Merge pull request #767 from sebgie/issue#715

Escape RSS post title
2024-11-24 06:35:49 +03:00 · 2013-09-16 06:34:11 -07:00 · 2013-09-16 06:34:11 -07:00 · 84e84b0612
commit 84e84b0612
parent cefa0e14ef 141361c40e
2 changed files with 57 additions and 37 deletions
--- a/core/server/controllers/frontend.js
+++ b/core/server/controllers/frontend.js
@ -7,6 +7,7 @@
 var Ghost = require('../../ghost'),
    api = require('../api'),
    RSS = require('rss'),
+    _ = require('underscore'),

    ghost = new Ghost(),
    frontendControllers;
@ -66,58 +67,61 @@ frontendControllers = {
    'rss': function (req, res) {
        // Initialize RSS
        var siteUrl = ghost.config().url,
+            pageParam = req.params.page !== undefined ? parseInt(req.params.page, 10) : 1,
+            feed;
+        //needs refact for multi user to not use first user as default
+        api.users.read({id : 1}).then(function (user) {
            feed = new RSS({
                title: ghost.settings('title'),
                description: ghost.settings('description'),
                generator: 'Ghost v' + res.locals.version,
-                author: ghost.settings('author'),
+                author: user.attributes.name,
                feed_url: siteUrl + '/rss/',
                site_url: siteUrl,
                ttl: '60'
-            }),
-            // Parse the page number
-            pageParam = req.params.page !== undefined ? parseInt(req.params.page, 10) : 1;
+            });

-        // No negative pages
-        if (isNaN(pageParam) || pageParam < 1) {
-            return res.redirect("/rss/");
-        }
-
-        if (pageParam === 1 && req.route.path === '/rss/:page/') {
-            return res.redirect('/rss/');
-        }
-
-        api.posts.browse({page: pageParam}).then(function (page) {
-            var maxPage = page.pages;
-
-            // A bit of a hack for situations with no content.
-            if (maxPage === 0) {
-                maxPage = 1;
-                page.pages = 1;
+            // No negative pages
+            if (isNaN(pageParam) || pageParam < 1) {
+                return res.redirect("/rss/");
            }

-            // If page is greater than number of pages we have, redirect to last page
-            if (pageParam > maxPage) {
-                return res.redirect("/rss/" + maxPage + "/");
+            if (pageParam === 1 && req.route.path === '/rss/:page/') {
+                return res.redirect('/rss/');
            }

-            ghost.doFilter('prePostsRender', page.posts, function (posts) {
-                posts.forEach(function (post) {
-                    var item = {
-                        title:  post.title,
-                        guid: post.uuid,
-                        url: siteUrl + '/' + post.slug + '/',
-                        date: post.published_at
-                    };
+            api.posts.browse({page: pageParam}).then(function (page) {
+                var maxPage = page.pages;

-                    if (post.meta_description !== null) {
-                        item.push({ description: post.meta_description });
-                    }
+                // A bit of a hack for situations with no content.
+                if (maxPage === 0) {
+                    maxPage = 1;
+                    page.pages = 1;
+                }

-                    feed.item(item);
+                // If page is greater than number of pages we have, redirect to last page
+                if (pageParam > maxPage) {
+                    return res.redirect("/rss/" + maxPage + "/");
+                }
+
+                ghost.doFilter('prePostsRender', page.posts, function (posts) {
+                    posts.forEach(function (post) {
+                        var item = {
+                            title:  _.escape(post.title),
+                            guid: post.uuid,
+                            url: siteUrl + '/' + post.slug + '/',
+                            date: post.published_at
+                        };
+
+                        if (post.meta_description !== null) {
+                            item.push({ description: post.meta_description });
+                        }
+
+                        feed.item(item);
+                    });
+                    res.set('Content-Type', 'text/xml');
+                    res.send(feed.xml());
                });
-                res.set('Content-Type', 'text/xml');
-                res.send(feed.xml());
            });
        });
    }
--- a/core/test/functional/frontend/02_rss_test.js
+++ b/core/test/functional/frontend/02_rss_test.js
@ -0,0 +1,16 @@
+/**
+ * Tests if RSS exists and is working
+ */
+casper.test.begin('Ensure that RSS is available', 3, function suite(test) {
+    test.filename = 'rss_test.png';
+
+    casper.start(url + 'rss/', function (response) {
+        test.assertEqual(response.status, 200, 'Response status should be 200.');
+        test.assert(this.getPageContent().indexOf('<rss') >= 0, 'Feed should contain <rss');
+        test.assert(this.getPageContent().indexOf('</rss>') >= 0, 'Feed should contain </rss>');
+    });
+    
+    casper.run(function () {
+        test.done();
+    });
+});