Changes for page Attachments
Last modified by Sebastian Marsching on 2024/01/08 23:13
From version 2.1
edited by Sebastian Marsching
on 2022/05/29 22:41
on 2022/05/29 22:41
Change comment:
Install extension [org.xwiki.platform:xwiki-platform-attachment-ui/14.4]
To version 3.1
edited by Sebastian Marsching
on 2022/07/10 15:56
on 2022/07/10 15:56
Change comment:
Install extension [org.xwiki.platform:xwiki-platform-attachment-ui/14.5]
Summary
-
Page properties (1 modified, 0 added, 0 removed)
-
Objects (1 modified, 0 added, 0 removed)
Details
- Page properties
-
- Content
-
... ... @@ -79,7 +79,10 @@ 79 79 #set ($returnURL = $escapetool.url($doc.getURL('view', $request.queryString))) 80 80 #set ($deleteURL = $targetAttachDocument.getAttachmentURL($attachment.filename, 'delattachment', "xredirect=${returnURL}&form_token=$!{services.csrf.getToken()}") ) 81 81 #set ($viewURL = $targetAttachDocument.getAttachmentURL($attachment.filename) )##{'name' : 'download', 'url' : $viewURL, 'rel' : '__blank'} 82 - #set ($selectURL = $targetDocument.getURL(${options.get('docAction')}, "${options.get('classname')}_${options.get('object')}_${options.get('property')}=${attachment.filename}&form_token=$!{services.csrf.getToken()}")) 82 + #set ($selectURL = $targetDocument.getURL(${options.get('docAction')}, $escapetool.url({ 83 + "${options.get('classname')}_${options.get('object')}_${options.get('property')}": ${attachment.filename}, 84 + 'form_token': $!{services.csrf.getToken()} 85 + }))) 83 83 #attachmentPicker_displayEndFrame ([{'name' : 'select', 'url' : $selectURL}, {'name' : 'delete', 'url' : $deleteURL}]) 84 84 #end 85 85 ... ... @@ -92,7 +92,9 @@ 92 92 *# 93 93 #macro (attachmentPicker_displayStartFrame $boxOptions $currentValue) 94 94 (% class="gallery_attachmentbox $!{boxOptions.cssClass} #if ("$!{boxOptions.value}" == $currentValue) current#{end}" %)((( 95 - (% class="gallery_attachmenttitle" title="$!{boxOptions.value}" %)((($boxOptions.text))) 98 + (% class="gallery_attachmenttitle" title="$services.rendering.escape($!{boxOptions.value}, 'xwiki/2.1')" %)((( 99 + $services.rendering.escape($boxOptions.text, 'xwiki/2.1') 100 + ))) 96 96 (% class="gallery_attachmentframe" %)((( 97 97 #end 98 98 ... ... @@ -108,13 +108,13 @@ 108 108 ## Compute the attachment reference because there's no getter. 109 109 #set ($attachmentReference = $services.model.createAttachmentReference($attachment.document.documentReference, 110 110 $attachment.filename)) 111 - #set ($attachmentStringReference = $services.model.serialize($attachmentReference, 'default')) 116 + #set ($attachmentStringReference = $services.rendering.escape($services.model.serialize($attachmentReference, 'default'), 'xwiki/2.1')) 112 112 #if ($attachment.isImage() && $options.displayImage) 113 113 ## We add the version to the query string in order to invalidate the cache when an image attachment is replaced. 114 114 #set ($queryString = $escapetool.url({'version': $attachment.version})) 115 115 [[[[image:${attachmentStringReference}||width=180 queryString="$queryString"]]>>attach:$attachmentStringReference]] 116 116 #else 117 - * (% class="mime" %){{html wiki=false clean=false}}#mimetypeimg($attachment.getMimeType().toLowerCase() $attachment.getFilename().toLowerCase()){{/html}}(%%) (% class="filename" %)$attachment.getFilename()(% %) 122 + * (% class="mime" %){{html wiki=false clean=false}}#mimetypeimg($attachment.getMimeType().toLowerCase() $attachment.getFilename().toLowerCase()){{/html}}(%%) (% class="filename" %)$services.rendering.escape($attachment.getFilename(), 'xwiki/2.1')(% %) 118 118 * v$attachment.getVersion() (#dynamicsize($attachment.longSize)) 119 119 * $services.localization.render('core.viewers.attachments.author', [$!{xwiki.getUserName($attachment.author, false)}]) $services.localization.render('core.viewers.attachments.date', [$!{xwiki.formatDate($attachment.date, 'dd/MM/yyyy hh:mm')}]) 120 120 * (% class="buttonwrapper" %)[[${services.localization.render("${translationPrefix}.actions.download")}>>attach:${attachmentStringReference}||title="$services.localization.render("${translationPrefix}.actions.download")" rel="__blank" class="button"]](%%)
- XWiki.WikiMacroClass[0]
-
- Macro code
-
... ... @@ -45,9 +45,18 @@ 45 45 #set ($displayImage = false) 46 46 #end 47 47 #if ($displayImage) 48 - #set ($alt = "$!{xcontext.macro.params.alternateText}") 49 - #set ($width = "$!{xcontext.macro.params.width}") 50 - #set ($height = "$!{xcontext.macro.params.height}") 48 + #set ($alt = '') 49 + #set ($width = '') 50 + #set ($height = '') 51 + #if ($xcontext.macro.params.alternateText) 52 + #set ($alt = "$services.rendering.escape($!{xcontext.macro.params.alternateText}, 'xwiki/2.1')") 53 + #end 54 + #if ($xcontext.macro.params.width) 55 + #set ($width = "$services.rendering.escape($!{xcontext.macro.params.width}, 'xwiki/2.1')") 56 + #end 57 + #if ($xcontext.macro.params.height) 58 + #set ($height = "$services.rendering.escape($!{xcontext.macro.params.height}, 'xwiki/2.1')") 59 + #end 51 51 #set ($imageParams = '') 52 52 #if ("${width}" != '') 53 53 #set($imageParams = "$!{imageParams} width=${width}") ... ... @@ -112,9 +112,9 @@ 112 112 #set ($attachmentResource = '') 113 113 #end 114 114 #if ($displayImage) 115 - (% class="$!{cssClass}#if (!$attachment) hidden#end" %)(((#if ("$!{attachmentResource}" != '' || $forceElement)#if($withLink)[[#end[[image:${attachmentResource}$!{imageParams}]]#if($withLink)>>attach:${attachmentResource}||rel=lightbox]]#{end}#end)))## 124 + (% class="$!{cssClass}#if (!$attachment) hidden#end" %)(((#if ("$!{attachmentResource}" != '' || $forceElement)#if($withLink)[[#end[[image:$services.rendering.escape(${attachmentResource}, 'xwiki/2.1')$!{imageParams}]]#if($withLink)>>attach:$services.rendering.escape(${attachmentResource},'xwiki/2.1')||rel=lightbox]]#{end}#end)))## 116 116 #else 117 - (% class="$!{cssClass}" %)#if ("$!{attachmentResource}" != '' || $forceElement)#if ($withLink)[[attach:${attachmentResource}||rel=__blank]]#{else}(% class="displayed" %)#if($targetPermView)$!{attachmentName}#{else}Access Denied#{end}(% %)#{end}#end(%%)## 126 + (% class="$!{cssClass}" %)#if ("$!{attachmentResource}" != '' || $forceElement)#if ($withLink)[[attach:${attachmentResource}||rel=__blank]]#{else}(% class="displayed" %)#if($targetPermView)$services.rendering.escape($!{attachmentName}, 'xwiki/2.1')#{else}Access Denied#{end}(% %)#{end}#end(%%)## 118 118 #end 119 119 #end 120 120 ... ... @@ -137,8 +137,9 @@ 137 137 #if ($hasTargetDoc) 138 138 #set ($queryString.targetdocname = $targetdoc.fullName) 139 139 #end 140 - (% class="buttonwrapper" %)[[$buttontext>>${xcontext.macro.doc.fullName}||queryString="$escapetool.url($queryString)" 141 - class="attachment-picker-start button" title="$buttontext"]](%%)## 149 + #set ($linkLabel = $services.rendering.escape($services.rendering.escape($buttontext, 'xwiki/2.1'), 'xwiki/2.1')) 150 + (% class="buttonwrapper" %)[[$linkLabel>>${xcontext.macro.doc.fullName}||queryString="$escapetool.url($queryString)" 151 + class="attachment-picker-start button" title="$services.rendering.escape($buttontext, 'xwiki/2.1')"]](%%)## 142 142 #end 143 143 #end 144 144 {{/velocity}}