diff options
Diffstat (limited to 'client/components')
-rw-r--r-- | client/components/activities/activities.jade | 56 | ||||
-rw-r--r-- | client/components/activities/activities.js | 27 | ||||
-rw-r--r-- | client/components/boards/boardHeader.jade | 20 | ||||
-rw-r--r-- | client/components/rules/actions/cardActions.jade | 2 | ||||
-rw-r--r-- | client/components/swimlanes/swimlaneHeader.jade | 3 | ||||
-rw-r--r-- | client/components/swimlanes/swimlanes.js | 12 |
6 files changed, 69 insertions, 51 deletions
diff --git a/client/components/activities/activities.jade b/client/components/activities/activities.jade index c86936a0..77acd6a3 100644 --- a/client/components/activities/activities.jade +++ b/client/components/activities/activities.jade @@ -34,38 +34,38 @@ template(name="activity") //- board activity ------------------------------------------------------ if($eq mode 'board') if($eq activity.activityType 'createBoard') - | {{_ 'activity-created' boardLabel}}. + | {{{_ 'activity-created' boardLabelLink}}}. if($eq activity.activityType 'importBoard') - | {{{_ 'activity-imported-board' boardLabel sourceLink}}}. + | {{{_ 'activity-imported-board' boardLabelLink sourceLink}}}. if($eq activity.activityType 'addBoardMember') - | {{{_ 'activity-added' memberLink boardLabel}}}. + | {{{_ 'activity-added' memberLink boardLabelLink}}}. if($eq activity.activityType 'removeBoardMember') - | {{{_ 'activity-excluded' memberLink boardLabel}}}. + | {{{_ 'activity-excluded' memberLink boardLabelLink}}}. //- card activity ------------------------------------------------------- if($eq activity.activityType 'createCard') if($eq mode 'card') - | {{{_ 'activity-added' cardLabel activity.listName}}}. + | {{{_ 'activity-added' cardLabelLink (sanitize activity.listName)}}}. else - | {{{_ 'activity-added' cardLabel boardLabel}}}. + | {{{_ 'activity-added' cardLabelLink boardLabelLink}}}. if($eq activity.activityType 'importCard') - | {{{_ 'activity-imported' cardLink boardLabel sourceLink}}}. + | {{{_ 'activity-imported' cardLink boardLabelLink sourceLink}}}. if($eq activity.activityType 'moveCard') - | {{{_ 'activity-moved' cardLabel activity.oldList.title activity.list.title}}}. + | {{{_ 'activity-moved' cardLabelLink (sanitize activity.oldList.title) (sanitize activity.list.title)}}}. if($eq activity.activityType 'moveCardBoard') - | {{{_ 'activity-moved' cardLink activity.oldBoardName activity.boardName}}}. + | {{{_ 'activity-moved' cardLink (sanitize activity.oldBoardName) (sanitize activity.boardName)}}}. if($eq activity.activityType 'archivedCard') | {{{_ 'activity-archived' cardLink}}}. if($eq activity.activityType 'restoredCard') - | {{{_ 'activity-sent' cardLink boardLabel}}}. + | {{{_ 'activity-sent' cardLink boardLabelLink}}}. //- checklist activity -------------------------------------------------- if($eq activity.activityType 'addChecklist') @@ -83,25 +83,25 @@ template(name="activity") | {{{_ 'activity-checklist-removed' cardLink}}}. if($eq activity.activityType 'completeChecklist') - | {{{_ 'activity-checklist-completed' activity.checklist.title cardLink}}}. + | {{{_ 'activity-checklist-completed' (sanitize activity.checklist.title) cardLink}}}. if($eq activity.activityType 'uncompleteChecklist') - | {{{_ 'activity-checklist-uncompleted' activity.checklist.title cardLink}}}. + | {{{_ 'activity-checklist-uncompleted' (sanitize activity.checklist.title) cardLink}}}. if($eq activity.activityType 'checkedItem') - | {{{_ 'activity-checked-item' checkItem activity.checklist.title cardLink}}}. + | {{{_ 'activity-checked-item' (sanitize checkItem) (sanitize activity.checklist.title) cardLink}}}. if($eq activity.activityType 'uncheckedItem') - | {{{_ 'activity-unchecked-item' checkItem activity.checklist.title cardLink}}}. + | {{{_ 'activity-unchecked-item' (sanitize checkItem) (sanitize activity.checklist.title) cardLink}}}. if($eq activity.activityType 'addChecklistItem') - | {{{_ 'activity-checklist-item-added' activity.checklist.title cardLink}}}. + | {{{_ 'activity-checklist-item-added' (sanitize activity.checklist.title) cardLink}}}. .activity-checklist(href="{{ activity.card.absoluteUrl }}") +viewer = activity.checklistItem.title if($eq activity.activityType 'removedChecklistItem') - | {{{_ 'activity-checklist-item-removed' activity.checklist.title cardLink}}}. + | {{{_ 'activity-checklist-item-removed' (sanitize activity.checklist.title) cardLink}}}. //- comment activity ---------------------------------------------------- if($eq mode 'card') @@ -143,31 +143,31 @@ template(name="activity") | {{_ 'activity-customfield-created' customField}}. if($eq activity.activityType 'setCustomField') - | {{{_ 'activity-set-customfield' lastCustomField lastCustomFieldValue cardLink}}}. + | {{{_ 'activity-set-customfield' (sanitize lastCustomField) (sanitize lastCustomFieldValue) cardLink}}}. if($eq activity.activityType 'unsetCustomField') - | {{{_ 'activity-unset-customfield' lastCustomField cardLink}}}. + | {{{_ 'activity-unset-customfield' (sanitize lastCustomField) cardLink}}}. //- label activity ------------------------------------------------------ if($eq activity.activityType 'addedLabel') - | {{{_ 'activity-added-label' lastLabel cardLink}}}. + | {{{_ 'activity-added-label' (sanitize lastLabel) cardLink}}}. if($eq activity.activityType 'removedLabel') - | {{{_ 'activity-removed-label' lastLabel cardLink}}}. + | {{{_ 'activity-removed-label' (sanitize lastLabel) cardLink}}}. //- list activity ------------------------------------------------------- if($neq mode 'card') if($eq activity.activityType 'createList') - | {{{_ 'activity-added' listLabel boardLabel}}}. + | {{{_ 'activity-added' (sanitize listLabel) boardLabelLink}}}. if($eq activity.activityType 'importList') - | {{{_ 'activity-imported' listLabel boardLabel sourceLink}}}. + | {{{_ 'activity-imported' (sanitize listLabel) boardLabelLink sourceLink}}}. if($eq activity.activityType 'removeList') - | {{{_ 'activity-removed' activity.title boardLabel}}}. + | {{{_ 'activity-removed' (sanitize activity.title) boardLabelLink}}}. if($eq activity.activityType 'archivedList') - | {{_ 'activity-archived' listLabel}}. + | {{_ 'activity-archived' (sanitize listLabel)}}. //- member activity ---------------------------------------------------- if($eq activity.activityType 'joinMember') @@ -185,15 +185,15 @@ template(name="activity") //- swimlane activity -------------------------------------------------- if($neq mode 'card') if($eq activity.activityType 'createSwimlane') - | {{{_ 'activity-added' activity.swimlane.title boardLabel}}}. + | {{_ 'activity-added' (sanitize activity.swimlane.title) boardLabelLink}}. if($eq activity.activityType 'archivedSwimlane') - | {{_ 'activity-archived' activity.swimlane.title}}. + | {{_ 'activity-archived' (sanitize activity.swimlane.title)}}. //- I don't understand this part ---------------------------------------- if(currentData.timeKey) - | {{{_ activity.activityType }}} + | {{_ activity.activityType }} = ' ' i(title=currentData.timeValue).activity-meta {{ moment currentData.timeValue 'LLL' }} if (currentData.timeOldValue) @@ -203,6 +203,6 @@ template(name="activity") i(title=currentData.timeOldValue).activity-meta {{ moment currentData.timeOldValue 'LLL' }} = ' @' else if(currentData.timeValue) - | {{{_ activity.activityType currentData.timeValue}}} + | {{_ activity.activityType currentData.timeValue}} span(title=activity.createdAt).activity-meta {{ moment activity.createdAt }} diff --git a/client/components/activities/activities.js b/client/components/activities/activities.js index 5d356f6e..23ab70ed 100644 --- a/client/components/activities/activities.js +++ b/client/components/activities/activities.js @@ -1,3 +1,5 @@ +import sanitizeXss from 'xss'; + const activitiesPerPage = 20; BlazeComponent.extendComponent({ @@ -57,7 +59,7 @@ BlazeComponent.extendComponent({ return checkItem && checkItem.title; }, - boardLabel() { + boardLabelLink() { const data = this.currentData(); if (data.mode !== 'board') { return createBoardLink(data.activity.board(), data.activity.listName); @@ -65,10 +67,10 @@ BlazeComponent.extendComponent({ return TAPi18n.__('this-board'); }, - cardLabel() { + cardLabelLink() { const data = this.currentData(); if (data.mode !== 'card') { - return createCardLink(this.currentData().activity.card()); + return createCardLink(data.activity.card()); } return TAPi18n.__('this-card'); }, @@ -134,11 +136,11 @@ BlazeComponent.extendComponent({ { href: source.url, }, - source.system, + sanitizeXss(source.system), ), ); } else { - return source.system; + return sanitizeXss(source.system); } } return null; @@ -162,10 +164,10 @@ BlazeComponent.extendComponent({ href: attachment.url({ download: true }), target: '_blank', }, - attachment.name(), + sanitizeXss(attachment.name()), ), )) || - this.currentData().activity.attachmentName + sanitizeXss(this.currentData().activity.attachmentName) ); }, @@ -202,7 +204,14 @@ BlazeComponent.extendComponent({ }, }).register('activity'); +Template.activity.helpers({ + sanitize(value) { + return sanitizeXss(value); + }, +}); + function createCardLink(card) { + if (!card) return ''; return ( card && Blaze.toHTML( @@ -211,7 +220,7 @@ function createCardLink(card) { href: card.absoluteUrl(), class: 'action-card', }, - card.title, + sanitizeXss(card.title), ), ) ); @@ -228,7 +237,7 @@ function createBoardLink(board, list) { href: board.absoluteUrl(), class: 'action-board', }, - text, + sanitizeXss(text), ), ) ); diff --git a/client/components/boards/boardHeader.jade b/client/components/boards/boardHeader.jade index 4c0edac4..1daf0618 100644 --- a/client/components/boards/boardHeader.jade +++ b/client/components/boards/boardHeader.jade @@ -99,13 +99,13 @@ template(name="boardHeaderBar") a.board-header-btn.js-toggle-board-view( title="{{_ 'board-view'}}") i.fa.fa-caret-down - if $eq boardView 'board-view-lists' - i.fa.fa-trello if $eq boardView 'board-view-swimlanes' i.fa.fa-th-large + if $eq boardView 'board-view-lists' + i.fa.fa-trello if $eq boardView 'board-view-cal' i.fa.fa-calendar - span {{#if boardView}}{{_ boardView}}{{else}}{{_ 'board-view-lists'}}{{/if}} + span {{#if boardView}}{{_ boardView}}{{else}}{{_ 'board-view-swimlanes'}}{{/if}} if canModifyBoard a.board-header-btn.js-multiselection-activate( @@ -173,13 +173,6 @@ template(name="boardChangeWatchPopup") template(name="boardChangeViewPopup") ul.pop-over-list li - with "board-view-lists" - a.js-open-lists-view - i.fa.fa-trello.colorful - | {{_ 'board-view-lists'}} - if $eq Utils.boardView "board-view-lists" - i.fa.fa-check - li with "board-view-swimlanes" a.js-open-swimlanes-view i.fa.fa-th-large.colorful @@ -187,6 +180,13 @@ template(name="boardChangeViewPopup") if $eq Utils.boardView "board-view-swimlanes" i.fa.fa-check li + with "board-view-lists" + a.js-open-lists-view + i.fa.fa-trello.colorful + | {{_ 'board-view-lists'}} + if $eq Utils.boardView "board-view-lists" + i.fa.fa-check + li with "board-view-cal" a.js-open-cal-view i.fa.fa-calendar.colorful diff --git a/client/components/rules/actions/cardActions.jade b/client/components/rules/actions/cardActions.jade index c10c4b2b..0840283b 100644 --- a/client/components/rules/actions/cardActions.jade +++ b/client/components/rules/actions/cardActions.jade @@ -75,7 +75,7 @@ template(name="cardActions") button.trigger-button.trigger-button-color.js-show-color-palette( id="color-action" class="card-details-{{cardColorButton}}") - | {{{_ cardColorButtonText }}} + | {{_ cardColorButtonText }} div.trigger-button.js-set-color-action.js-goto-rules i.fa.fa-plus diff --git a/client/components/swimlanes/swimlaneHeader.jade b/client/components/swimlanes/swimlaneHeader.jade index 72a7f054..9228bf75 100644 --- a/client/components/swimlanes/swimlaneHeader.jade +++ b/client/components/swimlanes/swimlaneHeader.jade @@ -11,7 +11,8 @@ template(name="swimlaneHeader") template(name="swimlaneFixedHeader") .swimlane-header( class="{{#if currentUser.isBoardMember}}js-open-inlined-form is-editable{{/if}}") - = title + +viewer + = title .swimlane-header-menu unless currentUser.isCommentOnly a.fa.fa-plus.js-open-add-swimlane-menu.swimlane-header-plus-icon diff --git a/client/components/swimlanes/swimlanes.js b/client/components/swimlanes/swimlanes.js index 753fa88b..afd5da22 100644 --- a/client/components/swimlanes/swimlanes.js +++ b/client/components/swimlanes/swimlanes.js @@ -23,8 +23,16 @@ function currentCardIsInThisList(listId, swimlaneId) { currentCard.listId === listId && currentCard.swimlaneId === swimlaneId ); - // Default view: board-view-lists - else return currentCard && currentCard.listId === listId; + // OLD: Default view: board-view-lists + ////else return currentCard && currentCard.listId === listId; + // NEW: Default view: board-view-swimlanes + else + return ( + currentCard && + currentCard.listId === listId && + currentCard.swimlaneId === swimlaneId + ); + // https://github.com/wekan/wekan/issues/1623 // https://github.com/ChronikEwok/wekan/commit/cad9b20451bb6149bfb527a99b5001873b06c3de // TODO: In public board, if you would like to switch between List/Swimlane view, you could |