Item13261: adde $html() parameter

- use $html to render pure html. this is useful when generating xml - fixed leak of data on some ACL settings
foswiki · Feb 16, 2015 · 3baaf67 · 3baaf67
1 parent 51f5cd4
commit 3baaf67
Show file tree

Hide file tree

Showing 5 changed files with 22 additions and 12 deletions.
diff --git a/data/System/DBCachePlugin.txt b/data/System/DBCachePlugin.txt
@@ -1,4 +1,4 @@
-%META:TOPICINFO{author="ProjectContributor" comment="" date="1417091810" format="1.1" version="1"}%
+%META:TOPICINFO{author="ProjectContributor" comment="" date="1424086008" format="1.1" version="1"}%
 ---+!! <nop>%TOPIC%
 %TOC%
 
@@ -121,6 +121,7 @@ Following variables are expanded in format strings:
      (see [[%SYSTEMWEB%.Macros#DISPLAYTIME_format_formatted_dis][Macros]] documentation).
    * $expand(&lt;formfield-accessor>): return the formfield pointed to by the 
       &lt;formfield-accessor>
+   * $html(&lt;formfield-accessor>): same as =$expand()= but expands macros and TML markup
    * $d2n(&lt;formfield-accessor>): converts a date formfield's value to epoch seconds
    * $rss(...): encode entities so that the text can be included in an rss feed
    * $encode(...): encode entities so that the text can be included in HTML input form elements
@@ -416,11 +417,12 @@ automatically from there on.
    * Set SHORTDESCRIPTION = Lightweight frontend to the <nop>DBCacheContrib
 -->
 |  Author: | Michael Daum |
-|  Copyright &copy;: | 2005-2014, Michael Daum http://michaeldaumconsulting.com |
+|  Copyright &copy;: | 2005-2015, Michael Daum http://michaeldaumconsulting.com |
 |  License: | GPL ([[http://www.gnu.org/copyleft/gpl.html][GNU General Public License]]) |
 |  Release: | %$RELEASE% |
 |  Version: | %$VERSION% |
 |  Change History: | <!-- versions below in reverse order -->&nbsp; |
+|  20 Jan 2015: | added =$html()= |
 |  27 Nov 2014: | fixed security of rest handlers and DBDUMP macro |
 |  28 May 2014: | implemented new ACL style compatible with Foswiki >= 1.2 |
 |  04 Apr 2014: | flag rest handlers that don't require authentication |

diff --git a/lib/Foswiki/Plugins/DBCachePlugin.pm b/lib/Foswiki/Plugins/DBCachePlugin.pm
@@ -1,6 +1,6 @@
 # Plugin for Foswiki - The Free and Open Source Wiki, http://foswiki.org/
 #
-# Copyright (C) 2005-2014 Michael Daum http://michaeldaumconsulting.com
+# Copyright (C) 2005-2015 Michael Daum http://michaeldaumconsulting.com
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
@@ -25,8 +25,8 @@ use Foswiki::Plugins();
 #Monitor::MonitorMethod('Foswiki::Contrib::DBCachePlugin::Core');
 #Monitor::MonitorMethod('Foswiki::Contrib::DBCachePlugin::WebDB');
 
-our $VERSION = '6.01';
-our $RELEASE = '6.01';
+our $VERSION = '6.10';
+our $RELEASE = '6.10';
 our $NO_PREFS_IN_TOPIC = 1;
 our $SHORTDESCRIPTION = 'Lightweighted frontend to the DBCacheContrib';
 

diff --git a/lib/Foswiki/Plugins/DBCachePlugin/Core.pm b/lib/Foswiki/Plugins/DBCachePlugin/Core.pm
@@ -1,6 +1,6 @@
 # Plugin for Foswiki - The Free and Open Source Wiki, http://foswiki.org/
 #
-# Copyright (C) 2005-2014 Michael Daum http://michaeldaumconsulting.com
+# Copyright (C) 2005-2015 Michael Daum http://michaeldaumconsulting.com
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
@@ -356,15 +356,22 @@ sub handleDBQUERY {
       $line =~ s/\$pattern\((.*?)\)/extractPattern($topicObj, $1)/ge;
       $line =~ s/\$formfield\((.*?)\)/
         my $temp = $theDB->getFormField($topicName, $1);
-	$temp =~ s#\)#${TranslationToken}#g;
-	$temp/geo;
+        $temp =~ s#\)#${TranslationToken}#g;
+      $temp/geo;
       $line =~ s/\$expand\((.*?)\)/
         my $temp = $1;
         $temp = $theDB->expandPath($topicObj, $temp);
-	$temp =~ s#\)#${TranslationToken}#g;
-	$temp/geo;
+        $temp =~ s#\)#${TranslationToken}#g;
+      $temp/geo;
+      $line =~ s/\$html\((.*?)\)/
+        my $temp = $1;
+        $temp = $theDB->expandPath($topicObj, $temp);
+        $temp =~ s#\)#${TranslationToken}#g;
+        $temp = Foswiki::Func::expandCommonVariables($temp, $topicName, $thisWeb);
+        $temp = Foswiki::Func::renderText($temp, $thisWeb, $topicName);
+      $temp/geo;
       $line =~ s/\$d2n\((.*?)\)/parseTime($theDB->expandPath($topicObj, $1))/ge;
-      $line =~ s/\$formatTime\((.*?)(?:,\s*'([^']*?)')?\)/formatTime($theDB->expandPath($topicObj, $1), $2)/ge; # single quoted
+      $line =~ s/\$formatTime\((.*?)(?:,\s*'([^']*?)')?\)/formatTime($theDB->expandPath($topicObj, $1), $2)/ge;    # single quoted
       $line =~ s/\$topic/$topicName/g;
       $line =~ s/\$web/$thisWeb/g;
       $line =~ s/\$index/$index/g;

diff --git a/lib/Foswiki/Plugins/DBCachePlugin/MANIFEST b/lib/Foswiki/Plugins/DBCachePlugin/MANIFEST
@@ -1,5 +1,6 @@
 data/System/DBCachePlugin.txt 0644
 lib/Foswiki/Plugins/DBCachePlugin/Config.spec 0644
+lib/Foswiki/Plugins/DBCachePlugin/DEPENDENCIES 0644
 lib/Foswiki/Plugins/DBCachePlugin/Core.pm 0644
 lib/Foswiki/Plugins/DBCachePlugin.pm 0644
 lib/Foswiki/Plugins/DBCachePlugin/WebDB.pm 0644
diff --git a/lib/Foswiki/Plugins/DBCachePlugin/WebDB.pm b/lib/Foswiki/Plugins/DBCachePlugin/WebDB.pm
@@ -342,7 +342,7 @@ sub dbQuery {
       if (
         $isAdmin 
         || (!$topicHasPerms && $webViewPermission)
-        || $this->checkAccessPermission('VIEW', $wikiName, $topicObj) #Foswiki::Func::checkAccessPermission('VIEW', $wikiName, undef, $topicName, $this->{web}))
+        || ($topicHasPerms && $this->checkAccessPermission('VIEW', $wikiName, $topicObj)) #Foswiki::Func::checkAccessPermission('VIEW', $wikiName, undef, $topicName, $this->{web}))
         ) 
       {