diff options
| author | Louise Crow <louise.crow@gmail.com> | 2014-12-18 16:08:20 +0000 |
|---|---|---|
| committer | Louise Crow <louise.crow@gmail.com> | 2014-12-18 16:08:20 +0000 |
| commit | d4d8096429cc9a97efbde63ef37cd1cc7d12708c (patch) | |
| tree | 6ab3b13fa0a37e02876d9ac808e5ba00ea8d967b /app/controllers/request_controller.rb | |
| parent | c0a3dc4571090fc553fd608cf1ac83e21f0290f4 (diff) | |
| parent | 6d587c328b7d58fb322bd9cf490b213c3ff1ffad (diff) | |
Merge branch 'brakeman_fixes' into rails-3-develop
Diffstat (limited to 'app/controllers/request_controller.rb')
| -rw-r--r-- | app/controllers/request_controller.rb | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/app/controllers/request_controller.rb b/app/controllers/request_controller.rb index d529f8dbb..413b74cea 100644 --- a/app/controllers/request_controller.rb +++ b/app/controllers/request_controller.rb @@ -10,7 +10,6 @@ require 'open-uri' class RequestController < ApplicationController before_filter :check_read_only, :only => [ :new, :show_response, :describe_state, :upload_response ] - protect_from_forgery :only => [ :new, :show_response, :describe_state, :upload_response ] # See ActionController::RequestForgeryProtection for details before_filter :check_batch_requests_and_user_allowed, :only => [ :select_authorities, :new_batch ] MAX_RESULTS = 500 PER_PAGE = 25 @@ -841,7 +840,15 @@ class RequestController < ApplicationController end # check filename in URL matches that in database (use a censor rule if you want to change a filename) - raise ActiveRecord::RecordNotFound.new("please use same filename as original file has, display: '" + @attachment.display_filename + "' old_display: '" + @attachment.old_display_filename + "' original: '" + @original_filename + "'") if @attachment.display_filename != @original_filename && @attachment.old_display_filename != @original_filename + if @attachment.display_filename != @original_filename && @attachment.old_display_filename != @original_filename + msg = 'please use same filename as original file has, display: ' + msg += "'#{ @attachment.display_filename }' " + msg += 'old_display: ' + msg += "'#{ @attachment.old_display_filename }' " + msg += 'original: ' + msg += "'#{ @original_filename }'" + raise ActiveRecord::RecordNotFound.new(msg) + end @attachment_url = get_attachment_url(:id => @incoming_message.info_request_id, :incoming_message_id => @incoming_message.id, :part => @part_number, |