item)) > $subcategoryDoc.setParent($newCategoryDoc.fullName) > $subcategoryDoc.save($msg.get('xe.blog.manageCategories.comment.updatedParent'), true) > @@ -442,16 +442,18 @@ > #set($query = ', BaseObject obj, DBStringListProperty categories join categories.list as category where ') > #set($query = "${query}obj.name = doc.fullName and obj.className = '${blogPostClassname}' and doc.fullName <> 'Blog.BlogPostTemplate' and categories.id.id = obj.id and categories.id.name = 'category' and category = ? order by doc.name") > #foreach($item in $xwiki.searchDocuments($query, $parameterValues)) > - #if($xwiki.hasAccessLevel('edit', $xcontext.user, $item)) > + #if($xwiki.hasAccessLevel('edit', $xcontext.user, $item) && $!{services.csrf.isTokenValid("$!{request.getParameter('form_token')}")}) > #set($blogEntryDoc = $xwiki.getDocument($item)) > #set($discard = $blogEntryDoc.getObject(${blogPostClassname}).getProperty('category').value.remove($category)) > #set($discard = $blogEntryDoc.getObject(${blogPostClassname}).getProperty('category').value.add($newCategoryDoc.fullName)) > $blogEntryDoc.save($msg.get('xe.blog.manageCategories.comment.updatedRenamedCategory'), true) > #end > #end > - $categoryDoc.getObject('Blog.CategoryClass').set('name', $newCategoryName) > - $categoryDoc.save($msg.get('xe.blog.manageCategories.comment.updatedCategory'), true) > - $categoryDoc.rename($newCategoryName) > + #if ($!{services.csrf.isTokenValid("$!{request.getParameter('form_token')}")}) > + $categoryDoc.getObject('Blog.CategoryClass').set('name', $newCategoryName) > + $categoryDoc.save($msg.get('xe.blog.manageCategories.comment.updatedCategory'), true) > + $categoryDoc.rename($newCategoryName) > + #end > #end > {{/velocity}}</content> > </xwikidoc> > > Modified: platform/xwiki-applications/trunk/blog/src/main/resources/Blog/Migration.xml > =================================================================== > --- platform/xwiki-applications/trunk/blog/src/main/resources/Blog/Migration.xml 2010-09-22 01:44:21 UTC (rev 31215) > +++ platform/xwiki-applications/trunk/blog/src/main/resources/Blog/Migration.xml 2010-09-22 01:44:29 UTC (rev 31216) > @@ -24,7 +24,7 @@ > <syntaxId>xwiki/2.0</syntaxId> > <hidden>true</hidden> > <content>{{velocity filter="none"}} > -#if($request.migrate) > +#if($request.migrate && $!{services.csrf.isTokenValid("$!{request.getParameter('form_token')}")}) > #set($newContent = '#includeForm("Blog.BlogPostSheet")') > #set($query = ", BaseObject obj where obj.name = doc.fullName and obj.className = 'XWiki.ArticleClass'") > #foreach($article in $xwiki.searchDocuments($query)) > > Modified: platform/xwiki-applications/trunk/blog/src/main/resources/Blog/Publisher.xml > =================================================================== > --- platform/xwiki-applications/trunk/blog/src/main/resources/Blog/Publisher.xml 2010-09-22 01:44:21 UTC (rev 31215) > +++ platform/xwiki-applications/trunk/blog/src/main/resources/Blog/Publisher.xml 2010-09-22 01:44:29 UTC (rev 31216) > @@ -32,7 +32,7 @@ > #end > #set($entryName = "$!{request.entryName}") > #if($entryName != '') > - #if($xwiki.hasAccessLevel('edit', $xcontext.user, $entryName)) > + #if($xwiki.hasAccessLevel('edit', $xcontext.user, $entryName) && $!{services.csrf.isTokenValid("$!{request.getParameter('form_token')}")}) > #set($entryDoc = $xwiki.getDocument($entryName)) > #if ($entryDoc) > #getEntryObject($entryDoc $entryObj) > > Modified: platform/xwiki-applications/trunk/invitation/src/main/resources/Invitation/InvitationGuestActions.xml > =================================================================== > --- platform/xwiki-applications/trunk/invitation/src/main/resources/Invitation/InvitationGuestActions.xml 2010-09-22 01:44:21 UTC (rev 31215) > +++ platform/xwiki-applications/trunk/invitation/src/main/resources/Invitation/InvitationGuestActions.xml 2010-09-22 01:44:29 UTC (rev 31216) > @@ -223,7 +223,7 @@ > {{error}}(%id="invitation-action-message"%)$msg.get('xe.invitation.doAction.accept.alreadyReportedAsSpam'){{/error}} > #elseif($status != 'pending') > {{error}}(%id="invitation-action-message"%)$msg.get('xe.invitation.doAction.invalidStatus', ["#messageStatusForCode($status)"]){{/error}} > - #else > + #elseif($confirm && ${services.csrf.isTokenValid("$!{request.getParameter('form_token')}")}) > #if("#canGuestAcceptInvitation($doc)" != 'true') > ## > {{error}}(%id="invitation-action-message"%)$msg.get('xe.invitation.doAction.accept.improperConfiguration'){{/error}} > @@ -235,6 +235,9 @@ > #set($invited = true) > {{include document="XWiki.Registration"/}} > #end > + #else > + ## CSRF protection > + $response.sendRedirect("$!{services.csrf.getResubmissionURL()}") > #end > #elseif($action == 'decline') > ## Decline Invitation <------------------------------------------------------------------------ > @@ -261,7 +264,7 @@ > {{error}}(%id="invitation-action-message"%)$msg.get('xe.invitation.doAction.decline.alreadyReportedAsSpam'){{/error}} > #elseif($status != 'pending') > {{error}}(%id="invitation-action-message"%)$msg.get('xe.invitation.doAction.invalidStatus', ["#messageStatusForCode($status)"]){{/error}} > - #elseif($confirm) > + #elseif($confirm && ${services.csrf.isTokenValid("$!{request.getParameter('form_token')}")}) > #setMessageStatus($message, 'declined', $memo)## > $emailContainer.saveAsAuthor($msg.get('xe.invitation.doAction.decline.saveComment')) > {{info}}(%id="invitation-action-message"%)$msg.get('xe.invitation.doAction.decline.success'){{/info}} > @@ -280,7 +283,7 @@ > #if("$!message" == '') > ## No message found by that id. > {{error}}(%id="invitation-action-message"%)$msg.get('xe.invitation.doAction.reportSpam.noMessageFound'){{/error}} > - #elseif($confirm) > + #elseif($confirm && ${services.csrf.isTokenValid("$!{request.getParameter('form_token')}")}) > #setMessageStatus($message, 'reported', $memo)## > $emailContainer.saveAsAuthor($msg.get('xe.invitation.doAction.reportSpam.reportSaveComment')) > ## Your report has been logged, sorry for the inconvienence. > > Modified: platform/xwiki-applications/trunk/invitation/src/main/resources/Invitation/InvitationMemberActions.xml > =================================================================== > --- platform/xwiki-applications/trunk/invitation/src/main/resources/Invitation/InvitationMemberActions.xml 2010-09-22 01:44:21 UTC (rev 31215) > +++ platform/xwiki-applications/trunk/invitation/src/main/resources/Invitation/InvitationMemberActions.xml 2010-09-22 01:44:29 UTC (rev 31216) > @@ -382,7 +382,7 @@ > $msg.get('xe.invitation.doUserActionOnMultipleMessages.cancel.someMessagesNotFound', > [$mathtool.sub($messageIDs.size(), $messages.size()), $messageIDs.size()]){{error}}))) > #end > - #elseif($confirm) > + #elseif($confirm && ${services.csrf.isTokenValid("$!{request.getParameter('form_token')}")}) > ## If the user accidently selected messages to which this action cannot be done, just skip over them. > #set($changed = false) > #foreach($message in $messages) > @@ -435,7 +435,7 @@ > $msg.get('xe.invitation.doUserActionOnMultipleMessages.noMessagesFound') > #end > {{/error}}))) > - #elseif($confirm) > + #elseif($confirm && ${services.csrf.isTokenValid("$!{request.getParameter('form_token')}")}) > ## If the user accidently selected messages to which this action cannot be done, just skip over them. > #set($changed = false) > #foreach($message in $messages) > > Modified: platform/xwiki-applications/trunk/invitation/src/main/resources/Invitation/WebHome.xml > =================================================================== > --- platform/xwiki-applications/trunk/invitation/src/main/resources/Invitation/WebHome.xml 2010-09-22 01:44:21 UTC (rev 31215) > +++ platform/xwiki-applications/trunk/invitation/src/main/resources/Invitation/WebHome.xml 2010-09-22 01:44:29 UTC (rev 31216) > @@ -737,7 +737,9 @@ > #set($messageBody = '') > #end > ## > - #if("$!request.get('sendMail')" != '' && $request.getMethod().toLowerCase() == 'post') > + #if("$!request.get('sendMail')" != '' > + && $request.getMethod().toLowerCase() == 'post' > + && ${services.csrf.isTokenValid("$!{request.getParameter('form_token')}")}) > #generateAndSendMail($config, > $recipients, > $subjectLine, > > Modified: platform/xwiki-applications/trunk/officeimporter/src/main/resources/XWiki/OfficeImporterAdmin.xml > =================================================================== > --- platform/xwiki-applications/trunk/officeimporter/src/main/resources/XWiki/OfficeImporterAdmin.xml 2010-09-22 01:44:21 UTC (rev 31215) > +++ platform/xwiki-applications/trunk/officeimporter/src/main/resources/XWiki/OfficeImporterAdmin.xml 2010-09-22 01:44:29 UTC (rev 31216) > @@ -281,7 +281,7 @@ > #set($msgRestart=$msg.get("xe.officeimporter.openoffice.actions.restart")) > #set($msgUpdate=$msg.get("xe.officeimporter.openoffice.update")) > #set($msgLimitedControl=$msg.get("xe.officeimporter.openoffice.limitedcontrol")) > -#if($hasAdmin) > +#if($hasAdmin && ${services.csrf.isTokenValid("$!{request.getParameter('form_token')}")}) > #set($currentAction = "$!{request.action}") > #if($currentAction == "stop") > #if(!$oomanager.stopServer()) > > Modified: platform/xwiki-applications/trunk/panels/src/main/resources/Panels/DocumentInformation.xml > =================================================================== > --- platform/xwiki-applications/trunk/panels/src/main/resources/Panels/DocumentInformation.xml 2010-09-22 01:44:21 UTC (rev 31215) > +++ platform/xwiki-applications/trunk/panels/src/main/resources/Panels/DocumentInformation.xml 2010-09-22 01:44:29 UTC (rev 31216) > @@ -547,7 +547,7 @@ > #end > ## Use the syntax and content received from the client, as the user might have made some changes that are not on saved yet. > #set($void = $translatedDoc.setSyntaxId($oldSyntax)) > - #if (!$translatedDoc.convertSyntax($newSyntaxId)) > + #if (!$translatedDoc.convertSyntax($newSyntaxId) || !${services.csrf.isTokenValid("$!{request.getParameter('form_token')}")}) > #set($error = true) > #else > #set($void = $translatedDoc.save("Document converted from syntax $oldSyntax to syntax $newSyntaxId")) > > Modified: platform/xwiki-applications/trunk/panels/src/main/resources/Panels/PanelLayoutUpdate.xml > =================================================================== > --- platform/xwiki-applications/trunk/panels/src/main/resources/Panels/PanelLayoutUpdate.xml 2010-09-22 01:44:21 UTC (rev 31215) > +++ platform/xwiki-applications/trunk/panels/src/main/resources/Panels/PanelLayoutUpdate.xml 2010-09-22 01:44:29 UTC (rev 31216) > @@ -34,7 +34,7 @@ > ## > ## Check to see if the current user has admin rights on the current preferences document. > ## > -#if(!$xwiki.hasAccessLevel("admin", $xcontext.user, $prefsdocument)) > +#if(!$xwiki.hasAccessLevel("admin", $xcontext.user, $prefsdocument) || !${services.csrf.isTokenValid("$!{request.getParameter('form_token')}")}) > #xwikimessageboxstart("$msg.get('panelwizard.placemanager')" "") > $msg.get("panelwizard.notadmininplace", $place) > #xwikimessageboxend() > > Modified: platform/xwiki-applications/trunk/wiki-manager/src/main/resources/XWiki/XWikiServerClassSheet.xml > =================================================================== > --- platform/xwiki-applications/trunk/wiki-manager/src/main/resources/XWiki/XWikiServerClassSheet.xml 2010-09-22 01:44:21 UTC (rev 31215) > +++ platform/xwiki-applications/trunk/wiki-manager/src/main/resources/XWiki/XWikiServerClassSheet.xml 2010-09-22 01:44:29 UTC (rev 31216) > @@ -36,7 +36,9 @@ > #set ($wiki = $WikiManager.getWikiFromDocumentName($doc.fullName)) > ## > #if ($action && ($action == "create") && $domain && ($domain.trim().length() > 0)) > - #if (!$wiki.containsWikiAlias($domain)) > + #if (!${services.csrf.isTokenValid("$!{request.getParameter('form_token')}")}) > + #error($msg.get("notallowed")) > + #elseif (!$wiki.containsWikiAlias($domain)) > #set ($alias = $wiki.newObject("XWiki.XWikiServerClass")) > $alias.set("server", $domain) > $alias.set("homepage", "Main.WebHome") > @@ -47,7 +49,9 @@ > #end > ## > #if ($action && ($action == "delete") && $domain && ($domain.trim().length() > 0)) > - #if ($wiki.containsWikiAlias($domain)) > + #if (!${services.csrf.isTokenValid("$!{request.getParameter('form_token')}")}) > + #error($msg.get("notallowed")) > + #elseif ($wiki.containsWikiAlias($domain)) > #set ($alias = $wiki.getWikiAlias($domain)) > #set ($removed = $wiki.removeObject($alias.objectApi)) > $wiki.save() > > _______________________________________________ > notifications mailing list > notifications(a)xwiki.org > http://lists.xwiki.org/mailman/listinfo/notifications > -- Thomas Mortagne

14 years, 2 months

[xwiki-devs] [VOTE] Move extension manager as experimental application/component of the platform

by Thomas Mortagne

As planned by the XE 2.5 roadmap (http://enterprise.xwiki.org/xwiki/bin/view/Main/Roadmap) i would like to move extension manager to the platform. It's one application for the UI and one jar for the framework (plus several MB of maven/classloading dependencies). The rationale is that it makes it easier to try and play with it to have as much comments as possible. It would be "taged" as experimental which means anything in it can be changed anytime and nobody can expect a code that use this component's API to not be broken. The current state of Extension Manager is summarized in http://dev.xwiki.org/xwiki/bin/view/Design/ExtensionManagerProposal#HPlanni… and detailed in the rest of the document. I'm pretty confident it's not dangerous for the rest of XE when you don't use it and it can't slow down it or something. So WDYT ? Here is my +1. Thanks, -- Thomas Mortagne

14 years, 2 months

[xwiki-devs] duplicated id generation

by Ricardo Espírito Santo

Hello there, I have been asked to develop something on top of the pdf export facilities on the xwiki. But I run into a small problem: When *generating a pdf with multiple pages*, say all the pages from one space, the ids of elements within the pages get duplicated and the *pdf exportation fails*. i.e.: *Page A* with a title *TheQuickBrownFox...* some text under it and then *page B* with the same title: *TheQuickBrownFox...* with some other text under this. Both will get an auto ID of *TheQuickBrownFox... *Now this doesn't happen for items on the same page since the ID generation mechanism counts all items of the same name and increments it if necessary. But this mechanism does not contemplate cross page duplicated items. To avoid the following error: Property ID "lipsum" (found on "fo:block") previously used; ID values must be unique within a document! (See position 12:39) We thought some changes to the ID generation mechanism could be made: We could* prefix the ID* with the space and page name and this would be a simple elegant solution. Now: Is this the best solution? Will someone point out the best place to do this? If I post a patch with this fix will it be included on the trunk? Thank you in advance, » Ricardo Espírito Santo » Linkare TI - Tecnologias de Informação, Lda

14 years, 2 months

[xwiki-devs] [vote] Commit the section, column and dashboard macro in the platform macros

by Anca Luca

Hi devs, wdyt about committing the section & macro columns from the contrib (https://svn.xwiki.org/svnroot/xwiki/contrib/projects/xwiki-macro-column/) in the platform macros, along with a first, very simple implementation of the dashboard macro (which for the moment only delegates to the section macro)? This would be the first step towards the implementation of the dashboard, and the plan is to be done before 2.5M2. Here's my +1. WDYT? Anca

14 years, 2 months

← Newer
1
2
3
4
5
6
7
8
9
10
Older →

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

xwiki-devs September 2010