Sanitizing @Display(Model) usage

--HG--
branch : dev

src/Orchard.Web/Core/Contents/Controllers/ItemController.cs

@@ -2,6 +2,7 @@
 using Orchard.ContentManagement;
 using Orchard.DisplayManagement;
 using Orchard.Localization;
+using Orchard.Mvc;
 using Orchard.Themes;
 
 namespace Orchard.Core.Contents.Controllers {
@@ -24,8 +25,7 @@ namespace Orchard.Core.Contents.Controllers {
         public ActionResult Display(int id) {
             var contentItem = _contentManager.Get(id, VersionOptions.Published);
             dynamic model = _contentManager.BuildDisplay(contentItem);
-            // Casting to avoid invalid (under medium trust) reflection over the protected View method and force a static invocation.
-            return View((object)model);
+            return new ShapeResult(this, model);
         }
 
         // /Contents/Item/Preview/72
@@ -41,8 +41,7 @@ namespace Orchard.Core.Contents.Controllers {
                 return new HttpUnauthorizedResult();
 
             dynamic model = _contentManager.BuildDisplay(contentItem);
-            // Casting to avoid invalid (under medium trust) reflection over the protected View method and force a static invocation.
-            return View("Display", (object)model);
+            return new ShapeResult(this, model);
         }
     }
 }

src/Orchard.Web/Core/Contents/Views/Admin/Create.cshtml

@@ -5,5 +5,6 @@
 <h1>@Html.TitleForPage((string)pageTitle.Text)</h1>
 @using (Html.BeginFormAntiForgeryPost()) {
     @Html.ValidationSummary()
+    // Model is a Shape, calling Display() so that it is rendered using the most specific template for its Shape type
     @Display(Model)
 }

src/Orchard.Web/Core/Contents/Views/Admin/Edit.cshtml

@@ -8,5 +8,6 @@
 <h1>@Html.TitleForPage(pageTitle)</h1>
 @using (Html.BeginFormAntiForgeryPost()) {
     @Html.ValidationSummary()
+    // Model is a Shape, calling Display() so that it is rendered using the most specific template for its Shape type
     @Display(Model)
 }

src/Orchard.Web/Core/Contents/Views/Item/Display.cshtml

@@ -1 +0,0 @@
-@Display(Model)

src/Orchard.Web/Core/Orchard.Core.csproj

@@ -335,10 +335,8 @@
       <SubType>Designer</SubType>
     </Content>
     <Content Include="Contents\Views\Content.ControlWrapper.cshtml" />
-    <Content Include="Contents\Views\Item\Display.cshtml" />
     <Content Include="Navigation\Placement.info" />
     <Content Include="Routable\Views\Parts.RoutableTitle.cshtml" />
-    <Content Include="Routable\Views\Item\Display.cshtml" />
     <Content Include="Routable\Views\Routable.HomePage.cshtml" />
     <Content Include="Contents\Views\Content.Summary.cshtml" />
     <Content Include="Shapes\Views\Pager.cshtml" />

src/Orchard.Web/Core/Routable/Controllers/ItemController.cs

@@ -9,6 +9,7 @@ using Orchard.Core.Routable.Services;
 using Orchard.Data;
 using Orchard.DisplayManagement;
 using Orchard.Localization;
+using Orchard.Mvc;
 using Orchard.Services;
 using Orchard.Themes;
 
@@ -59,8 +60,7 @@ namespace Orchard.Core.Routable.Controllers {
             }
 
             dynamic model = _contentManager.BuildDisplay(hits.Single());
-            // Casting to avoid invalid (under medium trust) reflection over the protected View method and force a static invocation.
-            return View((object)model);
+            return new ShapeResult(this, model);
         }
 
         public ActionResult Slugify(string contentType, int? id, int? containerId) {

src/Orchard.Web/Core/Routable/Views/Item/Display.cshtml

@@ -1 +0,0 @@
-@Display(Model)

src/Orchard.Web/Modules/Orchard.Blogs/Controllers/BlogController.cs

@@ -8,6 +8,7 @@ using Orchard.Core.Feeds;
 using Orchard.Core.Routable.Services;
 using Orchard.DisplayManagement;
 using Orchard.Logging;
+using Orchard.Mvc;
 using Orchard.Services;
 using Orchard.Themes;
 using Orchard.UI.Navigation;
@@ -92,8 +93,7 @@ namespace Orchard.Blogs.Controllers {
             var totalItemCount = _blogPostService.PostCount(blogPart);
             blog.Content.Add(Shape.Pager(pager).TotalItemCount(totalItemCount), "Content:after");
 
-            // Casting to avoid invalid (under medium trust) reflection over the protected View method and force a static invocation.
-            return View((object)blog);
+            return new ShapeResult(this, blog);
         }
     }
 }

src/Orchard.Web/Modules/Orchard.Blogs/Controllers/BlogPostController.cs

@@ -7,6 +7,7 @@ using Orchard.ContentManagement;
 using Orchard.Core.Feeds;
 using Orchard.DisplayManagement;
 using Orchard.Localization;
+using Orchard.Mvc;
 using Orchard.Security;
 using Orchard.Themes;
 
@@ -51,8 +52,7 @@ namespace Orchard.Blogs.Controllers {
                 return HttpNotFound();
 
             dynamic model = _services.ContentManager.BuildDisplay(postPart);
-            // Casting to avoid invalid (under medium trust) reflection over the protected View method and force a static invocation.
-            return View((object)model);
+            return new ShapeResult(this, model);
         }
 
         public ActionResult ListByArchive(string blogPath, string archiveData) {

src/Orchard.Web/Modules/Orchard.Blogs/Orchard.Blogs.csproj

@@ -115,9 +115,7 @@
     <Content Include="Views\BlogAdmin\List.cshtml" />
     <Content Include="Views\BlogPostAdmin\Create.cshtml" />
     <Content Include="Views\BlogPostAdmin\Edit.cshtml" />
-    <Content Include="Views\BlogPost\Item.cshtml" />
     <Content Include="Views\BlogPost\ListByArchive.cshtml" />
-    <Content Include="Views\Blog\Item.cshtml" />
     <Content Include="Views\Blog\List.cshtml" />
     <Content Include="Views\Parts.Blogs.Blog.Manage.cshtml" />
     <Content Include="Views\Parts.Blogs.Blog.Description.cshtml" />

src/Orchard.Web/Modules/Orchard.Blogs/Views/Blog/Item.cshtml

@@ -1 +0,0 @@
-@Display(Model)

src/Orchard.Web/Modules/Orchard.Blogs/Views/BlogAdmin/Create.cshtml

@@ -1,5 +1,6 @@
 <h1>@Html.TitleForPage(T("Create New Blog").ToString())</h1>
 @using (Html.BeginFormAntiForgeryPost()) {
     @Html.ValidationSummary()
+    // Model is a Shape, calling Display() so that it is rendered using the most specific template for its Shape type
     @Display(Model)
 }

src/Orchard.Web/Modules/Orchard.Blogs/Views/BlogAdmin/Edit.cshtml

@@ -1,5 +1,6 @@
 <h1>@Html.TitleForPage(T("Blog Properties").ToString())</h1>
 @using (Html.BeginFormAntiForgeryPost()) {
     @Html.ValidationSummary()
+    // Model is a Shape, calling Display() so that it is rendered using the most specific template for its Shape type
     @Display(Model)
 }

src/Orchard.Web/Modules/Orchard.Blogs/Views/BlogAdmin/Item.cshtml

@@ -1,4 +1,5 @@
 @{
     Html.AddTitleParts(T("Manage Blog").ToString());
 }
-@Display(Model)
+    // Model is a Shape, calling Display() so that it is rendered using the most specific template for its Shape type
+    @Display(Model)

src/Orchard.Web/Modules/Orchard.Blogs/Views/BlogPost/Item.cshtml

@@ -1 +0,0 @@
-@Display(Model)

src/Orchard.Web/Modules/Orchard.Blogs/Views/BlogPostAdmin/Create.cshtml

@@ -1,5 +1,6 @@
 <h1>@Html.TitleForPage(T("Create New Blog Post").ToString())</h1>
 @using (Html.BeginFormAntiForgeryPost()) {
     @Html.ValidationSummary()
+    // Model is a Shape, calling Display() so that it is rendered using the most specific template for its Shape type
     @Display(Model)
 }

src/Orchard.Web/Modules/Orchard.Blogs/Views/BlogPostAdmin/Edit.cshtml

@@ -1,5 +1,6 @@
 <h1>@Html.TitleForPage(T("Edit Blog Post").ToString())</h1>
 @using (Html.BeginFormAntiForgeryPost()) {
     @Html.ValidationSummary()
+    // Model is a Shape, calling Display() so that it is rendered using the most specific template for its Shape type
     @Display(Model)
 }

src/Orchard.Web/Modules/Orchard.Users/Views/Admin/Create.cshtml

@@ -1,5 +1,6 @@
 <h1>@Html.TitleForPage(T("Add User").ToString()) </h1>
-@using (Html.BeginFormAntiForgeryPost()) { 
-    @Html.ValidationSummary() 
+@using (Html.BeginFormAntiForgeryPost()) {
+    @Html.ValidationSummary()
+    // Model is a Shape, calling Display() so that it is rendered using the most specific template for its Shape type
     @Display(Model)
 }

src/Orchard.Web/Modules/Orchard.Users/Views/Admin/Edit.cshtml

@@ -1,5 +1,6 @@
 <h1>@Html.TitleForPage(T("Edit User").ToString()) </h1>
 @using (Html.BeginFormAntiForgeryPost()) { 
     @Html.ValidationSummary() 
+    // Model is a Shape, calling Display() so that it is rendered using the most specific template for its Shape type
     @Display(Model)
  } 

src/Orchard.Web/Modules/Orchard.Widgets/Views/Admin/AddLayer.cshtml

@@ -1,5 +1,6 @@
 <h1>@Html.TitleForPage(T("Add Layer").ToString())</h1>
 @using (Html.BeginFormAntiForgeryPost()) {
     @Html.ValidationSummary()
+    // Model is a Shape, calling Display() so that it is rendered using the most specific template for its Shape type
     @Display(Model)
 }

src/Orchard.Web/Modules/Orchard.Widgets/Views/Admin/AddWidget.cshtml

@@ -1,5 +1,6 @@
 <h1>@Html.TitleForPage(T("Add Widget").ToString())</h1>
 @using (Html.BeginFormAntiForgeryPost()) {
     @Html.ValidationSummary()
+    // Model is a Shape, calling Display() so that it is rendered using the most specific template for its Shape type
     @Display(Model)
 }

src/Orchard.Web/Modules/Orchard.Widgets/Views/Admin/EditLayer.cshtml

@@ -1,5 +1,6 @@
 <h1>@Html.TitleForPage(T("Edit Layer").ToString())</h1>
-    @using (Html.BeginFormAntiForgeryPost()) {
+@using (Html.BeginFormAntiForgeryPost()) {
     @Html.ValidationSummary()
+    // Model is a Shape, calling Display() so that it is rendered using the most specific template for its Shape type
     @Display(Model)
 }

src/Orchard.Web/Modules/Orchard.Widgets/Views/Admin/EditWidget.cshtml

@@ -1,5 +1,6 @@
 <h1>@Html.TitleForPage(T("Edit Widget").ToString())</h1>
-    @using (Html.BeginFormAntiForgeryPost()) {
+@using (Html.BeginFormAntiForgeryPost()) {
     @Html.ValidationSummary()
+    // Model is a Shape, calling Display() so that it is rendered using the most specific template for its Shape type
     @Display(Model)
 }