diff --git a/docs/changelog/7.x.x.txt b/docs/changelog/7.x.x.txt index fd737c5c4..5f8aa7fe0 100644 --- a/docs/changelog/7.x.x.txt +++ b/docs/changelog/7.x.x.txt @@ -22,10 +22,13 @@ - Fixed a bug with RSS feed generation and attachments. - fix: notifications from postings - Refactored the autocommit system to fix the notifications bug above. + - fix: Security Update: Cross-Site Scripting Vulnerability - fixed corner case which causes the user profile to not load in cases where custom forms do not work or are broken. It now skips these and throws a warning - fix: Added javascript confirmation for deleting wiki pages. + - Made wiki page deletes more visable/useful from recent changes. + - fix: Wiki Deleting Pages - fix: Collaboration rss broken (perlDreamer Consulting, LLC) diff --git a/docs/upgrades/templates-7.3.5/wiki-front-page.tmpl b/docs/upgrades/templates-7.3.5/wiki-front-page.tmpl new file mode 100644 index 000000000..459077ed2 --- /dev/null +++ b/docs/upgrades/templates-7.3.5/wiki-front-page.tmpl @@ -0,0 +1,30 @@ +#WikiFrontTmpl000000001 +

 +

 + + +

+ +
+ +
+

+
    +
  • + + + + () + +
    • +
+
+
+

+
    +
    2. +
+ +
+
+ diff --git a/docs/upgrades/templates-7.3.5/wiki-recent-changes.tmpl b/docs/upgrades/templates-7.3.5/wiki-recent-changes.tmpl new file mode 100644 index 000000000..11c591635 --- /dev/null +++ b/docs/upgrades/templates-7.3.5/wiki-recent-changes.tmpl @@ -0,0 +1,19 @@ +#WikiRCTmpl000000000001 +

+ +
    +
  • + + - on by + + - on by + + ( ) + + +
    • +
+ +
| |
+ + diff --git a/lib/WebGUI/Asset/WikiPage.pm b/lib/WebGUI/Asset/WikiPage.pm index 5a8920fe0..635c3db6b 100644 --- a/lib/WebGUI/Asset/WikiPage.pm +++ b/lib/WebGUI/Asset/WikiPage.pm @@ -352,6 +352,16 @@ sub www_getHistory { return $self->processTemplate($var, $self->getWiki->get('pageHistoryTemplateId')); } +#------------------------------------------------------------------- + +sub www_restoreWikiPage { + my $self = shift; + return $self->session->privilege->insufficient unless $self->getWiki->canAdminister; + $self->publish; + return $self->www_view; +} + + #------------------------------------------------------------------- =head2 www_showConfirmation ( ) diff --git a/lib/WebGUI/Asset/Wobject/WikiMaster.pm b/lib/WebGUI/Asset/Wobject/WikiMaster.pm index f1368bcf1..38c436bbb 100644 --- a/lib/WebGUI/Asset/Wobject/WikiMaster.pm +++ b/lib/WebGUI/Asset/Wobject/WikiMaster.pm @@ -25,6 +25,7 @@ sub appendMostPopular { my $limit = shift || $self->get("mostPopularCount"); my $rs = $self->session->db->read("select distinct(asset.assetId) from asset left join WikiPage on WikiPage.assetId=asset.assetId where lineage like ? and lineage<>? and revisionDate = (select max(revisionDate) from WikiPage where assetId = asset.assetId) + and state='published' order by views desc limit ?", [$self->get("lineage").'%', $self->get("lineage"), $limit]); while (my ($id) = $rs->array) { my $asset = WebGUI::Asset->new($self->session, $id, "WebGUI::Asset::WikiPage"); @@ -39,18 +40,31 @@ sub appendMostPopular { sub appendRecentChanges { my $self = shift; my $var = shift; - my $limit = shift || $self->get("recentChangesCount"); + my $limit = shift || $self->get("recentChangesCount") || 50; my $rs = $self->session->db->read("select asset.assetId, revisionDate from assetData left join asset on assetData.assetId=asset.assetId where lineage like ? and lineage<>? order by revisionDate desc limit ?", [$self->get("lineage").'%', $self->get("lineage"), $self->get("recentChangesCount")]); while (my ($id, $version) = $rs->array) { my $asset = WebGUI::Asset->new($self->session, $id, "WebGUI::Asset::WikiPage", $version); my $user = WebGUI::User->new($self->session, $asset->get("actionTakenBy")); + my $specialAction = ''; + my $isAvailable = 1; + # no need to i18n cuz the other actions aren't + if ($asset->get('state') =~ m/trash/) { + $isAvailable = 0; + $specialAction = 'Deleted'; + } + elsif ($asset->get('state') =~ m/clipboard/) { + $isAvailable = 0; + $specialAction = 'Cut'; + } push(@{$var->{recentChanges}}, { title=>$asset->getTitle, url=>$asset->getUrl, - actionTaken=>$asset->get("actionTaken"), + restoreUrl=>$asset->getUrl("func=restoreWikiPage"), + actionTaken=>$specialAction || $asset->get("actionTaken"), username=>$user->username, - date=>$self->session->datetime->epochToHuman($asset->get("revisionDate")) + date=>$self->session->datetime->epochToHuman($asset->get("revisionDate")), + isAvailable=>$isAvailable, }); } } @@ -342,6 +356,8 @@ sub view { addPageUrl=>$self->getUrl("func=add;class=WebGUI::Asset::WikiPage"), recentChangesUrl=>$self->getUrl("func=recentChanges"), recentChangesLabel=>$i18n->get("recentChangesLabel"), + restoreLabel => $i18n->get("restoreLabel"), + canAdminister => $self->canAdminister, }; my $template = $self->{_frontPageTemplate}; $self->appendSearchBoxVars($var); @@ -379,6 +395,8 @@ sub www_recentChanges { searchUrl=>$self->getUrl("func=search"), mostPopularUrl=>$self->getUrl("func=mostPopular"), mostPopularLabel=>$i18n->get("mostPopularLabel"), + restoreLabel => $i18n->get("restoreLabel"), + canAdminister => $self->canAdminister, wikiHomeUrl=>$self->getUrl, }; $self->appendRecentChanges($var); diff --git a/lib/WebGUI/Help/Asset_WikiMaster.pm b/lib/WebGUI/Help/Asset_WikiMaster.pm index 2e9d71e3d..087ca6247 100644 --- a/lib/WebGUI/Help/Asset_WikiMaster.pm +++ b/lib/WebGUI/Help/Asset_WikiMaster.pm @@ -163,8 +163,24 @@ our $HELP = { 'name' => 'date', 'description' => 'recent changes date', }, + { + 'name' => 'restoreUrl', + 'description' => 'recent changes restore url', + }, + { + 'name' => 'isAvailable', + 'description' => 'recent changes is available', + }, ] }, + { + name=>'canAdminister', + description => 'canAdminister' + }, + { + name=>'retoreLabel', + description => 'restoreLabel' + }, ], fields => [ ], diff --git a/lib/WebGUI/i18n/English/Asset_WikiMaster.pm b/lib/WebGUI/i18n/English/Asset_WikiMaster.pm index 66609caf2..870714571 100644 --- a/lib/WebGUI/i18n/English/Asset_WikiMaster.pm +++ b/lib/WebGUI/i18n/English/Asset_WikiMaster.pm @@ -13,6 +13,12 @@ our $I18N = { addPageLabel=>{message=>q|Add a new page.|, lastUpdated=>0}, wikiHomeLabel=>{message=>q|Wiki Home|, lastUpdated=>0}, + 'restoreLabel' => { + message => q|Restore|, + lastUpdated => 0, + context => q|label to restore the page back from the trash or clipboard|, + }, + 'filter code' => { message => q|Filter Code|, lastUpdated => 0, @@ -277,11 +283,26 @@ our $I18N = { lastUpdated => 1165790228, }, + 'canAdminister' => { + message => q|A boolean indicating whether the current user can administer the wiki.|, + lastUpdated => 1165790228, + }, + 'recent changes title' => { message => q|The title of the recently changed page.|, lastUpdated => 1165790228, }, + 'recent changes restore url' => { + message => q|The url to restore this page back to viewing status from the clipboard/trash.|, + lastUpdated => 1165790228, + }, + + 'recent changes is page available' => { + message => q|A boolean indicating whether the page is available for viewing or in the trash/clipboard.|, + lastUpdated => 1165790228, + }, + 'recent changes url' => { message => q|The url of the recently changed page.|, lastUpdated => 1165790228,