diff options
| author | Matthew Somerville <matthew@mysociety.org> | 2014-12-17 11:21:28 +0000 |
|---|---|---|
| committer | Matthew Somerville <matthew-github@dracos.co.uk> | 2014-12-17 12:15:03 +0000 |
| commit | 00090170f96ae43f521ce29a3731859ca5f6738a (patch) | |
| tree | e31c3d9125c13025771f03a317622ca0c4e6fe38 | |
| parent | e57f715a4625507cf6720d22e676c606bcb56053 (diff) | |
Version 1.5.2.v1.5.2
Includes:
* [UK] Don't show topic form field when reporting abuse.
* Use token in moderation response URL to prevent hidden report leak.
* Make sure successful submission page is full width.
| -rw-r--r-- | README.md | 8 | ||||
| -rw-r--r-- | bin/site-specific-install.sh | 2 | ||||
| -rw-r--r-- | perllib/FixMyStreet/App/Controller/Contact.pm | 36 | ||||
| -rw-r--r-- | perllib/FixMyStreet/App/Controller/Moderate.pm | 7 | ||||
| -rw-r--r-- | perllib/FixMyStreet/Cobrand/FixMyStreet.pm | 3 | ||||
| -rw-r--r-- | t/app/controller/moderate.t | 12 | ||||
| -rw-r--r-- | templates/web/base/contact/index.html | 1 | ||||
| -rw-r--r-- | templates/web/base/contact/submit.html | 2 | ||||
| -rw-r--r-- | templates/web/base/report/_main.html | 30 | ||||
| -rw-r--r-- | templates/web/fixmystreet.com/contact/who.html | 6 | ||||
| -rw-r--r-- | templates/web/fixmystreet/contact/index.html | 1 |
11 files changed, 60 insertions, 48 deletions
@@ -14,7 +14,7 @@ RSS alerts of problems in their area. It was created in 2007 by [mySociety](https://www.mysociety.org/) for reporting problems to UK councils and has been copied around the world. The FixMyStreet -Platform is now at version 1.5.1. +Platform is now at version 1.5.2. ## Installation @@ -38,6 +38,12 @@ We've extracted all of the mobile apps from this repository into the ## Releases +* v1.5.2 (17th December 2014) + - Hide unneeded heading on default footer. + - Suppress 'Argument "" isn't numeric' warning on admin report edit page. + - [UK] Don't show topic form field when reporting abuse. + - Use token in moderation response URL to prevent hidden report leak. + * v1.5.1 (12th December 2014) - Bugfixes - Use correct cobrand signature in SendReport emails. #960 diff --git a/bin/site-specific-install.sh b/bin/site-specific-install.sh index 774f90b15..3d01be469 100644 --- a/bin/site-specific-install.sh +++ b/bin/site-specific-install.sh @@ -1,7 +1,7 @@ #!/bin/sh # Set this to the version we want to check out -VERSION=${VERSION_OVERRIDE:-v1.5.1} +VERSION=${VERSION_OVERRIDE:-v1.5.2} PARENT_SCRIPT_URL=https://github.com/mysociety/commonlib/blob/master/bin/install-site.sh diff --git a/perllib/FixMyStreet/App/Controller/Contact.pm b/perllib/FixMyStreet/App/Controller/Contact.pm index 3ff824691..5a51c8494 100644 --- a/perllib/FixMyStreet/App/Controller/Contact.pm +++ b/perllib/FixMyStreet/App/Controller/Contact.pm @@ -59,33 +59,24 @@ generic contact request and set up things accordingly sub determine_contact_type : Private { my ( $self, $c ) = @_; - my $id = $c->req->param('id'); + my $id = $c->req->param('id'); my $update_id = $c->req->param('update_id'); + my $token = $c->req->param('m'); $id = undef unless $id && $id =~ /^[1-9]\d*$/; $update_id = undef unless $update_id && $update_id =~ /^[1-9]\d*$/; - if ($id) { - - # if we're moderating, then we don't show errors in every case, e.g. - # for hidden reports - if ($c->req->param('m')) { - my $problem - = ( !$id || $id =~ m{\D} ) # is id non-numeric? - ? undef # ...don't even search - : $c->cobrand->problems->find( { id => $id } ); - - if ($problem) { - $c->stash->{problem} = $problem; - $c->stash->{moderation_complaint} = 1; - } - else { - $c->forward( '/report/load_problem_or_display_error', [ $id ] ); - } - } - else { + if ($token) { + my $token_obj = $c->forward('/tokens/load_auth_token', [ $token, 'moderation' ]); + my $problem = $c->cobrand->problems->find( { id => $token_obj->data->{id} } ); + if ($problem) { + $c->stash->{problem} = $problem; + $c->stash->{moderation_complaint} = $token; + } else { $c->forward( '/report/load_problem_or_display_error', [ $id ] ); } + } elsif ($id) { + $c->forward( '/report/load_problem_or_display_error', [ $id ] ); if ($update_id) { my $update = $c->model('DB::Comment')->find( { id => $update_id } @@ -132,9 +123,8 @@ sub validate : Private { ); push @errors, _('Illegal ID') - if $c->req->param('id') && $c->req->param('id') !~ /^[1-9]\d*$/ - or $c->req->param('update_id') - && $c->req->param('update_id') !~ /^[1-9]\d*$/; + if $c->req->param('id') && !$c->stash->{problem} + or $c->req->param('update_id') && !$c->stash->{update}; push @errors, _('There was a problem showing this page. Please try again later.') if $c->req->params->{message} && $c->req->params->{message} =~ /\[url=|<a/; diff --git a/perllib/FixMyStreet/App/Controller/Moderate.pm b/perllib/FixMyStreet/App/Controller/Moderate.pm index 9c10ae36a..ad293fbd7 100644 --- a/perllib/FixMyStreet/App/Controller/Moderate.pm +++ b/perllib/FixMyStreet/App/Controller/Moderate.pm @@ -105,6 +105,11 @@ sub report_moderate_audit : Private { my $sender = FixMyStreet->config('DO_NOT_REPLY_EMAIL'); my $sender_name = _($cobrand->contact_name); + my $token = $c->model("DB::Token")->create({ + scope => 'moderation', + data => { id => $problem->id } + }); + $c->send_email( 'problem-moderated.txt', { to => [ [ $user->email, $user->name ] ], @@ -113,7 +118,7 @@ sub report_moderate_audit : Private { user => $user, problem => $problem, report_uri => $c->stash->{report_uri}, - report_complain_uri => $c->stash->{cobrand_base} . '/contact?m=1&id=' . $problem->id, + report_complain_uri => $c->stash->{cobrand_base} . '/contact?m=' . $token->token, }); } diff --git a/perllib/FixMyStreet/Cobrand/FixMyStreet.pm b/perllib/FixMyStreet/Cobrand/FixMyStreet.pm index 7a0f868d8..9001ca5f7 100644 --- a/perllib/FixMyStreet/Cobrand/FixMyStreet.pm +++ b/perllib/FixMyStreet/Cobrand/FixMyStreet.pm @@ -35,6 +35,9 @@ sub extra_contact_validation { my $self = shift; my $c = shift; + # Don't care about dest if reporting abuse + return () if $c->stash->{problem}; + my %errors; $c->stash->{dest} = $c->req->param('dest'); diff --git a/t/app/controller/moderate.t b/t/app/controller/moderate.t index 84e8670b7..cd4c742bb 100644 --- a/t/app/controller/moderate.t +++ b/t/app/controller/moderate.t @@ -68,6 +68,9 @@ subtest 'Auth' => sub { $mech->get_ok($REPORT_URL); $mech->content_lacks('Moderat'); + + $mech->get_ok('/contact?m=1&id=' . $report->id); + $mech->content_lacks('Good bad bad bad'); }; subtest 'Affiliated and permissioned user can see moderation' => sub { @@ -158,6 +161,8 @@ subtest 'Problem moderation' => sub { }; subtest 'Hide report' => sub { + $mech->clear_emails_ok; + my $resp = $mech->post('/moderate/report/' . $report->id, { %problem_prepopulated, problem_hide => 1, @@ -167,6 +172,13 @@ subtest 'Problem moderation' => sub { $report->discard_changes; is $report->state, 'hidden', 'Is hidden'; + my $email = $mech->get_email; + my ($url) = $email->body =~ m{(http://\S+)}; + ok $url, "extracted complain url '$url'"; + + $mech->get_ok($url); + $mech->content_contains('Good bad bad bad'); + # reset $report->update({ state => 'confirmed' }); }; diff --git a/templates/web/base/contact/index.html b/templates/web/base/contact/index.html index 439091f88..228a77def 100644 --- a/templates/web/base/contact/index.html +++ b/templates/web/base/contact/index.html @@ -35,6 +35,7 @@ [% ELSIF problem %] <p> [% IF moderation_complaint %] + <input type="hidden" name="m" value="[% moderation_complaint %]"> [% loc('You are complaining that this problem report was unnecessarily moderated:') %] [% ELSE %] [% loc('You are reporting the following problem report for being abusive, containing personal information, or similar:') %] diff --git a/templates/web/base/contact/submit.html b/templates/web/base/contact/submit.html index 3845e9210..fc416c2d7 100644 --- a/templates/web/base/contact/submit.html +++ b/templates/web/base/contact/submit.html @@ -1,4 +1,4 @@ -[% INCLUDE 'header.html', title = loc('Contact Us') %] +[% INCLUDE 'header.html', title = loc('Contact Us'), bodyclass = 'fullwidthpage' %] <h1>[% loc('Contact the team') %]</h1> diff --git a/templates/web/base/report/_main.html b/templates/web/base/report/_main.html index 6ae96f97c..00b0188af 100644 --- a/templates/web/base/report/_main.html +++ b/templates/web/base/report/_main.html @@ -66,28 +66,20 @@ </em></p> [% INCLUDE 'report/_support.html' %] - [% IF c.cobrand.moniker != 'southampton' %] - [% INCLUDE 'report/photo.html' object=problem %] - [% END %] + [% INCLUDE 'report/photo.html' object=problem %] + <div class="moderate-display"> + [% add_links( problem.detail ) | html_para %] + </div> - <div class="moderate-display"> - [% add_links( problem.detail ) | html_para %] - </div> - [% IF moderating %] - <div class="moderate-edit"> - [% IF problem.detail != original.detail %] - <input type="checkbox" name="problem_revert_detail" class="revert-textarea"> - <label for="problem_revert_detail">Revert to original text</label> - [% END %] - <textarea name="problem_detail">[% add_links( problem.detail ) %]</textarea> - </div> + [% IF moderating %] + <div class="moderate-edit"> + [% IF problem.detail != original.detail %] + <input type="checkbox" name="problem_revert_detail" class="revert-textarea"> + <label for="problem_revert_detail">Revert to original text</label> [% END %] + <textarea name="problem_detail">[% add_links( problem.detail ) %]</textarea> + </div> - [% IF c.cobrand.moniker == 'southampton' %] - [% INCLUDE 'report/photo.html' object=problem %] - [% END %] - - [% IF moderating %] <div class="moderate-edit"> <label for="moderation_reason">Moderation reason:</label> <input type="text" name="moderation_reason" placeholder="Describe why you are moderating this"> diff --git a/templates/web/fixmystreet.com/contact/who.html b/templates/web/fixmystreet.com/contact/who.html index 7084c17dc..cdfc4eff8 100644 --- a/templates/web/fixmystreet.com/contact/who.html +++ b/templates/web/fixmystreet.com/contact/who.html @@ -1,3 +1,4 @@ +[% IF NOT problem %] <h4>Topic:</h4> [% IF field_errors.dest %] @@ -55,8 +56,8 @@ </div> <div class="checkbox-group"> - <input name="dest" id="dest_feeback" type="radio" value="feeback" class="required"[% IF dest AND dest == 'feeback' %] checked[% END %]> - <label class="inline" for="dest_feeback">I have feedback about the site</label> + <input name="dest" id="dest_feedback" type="radio" value="feedback" class="required"[% IF dest AND dest == 'feedback' %] checked[% END %]> + <label class="inline" for="dest_feedback">I have feedback about the site</label> </div> <div class="checkbox-group"> @@ -73,3 +74,4 @@ <input name="dest" id="dest_update" type="radio" value="update"[% IF dest AND dest == 'update' %] checked[% END %]> <label class="inline" for="dest_update">My street problem hasn't been fixed</label> </div> +[% END %] diff --git a/templates/web/fixmystreet/contact/index.html b/templates/web/fixmystreet/contact/index.html index 2d145ce09..92f2451ef 100644 --- a/templates/web/fixmystreet/contact/index.html +++ b/templates/web/fixmystreet/contact/index.html @@ -50,6 +50,7 @@ [% ELSIF problem %] <p> [% IF moderation_complaint %] + <input type="hidden" name="m" value="[% moderation_complaint %]"> [% loc('You are complaining that this problem report was unnecessarily moderated:') %] [% ELSE %] [% loc('You are reporting the following problem report for being abusive, containing personal information, or similar:') %] |