fix - Wiki shows add link to users who don't have privileges to add

fix - XSS Vulnerability in Wiki page titles
fix - Wiki does not allow you to specify the content to allow in submitted pages or content filtering
fix - GetSyndicated Content Workflow activity doesn't check for timeout
fix - GetSyndicated Content Workflow activity does not trap errors

lib/WebGUI/Asset/WikiPage.pm

@@ -233,17 +233,23 @@ sub processPropertiesFromFormPost {
 	my $self = shift;
 	$self->SUPER::processPropertiesFromFormPost(@_);
 	my $actionTaken = ($self->session->form->process("assetId") eq "new") ? "Created" : "Edited";
+
 	$self->update({ groupIdView => $self->getWiki->get('groupIdView'),
 			groupIdEdit => $self->getWiki->get('groupToAdminister'),
 			 isHidden => 1,
 			actionTakenBy => $self->session->user->userId,
-			actionTaken => $actionTaken});
+			actionTaken => $actionTaken,
+			title => WebGUI::HTML::filter($self->get("title"), "all"),
+	});
+
 	if ($self->getWiki->canAdminister) {
 		$self->update({isProtected => $self->session->form("isProtected")});
 	}
+
 	delete $self->{_storageLocation};
 	my $size = 0;
         my $storage = $self->getStorageLocation;
+
         foreach my $file (@{$storage->getFiles}) {
                 if ($storage->isImage($file)) {
                         ##Use generateThumbnail to shrink size to site's max image size
@@ -255,9 +261,35 @@ sub processPropertiesFromFormPost {
                 }
                 $size += $storage->getFileSize($file);
         }
+
         $self->setSize($size);
 }	
 
+#-------------------------------------------------------------------
+
+=head2 scrubContent ( [ content ] )
+
+Uses WikiMaster settings to remove unwanted markup and apply site wide replacements.
+
+=head3 content
+
+Optionally pass the ontent that we want to run the filters on.  Otherwise we get it from self.
+
+=cut
+
+sub scrubContent {
+        my $self = shift;
+        my $content = shift || $self->get("content");
+
+        my $scrubbedContent = WebGUI::HTML::filter($content, $self->getWiki->get("filterCode"));
+
+        if ($self->getWiki->get("useContentFilter")) {
+                $scrubbedContent = WebGUI::HTML::processReplacements($self->session, $scrubbedContent);
+        }
+
+        return $scrubbedContent;
+}
+
 #-------------------------------------------------------------------
 sub view {
 	my $self = shift;
@@ -276,7 +308,7 @@ sub view {
 		wikiHomeUrl=>$self->getParent->getUrl,
 		historyUrl=>$self->getUrl("func=getHistory"),
 		editContent=>$self->getEditForm,
-		content => $self->getWiki->autolinkHtml($self->get('content')),	
+		content => $self->getWiki->autolinkHtml($self->scrubContent),	
 		};
 	return $self->processTemplate($var, $self->getWiki->get("pageTemplateId"));
 }

lib/WebGUI/Asset/Wobject/WikiMaster.pm

@@ -67,6 +67,7 @@ sub appendSearchBoxVars {
 	$var->{'searchQuery'} = WebGUI::Form::text($self->session, { name => 'query', value => $queryText });
 	$var->{'searchSubmit'} = WebGUI::Form::submit($self->session, { value => $submitText });
 	$var->{'searchFormFooter'} = WebGUI::Form::formFooter($self->session);
+	$var->{'canAddPages'} = $self->canEditPages();
 	return $self;
 }
 
@@ -274,6 +275,20 @@ sub definition {
 			label => $i18n->get("max image size"),
 			hoverHelp => $i18n->get("max image size help")
 			},
+		useContentFilter =>{
+                        fieldType=>"yesNo",
+                        defaultValue=>1,
+                        tab=>'display',
+                        label=>$i18n->get('content filter'),
+                        hoverHelp=>$i18n->get('content filter description'),
+                        },
+                filterCode =>{
+                        fieldType=>"filterContent",
+                        defaultValue=>'javascript',
+                        tab=>'security',
+                        label=>$i18n->get('filter code'),
+                        hoverHelp=>$i18n->get('filter code description'),
+                        },
 		);
 
 	push @$definition,