diff options
Diffstat (limited to 'perllib/FixMyStreet/App')
| -rw-r--r-- | perllib/FixMyStreet/App/Controller/Contact.pm | 6 | ||||
| -rwxr-xr-x | perllib/FixMyStreet/App/Controller/Develop.pm | 10 | ||||
| -rw-r--r-- | perllib/FixMyStreet/App/Controller/Report/New.pm | 3 | ||||
| -rw-r--r-- | perllib/FixMyStreet/App/Controller/Report/Update.pm | 3 | ||||
| -rwxr-xr-x | perllib/FixMyStreet/App/View/EmailText.pm | 29 | ||||
| -rw-r--r-- | perllib/FixMyStreet/App/View/Web.pm | 20 |
6 files changed, 61 insertions, 10 deletions
diff --git a/perllib/FixMyStreet/App/Controller/Contact.pm b/perllib/FixMyStreet/App/Controller/Contact.pm index 8477dd694..9ce89a9e2 100644 --- a/perllib/FixMyStreet/App/Controller/Contact.pm +++ b/perllib/FixMyStreet/App/Controller/Contact.pm @@ -7,6 +7,7 @@ BEGIN { extends 'Catalyst::Controller'; } use MIME::Base64; use mySociety::EmailUtil; use FixMyStreet::Email; +use FixMyStreet::Template::SafeString; =head1 NAME @@ -253,8 +254,9 @@ generally required to stash sub setup_request : Private { my ( $self, $c ) = @_; - $c->stash->{contact_email} = $c->cobrand->contact_email; - $c->stash->{contact_email} =~ s/\@/@/; + my $email = $c->cobrand->contact_email; + $email =~ s/\@/@/; + $c->stash->{contact_email} = FixMyStreet::Template::SafeString->new($email); for my $param (qw/em subject message/) { $c->stash->{$param} = $c->get_param($param); diff --git a/perllib/FixMyStreet/App/Controller/Develop.pm b/perllib/FixMyStreet/App/Controller/Develop.pm index d2457a3d7..6a1c10b22 100755 --- a/perllib/FixMyStreet/App/Controller/Develop.pm +++ b/perllib/FixMyStreet/App/Controller/Develop.pm @@ -142,6 +142,7 @@ sub email_previewer : Path('/_dev/email') : Args(1) { # Look through the Email::MIME email for the text/html part, and any inline # images. Turn the images into data: URIs. + my $text = ''; my $html = ''; my %images; $email->walk_parts(sub { @@ -151,6 +152,8 @@ sub email_previewer : Path('/_dev/email') : Args(1) { (my $cid = $part->header('Content-ID')) =~ s/[<>]//g; (my $ct = $part->content_type) =~ s/;.*//; $images{$cid} = "$ct;base64," . $part->body_raw; + } elsif ($part->content_type =~ m[text/plain]i) { + $text = $part->body_str; } elsif ($part->content_type =~ m[text/html]i) { $html = $part->body_str; } @@ -160,7 +163,12 @@ sub email_previewer : Path('/_dev/email') : Args(1) { $html =~ s/cid:([^"]*)/data:$images{$1}/g; } - $c->response->body($html); + if ($c->get_param('text')) { + $c->response->header(Content_type => 'text/plain'); + $c->response->body($text); + } else { + $c->response->body($html); + } } =item problem_confirm_previewer diff --git a/perllib/FixMyStreet/App/Controller/Report/New.pm b/perllib/FixMyStreet/App/Controller/Report/New.pm index 270ad2ddb..899028ee9 100644 --- a/perllib/FixMyStreet/App/Controller/Report/New.pm +++ b/perllib/FixMyStreet/App/Controller/Report/New.pm @@ -4,6 +4,7 @@ use Moose; use namespace::autoclean; BEGIN { extends 'Catalyst::Controller'; } +use utf8; use Encode; use List::MoreUtils qw(uniq); use List::Util 'first'; @@ -895,7 +896,7 @@ sub process_user : Private { oauth_report => { $report->get_inflated_columns } }; unless ( $c->forward( '/auth/sign_in', [ $params{username} ] ) ) { - $c->stash->{field_errors}->{password} = _('There was a problem with your login information. If you cannot remember your password, or do not have one, please fill in the ‘No’ section of the form.'); + $c->stash->{field_errors}->{password} = _('There was a problem with your login information. If you cannot remember your password, or do not have one, please fill in the ‘No’ section of the form.'); return 1; } my $user = $c->user->obj; diff --git a/perllib/FixMyStreet/App/Controller/Report/Update.pm b/perllib/FixMyStreet/App/Controller/Report/Update.pm index 1dc337c48..610f0f4eb 100644 --- a/perllib/FixMyStreet/App/Controller/Report/Update.pm +++ b/perllib/FixMyStreet/App/Controller/Report/Update.pm @@ -4,6 +4,7 @@ use Moose; use namespace::autoclean; BEGIN { extends 'Catalyst::Controller'; } +use utf8; use Path::Class; use List::Util 'first'; use Utils; @@ -143,7 +144,7 @@ sub process_user : Private { oauth_update => { $update->get_inflated_columns } }; unless ( $c->forward( '/auth/sign_in', [ $params{username} ] ) ) { - $c->stash->{field_errors}->{password} = _('There was a problem with your login information. If you cannot remember your password, or do not have one, please fill in the ‘No’ section of the form.'); + $c->stash->{field_errors}->{password} = _('There was a problem with your login information. If you cannot remember your password, or do not have one, please fill in the ‘No’ section of the form.'); return 1; } my $user = $c->user->obj; diff --git a/perllib/FixMyStreet/App/View/EmailText.pm b/perllib/FixMyStreet/App/View/EmailText.pm new file mode 100755 index 000000000..6b28ca13f --- /dev/null +++ b/perllib/FixMyStreet/App/View/EmailText.pm @@ -0,0 +1,29 @@ +package FixMyStreet::App::View::EmailText; +use base 'Catalyst::View::TT'; + +use strict; +use warnings; + +use FixMyStreet; +use FixMyStreet::Template; + +__PACKAGE__->config( + CLASS => 'FixMyStreet::Template', + TEMPLATE_EXTENSION => '.txt', + INCLUDE_PATH => [ FixMyStreet->path_to( 'templates', 'email', 'default' ) ], + render_die => 1, + disable_autoescape => 1, +); + +=head1 NAME + +FixMyStreet::App::View::EmailText - TT View for FixMyStreet::App + +=head1 DESCRIPTION + +A TT view for the text part of emails - so no HTML auto-escaping + +=cut + +1; + diff --git a/perllib/FixMyStreet/App/View/Web.pm b/perllib/FixMyStreet/App/View/Web.pm index 93aa0e2fb..1e1b50094 100644 --- a/perllib/FixMyStreet/App/View/Web.pm +++ b/perllib/FixMyStreet/App/View/Web.pm @@ -6,6 +6,7 @@ use warnings; use FixMyStreet; use FixMyStreet::Template; +use FixMyStreet::Template::SafeString; use Utils; __PACKAGE__->config( @@ -19,6 +20,7 @@ __PACKAGE__->config( 'tprintf', 'prettify_dt', 'version', 'decode', 'prettify_state', + 'mark_safe', ], FILTERS => { add_links => \&add_links, @@ -59,7 +61,15 @@ sprintf (different name to avoid clash) sub tprintf { my ( $self, $c, $format, @args ) = @_; @args = @{$args[0]} if ref $args[0] eq 'ARRAY'; - return sprintf $format, @args; + #$format = $format->plain if UNIVERSAL::isa($format, 'Template::HTML::Variable'); + my $s = sprintf $format, @args; + return FixMyStreet::Template::SafeString->new($s); +} + +sub mark_safe { + my ($self, $c, $s) = @_; + $s = $s->plain if UNIVERSAL::isa($s, 'FixMyStreet::Template::Variable'); + return FixMyStreet::Template::SafeString->new($s); } =head2 Utils::prettify_dt @@ -82,16 +92,16 @@ sub prettify_dt { [% text | add_links | html_para %] -Add some links to some text (and thus HTML-escapes the other text. +Add some links to some text (and thus HTML-escapes the other text). =cut sub add_links { my $text = shift; + $text = FixMyStreet::Template::conditional_escape($text); $text =~ s/\r//g; - $text = FixMyStreet::Template::html_filter($text); $text =~ s{(https?://)([^\s]+)}{"<a href=\"$1$2\">$1" . _space_slash($2) . '</a>'}ge; - return $text; + return FixMyStreet::Template::SafeString->new($text); } sub _space_slash { @@ -113,7 +123,7 @@ sub markup_factory { my $text = shift; return $text unless $user && ($user->from_body || $user->is_superuser); $text =~ s{\*(\S.*?\S)\*}{<i>$1</i>}; - $text; + FixMyStreet::Template::SafeString->new($text); } } |