fix - Wiki shows add link to users who don't have privileges to add

fix - XSS Vulnerability in Wiki page titles fix - Wiki does not allow you to specify the content to allow in submitted pages or content filtering fix - GetSyndicated Content Workflow activity doesn't check for timeout fix - GetSyndicated Content Workflow activity does not trap errors
2007-01-07 03:12:21 +00:00 · 2007-01-07 03:12:21 +00:00 · 2ad1b494fe
commit 2ad1b494fe
parent fc557b517b
8 changed files with 196 additions and 14 deletions
--- a/docs/changelog/7.x.x.txt
+++ b/docs/changelog/7.x.x.txt
@ -5,6 +5,13 @@
 - fix: Closed Posts Displaying in CS
 - RFE: testEnvironment improvement
 - fix: Cannot add new page to the Wiki
+ - fix: Wiki does not have content type restrictions and can not use
+   	the content filtering system
+ - fix: GetSyndicatedContent Workflow Activity not trapping errors.
+ - fix: GetSyndicatedContent Workflow Activity not checking for timeout.
+ - fix: Wiki displays 'Add a new page" link to users who are not allowed to
+   	add pages.
+ - fix: XSS vulnerability in Wiki Page titles. 
 - Removed the requirement for DBIx::FullTextSearch from testEnvironment.pl
 	since it hasn't been needed since 6.5. It was just never removed.

--- a/docs/upgrades/templates-7.3.4/wiki_search.tmpl
+++ b/docs/upgrades/templates-7.3.4/wiki_search.tmpl
@ -0,0 +1,26 @@
+#WikiSearchTmpl00000001
+
+<tmpl_if displayTitle><h2><tmpl_var searchLabel></h2></tmpl_if>
+
+
+<tmpl_var searchFormHeader><tmpl_var searchQuery><tmpl_var searchSubmit><tmpl_var searchFormFooter>
+<tmpl_if performSearch>
+	<h3><tmpl_var resultsLabel></h3>
+	<tmpl_if searchResults>
+		<ul><tmpl_loop searchResults><li><a href="<tmpl_var url>"><tmpl_var title></a></li></tmpl_loop></ul>
+		<tmpl_if pagination.pageCount.isMultiple>
+		<div class="pagination">
+			<tmpl_var pagination.previousPage> &#183; <tmpl_var pagination.pageList.upTo10> &#183; <tmpl_var pagination.nextPage>
+		</div>
+		</tmpl_if>
+	<p><tmpl_var notWhatYouWanted></p>
+		<p><a href="<tmpl_var addPageUrl>"><tmpl_var addPageLabel></a></p>
+	<tmpl_else>
+		<p><tmpl_var nothingFoundLabel></p>
+		<tmpl_if canAddPages><p><a href="<tmpl_var addPageUrl>"><tmpl_var addPageLabel></a></p></tmpl_if>
+	</tmpl_if>
+</tmpl_if>
+<div style="padding: 8px;"><a href="<tmpl_var mostPopularUrl>"><tmpl_var mostPopularLabel></a> | <a href="<tmpl_var recentChangesUrl>"><tmpl_var recentChangesLabel></a> | <a href="<tmpl_var wikiHomeUrl>"><tmpl_var wikiHomeLabel></a></div>
+~~~
+
+
--- a/docs/upgrades/upgrade_7.3.3-7.3.4.pl
+++ b/docs/upgrades/upgrade_7.3.3-7.3.4.pl
@ -20,17 +20,19 @@ my $quiet; # this line required

 my $session = start(); # this line required

-# upgrade functions go here
+fixWiki($session);

 finish($session); # this line required


 ##-------------------------------------------------
-#sub exampleFunction {
-#	my $session = shift;
-#	print "\tWe're doing some stuff here that you should know about.\n" unless ($quiet);
-#	# and here's our code
-#}
+sub fixWiki {
+	my $session = shift;
+	print "\tImplementing replacements and content filtering for the Wiki Wobject.\n" unless ($quiet);
+	
+	$session->db->write("alter table WikiMaster add column useContentFilter int(11) default 0");
+	$session->db->write("alter table WikiMaster add column filterCode varchar(30) default 'javascript'");
+}