yv01p/Umbraco-CMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch '7.0.1' of https://github.com/umbraco/Umbraco-CMS into 7.0.1

Browse Source
This commit is contained in:
perploug
2013-12-06 10:07:29 +01:00
parent b03427cabc 2eb5c08825
commit f59489a5cb
28 changed files with 510 additions and 190 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
src/Umbraco.Web/Editors/AuthenticationController.cs
View File

@@ -28,18 +28,9 @@ namespace Umbraco.Web.Editors
/// </summary>
[PluginController("UmbracoApi")]
[ValidationFilter]
[AngularJsonOnlyConfiguration]
public class AuthenticationController : UmbracoApiController
{
/// <summary>
/// Remove the xml formatter... only support JSON!
/// </summary>
/// <param name="controllerContext"></param>
protected override void Initialize(HttpControllerContext controllerContext)
{
base.Initialize(controllerContext);
controllerContext.EnsureJsonOutputOnly();
}
/// <summary>
/// This is a special method that will return the current users' remaining session seconds, the reason

13
src/Umbraco.Web/Editors/UmbracoAuthorizedJsonController.cs
View File

@@ -12,6 +12,7 @@ namespace Umbraco.Web.Editors
/// methods that are not called by Angular or don't contain a valid csrf header will NOT work.
/// </remarks>
[ValidateAngularAntiForgeryToken]
[AngularJsonOnlyConfiguration]
public abstract class UmbracoAuthorizedJsonController : UmbracoAuthorizedApiController
{
protected UmbracoAuthorizedJsonController()
@@ -22,17 +23,5 @@ namespace Umbraco.Web.Editors
{
}
/// <summary>
/// Remove the xml formatter... only support JSON!
/// </summary>
/// <param name="controllerContext"></param>
protected override void Initialize(HttpControllerContext controllerContext)
{
base.Initialize(controllerContext);
controllerContext.EnsureJsonOutputOnly();
}
}
}

13
src/Umbraco.Web/Trees/ApplicationTreeController.cs
View File

@@ -20,21 +20,10 @@ using umbraco;
namespace Umbraco.Web.Trees
{
[AngularJsonOnlyConfiguration]
[PluginController("UmbracoTrees")]
public class ApplicationTreeController : UmbracoAuthorizedApiController
{
/// <summary>
/// Remove the xml formatter... only support JSON!
/// </summary>
/// <param name="controllerContext"></param>
protected override void Initialize(global::System.Web.Http.Controllers.HttpControllerContext controllerContext)
{
base.Initialize(controllerContext);
controllerContext.EnsureJsonOutputOnly();
}
/// <summary>
/// Returns the tree nodes for an application
/// </summary>

11
src/Umbraco.Web/Trees/TreeControllerBase.cs
View File

@@ -15,18 +15,9 @@ namespace Umbraco.Web.Trees
/// A base controller reference for non-attributed trees (un-registered). Developers should inherit from
/// TreeController.
/// </summary>
[AngularJsonOnlyConfiguration]
public abstract class TreeControllerBase : UmbracoAuthorizedApiController
{
/// <summary>
/// Remove the xml formatter... only support JSON!
/// </summary>
/// <param name="controllerContext"></param>
protected override void Initialize(global::System.Web.Http.Controllers.HttpControllerContext controllerContext)
{
base.Initialize(controllerContext);
controllerContext.EnsureJsonOutputOnly();
}
/// <summary>
/// The method called to render the contents of the tree structure
/// </summary>

53
src/Umbraco.Web/UmbracoHelper.cs
View File

@@ -976,35 +976,32 @@ namespace Umbraco.Web
{
var doc = new HtmlDocument();
doc.LoadHtml("<p>" + html + "</p>");
using (var ms = new MemoryStream())
{
var targets = new List<HtmlNode>();
var targets = new List<HtmlNode>();
var nodes = doc.DocumentNode.FirstChild.SelectNodes(".//*");
if (nodes != null)
{
foreach (var node in nodes)
{
//is element
if (node.NodeType != HtmlNodeType.Element) continue;
var filterAllTags = (tags == null || !tags.Any());
if (filterAllTags || tags.Any(tag => string.Equals(tag, node.Name, StringComparison.CurrentCultureIgnoreCase)))
{
targets.Add(node);
}
}
foreach (var target in targets)
{
HtmlNode content = doc.CreateTextNode(target.InnerText);
target.ParentNode.ReplaceChild(content, target);
}
}
else
{
return new HtmlString(html);
}
return new HtmlString(doc.DocumentNode.FirstChild.InnerHtml);
}
var nodes = doc.DocumentNode.FirstChild.SelectNodes(".//*");
if (nodes != null)
{
foreach (var node in nodes)
{
//is element
if (node.NodeType != HtmlNodeType.Element) continue;
var filterAllTags = (tags == null || !tags.Any());
if (filterAllTags || tags.Any(tag => string.Equals(tag, node.Name, StringComparison.CurrentCultureIgnoreCase)))
{
targets.Add(node);
}
}
foreach (var target in targets)
{
HtmlNode content = doc.CreateTextNode(target.InnerText);
target.ParentNode.ReplaceChild(content, target);
}
}
else
{
return new HtmlString(html);
}
return new HtmlString(doc.DocumentNode.FirstChild.InnerHtml);
}
public string Coalesce(params object[] args)

42
src/Umbraco.Web/WebApi/HttpControllerContextExtensions.cs
View File

@@ -96,22 +96,38 @@ namespace Umbraco.Web.WebApi
jsonFormatter.SerializerSettings.Converters.Add(new CustomDateTimeConvertor("yyyy-MM-dd HH:mm:ss"));
}
/// <summary>
/// Removes the xml formatter so it only outputs angularized json (with the json vulnerability prefix added)
/// </summary>
/// <param name="controllerContext"></param>
internal static void EnsureJsonOutputOnly(this HttpControllerContext controllerContext)
{
///// <summary>
///// Removes the xml formatter so it only outputs angularized json (with the json vulnerability prefix added)
///// </summary>
///// <param name="controllerContext"></param>
//internal static void EnsureJsonOutputOnly(this HttpControllerContext controllerContext)
//{
// controllerContext.Configuration.Formatters = new MediaTypeFormatterCollection();
// //remove all json/xml formatters then add our custom one
// var toRemove = controllerContext.Configuration.Formatters.Where(t => (t is JsonMediaTypeFormatter) || (t is XmlMediaTypeFormatter)).ToList();
// foreach (var r in toRemove)
// {
// controllerContext.Configuration.Formatters.Remove(r);
// }
// controllerContext.Configuration.Formatters.Add(new AngularJsonMediaTypeFormatter());
//}
}
/// <summary>
/// Applying this attribute to any webapi controller will ensure that it only contains one json formatter compatible with the angular json vulnerability prevention.
/// </summary>
public class AngularJsonOnlyConfigurationAttribute : Attribute, IControllerConfiguration
{
public void Initialize(HttpControllerSettings controllerSettings, HttpControllerDescriptor controllerDescriptor)
{
//remove all json/xml formatters then add our custom one
for (var i = 0; i < controllerContext.Configuration.Formatters.Count;i++)
var toRemove = controllerSettings.Formatters.Where(t => (t is JsonMediaTypeFormatter) || (t is XmlMediaTypeFormatter)).ToList();
foreach (var r in toRemove)
{
if ((controllerContext.Configuration.Formatters[i] is JsonMediaTypeFormatter)
|| (controllerContext.Configuration.Formatters[i] is XmlMediaTypeFormatter))
{
controllerContext.Configuration.Formatters.RemoveAt(i);
}
controllerSettings.Formatters.Remove(r);
}
controllerContext.Configuration.Formatters.Add(new AngularJsonMediaTypeFormatter());
controllerSettings.Formatters.Add(new AngularJsonMediaTypeFormatter());
}
}
}

4
src/Umbraco.Web/umbraco.presentation/macro.cs
View File

@@ -796,7 +796,9 @@ namespace umbraco
{
if (attributes.ContainsKey(mp.Key.ToLower()))
{
mp.Value = attributes[mp.Key.ToLower()].ToString();
var item = attributes[mp.Key.ToLower()];
mp.Value = item == null ? string.Empty : item.ToString();
}
else
{