From c3bd1f113bfaefc29a48657eefcc87f95dc2da3c Mon Sep 17 00:00:00 2001 From: Tom Hughes Date: Wed, 16 Jan 2008 10:02:42 +0000 Subject: [PATCH] Tidy up message sensitisation a bit more, and add sensitisation of information in the diary RSS feeds. --- app/controllers/diary_entry_controller.rb | 23 +++++++-------- app/helpers/application_helper.rb | 4 ++- app/views/diary_entry/_diary_entry.rhtml | 2 +- app/views/diary_entry/rss.rxml | 35 +++++++++++++++++++++++ app/views/message/read.rhtml | 4 +-- 5 files changed, 51 insertions(+), 17 deletions(-) create mode 100644 app/views/diary_entry/rss.rxml diff --git a/app/controllers/diary_entry_controller.rb b/app/controllers/diary_entry_controller.rb index e763dfd72..3637ad97d 100644 --- a/app/controllers/diary_entry_controller.rb +++ b/app/controllers/diary_entry_controller.rb @@ -1,5 +1,5 @@ class DiaryEntryController < ApplicationController - layout 'site' + layout 'site', :except => :rss before_filter :authorize_web before_filter :require_user, :only => [:new] @@ -32,19 +32,16 @@ class DiaryEntryController < ApplicationController def rss if params[:display_name] - @this_user = User.find_by_display_name(params[:display_name]) - @entries=DiaryEntry.find(:all, :conditions => ['user_id = ?', @this_user.id], :order => 'created_at DESC', :limit => 20) - rss = OSM::GeoRSS.new("OpenStreetMap diary entries for #{@this_user.display_name}", "Recent OpenStreetmap diary entries from #{@this_user.display_name}", "http://www.openstreetmap.org/user/#{@this_user.display_name}/diary") + user = User.find_by_display_name(params[:display_name]) + @entries = DiaryEntry.find(:all, :conditions => ['user_id = ?', user.id], :order => 'created_at DESC', :limit => 20) + @title = "OpenStreetMap diary entries for #{user.display_name}" + @description = "Recent OpenStreetmap diary entries from #{user.display_name}" + @link = "http://www.openstreetmap.org/user/#{user.display_name}/diary" else - @entries=DiaryEntry.find(:all, :order => 'created_at DESC', :limit => 20) - rss = OSM::GeoRSS.new('OpenStreetMap diary entries', 'Recent diary entries from users of OpenStreetMap', 'http://www.openstreetmap.org/diary') - end - - @entries.each do |entry| - rss.add(entry.latitude, entry.longitude, entry.title, entry.user.display_name, url_for({:controller => 'diary_entry', :action => 'list', :id => entry.id, :display_name => entry.user.display_name}), entry.body, entry.created_at) + @entries = DiaryEntry.find(:all, :order => 'created_at DESC', :limit => 20) + @title = "OpenStreetMap diary entries" + @description = "Recent diary entries from users of OpenStreetMap" + @link = "http://www.openstreetmap.org/diary" end - - render :text => rss.to_s, :content_type => "application/rss+xml" end - end diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb index 22a7940eb..9c2b5fd3f 100644 --- a/app/helpers/application_helper.rb +++ b/app/helpers/application_helper.rb @@ -1,3 +1,5 @@ -# Methods added to this helper will be available to all templates in the application. module ApplicationHelper + def htmlize(text) + return sanitize(auto_link(simple_format(text), :urls)) + end end diff --git a/app/views/diary_entry/_diary_entry.rhtml b/app/views/diary_entry/_diary_entry.rhtml index 6cb6653ac..4cf824600 100644 --- a/app/views/diary_entry/_diary_entry.rhtml +++ b/app/views/diary_entry/_diary_entry.rhtml @@ -1,5 +1,5 @@ <%= h(diary_entry.title) %>
-<%= sanitize(auto_link(simple_format(diary_entry.body), :urls)) %> +<%= htmlize(diary_entry.body) %> <% if diary_entry.latitude and diary_entry.longitude %> Coordinates:
<%= diary_entry.latitude %>; <%= diary_entry.longitude %>
(<%=link_to 'map', :controller => 'site', :action => 'index', :lat => diary_entry.latitude, :lon => diary_entry.longitude, :zoom => 14 %> / <%=link_to 'edit', :controller => 'site', :action => 'edit', :lat => diary_entry.latitude, :lon => diary_entry.longitude, :zoom => 14 %>)
<% end %> diff --git a/app/views/diary_entry/rss.rxml b/app/views/diary_entry/rss.rxml new file mode 100644 index 000000000..16e25924b --- /dev/null +++ b/app/views/diary_entry/rss.rxml @@ -0,0 +1,35 @@ +xml.instruct! + +xml.rss("version" => "2.0", + "xmlns:geo" => "http://www.w3.org/2003/01/geo/wgs84_pos#", + "xmlns:georss" => "http://www.georss.org/georss") do + xml.channel do + xml.title @title + xml.description @description + xml.link url_for(:action => "list", :only_path => false) + xml.image do + xml.url "http://www.openstreetmap.org/images/mag_map-rss2.0.png" + xml.title "OpenStreetMap" + xml.width "100" + xml.height "100" + xml.link url_for(:action => "list", :only_path => false) + end + + for entry in @entries + xml.item do + xml.title h(entry.title) + xml.link url_for(:action => "list", :id => entry.id, :display_name => entry.user.display_name, :only_path => false) + xml.guid url_for(:action => "list", :id => entry.id, :display_name => entry.user.display_name, :only_path => false) + xml.description htmlize(entry.body) + xml.author entry.user.display_name + xml.pubDate entry.created_at.to_s(:rfc822) + + if entry.latitude and entry.longitude + xml.geo :lat, entry.latitude.to_s + xml.geo :long, entry.longitude.to_s + xml.georss :point, "#{entry.latitude.to_s} #{entry.longitude.to_s}" + end + end + end + end +end diff --git a/app/views/message/read.rhtml b/app/views/message/read.rhtml index d0517d0bf..7c010b9d5 100644 --- a/app/views/message/read.rhtml +++ b/app/views/message/read.rhtml @@ -17,7 +17,7 @@ - <%= sanitize(@message.body) %> + <%= htmlize(@message.body) %> @@ -50,7 +50,7 @@ - <%= sanitize(@message.body) %> + <%= htmlize(@message.body) %> -- 2.43.2