diff options
| author | Louise Crow <louise.crow@gmail.com> | 2013-02-01 16:39:53 +0000 |
|---|---|---|
| committer | Louise Crow <louise.crow@gmail.com> | 2013-02-01 16:39:53 +0000 |
| commit | 63d576de4309b527a2a7ed4fc8f5cf43cae0538b (patch) | |
| tree | 8e169a92a570858cd6be1ccc642c8f9f6bb1edb7 | |
| parent | 39f74e92f0785eb3da2001d93682b8d1aadd35d5 (diff) | |
| parent | f077394dc1130df36a7f17784eaac5c79c60df24 (diff) | |
Merge remote-tracking branch 'openaustralia_github/xss_escaping_fixes' into develop
| -rw-r--r-- | app/controllers/track_controller.rb | 2 | ||||
| -rw-r--r-- | app/helpers/application_helper.rb | 9 | ||||
| -rw-r--r-- | app/views/track/atom_feed.atom.builder | 25 | ||||
| -rw-r--r-- | app/views/track/atom_feed.atom.erb | 30 |
4 files changed, 34 insertions, 32 deletions
diff --git a/app/controllers/track_controller.rb b/app/controllers/track_controller.rb index 51e081c88..15da7f327 100644 --- a/app/controllers/track_controller.rb +++ b/app/controllers/track_controller.rb @@ -157,7 +157,7 @@ class TrackController < ApplicationController def atom_feed_internal @xapian_object = perform_search([InfoRequestEvent], @track_thing.track_query, @track_thing.params[:feed_sortby], nil, 25, 1) respond_to do |format| - format.atom { render :template => 'track/atom_feed' } + format.atom { render :template => 'track/atom_feed', :content_type => "application/atom+xml" } format.json { render :json => @xapian_object.results.map { |r| r[:model].json_for_api(true, lambda { |t| @template.highlight_and_excerpt(t, @xapian_object.words_to_highlight, 150) } ) } } diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb index b9ba712a4..42f9d30f1 100644 --- a/app/helpers/application_helper.rb +++ b/app/helpers/application_helper.rb @@ -54,15 +54,12 @@ module ApplicationHelper # Highlight words, also escapes HTML (other than spans that we add) def highlight_words(t, words, html = true) if html - t = h(t) - end - if html - t = highlight(t, words, '<span class="highlight">\1</span>') + highlight(h(t), words, '<span class="highlight">\1</span>').html_safe else - t = highlight(t, words, '*\1*') + highlight(t, words, '*\1*') end - return t end + def highlight_and_excerpt(t, words, excount, html = true) newt = excerpt(t, words[0], excount) if not newt diff --git a/app/views/track/atom_feed.atom.builder b/app/views/track/atom_feed.atom.builder deleted file mode 100644 index d1e9310b8..000000000 --- a/app/views/track/atom_feed.atom.builder +++ /dev/null @@ -1,25 +0,0 @@ -atom_feed do |feed| - feed.title(@track_thing.params[:title_in_rss]) - @highlight_words = @xapian_object.words_to_highlight - - for result in @xapian_object.results - feed.entry(result[:model]) do |entry| - # Get the HTML content from the same partial template as website search does - content = '' - if result[:model].class.to_s == 'InfoRequestEvent' - content += render :partial => 'request/request_listing_via_event', :locals => { :event => result[:model], :info_request => result[:model].info_request } - else - content = "<p><strong>Unknown search result type " + result[:model].class.to_s + "</strong></p>" - end - # Pull out the heading as separate item, from the partial template - content.match(/(<span class="head">\s+<a href="[^>]*">(.*)<\/a>\s+<\/span>)/) - heading = $1 - heading_text = $2 - content.sub!(heading, "") - # Render the atom - entry.title(heading_text, :type => 'html') - entry.content(content, :type => 'html') - end - end -end - diff --git a/app/views/track/atom_feed.atom.erb b/app/views/track/atom_feed.atom.erb new file mode 100644 index 000000000..23c932308 --- /dev/null +++ b/app/views/track/atom_feed.atom.erb @@ -0,0 +1,30 @@ +<?xml version="1.0" encoding="UTF-8"?> +<feed xml:lang="en-US" xmlns="http://www.w3.org/2005/Atom"> + <id>tag:<%= request.host %>,2005:<%= request.fullpath.split(".")[0] %></id> + <link type="text/html" rel="alternate" href="<%= request.protocol + request.host_with_port %>"/> + <link type="application/atom+xml" rel="self" href="<%= request.url %>"/> + <title><%= @track_thing.params[:title_in_rss] %></title> + <% @xapian_object.results.each do |result| %> + <% + # Get the HTML content from the same partial template as website search does + content = '' + if result[:model].class.to_s == 'InfoRequestEvent' + content += render :partial => 'request/request_listing_via_event', :locals => { :event => result[:model], :info_request => result[:model].info_request } + else + content = "<p><strong>Unknown search result type " + result[:model].class.to_s + "</strong></p>" + end + # Pull out the heading as separate item, from the partial template + content.match(/(<span class="head">\s+<a href="[^>]*">(.*)<\/a>\s+<\/span>)/) + heading = $1 + heading_text = $2 + content.sub!(heading, "") + %> + <entry> + <id>tag:<%= request.host %>,2005:<%= result[:model].class %>/<%= result[:model].id %></id> + <published><%= result[:model].created_at.xmlschema %></published> + <link type="text/html" rel="alternate" href="<%= polymorphic_url(result[:model]) %>"/> + <title type="html"><%= heading_text %></title> + <content type="html"><%= content %></content> + </entry> + <% end %> +</feed> |