XWIKI-11241: Wiki Syntax in categories breaks the category management

xwiki-platform-core/xwiki-platform-blog/xwiki-platform-blog-ui/src/main/resources/Blog/Categories.xml

@@ -50,7 +50,7 @@
 #getCategoriesHierarchy($doc.space $tree)
 #displayCategoriesHierarchyRecursive($tree $doc.fullName 1 'editable')
 #if($xwiki.hasAccessLevel('edit', $xcontext.user, $doc.fullName))
-* (% class="blog-add-category-label" %)[[$services.localization.render('xe.blog.categories.addcategory')>>Blog.ManageCategories?xaction=showAddCategory&parentCategory=${escapetool.url(${doc.fullName})}]](%%)
+* (% class="blog-add-category-label" %)[[$services.localization.render('xe.blog.categories.addcategory')>>Blog.ManageCategories||queryString="xaction=showAddCategory&parentCategory=${escapetool.url(${doc.fullName})}"]](%%)
 ##
 #if("$!{request.xaction}" == 'showAddCategory' && "$!{request.parentCategory}" == ${doc.fullName}) #addCategoryForm() #end
 ##

xwiki-platform-core/xwiki-platform-blog/xwiki-platform-blog-ui/src/main/resources/Blog/CategoriesCode.xml

@@ -263,7 +263,7 @@
   #end
   #foreach($i in [1..$level])*#end ##
 <span class="blog-category-level"><span class="blog-category">##
-<label id='blog_category_${escapetool.xml($name)}' title="#getCategoryDescription($categoryDoc)"><input name="${blogPostClassname}_$!{entryObj.number}_category" value="${escapetool.xml($name)}" type="checkbox"#if($entryObj.getProperty('category').getValue().contains($name)) checked="checked" #end/> #getCategoryName($categoryDoc)</label>##
+<label id='blog_category_$escapetool.xwiki(${escapetool.xml($name)})' title="#getCategoryDescription($categoryDoc)"><input name="${blogPostClassname}_$!{entryObj.number}_category" value="$escapetool.xwiki(${escapetool.xml($name)})" type="checkbox"#if($entryObj.getProperty('category').getValue().contains($name)) checked="checked" #end/> #getCategoryName($categoryDoc)</label>##
 </span>##
 #if($xwiki.hasAccessLevel('edit', $xcontext.user, $doc.fullName) && ("$!{request.xaction}" != "showAddCategory" || "$!{request.parentCategory}" != $name))
 <span class="blog-category-tools">##
@@ -315,12 +315,12 @@
   #set($nameUrl = $escapetool.url($name))
   #foreach($i in [1..$level])*#end ##
 <span class="blog-category-level"><span class="blog-category">##
-<a href="$xwiki.getURL('Blog.CategoryRss', 'view', "xpage=plain&category=$nameUrl")" title="RSS"><img class="icon icon-manage" src="$xwiki.getSkinFile('icons/xwiki/rss-medium.png')" alt="[RSS]"/></a>##
-<span class="wikilink"><a href="$xwiki.getURL($name)">#getCategoryName($xwiki.getDocument($name)) <span class="itemCount">($totalEntries)</span></a></span></span> ##
+<a href="$escapetool.xwiki($xwiki.getURL('Blog.CategoryRss', 'view', "xpage=plain&category=$nameUrl"))" title="RSS"><img class="icon icon-manage" src="$xwiki.getSkinFile('icons/xwiki/rss-medium.png')" alt="[RSS]"/></a>##
+<span class="wikilink"><a href="$escapetool.xwiki($xwiki.getURL($name))">#getCategoryName($xwiki.getDocument($name)) <span class="itemCount">($totalEntries)</span></a></span></span> ##
 <span class="blog-category-tools">##
-#if($xwiki.hasAccessLevel('delete', $xcontext.user, $name) && ("$!{request.xaction}" != 'showRenameCategory' || "$!{request.category}" != $name))<a href="$xwiki.getURL('Blog.ManageCategories', 'view', "xaction=showRenameCategory&category=$nameUrl")" class="tool rename">#toolImage('pencil' 'Rename ')</a>#end ##
-#if($xwiki.hasAccessLevel('edit', $xcontext.user, $doc.fullName) && ("$!{request.xaction}" != "showAddCategory" || "$!{request.parentCategory}" != $name))<a href="$xwiki.getURL('Blog.ManageCategories', 'view', "xaction=showAddCategory&parentCategory=$nameUrl")" class="tool add-subcategory">#toolImage('chart_organisation_add' 'Add a subcategory ')</a> #end ##
-#if($xwiki.hasAccessLevel('delete', $xcontext.user, $name)) <a href="$xwiki.getURL('Blog.ManageCategories', 'view', "xaction=delete&category=$nameUrl&form_token=$!{services.csrf.getToken()}")" class="tool delete">#toolImage('cross' 'Delete ')</a>#end ##
+#if($xwiki.hasAccessLevel('delete', $xcontext.user, $name) && ("$!{request.xaction}" != 'showRenameCategory' || "$!{request.category}" != $name))<a href="$escapetool.xwiki($xwiki.getURL('Blog.ManageCategories', 'view', "xaction=showRenameCategory&category=$nameUrl"))" class="tool rename">#toolImage('pencil' 'Rename ')</a>#end ##
+#if($xwiki.hasAccessLevel('edit', $xcontext.user, $doc.fullName) && ("$!{request.xaction}" != "showAddCategory" || "$!{request.parentCategory}" != $name))<a href="$escapetool.xwiki($xwiki.getURL('Blog.ManageCategories', 'view', "xaction=showAddCategory&parentCategory=$nameUrl"))" class="tool add-subcategory">#toolImage('chart_organisation_add' 'Add a subcategory ')</a> #end ##
+#if($xwiki.hasAccessLevel('delete', $xcontext.user, $name)) <a href="$escapetool.xwiki($xwiki.getURL('Blog.ManageCategories', 'view', "xaction=delete&category=$nameUrl&form_token=$!{services.csrf.getToken()}"))" class="tool delete">#toolImage('cross' 'Delete ')</a>#end ##
 </span>##
 #if($xwiki.hasAccessLevel('edit', $xcontext.user, $doc.fullName) && "$!{request.xaction}" == "showRenameCategory" && "$!{request.category}" == $name) #renameCategoryForm() #end##
 #if($xwiki.hasAccessLevel('edit', $xcontext.user, $doc.fullName) && "$!{request.xaction}" == "showAddCategory" && "$!{request.parentCategory}" == $name) #addCategoryForm() #end##
@@ -337,7 +337,7 @@
  * @param level The depth where this category is in the tree, used for proper indentation.
  *###
 #macro(displayOptionCategory $name $level)
-  <option id="blog_category_${escapetool.xml($name)}_option" value="${escapetool.xml($name)}">#if($level > 1)#foreach($i in [2..$level])  #end#end#getCategoryName($xwiki.getDocument($name))</option>
+  <option id="blog_category_$escapetool.xwiki(${escapetool.xml($name)})_option" value="$escapetool.xwiki(${escapetool.xml($name)})">#if($level > 1)#foreach($i in [2..$level])  #end#end#getCategoryName($xwiki.getDocument($name))</option>
 #end
 ##
 ##
@@ -351,14 +351,14 @@
 #macro(displaySimpleCategory $name $level)
   #getEntriesForCategory($name $discard $totalEntries)
   #set($nameUrl = $escapetool.url($name))
-  #foreach($i in [1..$level])*#end (% class="blog-category-level" %)((( [[#toolImage('bullet_feed', '[RSS]')>>Blog.CategoryRss||queryString="xpage=plain&category=$nameUrl" title="RSS"]] [[#getCategoryName($xwiki.getDocument($name))>>$name]] (% class="itemCount" %)($totalEntries)(%%))))
+  #foreach($i in [1..$level])*#end (% class="blog-category-level" %)((( [[#toolImage('bullet_feed', '[RSS]')>>Blog.CategoryRss||queryString="xpage=plain&category=$nameUrl" title="RSS"]] <span class="wikilink"><a href="$escapetool.xwiki($xwiki.getURL($name))">#getCategoryName($xwiki.getDocument($name)) <span class="itemCount">($totalEntries)</span></a></span>)))
 #end
 ##
 ##
 ##
 #**
  * Prints the name of a category, indicated by its document.
- * The result is XML-escaped
+ * The result is XML-escaped and Wiki syntax escaped.
  * 
  * @param categoryDoc The document containing the category to be displayed.
  *###
@@ -368,8 +368,9 @@
 #if($result == '')
 #set($result = $categoryDoc.name)
 #end
-## this should be a wiki-syntax-escape, see XWIKI-11241
-#set($result = $result.replaceAll('\[\[','~[~['))
+## Escape wiki syntax, if any.
+#set ($result = "$escapetool.xwiki($result)")
+## Escape HTML, if any.
 $escapetool.xml($result)##
 #end
 ##

xwiki-platform-core/xwiki-platform-blog/xwiki-platform-blog-ui/src/main/resources/Blog/CategorySheet.xml

@@ -44,9 +44,10 @@
 {{velocity}}
 #set ($discard = $xwiki.ssx.use("Blog.ManageCategories"))
 #set ($discard = $xwiki.jsx.use("Blog.ManageCategories"))
-#if ($doc.getObject($blogCategoryClassname))
+#set ($obj = $doc.getObject($blogCategoryClassname))
+#if ($obj)
   #getEntriesForCategory($doc.fullName $discard $totalEntries)
-  = Category: #getCategoryName($doc) ($totalEntries posts) [[#toolImage('feed' '[RSS]')>>Blog.CategoryRss||queryString="xpage=plain&category=$escapetool.url($doc.fullName)" title="RSS"]] =
+  = Category: $escapetool.xwiki($obj.getValue('name')) ($totalEntries posts) [[#toolImage('feed' '[RSS]')>>Blog.CategoryRss||queryString="xpage=plain&category=$escapetool.url($doc.fullName)" title="RSS"]] =
   {{html wiki=true}}
   ## Keep testing the inline action for backward compatibility with older categories.
   #if ($xcontext.action != 'edit' && $xcontext.action != 'inline')

xwiki-platform-core/xwiki-platform-blog/xwiki-platform-blog-ui/src/main/resources/Blog/CreatePost.xml

@@ -62,7 +62,7 @@
     <input type="hidden" name="form_token" value="$!{services.csrf.getToken()}" />
     <input type="hidden" name="entrySpace" value="$!{escapetool.xml($space)}"/>
     #if($doc.getObject($blogCategoryClassname))
-      <input type="hidden" name="category" value="${escapetool.xml(${doc.fullName})}"/>
+      <input type="hidden" name="category" value="$escapetool.xwiki(${escapetool.xml(${doc.fullName})})"/>
     #end
     <label class="createPost" for="entryTitle">$services.localization.render('xe.blog.post.createpost') </label><input type="text" id="entryTitle" name="entryTitle" value="$services.localization.render('xe.blog.post.title')" class="withTip" size="30" /> <span class="buttonwrapper"><input type="submit" value="${escapetool.xml($services.localization.render('xe.blog.post.create'))}" class="btn btn-success button"/></span>
   </div>