zena 1.2.2 → 1.2.3

data/test/integration/query_node/idx_scope.yml

@@ -4,27 +4,27 @@ default:
     node: 'cleanWater'
     visitor: 'ant'
   src: "blogs where blog.title = 'a wiki with Zena' in site"
-  sql: "%Q{SELECT nodes.* FROM idx_projects AS sc1,nodes WHERE #{secure_scope('nodes')} AND sc1.blog_title = 'a wiki with Zena' AND nodes.id = sc1.node_id AND nodes.kpath LIKE 'NPPB%' ORDER BY nodes.zip ASC}"
+  sql: "%Q{SELECT nodes.* FROM nodes LEFT JOIN idx_projects AS sc1 ON nodes.id = sc1.node_id WHERE #{secure_scope('nodes')} AND sc1.blog_title = 'a wiki with Zena' AND nodes.kpath LIKE 'NPPB%' ORDER BY nodes.zip ASC}"
   res: 'a wiki with Zena'
 
 # CUSTOM TABLE BASED INDEX
 
 get_kpath_from_class:
   src: "blogs where contact.name = 'xx' in site"
-  sql: "%Q{SELECT nodes.* FROM idx_projects AS sc1,nodes WHERE #{secure_scope('nodes')} AND sc1.contact_name = 'xx' AND nodes.id = sc1.node_id AND nodes.kpath LIKE 'NPPB%' ORDER BY nodes.zip ASC}"
+  sql: "%Q{SELECT nodes.* FROM nodes LEFT JOIN idx_projects AS sc1 ON nodes.id = sc1.node_id WHERE #{secure_scope('nodes')} AND sc1.contact_name = 'xx' AND nodes.kpath LIKE 'NPPB%' ORDER BY nodes.zip ASC}"
 
 get_kpath_from_class_with_function:
   src: "blogs where tag.created_at.year = 'xx' in site"
-  sql: "%Q{SELECT nodes.* FROM idx_projects AS sc1,nodes WHERE #{secure_scope('nodes')} AND year(sc1.tag_created_at) = 'xx' AND nodes.id = sc1.node_id AND nodes.kpath LIKE 'NPPB%' ORDER BY nodes.zip ASC}"
+  sql: "%Q{SELECT nodes.* FROM nodes LEFT JOIN idx_projects AS sc1 ON nodes.id = sc1.node_id WHERE #{secure_scope('nodes')} AND year(sc1.tag_created_at) = 'xx' AND nodes.kpath LIKE 'NPPB%' ORDER BY nodes.zip ASC}"
 
 many_keys:
   src: "blogs where blog.title = 'a wiki with Zena' and contact.name = 'cont' in site"
-  sql: "%Q{SELECT nodes.* FROM idx_projects AS sc1,nodes WHERE #{secure_scope('nodes')} AND sc1.blog_title = 'a wiki with Zena' AND sc1.contact_name = 'cont' AND nodes.id = sc1.node_id AND nodes.kpath LIKE 'NPPB%' ORDER BY nodes.zip ASC}"
+  sql: "%Q{SELECT nodes.* FROM nodes LEFT JOIN idx_projects AS sc1 ON nodes.id = sc1.node_id WHERE #{secure_scope('nodes')} AND sc1.blog_title = 'a wiki with Zena' AND sc1.contact_name = 'cont' AND nodes.kpath LIKE 'NPPB%' ORDER BY nodes.zip ASC}"
   res: 'a wiki with Zena'
 
 or_keys:
   src: "blogs where blog.title = 'bad' or contact.name = 'cont' in site"
-  sql: "%Q{SELECT nodes.* FROM idx_projects AS sc1,nodes WHERE #{secure_scope('nodes')} AND ((sc1.blog_title = 'bad' AND nodes.id = sc1.node_id) OR (sc1.contact_name = 'cont' AND nodes.id = sc1.node_id)) AND nodes.kpath LIKE 'NPPB%' GROUP BY nodes.id ORDER BY nodes.zip ASC}"
+  sql: "%Q{SELECT nodes.* FROM nodes LEFT JOIN idx_projects AS sc1 ON nodes.id = sc1.node_id WHERE #{secure_scope('nodes')} AND (sc1.blog_title = 'bad' OR sc1.contact_name = 'cont') AND nodes.kpath LIKE 'NPPB%' GROUP BY nodes.id ORDER BY nodes.zip ASC}"
   res: 'a wiki with Zena'
 
 id_key:
@@ -34,10 +34,10 @@ id_key:
 
 sort_by_scoped_value:
   src: "blogs in site order by contact.name asc"
-  sql: "%Q{SELECT nodes.* FROM idx_projects AS sc1,nodes WHERE #{secure_scope('nodes')} AND nodes.id = sc1.node_id AND nodes.kpath LIKE 'NPPB%' ORDER BY sc1.contact_name ASC}"
+  sql: "%Q{SELECT nodes.* FROM nodes LEFT JOIN idx_projects AS sc1 ON nodes.id = sc1.node_id WHERE #{secure_scope('nodes')} AND nodes.kpath LIKE 'NPPB%' ORDER BY sc1.contact_name ASC}"
   res: 'a wiki with Zena'
 
 should_not_mess_with_select:
   src: "blogs select title as blog_title in site order by contact.name asc"
-  sql: "%Q{SELECT nodes.*,ml1.value AS `blog_title` FROM idx_nodes_ml_strings AS ml1,idx_projects AS sc1,nodes WHERE #{secure_scope('nodes')} AND nodes.id = sc1.node_id AND ml1.lang = 'fr' AND ml1.key = 'title' AND ml1.node_id = nodes.id AND nodes.kpath LIKE 'NPPB%' ORDER BY sc1.contact_name ASC}"
+  sql: "%Q{SELECT nodes.*,ml1.value AS `blog_title` FROM nodes LEFT JOIN idx_nodes_ml_strings AS ml1 ON ml1.node_id = nodes.id AND ml1.key = 'title' AND ml1.lang = 'fr' LEFT JOIN idx_projects AS sc1 ON nodes.id = sc1.node_id WHERE #{secure_scope('nodes')} AND nodes.kpath LIKE 'NPPB%' ORDER BY sc1.contact_name ASC}"
   res: 'a wiki with Zena'

data/test/integration/query_node/relations.yml

@@ -7,7 +7,7 @@ default:
   sql: "[%Q{SELECT nodes.* FROM nodes WHERE #{secure_scope('nodes')} AND nodes.parent_id = ? ORDER BY nodes.zip ASC}, @node.id]"
 
 nodes_from_nodes_in_section:
-  sql: "[%Q{SELECT nodes.* FROM nodes,nodes AS no1 WHERE #{secure_scope('nodes')} AND nodes.parent_id = no1.id AND no1.section_id = ? GROUP BY nodes.id ORDER BY nodes.zip ASC}, @node.get_section_id]"
+  sql: "[%Q{SELECT nodes.* FROM nodes JOIN nodes AS no1 WHERE #{secure_scope('nodes')} AND nodes.parent_id = no1.id AND no1.section_id = ? GROUP BY nodes.id ORDER BY nodes.zip ASC}, @node.get_section_id]"
 
 bad_relation:
   src: "categories in site"
@@ -15,11 +15,11 @@ bad_relation:
 
 overriden_relation:
   src: 'references'
-  sql: "[%Q{SELECT nodes.*,links.id AS `link_id`,links.status AS `l_status`,links.comment AS `l_comment`,links.date AS `l_date` FROM links,nodes WHERE #{secure_scope('nodes')} AND nodes.id = links.target_id AND links.relation_id = _ID(node_has_references) AND links.source_id = ? ORDER BY nodes.zip ASC}, @node.id]"
+  sql: "[%Q{SELECT nodes.*,links.id AS `link_id`,links.status AS `l_status`,links.comment AS `l_comment`,links.date AS `l_date` FROM links JOIN nodes WHERE #{secure_scope('nodes')} AND nodes.id = links.target_id AND links.relation_id = _ID(node_has_references) AND links.source_id = ? ORDER BY nodes.zip ASC}, @node.id]"
 
 link_selects_in_sub_query:
   src: "icons or images"
-  sql: "[%Q{SELECT nodes.*,links.id AS `link_id`,links.status AS `l_status`,links.comment AS `l_comment`,links.date AS `l_date` FROM links,nodes WHERE #{secure_scope('nodes')} AND ((nodes.id = links.target_id AND links.relation_id = _ID(node_has_an_icon) AND links.source_id = ?) OR (nodes.kpath LIKE 'NDI%' AND nodes.parent_id = ? AND links.id = 0)) GROUP BY nodes.id ORDER BY nodes.zip ASC}, @node.id, @node.id]"
+  sql: "[%Q{SELECT nodes.*,links.id AS `link_id`,links.status AS `l_status`,links.comment AS `l_comment`,links.date AS `l_date` FROM links JOIN nodes WHERE #{secure_scope('nodes')} AND ((nodes.id = links.target_id AND links.relation_id = _ID(node_has_an_icon) AND links.source_id = ?) OR (nodes.kpath LIKE 'NDI%' AND nodes.parent_id = ? AND links.id = 0)) GROUP BY nodes.id ORDER BY nodes.zip ASC}, @node.id, @node.id]"
 
 project:
   sql: "[%Q{SELECT nodes.* FROM nodes WHERE #{secure_scope('nodes')} AND nodes.id = ? ORDER BY nodes.zip ASC}, @node.get_project_id]"
@@ -60,7 +60,7 @@ root_should_be_project:
     # Make sure we do not start query on a Project so that we can tell if 'root' properly sets main_class.
     node: ant
   src: 'news from root'
-  sql: "%Q{SELECT nodes.*,links.id AS `link_id`,links.status AS `l_status`,links.comment AS `l_comment`,links.date AS `l_date` FROM links,nodes,nodes AS no1 WHERE #{secure_scope('nodes')} AND nodes.id = links.source_id AND links.relation_id = 488905946 AND links.target_id = no1.id AND no1.id = 850927283 GROUP BY nodes.id ORDER BY nodes.zip ASC}"
+  sql: "%Q{SELECT nodes.*,links.id AS `link_id`,links.status AS `l_status`,links.comment AS `l_comment`,links.date AS `l_date` FROM links JOIN nodes JOIN nodes AS no1 WHERE #{secure_scope('nodes')} AND nodes.id = links.source_id AND links.relation_id = 488905946 AND links.target_id = no1.id AND no1.id = 850927283 GROUP BY nodes.id ORDER BY nodes.zip ASC}"
 
 start_as_tag:
   context:

data/test/integration/zafu_compiler/ajax.yml

@@ -6,14 +6,14 @@ default:
 
 block:
   src: "<r:parent><r:block name='foobar' do='title'/></r:parent>"
-  tem: "<% if var1 = @node.parent %><div id='foobar' data-z='<%= var1.zip %>'><%= var1.prop['title'] %></div><% end %>"
-  'ajax/block/en/foobar.erb': "<div id='<%= ndom_id(@node) %>' data-z='<%= @node.zip %>'><%= @node.prop['title'] %></div>"
+  tem: "<% if var1 = @node.parent %><div id='foobar' data-z='<%= var1.zip %>'><%=h var1.prop['title'] %></div><% end %>"
+  'ajax/block/en/foobar.erb': "<div id='<%= ndom_id(@node) %>' data-z='<%= @node.zip %>'><%=h @node.prop['title'] %></div>"
 
 add:
   src: "<ul id='children' do='nodes'><li do='each' do='link'/><li do='add'/></ul>"
   tem: "/\[\"children_add\", \"children_0\"\].each\(Element.toggle\)/"
   'ajax/add/en/children_form.erb': "/class='form' .*id='<%= ndom_id\(@node\) %>'/"
-  'ajax/add/en/children.erb': "<li id='<%= ndom_id(@node) %>'><a href='<%= zen_path(@node) %>'><%= @node.prop['title'] %></a></li>"
+  'ajax/add/en/children.erb': "<li id='<%= ndom_id(@node) %>'><a href='<%= zen_path(@node) %>'><%=h @node.prop['title'] %></a></li>"
 
 edit_not_each:
   src: "<li class='blah'>this is a post <r:edit>edit post</r:edit></li>"
@@ -80,7 +80,7 @@ each_add_with_form:
       <li do='add'>add new</li>
       <li do='form'><input name='title'/> this is the form</li>
     </ol>
-  res: "/<li id='list1_30'>bird.*<li id='list1_31'>flower.*<li.*list1_add.*list1_0.*toggle.*<li.*style.*none.*list1_0.*Ajax.Request.*input type='hidden' name='t_url' value=.ajax/each/add/with/form/list1.*input type='hidden' name='node\[parent_id\]' value=.29./"
+  res: "/<li id='list1_30'>bird.*<li id='list1_31'>flower.*<li.*list1_add.*list1_0.*toggle.*<li.*style.*none.*list1_0.*Ajax.Request.*input type='hidden' name='node\[parent_id\]' value=.29.*input type='hidden' name='t_url' value=.ajax/each/add/with/form/list1/"
 
 each_add_with_form_in_sub_block:
   context:
@@ -107,8 +107,8 @@ each_add_with_form_klass_set:
   res: "!/hidden.*node\[klass\].*Node.*select.*node\[klass\]/"
 
 each_add_with_select:
-  src: "<r:children><r:each do='title'/><r:add/><r:form><r:select name='icon_id' nodes='images in project' selected='[main.icon_id]_abc'/></r:form></r:children>"
-  'ajax/each/add/with/select/en/list1_form.erb': '/map.|r| \[r.name, r.zip.to_s\]., \"#.@node.icon_zip._abc\"\)/'
+  src: "<r:children><r:each do='title'/><r:add/><r:form><r:select name='icon_id' nodes='images in project' selected='main.icon_id'/></r:form></r:children>"
+  'ajax/each/add/with/select/en/list1_form.erb': '/map.|r| \[r.name, r.zip.to_s\]., \"#.@node.icon_zip\"\)/'
   tem: "/nodes.kpath LIKE 'NDI%'/"
 
 each_edit_with_form:
@@ -133,7 +133,7 @@ block_dictionary:
 make_form:
   src: "<ul do='children'><li do='each' do='title'/><li do='add'/></ul>"
   tem: "/<li style='display:none;' class='form' id='list1_0'>.*remote_form_for\(:node, var2_new"
-  'ajax/make/form/en/list1.erb': "<li id='<%= ndom_id(@node) %>'><%= @node.prop['title'] %></li>"
+  'ajax/make/form/en/list1.erb': "<li id='<%= ndom_id(@node) %>'><%=h @node.prop['title'] %></li>"
   'ajax/make/form/en/list1_form.erb': "/<li class='form' id='<%= ndom_id\(@node\) %>'>/"
 
 each_edit_cannot_write:
@@ -205,7 +205,7 @@ live_filter_select_options:
 draggable_do_syntax:
   src: "<r:images in='site' do='each' draggable='all' do='img' mode='pv'/>"
   tem: "/add_drag_id\(%Q\{list1_#\{var2.zip\}\}/"
-  res: "/id='list1_30'><img src='/en/image30_pv.jpg\?967816914293'/"
+  res: "/id='list1_30'><img src='/en/image30_pv.7f6f0.jpg'/"
   js: '/"list1_24"\].each.*Zena.draggable\(item, false\)/'
 
 draggable_true:
@@ -269,6 +269,14 @@ draggable_with_id_set:
   src: "<h1 id='title' do='title' draggable='true'/>"
   tem: "/<h1 id='title'><span class='drag' id='<%= %Q\{drag_#\{@node.zip\}\} %>'><span class='drag_handle'>&nbsp;</span><% add_drag_id\(%Q\{drag_#\{@node.zip\}/"
 
+sortable:
+  context:
+    node: 'projects'
+  src: "<ol do='pages'><li do='reset_sort'/><li do='each' sortable='true' do='title'/></ol>"
+  tem: "/<ol>.*Zena.resetSort.*<li data-a='position' data-p='<%= var2.position %>' id='<%= %Q.list1_#.var2.zip.. %>'>/"
+  res: "/<li data-a='position' data-p='0.0' id='list1_29'><span class='drag_handle'>&nbsp;</span>a wiki with Zena</li>/"
+  js: "/Zena.sortable\('list1_29', \{handle:'drag_handle'\}\)/"
+  
 unlink:
   context:
     node: 'art'
@@ -366,7 +374,7 @@ update_target_encode_params:
 
 include_update_target:
   src: "IUT: <r:include template='/ajax/update/target'><r:with part='foo'><r:show attr='title'/></r:with></r:include>"
-  tem: "/IUT: UT: <div .*id='foo'.*><%= h @node.prop\['title'\] %></div> <a .*zen_path.*onclick='new Ajax.Request/"
+  tem: "/IUT: UT: <div .*id='foo'.*><%=h @node.prop\['title'\] %></div> <a .*zen_path.*onclick='new Ajax.Request/"
 
 id_in_each_group_should_be_scoped:
   src: "<ul do='comments from nodes in site' do='group' by='discussion_id'><li do='each'><r:node do='block' do='title'/></li></ul>"
@@ -422,13 +430,13 @@ js:
 
 js_dyn:
   src: "x <r:js>alert('ho <r:title/>');</r:js> y"
-  tem: "x <% js_data << capture do %>alert('ho <%= @node.prop['title'] %>');<% end %> y"
+  tem: "x <% js_data << capture do %>alert('ho <%=h @node.prop['title'] %>');<% end %> y"
   res: "x  y"
   js: "<script type=\"text/javascript\">\n//<![CDATA[\nalert('ho status title');\n//]]>\n</script>"
 
 js_less_then:
   src: "x <r:js>if (i < 4) alert('ho <r:title/>');</r:js> y"
-  tem: "x <% js_data << capture do %>if (i < 4) alert('ho <%= @node.prop['title'] %>');<% end %> y"
+  tem: "x <% js_data << capture do %>if (i < 4) alert('ho <%=h @node.prop['title'] %>');<% end %> y"
   res: "x  y"
   js: "<script type=\"text/javascript\">\n//<![CDATA[\nif (i < 4) alert('ho status title');\n//]]>\n</script>"
 

data/test/integration/zafu_compiler/apphelper.yml

@@ -11,7 +11,7 @@ img_tag_use_icon:
   context:
     node: 'wiki'
   tem: "<%= img_tag(@node, :alt_src => 'icon') %>"
-  res: "<img src='/en/image30.jpg?1144713600' width='660' height='600' alt='bird' class='full'/>"
+  res: "<img src='/en/image30.11fbc.jpg' width='660' height='600' alt='bird' class='full'/>"
 
 set_lang_fr:
   context:

data/test/integration/zafu_compiler/asset.yml

@@ -10,7 +10,7 @@ default:
 
 rename_asset:
   src: "<link href='/Default skin/style.css' rel='Stylesheet' type='text/css'/>"
-  tem: "<link rel='Stylesheet' type='text/css' href='/en/textdocument54.css?1144713600'/>"
+  tem: "<link rel='Stylesheet' type='text/css' href='/en/textdocument54.11fbc.css'/>"
 
 should_not_change_script:
   src: "<script type='text/javascript' src='http://example.com'></script>"
@@ -23,5 +23,5 @@ change_style_url:
     </style>
   res: |
     <style>
-    #super { background:url('/oo/image40.jpg?1144713600');}
+    #super { background:url('/oo/image40.11fbc.jpg');}
     </style>

data/test/integration/zafu_compiler/comments.yml

@@ -14,7 +14,7 @@ comments_shown_if_empty_but_can_comment:
 
 discussion:
   src: "<r:discussion do='comments' do='title'></r:discussion>"
-  tem: "<% if var1 = @node.discussion %><% if var2 = var1.comments %><%= var2.first.title %><% end %><% end %>"
+  tem: "<% if var1 = @node.discussion %><% if var2 = var1.comments %><%=h var2.first.title %><% end %><% end %>"
   # no error
   res: "What about rivers ?"
 

data/test/integration/zafu_compiler/dates.yml

@@ -22,7 +22,7 @@ select_date_attr:
 
 date_in_link:
   src: "<r:link y='log_at.year'/>"
-  tem: "<a href='<%= zen_path(@node, {:y => (@node.log_at ? @node.log_at.year_tz : nil)}) %>'><%= @node.prop['title'] %></a>"
+  tem: "<a href='<%= zen_path(@node, {:y => (@node.log_at ? @node.log_at.year_tz : nil)}) %>'><%=h @node.prop['title'] %></a>"
 
 log_at:
   context:

data/test/integration/zafu_compiler/display.yml

@@ -35,7 +35,7 @@ cdata:
   res: |
     <script type='text/javascript'>
       <![CDATA[
-      var urls = ['http://test.host/oo/image40_med.jpg?390663777446', 'http://test.host/en/image30_med.jpg?390663777446'];
+      var urls = ['http://test.host/oo/image40_med.05b01.jpg', 'http://test.host/en/image30_med.05b01.jpg'];
       //]]>
     </script>
 
@@ -49,12 +49,14 @@ multiline_tag:
       </div>
     </div>
   tem: "!/do='pages'/"
-
   
 show_title:
-  old_src: "<r:show attr='title'/>"
-  old_tem: "<%= @node.title %>"
   src: "<r:title/>"
+  tem: "<%=h @node.prop['title'] %>"
+  res: "status title"
+  
+show_title_h_false:
+  src: "<r:title h='false'/>"
   tem: "<%= @node.prop['title'] %>"
   res: "status title"
 
@@ -62,7 +64,7 @@ show_title_with_opts:
   old_src: "<h1 do='title' class='s70' status='true' actions='all'>this is the title</h1>"
   old_tem: "/<h1 class='s<%= @node.version.status %>'><%= show_title\(:node=>@node\) \+ node_actions\(:node=>@node, .*:actions=>\"all\"/"
   src: "<h1 do='title' prefix='status' actions='all' live='true'>this is the title</h1>"
-  tem: "<h1 class='s<%= @node.version.status %>'><span id='_title<%= @node.zip %>'><%= h @node.prop['title'] %></span> <%= node_actions(@node, :actions => \"all\") %></h1>"
+  tem: "<h1 class='s<%= @node.version.status %>'><span id='_title<%= @node.zip %>'><%=h @node.prop['title'] %></span> <%= node_actions(@node, :actions => \"all\") %></h1>"
   old_res: "/<h1 class='s50'><span id='title22'.*class='actions'>/"
   res: "/<h1 class='s50'><span id='_title22'.*class='actions'>/"
 
@@ -90,7 +92,7 @@ show_title_in_list:
 
 do_title:
   src: "<h2 do='title'/>"
-  tem: "<h2><%= @node.prop['title'] %></h2>"
+  tem: "<h2><%=h @node.prop['title'] %></h2>"
   res: "<h2>status title</h2>"
 
 show_title_link_id_from_stored:
@@ -140,7 +142,7 @@ title_in_version_context:
 show_shortcut:
   old_src: "<p do='[title]'>hello</p>"
   src: "<p do='title'>hello</p>"
-  tem: "<p><%= @node.prop['title'] %></p>"
+  tem: "<p><%=h @node.prop['title'] %></p>"
   res: "<p>status title</p>"
 
 zazen_shortcut:
@@ -184,13 +186,13 @@ show_width:
 show_else:
   old_src: "<r:show attr='comment' else='name'/>"
   src: "<r:show eval='origin || title'/>"
-  tem: "<%= h (@node.prop['origin'] or @node.prop['title']) %>"
+  tem: "<%=h (@node.prop['origin'] or @node.prop['title']) %>"
   res: "status title"
 
 show_default:
   old_src: "<r:show attr='d_foo' default='baz'/>"
   src: "<r:show eval='origin || \"baz\"'/>"
-  tem: "<%= h (@node.prop['origin'] or \"baz\") %>"
+  tem: "<%=h (@node.prop['origin'] or \"baz\") %>"
   res: "baz"
 
 javascripts:
@@ -201,6 +203,10 @@ stylesheets:
   src: "<r:stylesheets list='zena,code,search'/>"
   tem: "/link href.*/stylesheets/zena.css.*text/css.*code.css.*text/css.*search.css.*stylesheet/"
 
+search_box:
+  src: "<div id='search' do='search_box' type='search'/>"
+  res: "/<div id='search'><div class=\"search\">/"
+  
 icon:
   context:
     node: wiki
@@ -244,7 +250,7 @@ img_tag_icon:
   context:
     node: 'cleanWater'
   src: "<r:img alt_src='icon'/>"
-  res: "<img src='/en/projects-list/Clean-Water-project/image24_std.jpg?929831698949' width='545' height='400' alt='it&apos;s a lake' class='std'/>"
+  res: "<img src='/en/projects-list/Clean-Water-project/image24_std.75a9a.jpg' width='545' height='400' alt='it&apos;s a lake' class='std'/>"
 
 icon:
   context:
@@ -256,36 +262,36 @@ img_image:
   context:
     node: 'bird_jpg'
   src: "<r:img/><r:img mode='med'/>"
-  res: "/<img src='/en/image30_std.jpg\?929831698949' width='440' height='400' alt='bird' class='std'/><img src='/en/image30_med.jpg\?390663777446' width='220' height='200' alt='bird' id='.*' class='med' onclick='Zena.popup\(this\)'/>/"
+  res: "/<img src='/en/image30_std.75a9a.jpg' width='440' height='400' alt='bird' class='std'/><img src='/en/image30_med.05b01.jpg' width='220' height='200' alt='bird' id='.*' class='med' onclick='Zena.popup\(this\)'/>/"
 
 img_image_not_public:
   context:
     visitor: 'ant'
     node: 'tree_jpg'
   src: "<r:img/><r:img mode='med'/>"
-  res: "/<img src='/oo/image40_std.jpg\?929831698949' width='600' height='399' alt='Autumn Tree' class='std'/><img src='/oo/image40_med.jpg\?390663777446' width='300' height='200' alt='Autumn Tree' id='.*' class='med' onclick='Zena.popup\(this\)'/>/"
+  res: "/<img src='/oo/image40_std.75a9a.jpg' width='600' height='399' alt='Autumn Tree' class='std'/><img src='/oo/image40_med.05b01.jpg' width='300' height='200' alt='Autumn Tree' id='.*' class='med' onclick='Zena.popup\(this\)'/>/"
 
 img_href:
   context:
     node: 'bird_jpg'
   src: "<r:img link='this'/>"
-  res: "<a href='/oo/image30.html'><img src='/en/image30_std.jpg?929831698949' width='440' height='400' alt='bird' class='std'/></a>"
+  res: "<a href='/oo/image30.html'><img src='/en/image30_std.75a9a.jpg' width='440' height='400' alt='bird' class='std'/></a>"
 
 img_src_id:
   src: "<r:img src='find(30)'/>"
-  res: "<img src='/en/image30_std.jpg?929831698949' width='440' height='400' alt='bird' class='std'/>"
+  res: "<img src='/en/image30_std.75a9a.jpg' width='440' height='400' alt='bird' class='std'/>"
 
 img_src_finder:
   src: "<r:img src='find(\"icon from project\")'/>"
-  res: "/image24_std.jpg/"
+  res: "/image24_std.75a9a.jpg/"
 
 img_src_mode:
   src: "<r:img src='find(30)' mode='pv'/>"
-  res: "<img src='/en/image30_pv.jpg?967816914293' width='70' height='70' alt='bird' class='pv'/>"
+  res: "<img src='/en/image30_pv.7f6f0.jpg' width='70' height='70' alt='bird' class='pv'/>"
 
 img_html_params:
   src: "<r:img src='find(30)' id='super'/>"
-  res: "<img src='/en/image30_std.jpg?929831698949' width='440' height='400' alt='bird' id='super' class='std'/>"
+  res: "<img src='/en/image30_std.75a9a.jpg' width='440' height='400' alt='bird' id='super' class='std'/>"
 
 zena:
   src: "<r:zena/>"
@@ -330,7 +336,7 @@ show_with_label_shortcut:
   context:
     lang: fr
   src: "<li do='show' label='t' blank='hide' attr='title'/>"
-  tem: "<% if !@node.prop['title'].blank? %><li><label>titre</label> <span><%= h @node.prop['title'] %></span></li><% end %>"
+  tem: "<% if !@node.prop['title'].blank? %><li><label>titre</label> <span><%=h @node.prop['title'] %></span></li><% end %>"
   res: "<li><label>titre</label> <span>Etat des travaux</span></li>"
 
 show_with_custom_label_shortcut:
@@ -414,16 +420,23 @@ short_path:
 show_param:
   context:
     t: 'hello'
-  src: "<r:show param='t'/>"
-  tem: "<%= h params[:t] %>"
+#  src: "<r:show param='t'/><r:show param='x'/>"
+  tem: "<%=h params[:t] %><%=h params[:x] %>"
   res: "hello"
 
+display_hash_type:
+  context:
+    node: test
+  src: "<r:void do='settings[\"one\"]'/>"
+  tem: "<%=h (@node.prop['settings'] ? @node.prop['settings'][\"one\"] : nil) %>"
+  res: "un"
+  
 default_host:
   context:
     node: 'bird_jpg'
   src: "<r:default host='b.#{site.host}'><r:zazen text='this is a \"link\":12.'/> xxx: <r:img/></r:default>"
   tem: '/zazen.*:host.*visitor.site.host/'
-  res: "/href=\"http://b.test.host/oo/section12.html\">link.*src='http://b.test.host/en/image30_std.jpg/"
+  res: "/href=\"http://b.test.host/oo/section12.html\">link.*src='http://b.test.host/en/image30_std.75a9a.jpg/"
 
 zazen_without_markup:
   src: "<r:void do='zazen(title)'/>"
@@ -482,3 +495,18 @@ each_alternate_by_hand:
   src: "<ol do='pages'><r:each alt_class='blue'><li class='#{alt_class}' do='title'/></r:each></ol>"
   tem: "/class='<%= _zaltclass %>'/"
   res: "<ol><li class=''>crocodiles</li><li class='blue'>status title</li></ol>"
+
+with_a_custom_img_tag_field:
+  # img_tag field set in test.
+  src: "<r:zazen text='A:!22! B:!22_pv!'/> C:<r:img/>"
+  res: "/A:<foobar>PATH=.*page22_std.html uuid=img.*</foobar> B:.*<img src='/images/ext/page_pv.png'.*C:<foobar>PATH=.*page22_std.html uuid=img.*</foobar>/"
+
+with_a_custom_img_tag_field_with_JS:
+  # img_tag field set in test.
+  src: "<r:zazen text='A:!22!'/> C:<r:img/>"
+  res: "<div class='zazen'><p>A:blah blah blah blah </p></div> C:blah blah blah blah "
+  js: "/\nsome js\nmore JS\nsome js\nmore JS\n/"
+
+invalid_document:
+  src: "<r:zazen text='!21!'/>"
+  res: "/images/ext/project.png/"

data/test/integration/zafu_compiler/eval.yml

@@ -24,12 +24,12 @@ set_var:
 
 set_var_propagates:
   src: "<div do='set' a='%q{hello}'><r:void do='set' a='%q{goodbye}'/><r:a/></div>"
-  tem: '<div><% _za = "hello" %><% _za = "goodbye" %><%= _za %></div>'
+  tem: '<div><% _za = "hello" %><% _za = "goodbye" %><%=h _za %></div>'
   res: "<div>goodbye</div>"
 
 set_var_can_be_nil:
   src: "<div do='set' a='%q{hello}'><r:void do='set' a='origin'/><r:a/></div>"
-  tem: "<div><% _za = \"hello\" %><% _za = @node.prop['origin'] || _za %><%= _za %></div>"
+  tem: "<div><% _za = \"hello\" %><% _za = @node.prop['origin'] || _za %><%=h _za %></div>"
   res: "<div>hello</div>"
 
 set_var_different_type:
@@ -38,12 +38,12 @@ set_var_different_type:
 
 node_eval:
   src: "<r:void do='@node.eval(\"title\")'/>"
-  tem: "<%= @node.zafu_eval(\"title\") %>"
+  tem: "<%=h @node.zafu_eval(\"title\") %>"
   res: "status title"
 
 node_eval_array:
   context:
     node: opening
   src: "<r:void do='@node.eval(\"set_tag_ids\")'/>"
-  tem: "<%= @node.zafu_eval(\"set_tag_ids\") %>"
+  tem: "<%=h @node.zafu_eval(\"set_tag_ids\") %>"
   res: "33,34"

data/test/integration/zafu_compiler/forms.yml

@@ -36,7 +36,7 @@ new:
   # Should accept allowed params (from class and roles) and transform ids to zip (back and forth)
   src: "<r:new klass='Letter' title='%q{Joe}' parent_id='project.id' paper='%q{white}' origin='%q{Mars}' bad='%q{value}'><r:form><r:input name='title'/> <r:input name='parent_id'/></r:form></r:new>"
   tem: "/:title => \"Joe\", :parent_id => .*@node.project.zip.*, :paper => \"white\", :origin => \"Mars\"/"
-  res: "/<input type='text' name='node\[title\]' value='Joe' id='list1_title'/> <input type='text' name='node\[parent_id\]' value='21'[^>]+/><div class='hidden'><input type='hidden' name='node\[klass\]' value='Letter'/><input type='submit'/><input type='hidden' name='node\[paper\]' value='white'/><input type='hidden' name='node\[origin\]' value='Mars'/></div>/"
+  res: "/node\[paper\]' value='white'/"
 
 translate_id_to_zip:
   src: "<b do='hot_id'/><i do='parent_id'/>"
@@ -45,7 +45,7 @@ translate_id_to_zip:
 select_class_existing_node:
   context:
     node: 'letter'
-  src: "<r:form><r:select name='klass' root_class='Note' selected='Post'/></r:form>"
+  src: "<r:form><r:select name='klass' root_class='Note'/></r:form>"
   res: "/<select name=.node\[klass\]. id=.list1_klass.><option value=\"Note\">klass_Note<\/option>\n<option value=\"Letter\" selected=\"selected\">  klass_Letter<\/option>\n<option value=\"Post\">  klass_Post<\/option><\/select>/"
 
 select_class_new_node:
@@ -66,12 +66,12 @@ select_data:
   res: "/<select name=.k. data-d='foo'.*NN.*k_Note.*NNL.*k_Letter.*NNP.*k_Post/"
 
 select_nodes:
-  src: "<r:form><r:select nodes='images in site' name='foo'></select></r:form>"
-  res: "/name='node\[foo\]'[^>]+><option value=\"\" selected=\"selected\"></option>\n<option value=\"40\">Autumn Tree</option>\n<option value=\"30\">bird</option>/"
+  src: "<r:form><r:select nodes='images in site' name='origin'></select></r:form>"
+  res: "/name='node\[origin\]'[^>]+><option value=\"\" selected=\"selected\"></option>\n<option value=\"40\">Autumn Tree</option>\n<option value=\"30\">bird</option>/"
 
 select_nodes_show_rubyless:
-  src: "<r:form><r:select nodes='images in site' name='foo' show='title.limit(3)'></select></r:form>"
-  res: "/name='node\[foo\]'[^>]+><option value=\"\" selected=\"selected\"></option>\n<option value=\"40\">Aut…</option>\n<option value=\"30\">bir…</option>/"
+  src: "<r:form><r:select nodes='images in site' name='origin' show='title.limit(3)'></select></r:form>"
+  res: "/name='node\[origin\]'[^>]+><option value=\"\" selected=\"selected\"></option>\n<option value=\"40\">Aut…</option>\n<option value=\"30\">bir…</option>/"
 
 do_not_set_parent_id_if_form_contains_parent_id:
   src: "<r:children><r:each do='title'/><r:add/><r:form><r:select name='parent_id' nodes='projects in site'/><input name='title'/></r:form></r:children>"
@@ -82,15 +82,15 @@ select_nodes_selected:
   res: "/option\s* value=.21.\s* selected=.selected.>Clean Water/"
 
 select_nodes_in_ajax:
-  src: "<r:pages><r:each do='title'/><r:add/><r:form><r:select nodes='images in site' name='d_ref'/></r:form></r:pages>"
-  res: "/name=.node\[d_ref\].[^>]+><option value=\"\" selected=\"selected\"></option>\n<option value=\"40\">Autumn Tree</option>\n<option value=\"30\">bird</option>/"
+  src: "<r:pages><r:each do='title'/><r:add/><r:form><r:select nodes='images in site' name='origin'/></r:form></r:pages>"
+  res: "/name=.node\[origin\].[^>]+><option value=\"\" selected=\"selected\"></option>\n<option value=\"40\">Autumn Tree</option>\n<option value=\"30\">bird</option>/"
 
 select_nodes_show_attr:
   src: "<r:form><r:select name='title' nodes='images in site' attr='ext' show='title'/></r:form>"
   res: "/name=.node\[title\].[^>]+>.*<option value=\"jpg\">flower</option>\n<option value=\"jpg\">it's a lake</option>/"
 
 select_time_zone:
-  src: "<r:form><r:select type='time_zone' name='d_tz'/></r:form>"
+  src: "<r:form><r:select type='time_zone' name='settings[tz]'/></r:form>"
   res: "/Asia/Jakarta.*Europe/Zurich.*US/Hawai"
 
 select_values_tshow:
@@ -221,7 +221,7 @@ textarea_with_blocks:
   context:
     node: 'ant'
   src: "<r:Contact? do='textarea' name='first_name'>Sir <r:show attr='first_name'/></r:Contact?>"
-  tem: "/<textarea name='node\[first_name\]'>Sir <%= h @node.prop\['first_name'\] %></textarea>/"
+  tem: "/<textarea name='node\[first_name\]'>Sir <%=h @node.prop\['first_name'\] %></textarea>/"
   res: "<textarea name='node[first_name]'>Sir Solenopsis</textarea>"
 
 input_new:
@@ -232,7 +232,7 @@ input_new:
 
 show_in_form:
   src: "<r:form><b do='title'/></r:form>"
-  tem: "/<b><%= @node.prop\['title'\] %></b>/"
+  tem: "/<b><%=h @node.prop\['title'\] %></b>/"
   res: '/<b>status title</b>/'
 
 not_set_parent_id:
@@ -301,6 +301,20 @@ select_eval_value:
   tem: "<select name='q'><%= options_for_select((params[:f] || '').split(',').map(&:strip).map {|e| [trans(e), e]}, param_value(\"q\").to_s) %></select>"
   res: "<select name='q'><option value=\"a\">a</option>\n<option value=\"b\">b</option>\n<option value=\"c\">c</option>\n<option value=\"en\" selected=\"selected\">english</option></select>"
 
+select_for_hash:
+  context:
+    node: test
+  src: "<r:select label='t' name='settings[one]' values='foo,un'/>"
+  tem: "<label>settings_one</label> <span><select name='node[settings][one]'><%= options_for_select([[\"settings_one_foo\", \"foo\"], [\"settings_one_un\", \"un\"]], (@node.prop['settings'] ? @node.prop['settings'][\"one\"] : nil).to_s) %></select></span>"
+  res: "/<label>settings_one</label> .*option value=\"un\" selected=\"selected\"/"
+
+select_for_hash_tprefix:
+  context:
+    node: test
+  src: "<r:select tprefix='rel' name='settings[one]' values='foo,un'/>"
+  tem: "<select name='node[settings][one]'><%= options_for_select([[\"rel_foo\", \"foo\"], [\"rel_un\", \"un\"]], (@node.prop['settings'] ? @node.prop['settings'][\"one\"] : nil).to_s) %></select>"
+  res: "<select name='node[settings][one]'><option value=\"foo\">rel_foo</option>\n<option value=\"un\" selected=\"selected\">rel_un</option></select>"
+
 crop:
   context:
     node: 'bird_jpg'

data/test/integration/zafu_compiler/i18n.yml

@@ -97,6 +97,11 @@ trans_literal_string:
 trans_block:
   src: "<r:t>en</r:t>"
   tem: "english"
+  
+link_trans:
+  # SECURITY: translation **REMOVES** html_escape (because the dictionary can contain JS or images).
+  src: "<r:link do='t' text='#{title}'/>"
+  tem: "<a href='<%= zen_path(@node) %>'><%= trans(\"#{@node.prop['title']}\") %></a>"
 
 lang_links:
   src: "<div id='lang' do='lang_links'><a>en</a> | <b>fr</b></div>"

data/test/integration/zafu_compiler/meta.yml

@@ -18,7 +18,7 @@ less_then_in_dyn_param:
 
 greater_then_in_dyn_param:
   src: "<a foo='#{created_at > now ? \'yes\' : \'no\'}'>xx</a>"
-  tem: "<a foo='<%= (@node.created_at ? (@node.created_at>Time.now) : nil) ? \"yes\" : \"no\" %>'>xx</a>"
+  tem: "<a foo='<%= ((@node.created_at ? (@node.created_at>Time.now) : nil) ? \"yes\" : \"no\") %>'>xx</a>"
 
 greater_then_in_do:
   src: "<a foo='bar' do='pages where created_at > 7'>xx</a>"
@@ -56,7 +56,7 @@ include_part:
 
 include_part_replace_method:
   src: "include_part: <r:include template='/meta/id/name' part='bob' do='title'/>"
-  tem: "include_part: <b><%= @node.prop['title'] %></b>"
+  tem: "include_part: <b><%=h @node.prop['title'] %></b>"
 
 id_do:
   src: "<h1 id='logo' do='title'/>"
@@ -72,7 +72,7 @@ with_part_do_setup:
   
 with_part_do:
   src: "with_part_do: <r:include template='/meta/with/part/do/setup'><r:with part='main' do='title'/></r:include>"
-  tem: "with_part_do: <div id='content'>hello <div id='main'><%= @node.prop['title'] %></div></div>"
+  tem: "with_part_do: <div id='content'>hello <div id='main'><%=h @node.prop['title'] %></div></div>"
   
 # this test is a dummy used by include_context
 context_dummy: