3 files changed, 28 insertions, 9 deletions

diff --git a/app/controllers/request_controller.rb b/app/controllers/request_controller.rb
index 6bf0ed472..469c0fd0a 100644
--- a/app/controllers/request_controller.rb
+++ b/app/controllers/request_controller.rb
@@ -4,7 +4,7 @@
 # Copyright (c) 2007 UK Citizens Online Democracy. All rights reserved.
 # Email: francis@mysociety.org; WWW: http://www.mysociety.org/
 #
-# $Id: request_controller.rb,v 1.175 2009-09-07 10:50:29 francis Exp $
+# $Id: request_controller.rb,v 1.176 2009-09-07 18:28:39 francis Exp $
 
 class RequestController < ApplicationController
     
@@ -534,6 +534,10 @@ class RequestController < ApplicationController
     def get_attachment
         get_attachment_internal(false)
 
+        # Prevent spam to magic request address. Note that the binary
+        # subsitution method used depends on the content type
+        @attachment.body = @incoming_message.binary_mask_stuff(@attachment.body, @attachment.content_type) 
+
         # we don't use @attachment.content_type here, as we want same mime type when cached in cache_attachments above
         response.content_type = filename_to_mimetype(params[:file_name].join("/")) or 'application/octet-stream'
 
@@ -557,6 +561,8 @@ class RequestController < ApplicationController
         view_html_prefix = render_to_string :partial => "request/view_html_prefix"
         html.sub!("<prefix-here>", view_html_prefix)
 
+        html= @incoming_message.html_mask_stuff(html) 
+
         response.content_type = 'text/html'
         render :text => html
     end
@@ -584,10 +590,6 @@ class RequestController < ApplicationController
         # check filename in URL matches that in database (use a censor rule if you want to change a filename)
         raise "please use same filename as original file has, display: " + @attachment.display_filename + " original: " + @original_filename if @attachment.display_filename != @original_filename
 
-        # Prevent spam to magic request address. Note that the binary
-        # subsitution method used depends on the content type
-        @attachment.body = @incoming_message.binary_mask_stuff(@attachment.body, @attachment.content_type) 
-
         @attachment_url = get_attachment_url(:id => @incoming_message.info_request_id,
                 :incoming_message_id => @incoming_message.id, :part => @part_number,
                 :file_name => @original_filename )
diff --git a/app/models/incoming_message.rb b/app/models/incoming_message.rb
index eae6542ef..a4be9a4cb 100644
--- a/app/models/incoming_message.rb
+++ b/app/models/incoming_message.rb
@@ -19,7 +19,7 @@
 # Copyright (c) 2007 UK Citizens Online Democracy. All rights reserved.
 # Email: francis@mysociety.org; WWW: http://www.mysociety.org/
 #
-# $Id: incoming_message.rb,v 1.211 2009-08-20 11:05:27 francis Exp $
+# $Id: incoming_message.rb,v 1.212 2009-09-07 18:28:40 francis Exp $
 
 # TODO
 # Move some of the (e.g. quoting) functions here into rblib, as they feel
@@ -458,8 +458,9 @@ class IncomingMessage < ActiveRecord::Base
                 end
                 # if we managed to uncompress the PDF...
                 if !uncompressed_text.nil? 
-                    censored_uncompressed_text = self.info_request.apply_censor_rules_to_binary(uncompressed_text)
-                    # and the censor rule removed something...
+                    # then censor stuff
+                    censored_uncompressed_text = self._binary_mask_stuff_internal(uncompressed_text) 
+                    # if the censor rule removed something...
                     if censored_uncompressed_text != uncompressed_text
                         # then use the altered file (recompressed)
                         recompressed_text = nil
@@ -476,7 +477,12 @@ class IncomingMessage < ActiveRecord::Base
             end
             return text
         end
-        
+
+        return self._binary_mask_stuff_internal(text) 
+    end
+
+    # Used by binary_mask_stuff
+    def _binary_mask_stuff_internal(text)
         # Keep original size, so can check haven't resized it
         orig_size = text.size
 
@@ -507,6 +513,14 @@ class IncomingMessage < ActiveRecord::Base
         return text
     end
 
+    # Removes censored stuff from from HTML conversion of downloaded binaries
+    def html_mask_stuff(html)
+        html = self.mask_special_emails(html)
+        html = self.remove_privacy_sensitive_things(html)
+
+        return html
+    end
+
     # Lotus notes quoting yeuch!
     def remove_lotus_quoting(text, replacement = "FOLDED_QUOTED_SECTION")
         text = text.dup
diff --git a/todo.txt b/todo.txt
index 18002fa65..b7b9c6a58 100644
--- a/todo.txt
+++ b/todo.txt
@@ -79,6 +79,9 @@ and resend messages to them
 Later
 =====
 
+Maybe don't email you in alert subscriptions about annotations you made on
+other people's requests?
+
 Renaming of a body, or changing its domain, should clear the cached bubbles of
 all requests to that body.