# HG changeset patch # User Paul Boddie # Date 1396383457 -7200 # Node ID f8d989e2f62ff2c58f80e3788a918671262ce74b # Parent 3605eb85d56f6b34ad18816ea105f035747aefd3 Introduced a separate function for Atom/RSS feed data processing. Added rejection of "file:" URLs. diff -r 3605eb85d56f -r f8d989e2f62f MoinShare.py --- a/MoinShare.py Mon Mar 31 23:56:56 2014 +0200 +++ b/MoinShare.py Tue Apr 01 22:17:37 2014 +0200 @@ -182,7 +182,7 @@ class FeedContentTypeError(FeedError): pass -# Feed retrieval from URLs. +# Update retrieval from URLs. def getUpdates(request, feed_url, max_entries, show_content): @@ -197,7 +197,10 @@ returned. """ - feed_updates = [] + # Prevent local file access. + + if feed_url.startswith("file:"): + raise FeedMissingError # Obtain the resource, using a cached version if appropriate. @@ -208,11 +211,34 @@ # Interpret the cached feed. - feed = StringIO(data) - _url, content_type, _encoding, _metadata = getCachedResourceMetadata(feed) + f = StringIO(data) + try: + _url, content_type, _encoding, _metadata = getCachedResourceMetadata(f) + + if content_type in ("application/atom+xml", "application/rss+xml", "application/xml"): + return getUpdatesFromFeed(f, max_entries, show_content) + else: + raise FeedContentTypeError + + finally: + f.close() + +# Update retrieval from feeds. - if content_type not in ("application/atom+xml", "application/rss+xml", "application/xml"): - raise FeedContentTypeError +def getUpdatesFromFeed(feed, max_entries, show_content): + + """ + Retrieve from 'feed' up to the given number 'max_entries' of update entries. + The 'show_content' parameter can indicate that a "summary" is to be obtained + for each update, that the "content" of each update is to be obtained + (falling back to a summary if no content is provided), or no content + (indicated by a false value) is to be obtained. + + A tuple of the form ((feed_type, channel_title, channel_link), updates) is + returned. + """ + + feed_updates = [] try: # Parse each node from the feed.