lsm/Orchard
1
0
Fork 0
mirror of https://github.com/OrchardCMS/Orchard.git synced 2026-01-22 21:02:08 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Changed Blog delete button to be a form submit so it could be checked against the antiforgery token.

Browse Source 
--HG--
extra : convert_revision : svn%3A5ff7c347-ad56-4c35-b696-ccb81de16e03/trunk%4045336
This commit is contained in:
ErikPorter
2010-01-13 16:58:28 +00:00
parent 411a045648
commit f4e1f829c7
4 changed files with 26 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/Orchard.Web/Packages/Orchard.Blogs/Controllers/BlogAdminController.cs
View File

@@ -109,7 +109,7 @@ namespace Orchard.Blogs.Controllers {
return Redirect(Url.BlogsForAdmin()); return Redirect(Url.BlogsForAdmin());
} }
//[HttpPost] <- todo: (heskew) make all add/edit/remove POST only and verify the AntiForgeryToken [HttpPost]
public ActionResult Delete(string blogSlug) { public ActionResult Delete(string blogSlug) {
if (!_authorizer.Authorize(Permissions.DeleteBlog, T("Couldn't delete blog"))) if (!_authorizer.Authorize(Permissions.DeleteBlog, T("Couldn't delete blog")))
return new HttpUnauthorizedResult(); return new HttpUnauthorizedResult();

14
src/Orchard.Web/Packages/Orchard.Blogs/Views/DisplayTemplates/Items/Blogs.Blog.DetailAdmin.ascx
View File

@@ -2,11 +2,21 @@
<%@ Import Namespace="Orchard.Mvc.ViewModels"%> <%@ Import Namespace="Orchard.Mvc.ViewModels"%>
<%@ Import Namespace="Orchard.Blogs.Extensions"%> <%@ Import Namespace="Orchard.Blogs.Extensions"%>
<%@ Import Namespace="Orchard.Blogs.Models"%> <%@ Import Namespace="Orchard.Blogs.Models"%>
<%-- todo: (heskew) get what actions we can out of the h2 :| --%>
<h1 class="withActions"> <h1 class="withActions">
<a href="<%=Url.BlogForAdmin(Model.Item.Slug) %>"><%=Html.TitleForPage(Model.Item.Name) %></a> <a href="<%=Url.BlogForAdmin(Model.Item.Slug) %>"><%=Html.TitleForPage(Model.Item.Name) %></a>
</h1>
<ul class="actions">
<li class="construct">
<a href="<%=Url.BlogEdit(Model.Item.Slug) %>" class="ibutton edit"><%=_Encoded("Edit Blog") %></a> <a href="<%=Url.BlogEdit(Model.Item.Slug) %>" class="ibutton edit"><%=_Encoded("Edit Blog") %></a>
<span class="actions"><span class="destruct"><a href="<%=Url.BlogDelete(Model.Item.Slug) %>" class="ibutton remove"><%=_Encoded("Remove Blog") %></a></span></span></h1> </li>
<li class="destruct">
<% using (Html.BeginFormAntiForgeryPost(Url.BlogDelete(Model.Item.Slug))) { %>
<fieldset>
<input type="image" src="<%=Html.ThemePath("/styles/images/remove.png") %>" alt="<%=_Encoded("Remove Blog") %>" title="<%=_Encoded("Remove Blog") %>" class="ibutton image remove" />
</fieldset><%
} %>
</li>
</ul>
<p><%=Html.Encode(Model.Item.Description) %></p> <p><%=Html.Encode(Model.Item.Description) %></p>
<div class="actions"><a href="<%=Url.BlogPostCreate(Model.Item.Slug) %>" class="add button"><%=_Encoded("New Post")%></a></div> <div class="actions"><a href="<%=Url.BlogPostCreate(Model.Item.Slug) %>" class="add button"><%=_Encoded("New Post")%></a></div>
<% Html.Zone("primary"); <% Html.Zone("primary");

18
src/Orchard.Web/Packages/Orchard.Blogs/Views/DisplayTemplates/Items/Blogs.Blog.SummaryAdmin.ascx
View File

@@ -5,17 +5,23 @@
<h2><%=Html.Link(Html.Encode(Model.Item.Name), Url.BlogForAdmin(Model.Item.Slug)) %></h2> <h2><%=Html.Link(Html.Encode(Model.Item.Name), Url.BlogForAdmin(Model.Item.Slug)) %></h2>
<div class="meta"> <div class="meta">
<%=Html.Link(_Encoded("{0} post{1}", Model.Item.PostCount, Model.Item.PostCount == 1 ? "" : "s").ToString(), Url.BlogForAdmin(Model.Item.Slug))%> <%=Html.Link(_Encoded("{0} post{1}", Model.Item.PostCount, Model.Item.PostCount == 1 ? "" : "s").ToString(), Url.BlogForAdmin(Model.Item.Slug))%>
| <%=Html.Link(_Encoded("?? comments").ToString(), "") %></a> | <%=Html.Link(_Encoded("?? comments").ToString(), "") %>
</div> </div>
<%--<p>[list of authors] [modify blog access]</p>--%> <%--<p>[list of authors] [modify blog access]</p>--%>
<p><%=Html.Encode(Model.Item.Description) %></p> <p><%=Html.Encode(Model.Item.Description) %></p>
<p class="actions"> <ul class="actions">
<%-- todo: (heskew) make into a ul --%> <%-- todo: (heskew) make into a ul --%>
<span class="construct"> <li class="construct">
<a href="<%=Url.BlogForAdmin(Model.Item.Slug) %>" class="ibutton blog"><%=_Encoded("Manage Blog") %></a> <a href="<%=Url.BlogForAdmin(Model.Item.Slug) %>" class="ibutton blog"><%=_Encoded("Manage Blog") %></a>
<a href="<%=Url.BlogEdit(Model.Item.Slug) %>" class="ibutton edit"><%=_Encoded("Edit Blog")%></a> <a href="<%=Url.BlogEdit(Model.Item.Slug) %>" class="ibutton edit"><%=_Encoded("Edit Blog")%></a>
<a href="<%=Url.Blog(Model.Item.Slug) %>" class="ibutton view"><%=_Encoded("View Blog")%></a> <a href="<%=Url.Blog(Model.Item.Slug) %>" class="ibutton view"><%=_Encoded("View Blog")%></a>
<a href="<%=Url.BlogPostCreate(Model.Item.Slug) %>" class="ibutton add page"><%=_Encoded("New Post")%></a> <a href="<%=Url.BlogPostCreate(Model.Item.Slug) %>" class="ibutton add page"><%=_Encoded("New Post")%></a>
</span> </li>
<span class="destruct"><a href="<%=Url.BlogDelete(Model.Item.Slug) %>" class="ibutton remove"><%=_Encoded("Remove Blog")%></a></span> <li class="destruct">
</p> <% using (Html.BeginFormAntiForgeryPost(Url.BlogDelete(Model.Item.Slug))) { %>
<fieldset>
<input type="image" src="<%=Html.ThemePath("/styles/images/remove.png") %>" alt="<%=_Encoded("Remove Blog") %>" title="<%=_Encoded("Remove Blog") %>" class="ibutton image remove" />
</fieldset><%
} %>
</li>
</ul>

1
src/Orchard/UI/PageTitle/PageTitleBuilder.cs
View File

@@ -11,7 +11,6 @@ namespace Orchard.UI.PageTitle {
public PageTitleBuilder(ISiteService siteService) { public PageTitleBuilder(ISiteService siteService) {
_siteService = siteService; _siteService = siteService;
_titleParts = new List<string>(5); _titleParts = new List<string>(5);
//TODO: (erikpo) Get this from a site setting
_titleSeparator = _siteService.GetSiteSettings().PageTitleSeparator; _titleSeparator = _siteService.GetSiteSettings().PageTitleSeparator;
} }