Tidy up message sensitisation a bit more, and add sensitisation of

information in the diary RSS feeds.
2008-01-16 10:02:42 +00:00 · 2008-01-16 10:02:42 +00:00 · c3bd1f113b
commit c3bd1f113b
parent b416597507
5 changed files with 51 additions and 17 deletions
--- a/app/controllers/diary_entry_controller.rb
+++ b/app/controllers/diary_entry_controller.rb
@ -1,5 +1,5 @@
 class DiaryEntryController < ApplicationController
-  layout 'site'
+  layout 'site', :except => :rss
  
  before_filter :authorize_web
  before_filter :require_user, :only => [:new]
@ -32,19 +32,16 @@ class DiaryEntryController < ApplicationController

  def rss
    if params[:display_name]
-      @this_user = User.find_by_display_name(params[:display_name])
-      @entries=DiaryEntry.find(:all, :conditions => ['user_id = ?', @this_user.id], :order => 'created_at DESC', :limit => 20)
-      rss = OSM::GeoRSS.new("OpenStreetMap diary entries for #{@this_user.display_name}", "Recent OpenStreetmap diary entries from #{@this_user.display_name}", "http://www.openstreetmap.org/user/#{@this_user.display_name}/diary") 
+      user = User.find_by_display_name(params[:display_name])
+      @entries = DiaryEntry.find(:all, :conditions => ['user_id = ?', user.id], :order => 'created_at DESC', :limit => 20)
+      @title = "OpenStreetMap diary entries for #{user.display_name}"
+      @description = "Recent OpenStreetmap diary entries from #{user.display_name}"
+      @link = "http://www.openstreetmap.org/user/#{user.display_name}/diary"
    else
-      @entries=DiaryEntry.find(:all, :order => 'created_at DESC', :limit => 20)
-      rss = OSM::GeoRSS.new('OpenStreetMap diary entries', 'Recent diary entries from users of OpenStreetMap', 'http://www.openstreetmap.org/diary') 
+      @entries = DiaryEntry.find(:all, :order => 'created_at DESC', :limit => 20)
+      @title = "OpenStreetMap diary entries"
+      @description = "Recent diary entries from users of OpenStreetMap"
+      @link = "http://www.openstreetmap.org/diary"
    end
-
-    @entries.each do |entry|
-      rss.add(entry.latitude, entry.longitude, entry.title, entry.user.display_name, url_for({:controller => 'diary_entry', :action => 'list', :id => entry.id, :display_name => entry.user.display_name}), entry.body, entry.created_at)
-    end
-
-    render :text => rss.to_s, :content_type => "application/rss+xml"
  end
-
 end
--- a/app/helpers/application_helper.rb
+++ b/app/helpers/application_helper.rb
@ -1,3 +1,5 @@
-# Methods added to this helper will be available to all templates in the application.
 module ApplicationHelper
+  def htmlize(text)
+    return sanitize(auto_link(simple_format(text), :urls))
+  end
 end
--- a/app/views/diary_entry/_diary_entry.rhtml
+++ b/app/views/diary_entry/_diary_entry.rhtml
@ -1,5 +1,5 @@
 <b><%= h(diary_entry.title) %></b><br />
-<%= sanitize(auto_link(simple_format(diary_entry.body), :urls)) %>
+<%= htmlize(diary_entry.body) %>
 <% if diary_entry.latitude and diary_entry.longitude %>
 Coordinates: <div class="geo" style="display: inline"><span class="latitude"><%= diary_entry.latitude %></span>; <span class="longitude"><%= diary_entry.longitude %></span></div> (<%=link_to 'map', :controller => 'site', :action => 'index', :lat => diary_entry.latitude, :lon => diary_entry.longitude, :zoom => 14 %> / <%=link_to 'edit', :controller => 'site', :action => 'edit', :lat => diary_entry.latitude, :lon => diary_entry.longitude, :zoom => 14 %>)<br/>
 <% end %>
--- a/app/views/diary_entry/rss.rxml
+++ b/app/views/diary_entry/rss.rxml
@ -0,0 +1,35 @@
+xml.instruct!
+
+xml.rss("version" => "2.0", 
+        "xmlns:geo" => "http://www.w3.org/2003/01/geo/wgs84_pos#",
+        "xmlns:georss" => "http://www.georss.org/georss") do
+  xml.channel do
+    xml.title @title
+    xml.description @description
+    xml.link url_for(:action => "list", :only_path => false)
+    xml.image do
+      xml.url "http://www.openstreetmap.org/images/mag_map-rss2.0.png"
+      xml.title "OpenStreetMap"
+      xml.width "100"
+      xml.height "100"
+      xml.link url_for(:action => "list", :only_path => false)
+    end
+
+    for entry in @entries
+      xml.item do
+        xml.title h(entry.title)
+        xml.link url_for(:action => "list", :id => entry.id, :display_name => entry.user.display_name, :only_path => false)
+        xml.guid url_for(:action => "list", :id => entry.id, :display_name => entry.user.display_name, :only_path => false)
+        xml.description htmlize(entry.body)
+        xml.author entry.user.display_name
+        xml.pubDate entry.created_at.to_s(:rfc822)
+        
+        if entry.latitude and entry.longitude
+          xml.geo :lat, entry.latitude.to_s
+          xml.geo :long, entry.longitude.to_s
+          xml.georss :point, "#{entry.latitude.to_s} #{entry.longitude.to_s}"
+        end
+      end
+    end
+  end
+end
--- a/app/views/message/read.rhtml
+++ b/app/views/message/read.rhtml
@ -17,7 +17,7 @@
  </tr>
  <tr>
    <th></th>
-    <td><%= sanitize(@message.body) %></td>
+    <td><%= htmlize(@message.body) %></td>
  </tr>
 </table>

@ -50,7 +50,7 @@
  </tr>
  <tr>
    <th></th>
-    <td><%= sanitize(@message.body) %></td>
+    <td><%= htmlize(@message.body) %></td>
  </tr>
 </table>