Changeset 1231


Ignore:
Timestamp:
Oct 18, 2008, 7:19:22 PM (13 years ago)
Author:
Dominic Hargreaves
Message:

Correctly validate web site URLs during edit and display,
and truncate URLs that are too long (fixes #21)

Location:
trunk
Files:
7 edited

Legend:

Unmodified
Added
Removed
  • trunk/Build.PL

    r1224 r1231  
    266266}
    267267close FILE or die "Can't close wiki.conf: $!";
    268 
    269 #####
    270 ##### When updating the prereqs PLEASE REMEMBER to update PREREQUISITES.
    271 #####
    272268
    273269# We currently only support Plucene for new installs, but may support
     
    314310        'URI::Escape'                         => 0,
    315311        'XML::RSS'                            => 0,
     312        'Data::Validate::URI'                 => 0,
    316313        },
    317314    build_requires => {
     
    322319        },
    323320    recommends => {
    324         'DBD::SQLite'         => 0, # for testing
    325         'Test::HTML::Content' => 0, # for testing, oddly enough
     321        'DBD::SQLite'                         => 0, # for testing
     322        'Test::HTML::Content'                 => 0, # for testing, oddly enough
    326323        'Wiki::Toolkit::Plugin::Ping' => 0, # for pinging external services
    327324        'Geo::HelmertTransform'  => 0,      # for correct WGS84 lat/long
  • trunk/Changes

    r1228 r1231  
    99        Metadata discovery features (action=metadata)
    1010        JSON support for node details and metatdata discovery
     11        Correctly validate web site URLs during edit and display,
     12        and truncate URLs that are too long (#21)
    1113
    12140.63    16 August 2008
  • trunk/lib/OpenGuides/Config.pm

    r1207 r1231  
    2626   enable_node_image enable_common_categories enable_common_locales
    2727   spam_detector_module host_checker_module static_path static_url
    28    send_moderation_notifications
     28   send_moderation_notifications website_link_max_chars
    2929);
    3030my @questions = map { $_ . "__qu" } @variables;
     
    115115                     host_checker_module => "",
    116116                     static_path => "/usr/local/share/openguides/static",
    117                      send_moderation_notifications => 1
     117                     send_moderation_notifications => 1,
     118                     website_link_max_chars => 20,
    118119                   );
    119120
     
    200201        static_path => "What directory should we install static content (CSS, images, javascript) to?",
    201202        static_url => "What is the URL corresponding to the static content?",
    202         send_moderation_notifications => "Should we send email notifications when a moderated node is edited?"
     203        send_moderation_notifications => "Should we send email notifications when a moderated node is edited?",
     204        website_link_max_chars => "How many characters of the URL of node websites should be displayed?",
    203205    );
    204206
     
    335337=item * send_moderation_notifications
    336338
     339=item * website_link_max_chars (default: C<20>)
     340
    337341=back
    338342
  • trunk/lib/OpenGuides/Template.pm

    r1105 r1231  
    1313use Template;
    1414use URI::Escape;
     15use Data::Validate::URI qw( is_web_uri );
    1516
    1617=head1 NAME
     
    348349    } @loclist;
    349350
    350     # The 'website' attribute might contain a URL so we wiki-format it here
    351     # rather than just CGI::escapeHTMLing it all in the template.
    352351    my $website = $args{metadata} ? $metadata{website}[0]
    353352                                  : $q->param("website");
    354353    my $formatted_website_text = "";
    355     if ( $website && $website ne "http://" ) {
    356         $formatted_website_text = $class->format_website_text(
    357             formatter => $formatter,
    358             text      => $website
    359         );
     354    if ( $website && $website ne "http://" && is_web_uri( $website ) ) {
     355        my $trunc_website = substr( $website, 0, $config->website_link_max_chars );
     356        unless ($website eq $trunc_website ) {
     357            $trunc_website .= '...';
     358        }
     359        $formatted_website_text = '<a href="' . $website . '">' . $trunc_website . '</a>';
    360360    }
    361361
     
    583583}
    584584
    585 sub format_website_text {
    586     my ($class, %args) = @_;
    587     my ($formatter, $text) = @args{ qw( formatter text ) };
    588     my $formatted = $formatter->format($text);
    589 
    590     # Strip out paragraph markers put in by formatter since we want this
    591     # to be a single string to put in a <ul>.
    592     $formatted =~ s/<p>//g;
    593     $formatted =~ s/<\/p>//g;
    594 
    595     return $formatted;
    596 }
    597 
    598 
    599585=back
    600586
     
    605591=head1 COPYRIGHT
    606592
    607   Copyright (C) 2003-2007 The OpenGuides Project.  All Rights Reserved.
     593  Copyright (C) 2003-2008 The OpenGuides Project.  All Rights Reserved.
    608594
    609595This module is free software; you can redistribute it and/or modify it
  • trunk/lib/OpenGuides/Utils.pm

    r1163 r1231  
    1111use URI::Escape;
    1212use MIME::Lite;
     13use Data::Validate::URI qw( is_web_uri );
    1314
    1415=head1 NAME
     
    377378
    378379    # Now do our real validation
    379     # Numeric tests
    380380    foreach my $var (qw(os_x os_y)) {
    381381        if ($q->param($var) and $q->param($var) !~ /^-?\d+$/) {
     
    387387        if ($q->param($var) and $q->param($var) !~ /^-?\d+\.?(\d+)?$/) {
    388388            push @fails, "$var must be numeric, was: " . $q->param($var);
     389        }
     390    }
     391
     392    if ( $q->param('website') and $q->param('website') ne 'http://' ) {
     393        unless ( is_web_uri( $q->param('website') ) ) {
     394            push @fails, $q->param('website') . ' is not a valid web URI';
    389395        }
    390396    }
  • trunk/t/21_rdf.t

    r1168 r1231  
    5555        locales            => "Bloomsbury\r\nSt Pancras",
    5656        phone              => "test phone number",
    57         website            => "test website",
     57        website            => "http://example.com",
    5858        hours_text         => "test hours",
    5959        latitude           => "51.524193",
     
    7171        locales            => "Bloomsbury\r\nSt Pancras",
    7272        phone              => "test phone number",
    73         website            => "test website",
     73        website            => "http://example.com",
    7474        hours_text         => "test hours",
    7575        latitude           => "51.524193",
     
    9696    "picks up opening hours text" );
    9797
    98 like( $rdfxml, qr|<foaf:homepage rdf:resource="test website" />|, "picks up website" );
     98like( $rdfxml, qr|<foaf:homepage rdf:resource="http://example.com" />|, "picks up website" );
    9999
    100100like( $rdfxml,
  • trunk/t/68_bug_website_displayed.t

    r956 r1231  
    1111}
    1212
    13 plan tests => 1;
     13plan tests => 2;
    1414
    1515Wiki::Toolkit::Setup::SQLite::cleardb( { dbname => "t/node.db" } );
     
    1818my $guide = OpenGuides->new( config => $config );
    1919
    20 $guide->wiki->write_node( "South Croydon Station", "A sleepy main-line station in what is arguably the nicest part of Croydon.", undef, { website => "http://www.example.com/" } ) or die "Couldn't write node";
     20$guide->wiki->write_node( "South Croydon Station", "A sleepy main-line station in what is arguably the nicest part of Croydon.", undef, { website => "http://example.com/" } ) or die "Couldn't write node";
     21$guide->wiki->write_node( "North Croydon Station", "A busy main-line station in what is arguably the furthest North part of Croydon.", undef, { website => "http://longer.example.com/asdfasdf" } ) or die "Couldn't write node";
    2122
    2223my $output = $guide->display_node(
     
    2425                                     return_output => 1,
    2526                                 );
    26 like( $output, qr#Website:</span> <span class="url"><a href="http://www.example.com/">http://www.example.com/</a>#, "website correctly displayed" );
     27like( $output, qr#Website:</span> <span class="url"><a href="http://example.com/">http://example.com/</a>#, "website correctly displayed" );
    2728
     29$output = $guide->display_node(   
     30                                    id => "North Croydon Station",
     31                                    return_output => 1,
     32                              );
     33
     34like( $output, qr#Website:</span> <span class="url"><a href="http://longer.example.com/asdfasdf">http://longer.exampl...</a>#, "website correctly truncated" );
Note: See TracChangeset for help on using the changeset viewer.