From 3bb2271850bab577f35291a174b1985aea2b2b55 Mon Sep 17 00:00:00 2001 From: erdgeist Date: Mon, 29 Jun 2026 21:32:32 +0200 Subject: Remove recent_changes RSS feed. It leaks unpublished drafts and the basic auth was only symbolic --- app/controllers/rss_controller.rb | 12 ------------ app/views/rss/recent_changes.xml.builder | 29 ----------------------------- config/routes.rb | 1 - 3 files changed, 42 deletions(-) delete mode 100644 app/views/rss/recent_changes.xml.builder diff --git a/app/controllers/rss_controller.rb b/app/controllers/rss_controller.rb index 489a732..5e29698 100644 --- a/app/controllers/rss_controller.rb +++ b/app/controllers/rss_controller.rb @@ -1,6 +1,5 @@ class RssController < ApplicationController - before_action :authenticate, :only => :recent_changes before_action :get_host def updates @@ -40,18 +39,7 @@ class RssController < ApplicationController end end - def recent_changes - @items = Page.where( - "updated_at < ? AND updated_at > ?", Time.now, Time.now - 14.days - ).limit(20).order("updated_at desc") - end - protected - def authenticate - authenticate_or_request_with_http_basic do |username, password| - username == "recent" && password == "d@t3N+kLAu-23" - end - end def get_host @host = request.protocol + request.host_with_port diff --git a/app/views/rss/recent_changes.xml.builder b/app/views/rss/recent_changes.xml.builder deleted file mode 100644 index cce3b5d..0000000 --- a/app/views/rss/recent_changes.xml.builder +++ /dev/null @@ -1,29 +0,0 @@ -xml.instruct! - -xml.feed(:xmlns => "http://www.w3.org/2005/Atom", "xml:base" => @host) do - xml.title("CCC.de Recent Change") - xml.link(:href => "https://www.ccc.de/") - xml.link(:rel => "self", :href => "/rss/updates.xml") - xml.updated(@items.first.updated_at.xmlschema) - xml.author do - xml.name("Chaos Computer Club e.V.") - end - xml.id("https://www.ccc.de/") - - @items.each do |item| - xml.entry do - xml.title(item.title) - xml.link( - :href => "https://www.ccc.de/#{item.node.unique_path}", - :rel => "alternate" - ) - xml.id(content_url_helper(item.node.unique_path)) - xml.updated(item.updated_at.xmlschema) - xml.content(:type => "text") do - xml.div("changed by #{item.user.login}") - end - end - - end - -end diff --git a/config/routes.rb b/config/routes.rb index 88f49a2..a7775b3 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -70,7 +70,6 @@ Cccms::Application.routes.draw do get 'rss/updates', :to => 'rss#updates', :as => :rss get 'rss/updates.:format', :to => 'rss#updates', :as => :rss_feed, :constraints => { :format => /xml|rdf/ } - get 'rss/recent_changes', :to => 'rss#recent_changes' get 'rss/tags/:tag/updates', :to => 'rss#tag_updates', :as => :rss_tag get 'rss/tags/:tag/updates.:format', :to => 'rss#tag_updates', :as => :rss_tag_feed, :constraints => { :format => /xml/ } -- cgit v1.3