diff options
Diffstat (limited to 'perllib/FixMyStreet/App/Controller/Contact.pm')
| -rw-r--r-- | perllib/FixMyStreet/App/Controller/Contact.pm | 45 |
1 files changed, 28 insertions, 17 deletions
diff --git a/perllib/FixMyStreet/App/Controller/Contact.pm b/perllib/FixMyStreet/App/Controller/Contact.pm index 997009b87..fb525fc1f 100644 --- a/perllib/FixMyStreet/App/Controller/Contact.pm +++ b/perllib/FixMyStreet/App/Controller/Contact.pm @@ -4,6 +4,7 @@ use namespace::autoclean; BEGIN { extends 'Catalyst::Controller'; } +use MIME::Base64; use mySociety::EmailUtil; use FixMyStreet::Email; @@ -17,8 +18,19 @@ Contact us page =head1 METHODS +=head2 auto + +Functions to run on both GET and POST contact requests. + =cut +sub auto : Private { + my ($self, $c) = @_; + $c->forward('setup_request'); + $c->forward('determine_contact_type'); + $c->forward('/auth/get_csrf_token'); +} + =head2 index Display contact us page @@ -27,10 +39,6 @@ Display contact us page sub index : Path : Args(0) { my ( $self, $c ) = @_; - - return - unless $c->forward('setup_request') - && $c->forward('determine_contact_type'); } =head2 submit @@ -42,20 +50,12 @@ Handle contact us form submission sub submit : Path('submit') : Args(0) { my ( $self, $c ) = @_; - if (my $testing = $c->get_param('_test_')) { - $c->stash->{success} = $c->get_param('success'); - return; - } - $c->res->redirect( '/contact' ) and return unless $c->req->method eq 'POST'; - return - unless $c->forward('setup_request') - && $c->forward('determine_contact_type') - && $c->forward('validate') - && $c->forward('prepare_params_for_email') - && $c->forward('send_email') - && $c->forward('redirect_on_success'); + $c->go('index') unless $c->forward('validate'); + $c->forward('prepare_params_for_email'); + $c->forward('send_email'); + $c->forward('redirect_on_success'); } =head2 determine_contact_type @@ -105,6 +105,8 @@ sub determine_contact_type : Private { if ( $c->get_param("reject") && $c->user->has_permission_to(report_reject => $c->stash->{problem}->bodies_str_ids) ) { $c->stash->{rejecting_report} = 1; } + } elsif ( $c->cobrand->abuse_reports_only ) { + $c->detach( '/page_error_404_not_found' ); } return 1; @@ -120,6 +122,10 @@ to index page if errors. sub validate : Private { my ( $self, $c ) = @_; + $c->forward('/auth/check_csrf_token'); + my $s = $c->stash->{s} = unpack("N", decode_base64($c->get_param('s'))); + return if !FixMyStreet->test_mode && time() < $s; # uncoverable statement + my ( %field_errors, @errors ); my %required = ( name => _('Please enter your name'), @@ -157,7 +163,7 @@ sub validate : Private { if ( @errors or scalar keys %field_errors ) { $c->stash->{errors} = \@errors; $c->stash->{field_errors} = \%field_errors; - $c->go('index'); + return 0; } return 1; @@ -233,6 +239,10 @@ sub setup_request : Private { # name is already used in the stash for the app class name $c->stash->{form_name} = $c->get_param('name'); + my $s = encode_base64(pack("N", time() + 10), ''); + $s =~ s/=+$//; + $c->stash->{s} = $s; + return 1; } @@ -262,6 +272,7 @@ sub send_email : Private { my $from = [ $c->stash->{em}, $c->stash->{form_name} ]; my $params = { to => [ [ $recipient, _($recipient_name) ] ], + user_agent => $c->req->user_agent, }; if (FixMyStreet::Email::test_dmarc($c->stash->{em})) { $params->{'Reply-To'} = [ $from ]; |