Version 1.5.2.v1.5.2

Includes: * [UK] Don't show topic form field when reporting abuse. * Use token in moderation response URL to prevent hidden report leak. * Make sure successful submission page is full width.
author: Matthew Somerville <matthew@mysociety.org> 2014-12-17 11:21:28 +0000
committer: Matthew Somerville <matthew-github@dracos.co.uk> 2014-12-17 12:15:03 +0000
commit: 00090170f96ae43f521ce29a3731859ca5f6738a (patch)
tree: e31c3d9125c13025771f03a317622ca0c4e6fe38 /perllib/FixMyStreet/App/Controller/Moderate.pm
parent: e57f715a4625507cf6720d22e676c606bcb56053 (diff)
1 files changed, 6 insertions, 1 deletions
diff --git a/perllib/FixMyStreet/App/Controller/Moderate.pm b/perllib/FixMyStreet/App/Controller/Moderate.pm
index 9c10ae36a..ad293fbd7 100644
--- a/perllib/FixMyStreet/App/Controller/Moderate.pm
+++ b/perllib/FixMyStreet/App/Controller/Moderate.pm
@@ -105,6 +105,11 @@ sub report_moderate_audit : Private {
     my $sender = FixMyStreet->config('DO_NOT_REPLY_EMAIL');
     my $sender_name = _($cobrand->contact_name);
 
+    my $token = $c->model("DB::Token")->create({
+        scope => 'moderation',
+        data => { id => $problem->id }
+    });
+
     $c->send_email( 'problem-moderated.txt', {
 
         to      => [ [ $user->email, $user->name ] ],
@@ -113,7 +118,7 @@ sub report_moderate_audit : Private {
         user => $user,
         problem => $problem,
         report_uri => $c->stash->{report_uri},
-        report_complain_uri => $c->stash->{cobrand_base} . '/contact?m=1&id=' . $problem->id,
+        report_complain_uri => $c->stash->{cobrand_base} . '/contact?m=' . $token->token,
     });
 }
author	Matthew Somerville <matthew@mysociety.org>	2014-12-17 11:21:28 +0000
committer	Matthew Somerville <matthew-github@dracos.co.uk>	2014-12-17 12:15:03 +0000
commit	00090170f96ae43f521ce29a3731859ca5f6738a (patch)
tree	e31c3d9125c13025771f03a317622ca0c4e6fe38 /perllib/FixMyStreet/App/Controller/Moderate.pm
parent	e57f715a4625507cf6720d22e676c606bcb56053 (diff)