In my application we use the struts URL tag in our freemarker templates like this:
<s.url action="struts-action-name"/>
The issue is that instead of appending the action url to the root url of the application it actually appends it to the current URL.
Say we hit www.example.com/community/examples/xss187ba"><ScRiPt>alert(1)</ScRiPt>506d1768713/career_development, and in the ftl for that page we have a form like this:
<form action="<s.url action="struts-action-name"/>">
The rendered ftl would look like this:
<form action="/community/examples/xss187ba"><ScRiPt>alert(1)</ScRiPt>506d1768713/career_development">
Which causes an alert to popup... has anyone dealt with this issue? Is this a bug in Struts or are we doing something wrong here?
The obvious fix is to use the URL tag like this:
<form action="<s.url value="/struts-action-name.jspa"/>">
On the other hand a quick search shows 2500 uses of that tag in the project and refactoring all those would not be a very fun/efficient job :(
Any help, comments or suggestions would be highly appreciated.
-Andre
The url tag doesn't "append" to anything--it creates a URL relative to the application, in this case based on a configured action name. Assuming an action named "f1" and a root deployment the only thing the tag would produce is an absolute URL /f1.action (or `/f1' with no extension).
Given:
<struts>
<constant name="struts.devMode" value="true"/>
<constant name="struts.action.extension" value=",,action"/>
<package name="default" namespace="/" extends="struts-default">
<action name="f1" class="radios.RadioAction" method="input">
<result name="input" type="freemarker">/WEB-INF/radios/input.ftl</result>
</action>
...
The FreeMarker fragment:
<#s.url action="f1"/>
will output:
/f1
You may need to provide more info: are you using specific plugins (like Convention), etc?
You could extend org.apache.struts2.views.jsp.URLTag and replace the exiting or add a new tag in struts-tags.tld.
I do find it weird that it does not automatically url-encode those parts of the URL, as that's what I would expect it to do.
So I would consider this a bug. Maybe contact the Struts developers about this one. Most of their other tags do automatic encoding, so it's weird that this one doesn't.
Related
I'm trying to emit the current page's name within portal_normal.vm. The options I know of all include a bunch of XML garbage that it's important to be rid of.
Right now, I'm using $layout.getName(), which produces this:
<root default-locale="en_US" available-locales="en_US">
<name language-id="en_US">
Home
</name>
</root>
It's true that the page's name is "Home", but the rest of that garbage ruins it.
I've tried $layout.name as well, but it produces the same result.
How do I access the bare value?
Based on what I saw in this post (which appears to be about writing controller or servlet code), I was able to produce this code to get the bare name:
$layout.getName($themeDisplay.getLocale())
I was having a lot of trouble getting relative links working in MODx. As soon as I made a container and put some pages one level above the root, nothing was linking correctly. Lots of missing images and broken links.
NOTE: This fix apparently will break all links linking to content identifiers.
I fixed it by putting the following at the top of the web template:
<base href="[[++site_url]]" />
You have to use that. If you hardcode it, it will screw up depending on which protocol you use, http or https.
StingyB's answer is correct. This tag should be in the head section of all MODX templates:
`<base href="[[++site_url]]" />`
Note that if you have multiple front-end contexts, the placeholder should be uncached:
`<base href="[[!++site_url]]" />`
Also, it must be a short tag. This will not work:
`<base href="[[!++site_url]]"></base>`
I'm not sure where comment about "breaking all links linking to content identifiers" is coming from. These tags are standard in all MODX installs.
I'm trying to create a menu template in JSF where the link for the current directory has a different "current" or "active" class. The code currently looks like:
<ul>
<li><h:outputLink value="#{request.contextPath}/a/">A</h:outputLink></li>
<li><h:outputLink value="#{request.contextPath}/b/">B</h:outputLink></li>
<li><h:outputLink value="#{request.contextPath}/c/">C</h:outputLink></li>
</ul>
I'm thinking of using something like styleClass="#{(thisDir == currentDir) ? currentLinkClass : normalLinkClass}". But how do I get the current path? Is this even correct, or is there a better way to do this?
Also, I want the links to base on the current path, not just the page. For example, myapp/a/1.jsf and myapp/a/2.jsf (that is, myapp/a/*.jsf) should trigger the active class for the A link. (I hope my explanation is clear.) Is this possible? How should this be done?
Thank you very much!
You can use #{request.requestURI} to get the current request URI. You can if necessary use several EL functions from JSTL fn taglib to do some string comparisons/manipulations in EL.
Your proposed EL styleClass suggestion is perfectly fine. There is no other easy way anyway. Best optimization which you could do so far is to render those links in a loop by an <ui:repeat> so that code duplication is at least eliminated.
You can also try this approach which uses #{view.viewId}:
<h:outputLink
styleClass="#{(view.viewId.equals('/admin/authors.xhtml')) ? 'active' : 'inactive'}"
value="authors.xhtml">Text</h:outputLink>
I'm working on this for days now and I just can't figure it out..
My question is: Is it possible to alter the login.html file in the view.secure folder, so that I could include it in another html-file with #{include 'views/login.html'}, let's say in the index.html, as a login-sidebox, and how could this work?
Move the code to a tag. Simply move the file "login.html" under tags folder, and then you can use it as:
#{login /}
That said, be careful. I don't have the code here but it may be that login is using some vars. If that's the case, you'll need to pas the vars to the tag and modify the tag slightly. For example, assume you have a var called "name" in the tag. You'll have to change "name" to "_name" in the tag and pass the var as parameter in the tag, as follows:
#{login name:name /}
This is the standard behavior of tags. You can check existing tags in the "samples" folder of the framework for more help.
Probably with #{extends 'index.html' /} combined with #{doLayout /} as shown in documentation.
With all of your friendly assistance i solved the problem!
I included the login-form into all sites i want it in, and when I get logged in or logged out, I use the onAuthenticated()/onDisconnected() to redirect to the wanted site!
But there is one problem left! If the case appears that a error message is displayed, like "User not existing" or something, it is not possible to handle that case.. it would be nice if you could also help me with that.
I'm creating some pages using a SiteDefinition, the markup looks something like this:
<File Url="Page.aspx" Name="$Resources:SiteDefinitions,PageName;" Type="GhostableInLibrary">
<Property Name="Title" Value="$Resources:SiteDefinitions,PageTitle;" />
<Property Name="PublishingPageLayout" Value="~SiteCollection/_catalogs/masterpage/Somepage.aspx"></Property>
<AllUsersWebPart WebPartZoneID="WebPartZone1" WebPartOrder="1">
-- webpart data here
</AllUsersWebPart>
</File>
The page is created as expected, but it's somewhat faulty. If for instance I click Edit Page and then click Publish (without actually editing anything) I will get this error:
"This Page has been modified since you opened it. You must open the page again."
I will get this error approx. every second time I try an editing action.
If I manually create a page using the same page layout everything works as expected and this error does not show up.
Does anybody have an idea what could be wrong?
I too create a Page using the above method only thing I found missing in your code is that I used to have a title in the PageLayout as
<Property Name="PublishingPageLayout" Value="~SiteCollection/_catalogs/masterpage/Somepage.aspx, Your title"></Property>
This should not be the cause, but you can try it, Also refer the articles this or this
I think you're right with using PublishingLayoutPage. I came across this article today while searching for this error caused by something else. It describes your same issue although the person in the article was not inheriting from PublishingLayoutPage and had not specified the PublishingPageLayout property. When they fixed this it worked.
This doesn't directly help you, although I did notice in their article that they are specifying the ContentType property. Have you tried specifying this? As you can see your complete code, are there any other differences you see from the article or additional information from the comments?
Okay, I (kinda) got this working now.
The guy who had made the ONET.xml had put a reference to the page layout in the Url attribute of the element.
Like I wrote in a comment earlier I tried making the page layouts inherit from TemplateRedirectionPage. Instead I now made an empty default.aspx file that inherits from TemplateRedirectionPage and changed all my page layout files back to deriving from the PublishingLayoutPage. And then I added the PublishingPageLayout element below every element.
Funny, or oddly, having a refence to the page layout in the Url attribute and not having the PublishingPageLayout element at all is actually valid. It doesn't make sense, because it will produce these faulty pages, but SharePoint actually accepts it and spits out all the pages defined in the ONET.xml
Only thing left now is that since I made the above changes, when I manually create a new page based on a page layout every default webpart (as defined with AllUsersWebPart) is instantiated 5 times. Really don't know where this behaviour is coming from, but at least it's not as serious as not being able to edit/publish my pages :)