Changes for page Attachments

Last modified by Sebastian Marsching on 2024/01/08 23:13
From version 2.1
edited by Sebastian Marsching
on 2022/05/29 22:41
Change comment: Install extension [org.xwiki.platform:xwiki-platform-attachment-ui/14.4]
To version 4.1
edited by Sebastian Marsching
on 2022/08/02 11:45
Change comment: Migrated property [defaultCategories] from class [XWiki.WikiMacroClass]

Summary

Details

Page properties
Content
... ... @@ -79,7 +79,10 @@
79 79   #set ($returnURL = $escapetool.url($doc.getURL('view', $request.queryString)))
80 80   #set ($deleteURL = $targetAttachDocument.getAttachmentURL($attachment.filename, 'delattachment', "xredirect=${returnURL}&form_token=$!{services.csrf.getToken()}") )
81 81   #set ($viewURL = $targetAttachDocument.getAttachmentURL($attachment.filename) )##{'name' : 'download', 'url' : $viewURL, 'rel' : '__blank'}
82 - #set ($selectURL = $targetDocument.getURL(${options.get('docAction')}, "${options.get('classname')}_${options.get('object')}_${options.get('property')}=${attachment.filename}&form_token=$!{services.csrf.getToken()}"))
82 + #set ($selectURL = $targetDocument.getURL(${options.get('docAction')}, $escapetool.url({
83 + "${options.get('classname')}_${options.get('object')}_${options.get('property')}": ${attachment.filename},
84 + 'form_token': $!{services.csrf.getToken()}
85 + })))
83 83   #attachmentPicker_displayEndFrame ([{'name' : 'select', 'url' : $selectURL}, {'name' : 'delete', 'url' : $deleteURL}])
84 84  #end
85 85  
... ... @@ -92,7 +92,9 @@
92 92   *#
93 93  #macro (attachmentPicker_displayStartFrame $boxOptions $currentValue)
94 94   (% class="gallery_attachmentbox $!{boxOptions.cssClass} #if ("$!{boxOptions.value}" == $currentValue) current#{end}" %)(((
95 - (% class="gallery_attachmenttitle" title="$!{boxOptions.value}" %)((($boxOptions.text)))
98 + (% class="gallery_attachmenttitle" title="$services.rendering.escape($!{boxOptions.value}, 'xwiki/2.1')" %)(((
99 + $services.rendering.escape($boxOptions.text, 'xwiki/2.1')
100 + )))
96 96   (% class="gallery_attachmentframe" %)(((
97 97  #end
98 98  
... ... @@ -108,13 +108,13 @@
108 108   ## Compute the attachment reference because there's no getter.
109 109   #set ($attachmentReference = $services.model.createAttachmentReference($attachment.document.documentReference,
110 110   $attachment.filename))
111 - #set ($attachmentStringReference = $services.model.serialize($attachmentReference, 'default'))
116 + #set ($attachmentStringReference = $services.rendering.escape($services.model.serialize($attachmentReference, 'default'), 'xwiki/2.1'))
112 112   #if ($attachment.isImage() && $options.displayImage)
113 113   ## We add the version to the query string in order to invalidate the cache when an image attachment is replaced.
114 114   #set ($queryString = $escapetool.url({'version': $attachment.version}))
115 115   [[[[image:${attachmentStringReference}||width=180 queryString="$queryString"]]>>attach:$attachmentStringReference]]
116 116   #else
117 - * (% class="mime" %){{html wiki=false clean=false}}#mimetypeimg($attachment.getMimeType().toLowerCase() $attachment.getFilename().toLowerCase()){{/html}}(%%) (% class="filename" %)$attachment.getFilename()(% %)
122 + * (% class="mime" %){{html wiki=false clean=false}}#mimetypeimg($attachment.getMimeType().toLowerCase() $attachment.getFilename().toLowerCase()){{/html}}(%%) (% class="filename" %)$services.rendering.escape($attachment.getFilename(), 'xwiki/2.1')(% %)
118 118   * v$attachment.getVersion() (#dynamicsize($attachment.longSize))
119 119   * $services.localization.render('core.viewers.attachments.author', [$!{xwiki.getUserName($attachment.author, false)}]) $services.localization.render('core.viewers.attachments.date', [$!{xwiki.formatDate($attachment.date, 'dd/MM/yyyy hh:mm')}])
120 120   * (% class="buttonwrapper" %)[[${services.localization.render("${translationPrefix}.actions.download")}>>attach:${attachmentStringReference}||title="$services.localization.render("${translationPrefix}.actions.download")" rel="__blank" class="button"]](%%)
XWiki.WikiMacroClass[0]
Macro code
... ... @@ -45,9 +45,18 @@
45 45   #set ($displayImage = false)
46 46  #end
47 47  #if ($displayImage)
48 - #set ($alt = "$!{xcontext.macro.params.alternateText}")
49 - #set ($width = "$!{xcontext.macro.params.width}")
50 - #set ($height = "$!{xcontext.macro.params.height}")
48 + #set ($alt = '')
49 + #set ($width = '')
50 + #set ($height = '')
51 + #if ($xcontext.macro.params.alternateText)
52 + #set ($alt = "$services.rendering.escape($!{xcontext.macro.params.alternateText}, 'xwiki/2.1')")
53 + #end
54 + #if ($xcontext.macro.params.width)
55 + #set ($width = "$services.rendering.escape($!{xcontext.macro.params.width}, 'xwiki/2.1')")
56 + #end
57 + #if ($xcontext.macro.params.height)
58 + #set ($height = "$services.rendering.escape($!{xcontext.macro.params.height}, 'xwiki/2.1')")
59 + #end
51 51   #set ($imageParams = '')
52 52   #if ("${width}" != '')
53 53   #set($imageParams = "$!{imageParams} width=${width}")
... ... @@ -112,9 +112,9 @@
112 112   #set ($attachmentResource = '')
113 113   #end
114 114   #if ($displayImage)
115 - (% class="$!{cssClass}#if (!$attachment) hidden#end" %)(((#if ("$!{attachmentResource}" != '' || $forceElement)#if($withLink)[[#end[[image:${attachmentResource}$!{imageParams}]]#if($withLink)>>attach:${attachmentResource}||rel=lightbox]]#{end}#end)))##
124 + (% class="$!{cssClass}#if (!$attachment) hidden#end" %)(((#if ("$!{attachmentResource}" != '' || $forceElement)#if($withLink)[[#end[[image:$services.rendering.escape(${attachmentResource}, 'xwiki/2.1')$!{imageParams}]]#if($withLink)>>attach:$services.rendering.escape(${attachmentResource},'xwiki/2.1')||rel=lightbox]]#{end}#end)))##
116 116   #else
117 - (% class="$!{cssClass}" %)#if ("$!{attachmentResource}" != '' || $forceElement)#if ($withLink)[[attach:${attachmentResource}||rel=__blank]]#{else}(% class="displayed" %)#if($targetPermView)$!{attachmentName}#{else}Access Denied#{end}(% %)#{end}#end(%%)##
126 + (% class="$!{cssClass}" %)#if ("$!{attachmentResource}" != '' || $forceElement)#if ($withLink)[[attach:${attachmentResource}||rel=__blank]]#{else}(% class="displayed" %)#if($targetPermView)$services.rendering.escape($!{attachmentName}, 'xwiki/2.1')#{else}Access Denied#{end}(% %)#{end}#end(%%)##
118 118   #end
119 119  #end
120 120  
... ... @@ -137,8 +137,9 @@
137 137   #if ($hasTargetDoc)
138 138   #set ($queryString.targetdocname = $targetdoc.fullName)
139 139   #end
140 - (% class="buttonwrapper" %)[[$buttontext>>${xcontext.macro.doc.fullName}||queryString="$escapetool.url($queryString)"
141 - class="attachment-picker-start button" title="$buttontext"]](%%)##
149 + #set ($linkLabel = $services.rendering.escape($services.rendering.escape($buttontext, 'xwiki/2.1'), 'xwiki/2.1'))
150 + (% class="buttonwrapper" %)[[$linkLabel>>${xcontext.macro.doc.fullName}||queryString="$escapetool.url($queryString)"
151 + class="attachment-picker-start button" title="$services.rendering.escape($buttontext, 'xwiki/2.1')"]](%%)##
142 142   #end
143 143  #end
144 144  {{/velocity}}