Changes for page Default Class Sheet
Last modified by Simon Urli on 2023/05/25
Summary
-
Page properties (1 modified, 0 added, 0 removed)
Details
- Page properties
-
- Content
-
... ... @@ -62,6 +62,7 @@ 62 62 {{html}} 63 63 <form action="" id="newdoc" method="post"> 64 64 <div> 65 + <input type="hidden" name="form_token" value="$!{services.csrf.getToken()}" /> 65 65 <input type="hidden" name="parent" value="${defaultParent}"/> 66 66 <input type="hidden" name="template" value="${classTemplateDoc}"/> 67 67 <input type="hidden" name="sheet" value="1"/> ... ... @@ -91,6 +91,7 @@ 91 91 {{html}} 92 92 <form action="$classSheetDoc.getURL('save', 'editor=wiki')" method="post"> 93 93 <div> 95 + <input type="hidden" name="form_token" value="$!{services.csrf.getToken()}" /> 94 94 <input type="hidden" name="parent" value="${doc.fullName}"/> 95 95 <input type="hidden" name="xredirect" value="${doc.URL}"/> 96 96 <input type="hidden" name="content" value="$xwiki.getFormEncoded($xwiki.getDocument('XWiki.ObjectSheet').getContent().replaceAll('XWiki.MyClass', $doc.fullName))"/> ... ... @@ -101,7 +101,7 @@ 101 101 #else 102 102 #if($classSheetExists && !$classSheetDoc.getObject('XWiki.SheetClass')) 103 103 #set($xredirect = $request.getRequestURL()) 104 - #set($createUrl = $classSheetDoc.getURL('objectadd', "classname=XWiki.SheetClass&xredirect=${xredirect}")) 106 + #set($createUrl = $classSheetDoc.getURL('objectadd', "classname=XWiki.SheetClass&xredirect=${xredirect}&form_token=$!{services.csrf.getToken()}")) 105 105 {{warning}} 106 106 The sheet does not contain an object of type //XWiki.SheetClass//. To trigger the inline edit mode automatically, {{html}}<a href="$createUrl">add a SheetClass object to the sheet »</a>.{{/html}} 107 107 {{/warning}} ... ... @@ -118,6 +118,7 @@ 118 118 {{html}} 119 119 <form action="$classTemplateDoc.getURL('save', 'editor=wiki')" method="post"> 120 120 <div> 123 + <input type="hidden" name="form_token" value="$!{services.csrf.getToken()}" /> 121 121 <input type="hidden" name="parent" value="${doc.fullName}"/> 122 122 <input type="hidden" name="xredirect" value="${doc.URL}"/> 123 123 <input type="hidden" name="content" value="$xwiki.getFormEncoded($xwiki.getDocument('XWiki.ObjectTemplate').getContent().replaceAll('XWiki.MySheet', $classSheetDoc.fullName))"/> ... ... @@ -128,7 +128,7 @@ 128 128 #else 129 129 #if($classTemplateExists && !$classTemplateDoc.getObject(${doc.fullName})) 130 130 #set($xredirect = $request.getRequestURL()) 131 - #set($createUrl = $classTemplateDoc.getURL('objectadd', "classname=${doc.fullName}&xredirect=${xredirect}")) 134 + #set($createUrl = $classTemplateDoc.getURL('objectadd', "classname=${doc.fullName}&xredirect=${xredirect}&form_token=$!{services.csrf.getToken()}")) 132 132 {{warning}} 133 133 The template does not contain an object of type //${className}Class//. {{html}}<a href="$createUrl">Add a ${className} object to the template »</a>.{{/html}} 134 134 {{/warning}} ... ... @@ -135,7 +135,7 @@ 135 135 136 136 #end 137 137 [[View the template document (${classTemplateDoc.fullName}) »>>${classTemplateDoc.fullName}]] 138 - 139 139 #end 142 + 140 140 #end ## doc == XWiki.ClassSheet 141 141 {{/velocity}}
