diff options
| -rw-r--r-- | CHANGELOG.md | 3 | ||||
| -rw-r--r-- | perllib/FixMyStreet/App/Controller/Contact.pm | 14 | ||||
| -rw-r--r-- | perllib/Open311/PopulateServiceList.pm | 29 | ||||
| -rw-r--r-- | t/app/controller/contact.t | 66 | ||||
| -rw-r--r-- | templates/web/base/contact/index.html | 4 |
5 files changed, 86 insertions, 30 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 8e9a7f0d1..bb2487801 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,7 +1,10 @@ ## Releases * Unreleased + - Front end improvements: + - Extra help text on contact form #2149 - Bugfixes: + - Prevent contact form leaking information about updates #2149 - Fix pointer event issue selecting pin on map. #2130 - Fix admin navigation links in multi-language installs. diff --git a/perllib/FixMyStreet/App/Controller/Contact.pm b/perllib/FixMyStreet/App/Controller/Contact.pm index b124ba1c0..997009b87 100644 --- a/perllib/FixMyStreet/App/Controller/Contact.pm +++ b/perllib/FixMyStreet/App/Controller/Contact.pm @@ -87,9 +87,17 @@ sub determine_contact_type : Private { } elsif ($id) { $c->forward( '/report/load_problem_or_display_error', [ $id ] ); if ($update_id) { - my $update = $c->model('DB::Comment')->find( - { id => $update_id } - ); + my $update = $c->model('DB::Comment')->search( + { + id => $update_id, + problem_id => $id, + state => 'confirmed', + } + )->first; + + unless ($update) { + $c->detach( '/page_error_404_not_found', [ _('Unknown update ID') ] ); + } $c->stash->{update} = $update; } diff --git a/perllib/Open311/PopulateServiceList.pm b/perllib/Open311/PopulateServiceList.pm index 4ffd8c143..f10bdf7fb 100644 --- a/perllib/Open311/PopulateServiceList.pm +++ b/perllib/Open311/PopulateServiceList.pm @@ -320,6 +320,14 @@ sub _delete_contacts_not_in_service_list { } ); + if ($self->_current_body->can_be_devolved) { + # If the body has can_be_devolved switched on, it's most likely a + # combination of Open311/email, so ignore any email addresses. + $found_contacts = $found_contacts->search( + { email => { -not_like => '%@%' } } + ); + } + $found_contacts = $self->_delete_contacts_not_in_service_list_cobrand_overrides($found_contacts); $found_contacts->update( @@ -335,27 +343,6 @@ sub _delete_contacts_not_in_service_list { sub _delete_contacts_not_in_service_list_cobrand_overrides { my ( $self, $found_contacts ) = @_; - # for Warwickshire/Bristol/BANES, which are mixed Open311 and email, don't delete - # the email addresses - if ($self->_current_body->name eq 'Warwickshire County Council' || - $self->_current_body->name eq 'Bristol City Council' || - $self->_current_body->name eq 'Bath and North East Somerset Council') { - $found_contacts = $found_contacts->search( - { - email => { -not_like => '%@%' } - } - ); - } elsif ($self->_current_body->name eq 'East Hertfordshire District Council' || - $self->_current_body->name eq 'Stevenage Borough Council') { - # For EHDC/Stevenage we need to leave the 'Other' category alone or reports made - # in this category will be sent only to Hertfordshire County Council. - $found_contacts = $found_contacts->search( - { - category => { '!=' => 'Other' } - } - ); - } - return $found_contacts; } diff --git a/t/app/controller/contact.t b/t/app/controller/contact.t index c1039d15b..4f255f058 100644 --- a/t/app/controller/contact.t +++ b/t/app/controller/contact.t @@ -37,6 +37,17 @@ for my $test ( detail => 'More detail on the different problem', postcode => 'EH99 1SP', confirmed => '2011-05-03 13:24:28.145168', + anonymous => 0, + hidden => 1, + meta => 'Reported anonymously at 13:24, Tue 3 May 2011', + }, + { + name => 'A User', + email => 'problem_report_test@example.com', + title => 'A different problem', + detail => 'More detail on the different problem', + postcode => 'EH99 1SP', + confirmed => '2011-05-03 13:24:28.145168', anonymous => 1, meta => 'Reported anonymously at 13:24, Tue 3 May 2011', update => { @@ -45,6 +56,38 @@ for my $test ( text => 'This is an update', }, }, + { + name => 'A User', + email => 'problem_report_test@example.com', + title => 'A different problem', + detail => 'More detail on the different problem', + postcode => 'EH99 1SP', + confirmed => '2011-05-03 13:24:28.145168', + anonymous => 1, + meta => 'Reported anonymously at 13:24, Tue 3 May 2011', + update => { + other_problem => 1, + name => 'Different User', + email => 'commenter@example.com', + text => 'This is an update', + }, + }, + { + name => 'A User', + email => 'problem_report_test@example.com', + title => 'A different problem', + detail => 'More detail on the different problem', + postcode => 'EH99 1SP', + confirmed => '2011-05-03 13:24:28.145168', + anonymous => 1, + meta => 'Reported anonymously at 13:24, Tue 3 May 2011', + update => { + hidden => 1, + name => 'Different User', + email => 'commenter@example.com', + text => 'This is an update', + }, + }, ) { subtest 'check reporting a problem displays correctly' => sub { @@ -58,7 +101,7 @@ for my $test ( confirmed => $test->{confirmed}, name => $test->{name}, anonymous => $test->{anonymous}, - state => 'confirmed', + state => $test->{hidden} ? 'hidden' : 'confirmed', user => $user, latitude => 0, longitude => 0, @@ -76,9 +119,9 @@ for my $test ( $update = FixMyStreet::App->model('DB::Comment')->create( { - problem_id => $problem->id, + problem_id => $update_info->{other_problem} ? $problem_main->id : $problem->id, user => $update_user, - state => 'confirmed', + state => $update_info->{hidden} ? 'hidden' : 'confirmed', text => $update_info->{text}, confirmed => \'current_timestamp', mark_fixed => 'f', @@ -90,9 +133,20 @@ for my $test ( ok $problem, 'succesfully create a problem'; if ( $update ) { - $mech->get_ok( '/contact?id=' . $problem->id . '&update_id=' . $update->id ); - $mech->content_contains('reporting the following update'); - $mech->content_contains( $test->{update}->{text} ); + if ( $test->{update}->{hidden} ) { + $mech->get( '/contact?id=' . $problem->id . '&update_id=' . $update->id ); + is $mech->res->code, 404, 'cannot report a hidden update'; + } elsif ( $test->{update}->{other_problem} ) { + $mech->get( '/contact?id=' . $problem->id . '&update_id=' . $update->id ); + is $mech->res->code, 404, 'cannot view an update for another problem'; + } else { + $mech->get_ok( '/contact?id=' . $problem->id . '&update_id=' . $update->id ); + $mech->content_contains('reporting the following update'); + $mech->content_contains( $test->{update}->{text} ); + } + } elsif ( $test->{hidden} ) { + $mech->get( '/contact?id=' . $problem->id ); + is $mech->res->code, 410, 'cannot report a hidden problem'; } else { $mech->get_ok( '/contact?id=' . $problem->id ); $mech->content_contains('reporting the following problem'); diff --git a/templates/web/base/contact/index.html b/templates/web/base/contact/index.html index 1839b4c85..326c26ce8 100644 --- a/templates/web/base/contact/index.html +++ b/templates/web/base/contact/index.html @@ -103,6 +103,10 @@ [% END %] <textarea class="form-control required" name="message" id="form_message" rows="7" cols="50">[% message | html %]</textarea> + [% IF NOT problem AND NOT update %] + <p>[% loc('If you are contacting us about a specific report or update please include a link to the report in the message.') %]</p> + [% END %] + <input class="final-submit green-btn" type="submit" value="[% loc('Send') %]"> |