hyde_admin 0.0.3 → 0.0.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 1a05ad4bb0704e1175cd5ed0393ae09181a0241dd423add001cd7ef4cc365ed2
-  data.tar.gz: 1db71be2ffc12226a0c10fb66751311e4bd6b8d795aa3bccf4dcc9da5993e557
+  metadata.gz: cb95670b96fd382d5e1f1ae437e50b055de1e1196192cb5438cb8a5b9da2a553
+  data.tar.gz: f2febcd67319f60a862b79e88e06290df9495dd2388d85900e38eb9486c76f50
 SHA512:
-  metadata.gz: '0902597c60ffe712e999a065655ad6034f3d9e2b62f129b815e2139ef684d0f565f08d0fda4ad2f59b85a182da93f0d730dcfbad99128521befe593d266cd21e'
-  data.tar.gz: 8926be4affe34325d115ccf1788609fc46a7770a770233944a425a2a054870b501861601eaf232ab73f2ac48741068b611ec59e3535035010513917b3c9d857d
+  metadata.gz: fb71c84a6420d278a484fb14a08ff24d155c926140838c243ba9fdd8df8d0495ed5d182fd12b58c9e5ab2981adbeaacb053e0f9e40f16f30ca812b564d7bde51
+  data.tar.gz: cac253c8000aa874cd925df410d3d4174032c573ffe3d359d7f09128d129be23e7a4d8b76c23354f3ef62b4074f6ae5df8af80b64ec133150228b715fab28f7f

data/CHANGELOG.md

@@ -1,3 +1,9 @@
+# 0.0.4
+
+Correct images selector
+Some refactoring
+Escape translations
+
 # 0.0.3
 
 Bugfix (see commits)

data/TODO.md

@@ -1 +1,3 @@
-Overview btn for posts/drafts/pages (save && rebuild && open in new tab)
+Overview btn for posts/drafts/pages (save && rebuild && open in new tab)
+See TINYmce for wysiwyg editor
+Add defaults class for images injected by editor

data/bin/admin_views/admin_layout.html.erb

@@ -35,7 +35,7 @@
               <li class="nav-item">
                 <a class="nav-link active" aria-current="page" href="/<%= @hyde_parameters['site_index'] %>">
                   <span data-feather="home" class="fas fa-eye"></span>
-                  <%= t.overview.capitalize %>
+                  <%= EscapeUtils.escape_html t.overview.capitalize %>
                 </a>
               </li>
               <li class="nav-item">
@@ -43,52 +43,52 @@
               <li class="nav-item">
                 <a class="nav-link active" aria-current="page" href="/dashboard">
                   <span data-feather="home" class="fas fa-tachometer-alt"></span>
-                  <%= t.dashboard.capitalize %>
+                  <%= EscapeUtils.escape_html t.dashboard.capitalize %>
                 </a>
               </li>
               <li class="nav-item">
                 <a class="nav-link" href="/pages/index">
                   <span data-feather="file" class="fas fa-file"></span>
-                  <%= t.pages.capitalize %>
+                  <%= EscapeUtils.escape_html t.pages.capitalize %>
                 </a>
               </li>
               <li class="nav-item">
                 <a class="nav-link" href="/drafts/index">
                   <span data-feather="shopping-cart" class="fas fa-file"></span>
-                  <%= t.drafts.capitalize %>
+                  <%= EscapeUtils.escape_html t.drafts.capitalize %>
                 </a>
               </li>
               <li class="nav-item">
                 <a class="nav-link" href="/posts/index">
                   <span data-feather="users" class="fas fa-file"></span>
-                  <%= t.posts.capitalize %>
+                  <%= EscapeUtils.escape_html t.posts.capitalize %>
                 </a>
               </li>
               <li class="nav-item"></li>
               <li class="nav-item">
                 <a class="nav-link" href="/files/index">
                   <span data-feather="users" class="fas fa-copy"></span>
-                  <%= t.files.capitalize %>
+                  <%= EscapeUtils.escape_html t.files.capitalize %>
                 </a>
               </li>
               <li class="nav-item"></li>
               <li class="nav-item">
                 <a class="nav-link active" aria-current="page" href="/rebuild" id="btn-rebuild">
                   <span data-feather="home" class="fas fa-hammer"></span>
-                  <%= t.rebuild.capitalize %>
+                  <%= EscapeUtils.escape_html t.rebuild.capitalize %>
                 </a>
               </li>
               <li class="nav-item">
                 <a class="nav-link active" aria-current="page" href="/deploy" id="btn-deploy">
                   <span data-feather="home" class="fas fa-cloud-upload-alt"></span>
-                  <%= t.deploy.capitalize %>
+                  <%= EscapeUtils.escape_html t.deploy.capitalize %>
                 </a>
               </li>
               <li class="nav-item"></li>
               <li class="nav-item">
                 <a class="nav-link" href="/configuration">
                   <span data-feather="layers" class="fas fa-tools"></span>
-                  <%= t.configuration.capitalize %>
+                  <%= EscapeUtils.escape_html t.configuration.capitalize %>
                 </a>
               </li>
             </ul>
@@ -125,19 +125,46 @@
         <div class="modal-content">
           <div class="modal-header">
             <h5 class="modal-title">Images</h5>
-            <button type="button" class="close" data-dismiss="modal" aria-label="Close">
+            <!--
+            <button type="button" class="btn btn-default close" data-dismiss="modal" aria-label="Close">
               <span aria-hidden="true">&times;</span>
             </button>
+            -->
           </div>
-          <div class="modal-body modal-body-image">
-            <% path_of_images = File.join(Dir.pwd, @hyde_parameters['images_path'], "**") %>
-            <% $stderr.puts(path_of_images) %>
-            <% Dir.glob(path_of_images)[(@page || 0) * 9, ((@page || 0) + 1) * 9 ].each do |img| %>
-              <% img = img.gsub(Dir.pwd, "") %>
-              <div class="image-element">
-                <img src="<%= img %>" alt="<%= img %>">
+          <div class="modal-body">
+            <div>
+              <div class="image-selector-search d-block" data-page="0">
+                <form action="" class="form-inline">
+                  <div class="form-group mb-2">
+                    <label for="inputPassword2" class="sr-only"><%= EscapeUtils.escape_html t.sort_by_date %></label>
+                    <label>
+                      <input class="form-check-input" type="radio" name="sort_date" value="asc"> <%= EscapeUtils.escape_html t.older %>
+                    </label>
+                    &nbsp;&nbsp;&nbsp;
+                    <label>
+                      <input class="form-check-input" type="radio" name="sort_date" value="desc"> <%= EscapeUtils.escape_html t.newer %>
+                    </label>
+                  </div>
+                  <div class="form-group mb-2">
+                    <label for="inputFilename" class="sr-only"><%= EscapeUtils.escape_html t.filename %></label>
+                    <input type="text" class="form-control" name="filename" id="inputFilename" placeholder="Filename...">
+                  </div>
+                  <button type="submit" class="btn btn-primary image-selector-search-submit d-block mb-2"><%= EscapeUtils.escape_html t.search %></button>
+                </form>
               </div>
-            <% end %>
+              <div class="image-selector-content">
+                <% path = File.join(Pathname.new(App.gem_source_path), 'admin_views', 'partials', 'images_page.html.erb') %>
+                <%= ERB.new(File.read(path)).result(binding) %>
+              </div>
+              <div class="image-selector-page">
+                <a href="#" title="<%= EscapeUtils.escape_html t.previous_images %>" class="btn btn-secondary image-selector-page-prev">
+                  <i class="fas fa-chevron-left"></i>
+                </a>
+                <a href="#" title="<%= EscapeUtils.escape_html t.next_images %>"class="btn btn-secondary image-selector-page-next">
+                  <i class="fas fa-chevron-right"></i>
+                </a>
+              </div>
+            </div>
           </div>
         </div>
       </div>
@@ -154,6 +181,38 @@
         });
       }
       <% end %>
+
+      function search(offset_page){
+          let sort_date = $('.image-selector-search input[name=sort_date]:checked').val();
+          let filename = $('.image-selector-search input[name=filename]').val();
+          let page = $('.image-selector-search').attr('data-page');
+          let new_page = parseInt(page) + offset_page;
+
+          if(new_page < 0){
+              new_page = 0;
+          }
+
+          $.post( "/ajax/images", { sort_date: sort_date, filename: filename, page: new_page })
+              .done(function( data ) {
+                  $('.image-selector-content').html(data);
+              });
+
+          $('.image-selector-search').attr('data-page', new_page);
+          return false;
+      }
+
+      $(document).on('click', '.image-selector-search-submit', function(){
+          search(0);
+          return false;
+      });
+      $(document).on('click', '.image-selector-page-prev', function(){
+          search(-1);
+          return false;
+      });
+      $(document).on('click', '.image-selector-page-next', function(){
+          search(1);
+          return false;
+      });
     </script>
     <script src="/fslightbox/fslightbox.js"></script>
   </body>

data/bin/admin_views/configuration.erb

@@ -1,13 +1,13 @@
-<h2><%= t.configuration.capitalize %></h2>
+<h2><%= EscapeUtils.escape_html t.configuration.capitalize %></h2>
 
 <form action="/configuration" method="post">
   <% @hyde_parameters.each_pair do |setting, value| %>
     <div class="mb-3">
-      <label for="i-<%= setting %>" class="form-label"><%= t.send(setting).capitalize %></label>
+      <label for="i-<%= setting %>" class="form-label"><%= EscapeUtils.escape_html t.send(setting).capitalize %></label>
       <input type="text" class="form-control" value="<%= value %>" name="<%= setting %>" id="i-<%= setting %>">
-      <div id="i-<%= setting %>-help" class="form-text"><%= t.send("help_#{setting}").capitalize %></div>
+      <div id="i-<%= setting %>-help" class="form-text"><%= EscapeUtils.escape_html t.send("help_#{setting}").capitalize %></div>
     </div>
   <% end %>
-  <button type="submit" class="btn btn-primary"><%= t.submit.capitalize %></button>
+  <button type="submit" class="btn btn-primary"><%= EscapeUtils.escape_html t.submit.capitalize %></button>
 </form>
 

data/bin/admin_views/dashboard.erb

@@ -1 +1 @@
-<h2><%= t.dashboard.capitalize %></h2>
+<h2><%= EscapeUtils.escape_html t.dashboard.capitalize %></h2>

data/bin/admin_views/editor_html.erb

@@ -1,24 +1,24 @@
 <div class="codemirror-toolbar btn-toolbar" role="toolbar">
   <div class="btn-group mr-2" role="group" aria-label="Undo/redo">
-    <button type="button" class="btn btn-light"><i class="fas fa-undo-alt" title="<%= t.editor_undo %>"></i></button>
-    <button type="button" class="btn btn-light"><i class="fas fa-redo-alt" title="<%= t.editor_redo %>"></i></button>
+    <button type="button" class="btn btn-light"><i class="fas fa-undo-alt" title="<%= EscapeUtils.escape_html t.editor_undo %>"></i></button>
+    <button type="button" class="btn btn-light"><i class="fas fa-redo-alt" title="<%= EscapeUtils.escape_html t.editor_redo %>"></i></button>
   </div>
   <div class="btn-group mr-2" role="group" aria-label="Structural tags">
-    <button type="button" class="btn btn-light"><i class="fas fa-file-image" title="<%= t.editor_file %>"></i></button>
-    <button type="button" class="btn btn-light"><i class="fas fa-list cmt-replace" title="<%= t.editor_list %>"></i></button>
-    <button type="button" class="btn btn-light"><i class="fas fa-list-ol cmt-replace" title="<%= t.editor_list_ol %>"></i></button>
-    <button type="button" class="btn btn-light"><i class="fas fa-link cmt-replace" title="<%= t.editor_link %>"></i></button>
-    <button type="button" class="btn btn-light"><i class="fas fa-quote-left cmt-replace" title="<%= t.editor_quote %>"></i></button>
+    <button type="button" class="btn btn-light"><i class="fas fa-file-image" title="<%= EscapeUtils.escape_html t.editor_file %>"></i></button>
+    <button type="button" class="btn btn-light"><i class="fas fa-list cmt-replace" title="<%= EscapeUtils.escape_html t.editor_list %>"></i></button>
+    <button type="button" class="btn btn-light"><i class="fas fa-list-ol cmt-replace" title="<%= EscapeUtils.escape_html t.editor_list_ol %>"></i></button>
+    <button type="button" class="btn btn-light"><i class="fas fa-link cmt-replace" title="<%= EscapeUtils.escape_html t.editor_link %>"></i></button>
+    <button type="button" class="btn btn-light"><i class="fas fa-quote-left cmt-replace" title="<%= EscapeUtils.escape_html t.editor_quote %>"></i></button>
   </div>
   <div class="btn-group mr-2" role="group" aria-label="Style tags">
-    <button type="button" class="btn btn-light"><i class="fas fa-heading cmt-heading-1" title="<%= t.editor_title_h1 %>">1</i></button>
-    <button type="button" class="btn btn-light"><i class="fas fa-heading cmt-heading-2" title="<%= t.editor_title_h2 %>">2</i></button>
-    <button type="button" class="btn btn-light"><i class="fas fa-heading cmt-heading-3" title="<%= t.editor_title_h3 %>">3</i></button>
-    <button type="button" class="btn btn-light"><i class="fas fa-heading cmt-heading-4" title="<%= t.editor_title_h4 %>">4</i></button>
-    <button type="button" class="btn btn-light"><i class="fas fa-heading cmt-heading-5" title="<%= t.editor_title_h5 %>">5</i></button>
-    <button type="button" class="btn btn-light"><i class="fas fa-underline cmt-replace" title="<%= t.editor_underline %>"></i></button>
-    <button type="button" class="btn btn-light"><i class="fas fa-bold cmt-replace" title="<%= t.editor_bold %>"></i></button>
-    <button type="button" class="btn btn-light"><i class="fas fa-italic cmt-replace" title="<%= t.editor_italic %>"></i></button>
-    <button type="button" class="btn btn-light"><i class="fas fa-strikethrough cmt-replace" title="<%= t.editor_strikethrough %>"></i></button>
+    <button type="button" class="btn btn-light"><i class="fas fa-heading cmt-heading-1" title="<%= EscapeUtils.escape_html t.editor_title_h1 %>">1</i></button>
+    <button type="button" class="btn btn-light"><i class="fas fa-heading cmt-heading-2" title="<%= EscapeUtils.escape_html t.editor_title_h2 %>">2</i></button>
+    <button type="button" class="btn btn-light"><i class="fas fa-heading cmt-heading-3" title="<%= EscapeUtils.escape_html t.editor_title_h3 %>">3</i></button>
+    <button type="button" class="btn btn-light"><i class="fas fa-heading cmt-heading-4" title="<%= EscapeUtils.escape_html t.editor_title_h4 %>">4</i></button>
+    <button type="button" class="btn btn-light"><i class="fas fa-heading cmt-heading-5" title="<%= EscapeUtils.escape_html t.editor_title_h5 %>">5</i></button>
+    <button type="button" class="btn btn-light"><i class="fas fa-underline cmt-replace" title="<%= EscapeUtils.escape_html t.editor_underline %>"></i></button>
+    <button type="button" class="btn btn-light"><i class="fas fa-bold cmt-replace" title="<%= EscapeUtils.escape_html t.editor_bold %>"></i></button>
+    <button type="button" class="btn btn-light"><i class="fas fa-italic cmt-replace" title="<%= EscapeUtils.escape_html t.editor_italic %>"></i></button>
+    <button type="button" class="btn btn-light"><i class="fas fa-strikethrough cmt-replace" title="<%= EscapeUtils.escape_html t.editor_strikethrough %>"></i></button>
   </div>
 </div>

data/bin/admin_views/editor_js.erb

@@ -8,9 +8,9 @@ $(document).on('click', '.codemirror-toolbar .fa-file-image', function(){
   $('.modal-image').modal('show');
 });
 $(document).on('click', '.modal-image img', function(){
-  let img_src = '<img src="' + $(this).attr('src') + '" alt="<%= t.default_alt_img %>" title="<%= t.default_title_img %>" />';
+  let img_src = '<img src="' + $(this).attr('src') + '" alt="<%= EscapeUtils.escape_html t.default_alt_img %>" title="<%= EscapeUtils.escape_html t.default_title_img %>" />';
   if(window.mode_markdown){
-    img_src = '![<%= t.default_alt_img %>](' + $(this).attr('src') + ')';
+    img_src = '![<%= EscapeUtils.escape_html t.default_alt_img %>](' + $(this).attr('src') + ')';
   }
   window.myCodeMirror.replaceSelection(img_src);
   $('.modal-image').modal('hide');

data/bin/admin_views/files/edit.erb

@@ -1,30 +1,30 @@
-<h2><%= t.edit.capitalize %></h2>
+<h2><%= EscapeUtils.escape_html t.edit.capitalize %></h2>
 
 <form action="/files/update?file=<%= @file %>" method="post">
   <% if @has_header %>
     <div class="mb-3">
-      <label for="i-header" class="form-label"><%= t.header.capitalize %></label>
+      <label for="i-header" class="form-label"><%= EscapeUtils.escape_html t.header.capitalize %></label>
       <textarea class="form-control text-editor" id="i-header" rows="3" name="header" style="font-family: <%= (['.html', '.xml', '.yml', '.js', '.md'].include?(File.extname(@file)) ? 'monospace' : 'inherit') %>"><%= @header %></textarea>
     </div>
   <% end %>
   <div class="mb-3">
-    <label for="i-content" class="form-label"><%= t.content.capitalize %>
+    <label for="i-content" class="form-label"><%= EscapeUtils.escape_html t.content.capitalize %>
       <% if ['.html','.md'].include?(File.extname(@file)) %>
         <a href="https://jekyllrb.com/docs/liquid/" class="text-secondary" target="_blank"><i class="fas fa-question-circle"></i></a>
       <% end %>
     </label>
 
     <% if @has_editor %>
-      <% path = File.join(Pathname.new(File.dirname(__FILE__)).parent, 'editor_html.erb') %>
+      <% path = File.join(Pathname.new(App.gem_source_path), 'admin_views', 'editor_html.erb') %>
       <%= ERB.new(File.read(path)).result(binding) %>
     <% end %>
 
   <textarea class="form-control text-editor" id="i-content" rows="3" name="content" style="font-family: <%= (['.html', '.xml', '.yml', '.js', '.md'].include?(File.extname(@file)) ? 'monospace' : 'inherit') %>"><%= @content %></textarea>
 
     <script type="text/javascript" charset="utf-8">
-        <% path = File.join(Pathname.new(File.dirname(__FILE__)).parent, 'editor_js.erb') %>
+        <% path = File.join(Pathname.new(App.gem_source_path), 'admin_views', 'editor_js.erb') %>
         <%= ERB.new(File.read(path)).result(binding) %>
     </script>
   </div>
-  <button type="submit" class="btn btn-primary"><%= t.submit.capitalize %></button>
+  <button type="submit" class="btn btn-primary"><%= EscapeUtils.escape_html t.submit.capitalize %></button>
 </form>

data/bin/admin_views/files/listing.erb

@@ -1,4 +1,4 @@
-<h2><%= t.files.capitalize %></h2>
+<h2><%= EscapeUtils.escape_html t.files.capitalize %></h2>
 
 <div class="row g-3">
   <div class="col-auto">
@@ -8,7 +8,7 @@
           <input type="file" multiple name="files[]" class="form-control">
         </div>
         <div class="col-auto">
-          <button type="submit" class="btn btn-outline-secondary"><i class="fa fa-plus" title="<%= t.create.capitalize %>"></i> <%= t.upload %></button>
+          <button type="submit" class="btn btn-outline-secondary"><i class="fa fa-plus" title="<%= EscapeUtils.escape_html t.create.capitalize %>"></i> <%= EscapeUtils.escape_html t.upload %></button>
         </div>
       </div>
     </form>
@@ -19,10 +19,10 @@
     <form method="post" action="/files/create_dir?dir_path=<%= @dir_path %>">
       <div class="row g-2 align-items-center">
         <div class="col-auto">
-          <input type="text" name="directory_name" class="form-control" placeholder="<%= t.directory_input_placeholder %>">
+          <input type="text" name="directory_name" class="form-control" placeholder="<%= EscapeUtils.escape_html t.directory_input_placeholder %>">
         </div>
         <div class="col-auto">
-          <button type="submit" class="btn btn-outline-secondary"><i class="fa fa-plus" title="<%= t.create.capitalize %>"></i> <%= t.create %></button>
+          <button type="submit" class="btn btn-outline-secondary"><i class="fa fa-plus" title="<%= EscapeUtils.escape_html t.create.capitalize %>"></i> <%= EscapeUtils.escape_html t.create %></button>
         </div>
       </div>
     </form>
@@ -33,10 +33,10 @@
     <form method="post" action="/files/create_file?dir_path=<%= @dir_path %>">
       <div class="row g-2 align-items-center">
         <div class="col-auto">
-          <input type="text" name="file_name" class="form-control" placeholder="<%= t.file_input_placeholder %>">
+          <input type="text" name="file_name" class="form-control" placeholder="<%= EscapeUtils.escape_html t.file_input_placeholder %>">
         </div>
         <div class="col-auto">
-          <button type="submit" class="btn btn-outline-secondary"><i class="fa fa-plus" title="<%= t.create.capitalize %>"></i> <%= t.create %></button>
+          <button type="submit" class="btn btn-outline-secondary"><i class="fa fa-plus" title="<%= EscapeUtils.escape_html t.create.capitalize %>"></i> <%= EscapeUtils.escape_html t.create %></button>
         </div>
       </div>
     </form>
@@ -49,20 +49,20 @@
   <table class="table table-striped table-sm">
     <tr>
       <th>
-        <%= t.file.capitalize %>
+        <%= EscapeUtils.escape_html t.file.capitalize %>
       </th>
       <th class="text-center">
-        <%= t.edit.capitalize %>
+        <%= EscapeUtils.escape_html t.edit.capitalize %>
       </th>
       <th class="text-center">
-        <%= t.delete.capitalize %>
+        <%= EscapeUtils.escape_html t.delete.capitalize %>
       </th>
     </tr>
     <% if @parent_dir %>
       <tr>
         <td colspan="3">
           <i class="fas fa-folder"></i>
-          <a href="/files/index?dir_path=<%= File.dirname(@dir_path) %>">[<%= t.parent_dir.capitalize %>]</a>
+          <a href="/files/index?dir_path=<%= File.dirname(@dir_path) %>">[<%= EscapeUtils.escape_html t.parent_dir.capitalize %>]</a>
         </td>
       </tr>
     <% end %>
@@ -95,13 +95,13 @@
         </td>
         <td class="text-center">
           <% if !File.directory?(f) %>
-            <a href="/files/edit?file=<%= f %>&dir_path=<%= @dir_path %>" class="btn btn-default"><i class="fa fa-edit" title="<%= t.edit %>"></i></a>
+            <a href="/files/edit?file=<%= f %>&dir_path=<%= @dir_path %>" class="btn btn-default"><i class="fa fa-edit" title="<%= EscapeUtils.escape_html t.edit %>"></i></a>
           <% end %>
         </td>
         <td class="text-center">
-          <form method="post" action="/files/delete?file=<%= f %>" class="inline form-confirm" data-confirm="<%= t.are_you_sure %>">
+          <form method="post" action="/files/delete?file=<%= f %>" class="inline form-confirm" data-confirm="<%= EscapeUtils.escape_html t.are_you_sure %>">
             <input name="path" type="hidden" value="<%= @dir_path %>">
-            <button type="submit" class="btn btn-default"><i class="fa fa-trash" title="<%= t.delete %>"></i></button>
+            <button type="submit" class="btn btn-default"><i class="fa fa-trash" title="<%= EscapeUtils.escape_html t.delete %>"></i></button>
           </form>
         </td>
       </tr>

data/bin/admin_views/partials/image_element.html.erb

@@ -0,0 +1,4 @@
+<div class="image-element">
+  <img src="<%= @img %>" alt="<%= @img %>">
+  <span class="font-size:8px;"><%= @img.split('/').last %></span>
+</div>

data/bin/admin_views/partials/images_page.html.erb

@@ -0,0 +1,8 @@
+<% path = File.join(Pathname.new(App.gem_source_path), 'admin_views', 'partials', 'image_element.html.erb') %>
+<% myerb = ERB.new(File.read(path), eoutvar: "@bidule") %>
+<% # Why %= don't work !? Need to do a loop concat... %>
+<% $stderr.puts @images %>
+<% (@images || []).each do |img| %>
+  <% @img = img.gsub(Dir.pwd, "") %>
+  <%= myerb.result(binding)  %>
+<% end %>

data/bin/admin_views/posts/edit.erb

@@ -1,49 +1,49 @@
-<h2><%= t.send(@type_file).capitalize %></h2>
+<h2><%= EscapeUtils.escape_html t.send(@type_file).capitalize %></h2>
 
 <% file_params = (!@new_record ? "?file=#{@file}" : "") %>
 
 <form action="/<%= @type_file %><%= file_params %>" method="post">
   <% if !@new_record %>
     <div class="mb-3">
-      <label for="i-path" class="form-label"><%= t.path.capitalize %></label>
+      <label for="i-path" class="form-label"><%= EscapeUtils.escape_html t.path.capitalize %></label>
       <div class="input-group">
-        <input type="text" class="form-control" value="<%= @file %>" name="new_file" id="i-path">
         <span class="input-group-text">
-          <i class="fas fa-calendar-alt" id="btn-date-path" title="<%= t.change_date_path %>"></i>
+          <i class="fas fa-calendar-alt" id="btn-date-path" title="<%= EscapeUtils.escape_html t.change_date_path %>"></i>
         </span>
         <span class="input-group-text">
-          <i class="fas fa-sync-alt" id="btn-title-path" title="<%= t.change_title_path %>"></i>
+          <i class="fas fa-sync-alt" id="btn-title-path" title="<%= EscapeUtils.escape_html t.change_title_path %>"></i>
         </span>
+        <input type="text" class="form-control" value="<%= @file %>" name="new_file" id="i-path">
       </div>
-      <div id="i-path-help" class="form-text"><%= t.help_path %></div>
+      <div id="i-path-help" class="form-text"><%= EscapeUtils.escape_html t.help_path %></div>
     </div>
   <% end %>
   <div class="mb-3">
-    <label for="i-title" class="form-label"><%= t.title.capitalize %></label>
+    <label for="i-title" class="form-label"><%= EscapeUtils.escape_html t.title.capitalize %></label>
     <input type="text" value="<%= @headers.delete('title') %>" class="form-control" name="title" id="i-title">
   </div>
   <div class="mb-3">
-    <label for="i-date" class="form-label"><%= t.date.capitalize %></label>
+    <label for="i-date" class="form-label"><%= EscapeUtils.escape_html t.date.capitalize %></label>
     <div class="input-group">
-      <input type="text" value="<%= @headers.delete('date') || Time.now.strftime('%Y-%m-%d %H:%M:%S %z') %>" class="form-control" name="date" id="i-date">
       <span class="input-group-text">
-        <i class="fas fa-calendar-day" id="btn-date-today" title="<%= t.set_date_today %>"></i>
+        <i class="fas fa-calendar-day" id="btn-date-today" title="<%= EscapeUtils.escape_html t.set_date_today %>"></i>
       </span>
+      <input type="text" value="<%= @headers.delete('date') || Time.now.strftime('%Y-%m-%d %H:%M:%S %z') %>" class="form-control" name="date" id="i-date">
     </div>
   </div>
   <div class="mb-3">
-    <label for="i-tags" class="form-label"><%= t.tags.capitalize %></label>
-    <input type="text" value="<%= @headers.delete('tags') %>" class="form-control" name="tags" id="i-tags">
-    <div id="i-tags-help" class="form-text"><%= t.help_tags %></div>
+    <label for="i-tags" class="form-label"><%= EscapeUtils.escape_html t.tags.capitalize %></label>
+    <input type="text" value="<%= App.extract_tags(@headers.delete('tags')).join(',') %>" class="form-control" name="tags" id="i-tags">
+    <div id="i-tags-help" class="form-text"><%= EscapeUtils.escape_html t.help_tags %></div>
   </div>
   <div class="mb-3 form-check">
     <input type="checkbox" class="form-check-input" name="publish" value="publish" id="i-publish">
-    <label class="form-check-label" for="i-publish"><%= t.publish.capitalize %></label>
+    <label class="form-check-label" for="i-publish"><%= EscapeUtils.escape_html t.publish.capitalize %></label>
   </div>
 
   <% if @hyde_parameters['display_layout'].to_s == 'true' %>
     <div class="mb-3">
-      <label for="i-layout" class="form-label"><%= t.layout.capitalize %></label>
+      <label for="i-layout" class="form-label"><%= EscapeUtils.escape_html t.layout.capitalize %></label>
       <select class="form-select" aria-label="Choice layout" name="layout">
         <% Dir.glob(File.join(Dir.pwd, '_layouts', '*')).each do |f| %>
           <% layout = File.basename(f, File.extname(f)) %>
@@ -58,7 +58,7 @@
 
   <% if @hyde_parameters['display_format'].to_s == 'true' %>
     <div class="mb-3">
-      <label for="i-format" class="form-label"><%= t.format.capitalize %></label>
+      <label for="i-format" class="form-label"><%= EscapeUtils.escape_html t.format.capitalize %></label>
       <select class="form-select" id="select-format" aria-label="Choice format" name="format">
         <% format = File.extname(@file) %>
         <% format = ".#{@hyde_parameters['default_format']}" if format.empty? %>
@@ -84,7 +84,7 @@
     </div>
   <% end %>
 
-  <a href="#" class="btn btn-secondary mb-2" id="add-header"><i class="fas fa-plus"></i> <%= t.add_header.capitalize %></a>
+  <a href="#" class="btn btn-secondary mb-2" id="add-header"><i class="fas fa-plus"></i> <%= EscapeUtils.escape_html t.add_header.capitalize %></a>
   <div class="mb-3 custom-headers"></div>
 
   <div class="mb-3 template-header" style="display: none">
@@ -109,14 +109,14 @@
   </script>
 
   <div class="mb-3">
-    <label for="i-content" class="form-label"><%= t.content.capitalize %> <a href="https://jekyllrb.com/docs/liquid/" class="text-secondary" target="_blank"><i class="fas fa-question-circle"></i></a></label>
+    <label for="i-content" class="form-label"><%= EscapeUtils.escape_html t.content.capitalize %> <a href="https://jekyllrb.com/docs/liquid/" class="text-secondary" target="_blank"><i class="fas fa-question-circle"></i></a></label>
 
-    <% path = File.join(Pathname.new(File.dirname(__FILE__)).parent, 'editor_html.erb') %>
+    <% path = File.join(Pathname.new(App.gem_source_path), 'admin_views', 'editor_html.erb') %>
     <%= ERB.new(File.read(path)).result(binding) %>
 
     <textarea class="form-control text-editor" id="i-content" rows="3" name="content"><%= @content %></textarea>
   </div>
-  <button type="submit" class="btn btn-primary"><%= t.submit.capitalize %></button>
+  <button type="submit" class="btn btn-primary"><%= EscapeUtils.escape_html t.submit.capitalize %></button>
 </form>
 
 <script type="text/javascript" charset="utf-8">
@@ -150,7 +150,7 @@
         return false;
     });
 
-    <% path = File.join(Pathname.new(File.dirname(__FILE__)).parent, 'editor_js.erb') %>
+    <% path = File.join(Pathname.new(App.gem_source_path), 'admin_views', 'editor_js.erb') %>
     <%= ERB.new(File.read(path)).result(binding) %>
 
 </script>

data/bin/admin_views/posts/listing.erb

@@ -1,16 +1,16 @@
-<h2><%= t.send(@type_file).capitalize %> &nbsp; <a href="/<%= @type_file %>/new" class="btn btn-secondary btn-sm"><i class="fas fa-plus"></i> <%= t.new.capitalize %></a></h2>
+<h2><%= EscapeUtils.escape_html t.send(@type_file).capitalize %> &nbsp; <a href="/<%= @type_file %>/new" class="btn btn-secondary btn-sm"><i class="fas fa-plus"></i> <%= EscapeUtils.escape_html t.new.capitalize %></a></h2>
 
 <div class="table-responsive">
   <table class="table table-striped table-sm">
     <tr>
       <th>
-        <%= t.file.capitalize %>
+        <%= EscapeUtils.escape_html t.file.capitalize %>
       </th>
       <th>
-        <%= t.edit.capitalize %>
+        <%= EscapeUtils.escape_html t.edit.capitalize %>
       </th>
       <th>
-        <%= t.delete.capitalize %>
+        <%= EscapeUtils.escape_html t.delete.capitalize %>
       </th>
     </tr>
     <% @files.each do |f| %>
@@ -19,12 +19,12 @@
         <%= f.gsub(File.join(Dir.pwd, ''),'') %>
       </td>
       <td>
-        <a href="/<%= @type_file %>?file=<%= f %>" class="btn btn-default"><i class="fa fa-edit" title="<%= t.edit.capitalize %>"></i></a>
+        <a href="/<%= @type_file %>?file=<%= f %>" class="btn btn-default"><i class="fa fa-edit" title="<%= EscapeUtils.escape_html t.edit.capitalize %>"></i></a>
       </td>
       <td>
-        <form method="post" action="/<%= @type_file %>/delete" class="inline form-confirm" data-confirm="<%= t.are_you_sure %>">
+        <form method="post" action="/<%= @type_file %>/delete" class="inline form-confirm" data-confirm="<%= EscapeUtils.escape_html t.are_you_sure %>">
           <input type="hidden" name="file" value="<%= f %>">
-	        <button type="submit" class="btn btn-default"><i class="fa fa-trash" title="<%= t.delete.capitalize %>"></i></button>
+	        <button type="submit" class="btn btn-default"><i class="fa fa-trash" title="<%= EscapeUtils.escape_html t.delete.capitalize %>"></i></button>
         </form>
       </td>
     </tr>

data/bin/hyde_admin.ru

@@ -5,6 +5,7 @@ require 'yaml'
 require 'fileutils'
 require 'i18n'
 require 'date'
+require 'escape_utils'
 require_relative '../lib/hyde_admin/version'
 
 # TODO détecter format nouveau post (pour codemirror)
@@ -70,6 +71,14 @@ class App < Roda
     str.gsub(/---(.*?)---/m, "")
   end
 
+  def self.gem_source_path
+    File.expand_path(File.dirname(__FILE__))
+  end
+
+  def self.extract_tags(str)
+    str.scan(/^\[?(.*?)\]?$/).flatten.first.split(',')
+  end
+
   FORMAT_DATE_FILENAME = '%Y-%m-%d'
   FORMAT_DATE_INPUT_FILENAME = '%Y-%m-%d %H:%M:%S %z'
 
@@ -217,6 +226,27 @@ class App < Roda
         date = Time.now.strftime(FORMAT_DATE_INPUT_FILENAME)
         response.write(date)
       end
+      r.post "images" do
+        nb_elements_per_page = 9
+
+        sort_date = r.params['sort_date']
+        filename = r.params['filename']
+        page = r.params['page'].to_i
+        start_elts = (page || 0) * nb_elements_per_page
+
+        search_filename = "*#{filename.strip}*"
+
+        path_of_images = File.join(Dir.pwd, @hyde_parameters['images_path'], search_filename)
+
+        all_images = Dir.glob(path_of_images).sort_by {|filename| File.mtime(filename) }
+        all_images = all_images.reverse if sort_date == 'asc'
+        @images = all_images[start_elts, nb_elements_per_page]
+
+        path = File.join(Pathname.new(App.gem_source_path), 'admin_views', 'partials', 'images_page.html.erb')
+        data = ERB.new(File.read(path)).result(binding)
+
+        response.write(data)
+      end
     end
 
     # Posts/pages/drafts

data/bin/hyde_assets/hyde_admin.css

@@ -1,18 +1,31 @@
 /* modal pictures */
-.modal-body-image{
+.image-selector-content{
     display: grid;
     grid-template-columns: 1fr 1fr 1fr;
 }
-.modal-body-image .image-element{
+.image-selector-content .image-element{
     width: 150px;
     height: 150px;
 }
-.modal-body-image .image-element img{
+.image-selector-content .image-element img{
     width: 100%;
     height: 100%;
     object-fit: contain;
     overflow: hidden;
 }
-.modal-body-image .image-element img:hover{
+.image-selector-content .image-element img:hover{
     border:2px solid gray;
+}
+
+.image-element{
+    position: relative;
+}
+
+.image-element span{
+    position: absolute;
+    bottom:5px;
+    left:5px;
+    z-index: 10;
+    font-weight: bold;
+    text-shadow:white 0px 0px 3px, white 0px 0px 2px;
 }

data/bin/i18n/en.yml

@@ -85,4 +85,11 @@ editor_italic: Italic
 editor_strikethrough: Strikethrough
 default_alt_img: Alt text
 default_title_img: Title text
-parent_dir: dossier parent
+parent_dir: parent directory
+sort_by_date: sort_by_date
+older: older first
+newer: newer first
+previous_images: previous images
+next_images: next images
+search: search
+filename: filename

data/bin/i18n/fr.yml

@@ -85,4 +85,11 @@ editor_italic: Italique
 editor_strikethrough: Barré
 default_alt_img: Texte alternatif
 default_title_img: Titre image
-parent_dir: dossier parent
+parent_dir: dossier parent
+sort_by_date: tri par date
+older: vieille d'abord
+newer: récente d'abord
+previous_images: images précédentes " lol
+next_images: images suivantes
+search: recherche
+filename: nom de fichier

data/hyde_admin.gemspec

@@ -28,6 +28,7 @@ Gem::Specification.new do |s|
   s.add_runtime_dependency("roda", "~> 3.48.0")
   s.add_runtime_dependency("roda-i18n", "~> 0.4.0")
   s.add_runtime_dependency("roda-http-auth", "0.2.0")
+  s.add_runtime_dependency("escape_utils") # escape_javascript / escape_html
   #s.add_runtime_dependency("i18n", "~> 0.4.0") # I18n.transliterate (already required by jekyll)
   s.add_runtime_dependency('jekyll') # Because we call jekyll binary
 end

data/lib/hyde_admin/version.rb

@@ -1,3 +1,3 @@
 module HydeAdmin
-  VERSION = "0.0.3"
+  VERSION = "0.0.4"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: hyde_admin
 version: !ruby/object:Gem::Version
-  version: 0.0.3
+  version: 0.0.4
 platform: ruby
 authors:
 - Sylvain Claudel
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-10-13 00:00:00.000000000 Z
+date: 2021-10-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: roda
@@ -52,6 +52,20 @@ dependencies:
     - - '='
       - !ruby/object:Gem::Version
         version: 0.2.0
+- !ruby/object:Gem::Dependency
+  name: escape_utils
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: jekyll
   requirement: !ruby/object:Gem::Requirement
@@ -89,6 +103,8 @@ files:
 - bin/admin_views/editor_js.erb
 - bin/admin_views/files/edit.erb
 - bin/admin_views/files/listing.erb
+- bin/admin_views/partials/image_element.html.erb
+- bin/admin_views/partials/images_page.html.erb
 - bin/admin_views/posts/edit.erb
 - bin/admin_views/posts/listing.erb
 - bin/fslightbox/fslightbox.js