From 141361c40eb0ac3536469b584500c2fb12591255 Mon Sep 17 00:00:00 2001 From: Sebastian Gierlinger Date: Mon, 16 Sep 2013 13:11:17 +0200 Subject: [PATCH] Escape RSS post title closes #755 - added html escape for post title - changed author for rss feed to current user - added simple test to check rss is working --- core/server/controllers/frontend.js | 78 ++++++++++---------- core/test/functional/frontend/02_rss_test.js | 16 ++++ 2 files changed, 57 insertions(+), 37 deletions(-) create mode 100644 core/test/functional/frontend/02_rss_test.js diff --git a/core/server/controllers/frontend.js b/core/server/controllers/frontend.js index 19857f1cd0..6aa0090400 100644 --- a/core/server/controllers/frontend.js +++ b/core/server/controllers/frontend.js @@ -7,6 +7,7 @@ var Ghost = require('../../ghost'), api = require('../api'), RSS = require('rss'), + _ = require('underscore'), ghost = new Ghost(), frontendControllers; @@ -66,58 +67,61 @@ frontendControllers = { 'rss': function (req, res) { // Initialize RSS var siteUrl = ghost.config().url, + pageParam = req.params.page !== undefined ? parseInt(req.params.page, 10) : 1, + feed; + //needs refact for multi user to not use first user as default + api.users.read({id : 1}).then(function (user) { feed = new RSS({ title: ghost.settings('title'), description: ghost.settings('description'), generator: 'Ghost v' + res.locals.version, - author: ghost.settings('author'), + author: user.attributes.name, feed_url: siteUrl + '/rss/', site_url: siteUrl, ttl: '60' - }), - // Parse the page number - pageParam = req.params.page !== undefined ? parseInt(req.params.page, 10) : 1; + }); - // No negative pages - if (isNaN(pageParam) || pageParam < 1) { - return res.redirect("/rss/"); - } - - if (pageParam === 1 && req.route.path === '/rss/:page/') { - return res.redirect('/rss/'); - } - - api.posts.browse({page: pageParam}).then(function (page) { - var maxPage = page.pages; - - // A bit of a hack for situations with no content. - if (maxPage === 0) { - maxPage = 1; - page.pages = 1; + // No negative pages + if (isNaN(pageParam) || pageParam < 1) { + return res.redirect("/rss/"); } - // If page is greater than number of pages we have, redirect to last page - if (pageParam > maxPage) { - return res.redirect("/rss/" + maxPage + "/"); + if (pageParam === 1 && req.route.path === '/rss/:page/') { + return res.redirect('/rss/'); } - ghost.doFilter('prePostsRender', page.posts, function (posts) { - posts.forEach(function (post) { - var item = { - title: post.title, - guid: post.uuid, - url: siteUrl + '/' + post.slug + '/', - date: post.published_at - }; + api.posts.browse({page: pageParam}).then(function (page) { + var maxPage = page.pages; - if (post.meta_description !== null) { - item.push({ description: post.meta_description }); - } + // A bit of a hack for situations with no content. + if (maxPage === 0) { + maxPage = 1; + page.pages = 1; + } - feed.item(item); + // If page is greater than number of pages we have, redirect to last page + if (pageParam > maxPage) { + return res.redirect("/rss/" + maxPage + "/"); + } + + ghost.doFilter('prePostsRender', page.posts, function (posts) { + posts.forEach(function (post) { + var item = { + title: _.escape(post.title), + guid: post.uuid, + url: siteUrl + '/' + post.slug + '/', + date: post.published_at + }; + + if (post.meta_description !== null) { + item.push({ description: post.meta_description }); + } + + feed.item(item); + }); + res.set('Content-Type', 'text/xml'); + res.send(feed.xml()); }); - res.set('Content-Type', 'text/xml'); - res.send(feed.xml()); }); }); } diff --git a/core/test/functional/frontend/02_rss_test.js b/core/test/functional/frontend/02_rss_test.js new file mode 100644 index 0000000000..fbc2d8c491 --- /dev/null +++ b/core/test/functional/frontend/02_rss_test.js @@ -0,0 +1,16 @@ +/** + * Tests if RSS exists and is working + */ +casper.test.begin('Ensure that RSS is available', 3, function suite(test) { + test.filename = 'rss_test.png'; + + casper.start(url + 'rss/', function (response) { + test.assertEqual(response.status, 200, 'Response status should be 200.'); + test.assert(this.getPageContent().indexOf('= 0, 'Feed should contain ') >= 0, 'Feed should contain '); + }); + + casper.run(function () { + test.done(); + }); +}); \ No newline at end of file