Hey all, I have created a new application(appwithinmins) from the create your own functionality of xwiki. Now I want to add an entry, so I do add an entry on my application homepage. But I want to pass some default values in the form so that it remains there and repopulate the creating the new entry form. Also is there any class or plug in that I can use to modify or change 'Add an Entry' function on the homepage of the application created. How to do this? Can anyone help?
Thanks. -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of [email protected] Sent: Tuesday, September 24, 2013 5:05 PM To: [email protected] Subject: devs Digest, Vol 75, Issue 54 Send devs mailing list submissions to [email protected] To subscribe or unsubscribe via the World Wide Web, visit http://lists.xwiki.org/mailman/listinfo/devs or, via email, send a message with subject or body 'help' to [email protected] You can reach the person managing the list at [email protected] When replying, please edit your Subject line so it is more specific than "Re: Contents of devs digest..." Today's Topics: 1. Regarding editing the redirecting page (Prachi Maheshwari) 2. Re: While creating an new entry on a new application/ Editing the application (prachi maheshwari) 3. Re: Reading Get/Post variables from url (prachi maheshwari) 4. Re: Regarding editing the redirecting page (Clemens Klein-Robbenhaar) 5. Regarding redirecting using Url variables (Prachi Maheshwari) 6. Re: Security concerns (Thomas Delafosse) ---------------------------------------------------------------------- Message: 1 Date: Tue, 24 Sep 2013 16:04:10 +0000 From: Prachi Maheshwari <[email protected]> To: "[email protected]" <[email protected]> Subject: [xwiki-devs] Regarding editing the redirecting page Message-ID: <1baead0e63224f38ae46fcdd5ec57...@bl2pr05mb196.namprd05.prod.outlook.com> Content-Type: text/plain; charset="us-ascii" Hey everyone, I have created a redirecting page in my Xwiki space(say A) which redirects every request that comes to it to other page(say B). Now I want to modify some things in the Page A, but cannot since its redirected to B every time. I have tried http:/<server>/Device/Default+Device?language=en and also http:/<server>/Device/Default+Device?editor=WYSIWYG; but nothing is helping, with everything I goto page B. I want to edit page A so please temme some other way. ------------------------------ Message: 2 Date: Tue, 24 Sep 2013 09:11:41 -0700 (PDT) From: prachi maheshwari <[email protected]> To: [email protected] Subject: Re: [xwiki-devs] While creating an new entry on a new application/ Editing the application Message-ID: <5051ce6db66f4d698e9eac7c5ef16...@bl2pr05mb196.namprd05.prod.outlook.com> Content-Type: text/plain; charset=us-ascii Hey Marius, I have tried working with two Long text field palates and I have removed one content box. But now when I create an entry it doesn't show me any of the two long text boxes. Do I have to change some where else also?? To get them displayed on my creating the entry page?? thanks From: Marius Dumitru Florea [via XWiki] [mailto:[email protected]] Sent: Tuesday, September 24, 2013 5:16 AM To: Prachi Maheshwari Subject: Re: While creating an new entry on a new application/ Editing the application I'm guessing that you are trying to add two 'Content' fields. Only one is allowed. See http://jira.xwiki.org/browse/XWIKI-8585 . You should use the 'Long Text' field instead. See http://extensions.xwiki.org/xwiki/bin/view/Extension/App+Within+Minutes+Application#HFieldPalette . If you already tried this then make sure the application was properly saved. Hope this helps, Marius On Mon, Sep 23, 2013 at 9:49 PM, prachi maheshwari <[hidden email]</user/SendEmail.jtp?type=node&node=7587235&i=0>> wrote: > I want two long descriptions on my creating an entry page for > different kind of information. But even if I select two Description > Field Palates while customizing the application there is only one > which comes while creating a new Entry in that application. Can > someone please suggest me the other way of doing it. > > > > -- > View this message in context: > http://xwiki.475771.n2.nabble.com/While-creating-an-new-entry-on-a-new > -application-Editing-the-application-tp7587225.html > Sent from the XWiki- Dev mailing list archive at Nabble.com. > _______________________________________________ > devs mailing list > [hidden email]</user/SendEmail.jtp?type=node&node=7587235&i=1> > http://lists.xwiki.org/mailman/listinfo/devs _______________________________________________ devs mailing list [hidden email]</user/SendEmail.jtp?type=node&node=7587235&i=2> http://lists.xwiki.org/mailman/listinfo/devs ________________________________ If you reply to this email, your message will be added to the discussion below: http://xwiki.475771.n2.nabble.com/While-creating-an-new-entry-on-a-new-application-Editing-the-application-tp7587225p7587235.html To unsubscribe from While creating an new entry on a new application/ Editing the application, click here<http://xwiki.475771.n2.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=7587225&code=cHJhY2hpLm1haGVzaHdhcmlAbmV0Ym9zcy5jb218NzU4NzIyNXwtMTQ2MzgyNjU3Nw==>. NAML<http://xwiki.475771.n2.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml> -- View this message in context: http://xwiki.475771.n2.nabble.com/While-creating-an-new-entry-on-a-new-application-Editing-the-application-tp7587225p7587243.html Sent from the XWiki- Dev mailing list archive at Nabble.com. ------------------------------ Message: 3 Date: Tue, 24 Sep 2013 09:12:32 -0700 (PDT) From: prachi maheshwari <[email protected]> To: [email protected] Subject: Re: [xwiki-devs] Reading Get/Post variables from url Message-ID: <46387884658642d8b3926fd614376...@bl2pr05mb196.namprd05.prod.outlook.com> Content-Type: text/plain; charset=UTF-8 Thank you everyone. $request.get(?param?); works Thanks From: Denis Gervalle-2 [via XWiki] [mailto:[email protected]] Sent: Tuesday, September 24, 2013 5:47 AM To: Prachi Maheshwari Subject: Re: Reading Get/Post variables from url On Tue, Sep 24, 2013 at 10:02 AM, Valdis V?toli?? <[hidden email]</user/SendEmail.jtp?type=node&node=7587236&i=0>>wrote: > In short: > $request.getParameter('param') > In shorter: :) $request.param PS: Your question is appropriate for the user list, the devs list is about the development of XWiki itself. See http://dev.xwiki.org/xwiki/bin/view/Community/MailingLists. Thanks. > > Valdis > > Hi, > > > > You have access to the request from velocity and groovy, check for > $request > > in scripting reference [1]. > > > > [1] http://platform.xwiki.org/xwiki/bin/view/SRD/Navigation > > > > Br, > > Jeremie > > Le 23 sept. 2013 20:52, "prachi maheshwari" < > [hidden email]</user/SendEmail.jtp?type=node&node=7587236&i=1>> > > a ?crit : > > > > > Hey everyone, > > > I wanna read and access the variables passed in url in Velocity on > > > different Xwiki Pages. Please suggest me a method. I have tried > > > something in > groovy > > > and velocity but I want to use only one macro/language for it. > > > Thanks > > > > > > > > > > > > -- > > > View this message in context: > > > > http://xwiki.475771.n2.nabble.com/Reading-Get-Post-variables-from-url- > tp7587226.html > > > Sent from the XWiki- Dev mailing list archive at Nabble.com. > > > _______________________________________________ > > > devs mailing list > > > [hidden email]</user/SendEmail.jtp?type=node&node=7587236&i=2> > > > http://lists.xwiki.org/mailman/listinfo/devs > > > > > _______________________________________________ > > devs mailing list > > [hidden email]</user/SendEmail.jtp?type=node&node=7587236&i=3> > > http://lists.xwiki.org/mailman/listinfo/devs > > > _______________________________________________ > devs mailing list > [hidden email]</user/SendEmail.jtp?type=node&node=7587236&i=4> > http://lists.xwiki.org/mailman/listinfo/devs > -- Denis Gervalle SOFTEC sa - CEO eGuilde sarl - CTO _______________________________________________ devs mailing list [hidden email]</user/SendEmail.jtp?type=node&node=7587236&i=5> http://lists.xwiki.org/mailman/listinfo/devs ________________________________ If you reply to this email, your message will be added to the discussion below: http://xwiki.475771.n2.nabble.com/Reading-Get-Post-variables-from-url-tp7587226p7587236.html To unsubscribe from Reading Get/Post variables from url, click here<http://xwiki.475771.n2.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=7587226&code=cHJhY2hpLm1haGVzaHdhcmlAbmV0Ym9zcy5jb218NzU4NzIyNnwtMTQ2MzgyNjU3Nw==>. NAML<http://xwiki.475771.n2.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml> -- View this message in context: http://xwiki.475771.n2.nabble.com/Reading-Get-Post-variables-from-url-tp7587226p7587244.html Sent from the XWiki- Dev mailing list archive at Nabble.com. ------------------------------ Message: 4 Date: Tue, 24 Sep 2013 18:37:15 +0200 From: Clemens Klein-Robbenhaar <[email protected]> To: [email protected] Subject: Re: [xwiki-devs] Regarding editing the redirecting page Message-ID: <[email protected]> Content-Type: text/plain; charset=ISO-8859-1 On 09/24/2013 06:04 PM, Prachi Maheshwari wrote: > Hey everyone, > I have created a redirecting page in my Xwiki space(say A) which > redirects every request that comes to it to other page(say B). Now I > want to modify some things in the Page A, but cannot since its > redirected to B every time. I have tried > http:/<server>/Device/Default+Device?language=en and also > http:/<server>/Device/Default+Device?editor=WYSIWYG; > but nothing is helping, with everything I goto page B. I want to edit > page A so please temme some other way. > How did you create the redirect? You need to tell XWiki you want to have the edit view, so maybe something like http:/<server>/edit/Device/Default+Device?editor=WYSIWYG might help Clemens ------------------------------ Message: 5 Date: Tue, 24 Sep 2013 20:46:01 +0000 From: Prachi Maheshwari <[email protected]> To: "[email protected]" <[email protected]> Subject: [xwiki-devs] Regarding redirecting using Url variables Message-ID: <292aef4f1b5b4584a17e4a6874223...@bl2pr05mb196.namprd05.prod.outlook.com> Content-Type: text/plain; charset="us-ascii" Hey everyone, I am using $response.sendRedirect("http://<server>/abc?A=${A}&B=${B}) For redirecting onto another page. I also need to pass some variables from the url but this ain't working. Please help. Also, I am passing four to five variables and the url is getting broken and only passes value until a limit only. So, is there any kind of limit for the url length for xwiki specifically?? Also is there any other method for doing so?? -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of [email protected] Sent: Tuesday, September 24, 2013 8:00 AM To: [email protected] Subject: devs Digest, Vol 75, Issue 53 Send devs mailing list submissions to [email protected] To subscribe or unsubscribe via the World Wide Web, visit http://lists.xwiki.org/mailman/listinfo/devs or, via email, send a message with subject or body 'help' to [email protected] You can reach the person managing the list at [email protected] When replying, please edit your Subject line so it is more specific than "Re: Contents of devs digest..." Today's Topics: 1. Re: Reading Get/Post variables from url (Valdis V?toli??) 2. Re: While creating an new entry on a new application/ Editing the application (Marius Dumitru Florea) 3. Re: Reading Get/Post variables from url (Denis Gervalle) ---------------------------------------------------------------------- Message: 1 Date: Tue, 24 Sep 2013 11:02:10 +0300 From: Valdis V?toli?? <[email protected]> To: XWiki Developers <[email protected]> Subject: Re: [xwiki-devs] Reading Get/Post variables from url Message-ID: <1380009730.2421.0.camel@vostro> Content-Type: text/plain; charset="UTF-8" In short: $request.getParameter('param') Valdis > Hi, > > You have access to the request from velocity and groovy, check for > $request in scripting reference [1]. > > [1] http://platform.xwiki.org/xwiki/bin/view/SRD/Navigation > > Br, > Jeremie > Le 23 sept. 2013 20:52, "prachi maheshwari" > <[email protected]> a ?crit : > > > Hey everyone, > > I wanna read and access the variables passed in url in Velocity on > > different Xwiki Pages. Please suggest me a method. I have tried > > something in groovy and velocity but I want to use only one > > macro/language for it. > > Thanks > > > > > > > > -- > > View this message in context: > > http://xwiki.475771.n2.nabble.com/Reading-Get-Post-variables-from-ur > > l-tp7587226.html Sent from the XWiki- Dev mailing list archive at > > Nabble.com. > > _______________________________________________ > > devs mailing list > > [email protected] > > http://lists.xwiki.org/mailman/listinfo/devs > > > _______________________________________________ > devs mailing list > [email protected] > http://lists.xwiki.org/mailman/listinfo/devs ------------------------------ Message: 2 Date: Tue, 24 Sep 2013 12:15:29 +0300 From: Marius Dumitru Florea <[email protected]> To: XWiki Developers <[email protected]> Subject: Re: [xwiki-devs] While creating an new entry on a new application/ Editing the application Message-ID: <calzcbbarin8a-tx+7lkaut8utfojwzkf6cnhwr2t-pudp_f...@mail.gmail.com> Content-Type: text/plain; charset=ISO-8859-1 I'm guessing that you are trying to add two 'Content' fields. Only one is allowed. See http://jira.xwiki.org/browse/XWIKI-8585 . You should use the 'Long Text' field instead. See http://extensions.xwiki.org/xwiki/bin/view/Extension/App+Within+Minutes+Application#HFieldPalette . If you already tried this then make sure the application was properly saved. Hope this helps, Marius On Mon, Sep 23, 2013 at 9:49 PM, prachi maheshwari <[email protected]> wrote: > I want two long descriptions on my creating an entry page for > different kind of information. But even if I select two Description > Field Palates while customizing the application there is only one > which comes while creating a new Entry in that application. Can > someone please suggest me the other way of doing it. > > > > -- > View this message in context: > http://xwiki.475771.n2.nabble.com/While-creating-an-new-entry-on-a-new > -application-Editing-the-application-tp7587225.html > Sent from the XWiki- Dev mailing list archive at Nabble.com. > _______________________________________________ > devs mailing list > [email protected] > http://lists.xwiki.org/mailman/listinfo/devs ------------------------------ Message: 3 Date: Tue, 24 Sep 2013 11:46:13 +0200 From: Denis Gervalle <[email protected]> To: [email protected], XWiki Developers <[email protected]> Subject: Re: [xwiki-devs] Reading Get/Post variables from url Message-ID: <CADb+PMpE6oaj=cJ4EQvE5_9X+4NvtHFSQ_kZV1v=wmc9v5g...@mail.gmail.com> Content-Type: text/plain; charset=UTF-8 On Tue, Sep 24, 2013 at 10:02 AM, Valdis V?toli?? <[email protected]>wrote: > In short: > $request.getParameter('param') > In shorter: :) $request.param PS: Your question is appropriate for the user list, the devs list is about the development of XWiki itself. See http://dev.xwiki.org/xwiki/bin/view/Community/MailingLists. Thanks. > > Valdis > > Hi, > > > > You have access to the request from velocity and groovy, check for > $request > > in scripting reference [1]. > > > > [1] http://platform.xwiki.org/xwiki/bin/view/SRD/Navigation > > > > Br, > > Jeremie > > Le 23 sept. 2013 20:52, "prachi maheshwari" < > [email protected]> > > a ?crit : > > > > > Hey everyone, > > > I wanna read and access the variables passed in url in Velocity on > > > different Xwiki Pages. Please suggest me a method. I have tried > > > something in > groovy > > > and velocity but I want to use only one macro/language for it. > > > Thanks > > > > > > > > > > > > -- > > > View this message in context: > > > > http://xwiki.475771.n2.nabble.com/Reading-Get-Post-variables-from-url- > tp7587226.html > > > Sent from the XWiki- Dev mailing list archive at Nabble.com. > > > _______________________________________________ > > > devs mailing list > > > [email protected] > > > http://lists.xwiki.org/mailman/listinfo/devs > > > > > _______________________________________________ > > devs mailing list > > [email protected] > > http://lists.xwiki.org/mailman/listinfo/devs > > > _______________________________________________ > devs mailing list > [email protected] > http://lists.xwiki.org/mailman/listinfo/devs > -- Denis Gervalle SOFTEC sa - CEO eGuilde sarl - CTO ------------------------------ _______________________________________________ devs mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/devs End of devs Digest, Vol 75, Issue 53 ************************************ ------------------------------ Message: 6 Date: Tue, 24 Sep 2013 23:04:56 +0200 From: Thomas Delafosse <[email protected]> To: XWiki Developers <[email protected]> Subject: Re: [xwiki-devs] Security concerns Message-ID: <CAHXP8+cXffA=N=hmvec6z_co+qpyt8pp44d6smugmtpmv_g...@mail.gmail.com> Content-Type: text/plain; charset="iso-8859-1" Hello Christian, Sorry to have been so long before answering ! Here's at least a little patch that you can easily apply to make HTML macro secure. Note that a lot of HTML macros that are in wikis default pages won't work anymore ! Note also that you need the JSOUP package (http://jsoup.org/download) in your wiki libs to make it work, as this is the library I used for the verification of the html macro content. For more liberty, you can instead try to make a custom verification such as the one I made for the wiki syntax, it's up to you :). To finish, note also that you should skip the tests when building the new xwiki-rendering-macro-html package, as I didn't adapt them (these test contains quite a lot of tags and attributes that should be forbidden for security reasons). As I probably said earlier, a cleaner way to do that is to put the html macro in the platform code, and to add a check for programming rights. I got something like that somewhere, but I should rework it a bit when I got some time to do it. But at least this patch should let see how this is supposed to work ! Of course if you have any questions, feel free to ask them, and I would try to reply a bit faster this time ;) Hope this helps ! Thomas On Tue, Sep 17, 2013 at 11:34 AM, Vincent Massol <[email protected]> wrote: > > On Sep 17, 2013, at 10:26 AM, Christian Meunier < > [email protected]> wrote: > > > Thanks Vincent for the heads up ! > > > > Any chance Marius or some other dev can have a look the XSS in wiki > Syntax PR ? > > > https://github.com/xwiki/xwiki-rendering/pull/6#discussion_r5632662 > > > > I have tested it, beside the bug I have spotted, it worked just fine for > me. > > > > Would be nice to include this one in 5.2 because right now, it just too > trivial to do XSS injection with the wiki syntax.. > > It seems too large a patch to make it in 5.2 now (we're reaching RC1) but > it could go in 5.3M1. > > Thanks > -Vincent > > > Thanks ! > > > > -- > > Chris > > > > On 9/17/2013 14:43, Vincent Massol wrote: > >> Hi Christian, > >> > >> On Sep 17, 2013, at 8:16 AM, Christian Meunier < > [email protected]> wrote: > >> > >>> Hi Thomas, > >>> > >>> Hope you had good holidays ! > >>> > >>> I was wondering if you could give me an update on the work you started > for the html macro ? > >>> Btw, have you noticed my comment on > https://github.com/xwiki/xwiki-rendering/pull/6#discussion_r5632662 ? > >>> > >>> Also, question for the devs, I see that the 5.2 is near the corner and > yet many of Thomas's security PRs are still pending.. > >> Several have been applied (by Marius). > >> > >>> Shouldnt those security PRs be a priority ? Is there a roadmap/target > for those ? > >> FYI ThomasD was working lately on signed scripts which will fix a lot > of current potential security issues. This is a big piece of work. I said > "was" because Thomas is now going abroad in the context of his school > studies and will probably be less available. The good news is that Denis > Gervalle has agreed to carry on his work and more generally to focus on > security issues for the coming 3 months at least. > >> > >> So you should see progress in this area :) > >> > >> Thanks > >> -Vincent > >> > >>> Thanks ! > >>> > >>> -- > >>> Chris > >>> > >>> On 8/10/2013 05:10, Thomas Delafosse wrote: > >>>> Hello Christian, > >>>> > >>>> It's nice to see that you are interested in XWiki security :) > >>>> As for the secure html macro I've been working on, there's no PR made > for > >>>> it (the issue was that it was breaking a lot of panels that were using > >>>> unsafe html code thanks to this macro), but I would try to create a > branch > >>>> on github with the corresponding code when I have time. To sum up > what I've > >>>> done, I just used a library called JSoup which allows to easily deal > with > >>>> whitelists (see > http://jsoup.org/apidocs/org/jsoup/safety/Whitelist.html for > >>>> example). And as I wanted to let users with Programming Rights use > the HTML > >>>> macro without restriction, I had to put my "secure" html macro in > >>>> xwiki-platform instead of xwiki-rendering, so that my whitelist check > is > >>>> not used against these users. > >>>> BTW let me know if there any issue you get with my other XSS PR and > don't > >>>> hesitate to contact me if you have questions or suggestions about > what I've > >>>> done there (or for other security matters !). As Vincent said, I'm in > >>>> holidays right now, so I could be slow to answer, but I won't forget > you ;). > >>>> > >>>> Thanks ! > >>>> > >>>> Thomas > _______________________________________________ > devs mailing list > [email protected] > http://lists.xwiki.org/mailman/listinfo/devs > -------------- next part -------------- A non-text attachment was scrubbed... Name: secureHTMLMacro.patch Type: application/octet-stream Size: 4792 bytes Desc: not available URL: <http://lists.xwiki.org/pipermail/devs/attachments/20130924/e018b032/attachment.obj> ------------------------------ _______________________________________________ devs mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/devs End of devs Digest, Vol 75, Issue 54 ************************************ _______________________________________________ devs mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/devs
