fixed feed sanitation issues, and failing redirection tests from the …

…article controller change git-svn-id: http://svn.techno-weenie.net/projects/mephisto/trunk@2323 567b1171-46fb-0310-a4c9-b4bef9110e78
seanhess · Oct 4, 2006 · 88df87e · 88df87e
1 parent f61399b
commit 88df87e
Show file tree

Hide file tree

Showing 7 changed files with 18 additions and 19 deletions.
diff --git a/app/filters/drop_filters.rb b/app/filters/drop_filters.rb
@@ -31,14 +31,14 @@ def monthly_articles(section, date = nil)
   end
 
   def tagged_articles(tags)
-    @context['site'].source.articles.find(:all, :include => :tags, :conditions => ['tags.name in (?)', Tag.parse(tags)], :order => 'contents.created_at desc').collect(&:to_liquid)
+    @context['site'].source.articles.find(:all, :include => :tags, :conditions => ['tags.name in (?)', Tag.parse(tags)], :order => 'contents.created_at desc').collect!(&:to_liquid)
   end
 
   def assets_by_type(type)
-    @context['site'].source.assets.find_all_by_content_types([type.to_sym], :all, :order => 'created_at desc').collect(&:to_liquid)
+    @context['site'].source.assets.find_all_by_content_types([type.to_sym], :all, :order => 'created_at desc').collect!(&:to_liquid)
   end
 
   def tagged_assets(tags)
-    @context['site'].source.assets.find(:all, :include => :tags, :conditions => ['tags.name in (?)', Tag.parse(tags)], :order => 'assets.created_at desc').collect(&:to_liquid)
+    @context['site'].source.assets.find(:all, :include => :tags, :conditions => ['tags.name in (?)', Tag.parse(tags)], :order => 'assets.created_at desc').collect!(&:to_liquid)
   end
 end
diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb
@@ -71,8 +71,9 @@ def comment_expiration_options
      ['Expire 3 months after publishing',     90]]
   end
 
-  def sanitize_feed_content(html)
-    returning h(white_list(html)) do |html|
+  def sanitize_feed_content(html, sanitize_tables = false)
+    options = sanitize_tables ? {:tags => %w(table thead tfoot tbody td tr th)} : {}
+    returning h(white_list(html, options)) do |html|
       html.gsub! /&amp;(#\d+);/ do |s|
         "&#{$1};"
       end

diff --git a/app/views/feed/_comment.rxml b/app/views/feed/_comment.rxml
@@ -11,5 +11,5 @@ xm.entry 'xml:base' => home_url do
   xm.link "rel" => "alternate", "type" => "text/html",
     "href" => "http://#{request.host_with_port}#{request.relative_url_root}#{site.permalink_for(article)}"
   xm.title "Comment on '#{strip_tags(article.title)}' by #{comment.author}"
-  xm << %{<content type="html">#{sanitize_feed_content comment.body_html}</content>}
+  xm << %{<content type="html">#{sanitize_feed_content comment.body_html, true}</content>}
 end
diff --git a/app/views/mephisto/_comment.rxml b/app/views/mephisto/_comment.rxml
@@ -10,5 +10,5 @@ xm.entry 'xml:base' => home_url do
   end
   xm.link "rel" => "alternate", "type" => "text/html", "href" => "http://#{request.host_with_port}#{site.permalink_for(article)}"
   xm.title "Comment on '#{strip_tags(article.title)}' by #{comment.author}"
-  xm << %{<content type="html">#{sanitize_feed_content comment.body_html}</content>}
+  xm << %{<content type="html">#{sanitize_feed_content comment.body_html, true}</content>}
 end
diff --git a/db/schema.rb b/db/schema.rb
@@ -79,8 +79,8 @@
     t.column "author_email",   :string
     t.column "author_ip",      :string,   :limit => 100
     t.column "comments_count", :integer,                 :default => 0
-    t.column "version",        :integer
     t.column "updater_id",     :integer
+    t.column "version",        :integer
     t.column "site_id",        :integer
     t.column "approved",       :boolean,                 :default => false
     t.column "comment_age",    :integer,                 :default => 0
@@ -91,11 +91,11 @@
 
   create_table "events", :force => true do |t|
     t.column "mode",       :string
+    t.column "user_id",    :integer
     t.column "article_id", :integer
     t.column "title",      :text
     t.column "body",       :text
     t.column "created_at", :datetime
-    t.column "user_id",    :integer
     t.column "author",     :string,   :limit => 100
     t.column "comment_id", :integer
     t.column "site_id",    :integer

diff --git a/test/actor.rb b/test/actor.rb
@@ -52,7 +52,7 @@ def update_template(template, data)
 
       def revise(article, contents)
         post "/admin/articles/update/#{article.id}", to_article_params(article, contents.is_a?(Hash) ? contents : {:body => contents})
-        assert_redirected_to "/admin/articles"
+        assert_redirected_to "/admin/articles/edit/#{assigns(:article).id}"
       end
 
       def remove_article(article)
@@ -62,7 +62,7 @@ def remove_article(article)
 
       def create(params)
         post '/admin/articles/create', to_article_params(params)
-        assert_redirected_to "/admin/articles"
+        assert_redirected_to "/admin/articles/edit/#{assigns(:article).id}"
       end
 
       private

diff --git a/test/functional/admin/articles_controller_test.rb b/test/functional/admin/articles_controller_test.rb
@@ -87,7 +87,7 @@ def test_should_create_article
       assert_difference Article, :count do
         post :create, :article => { :title => "My Red Hot Car", :excerpt => "Blah Blah", :body => "Blah Blah",
           'published_at(1i)' => '2005', 'published_at(2i)' => '1', 'published_at(3i)' => '1', 'published_at(4i)' => '10' }, :submit => :save
-        assert_redirected_to :action => 'index'
+        assert_redirected_to :action => 'edit', :id => assigns(:article)
         assert  assigns(:article).published?
         assert_equal Time.local(2005, 1, 1, 9, 0, 0).utc, assigns(:article).published_at
         assert !assigns(:article).new_record?
@@ -188,35 +188,33 @@ def test_edit_form_should_have_correct_post_action
   def test_should_update_article_with_correct_time
     Time.mock! Time.local(2005, 1, 1, 12, 0, 0) do
       post :update, :id => contents(:welcome).id, :article => { 'published_at(1i)' => '2005', 'published_at(2i)' => '1', 'published_at(3i)' => '1', 'published_at(4i)' => '10' }
-      assert_redirected_to :action => 'index'
       assert  assigns(:article).published?
       assert_equal Time.local(2005, 1, 1, 9, 0, 0).utc, assigns(:article).published_at
     end
   end
 
   def test_should_create_article_with_given_sections
     post :create, :article => { :title => "My Red Hot Car", :excerpt => "Blah Blah", :body => "Blah Blah", :section_ids => [sections(:home).id.to_s] }, :submit => :save
-    assert_redirected_to :action => 'index'
+    assert_redirected_to :action => 'edit', :id => assigns(:article).id
     assert_equal [sections(:home)], assigns(:article).sections
   end
 
   def test_should_update_article_with_no_sections
     post :update, :id => contents(:welcome).id, :article => { :title => "My Red Hot Car", :excerpt => "Blah Blah", :body => "Blah Blah", :section_ids => [] }, :submit => :save
-    assert_redirected_to :action => 'index'
+    assert_redirected_to :action => 'edit', :id => assigns(:article).id
     assert_equal [], assigns(:article).sections
   end
 
   def test_should_update_article_with_the_same_sections
     post :update, :id => contents(:welcome).id, :article => { :title => "My Red Hot Car", :excerpt => "Blah Blah", :body => "Blah Blah",
       :section_ids => [sections(:home), sections(:about)].map { |s| s.id.to_s } }, :submit => :save
-    assert_redirected_to :action => 'index'
+    assert_redirected_to :action => 'edit', :id => assigns(:article).id
     assert_equal [sections(:about), sections(:home)], assigns(:article).sections
   end
 
   def test_should_create_edit_event
     assert_event_created_for :welcome, 'edit' do |article|
       post :update, :id => article.id, :article_published => true, :article => { :title => "My Red Hot Car", :published_at => 5.days.ago }, :submit => :save
-      assert_redirected_to :action => 'index'
       assert !assigns(:article).new_record?
       assert  assigns(:article).published?
     end
@@ -226,7 +224,7 @@ def test_should_update_article_with_given_sections
     login_as :arthur
     assert_difference AssignedSection, :count, -1 do
       post :update, :id => contents(:welcome).id, :article => { :title => "My Red Hot Car", :excerpt => "Blah Blah", :body => "Blah Blah", :section_ids => [sections(:home).id] }, :submit => :save
-      assert_redirected_to :action => 'index'
+      assert_redirected_to :action => 'edit', :id => assigns(:article).id
       assert_equal [sections(:home)], assigns(:article).sections
       assert_equal users(:arthur),    assigns(:article).updater
     end
@@ -282,7 +280,7 @@ def test_should_create_article_draft
     assert_difference Article, :count do
       post :create, :article => { :title => "My Red Hot Car", :excerpt => "Blah Blah", :body => "Blah Blah", :published_at => 5.days.ago }, :draft => '1'
       assert_nil @controller.params['published_at']
-      assert_redirected_to :action => 'index'
+      assert_redirected_to :action => 'edit', :id => assigns(:article).id
       assert !assigns(:article).new_record?
       assert !assigns(:article).published?
       assert_nil assigns(:article).published_at