Mercurial > libervia-backend
diff src/plugins/plugin_xep_0277.py @ 1648:2b8a975ff712
plugin XEP-0277: fixed unsecure blog feed
author | Goffi <goffi@goffi.org> |
---|---|
date | Mon, 23 Nov 2015 14:58:18 +0100 |
parents | 94901070478e |
children | b58c8b4715c6 |
line wrap: on
line diff
--- a/src/plugins/plugin_xep_0277.py Mon Nov 23 13:19:42 2015 +0100 +++ b/src/plugins/plugin_xep_0277.py Mon Nov 23 14:58:18 2015 +0100 @@ -17,7 +17,7 @@ # You should have received a copy of the GNU Affero General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. -from sat.core.i18n import _ +from sat.core.i18n import _, D_ from sat.core.constants import Const as C from sat.core.log import getLogger log = getLogger(__name__) @@ -859,30 +859,19 @@ node = NS_MICROBLOG items, metadata = yield self._p.getItems(service_jid, node, max_items=max_items, item_ids=item_ids, rsm_request=rsm_request, extra=extra, profile_key=profile_key) - feed = """<?xml version="1.0" encoding="utf-8"?> -<feed xmlns="http://www.w3.org/2005/Atom"> - <title>%(user)s's blogposts</title> - <link href="%(feed)s" rel="self" /> - <link href="%(blog)s" /> - <id>%(id)s</id> - <updated>%(date)s</updated>\n""" % {'user': service_jid.user, - 'feed': 'http://%s/blog/%s/atom.xml' % (service_jid.host, service_jid.user), - 'blog': 'http://%s/blog/%s' % (service_jid.host, service_jid.user), - 'id': node, - 'date': rfc3339.timestamp_from_tf(rfc3339.tf_utc())} + feed_elt = domish.Element((NS_ATOM, 'feed')) + title = D_(u"{user}'s blogposts").format(user=service_jid.user) + feed_elt.addElement('title', content=title) + link_feed_elt = feed_elt.addElement('link') + link_feed_elt['href'] = 'http://{host}/blog/{user}/atom.xml'.format( + host=urllib.quote(service_jid.host,''), + user=urllib.quote(service_jid.user,'')) + link_feed_elt['rel'] = 'self' + link_blog_elt = feed_elt.addElement('link') + link_blog_elt['href'] = 'http://{host}/blog/{user}'.format( + host=urllib.quote(service_jid.host,''), + user=urllib.quote(service_jid.user,'')) + feed_elt.addElement('id', content=node) + feed_elt.addElement('updated', rfc3339.timestamp_from_tf(rfc3339.tf_utc())) - def removeAllURIs(element): - """Recursively remove the URIs of the element and its children. - Without that, the entry would still be valid but not displayed - by Firefox nor Thunderbird (and probably more readers)""" - element.uri = element.defaultUri = None - for child in element.children: - if isinstance(child, domish.Element): - removeAllURIs(child) - - for item in items: - entry = item.firstChildElement() - removeAllURIs(entry) - feed += " " + entry.toXml() + "\n" - defer.returnValue(feed + "</feed>") - + defer.returnValue(u'<?xml version="1.0" encoding="utf-8"?>'+feed_elt.toXml())