Prevent spiders from reporting requests

Make the "report request" button submit a POST rather than a GET request. Also restrict this action to logged-in users. Fixes #501.
author: Robin Houston <robin.houston@gmail.com> 2012-06-03 17:30:25 +0100
committer: Robin Houston <robin.houston@gmail.com> 2012-06-03 17:30:25 +0100
commit: 28fac418f2bf4dd21f150054713f1b7fe410c67a (patch)
tree: b2dba9bdf262b981b9ce92fb6071f75bfe7bdaa4 /app/controllers/request_controller.rb
parent: 0806fcc7d477b45d158e8a152b1f927f395d3aa7 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/app/controllers/request_controller.rb b/app/controllers/request_controller.rb
index 4592b5ac2..bd2bfc974 100644
--- a/app/controllers/request_controller.rb
+++ b/app/controllers/request_controller.rb
@@ -656,6 +656,12 @@ class RequestController < ApplicationController
 
     def report_request
         info_request = InfoRequest.find_by_url_title(params[:url_title])
+        return if !authenticated?(
+                :web => _("To report this FOI request"),
+                :email => _("Then you can report the request '{{title}}'", :title => info_request.title),
+                :email_subject => _("Report an offensive or unsuitable request")
+            )
+        
         if !info_request.attention_requested
             info_request.set_described_state('attention_requested')
             info_request.attention_requested = true # tells us if attention has ever been requested
author	Robin Houston <robin.houston@gmail.com>	2012-06-03 17:30:25 +0100
committer	Robin Houston <robin.houston@gmail.com>	2012-06-03 17:30:25 +0100
commit	28fac418f2bf4dd21f150054713f1b7fe410c67a (patch)
tree	b2dba9bdf262b981b9ce92fb6071f75bfe7bdaa4 /app/controllers/request_controller.rb
parent	0806fcc7d477b45d158e8a152b1f927f395d3aa7 (diff)