From 2689e2861b80986bcf73fc895a1d6f71ab2e4e99 Mon Sep 17 00:00:00 2001 From: Jermolene Date: Thu, 4 Dec 2014 09:39:14 +0000 Subject: [PATCH] Revert to using fieldmangler for adding fields In 5.1.5 we switched to using `<$action-setfield>` instead of `<$fieldmangler>`. The problem was that in the process we lost the validation of field names, making it possible to create fields with illegal names Fixes #1186 --- core/modules/widgets/fieldmangler.js | 44 ++++++++++++++++++---------- core/ui/EditTemplate/fields.tid | 28 ++++++++++++++---- 2 files changed, 51 insertions(+), 21 deletions(-) diff --git a/core/modules/widgets/fieldmangler.js b/core/modules/widgets/fieldmangler.js index 0c44d666a..66c4db16e 100644 --- a/core/modules/widgets/fieldmangler.js +++ b/core/modules/widgets/fieldmangler.js @@ -71,24 +71,38 @@ FieldManglerWidget.prototype.handleRemoveFieldEvent = function(event) { }; FieldManglerWidget.prototype.handleAddFieldEvent = function(event) { - var tiddler = this.wiki.getTiddler(this.mangleTitle); - if(tiddler && typeof event.param === "string") { - var name = event.param.toLowerCase().trim(); - if(name !== "" && !$tw.utils.hop(tiddler.fields,name)) { - if(!$tw.utils.isValidFieldName(name)) { - alert($tw.language.getString( - "InvalidFieldName", - {variables: - {fieldName: name} - } - )); - return true; + var tiddler = this.wiki.getTiddler(this.mangleTitle), + addition = this.wiki.getModificationFields(), + hadInvalidFieldName = false, + addField = function(name,value) { + var trimmedName = name.toLowerCase().trim(); + debugger; + if(!$tw.utils.isValidFieldName(trimmedName)) { + if(!hadInvalidFieldName) { + alert($tw.language.getString( + "InvalidFieldName", + {variables: + {fieldName: trimmedName} + } + )); + hadInvalidFieldName = true; + return; + } + } else { + addition[trimmedName] = value || ""; } - var addition = this.wiki.getModificationFields(); - addition[name] = ""; - this.wiki.addTiddler(new $tw.Tiddler(tiddler,addition)); + return; + }; + addition.title = this.mangleTitle; + if(typeof event.param === "string") { + addField(event.param,""); + } + if(typeof event.paramObject === "object") { + for(var name in event.paramObject) { + addField(name,event.paramObject[name]); } } + this.wiki.addTiddler(new $tw.Tiddler(tiddler,addition)); return true; }; diff --git a/core/ui/EditTemplate/fields.tid b/core/ui/EditTemplate/fields.tid index 2546b8214..209a5e60a 100644 --- a/core/ui/EditTemplate/fields.tid +++ b/core/ui/EditTemplate/fields.tid @@ -5,9 +5,27 @@ tags: $:/tags/EditTemplate \define config-title() $:/config/EditTemplateFields/Visibility/$(currentField)$ \end + \define config-filter() [[hide]] -[title{$(config-title)$}] \end + +\define new-field(name,value) +<$reveal type="nomatch" text="" default="""$name$"""> +<$button> +<$action-sendmessage $message="tm-add-field" $name$="""$value$"""/> +<$action-deletetiddler $tiddler="$:/temp/newfieldname"/> +<$action-deletetiddler $tiddler="$:/temp/newfieldvalue"/> +<> + + +<$reveal type="match" text="" default="""$name$"""> +<$button> +<> + + +\end +
@@ -32,6 +50,7 @@ $:/config/EditTemplateFields/Visibility/$(currentField)$
+<$fieldmangler>
<> @@ -43,11 +62,8 @@ $:/config/EditTemplateFields/Visibility/$(currentField)$ <$edit-text tiddler="$:/temp/newfieldvalue" tag="input" default="" placeholder={{$:/language/EditTemplate/Fields/Add/Value/Placeholder}} class="tc-edit-texteditor"/> -<$button> -<$action-setfield $field={{$:/temp/newfieldname}} $value={{$:/temp/newfieldvalue}}/> -<$action-deletetiddler $tiddler="$:/temp/newfieldname"/> -<$action-deletetiddler $tiddler="$:/temp/newfieldvalue"/> -<> - +<$macrocall $name="new-field" name={{$:/temp/newfieldname}} value={{$:/temp/newfieldvalue}}/>
+ +