RSS feed is showing unpublished posts

Topics: Business Logic Layer
Mar 24, 2010 at 10:42 AM



I'm running BE .Net version 1.6.

In my setup I require all posts to be approved by an administrator before being published (I hide the publish checkbox for Editors),

but the rss feed does not reflect this behaviour, so anyone subscribed to the feed can see the posts inside the feed. 


It seems to me this is a bug, unless someone can tell me why this behaviour is to be expected?

Any solutions?




Mar 24, 2010 at 11:03 AM
Edited Mar 24, 2010 at 11:05 AM

Are you logged into the blog when viewing the RSS feed?  I'm not sure about the RSS feed specifically, but a lot of areas in BE will show unpublished posts to logged in users.  Try logging out and see if the unpublished posts still appear in the RSS feed.

EDIT:  Also, because caching headers are used on the RSS feed, you may need to do a no-cache refresh (Ctrl F5) to get a fresh copy of the RSS feed in your browser.

Mar 24, 2010 at 12:34 PM

Thanks BenAmada, you are correct, when testing from another machine where we were not logged on this is visible.


Another quick question: I testes a bit further and noticed the rss for the published posts is visible for all editors. 

It's less important, but is there a way to prevent this?




Mar 24, 2010 at 11:59 PM
Edited Mar 25, 2010 at 12:02 AM

You can do that.  It requires modifying SyndicationHandler.cs in the BE Core and recompiling the core, to produce a new BlogEngine.Core.dll file for the BIN directory.

SyndicationHandler.cs is in Web\HttpHandlers.

In there, if you search, two times there is:

return item.IsVisible == true;

You would want to change both instances to:

return item.IsVisibleToPublic || System.Threading.Thread.CurrentPrincipal.IsInRole(BlogSettings.Instance.AdministratorRole);

This would prevent Editors from seeing unpublished posts.

EDIT:  There's also a couple of similar checks in SyndicationGenerator.cs in the BE core.  But it shouldn't be necessary to modify these checks, because the posts filtered in SyndicationHandler are fed to SyndicationGenerator.  Since the changes listed above would already filter the unpublished posts for just administrators in SyndicationHandler, it won't hurt to leave the checks in SyndicationGenerator alone.

Mar 25, 2010 at 9:23 AM

Thanks BenAmada,

I should have known. I bumped into that check when looking into my previous issue ... 


Much appreciated,