Merge pull request #608 from poppastring/security-fix-rss-category

RSS category security fix
poppastring · Jan 22, 2022 · 423546c · 423546c
2 parents 9bbd2a6 + 34557a7
commit 423546c
Showing 1 changed file with 8 additions and 7 deletions.
diff --git a/source/DasBlog.Web.UI/Controllers/FeedController.cs b/source/DasBlog.Web.UI/Controllers/FeedController.cs
@@ -41,24 +41,27 @@ public IActionResult Rss()
 				memoryCache.Set(CACHEKEY_RSS, rss, SiteCacheSettings());
 			}
 
-			logger.LogInformation(new EventDataItem(EventCodes.RSS, null, "RSS request"));
-
 			return Ok(rss);
         }
 
 		[Produces("text/xml")]
 		[HttpGet("feed/rss/{category}"), HttpHead("feed/rss/{category}")]
         public IActionResult RssByCategory(string category)
         {
-
 			if (!memoryCache.TryGetValue(CACHEKEY_RSS + "_" + category, out RssRoot rss))
 			{
 				rss = subscriptionManager.GetRssCategory(category);
 
-				memoryCache.Set(CACHEKEY_RSS + "_" + category, rss, SiteCacheSettings());
+				if (rss.Channels[0]?.Items?.Count > 0)
+				{
+					memoryCache.Set(CACHEKEY_RSS + "_" + category, rss, SiteCacheSettings());
+				}
 			}
 
-			logger.LogInformation(new EventDataItem(EventCodes.RSS, null, "RSS category request: '{0}'", category));
+			if(rss.Channels[0]?.Items?.Count == 0)
+			{
+				return NoContent();
+			}
 
 			return Ok(rss);
         }
@@ -106,8 +109,6 @@ public async Task<IActionResult> BloggerPost()
 				logger.LogError(new EventDataItem(EventCodes.RSS, null, "FeedController.BloggerPost Error: {0}", ex.Message));
 			}
 
-			logger.LogInformation(new EventDataItem(EventCodes.RSS, null, "FeedController.BloggerPost successfully submitted"));
-
 			BreakSiteCache();
 
 			return Content(blogger);