From ab983c0445fde36a5338b199c7d3996580872e7c Mon Sep 17 00:00:00 2001
From: Dave Arter <davea@mysociety.org>
Date: Fri, 7 Aug 2020 17:33:27 +0100
Subject: Enable HTML in updates from staff users

This also extends to response templates.
---
 perllib/FixMyStreet/App/View/Web.pm | 42 +++++++++++++++++++++++++++++--------
 1 file changed, 33 insertions(+), 9 deletions(-)

(limited to 'perllib/FixMyStreet/App/View/Web.pm')

diff --git a/perllib/FixMyStreet/App/View/Web.pm b/perllib/FixMyStreet/App/View/Web.pm
index 1e1b50094..5e38fc797 100644
--- a/perllib/FixMyStreet/App/View/Web.pm
+++ b/perllib/FixMyStreet/App/View/Web.pm
@@ -25,7 +25,7 @@ __PACKAGE__->config(
     FILTERS => {
         add_links => \&add_links,
         escape_js => \&escape_js,
-        markup => [ \&markup_factory, 1 ],
+        staff_html_markup => [ \&staff_html_markup_factory, 1 ],
     },
     COMPILE_EXT => '.ttc',
     STAT_TTL    => FixMyStreet->config('STAGING_SITE') ? 1 : 86400,
@@ -100,7 +100,7 @@ sub add_links {
     my $text = shift;
     $text = FixMyStreet::Template::conditional_escape($text);
     $text =~ s/\r//g;
-    $text =~ s{(https?://)([^\s]+)}{"<a href=\"$1$2\">$1" . _space_slash($2) . '</a>'}ge;
+    $text =~ s{(?<!["'])(https?://)([^\s]+)}{"<a href=\"$1$2\">$1" . _space_slash($2) . '</a>'}ge;
     return FixMyStreet::Template::SafeString->new($text);
 }
 
@@ -110,20 +110,44 @@ sub _space_slash {
     return $t;
 }
 
-=head2 markup_factory
+=head2 staff_html_markup_factory
 
-This returns a function that will allow updates to have markdown-style italics.
-Pass in the user that wrote the text, so we know whether it can be privileged.
+This returns a function that processes the text body of an update, applying
+HTML sanitization and markdown-style italics if it was made by a staff user.
+
+Pass in the update extra, so we can determine if it was made by a staff user.
 
 =cut
 
-sub markup_factory {
-    my ($c, $user) = @_;
+sub staff_html_markup_factory {
+    my ($c, $extra) = @_;
+
+    my $staff = $extra->{is_superuser} || $extra->{is_body_user};
+
     return sub {
         my $text = shift;
-        return $text unless $user && ($user->from_body || $user->is_superuser);
+        unless ($staff) {
+            return FixMyStreet::Template::html_paragraph(add_links($text));
+        }
+
+        $text = FixMyStreet::Template::sanitize($text);
+
+        # Apply Markdown-style italics
         $text =~ s{\*(\S.*?\S)\*}{<i>$1</i>};
-        FixMyStreet::Template::SafeString->new($text);
+
+        # Mark safe so add_links doesn't escape everything.
+        $text = FixMyStreet::Template::SafeString->new($text);
+
+        $text = add_links($text);
+
+        # If the update already has block-level elements then don't wrap
+        # individual lines in <p> elements, as we assume the user knows what
+        # they're doing.
+        unless ($text =~ /<(p|ol|ul)>/) {
+            $text = FixMyStreet::Template::html_paragraph($text);
+        }
+
+        return $text;
     }
 }
 
-- 
cgit v1.2.3


From 245f12237ad2c796667d5d4736483474c1b481ce Mon Sep 17 00:00:00 2001
From: Dave Arter <davea@mysociety.org>
Date: Tue, 11 Aug 2020 09:18:12 +0100
Subject: Enable HTML in update alert emails.

---
 perllib/FixMyStreet/App/View/Web.pm | 37 +++++++++++++++++++++----------------
 1 file changed, 21 insertions(+), 16 deletions(-)

(limited to 'perllib/FixMyStreet/App/View/Web.pm')

diff --git a/perllib/FixMyStreet/App/View/Web.pm b/perllib/FixMyStreet/App/View/Web.pm
index 5e38fc797..41444fdd4 100644
--- a/perllib/FixMyStreet/App/View/Web.pm
+++ b/perllib/FixMyStreet/App/View/Web.pm
@@ -126,29 +126,34 @@ sub staff_html_markup_factory {
 
     return sub {
         my $text = shift;
-        unless ($staff) {
-            return FixMyStreet::Template::html_paragraph(add_links($text));
-        }
+        return _staff_html_markup($text, $staff);
+    }
+}
 
-        $text = FixMyStreet::Template::sanitize($text);
+sub _staff_html_markup {
+    my ( $text, $staff ) = @_;
+    unless ($staff) {
+        return FixMyStreet::Template::html_paragraph(add_links($text));
+    }
 
-        # Apply Markdown-style italics
-        $text =~ s{\*(\S.*?\S)\*}{<i>$1</i>};
+    $text = FixMyStreet::Template::sanitize($text);
 
-        # Mark safe so add_links doesn't escape everything.
-        $text = FixMyStreet::Template::SafeString->new($text);
+    # Apply Markdown-style italics
+    $text =~ s{\*(\S.*?\S)\*}{<i>$1</i>};
 
-        $text = add_links($text);
+    # Mark safe so add_links doesn't escape everything.
+    $text = FixMyStreet::Template::SafeString->new($text);
 
-        # If the update already has block-level elements then don't wrap
-        # individual lines in <p> elements, as we assume the user knows what
-        # they're doing.
-        unless ($text =~ /<(p|ol|ul)>/) {
-            $text = FixMyStreet::Template::html_paragraph($text);
-        }
+    $text = add_links($text);
 
-        return $text;
+    # If the update already has block-level elements then don't wrap
+    # individual lines in <p> elements, as we assume the user knows what
+    # they're doing.
+    unless ($text =~ /<(p|ol|ul)>/) {
+        $text = FixMyStreet::Template::html_paragraph($text);
     }
+
+    return $text;
 }
 
 =head2 escape_js
-- 
cgit v1.2.3


From 598bb52cb46aaca98e85328d34b58bbcb7581d71 Mon Sep 17 00:00:00 2001
From: M Somerville <matthew-github@dracos.co.uk>
Date: Thu, 1 Oct 2020 11:34:22 +0100
Subject: Move some templating functions to ::Template.

Most of the functions called by them are in that module, so seems
easiest to keep them together, plus this fixes lack of Web module
import in the Template module.
---
 perllib/FixMyStreet/App/View/Web.pm | 39 ++-----------------------------------
 1 file changed, 2 insertions(+), 37 deletions(-)

(limited to 'perllib/FixMyStreet/App/View/Web.pm')

diff --git a/perllib/FixMyStreet/App/View/Web.pm b/perllib/FixMyStreet/App/View/Web.pm
index 41444fdd4..8d3d53d0d 100644
--- a/perllib/FixMyStreet/App/View/Web.pm
+++ b/perllib/FixMyStreet/App/View/Web.pm
@@ -98,16 +98,7 @@ Add some links to some text (and thus HTML-escapes the other text).
 
 sub add_links {
     my $text = shift;
-    $text = FixMyStreet::Template::conditional_escape($text);
-    $text =~ s/\r//g;
-    $text =~ s{(?<!["'])(https?://)([^\s]+)}{"<a href=\"$1$2\">$1" . _space_slash($2) . '</a>'}ge;
-    return FixMyStreet::Template::SafeString->new($text);
-}
-
-sub _space_slash {
-    my $t = shift;
-    $t =~ s{/(?!$)}{/ }g;
-    return $t;
+    return FixMyStreet::Template::add_links($text);
 }
 
 =head2 staff_html_markup_factory
@@ -126,36 +117,10 @@ sub staff_html_markup_factory {
 
     return sub {
         my $text = shift;
-        return _staff_html_markup($text, $staff);
+        return FixMyStreet::Template::_staff_html_markup($text, $staff);
     }
 }
 
-sub _staff_html_markup {
-    my ( $text, $staff ) = @_;
-    unless ($staff) {
-        return FixMyStreet::Template::html_paragraph(add_links($text));
-    }
-
-    $text = FixMyStreet::Template::sanitize($text);
-
-    # Apply Markdown-style italics
-    $text =~ s{\*(\S.*?\S)\*}{<i>$1</i>};
-
-    # Mark safe so add_links doesn't escape everything.
-    $text = FixMyStreet::Template::SafeString->new($text);
-
-    $text = add_links($text);
-
-    # If the update already has block-level elements then don't wrap
-    # individual lines in <p> elements, as we assume the user knows what
-    # they're doing.
-    unless ($text =~ /<(p|ol|ul)>/) {
-        $text = FixMyStreet::Template::html_paragraph($text);
-    }
-
-    return $text;
-}
-
 =head2 escape_js
 
 Used to escape strings that are going to be put inside JavaScript.
-- 
cgit v1.2.3