Author: hannes
Date: Sat Jun 17 01:52:37 2006
New Revision: 10800
Added:
trunk/libraries/koala/www/wiki/preview.dsp (contents, props changed)
Modified:
trunk/libraries/koala/sources/examples/wiki/wiki.dylan
trunk/libraries/koala/www/wiki/edit.dsp
trunk/libraries/koala/www/wiki/footer.dsp
trunk/libraries/koala/www/wiki/header.dsp
trunk/libraries/koala/www/wiki/version.dsp
Log:
Job: 7219
*implemented preview
*fixed xss in author or comment (always escape them)
Modified: trunk/libraries/koala/sources/examples/wiki/wiki.dylan
==============================================================================
--- trunk/libraries/koala/sources/examples/wiki/wiki.dylan (original)
+++ trunk/libraries/koala/sources/examples/wiki/wiki.dylan Sat Jun 17
01:52:37 2006
@@ -36,20 +36,23 @@
define method page-content
(title :: <string>, #key format = #"raw", version)
=> (content :: false-or(<string>))
- let page = find-page(title);
- if (page)
- let latest = page.revisions.last;
- let raw-text = if (version & version > 0 & version <= latest.page-version)
- page.revisions[version - 1].content;
- else
- latest.content
- end;
- select (format)
- #"raw" => raw-text;
- // HACK HACK HACK. Prepend a newline so the start-of-line context
applies.
- #"html" => wiki-markup-to-html(concatenate("\n", raw-text));
- otherwise => error("Invalid format (%=) requested.", format);
- end
+ let text = *content*;
+ unless (text)
+ let page = find-page(title);
+ if (page)
+ let latest = page.revisions.last;
+ text := if (version & version > 0 & version <= latest.page-version)
+ page.revisions[version - 1].content;
+ else
+ latest.content
+ end;
+ end;
+ end;
+ select (format)
+ #"raw" => text;
+ // HACK HACK HACK. Prepend a newline so the start-of-line context applies.
+ #"html" => wiki-markup-to-html(concatenate("\n", text));
+ otherwise => error("Invalid format (%=) requested.", format);
end
end;
@@ -68,8 +71,7 @@
(page :: <view-page>, request :: <request>, response :: <response>)
dynamic-bind (*title* = get-query-value("title") | *default-title*,
*version* =
ignore-errors(string-to-integer(get-query-value("v"))),
- *content* = page-content(*title*, version: *version*, format:
#"html")
- | "(no content)")
+ *content* = page-content(*title*, version: *version*) | "(no
content)")
next-method(); // process the DSP template
end;
end;
@@ -81,7 +83,7 @@
define method respond-to-get
(page :: <edit-page>, request :: <request>, response :: <response>)
- dynamic-bind (*title* = *title* | get-query-value("title"),
+ dynamic-bind (*title* = get-query-value("title"),
*content* = if (*title* & find-page(*title*))
latest-text(find-page(*title*));
else
@@ -94,46 +96,57 @@
define named-method new-page? in wiki
(page :: <wiki-page>, request :: <request>)
- *title* = ""
+ *title* = "new"
end;
define method respond-to-post
(page :: <edit-page>, request :: <request>, response :: <response>)
- let title = trim(get-query-value("title") | "");
- let content = get-query-value("page-content") | "";
- if (~ logged-in?(request))
- note-form-error("You must be logged in to edit a page.");
- // redisplay edit page.
- dynamic-bind (*title* = title,
- *content* = content)
- respond-to-get(page, request, response);
- end;
- elseif (title = "")
- note-form-error("You must supply a valid page title.", field: "title");
- // redisplay edit page.
- dynamic-bind (*title* = title,
- *content* = content)
- respond-to-get(page, request, response);
- end;
+ if (get-query-value("preview"))
+ respond-to-get(*preview-page*, request, response)
else
- save-page(title, content, comment: get-query-value("comment"));
- // Show the page after editing
- respond-to-get(*view-page*, request, response);
+ let title = trim(get-query-value("title") | "");
+ let content = get-query-value("page-content") | "";
+ if (~ logged-in?(request))
+ note-form-error("You must be logged in to edit a page.");
+ // redisplay edit page.
+ dynamic-bind (*title* = title,
+ *content* = content)
+ respond-to-get(page, request, response);
+ end;
+ elseif (title = "")
+ note-form-error("You must supply a valid page title.", field: "title");
+ // redisplay edit page.
+ dynamic-bind (*title* = title,
+ *content* = content)
+ respond-to-get(page, request, response);
+ end;
+ else
+ save-page(title, content, comment: get-query-value("comment"));
+ // Show the page after editing
+ respond-to-get(*view-page*, request, response);
+ end;
end;
end;
-// Not sure this is even needed.
-define page new-page (<wiki-page>)
- (url: "/wiki/new.dsp",
- source: "wiki/edit.dsp")
- keyword page-title:, init-value: "(new page)";
+define page preview-page (<wiki-page>)
+ (url: "/wiki/preview.dsp",
+ source: "wiki/preview.dsp")
+end;
+
+define thread variable *comment* = #f;
+
+define tag show-comment in wiki
+ (page :: <wiki-page>, response :: <response>)
+ ()
+ write(output-stream(response), *comment*);
end;
define method respond-to-get
- (page :: <new-page>, request :: <request>, response :: <response>)
- dynamic-bind (*title* = "",
- *content* = "")
- respond-to-get(*edit-page*, request, response);
+ (page :: <preview-page>, request :: <request>, response :: <response>)
+ dynamic-bind (*title* = get-query-value("title") | "",
+ *content* = get-query-value("page-content") | "",
+ *comment* = get-query-value("comment") | "")
+ next-method();
end;
end;
@@ -394,8 +407,7 @@
(page :: <wiki-page>, response :: <response>)
(format :: <string> = "raw")
write(output-stream(response),
- (*title* & page-content(*title*, version: *version*, format:
as(<symbol>, format)))
- | *content*);
+ page-content(*title*, version: *version*, format: as(<symbol>,
format)));
end;
define body tag show-revisions in wiki
@@ -580,13 +592,13 @@
define tag show-change-author in wiki
(page :: <wiki-page>, response :: <response>)
()
- write(output-stream(response), *change*.author);
+ write(output-stream(response), escape-xml(*change*.author));
end;
define tag show-change-comment in wiki
(page :: <wiki-page>, response :: <response>)
()
- write(output-stream(response), *change*.comment);
+ write(output-stream(response), escape-xml(*change*.comment));
end;
define page admin-page (<wiki-page>)
Modified: trunk/libraries/koala/www/wiki/edit.dsp
==============================================================================
--- trunk/libraries/koala/www/wiki/edit.dsp (original)
+++ trunk/libraries/koala/www/wiki/edit.dsp Sat Jun 17 01:52:37 2006
@@ -37,7 +37,8 @@
<br/>
Comment: <input type="text" name="comment"/>
<br/>
- <input type="submit" value="Save"/>
+ <input type="submit" name="preview" value="Preview"/>
+ <input type="submit" name="save" value="Save"/>
</div>
</form>
</dsp:then>
Modified: trunk/libraries/koala/www/wiki/footer.dsp
==============================================================================
--- trunk/libraries/koala/www/wiki/footer.dsp (original)
+++ trunk/libraries/koala/www/wiki/footer.dsp Sat Jun 17 01:52:37 2006
@@ -19,11 +19,6 @@
<a href="/wiki/recent.dsp">Recent Changes</a>
<a href="/wiki/index.dsp">Index</a>
<a href="/wiki/version.dsp?title=<wiki:show-title/>">History</a>
- <span class="lastrevisions">
- <wiki:show-revisions count="10">
- <a class="revisionlink" href="/wiki/view.dsp?title=<wiki:show-title
v="false"/>&v=<wiki:version/>">[<wiki:version/>]</a>
- </wiki:show-revisions>
- </span>
</div>
<p id="valid_xhtml"><a href="http://validator.w3.org/check?uri=referer";><img
src="http://www.w3.org/Icons/valid-xhtml10"; alt="Valid XHTML 1.0!" height="31"
width="88" /></a></p>
</div>
Modified: trunk/libraries/koala/www/wiki/header.dsp
==============================================================================
--- trunk/libraries/koala/www/wiki/header.dsp (original)
+++ trunk/libraries/koala/www/wiki/header.dsp Sat Jun 17 01:52:37 2006
@@ -10,7 +10,7 @@
</form>
<div class="navbar">
<a href="/wiki/view.dsp?title=Home">Home</a>
- <a href="/wiki/new.dsp">New Page</a>
+ <a href="/wiki/edit.dsp?title=new">New Page</a>
<a href="/wiki/view.dsp?title=Markup">Wiki Markup</a>
<a
href="/wiki/backlink.dsp?title=<wiki:show-title/>">Backlinks</a>
<dsp:when test="editable?">
Added: trunk/libraries/koala/www/wiki/preview.dsp
==============================================================================
--- (empty file)
+++ trunk/libraries/koala/www/wiki/preview.dsp Sat Jun 17 01:52:37 2006
@@ -0,0 +1,29 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";>
+<%dsp:taglib name="wiki"/>
+<html xmlns="http://www.w3.org/1999/xhtml";>
+<head>
+ <title>Dylan Wiki: Preview of <wiki:show-title/></title>
+ <link rel="stylesheet" href="/wiki/wiki.css"/>
+</head>
+
+<body>
+
+ <%dsp:include url="header.dsp"/>
+
+ <dsp:show-form-notes/>
+
+ <h1>Preview for "<wiki:show-title v="false" for-url="false"/>"</h1>
+ <form action="/wiki/edit.dsp" method="post">
+ <div id="edit">
+ <input type="hidden" name="title" value="<wiki:show-title/>"/>
+ <wiki:show-content format="html"/><br/><hr/>
+ <textarea name="page-content" cols="80" rows="20"><wiki:show-content
format="raw"/></textarea><br/>
+ Comment: <input type="text" name="comment"
value="<wiki:show-comment/>"/><br/>
+ <input type="submit" name="preview" value="Preview"/>
+ <input type="submit" name="save" value="Save"/>
+ </div>
+ </form>
+
+ <%dsp:include url="footer.dsp"/>
+</body>
+</html>
Modified: trunk/libraries/koala/www/wiki/version.dsp
==============================================================================
--- trunk/libraries/koala/www/wiki/version.dsp (original)
+++ trunk/libraries/koala/www/wiki/version.dsp Sat Jun 17 01:52:37 2006
@@ -14,7 +14,7 @@
<h3>Version History of <wiki:show-title/></h3>
<ul>
<wiki:show-versions>
- <li><wiki:show-change-timestamp/> version <wiki:show-change-version/> <a
href="/wiki/diff.dsp?title=<wiki:show-change-title/>&version=<wiki:show-change-version/>">diff</a>
by <wiki:show-change-author/> Comment <wiki:show-change-comment/></li>
+ <li><wiki:show-change-timestamp/> version <wiki:show-change-version/> <a
href="/wiki/diff.dsp?title=<wiki:show-change-title/>&version=<wiki:show-change-version/>">diff
to previous</a> by <wiki:show-change-author/> Comment
<wiki:show-change-comment/></li>
</wiki:show-versions>
</ul>
</div>
--
Gd-chatter mailing list
Gd-chatter@xxxxxxxxxxxxxxxx
https://www.gwydiondylan.org/mailman/listinfo/gd-chatter
|
