Index: openacs-4/packages/xowiki/tcl/includelet-procs.tcl =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/xowiki/tcl/includelet-procs.tcl,v diff -u -N -r1.200 -r1.201 --- openacs-4/packages/xowiki/tcl/includelet-procs.tcl 20 Jul 2015 10:07:57 -0000 1.200 +++ openacs-4/packages/xowiki/tcl/includelet-procs.tcl 7 Aug 2017 23:48:30 -0000 1.201 @@ -38,15 +38,17 @@ if {$ajaxhelper} { ::xo::Page requireCSS "/resources/ajaxhelper/yui/$path" } else { - ::xo::Page requireCSS "http://yui.yahooapis.com/$version/build/$path" + ::xo::Page requireCSS "//yui.yahooapis.com/$version/build/$path" + security::csp::require style-src yui.yahooapis.com } } ::xowiki::Includelet proc require_YUI_JS {{-version 2.7.0} {-ajaxhelper true} path} { if {$ajaxhelper} { ::xo::Page requireJS "/resources/ajaxhelper/yui/$path" } else { - ::xo::Page requireJS "http://yui.yahooapis.com/$version/build/$path" + ::xo::Page requireJS "//yui.yahooapis.com/$version/build/$path" + security::csp::require script-src yui.yahooapis.com } } @@ -194,21 +196,20 @@ set and_names [list] foreach cid_and [split $cid_or ,] { if {![string is integer -strict $cid_and]} { - return -code error "invalid category id '$cid_and'" - ns_log warning "ignore invalid category id '$cid_and'" - continue + ad_return_complaint 1 "invalid category id '[ns_quotehtml $cid_and]'" + ad_script_abort } lappend and_names [::category::get_name $cid_and] lappend ands "exists (select 1 from category_object_map \ where object_id = $item_ref and category_id = $cid_and)" } - lappend or_names "[join $and_names { and }]" + lappend or_names [join $and_names { and }] lappend ors "([join $ands { and }])" } if {$ors eq "()"} { set cnames "" } else { - set cnames "[join $or_names { or }]" + set cnames [join $or_names { or }] set extra_where_clause "and ([join $ors { or }])" } #my log "--cnames $category_spec -> $cnames // <$extra_where_clause>" @@ -441,7 +442,7 @@ set html [next] set localized_title [::xo::localize $title] set link [expr {[string match "*:*" $name] ? - "[ns_quotehtml $localized_title]" : + "[ns_quotehtml $localized_title]" : $localized_title}] ::xo::render_localizer return [subst [[self class] set template]] @@ -461,7 +462,7 @@ set localized_title [::xo::localize $title] set edit_button [my include [list edit-item-button -book_mode true]] set link [expr {[string match "*:*" $name] ? - "[ns_quotehtml $localized_title]" : + "[ns_quotehtml $localized_title]" : $localized_title}] return [subst [[self class] set template]] } -set template {
@@ -573,17 +574,21 @@ set parent_id [[my set __including_page] parent_id] set url [$package_id pretty_link -absolute 1 -siteurl $siteurl -parent_id $parent_id news-item] if {$label eq ""} {set label "Add to [$package_id instance_name]"} - set href [subst -nocommands -nobackslash { - javascript:d=document;w=window;t=''; - if(d.selection){t=d.selection.createRange().text} else - if(d.getSelection){t=d.getSelection()} else - if(w.getSelection){t=w.getSelection()} - void(open('$url?m=create-new&title='+escape(d.title)+ - '&detail_link='+escape(d.location.href)+'&text='+escape(t),'_blank', - 'scrollbars=yes,width=700,height=575,status=yes,resizable=yes,scrollbars=yes')) - }] - regsub -all {[\n ]+} $href " " href - return "[ns_quotehtml $label]" + if {![my exists id]} {my set id [::xowiki::Includelet html_id [self]]} + + template::add_event_listener \ + -id [my id] \ + -script [subst { + d=document;w=window;t=''; + if(d.selection){t=d.selection.createRange().text;} + else if(d.getSelection){t=d.getSelection();} + else if(w.getSelection){t=w.getSelection();} + void(open('$url?m=create-new&title='+escape(d.title)+ + '&detail_link='+escape(d.location.href)+'&text='+escape(t),'_blank', + 'scrollbars=yes,width=700,height=575,status=yes,resizable=yes,scrollbars=yes')); + }] + + return "[ns_quotehtml $label]" } ############################################################################# @@ -681,7 +686,7 @@ set msg "No category tree with name '$name' found." } [my package_id] flush_page_fragment_cache -scope agg - set html "
$msg
" + set html "
[ns_quotehtml $msg]
" if {$edit_html ne ""} { return "$html Manage Categories? $edit_html" } @@ -731,7 +736,7 @@ #append content "
$edit_html
\n" if {!$no_tree_name} { - append content "

$my_tree_name $edit_html

" + append content "

[ns_quotehtml $my_tree_name] $edit_html

" } elseif {$edit_html ne ""} { append content "$edit_html
" } @@ -779,6 +784,7 @@ where c.object_id in ([join $items ,]) and c.object_id = ci.item_id and and r.revision_id = ci.live_revision + and ci.publish_status <> 'production' " } } else { @@ -801,7 +807,12 @@ if {$category_ids ne ""} { foreach cid [split $category_ids ,] { set or_ids [split $cid |] - foreach or_id $or_ids { if {![string is integer $or_id]} {error "invalid category_ids"}} + foreach or_id $or_ids { + if {![string is integer $or_id]} { + ad_return_complaint 1 "invalid category_id" + ad_script_abort + } + } append sql " and exists (select * from category_object_map \ where object_id = ci.item_id and category_id in ([join $or_ids ,]))" } @@ -964,21 +975,21 @@ -party_id [::xo::cc set untrusted_user_id]] set show_heritage $admin_p - TableWidget t1 -volatile \ + TableWidget create t1 -volatile \ -set allow_edit $allow_edit \ -set allow_delete $allow_delete \ -set show_heritage $admin_p \ -columns { - Field date -label [_ xowiki.Page-last_modified] + Field create date -label [_ xowiki.Page-last_modified] if {[[my info parent] set allow_edit]} { - AnchorField edit -CSSclass edit-item-button -label "" -html {style "padding-right: 2px;"} -richtext 1 + AnchorField create edit -CSSclass edit-item-button -label "" -html {style "padding-right: 2px;"} -richtext 1 } if {[[my info parent] set show_heritage]} { - AnchorField inherited -label "" -CSSclass inherited + AnchorField create inherited -label "" -CSSclass inherited } - AnchorField title -label [::xowiki::Page::slot::title set pretty_name] + AnchorField create title -label [::xowiki::Page::slot::title set pretty_name] if {[[my info parent] set allow_delete]} { - AnchorField delete -CSSclass delete-item-button -label "" -richtext 1 + AnchorField create delete -CSSclass delete-item-button -label "" -richtext 1 } } @@ -1061,9 +1072,9 @@ my get_parameters ::xo::Page requireCSS "/resources/acs-templating/lists.css" - TableWidget t1 -volatile \ + TableWidget create t1 -volatile \ -columns { - AnchorField title -label [::xowiki::Page::slot::title set pretty_name] + AnchorField create title -label [::xowiki::Page::slot::title set pretty_name] } xo::dc foreach get_pages \ @@ -1113,10 +1124,10 @@ # my append title " in last $interval" - TableWidget t1 -volatile \ + TableWidget create t1 -volatile \ -columns { - AnchorField title -label [::xowiki::Page::slot::title set pretty_name] - Field users -label [_ xowiki.includelet-visitors] -html { align right } + AnchorField create title -label [::xowiki::Page::slot::title set pretty_name] + Field create users -label [_ xowiki.includelet-visitors] -html { align right } } set since_condition [::xo::dc since_interval_condition time $interval] xo::dc foreach get_pages \ @@ -1136,11 +1147,11 @@ } } else { - TableWidget t1 -volatile \ + TableWidget create t1 -volatile \ -columns { - AnchorField title -label [::xowiki::Page::slot::title set pretty_name] - Field count -label [_ xowiki.includelets-visits] -html { align right } - Field users -label [_ xowiki.includelet-visitors] -html { align right } + AnchorField create title -label [::xowiki::Page::slot::title set pretty_name] + Field create count -label [_ xowiki.includelets-visits] -html { align right } + Field create users -label [_ xowiki.includelet-visitors] -html { align right } } xo::dc foreach get_pages \ [::xo::dc select \ @@ -1193,7 +1204,7 @@ if {[info commands [$feed channel]] eq ""} { set detail "" if {[$feed exists errorMessage]} {set detail \n[$feed set errorMessage]} - return "No data available from $url
$detail" + return "No data available from $url
[ns_quotehtml $detail]" } else { set channel [$feed channel] #set html "

[ns_quotehtml [$channel title]]

" @@ -1229,10 +1240,10 @@ my get_parameters ::xo::Page requireCSS "/resources/acs-templating/lists.css" - TableWidget t1 -volatile \ + TableWidget create t1 -volatile \ -columns { - Field user -label [_ xowiki.includelet-visitors] -html { align right } - Field count -label [_ xowiki.includelets-visits] -html { align right } + Field create user -label [_ xowiki.includelet-visitors] -html { align right } + Field create count -label [_ xowiki.includelets-visits] -html { align right } } ::xo::dc foreach most-frequent-visistors \ [::xo::dc select \ @@ -1276,9 +1287,9 @@ my get_parameters ::xo::Page requireCSS "/resources/acs-templating/lists.css" - TableWidget t1 -volatile \ + TableWidget create t1 -volatile \ -columns { - AnchorField title -label [::xowiki::Page::slot::title set pretty_name] + AnchorField create title -label [::xowiki::Page::slot::title set pretty_name] } set user_id [::xo::cc user_id] set or_clause "or i.item_id in ( @@ -1366,14 +1377,14 @@ set href [$package_id package_url]tag/ ::xo::dc foreach get_tag_counts $sql { set q [list] - if {$summary} {lappend q "summary=$summary"} - if {$popular} {lappend q "popular=$popular"} + if {$summary} {lappend q "summary=[ad_urlencode_query $summary]"} + if {$popular} {lappend q "popular=[ad_urlencode_query $popular]"} set link $href$tag?[join $q &] - #lappend entries "$tag ([ns_quotehtml $nr])" lappend entries "[ns_quotehtml $tag] " + #lappend entries "[ns_quotehtml $tag] " } return [expr {[llength $entries] > 0 ? - "

$label

[join $entries {, }]
\n" : + "

[ns_quotehtml $label]

[join $entries {, }]
\n" : ""}] } @@ -1398,8 +1409,8 @@ set save_tag_link [$package_id make_link -link $p_link $__including_page \ save-tags return_url] set popular_tags_link [$package_id make_link -link $p_link $__including_page \ - popular-tags return_url weblog_page] - + popular-tags] + set tags [lsort [::xowiki::Page get_tags -user_id [::xo::cc user_id] \ -item_id [$__including_page item_id] -package_id $package_id]] set entries [list] @@ -1410,16 +1421,27 @@ } set tags_with_links [join [lsort $entries] {, }] - if {![my exists id]} {my set id [::xowiki::Includelet html_id [self]]} - set content [subst -nobackslashes { + if {![my exists id]} { + my set id [::xowiki::Includelet html_id [self]] + } + set content [subst { #xowiki.your_tags_label#: $tags_with_links - (#xowiki.edit_link#, - #xowiki.popular_tags_link#) + (#xowiki.edit_link#, + #xowiki.popular_tags_link#)
}] + + template::add_event_listener \ + -id [my id]-edit-tags-control \ + -script [subst {document.getElementById("[my id]-edit_tags").style.display="block";}] + + template::add_event_listener \ + -id [my id]-popular-tags-control \ + -script [subst {get_popular_tags("[ns_quotehtml $popular_tags_link]","[my id]");}] + return $content } @@ -1453,7 +1475,7 @@ lassign [category::get_data $cat_id] category_id category_name tree_id tree_name #my log "--cat $cat_id $category_id $category_name $tree_id $tree_name" set label [ns_quotehtml "$category_name ($tree_name)"] - set entry "$label" + set entry "[ns_quotehtml $label]" if {$notification_type ne ""} { set notification_text "Subscribe category $category_name in tree $tree_name" set notifications_return_url [expr {[info exists return_url] ? $return_url : [ad_return_url]}] @@ -1488,9 +1510,11 @@ my instvar __including_page set item_id [$__including_page item_id] set gc_return_url [$package_id url] + # # Even, if general_comments is turned on, don't offer the # link to add comments, unless the user is logged in. # Otherwise, this attracts spammers and search bots + # if {[::xo::cc user_id] != 0} { set gc_link [general_comments_create_link \ -object_name [$__including_page title] \ @@ -1546,7 +1570,7 @@ # the following opens a window, where a user can edit the posted info. # however, it seems not possible to add tags this way automatically. - # Alternatively, one could use the api as descibed below; this allows + # Alternatively, one could use the api as described below; this allows # tags, but no editing... # http://farm.tucows.com/blog/_archives/2005/3/24/462869.html#adding @@ -1585,7 +1609,7 @@ # - # my-references lists the pages which are refering to the + # my-references lists the pages which are referring to the # including page # ::xowiki::IncludeletClass create my-references \ @@ -1601,9 +1625,11 @@ # The same image might be linked both, as img or file on one page, # so we need DISTINCT. - xo::dc foreach get_references "SELECT DISTINCT page,ci.name,ci.parent_id,o.package_id as pid \ - from xowiki_references,cr_items ci,acs_objects o \ - where reference = :item_id and ci.item_id = page and ci.item_id = o.object_id" { + xo::dc foreach -prepare integer get_references { + SELECT DISTINCT page,ci.name,ci.parent_id,o.package_id as pid + from xowiki_references,cr_items ci,acs_objects o + where reference = :item_id and ci.item_id = page and ci.item_id = o.object_id + } { if {$pid eq ""} { # in version less then oacs 5.2, this returns empty set pid [::xo::dc get_value 5.2 {select package_id from cr_folders where folder_id = :parent_id}] @@ -1632,7 +1658,7 @@ } # - # my-refers lists the pages which are refered to by the + # my-refers lists the pages which are referred to by the # including page # ::xowiki::IncludeletClass create my-refers \ @@ -1726,7 +1752,7 @@ set since_condition "time > TO_TIMESTAMP(:since,'YYYY-MM-DD HH24:MI:SS')" set where_clause "package_id=:package_id and $since_condition $extra_where_clause" - set when "
in last $interval" + set when "
in last [ns_quotehtml $interval]" set output "" @@ -1758,14 +1784,16 @@ -mode_3_fmt "%d %b %Y, at %X"] set name [::xo::get_user_name $user_id] - append output "$name$pretty_time\n" + append output [subst {[ns_quotehtml $name] + [ns_quotehtml $pretty_time] + }] } - if {$output ne ""} {set output "$output
\n"} + if {$output ne ""} {set output "$output
\n"} } set users [expr {$count == 0 ? "No registered users" : $count == 1 ? "1 registered user" : "$count registered users"}] - return "
$users$what$when
$output" + return "
[ns_quotehtml $users$what]$when
$output" } } @@ -2226,6 +2254,7 @@ toc instproc initialize {} { my get_parameters + my array set navigation {count 0 position 0 current ""} set list_mode 0 switch -- $style { @@ -2360,9 +2389,10 @@ set html [$p include [list $b -book_mode true]] if {$html ne ""} {lappend menu $html} } + set label "$page_order $title" append output "" \ "
" [join $menu " "] "
" \ - "$page_order $title" \ + "[ns_quotehtml $label]" \ $content } return $output @@ -2400,18 +2430,22 @@ set as_att_value [::xowiki::Includelet html_encode $inner_html] set save_form [subst {

- Create Form from Content + Create Form from Content

}] + template::add_event_listener \ + -id $id-control \ + -script [subst {document.getElementById("$id").style.display="inline";}] + return $inner_html$save_form } } @@ -2457,9 +2491,10 @@ #
not allowed in h*: style='float: right; position: relative; top: -32px set menu "$menu" } + set label "$page_order $title" append output \ "" $menu \ - "$page_order $title" \ + "[ns_quotehtml $label]" \ $content } @@ -2536,7 +2571,7 @@ if {$allow_reorder ne ""} { for {set l $last_level} {$l > 0} {incr l -1} {append output "\n" } - append output "\n" + append output "\n" } return $output } @@ -2658,8 +2693,7 @@ - + $output @@ -3121,15 +3155,15 @@ foreach {node label} $nodes { set link "[ns_quotehtml $label]" - append nodesHTML "
    [ns_quotehtml $link]
\n" + append nodesHTML "
    $link
\n" } set edgesHTML ""; set c 0 foreach p [lsort -index 1 -decreasing -integer $edges] { lassign $p edge weight width lassign [split $edge ,] a b #my log "--G $a -> $b check $c > $max_edges, $weight < $cutoff" - if {[incr c]>$max_edges} break + if {[incr c] > $max_edges} break if {$weight < $cutoff} continue append edgesHTML "g.addEdge(\$('$a'), \$('$b'), $weight, 0, $width);\n" } @@ -3140,7 +3174,7 @@ [set nodesHTML] -