[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

PATCH for template/debian/recent_list.wml (was: Re: rdf files thought)

* Ingrid <alfie@ist.org> [2002-11-20 14:17]:
>  If one knows that script well enought to have a quick solution please
> don't hesitate to step forward.

 Alright, I've done it.

 Please find attached a cvs diff -b for the recent_list.wml file.  It
tackles the following things:

 -) The file isn't parsed twice anymore.  It is slurped into memory once
    and parsed then.  Should reduce disc IO and improve it a little bit.

 -) For we have the content now in one variable the senseless line-loop
    is skipped, which should improve the speed additionally.

 -) We can get rid of the current restriction for the need to have the
    <define-tag> with the closing </define-tag> on the same line. Please
    at least comment on that one for which things this should be done.
    In the patch it is set for most of them (mention the /s modifier to
    the regexp).  But to truly allow multiple line tags I would need to
    check the other templates too, for they are parsed at multiple
    places :-/  Don't you hate redundancy?

 -) And now the real reason for what the above changes were needed:
    The dsa.XX.rdf files now produce a different content.  Where before
    it rendered to something like this:

-------------------> before <-------------------
<item rdf:about="http://www.debian.org/security/2002/dsa-199";>
  <title>DSA-199 mhonarc</title>
  <link>http://www.debian.org/security/2002/dsa-199</link>
  <description>
cross site scripting
  </description>
</item>
-------------------> before <-------------------

    it now renders to something like this:

-------------------> after <-------------------
<item rdf:about="http://www.debian.org/security/2002/dsa-199";>
  <title>DSA-199 mhonarc - cross site scripting</title>
  <link>http://www.debian.org/security/2002/dsa-199</link>
  <description>
<p>Steven Christey discovered a cross site scripting vulnerability in
mhonarc, a mail to HTML converter. Carefully crafted message headers
can introduce cross site scripting when mhonarc is configured to
display all headers lines on the web. However, it is often useful to
restrict the displayed header lines to To, From and Subject, in which
case the vulnerability cannot be exploited.</p>
<p>This problem has been fixed in version 2.5.2-1.2 for the current
stable distribution (woody), in version 2.4.4-1.2 for the old stable
distribution (potato) and in version 2.5.13-1 for the unstable
distribution (sid).</p>
<p>We recommend that you upgrade your mhonarc package.</p>
  </description>
</item>
-------------------> after <-------------------

 I personally think that this makes *much* more sense.  This also lines
up better with what we have on the index-pages anyway, the title has the
same format as for those now.  And the description is really the
description.

 I have test-rendered the main index.{en,de}.html pages, the
events/2002/ index pages for english and german and the dsa rdf files
for english and german, haven't noticed any problem with this patch.

 But before committing it I hand it to you to proofread it first.
Alfie
-- 
"Ist es normal, nur weil alle es tun?"
                                  -- Die Fantastischen 4, "Ganz Normal"

Index: recent_list.wml
===================================================================
RCS file: /cvs/webwml/webwml/english/template/debian/recent_list.wml,v
retrieving revision 1.102
diff -u -b -r1.102 recent_list.wml
--- recent_list.wml	1 Nov 2002 13:16:30 -0000	1.102
+++ recent_list.wml	21 Nov 2002 10:23:33 -0000
@@ -138,33 +138,45 @@
   open FILE, "$year/$file" or open FILE, "$year/$trans_title" or open FILE, "$eng_dir/$year/$file" or warn "couldn't open $eng_dir/$year/$file: $!\n";
   $base = $1 if ($file =~ /($match).wml/);
   my $event = '';
+
+  my $content;
+  {
+    local $/;
+    $content = <FILE>;
+    seek FILE, 0, SEEK_SET;
+  }
+
   if ($WML_SRC_DIRNAME =~ /events/) { # shouldn't waste time if it's not events
     $is_events = 1;
 <protect pass=2>
-    foreach (<FILE>) {
-      if (/^#use wml::debian::past_event$/) {
+    if ($content =~ /^#use wml::debian::past_event$/m) {
         $event = "past";
-      } elsif (/^#use wml::debian::event$/) {
+    } elsif ($content =~ /^#use wml::debian::event$/m) {
         $event = "current";
       }
-    }
 </protect>
-    seek FILE, 0, SEEK_SET;
   }
-#  warn (stat FILE)[7]; warn "\n";
+
   $title = ''; $date = ''; $rdate = ''; $desc = ''; $status = ''; $where = '';
+  $moreinfo = '';
 <protect pass=2>
-  foreach $line (<FILE>) {
-       if ($line =~ /^<define-tag pagetitle>\s*(.*)\s*<\/define-tag>$/) { $title = qq/$1/; }   # all
-    elsif ($line =~ /^<define-tag release_date>(.*)<\/define-tag>$/) { $date = qq/$1/; } # News
-    elsif ($line =~ /^<define-tag where>(.*)<\/define-tag>$/) { $where = qq/$1/; }       # events
-    elsif ($line =~ /^<define-tag date>(.*)<\/define-tag>$/) { $date = qq/$1/; }         # events
-    elsif ($line =~ /^<define-tag description>(.*)<\/define-tag>$/) { $desc = qq/$1/; }  # security
-    elsif ($line =~ /^<define-tag status>(.*)<\/define-tag>$/) { $status = qq/$1/; }     # vote
+  if ($content =~ /^<define-tag pagetitle>\s*(.*?)\s*<\/define-tag>$/ms) {
+    $title = qq/$1/; }      # all
+  if ($content =~ /^<define-tag release_date>(.*?)<\/define-tag>$/ms) {
+    $date = qq/$1/; }       # News
+  if ($content =~ /^<define-tag where>(.*?)<\/define-tag>$/ms) {
+    $where = qq/$1/; }      # events
+  if ($content =~ /^<define-tag date>(.*?)<\/define-tag>$/ms) {
+    $date = qq/$1/; }       # events
+  if ($content =~ /^<define-tag description>(.*?)<\/define-tag>$/ms) {
+    $desc = qq/$1/; }       # security
+  if ($content =~ /^<define-tag moreinfo>(.*?)<\/define-tag>$/ms) {
+    $moreinfo = qq/$1/; }   # security
+  if ($content =~ /^<define-tag status>(.*?)<\/define-tag>$/ms) {
+    $status = qq/$1/; }     # vote
 </protect>
     if ($title && $date && $where) { # for events/
       $str1 = "$elemhead<tt>[$date]</tt>$elemdate <strong><a href=\"$year/$base\">$title</a></strong>, $elemfoot$where<br />$elemrealfoot\n";
-      last;
     }
     elsif ($desc) { # for security/
       open DATAFILE, "$eng_dir/$year/$base.data" or warn "couldn't open $eng_dir/$year/$base.data: $!\n";
@@ -181,22 +193,20 @@
       if ($format =~ rdf) {
         $str1 = "
 <item rdf:about=\"http://www.debian.org/security/$year/$base\";>
-  <title>$title</title>
+  <title>$title - $desc</title>
   <link>http://www.debian.org/security/$year/$base</link>
   <description>
-$desc
+$moreinfo
   </description>
 </item>
 ";
       } else {
         $str1 = "$elemhead<tt>[$rdate]</tt> <strong><a href=\"$year/$base\">$title</a></strong> $elemfoot$desc<br />$elemrealfoot\n";
       }
-      last;
     }
     elsif ($title && $date && !$is_events) { # for News/ and not events/
       $date = newsdate($date);
       $str1 = "$elemhead<tt>[$date]</tt> <strong><a href=\"$year/$base\">$title</a></strong><br />$elemrealfoot\n";
-      last;
     }
     elsif ($title && $status) { # for vote/
       $str1 = "$elemhead<a href=\"$year/$base\">$title</a> &mdash; ";
@@ -207,10 +217,7 @@
       elsif ( $status eq "W" ) { $str1 .= "<withdrawn/>"; }
       else { $str1 .= "$status"; }
       $str1 .= "<br />$elemrealfoot\n";
-      last;
     }
-  } # for each line in file
-  close FILE;
 
   if ($event ne "") { # this file was for an event
        if ( $event eq "past" ) { $over .= $str1; }

Attachment: pgpbbhWnRTuhk.pgp
Description: PGP signature

Reply to: