lsm/Orchard
1
0
Fork 0
mirror of https://github.com/OrchardCMS/Orchard.git synced 2025-09-22 20:13:50 +08:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Sanitizing @Display(Model) usage

Browse Source 
--HG--
branch : dev
This commit is contained in:
Sebastien Ros
2011-02-09 17:59:52 -08:00
parent f7c2e49c72
commit 02c07875f7
23 changed files with 27 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/Orchard.Web/Core/Contents/Controllers/ItemController.cs
View File

@@ -2,6 +2,7 @@
using Orchard.ContentManagement;
using Orchard.DisplayManagement;
using Orchard.Localization;
using Orchard.Mvc;
using Orchard.Themes;
namespace Orchard.Core.Contents.Controllers {
@@ -24,8 +25,7 @@ namespace Orchard.Core.Contents.Controllers {
public ActionResult Display(int id) {
var contentItem = _contentManager.Get(id, VersionOptions.Published);
dynamic model = _contentManager.BuildDisplay(contentItem);
// Casting to avoid invalid (under medium trust) reflection over the protected View method and force a static invocation.
return View((object)model);
return new ShapeResult(this, model);
}
// /Contents/Item/Preview/72
@@ -41,8 +41,7 @@ namespace Orchard.Core.Contents.Controllers {
return new HttpUnauthorizedResult();
dynamic model = _contentManager.BuildDisplay(contentItem);
// Casting to avoid invalid (under medium trust) reflection over the protected View method and force a static invocation.
return View("Display", (object)model);
return new ShapeResult(this, model);
}
}
}

1
src/Orchard.Web/Core/Contents/Views/Admin/Create.cshtml
View File

@@ -5,5 +5,6 @@
<h1>@Html.TitleForPage((string)pageTitle.Text)</h1>
@using (Html.BeginFormAntiForgeryPost()) {
@Html.ValidationSummary()
// Model is a Shape, calling Display() so that it is rendered using the most specific template for its Shape type
@Display(Model)
}

1
src/Orchard.Web/Core/Contents/Views/Admin/Edit.cshtml
View File

@@ -8,5 +8,6 @@
<h1>@Html.TitleForPage(pageTitle)</h1>
@using (Html.BeginFormAntiForgeryPost()) {
@Html.ValidationSummary()
// Model is a Shape, calling Display() so that it is rendered using the most specific template for its Shape type
@Display(Model)
}

1
src/Orchard.Web/Core/Contents/Views/Item/Display.cshtml
View File

@@ -1 +0,0 @@
@Display(Model)

2
src/Orchard.Web/Core/Orchard.Core.csproj
View File

@@ -335,10 +335,8 @@
<SubType>Designer</SubType>
</Content>
<Content Include="Contents\Views\Content.ControlWrapper.cshtml" />
<Content Include="Contents\Views\Item\Display.cshtml" />
<Content Include="Navigation\Placement.info" />
<Content Include="Routable\Views\Parts.RoutableTitle.cshtml" />
<Content Include="Routable\Views\Item\Display.cshtml" />
<Content Include="Routable\Views\Routable.HomePage.cshtml" />
<Content Include="Contents\Views\Content.Summary.cshtml" />
<Content Include="Shapes\Views\Pager.cshtml" />

4
src/Orchard.Web/Core/Routable/Controllers/ItemController.cs
View File

@@ -9,6 +9,7 @@ using Orchard.Core.Routable.Services;
using Orchard.Data;
using Orchard.DisplayManagement;
using Orchard.Localization;
using Orchard.Mvc;
using Orchard.Services;
using Orchard.Themes;
@@ -59,8 +60,7 @@ namespace Orchard.Core.Routable.Controllers {
}
dynamic model = _contentManager.BuildDisplay(hits.Single());
// Casting to avoid invalid (under medium trust) reflection over the protected View method and force a static invocation.
return View((object)model);
return new ShapeResult(this, model);
}
public ActionResult Slugify(string contentType, int? id, int? containerId) {

1
src/Orchard.Web/Core/Routable/Views/Item/Display.cshtml
View File

@@ -1 +0,0 @@
@Display(Model)