Author: dom Date: 2008-10-18 19:19:22 +0100 (Sat, 18 Oct 2008) New Revision: 1231

Modified: trunk/Build.PL trunk/Changes trunk/lib/OpenGuides/Config.pm trunk/lib/OpenGuides/Template.pm trunk/lib/OpenGuides/Utils.pm trunk/t/21_rdf.t trunk/t/68_bug_website_displayed.t Log: Correctly validate web site URLs during edit and display, and truncate URLs that are too long (fixes #21)

Modified: trunk/Build.PL =================================================================== --- trunk/Build.PL 2008-10-18 15:35:27 UTC (rev 1230) +++ trunk/Build.PL 2008-10-18 18:19:22 UTC (rev 1231) @@ -266,10 +266,6 @@ } close FILE or die "Can't close wiki.conf: $!";

-##### -##### When updating the prereqs PLEASE REMEMBER to update PREREQUISITES. -##### - # We currently only support Plucene for new installs, but may support # others in future my $search_module = $use_plucene ? "Plucene" : "Search::InvertedIndex"; @@ -313,6 +309,7 @@ 'Time::Piece' => 0, 'URI::Escape' => 0, 'XML::RSS' => 0, + 'Data::Validate::URI' => 0, }, build_requires => { 'Module::Build' => '0.26', # API change for accessing config data @@ -321,8 +318,8 @@ 'Data::Dumper' => 0, }, recommends => { - 'DBD::SQLite' => 0, # for testing - 'Test::HTML::Content' => 0, # for testing, oddly enough + 'DBD::SQLite' => 0, # for testing + 'Test::HTML::Content' => 0, # for testing, oddly enough 'Wiki::Toolkit::Plugin::Ping' => 0, # for pinging external services 'Geo::HelmertTransform' => 0, # for correct WGS84 lat/long # when using grid systems

Modified: trunk/Changes =================================================================== --- trunk/Changes 2008-10-18 15:35:27 UTC (rev 1230) +++ trunk/Changes 2008-10-18 18:19:22 UTC (rev 1231) @@ -8,6 +8,8 @@ Fix some broken POD (#246) Metadata discovery features (action=metadata) JSON support for node details and metatdata discovery + Correctly validate web site URLs during edit and display, + and truncate URLs that are too long (#21)

0.63 16 August 2008 Major overhaul of RDF output.

Modified: trunk/lib/OpenGuides/Config.pm =================================================================== --- trunk/lib/OpenGuides/Config.pm 2008-10-18 15:35:27 UTC (rev 1230) +++ trunk/lib/OpenGuides/Config.pm 2008-10-18 18:19:22 UTC (rev 1231) @@ -25,7 +25,7 @@ licence_name licence_url licence_info_url moderation_requires_password enable_node_image enable_common_categories enable_common_locales spam_detector_module host_checker_module static_path static_url - send_moderation_notifications + send_moderation_notifications website_link_max_chars ); my @questions = map { $_ . "__qu" } @variables; OpenGuides::Config->mk_accessors( @variables ); @@ -114,7 +114,8 @@ spam_detector_module => "", host_checker_module => "", static_path => "/usr/local/share/openguides/static", - send_moderation_notifications => 1 + send_moderation_notifications => 1, + website_link_max_chars => 20, );

# See if we already have some config variables set. @@ -199,7 +200,8 @@ host_checker_module => "What module would you like to use to run an IP blacklist? (optional)", static_path => "What directory should we install static content (CSS, images, javascript) to?", static_url => "What is the URL corresponding to the static content?", - send_moderation_notifications => "Should we send email notifications when a moderated node is edited?" + send_moderation_notifications => "Should we send email notifications when a moderated node is edited?", + website_link_max_chars => "How many characters of the URL of node websites should be displayed?", );

foreach my $var ( keys %questions ) { @@ -334,6 +336,8 @@

=item * send_moderation_notifications

+=item * website_link_max_chars (default: C<20>) + =back

=head1 AUTHOR

Modified: trunk/lib/OpenGuides/Template.pm =================================================================== --- trunk/lib/OpenGuides/Template.pm 2008-10-18 15:35:27 UTC (rev 1230) +++ trunk/lib/OpenGuides/Template.pm 2008-10-18 18:19:22 UTC (rev 1231) @@ -12,6 +12,7 @@ use OpenGuides::CGI; use Template; use URI::Escape; +use Data::Validate::URI qw( is_web_uri );

=head1 NAME

@@ -347,16 +348,15 @@ }; } @loclist;

- # The 'website' attribute might contain a URL so we wiki-format it here - # rather than just CGI::escapeHTMLing it all in the template. my $website = $args{metadata} ? $metadata{website}[0] : $q->param("website"); my $formatted_website_text = ""; - if ( $website && $website ne "http://" ) { - $formatted_website_text = $class->format_website_text( - formatter => $formatter, - text => $website - ); + if ( $website && $website ne "http://" && is_web_uri( $website ) ) { + my $trunc_website = substr( $website, 0, $config->website_link_max_chars ); + unless ($website eq $trunc_website ) { + $trunc_website .= '...'; + } + $formatted_website_text = '<a href="' . $website . '">' . $trunc_website . '</a>'; }

my $hours_text = $args{metadata} ? $metadata{opening_hours_text}[0] @@ -582,20 +582,6 @@ return %vars; }

-sub format_website_text { - my ($class, %args) = @_; - my ($formatter, $text) = @args{ qw( formatter text ) }; - my $formatted = $formatter->format($text); - - # Strip out paragraph markers put in by formatter since we want this - # to be a single string to put in a <ul>. - $formatted =~ s/<p>//g; - $formatted =~ s/</p>//g; - - return $formatted; -} - - =back

=head1 AUTHOR @@ -604,7 +590,7 @@

=head1 COPYRIGHT

- Copyright (C) 2003-2007 The OpenGuides Project. All Rights Reserved. + Copyright (C) 2003-2008 The OpenGuides Project. All Rights Reserved.

This module is free software; you can redistribute it and/or modify it under the same terms as Perl itself.

Modified: trunk/lib/OpenGuides/Utils.pm =================================================================== --- trunk/lib/OpenGuides/Utils.pm 2008-10-18 15:35:27 UTC (rev 1230) +++ trunk/lib/OpenGuides/Utils.pm 2008-10-18 18:19:22 UTC (rev 1231) @@ -10,6 +10,7 @@ use Wiki::Toolkit::Plugin::RSS::Reader; use URI::Escape; use MIME::Lite; +use Data::Validate::URI qw( is_web_uri );

=head1 NAME

@@ -376,7 +377,6 @@ return @fails if @fails;

# Now do our real validation - # Numeric tests foreach my $var (qw(os_x os_y)) { if ($q->param($var) and $q->param($var) !~ /^-?\d+$/) { push @fails, "$var must be integer, was: " . $q->param($var); @@ -389,6 +389,12 @@ } }

+ if ( $q->param('website') and $q->param('website') ne 'http://' ) { + unless ( is_web_uri( $q->param('website') ) ) { + push @fails, $q->param('website') . ' is not a valid web URI'; + } + } + return @fails;

};

Modified: trunk/t/21_rdf.t =================================================================== --- trunk/t/21_rdf.t 2008-10-18 15:35:27 UTC (rev 1230) +++ trunk/t/21_rdf.t 2008-10-18 18:19:22 UTC (rev 1231) @@ -54,7 +54,7 @@ postcode => "WC1X 8JR", locales => "Bloomsbury\r\nSt Pancras", phone => "test phone number", - website => "test website", + website => "http://example.com", hours_text => "test hours", latitude => "51.524193", longitude => "-0.114436", @@ -70,7 +70,7 @@ postcode => "WC1X 8JR", locales => "Bloomsbury\r\nSt Pancras", phone => "test phone number", - website => "test website", + website => "http://example.com", hours_text => "test hours", latitude => "51.524193", longitude => "-0.114436", @@ -95,7 +95,7 @@ like( $rdfxml, qr|dc:availabletest hours</dc:available>|, "picks up opening hours text" );

-like( $rdfxml, qr|<foaf:homepage rdf:resource="test website" />|, "picks up website" ); +like( $rdfxml, qr|<foaf:homepage rdf:resource="http://example.com" />|, "picks up website" );

like( $rdfxml, qr|dc:titleWiki::Toolkit Test Site: Calthorpe Arms</dc:title>|,

Modified: trunk/t/68_bug_website_displayed.t =================================================================== --- trunk/t/68_bug_website_displayed.t 2008-10-18 15:35:27 UTC (rev 1230) +++ trunk/t/68_bug_website_displayed.t 2008-10-18 18:19:22 UTC (rev 1231) @@ -10,18 +10,25 @@ plan skip_all => "DBD::SQLite could not be used - no database to test with ($error)"; }

-plan tests => 1; +plan tests => 2;

Wiki::Toolkit::Setup::SQLite::cleardb( { dbname => "t/node.db" } ); Wiki::Toolkit::Setup::SQLite::setup( { dbname => "t/node.db" } ); my $config = OpenGuides::Test->make_basic_config; my $guide = OpenGuides->new( config => $config );

-$guide->wiki->write_node( "South Croydon Station", "A sleepy main-line station in what is arguably the nicest part of Croydon.", undef, { website => "http://www.example.com/" } ) or die "Couldn't write node"; +$guide->wiki->write_node( "South Croydon Station", "A sleepy main-line station in what is arguably the nicest part of Croydon.", undef, { website => "http://example.com/" } ) or die "Couldn't write node"; +$guide->wiki->write_node( "North Croydon Station", "A busy main-line station in what is arguably the furthest North part of Croydon.", undef, { website => "http://longer.example.com/asdfasdf" } ) or die "Couldn't write node";

my $output = $guide->display_node( id => "South Croydon Station", return_output => 1, ); -like( $output, qr#Website:</span> <span class="url"><a href="http://www.example.com/">http://www.example.com/</a>#, "website correctly displayed" ); +like( $output, qr#Website:</span> <span class="url"><a href="http://example.com/">http://example.com/</a>#, "website correctly displayed" );

+$output = $guide->display_node( + id => "North Croydon Station", + return_output => 1, + ); + +like( $output, qr#Website:</span> <span class="url"><a href="http://longer.example.com/asdfasdf">http://longer.exampl...</a>#, "website correctly truncated" );