
Create or edit an RSS feed generation request. Technically we only need to require either subscr_id or folder_id. When subscr_id is passed in, any passed-in folder_id will get overwritten by the select query. This provides a safeguard against url surgery. Security: OpenACS ensures that the user has admin permission on this package instance. However, we can't trust the incoming subscription_id or folder_id. RSS feed requests (subscrs) are placed in the permission context of the folder being summarizing, so permission checks can be done against either the folder_id or subscr_id.


Related Files

[ hide source ]

File Contents

ad_page_contract {

    Create or edit an RSS feed generation request.
    Technically we only need to require either subscr_id or
    folder_id.  When subscr_id is passed in, any passed-in folder_id
    will get overwritten by the select query.  This provides a
    safeguard against url surgery.

    Security: OpenACS ensures that the user has admin permission on this
    package instance.  However, we can't trust the incoming subscription_id
    or folder_id.

    RSS feed requests (subscrs) are placed in the permission context of the
    folder being summarizing, so permission checks can be done against either
    the folder_id or subscr_id.

} {

set folder_name [fs_get_folder_name $folder_id]
set system_name [ad_system_name]

ad_form -name rss -form {
        {label {Short Name}}
        {html {size 25 maxlen 80}}
        {help_text {This name is displayed next to the XML button on folder contents page.  Example: "Recent files feed"}}
        {label {Full Feed Title}}
        {html {size 50 maxlen 200}}
        {help_text {The full feed title that will be displayed in a newsreader.  Example: "Recent files in the Contributed Documentation folder on"}}
        {label {Max Items}}
        {html {size 3 maxlen 3}}
        {help_text {How many items should appear, at most, in the feed?}}
        {label {Include sub-folders}}
        {options {{Yes t} {No f}}}
        {label {Include revisions}}
        {options {{Yes t} {No f}}}
        {label {Enclosure match patterns}}
        {help_text {Enable auto-downloading for some or all files.  We'll create an <a href="">RSS enclosure</a> if the filename matches one of these patterns.  Leave empty for no enclosures, set to * for all files, set to *.mp3 for just files with an mp3 extension.}}
} -on_request {
} -new_request {
    set descend_p f
    set include_revisions_p f
    set feed_title "$folder_name on $system_name"
    set max_items 15
} -select_query "
    [db_map select_query]
" -new_data {
    #Protection against URL surgery.
    permission::require_permission -object_id $folder_id -privilege admin
    set fs_rss_impl_id [acs_sc::impl::get_id -owner "file-storage" -name fs_rss]
    set user_id [ad_conn user_id]
    set peeraddr [ad_conn peeraddr]
    set subscr_id [db_exec_plsql create_subscr {}]
} -edit_data {
    #Protection against URL surgery.
    permission::require_permission -object_id $folder_id -privilege admin
    db_dml update_subscr {}
} -after_submit {
    rss_gen_report $subscr_id
    ad_returnredirect rss-subscrs?folder_id=$folder_id

if { ![ad_form_new_p -key subscr_id] } {
    template::form get_values rss folder_id

set root_folder_id [fs_get_root_folder -package_id [ad_conn package_id]]
set context [fs_context_bar_list -root_folder_id $root_folder_id $folder_id]

# Local variables:
#    mode: tcl
#    tcl-indent-level: 4
#    indent-tabs-mode: nil
# End: