Aller au contenu

Modifications pour le document Sections des configurations personnalisables

Modifié par Florent Charton le 2025/08/19 15:15
Depuis la version 2.1
modifié par Florent Charton
sur 2024/08/08 18:43
Commentaire de modification : Install extension [org.xwiki.platform:xwiki-platform-administration-ui/15.10.11]
À la version 1.1
modifié par superadmin
sur 2022/06/20 08:48
Commentaire de modification : Install extension [org.xwiki.platform:xwiki-platform-administration-ui/13.10.6]

Résumé

Détails

Propriétés de la Page
Auteur du document
... ... @@ -1,1 +1,1 @@
1 -xwiki:XWiki.fcharton
1 +XWiki.superadmin
Syntaxe
... ... @@ -1,1 +1,1 @@
1 -XWiki 2.1
1 +XWiki 2.0
Contenu
... ... @@ -123,9 +123,6 @@
123 123   {{warning}}{{translation key="xe.admin.configurable.cannotLockNoJavascript"/}}{{/warning}}
124 124  
125 125   </noscript>
126 - {{/html}}
127 -
128 - {{html clean=false}}
129 129   <script>
130 130   document.observe("xwiki:dom:loaded", function() {
131 131   XWiki.DocumentLock && new XWiki.DocumentLock('$escapetool.javascript($app.prefixedFullName)').lock();
... ... @@ -149,8 +149,7 @@
149 149   ## Internal error, not translated.
150 150   #showHeading($appName, $headingShowing)
151 151  
152 - {{error}}Internal error: All objects were filtered out for application:
153 - $services.rendering.escape($appName, 'xwiki/2.1').{{/error}}
149 + {{error}}Internal error: All objects were filtered out for application: $appName.{{/error}}
154 154  
155 155   #else
156 156   #set($formAction = $xwiki.getURL($app.getFullName(), 'save'))
... ... @@ -157,23 +157,26 @@
157 157   #set($formId = "${section.toLowerCase()}_${app.getFullName()}")
158 158   #set($escapedAppName = $escapetool.xml($app.getFullName()))
159 159   #foreach($configurableObj in $configurableObjs)
160 - #set ($heading = $app.getValue('heading', $configurableObj))
161 - #set ($codeToExecute = "$!app.getValue('codeToExecute', $configurableObj)")
162 - ## If linkPrefix is set, then we will make each property label a link which starts with that prefix.
163 - #set ($linkPrefix = "$!app.getValue('linkPrefix', $configurableObj)")
164 - #if (!$app.restricted)
165 - #set ($evaluatedConfigurableObj = $configurableObj.evaluate())
166 - #set ($heading = $evaluatedConfigurableObj.heading)
167 - #set ($linkPrefix = $evaluatedConfigurableObj.linkPrefix)
156 + ## Execute the content code if any
157 + ## FIXME: we have to do that before the title before of the dropPermissions
158 + #set($codeToExecute = "$!app.getValue('codeToExecute', $configurableObj)")
159 + #if($codeToExecute != '')
160 + #set($codeToExecuteResult = $configurableObj.display('codeToExecute', 'view', false))
168 168   #end
169 169   ## Display the header if one exists.
163 + #set($heading = $app.getValue('heading', $configurableObj))
170 170   #if($heading && $heading != '')
171 - == $services.rendering.escape($heading, 'xwiki/2.1') ==
165 + ## This application should not run with programming rights because it evaluates code which may not be trustworthy.
166 + ## Removing the next line will open a security hole.
167 + ## Can't use $configurableObj.display('heading', 'view', false) to have proper heading id (because of the html macro)
168 + ## FIXME: find a cleaner solution
169 + #set($void = $doc.dropPermissions())
170 + == #evaluate($heading) ==
172 172   #end
173 173   ## Display code to execute
174 - #if ($codeToExecute != '')
173 + #if($codeToExecute != '')
175 175   (%class="codeToExecute"%)(((##
176 - $configurableObj.display('codeToExecute', 'view', false)
175 + $codeToExecuteResult
177 177   )))
178 178   #end
179 179   ##
... ... @@ -183,6 +183,9 @@
183 183   #set($propertiesToShow = [])
184 184   #end
185 185   ##
185 + ## If linkPrefix is set, then we will make each property label a link which starts with that prefix.
186 + #set($linkPrefix = "$!app.getValue('linkPrefix', $configurableObj)")
187 + ##
186 186   ## If the Configurable object specifies a configuration class, use it,
187 187   ## otherwise assume custom forms are used instead.
188 188   #set($configClassName = "$!app.getValue('configurationClass', $configurableObj)")
... ... @@ -201,12 +201,7 @@
201 201   #showHeading($appName, $headingShowing)
202 202  
203 203   {{error}}
204 - #set($escapedObjClassName =
205 - $services.rendering.escape($escapetool.java($objClass.getName()), 'xwiki/2.1'))
206 - #set($translationEscapedAppName =
207 - $services.rendering.escape($escapetool.java($app.getFullName()), 'xwiki/2.1'))
208 - {{translation key="xe.admin.configurable.noObjectOfConfigurationClassFound"
209 - parameters="~"$escapedObjClassName~", ~"$translationEscapedAppName~""/}}
206 + {{translation key="xe.admin.configurable.noObjectOfConfigurationClassFound" parameters="$objClass.getName(), $app.getFullName()"/}}
210 210   {{/error}}
211 211  
212 212   #else
... ... @@ -357,7 +357,7 @@
357 357   #if($globaladmin)
358 358   #set($queryString = "editor=globaladmin&amp;section=")
359 359   #else
360 - #set($queryString = "space=$escapetool.url($currentSpace)&amp;section=")
357 + #set($queryString = "space=${currentSpace}&amp;section=")
361 361   #if($request.getParameter('editor'))
362 362   #set($queryString = "editor=$escapetool.url($request.getParameter('editor'))&amp;$queryString")
363 363   #end
... ... @@ -399,9 +399,9 @@
399 399  
400 400   ## Finally we display an error message if there are any applications which we were unable to view.
401 401   #if($appsUserCannotView.size() > 0)
402 - {{error}}$services.localization.render('xe.admin.configurable.noViewAccessSomeApplications',
403 - 'xwiki/2.1', [$appsUserCannotView]){{/error}}
404 404  
400 + {{error}}$services.localization.render('xe.admin.configurable.noViewAccessSomeApplications', [$appsUserCannotView]){{/error}}
401 +
405 405   #end
406 406  #end## If we should be looking at the main administration page.
407 407  {{/velocity}}