changeset 1648:2b8a975ff712

plugin XEP-0277: fixed unsecure blog feed
author Goffi <goffi@goffi.org>
date Mon, 23 Nov 2015 14:58:18 +0100
parents 31b96ac3eec2
children b58c8b4715c6
files src/plugins/plugin_xep_0277.py
diffstat 1 files changed, 16 insertions(+), 27 deletions(-) [+]
line wrap: on
line diff
--- a/src/plugins/plugin_xep_0277.py	Mon Nov 23 13:19:42 2015 +0100
+++ b/src/plugins/plugin_xep_0277.py	Mon Nov 23 14:58:18 2015 +0100
@@ -17,7 +17,7 @@
 # You should have received a copy of the GNU Affero General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-from sat.core.i18n import _
+from sat.core.i18n import _, D_
 from sat.core.constants import Const as C
 from sat.core.log import getLogger
 log = getLogger(__name__)
@@ -859,30 +859,19 @@
             node = NS_MICROBLOG
         items, metadata = yield self._p.getItems(service_jid, node, max_items=max_items, item_ids=item_ids, rsm_request=rsm_request, extra=extra, profile_key=profile_key)
 
-        feed = """<?xml version="1.0" encoding="utf-8"?>
-<feed xmlns="http://www.w3.org/2005/Atom">
-    <title>%(user)s's blogposts</title>
-    <link href="%(feed)s" rel="self" />
-    <link href="%(blog)s" />
-    <id>%(id)s</id>
-    <updated>%(date)s</updated>\n""" % {'user': service_jid.user,
-                                        'feed': 'http://%s/blog/%s/atom.xml' % (service_jid.host, service_jid.user),
-                                        'blog': 'http://%s/blog/%s' % (service_jid.host, service_jid.user),
-                                        'id': node,
-                                        'date': rfc3339.timestamp_from_tf(rfc3339.tf_utc())}
+        feed_elt = domish.Element((NS_ATOM, 'feed'))
+        title = D_(u"{user}'s blogposts").format(user=service_jid.user)
+        feed_elt.addElement('title', content=title)
+        link_feed_elt = feed_elt.addElement('link')
+        link_feed_elt['href'] = 'http://{host}/blog/{user}/atom.xml'.format(
+            host=urllib.quote(service_jid.host,''),
+            user=urllib.quote(service_jid.user,''))
+        link_feed_elt['rel'] = 'self'
+        link_blog_elt = feed_elt.addElement('link')
+        link_blog_elt['href'] = 'http://{host}/blog/{user}'.format(
+            host=urllib.quote(service_jid.host,''),
+            user=urllib.quote(service_jid.user,''))
+        feed_elt.addElement('id', content=node)
+        feed_elt.addElement('updated', rfc3339.timestamp_from_tf(rfc3339.tf_utc()))
 
-        def removeAllURIs(element):
-            """Recursively remove the URIs of the element and its children.
-            Without that, the entry would still be valid but not displayed
-            by Firefox nor Thunderbird (and probably more readers)"""
-            element.uri = element.defaultUri = None
-            for child in element.children:
-                if isinstance(child, domish.Element):
-                    removeAllURIs(child)
-
-        for item in items:
-            entry = item.firstChildElement()
-            removeAllURIs(entry)
-            feed += "    " + entry.toXml() + "\n"
-        defer.returnValue(feed + "</feed>")
-
+        defer.returnValue(u'<?xml version="1.0" encoding="utf-8"?>'+feed_elt.toXml())