diff --git a/code/VersionFeed.php b/code/VersionFeed.php
index 1dafb95..fb4c619 100644
--- a/code/VersionFeed.php
+++ b/code/VersionFeed.php
@@ -83,9 +83,24 @@ class VersionFeed extends SiteTreeExtension {
$fields->addFieldToTab('Root.Settings', $publicHistory = new FieldGroup(
new CheckboxField('PublicHistory', $this->owner->fieldLabel(_t(
'RSSHistory.LABEL',
- 'Publish public RSS feed containing every published version of this page.'))
+ 'Make history public'))
)));
$publicHistory->setTitle($this->owner->fieldLabel('Public history'));
+
+ $warning =
+ "Publicising the history will also disclose the changes that have at the time been protected " .
+ "from the public view.";
+
+ $fields->addFieldToTab('Root.Settings', new LiteralField('PublicHistoryWarning', $warning), 'PublicHistory');
+
+ if ($this->owner->CanViewType!='Anyone') {
+ $warning =
+ "Changing access settings in such a way that this page or pages under it become publicly
" .
+ "accessible may result in publicising all historical changes on these pages too. Please review
" .
+ "this section's \"Public history\" settings to ascertain only intended information is disclosed.";
+
+ $fields->addFieldToTab('Root.Settings', new LiteralField('PublicHistoryWarning2', $warning), 'CanViewType');
+ }
}
public function getSiteRSSLink() {
diff --git a/code/VersionFeed_Controller.php b/code/VersionFeed_Controller.php
index 08d4a71..8b4da78 100644
--- a/code/VersionFeed_Controller.php
+++ b/code/VersionFeed_Controller.php
@@ -29,12 +29,12 @@ class VersionFeed_Controller extends Extension {
function changes() {
if(!$this->owner->PublicHistory) throw new SS_HTTPResponse_Exception('Page history not viewable', 404);;
- // Cache the diffs, otherwise it will take 5secs to generate 100 diffs which could lead to DOS.
+ // Cache the diffs to remove DOS possibility.
$cache = SS_Cache::factory('VersionFeed_Controller');
$cache->setOption('automatic_serialization', true);
$key = 'changes' . $this->owner->Version;
$entries = $cache->load($key);
- if(!$entries) {
+ if(!$entries || isset($_GET['flush'])) {
$entries = $this->owner->getDiffedChanges();
$cache->save($entries, $key);
}
@@ -57,19 +57,27 @@ class VersionFeed_Controller extends Extension {
if ($lastChange) {
- // Cache the diffs, otherwise it will take 5secs to generate 100 diffs which could lead to DOS.
+ // Cache the diffs to remove DOS possibility.
+ $member = Member::currentUser();
$cache = SS_Cache::factory('VersionFeed_Controller');
$cache->setOption('automatic_serialization', true);
- $key = 'allchanges' . preg_replace('#[^a-zA-Z0-9_]#', '', $lastChange['LastEdited']);
+ $key = 'allchanges' . preg_replace('#[^a-zA-Z0-9_]#', '', $lastChange['LastEdited']) .
+ ($member ? $member->ID : 'public');
$changeList = $cache->load($key);
- if(!$changeList) {
+ if(!$changeList || isset($_GET['flush'])) {
$changeList = new ArrayList();
foreach ($latestChanges as $record) {
+ // Check if the page should be visible.
+ // WARNING: although we are providing historical details, we check the current configuration.
+ $page = SiteTree::get()->filter(array('ID'=>$record['RecordID']))->First();
+ if (!$page->canView(new Member())) continue;
+
// Get the diff to the previous version.
$version = new Versioned_Version($record);
+
$changes = $version->getDiffedChanges($version->Version, false);
if ($changes && $changes->Count()) $changeList->push($changes->First());
}