]> git.openstreetmap.org Git - osqa.git/blobdiff - forum/feed.py
Prevent XSS attacks with wmd using the google-caja html sanitizer.
[osqa.git] / forum / feed.py
index 15a8ab9da366e97e7ae307e198dfe146ecc92268..60c2d3fe0ab3bf32a26d663e1039580f4dba7c0c 100644 (file)
@@ -1,39 +1,58 @@
+# -*- coding: utf-8 -*-
+
 try:
 try:
-    from django.contrib.syndication.views import Feed, FeedDoesNotExist
+    from django.contrib.syndication.views import Feed, FeedDoesNotExist, add_domain
     old_version = False
 except:
     old_version = False
 except:
-    from django.contrib.syndication.feeds import Feed, FeedDoesNotExist
+    from django.contrib.syndication.feeds import Feed, FeedDoesNotExist, add_domain
     old_version = True
 
 from django.http import HttpResponse
     old_version = True
 
 from django.http import HttpResponse
+from django.utils.encoding import smart_unicode
 from django.utils.translation import ugettext as _
 from django.utils.translation import ugettext as _
+from django.utils.safestring import mark_safe
 from models import Question
 from forum import settings
 from models import Question
 from forum import settings
+from forum.modules import decorate
+from forum.utils.pagination import generate_uri
 
 
+@decorate(add_domain, needs_origin=False)
+def add_domain(domain, url, *args, **kwargs):
+    return "%s%s" % (settings.APP_BASE_URL, url)
 
 
-class RssQuestionFeed(Feed):
-    copyright = settings.APP_COPYRIGHT
+class BaseNodeFeed(Feed):
+    if old_version:
+        title_template = "feeds/rss_title.html"
+        description_template = "feeds/rss_description.html"
 
 
-    def __init__(self, question_list, title, description, request):
-        self._title = title
-        self._description = description
-        self._question_list = question_list
-        self._url = request.path + "&" + "&".join(["%s=%s" % (k, v) for k, v in request.GET.items() if not k in ('page', 'pagesize', 'sort')])
+    def __init__(self, request, title, description, url):
+        self._title = u"%s" % smart_unicode(title)
+        self._description = mark_safe(u"%s" % smart_unicode(description))
+        self._url = url
 
         if old_version:
 
         if old_version:
-            super(RssQuestionFeed, self).__init__('', request)
+            super(BaseNodeFeed, self).__init__('', request)
 
     def title(self):
 
     def title(self):
-        return self._title
+        return u"%s" % smart_unicode(self._title)
 
     def link(self):
         return self._url
 
 
     def link(self):
         return self._url
 
+    def description(self):
+        return u"%s" % smart_unicode(self._description)
+
+    def item_title(self, item):
+        return u"%s" % smart_unicode(item.title)
+
+    def item_description(self, item):
+        return u"%s" % smart_unicode(item.html)
+
     def item_link(self, item):
     def item_link(self, item):
-        return item.get_absolute_url()
+        return item.leaf.get_absolute_url()
 
     def item_author_name(self, item):
 
     def item_author_name(self, item):
-        return item.author.username
+        return u"%s" % smart_unicode(item.author.username)
 
     def item_author_link(self, item):
         return item.author.get_profile_url()
 
     def item_author_link(self, item):
         return item.author.get_profile_url()
@@ -41,16 +60,54 @@ class RssQuestionFeed(Feed):
     def item_pubdate(self, item):
         return item.added_at
 
     def item_pubdate(self, item):
         return item.added_at
 
-    def item_categories(self, item):
-        return item.tagname_list()  
-
-    def items(self, item):
-       return self._question_list[:30]
-
     if old_version:
         def __call__(self, request):
             feedgen = self.get_feed('')
             response = HttpResponse(mimetype=feedgen.mime_type)
             feedgen.write(response, 'utf-8')
             return response
     if old_version:
         def __call__(self, request):
             feedgen = self.get_feed('')
             response = HttpResponse(mimetype=feedgen.mime_type)
             feedgen.write(response, 'utf-8')
             return response
-            
+
+
+class RssQuestionFeed(BaseNodeFeed):
+    def __init__(self, request, question_list, title, description):
+        url = request.path + "?" + generate_uri(request.GET, (_('page'), _('pagesize'), _('sort')))
+        super(RssQuestionFeed, self).__init__(request, title, description, url)
+
+        self._question_list = question_list
+
+    def item_categories(self, item):
+        return item.tagname_list()  
+
+    def items(self):
+       return self._question_list[:30]
+
+class RssAnswerFeed(BaseNodeFeed):
+    if old_version:
+        title_template = "feeds/rss_answer_title.html"
+
+    def __init__(self, request, question, include_comments=False):
+        super(RssAnswerFeed, self).__init__(
+            request, _("Answers to: %s") % smart_unicode(question.title),
+            question.html,
+            question.get_absolute_url()
+        )
+        self._question = question
+        self._include_comments = include_comments
+
+    def items(self):
+        if self._include_comments:
+            qs = self._question.all_children
+        else:
+            qs = self._question.answers
+
+        return qs.filter_state(deleted=False).order_by('-added_at')[:30]
+
+    def item_title(self, item):
+        if item.node_type == "answer":
+            return _("Answer by %s") % smart_unicode(item.author.username)
+        else:
+            return _("Comment by %(cauthor)s on %(pauthor)s's %(qora)s") % dict(
+                cauthor=smart_unicode(item.author.username),
+                pauthor=smart_unicode(item.parent.author.username),
+                qora=(item.parent.node_type == "answer" and _("answer") or _("question"))
+            )