... |
... |
@@ -15,7 +15,7 @@ |
15 |
15 |
#set($do = "$!{request.get('do')}") |
16 |
16 |
#set($tag = "$!{request.get('tag')}") |
17 |
17 |
#set($urlEscapedTag = $escapetool.url($tag)) |
18 |
|
-#set($htmlEscapedTag = $escapetool.html($tag)) |
|
18 |
+#set($htmlEscapedTag = $escapetool.xml($tag)) |
19 |
19 |
## |
20 |
20 |
## Macro displayTagAppTitle. Display level1 title of this app. |
21 |
21 |
## |
... |
... |
@@ -33,7 +33,7 @@ |
33 |
33 |
## Switch between all possible actions: |
34 |
34 |
## viewTag, prepareRename, rename, prepareDelete, delete, default (Tag cloud) |
35 |
35 |
## |
36 |
|
-{{html}} |
|
36 |
+{{html wiki=true}} |
37 |
37 |
#if($do == 'viewTag') |
38 |
38 |
## |
39 |
39 |
## View tag |
... |
... |
@@ -40,7 +40,7 @@ |
40 |
40 |
## |
41 |
41 |
#displayTagAppTitle($urlEscapedTag $htmlEscapedTag true) |
42 |
42 |
#if("$!{request.get('renamedTag')}" != '') |
43 |
|
- #set($htmlEscapedRenamedTag = $escapetool.html($request.get('renamedTag'))) |
|
43 |
+ #set($htmlEscapedRenamedTag = $escapetool.xml($request.get('renamedTag'))) |
44 |
44 |
#info($msg.get('xe.tag.rename.success', [$htmlEscapedRenamedTag])) |
45 |
45 |
#end |
46 |
46 |
#set($list = $xwiki.tag.getDocumentsWithTag($tag)) |
... |
... |
@@ -53,12 +53,13 @@ |
53 |
53 |
</div> |
54 |
54 |
<div id="dashboardright"> |
55 |
55 |
<div id="dashboardrightcontent"> |
56 |
|
- <h3 class="xapp"><span>$msg.get("xe.tag.recentchanges", [$htmlEscapedTag])</span></h3> |
57 |
|
- #set($rcTag = [$tag]) |
58 |
|
- #includeInContext('Main.RecentChanges') |
|
56 |
+ <h3 class="xapp"><span>$msg.get("xe.tag.activity", [$htmlEscapedTag])</span></h3> |
|
57 |
+ |
|
58 |
+ {{activity tags="$htmlEscapedTag" /}} |
|
59 |
+ |
59 |
59 |
</div> |
60 |
60 |
</div> |
61 |
|
- <div style="clear:both; margin-bottom: 40px;"><!-- --></div> |
|
62 |
+ <div style="clear:both; margin-bottom: 40px;"></div> |
62 |
62 |
</div> |
63 |
63 |
#elseif($do == 'prepareRename') |
64 |
64 |
## |
... |
... |
@@ -67,6 +67,7 @@ |
67 |
67 |
#displayTagAppTitle($urlEscapedTag $htmlEscapedTag false) |
68 |
68 |
<form id="renameForm" action="$doc.getURL()" method="post"> |
69 |
69 |
<div> |
|
71 |
+ <input type="hidden" name="form_token" value="$!{services.csrf.getToken()}" /> |
70 |
70 |
<input name="do" type="hidden" value="renameTag" /> |
71 |
71 |
<input name="tag" type="hidden" value="$htmlEscapedTag" /> |
72 |
72 |
$msg.get('xe.tag.rename.renameto', [$htmlEscapedTag]) <input type="text" name="renameTo" /> <span class="buttonwrapper"><input type="submit" value="$msg.get('xe.tag.rename')" class="button"/></span> |
... |
... |
@@ -85,7 +85,7 @@ |
85 |
85 |
#set($urlEscapedRenameTo = $escapetool.url($renameTo)) |
86 |
86 |
$response.sendRedirect($doc.getURL('view', "do=viewTag&tag=${urlEscapedRenameTo}&renamedTag=${urlEscapedTag}")) |
87 |
87 |
#else |
88 |
|
- #set($htmlEscapedRenameTo = $escapetool.html($renameTo)) |
|
90 |
+ #set($htmlEscapedRenameTo = $escapetool.xml($renameTo)) |
89 |
89 |
#error($msg.get('xe.tag.rename.failure', [$htmlEscapedTag, $htmlEscapedRenameTo])) |
90 |
90 |
#end |
91 |
91 |
#elseif($do == 'prepareDelete') |
... |
... |
@@ -95,6 +95,7 @@ |
95 |
95 |
#displayTagAppTitle($urlEscapedTag $htmlEscapedTag false) |
96 |
96 |
<form id="deleteForm" action="$doc.getURL()" method="post"> |
97 |
97 |
<div> |
|
100 |
+ <input type="hidden" name="form_token" value="$!{services.csrf.getToken()}" /> |
98 |
98 |
<input name="do" type="hidden" value="deleteTag" /> |
99 |
99 |
<input name="tag" type="hidden" value="$htmlEscapedTag" /> |
100 |
100 |
<span class="buttonwrapper"><input type="submit" value="$msg.get('xe.tag.delete', [$htmlEscapedTag])" class="button/></span> |
... |
... |
@@ -117,7 +117,7 @@ |
117 |
117 |
#set($tags = $xwiki.tag.getTags(true)) |
118 |
118 |
#set($title = 'All Tags') |
119 |
119 |
#if("$!{request.get('deletedTag')}" != '') |
120 |
|
- #set($htmlEscapedTag = $escapetool.html($request.get('deletedTag'))) |
|
123 |
+ #set($htmlEscapedTag = $escapetool.xml($request.get('deletedTag'))) |
121 |
121 |
#info($msg.get('xe.tag.delete.success', [$htmlEscapedTag])) |
122 |
122 |
#end |
123 |
123 |
#set($docextras = []) |