Author: tim Date: Tue Nov 9 13:40:05 2004 New Revision: 57103 Added: cocoon/trunk/src/blocks/forms/samples/resources/edit.gif (contents, props changed) cocoon/trunk/src/blocks/forms/samples/resources/fold.gif (contents, props changed) cocoon/trunk/src/blocks/forms/samples/resources/new_child.gif (contents, props changed) cocoon/trunk/src/blocks/forms/samples/resources/view.gif (contents, props changed) Modified: cocoon/trunk/src/blocks/forms/samples/swan/flow/swan.js cocoon/trunk/src/blocks/forms/samples/swan/forms/model_binding.xml cocoon/trunk/src/blocks/forms/samples/swan/forms/model_model.xml cocoon/trunk/src/blocks/forms/samples/swan/forms/sitemap_binding.xml cocoon/trunk/src/blocks/forms/samples/swan/forms/sitemap_model.xml cocoon/trunk/src/blocks/forms/samples/swan/forms/sitemap_template.xml cocoon/trunk/src/blocks/forms/samples/swan/index.xml cocoon/trunk/src/blocks/forms/samples/swan/sitemap.xmap Log: Minor fixes to Swan.
Added: cocoon/trunk/src/blocks/forms/samples/resources/edit.gif ============================================================================== Binary file. No diff available. Added: cocoon/trunk/src/blocks/forms/samples/resources/fold.gif ============================================================================== Binary file. No diff available. Added: cocoon/trunk/src/blocks/forms/samples/resources/new_child.gif ============================================================================== Binary file. No diff available. Added: cocoon/trunk/src/blocks/forms/samples/resources/view.gif ============================================================================== Binary file. No diff available. Modified: cocoon/trunk/src/blocks/forms/samples/swan/flow/swan.js ============================================================================== --- cocoon/trunk/src/blocks/forms/samples/swan/flow/swan.js (original) +++ cocoon/trunk/src/blocks/forms/samples/swan/flow/swan.js Tue Nov 9 13:40:05 2004 @@ -47,6 +47,28 @@ // contains the location of the file to be edited var documentURI = cocoon.parameters["documentURI"]; + // Yes, this is a hack, but it closes + // the read-any-file security hole so + // that this can work out-of-the-box. + var allowed_files = [ + "report1.xml", "sitemap.xmap", + "form_model_gui_binding.xml", "form_model_gui_data.xml", + "form_model_gui_template_data.xml", + "sample_form_1.xml", "sample_form_1_template.xml", + "sample_form_2.xml", "sample_form_2_template.xml" + ]; + + if (present(documentURI, allowed_files)) { + print("Yeah! " + documentURI); + } else { + print("Trouble! " + documentURI); + cocoon.sendPage(type + "-error-pipeline"); + return; + } + + // prepend data directory + documentURI = "data/" + documentURI; + // parse the document to a DOM-tree var document = loadDocument(documentURI); @@ -76,6 +98,12 @@ // also store the form as a request attribute as the XSP isn't flow-aware cocoon.request.setAttribute("form_" + type + "_gui", form.getWidget()); cocoon.sendPage(type + "-success-pipeline.xsp"); +} + +function present(string, list) { + for (var i = 0; i < list.length; i++) + if (string == list[i]) return true; + return false; } function clean_node(node) { Modified: cocoon/trunk/src/blocks/forms/samples/swan/forms/model_binding.xml ============================================================================== --- cocoon/trunk/src/blocks/forms/samples/swan/forms/model_binding.xml (original) +++ cocoon/trunk/src/blocks/forms/samples/swan/forms/model_binding.xml Tue Nov 9 13:40:05 2004 @@ -208,8 +208,8 @@ <fb:load-form> widget.setValue(jxpathPointer.getNode().getFirstChild().getLocalName()); if(!"edit".equals(widget.lookupWidget("../view-selector").getValue())) { - widget.setProcessRequests(false); - widget.lookupWidget("../union").setProcessRequests(false); + widget.setState(Packages.org.apache.cocoon.forms.formmodel.WidgetState.DISABLED); + widget.lookupWidget("../union").setState(Packages.org.apache.cocoon.forms.formmodel.WidgetState.DISABLED); } </fb:load-form> </fb:javascript> Modified: cocoon/trunk/src/blocks/forms/samples/swan/forms/model_model.xml ============================================================================== --- cocoon/trunk/src/blocks/forms/samples/swan/forms/model_model.xml (original) +++ cocoon/trunk/src/blocks/forms/samples/swan/forms/model_model.xml Tue Nov 9 13:40:05 2004 @@ -72,11 +72,11 @@ var union = widget.lookupWidget("../union"); var type = widget.lookupWidget("../type-selector"); if(widget.getValue().equals("edit")) { - union.setProcessRequests(true); - type.setProcessRequests(true); + union.setState(Packages.org.apache.cocoon.forms.formmodel.WidgetState.ACTIVE); + type.setState(Packages.org.apache.cocoon.forms.formmodel.WidgetState.ACTIVE); } else { - union.setProcessRequests(false); - type.setProcessRequests(false); + union.setState(Packages.org.apache.cocoon.forms.formmodel.WidgetState.DISABLED); + type.setState(Packages.org.apache.cocoon.forms.formmodel.WidgetState.DISABLED); } </javascript> </fd:on-value-changed> Modified: cocoon/trunk/src/blocks/forms/samples/swan/forms/sitemap_binding.xml ============================================================================== --- cocoon/trunk/src/blocks/forms/samples/swan/forms/sitemap_binding.xml (original) +++ cocoon/trunk/src/blocks/forms/samples/swan/forms/sitemap_binding.xml Tue Nov 9 13:40:05 2004 @@ -16,7 +16,7 @@ --> <!-- -Binding for example CForms form model GUI. +Binding for example CForms sitemap editor GUI. @version CVS $Id: form_model_gui_binding.xml,v 1.3 2004/04/12 14:05:09 tim Exp $ --> @@ -206,9 +206,9 @@ <fb:class id="view-selector-class"> <fb:javascript id="view-selector" path="." direction="load"> <fb:load-form> - // View is selected by buttons. - widget.setProcessRequests(false); widget.setValue("view"); + // View is selected by buttons. + widget.setState(Packages.org.apache.cocoon.forms.formmodel.WidgetState.DISABLED); </fb:load-form> </fb:javascript> </fb:class> @@ -241,8 +241,11 @@ <fb:new id="redirect-to-class"/> <fb:new id="parameter-class"/> </fb:union> - <!-- The view-selector initalization has to happen last, --> - <!-- so setProcessRequests() has widgets to work on. --> + <!-- + The view-selector binding must happen last, + so that all the widgets will exist that the + view-selector's on-value-changed handler needs. + --> <fb:new id="view-selector-class"/> </fb:class> Modified: cocoon/trunk/src/blocks/forms/samples/swan/forms/sitemap_model.xml ============================================================================== --- cocoon/trunk/src/blocks/forms/samples/swan/forms/sitemap_model.xml (original) +++ cocoon/trunk/src/blocks/forms/samples/swan/forms/sitemap_model.xml Tue Nov 9 13:40:05 2004 @@ -37,13 +37,14 @@ </fd:repeater> <fd:repeater-action id="addItem" action-command="add-row" repeater="items"> <fd:label>Add Child</fd:label> + <fd:hint>Add child</fd:hint> <fd:on-action> <javascript> var repeater = event.getSourceWidget().lookupWidget("../items"); var view = repeater.getRow(repeater.getSize() - 1).getChild("view-selector"); view.setValue("edit"); - view.setProcessRequests(false); - //print(widget.getRequestParameterName()); + // View is selected by buttons. + view.setState(Packages.org.apache.cocoon.forms.formmodel.WidgetState.DISABLED); </javascript> </fd:on-action> </fd:repeater-action> @@ -66,27 +67,27 @@ var union = widget.lookupWidget("../union"); var type = widget.lookupWidget("../type-selector"); var stuff = union.lookupWidget(union.getValue() + "/stuff"); - print("View set to: " + widget.getValue() + " for: " + widget.getRequestParameterName()); if("edit".equals(widget.getValue())) { if(stuff != null) { - stuff.setProcessRequests(true); + stuff.setState(Packages.org.apache.cocoon.forms.formmodel.WidgetState.ACTIVE); } - type.setProcessRequests(true); + type.setState(Packages.org.apache.cocoon.forms.formmodel.WidgetState.ACTIVE); } else if("view".equals(widget.getValue())){ - union.setProcessRequests(true); + union.setState(Packages.org.apache.cocoon.forms.formmodel.WidgetState.ACTIVE); if(stuff != null) { - stuff.setProcessRequests(false); + stuff.setState(Packages.org.apache.cocoon.forms.formmodel.WidgetState.DISABLED); } - type.setProcessRequests(false); + type.setState(Packages.org.apache.cocoon.forms.formmodel.WidgetState.DISABLED); } else { - union.setProcessRequests(false); - type.setProcessRequests(false); + union.setState(Packages.org.apache.cocoon.forms.formmodel.WidgetState.DISABLED); + type.setState(Packages.org.apache.cocoon.forms.formmodel.WidgetState.DISABLED); } </javascript> </fd:on-value-changed> </fd:field> <fd:action id="fold-view" action-command="fold-view"> <fd:label>F</fd:label> + <fd:hint>Fold</fd:hint> <fd:on-action> <javascript> var view = event.getSourceWidget().lookupWidget("../view-selector"); @@ -96,6 +97,7 @@ </fd:action> <fd:action id="view-view" action-command="view-view"> <fd:label>V</fd:label> + <fd:hint>View</fd:hint> <fd:on-action> <javascript> var view = event.getSourceWidget().lookupWidget("../view-selector"); @@ -105,6 +107,7 @@ </fd:action> <fd:action id="edit-view" action-command="edit-view"> <fd:label>E</fd:label> + <fd:hint>Edit</fd:hint> <fd:on-action> <javascript> var view = event.getSourceWidget().lookupWidget("../view-selector"); @@ -143,20 +146,42 @@ <fd:class id="item-row-class"> <fd:widgets> - <fd:row-action id="down" action-command="move-down"> - <fd:label>v</fd:label> - </fd:row-action> + <fd:row-action id="up" action-command="move-up"> <fd:label>^</fd:label> + <fd:hint>Move up</fd:hint> </fd:row-action> - <fd:row-action id="delete" action-command="delete"> - <fd:label>X</fd:label> + + <fd:row-action id="down" action-command="move-down"> + <fd:label>v</fd:label> + <fd:hint>Move down</fd:hint> </fd:row-action> + <fd:row-action id="add" action-command="add-after"> <fd:label>+</fd:label> + <fd:hint>Add after</fd:hint> + <fd:on-action> + <javascript> + var cur_row = Packages.org.apache.cocoon.forms.formmodel.Repeater.getParentRow(event.getSourceWidget()); + var repeater = cur_row.getParent(); + var new_row = repeater.getChild(repeater.indexOf(cur_row)+1); + var view = new_row.getChild("view-selector"); + view.setValue("edit"); + // View is selected by buttons. + view.setState(Packages.org.apache.cocoon.forms.formmodel.WidgetState.DISABLED); + </javascript> + </fd:on-action> </fd:row-action> + + <fd:row-action id="delete" action-command="delete"> + <fd:label>X</fd:label> + <fd:hint>Delete</fd:hint> + </fd:row-action> + <fd:new id="view-selector-class"/> + <fd:new id="type-selector-class"/> + <fd:union id="union" default="" case="type-selector"> <fd:label>Type</fd:label> <fd:widgets> @@ -327,6 +352,7 @@ </fd:widgets> </fd:union> + </fd:widgets> </fd:class> Modified: cocoon/trunk/src/blocks/forms/samples/swan/forms/sitemap_template.xml ============================================================================== --- cocoon/trunk/src/blocks/forms/samples/swan/forms/sitemap_template.xml (original) +++ cocoon/trunk/src/blocks/forms/samples/swan/forms/sitemap_template.xml Tue Nov 9 13:40:05 2004 @@ -22,10 +22,6 @@ CVS $Id$ --> - <!-- - TODO: Add features to "items-class" (e.g. move-up, move-down, add-before, add-after). - --> - <style type="text/css"> li { list-style-type: none @@ -471,26 +467,26 @@ <ft:class id="view-selector-class"> <ft:choose path="view-selector"> <ft:when value="fold"> - <ft:widget id="view-view"><fi:styling type="image" src="resources/BtnGrey.gif"/></ft:widget> - <ft:widget id="edit-view"><fi:styling type="image" src="resources/BtnDkGrey.gif"/></ft:widget> + <ft:widget id="view-view"><fi:styling type="image" src="resources/view.gif"/></ft:widget> + <ft:widget id="edit-view"><fi:styling type="image" src="resources/edit.gif"/></ft:widget> </ft:when> <ft:when value="view"> - <ft:widget id="fold-view"><fi:styling type="image" src="resources/BtnWhite.gif"/></ft:widget> - <ft:widget id="edit-view"><fi:styling type="image" src="resources/BtnDkGrey.gif"/></ft:widget> + <ft:widget id="fold-view"><fi:styling type="image" src="resources/fold.gif"/></ft:widget> + <ft:widget id="edit-view"><fi:styling type="image" src="resources/edit.gif"/></ft:widget> </ft:when> <ft:when value="edit"> - <ft:widget id="fold-view"><fi:styling type="image" src="resources/BtnWhite.gif"/></ft:widget> - <ft:widget id="view-view"><fi:styling type="image" src="resources/BtnGrey.gif"/></ft:widget> + <ft:widget id="fold-view"><fi:styling type="image" src="resources/fold.gif"/></ft:widget> + <ft:widget id="view-view"><fi:styling type="image" src="resources/view.gif"/></ft:widget> </ft:when> </ft:choose> </ft:class> <ft:class id="item-row-class"> <span class="actions"> - <ft:widget id="down"><fi:styling type="image" src="resources/move_down.gif"/></ft:widget> <ft:widget id="up"><fi:styling type="image" src="resources/move_up.gif"/></ft:widget> - <ft:widget id="delete"><fi:styling type="image" src="resources/delete.gif"/></ft:widget> + <ft:widget id="down"><fi:styling type="image" src="resources/move_down.gif"/></ft:widget> <ft:widget id="add"><fi:styling type="image" src="resources/new.gif"/></ft:widget> +  <ft:widget id="delete"><fi:styling type="image" src="resources/delete.gif"/></ft:widget> </span> <ft:new id="view-selector-class"/> <ft:new id="type-selector-class"/> @@ -498,28 +494,18 @@ </ft:class> <ft:class id="items-class"> - <ft:widget id="addItem"/> + <ft:widget id="addItem"><fi:styling type="image" src="resources/new_child.gif"/></ft:widget> <ft:repeater-size id="items"/> <ft:repeater-widget id="items"> <div class="section"><ft:new id="item-row-class"/></div> </ft:repeater-widget> </ft:class> - <!-- - <table border="3"> - <tr> - <td> - --> - <p> - <ft:new id="items-class"/> - </p> - <ft:widget id="messages"/><br/> - <input type="submit"/> - <!-- - </td> - </tr> - </table> - --> + <p> + <ft:new id="items-class"/> + </p> + <ft:widget id="messages"/><br/> + <input type="submit"/> </ft:form-template> </content> Modified: cocoon/trunk/src/blocks/forms/samples/swan/index.xml ============================================================================== --- cocoon/trunk/src/blocks/forms/samples/swan/index.xml (original) +++ cocoon/trunk/src/blocks/forms/samples/swan/index.xml Tue Nov 9 13:40:05 2004 @@ -20,12 +20,8 @@ <title>Hello</title> </head> <body> - <h3>== Security Note ==</h3> - This is a work-in-progress with a nice sprinkling of bugs, including - an edit-any-file security hole, so the pipelines involved in this are - commented out. To run this anyway (perhaps you would like to help fix - the bugs...) just uncomment the pipelines after the comment: - "TODO: Fix edit-any-file security hole!" + <h3>== Note ==</h3> + This is a work-in-progress with a nice sprinkling of bugs. <h3>== Profiling Data ==</h3> <a href="profile.html">profile.html</a><br/> <h3>== Edit xReports ==</h3> @@ -46,7 +42,7 @@ <b>Template:</b><br/> <a href="template.flow?file=form_model_gui_template_data.xml">form_model_gui_template_data.xml</a><br/> <a href="template.flow?file=sample_form_1_template.xml">sample_form_1_template.xml</a><br/> - <a href="template.flow?file=sample_form__template.xml">sample_form_2_template.xml</a><br/> + <a href="template.flow?file=sample_form_2_template.xml">sample_form_2_template.xml</a><br/> </body> </html> Modified: cocoon/trunk/src/blocks/forms/samples/swan/sitemap.xmap ============================================================================== --- cocoon/trunk/src/blocks/forms/samples/swan/sitemap.xmap (original) +++ cocoon/trunk/src/blocks/forms/samples/swan/sitemap.xmap Tue Nov 9 13:40:05 2004 @@ -120,6 +120,11 @@ <map:serialize/> </map:match> + <map:match pattern="*-error-pipeline"> + <map:generate src="error.xml"/> + <map:serialize/> + </map:match> + <map:match pattern="*-success-pipeline.xsp"> <map:generate type="serverpages" src="forms/{1}_success.xsp"/> <map:call resource="simple-page2html"> @@ -146,14 +151,13 @@ --> <!-- TODO: Fix edit-any-file security hole! --> - <!-- <map:match pattern="binding.flow"> <map:call function="handleForm"> <map:parameter name="function" value="binding_gui"/> <map:parameter name="form-definition" value="forms/binding_model.xml"/> <map:parameter name="attribute-name" value="form_binding_gui"/> <map:parameter name="bindingURI" value="forms/binding_binding.xml"/> - <map:parameter name="documentURI" value="data/{request-param:file}"/> + <map:parameter name="documentURI" value="{request-param:file}"/> </map:call> </map:match> @@ -163,7 +167,7 @@ <map:parameter name="form-definition" value="forms/model_model.xml"/> <map:parameter name="attribute-name" value="form_model_gui"/> <map:parameter name="bindingURI" value="forms/model_binding.xml"/> - <map:parameter name="documentURI" value="data/{request-param:file}"/> + <map:parameter name="documentURI" value="{request-param:file}"/> </map:call> </map:match> @@ -173,7 +177,7 @@ <map:parameter name="form-definition" value="forms/sitemap_model.xml"/> <map:parameter name="attribute-name" value="form_sitemap_gui"/> <map:parameter name="bindingURI" value="forms/sitemap_binding.xml"/> - <map:parameter name="documentURI" value="data/{request-param:file}"/> + <map:parameter name="documentURI" value="{request-param:file}"/> </map:call> </map:match> @@ -183,7 +187,7 @@ <map:parameter name="form-definition" value="forms/template_model.xml"/> <map:parameter name="attribute-name" value="form_template_gui"/> <map:parameter name="bindingURI" value="forms/template_binding.xml"/> - <map:parameter name="documentURI" value="data/{request-param:file}"/> + <map:parameter name="documentURI" value="{request-param:file}"/> </map:call> </map:match> @@ -193,10 +197,9 @@ <map:parameter name="form-definition" value="forms/xreport_model.xml"/> <map:parameter name="attribute-name" value="form_xreport_gui"/> <map:parameter name="bindingURI" value="forms/xreport_binding.xml"/> - <map:parameter name="documentURI" value="data/{request-param:file}"/> + <map:parameter name="documentURI" value="{request-param:file}"/> </map:call> </map:match> - --> <map:match pattern="*"> <map:redirect-to uri="{1}/"/>