summaryrefslogtreecommitdiffstats
path: root/client
diff options
context:
space:
mode:
Diffstat (limited to 'client')
-rw-r--r--client/components/activities/activities.jade56
-rw-r--r--client/components/activities/activities.js27
-rw-r--r--client/components/boards/boardHeader.jade20
-rw-r--r--client/components/rules/actions/cardActions.jade2
-rw-r--r--client/components/swimlanes/swimlaneHeader.jade3
-rw-r--r--client/components/swimlanes/swimlanes.js12
-rw-r--r--client/lib/utils.js18
7 files changed, 82 insertions, 56 deletions
diff --git a/client/components/activities/activities.jade b/client/components/activities/activities.jade
index c86936a0..77acd6a3 100644
--- a/client/components/activities/activities.jade
+++ b/client/components/activities/activities.jade
@@ -34,38 +34,38 @@ template(name="activity")
//- board activity ------------------------------------------------------
if($eq mode 'board')
if($eq activity.activityType 'createBoard')
- | {{_ 'activity-created' boardLabel}}.
+ | {{{_ 'activity-created' boardLabelLink}}}.
if($eq activity.activityType 'importBoard')
- | {{{_ 'activity-imported-board' boardLabel sourceLink}}}.
+ | {{{_ 'activity-imported-board' boardLabelLink sourceLink}}}.
if($eq activity.activityType 'addBoardMember')
- | {{{_ 'activity-added' memberLink boardLabel}}}.
+ | {{{_ 'activity-added' memberLink boardLabelLink}}}.
if($eq activity.activityType 'removeBoardMember')
- | {{{_ 'activity-excluded' memberLink boardLabel}}}.
+ | {{{_ 'activity-excluded' memberLink boardLabelLink}}}.
//- card activity -------------------------------------------------------
if($eq activity.activityType 'createCard')
if($eq mode 'card')
- | {{{_ 'activity-added' cardLabel activity.listName}}}.
+ | {{{_ 'activity-added' cardLabelLink (sanitize activity.listName)}}}.
else
- | {{{_ 'activity-added' cardLabel boardLabel}}}.
+ | {{{_ 'activity-added' cardLabelLink boardLabelLink}}}.
if($eq activity.activityType 'importCard')
- | {{{_ 'activity-imported' cardLink boardLabel sourceLink}}}.
+ | {{{_ 'activity-imported' cardLink boardLabelLink sourceLink}}}.
if($eq activity.activityType 'moveCard')
- | {{{_ 'activity-moved' cardLabel activity.oldList.title activity.list.title}}}.
+ | {{{_ 'activity-moved' cardLabelLink (sanitize activity.oldList.title) (sanitize activity.list.title)}}}.
if($eq activity.activityType 'moveCardBoard')
- | {{{_ 'activity-moved' cardLink activity.oldBoardName activity.boardName}}}.
+ | {{{_ 'activity-moved' cardLink (sanitize activity.oldBoardName) (sanitize activity.boardName)}}}.
if($eq activity.activityType 'archivedCard')
| {{{_ 'activity-archived' cardLink}}}.
if($eq activity.activityType 'restoredCard')
- | {{{_ 'activity-sent' cardLink boardLabel}}}.
+ | {{{_ 'activity-sent' cardLink boardLabelLink}}}.
//- checklist activity --------------------------------------------------
if($eq activity.activityType 'addChecklist')
@@ -83,25 +83,25 @@ template(name="activity")
| {{{_ 'activity-checklist-removed' cardLink}}}.
if($eq activity.activityType 'completeChecklist')
- | {{{_ 'activity-checklist-completed' activity.checklist.title cardLink}}}.
+ | {{{_ 'activity-checklist-completed' (sanitize activity.checklist.title) cardLink}}}.
if($eq activity.activityType 'uncompleteChecklist')
- | {{{_ 'activity-checklist-uncompleted' activity.checklist.title cardLink}}}.
+ | {{{_ 'activity-checklist-uncompleted' (sanitize activity.checklist.title) cardLink}}}.
if($eq activity.activityType 'checkedItem')
- | {{{_ 'activity-checked-item' checkItem activity.checklist.title cardLink}}}.
+ | {{{_ 'activity-checked-item' (sanitize checkItem) (sanitize activity.checklist.title) cardLink}}}.
if($eq activity.activityType 'uncheckedItem')
- | {{{_ 'activity-unchecked-item' checkItem activity.checklist.title cardLink}}}.
+ | {{{_ 'activity-unchecked-item' (sanitize checkItem) (sanitize activity.checklist.title) cardLink}}}.
if($eq activity.activityType 'addChecklistItem')
- | {{{_ 'activity-checklist-item-added' activity.checklist.title cardLink}}}.
+ | {{{_ 'activity-checklist-item-added' (sanitize activity.checklist.title) cardLink}}}.
.activity-checklist(href="{{ activity.card.absoluteUrl }}")
+viewer
= activity.checklistItem.title
if($eq activity.activityType 'removedChecklistItem')
- | {{{_ 'activity-checklist-item-removed' activity.checklist.title cardLink}}}.
+ | {{{_ 'activity-checklist-item-removed' (sanitize activity.checklist.title) cardLink}}}.
//- comment activity ----------------------------------------------------
if($eq mode 'card')
@@ -143,31 +143,31 @@ template(name="activity")
| {{_ 'activity-customfield-created' customField}}.
if($eq activity.activityType 'setCustomField')
- | {{{_ 'activity-set-customfield' lastCustomField lastCustomFieldValue cardLink}}}.
+ | {{{_ 'activity-set-customfield' (sanitize lastCustomField) (sanitize lastCustomFieldValue) cardLink}}}.
if($eq activity.activityType 'unsetCustomField')
- | {{{_ 'activity-unset-customfield' lastCustomField cardLink}}}.
+ | {{{_ 'activity-unset-customfield' (sanitize lastCustomField) cardLink}}}.
//- label activity ------------------------------------------------------
if($eq activity.activityType 'addedLabel')
- | {{{_ 'activity-added-label' lastLabel cardLink}}}.
+ | {{{_ 'activity-added-label' (sanitize lastLabel) cardLink}}}.
if($eq activity.activityType 'removedLabel')
- | {{{_ 'activity-removed-label' lastLabel cardLink}}}.
+ | {{{_ 'activity-removed-label' (sanitize lastLabel) cardLink}}}.
//- list activity -------------------------------------------------------
if($neq mode 'card')
if($eq activity.activityType 'createList')
- | {{{_ 'activity-added' listLabel boardLabel}}}.
+ | {{{_ 'activity-added' (sanitize listLabel) boardLabelLink}}}.
if($eq activity.activityType 'importList')
- | {{{_ 'activity-imported' listLabel boardLabel sourceLink}}}.
+ | {{{_ 'activity-imported' (sanitize listLabel) boardLabelLink sourceLink}}}.
if($eq activity.activityType 'removeList')
- | {{{_ 'activity-removed' activity.title boardLabel}}}.
+ | {{{_ 'activity-removed' (sanitize activity.title) boardLabelLink}}}.
if($eq activity.activityType 'archivedList')
- | {{_ 'activity-archived' listLabel}}.
+ | {{_ 'activity-archived' (sanitize listLabel)}}.
//- member activity ----------------------------------------------------
if($eq activity.activityType 'joinMember')
@@ -185,15 +185,15 @@ template(name="activity")
//- swimlane activity --------------------------------------------------
if($neq mode 'card')
if($eq activity.activityType 'createSwimlane')
- | {{{_ 'activity-added' activity.swimlane.title boardLabel}}}.
+ | {{_ 'activity-added' (sanitize activity.swimlane.title) boardLabelLink}}.
if($eq activity.activityType 'archivedSwimlane')
- | {{_ 'activity-archived' activity.swimlane.title}}.
+ | {{_ 'activity-archived' (sanitize activity.swimlane.title)}}.
//- I don't understand this part ----------------------------------------
if(currentData.timeKey)
- | {{{_ activity.activityType }}}
+ | {{_ activity.activityType }}
= ' '
i(title=currentData.timeValue).activity-meta {{ moment currentData.timeValue 'LLL' }}
if (currentData.timeOldValue)
@@ -203,6 +203,6 @@ template(name="activity")
i(title=currentData.timeOldValue).activity-meta {{ moment currentData.timeOldValue 'LLL' }}
= ' @'
else if(currentData.timeValue)
- | {{{_ activity.activityType currentData.timeValue}}}
+ | {{_ activity.activityType currentData.timeValue}}
span(title=activity.createdAt).activity-meta {{ moment activity.createdAt }}
diff --git a/client/components/activities/activities.js b/client/components/activities/activities.js
index 5d356f6e..23ab70ed 100644
--- a/client/components/activities/activities.js
+++ b/client/components/activities/activities.js
@@ -1,3 +1,5 @@
+import sanitizeXss from 'xss';
+
const activitiesPerPage = 20;
BlazeComponent.extendComponent({
@@ -57,7 +59,7 @@ BlazeComponent.extendComponent({
return checkItem && checkItem.title;
},
- boardLabel() {
+ boardLabelLink() {
const data = this.currentData();
if (data.mode !== 'board') {
return createBoardLink(data.activity.board(), data.activity.listName);
@@ -65,10 +67,10 @@ BlazeComponent.extendComponent({
return TAPi18n.__('this-board');
},
- cardLabel() {
+ cardLabelLink() {
const data = this.currentData();
if (data.mode !== 'card') {
- return createCardLink(this.currentData().activity.card());
+ return createCardLink(data.activity.card());
}
return TAPi18n.__('this-card');
},
@@ -134,11 +136,11 @@ BlazeComponent.extendComponent({
{
href: source.url,
},
- source.system,
+ sanitizeXss(source.system),
),
);
} else {
- return source.system;
+ return sanitizeXss(source.system);
}
}
return null;
@@ -162,10 +164,10 @@ BlazeComponent.extendComponent({
href: attachment.url({ download: true }),
target: '_blank',
},
- attachment.name(),
+ sanitizeXss(attachment.name()),
),
)) ||
- this.currentData().activity.attachmentName
+ sanitizeXss(this.currentData().activity.attachmentName)
);
},
@@ -202,7 +204,14 @@ BlazeComponent.extendComponent({
},
}).register('activity');
+Template.activity.helpers({
+ sanitize(value) {
+ return sanitizeXss(value);
+ },
+});
+
function createCardLink(card) {
+ if (!card) return '';
return (
card &&
Blaze.toHTML(
@@ -211,7 +220,7 @@ function createCardLink(card) {
href: card.absoluteUrl(),
class: 'action-card',
},
- card.title,
+ sanitizeXss(card.title),
),
)
);
@@ -228,7 +237,7 @@ function createBoardLink(board, list) {
href: board.absoluteUrl(),
class: 'action-board',
},
- text,
+ sanitizeXss(text),
),
)
);
diff --git a/client/components/boards/boardHeader.jade b/client/components/boards/boardHeader.jade
index 4c0edac4..1daf0618 100644
--- a/client/components/boards/boardHeader.jade
+++ b/client/components/boards/boardHeader.jade
@@ -99,13 +99,13 @@ template(name="boardHeaderBar")
a.board-header-btn.js-toggle-board-view(
title="{{_ 'board-view'}}")
i.fa.fa-caret-down
- if $eq boardView 'board-view-lists'
- i.fa.fa-trello
if $eq boardView 'board-view-swimlanes'
i.fa.fa-th-large
+ if $eq boardView 'board-view-lists'
+ i.fa.fa-trello
if $eq boardView 'board-view-cal'
i.fa.fa-calendar
- span {{#if boardView}}{{_ boardView}}{{else}}{{_ 'board-view-lists'}}{{/if}}
+ span {{#if boardView}}{{_ boardView}}{{else}}{{_ 'board-view-swimlanes'}}{{/if}}
if canModifyBoard
a.board-header-btn.js-multiselection-activate(
@@ -173,13 +173,6 @@ template(name="boardChangeWatchPopup")
template(name="boardChangeViewPopup")
ul.pop-over-list
li
- with "board-view-lists"
- a.js-open-lists-view
- i.fa.fa-trello.colorful
- | {{_ 'board-view-lists'}}
- if $eq Utils.boardView "board-view-lists"
- i.fa.fa-check
- li
with "board-view-swimlanes"
a.js-open-swimlanes-view
i.fa.fa-th-large.colorful
@@ -187,6 +180,13 @@ template(name="boardChangeViewPopup")
if $eq Utils.boardView "board-view-swimlanes"
i.fa.fa-check
li
+ with "board-view-lists"
+ a.js-open-lists-view
+ i.fa.fa-trello.colorful
+ | {{_ 'board-view-lists'}}
+ if $eq Utils.boardView "board-view-lists"
+ i.fa.fa-check
+ li
with "board-view-cal"
a.js-open-cal-view
i.fa.fa-calendar.colorful
diff --git a/client/components/rules/actions/cardActions.jade b/client/components/rules/actions/cardActions.jade
index c10c4b2b..0840283b 100644
--- a/client/components/rules/actions/cardActions.jade
+++ b/client/components/rules/actions/cardActions.jade
@@ -75,7 +75,7 @@ template(name="cardActions")
button.trigger-button.trigger-button-color.js-show-color-palette(
id="color-action"
class="card-details-{{cardColorButton}}")
- | {{{_ cardColorButtonText }}}
+ | {{_ cardColorButtonText }}
div.trigger-button.js-set-color-action.js-goto-rules
i.fa.fa-plus
diff --git a/client/components/swimlanes/swimlaneHeader.jade b/client/components/swimlanes/swimlaneHeader.jade
index 72a7f054..9228bf75 100644
--- a/client/components/swimlanes/swimlaneHeader.jade
+++ b/client/components/swimlanes/swimlaneHeader.jade
@@ -11,7 +11,8 @@ template(name="swimlaneHeader")
template(name="swimlaneFixedHeader")
.swimlane-header(
class="{{#if currentUser.isBoardMember}}js-open-inlined-form is-editable{{/if}}")
- = title
+ +viewer
+ = title
.swimlane-header-menu
unless currentUser.isCommentOnly
a.fa.fa-plus.js-open-add-swimlane-menu.swimlane-header-plus-icon
diff --git a/client/components/swimlanes/swimlanes.js b/client/components/swimlanes/swimlanes.js
index 753fa88b..afd5da22 100644
--- a/client/components/swimlanes/swimlanes.js
+++ b/client/components/swimlanes/swimlanes.js
@@ -23,8 +23,16 @@ function currentCardIsInThisList(listId, swimlaneId) {
currentCard.listId === listId &&
currentCard.swimlaneId === swimlaneId
);
- // Default view: board-view-lists
- else return currentCard && currentCard.listId === listId;
+ // OLD: Default view: board-view-lists
+ ////else return currentCard && currentCard.listId === listId;
+ // NEW: Default view: board-view-swimlanes
+ else
+ return (
+ currentCard &&
+ currentCard.listId === listId &&
+ currentCard.swimlaneId === swimlaneId
+ );
+
// https://github.com/wekan/wekan/issues/1623
// https://github.com/ChronikEwok/wekan/commit/cad9b20451bb6149bfb527a99b5001873b06c3de
// TODO: In public board, if you would like to switch between List/Swimlane view, you could
diff --git a/client/lib/utils.js b/client/lib/utils.js
index c921fddc..754214c0 100644
--- a/client/lib/utils.js
+++ b/client/lib/utils.js
@@ -6,12 +6,18 @@ Utils = {
currentUser = Meteor.user();
if (currentUser) {
Meteor.user().setBoardView(view);
- } else if (view === 'board-view-lists') {
- cookies.set('boardView', 'board-view-lists'); //true
} else if (view === 'board-view-swimlanes') {
cookies.set('boardView', 'board-view-swimlanes'); //true
+ location.reload();
+ } else if (view === 'board-view-lists') {
+ cookies.set('boardView', 'board-view-lists'); //true
+ location.reload();
} else if (view === 'board-view-cal') {
cookies.set('boardView', 'board-view-cal'); //true
+ location.reload();
+ } else {
+ cookies.set('boardView', 'board-view-swimlanes'); //true
+ location.reload();
}
},
@@ -24,14 +30,16 @@ Utils = {
currentUser = Meteor.user();
if (currentUser) {
return (currentUser.profile || {}).boardView;
- } else if (cookies.get('boardView') === 'board-view-lists') {
- return 'board-view-lists';
} else if (cookies.get('boardView') === 'board-view-swimlanes') {
return 'board-view-swimlanes';
+ } else if (cookies.get('boardView') === 'board-view-lists') {
+ return 'board-view-lists';
} else if (cookies.get('boardView') === 'board-view-cal') {
return 'board-view-cal';
} else {
- return false;
+ cookies.set('boardView', 'board-view-swimlanes'); //true
+ location.reload();
+ return 'board-view-swimlanes';
}
},
generated by cgit v1.2.3-1-g7c22 (git 2.25.1) at 2024-09-25 13:18:55 +0000