lsm/Orchard
1
0
Fork 0
mirror of https://github.com/OrchardCMS/Orchard.git synced 2025-07-15 23:37:44 +08:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Sanitizing @Display(Model) usage

Browse Source 
--HG--
branch : dev
This commit is contained in:
Sebastien Ros 2011-02-09 17:59:52 -08:00
parent f7c2e49c72
commit 02c07875f7
23 changed files with 27 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/Orchard.Web/Core/Contents/Controllers/ItemController.cs
View File

@ -2,6 +2,7 @@
using Orchard.ContentManagement;
using Orchard.DisplayManagement;
using Orchard.Localization;
using Orchard.Mvc;
using Orchard.Themes;
namespace Orchard.Core.Contents.Controllers {
@ -24,8 +25,7 @@ namespace Orchard.Core.Contents.Controllers {
public ActionResult Display(int id) {
var contentItem = _contentManager.Get(id, VersionOptions.Published);
dynamic model = _contentManager.BuildDisplay(contentItem);
// Casting to avoid invalid (under medium trust) reflection over the protected View method and force a static invocation.
return View((object)model);
return new ShapeResult(this, model);
}
// /Contents/Item/Preview/72
@ -41,8 +41,7 @@ namespace Orchard.Core.Contents.Controllers {
return new HttpUnauthorizedResult();
dynamic model = _contentManager.BuildDisplay(contentItem);
// Casting to avoid invalid (under medium trust) reflection over the protected View method and force a static invocation.
return View("Display", (object)model);
return new ShapeResult(this, model);
}
}
}

1
src/Orchard.Web/Core/Contents/Views/Admin/Create.cshtml
View File

@ -5,5 +5,6 @@
<h1>@Html.TitleForPage((string)pageTitle.Text)</h1>
@using (Html.BeginFormAntiForgeryPost()) {
@Html.ValidationSummary()
// Model is a Shape, calling Display() so that it is rendered using the most specific template for its Shape type
@Display(Model)
}

1
src/Orchard.Web/Core/Contents/Views/Admin/Edit.cshtml
View File

@ -8,5 +8,6 @@
<h1>@Html.TitleForPage(pageTitle)</h1>
@using (Html.BeginFormAntiForgeryPost()) {
@Html.ValidationSummary()
// Model is a Shape, calling Display() so that it is rendered using the most specific template for its Shape type
@Display(Model)
}

1
src/Orchard.Web/Core/Contents/Views/Item/Display.cshtml
View File

@ -1 +0,0 @@
@Display(Model)

2
src/Orchard.Web/Core/Orchard.Core.csproj
View File

@ -335,10 +335,8 @@
<SubType>Designer</SubType>
</Content>
<Content Include="Contents\Views\Content.ControlWrapper.cshtml" />
<Content Include="Contents\Views\Item\Display.cshtml" />
<Content Include="Navigation\Placement.info" />
<Content Include="Routable\Views\Parts.RoutableTitle.cshtml" />
<Content Include="Routable\Views\Item\Display.cshtml" />
<Content Include="Routable\Views\Routable.HomePage.cshtml" />
<Content Include="Contents\Views\Content.Summary.cshtml" />
<Content Include="Shapes\Views\Pager.cshtml" />

4
src/Orchard.Web/Core/Routable/Controllers/ItemController.cs
View File

@ -9,6 +9,7 @@ using Orchard.Core.Routable.Services;
using Orchard.Data;
using Orchard.DisplayManagement;
using Orchard.Localization;
using Orchard.Mvc;
using Orchard.Services;
using Orchard.Themes;
@ -59,8 +60,7 @@ namespace Orchard.Core.Routable.Controllers {
}
dynamic model = _contentManager.BuildDisplay(hits.Single());
// Casting to avoid invalid (under medium trust) reflection over the protected View method and force a static invocation.
return View((object)model);
return new ShapeResult(this, model);
}
public ActionResult Slugify(string contentType, int? id, int? containerId) {

1
src/Orchard.Web/Core/Routable/Views/Item/Display.cshtml
View File

@ -1 +0,0 @@
@Display(Model)

4
src/Orchard.Web/Modules/Orchard.Blogs/Controllers/BlogController.cs
View File

@ -8,6 +8,7 @@ using Orchard.Core.Feeds;
using Orchard.Core.Routable.Services;
using Orchard.DisplayManagement;
using Orchard.Logging;
using Orchard.Mvc;
using Orchard.Services;
using Orchard.Themes;
using Orchard.UI.Navigation;
@ -92,8 +93,7 @@ namespace Orchard.Blogs.Controllers {
var totalItemCount = _blogPostService.PostCount(blogPart);
blog.Content.Add(Shape.Pager(pager).TotalItemCount(totalItemCount), "Content:after");
// Casting to avoid invalid (under medium trust) reflection over the protected View method and force a static invocation.
return View((object)blog);
return new ShapeResult(this, blog);
}
}
}

4
src/Orchard.Web/Modules/Orchard.Blogs/Controllers/BlogPostController.cs
View File

@ -7,6 +7,7 @@ using Orchard.ContentManagement;
using Orchard.Core.Feeds;
using Orchard.DisplayManagement;
using Orchard.Localization;
using Orchard.Mvc;
using Orchard.Security;
using Orchard.Themes;
@ -51,8 +52,7 @@ namespace Orchard.Blogs.Controllers {
return HttpNotFound();
dynamic model = _services.ContentManager.BuildDisplay(postPart);
// Casting to avoid invalid (under medium trust) reflection over the protected View method and force a static invocation.
return View((object)model);
return new ShapeResult(this, model);
}
public ActionResult ListByArchive(string blogPath, string archiveData) {

2
src/Orchard.Web/Modules/Orchard.Blogs/Orchard.Blogs.csproj
View File

@ -115,9 +115,7 @@
<Content Include="Views\BlogAdmin\List.cshtml" />
<Content Include="Views\BlogPostAdmin\Create.cshtml" />
<Content Include="Views\BlogPostAdmin\Edit.cshtml" />
<Content Include="Views\BlogPost\Item.cshtml" />
<Content Include="Views\BlogPost\ListByArchive.cshtml" />
<Content Include="Views\Blog\Item.cshtml" />
<Content Include="Views\Blog\List.cshtml" />
<Content Include="Views\Parts.Blogs.Blog.Manage.cshtml" />
<Content Include="Views\Parts.Blogs.Blog.Description.cshtml" />

1
src/Orchard.Web/Modules/Orchard.Blogs/Views/Blog/Item.cshtml
View File

@ -1 +0,0 @@
@Display(Model)

1
src/Orchard.Web/Modules/Orchard.Blogs/Views/BlogAdmin/Create.cshtml
View File

@ -1,5 +1,6 @@
<h1>@Html.TitleForPage(T("Create New Blog").ToString())</h1>
@using (Html.BeginFormAntiForgeryPost()) {
@Html.ValidationSummary()
// Model is a Shape, calling Display() so that it is rendered using the most specific template for its Shape type
@Display(Model)
}

1
src/Orchard.Web/Modules/Orchard.Blogs/Views/BlogAdmin/Edit.cshtml
View File

@ -1,5 +1,6 @@
<h1>@Html.TitleForPage(T("Blog Properties").ToString())</h1>
@using (Html.BeginFormAntiForgeryPost()) {
@Html.ValidationSummary()
// Model is a Shape, calling Display() so that it is rendered using the most specific template for its Shape type
@Display(Model)
}

1
src/Orchard.Web/Modules/Orchard.Blogs/Views/BlogAdmin/Item.cshtml
View File

@ -1,4 +1,5 @@
@{
Html.AddTitleParts(T("Manage Blog").ToString());
}
// Model is a Shape, calling Display() so that it is rendered using the most specific template for its Shape type
@Display(Model)

1
src/Orchard.Web/Modules/Orchard.Blogs/Views/BlogPost/Item.cshtml
View File

@ -1 +0,0 @@
@Display(Model)

1
src/Orchard.Web/Modules/Orchard.Blogs/Views/BlogPostAdmin/Create.cshtml
View File

@ -1,5 +1,6 @@
<h1>@Html.TitleForPage(T("Create New Blog Post").ToString())</h1>
@using (Html.BeginFormAntiForgeryPost()) {
@Html.ValidationSummary()
// Model is a Shape, calling Display() so that it is rendered using the most specific template for its Shape type
@Display(Model)
}

1
src/Orchard.Web/Modules/Orchard.Blogs/Views/BlogPostAdmin/Edit.cshtml
View File

@ -1,5 +1,6 @@
<h1>@Html.TitleForPage(T("Edit Blog Post").ToString())</h1>
@using (Html.BeginFormAntiForgeryPost()) {
@Html.ValidationSummary()
// Model is a Shape, calling Display() so that it is rendered using the most specific template for its Shape type
@Display(Model)
}

1
src/Orchard.Web/Modules/Orchard.Users/Views/Admin/Create.cshtml
View File

@ -1,5 +1,6 @@
<h1>@Html.TitleForPage(T("Add User").ToString()) </h1>
@using (Html.BeginFormAntiForgeryPost()) {
@Html.ValidationSummary()
// Model is a Shape, calling Display() so that it is rendered using the most specific template for its Shape type
@Display(Model)
}

1
src/Orchard.Web/Modules/Orchard.Users/Views/Admin/Edit.cshtml
View File

@ -1,5 +1,6 @@
<h1>@Html.TitleForPage(T("Edit User").ToString()) </h1>
@using (Html.BeginFormAntiForgeryPost()) {
@Html.ValidationSummary()
// Model is a Shape, calling Display() so that it is rendered using the most specific template for its Shape type
@Display(Model)
}

1
src/Orchard.Web/Modules/Orchard.Widgets/Views/Admin/AddLayer.cshtml
View File

@ -1,5 +1,6 @@
<h1>@Html.TitleForPage(T("Add Layer").ToString())</h1>
@using (Html.BeginFormAntiForgeryPost()) {
@Html.ValidationSummary()
// Model is a Shape, calling Display() so that it is rendered using the most specific template for its Shape type
@Display(Model)
}

1
src/Orchard.Web/Modules/Orchard.Widgets/Views/Admin/AddWidget.cshtml
View File

@ -1,5 +1,6 @@
<h1>@Html.TitleForPage(T("Add Widget").ToString())</h1>
@using (Html.BeginFormAntiForgeryPost()) {
@Html.ValidationSummary()
// Model is a Shape, calling Display() so that it is rendered using the most specific template for its Shape type
@Display(Model)
}

1
src/Orchard.Web/Modules/Orchard.Widgets/Views/Admin/EditLayer.cshtml
View File

@ -1,5 +1,6 @@
<h1>@Html.TitleForPage(T("Edit Layer").ToString())</h1>
@using (Html.BeginFormAntiForgeryPost()) {
@Html.ValidationSummary()
// Model is a Shape, calling Display() so that it is rendered using the most specific template for its Shape type
@Display(Model)
}

1
src/Orchard.Web/Modules/Orchard.Widgets/Views/Admin/EditWidget.cshtml
View File

@ -1,5 +1,6 @@
<h1>@Html.TitleForPage(T("Edit Widget").ToString())</h1>
@using (Html.BeginFormAntiForgeryPost()) {
@Html.ValidationSummary()
// Model is a Shape, calling Display() so that it is rendered using the most specific template for its Shape type
@Display(Model)
}