Merge pull request #608 from poppastring/security-fix-rss-category

poppastring · web-flow · commit 423546c912ee · 2022-01-21T22:14:14.000-05:00
RSS category security fix
diff --git a/source/DasBlog.Web.UI/Controllers/FeedController.cs b/source/DasBlog.Web.UI/Controllers/FeedController.cs
@@ -41,24 +41,27 @@ public IActionResult Rss()
 				memoryCache.Set(CACHEKEY_RSS, rss, SiteCacheSettings());
 			}
 
-			logger.LogInformation(new EventDataItem(EventCodes.RSS, null, "RSS request"));
-
 			return Ok(rss);
         }
 
 		[Produces("text/xml")]
 		[HttpGet("feed/rss/{category}"), HttpHead("feed/rss/{category}")]
         public IActionResult RssByCategory(string category)
         {
-
 			if (!memoryCache.TryGetValue(CACHEKEY_RSS + "_" + category, out RssRoot rss))
 			{
 				rss = subscriptionManager.GetRssCategory(category);
 
-				memoryCache.Set(CACHEKEY_RSS + "_" + category, rss, SiteCacheSettings());
+				if (rss.Channels[0]?.Items?.Count > 0)
+				{
+					memoryCache.Set(CACHEKEY_RSS + "_" + category, rss, SiteCacheSettings());
+				}
 			}
 
-			logger.LogInformation(new EventDataItem(EventCodes.RSS, null, "RSS category request: '{0}'", category));
+			if(rss.Channels[0]?.Items?.Count == 0)
+			{
+				return NoContent();
+			}
 
 			return Ok(rss);
         }
@@ -106,8 +109,6 @@ public async Task<IActionResult> BloggerPost()
 				logger.LogError(new EventDataItem(EventCodes.RSS, null, "FeedController.BloggerPost Error: {0}", ex.Message));
 			}
 
-			logger.LogInformation(new EventDataItem(EventCodes.RSS, null, "FeedController.BloggerPost successfully submitted"));
-
 			BreakSiteCache();
 
 			return Content(blogger);

Original file line number	Diff line number	Diff line change
`@@ -41,24 +41,27 @@ public IActionResult Rss()`
`41`	`41`	`memoryCache.Set(CACHEKEY_RSS, rss, SiteCacheSettings());`
`42`	`42`	`}`
`43`	`43`
`44`		`- logger.LogInformation(new EventDataItem(EventCodes.RSS, null, "RSS request"));`
`45`		`-`
`46`	`44`	`return Ok(rss);`
`47`	`45`	`}`
`48`	`46`
`49`	`47`	`[Produces("text/xml")]`
`50`	`48`	`[HttpGet("feed/rss/{category}"), HttpHead("feed/rss/{category}")]`
`51`	`49`	`public IActionResult RssByCategory(string category)`
`52`	`50`	`{`
`53`		`-`
`54`	`51`	`if (!memoryCache.TryGetValue(CACHEKEY_RSS + "_" + category, out RssRoot rss))`
`55`	`52`	`{`
`56`	`53`	`rss = subscriptionManager.GetRssCategory(category);`
`57`	`54`
`58`		`- memoryCache.Set(CACHEKEY_RSS + "_" + category, rss, SiteCacheSettings());`
	`55`	`+ if (rss.Channels[0]?.Items?.Count > 0)`
	`56`	`+ {`
	`57`	`+ memoryCache.Set(CACHEKEY_RSS + "_" + category, rss, SiteCacheSettings());`
	`58`	`+ }`
`59`	`59`	`}`
`60`	`60`
`61`		`- logger.LogInformation(new EventDataItem(EventCodes.RSS, null, "RSS category request: '{0}'", category));`
	`61`	`+ if(rss.Channels[0]?.Items?.Count == 0)`
	`62`	`+ {`
	`63`	`+ return NoContent();`
	`64`	`+ }`
`62`	`65`
`63`	`66`	`return Ok(rss);`
`64`	`67`	`}`
`@@ -106,8 +109,6 @@ public async Task<IActionResult> BloggerPost()`
`106`	`109`	`logger.LogError(new EventDataItem(EventCodes.RSS, null, "FeedController.BloggerPost Error: {0}", ex.Message));`
`107`	`110`	`}`
`108`	`111`
`109`		`- logger.LogInformation(new EventDataItem(EventCodes.RSS, null, "FeedController.BloggerPost successfully submitted"));`
`110`		`-`
`111`	`112`	`BreakSiteCache();`
`112`	`113`
`113`	`114`	`return Content(blogger);`