diff options
23 files changed, 102 insertions, 77 deletions
diff --git a/app/controllers/admin_request_controller.rb b/app/controllers/admin_request_controller.rb index e39d55c7c..c3bb597be 100644 --- a/app/controllers/admin_request_controller.rb +++ b/app/controllers/admin_request_controller.rb @@ -304,7 +304,7 @@ class AdminRequestController < AdminController post_redirect.save! url = main_url(confirm_url(:email_token => post_redirect.email_token, :only_path => true)) - flash[:notice] = 'Send "' + name + '" <<a href="mailto:' + email + '">' + email + '</a>> this URL: <a href="' + url + '">' + url + "</a> - it will log them in and let them upload a response to this request.".html_safe + flash[:notice] = ("Send \"#{name}\" <<a href=\"mailto:#{email}\">#{email}</a>> this URL: <a href=\"#{url}\">#{url}</a> - it will log them in and let them upload a response to this request.").html_safe redirect_to request_admin_url(info_request) end diff --git a/app/models/request_mailer.rb b/app/models/request_mailer.rb index 493d6961c..73230a3a2 100644 --- a/app/models/request_mailer.rb +++ b/app/models/request_mailer.rb @@ -83,7 +83,7 @@ class RequestMailer < ApplicationMailer 'Auto-Submitted' => 'auto-generated', # http://tools.ietf.org/html/rfc3834 'X-Auto-Response-Suppress' => 'OOF' @recipients = info_request.user.name_and_email - @subject = _("New response to your FOI request - ") + info_request.title + @subject = (_("New response to your FOI request - ") + info_request.title).html_safe @body = { :incoming_message => incoming_message, :info_request => info_request, :url => url } end diff --git a/app/views/contact_mailer/from_admin_message.rhtml b/app/views/contact_mailer/from_admin_message.rhtml index bdb48d580..b2acc5fb3 100644 --- a/app/views/contact_mailer/from_admin_message.rhtml +++ b/app/views/contact_mailer/from_admin_message.rhtml @@ -1,2 +1 @@ -<%= @message.strip %> - +<%= raw @message.strip %> diff --git a/app/views/contact_mailer/to_admin_message.rhtml b/app/views/contact_mailer/to_admin_message.rhtml index 9c0a74c02..8c56779fd 100644 --- a/app/views/contact_mailer/to_admin_message.rhtml +++ b/app/views/contact_mailer/to_admin_message.rhtml @@ -1,4 +1,4 @@ -<%= @message.strip %> +<%= raw @message.strip %> --------------------------------------------------------------------- <%= _('Message sent using {{site_name}} contact form, ', :site_name=>site_name)%> diff --git a/app/views/contact_mailer/user_message.rhtml b/app/views/contact_mailer/user_message.rhtml index b1d6e81ae..afa1494db 100644 --- a/app/views/contact_mailer/user_message.rhtml +++ b/app/views/contact_mailer/user_message.rhtml @@ -5,7 +5,7 @@ learn your email address. Only reply if that is okay.', :user_name => @from_user.name) %> --------------------------------------------------------------------- -<%= @message.strip %> +<%= raw @message.strip %> --------------------------------------------------------------------- <%= _('View Freedom of Information requests made by {{user_name}}:', :user_name=>@from_user.name)%> diff --git a/app/views/outgoing_mailer/followup.rhtml b/app/views/outgoing_mailer/followup.rhtml index 7050a295b..049ebc881 100644 --- a/app/views/outgoing_mailer/followup.rhtml +++ b/app/views/outgoing_mailer/followup.rhtml @@ -1,6 +1,6 @@ -<%= @outgoing_message.body.strip %> +<%= raw @outgoing_message.body.strip %> -<%= @outgoing_message.quoted_part_to_append_to_email.strip %> +<%= raw @outgoing_message.quoted_part_to_append_to_email.strip %> ------------------------------------------------------------------- <%= _('Please use this email address for all replies to this request:')%> diff --git a/app/views/outgoing_mailer/initial_request.rhtml b/app/views/outgoing_mailer/initial_request.rhtml index d537a20bc..5c418ecc7 100644 --- a/app/views/outgoing_mailer/initial_request.rhtml +++ b/app/views/outgoing_mailer/initial_request.rhtml @@ -1,4 +1,4 @@ -<%= @outgoing_message.body.strip %> +<%= raw @outgoing_message.body.strip %> ------------------------------------------------------------------- diff --git a/app/views/public_body/show.rhtml b/app/views/public_body/show.rhtml index 7110ae9dd..8fc1eadda 100644 --- a/app/views/public_body/show.rhtml +++ b/app/views/public_body/show.rhtml @@ -58,7 +58,7 @@ <% end %> <%= _('<a class="link_button_green" href="{{url}}">{{text}}</a>', :url=>new_request_to_body_url(:url_name => @public_body.url_name), :text=>_("Start"))%> <% elsif @public_body.has_notes? %> - <%= @public_body.notes_as_html %> + <%= @public_body.notes_as_html.html_safe %> <% elsif @public_body.not_requestable_reason == 'not_apply' %> <%= _('Freedom of Information law does not apply to this authority, so you cannot make a request to it.')%> diff --git a/app/views/request/new.rhtml b/app/views/request/new.rhtml index f396ea9ec..c16105560 100644 --- a/app/views/request/new.rhtml +++ b/app/views/request/new.rhtml @@ -7,26 +7,26 @@ $("#typeahead_response").load("<%=search_ahead_url%>?q="+encodeURI(this.value), function() { // When following links in typeahead results, open new tab/window $("#typeahead_response a").attr("target","_blank"); - + // Update the public body site search link $("#body-site-search-link").attr("href", "http://www.google.com/#q="+encodeURI($("#typeahead_search").val())+ "+site:<%= @info_request.public_body.calculated_home_page %>"); }); })); - + }); </script> <% @title = _("Make an {{law_used_short}} request to '{{public_body_name}}'",:law_used_short=>h(@info_request.law_used_short),:public_body_name=>h(@info_request.public_body.name)) %> <h1><%= _('2. Ask for Information') %></h1> - + <% if @existing_request %> <div class="errorExplanation" id="errorExplanation"><ul> <li> <%= _('{{existing_request_user}} already created the same request on {{date}}. You can either view the <a href="{{existing_request}}">existing request</a>, - or edit the details below to make a new but similar request.',:existing_request_user=>user_or_you_capital_link(@existing_request.user), :date=>simple_date(@existing_request.created_at), :existing_request=>request_url(@existing_request)) %> + or edit the details below to make a new but similar request.',:existing_request_user=>user_or_you_capital_link(@existing_request.user), :date=>simple_date(@existing_request.created_at), :existing_request=>request_url(@existing_request)) %> </li> </ul></div> <% end %> @@ -37,7 +37,7 @@ <div id="request_header"> <div id="request_header_body"> - <label class="form_label" for="info_request_public_body_id"><%= _('To:') %></label> + <label class="form_label" for="info_request_public_body_id"><%= _('To:') %></label> <span id="to_public_body"><%=h(@info_request.public_body.name)%></span> <div class="form_item_note"> <% if @info_request.public_body.info_requests.size > 0 %> @@ -48,18 +48,18 @@ </div> <% if @info_request.public_body.has_notes? %> - <div id="request_header_text"> + <div id="request_header_text"> <h3><%= _('Special note for this authority!') %></h3> - <p><%= @info_request.public_body.notes_as_html %></p> + <p><%= @info_request.public_body.notes_as_html.html_safe %></p> </div> <% end %> <% if @info_request.public_body.eir_only? %> <h3><%= _('Please ask for environmental information only') %></h3> - <p><%= _('The Freedom of Information Act <strong>does not apply</strong> to') %> <%=h(@info_request.public_body.name)%>. + <p><%= _('The Freedom of Information Act <strong>does not apply</strong> to') %> <%=h(@info_request.public_body.name)%>. <%= _('However, you have the right to request environmental - information under a different law') %> (<a href="/help/requesting#eir">explanation</a>). + information under a different law') %> (<a href="/help/requesting#eir">explanation</a>). <%= _('This covers a very wide spectrum of information about the state of the <strong>natural and built environment</strong>, such as:') %> @@ -79,21 +79,21 @@ <% end %> </div> - <div id="request_header_subject"> + <div id="request_header_subject"> <p> - <label class="form_label" for="typeahead_search"><%= _('Summary:') %></label> + <label class="form_label" for="typeahead_search"><%= _('Summary:') %></label> <%= f.text_field :title, :size => 50, :id =>"typeahead_search" %> </p> <div class="form_item_note"> - (<%= _("a one line summary of the information you are requesting, \n\t\t\te.g.") %> + (<%= _("a one line summary of the information you are requesting, \n\t\t\te.g.") %> <%= render :partial => "summary_suggestion" %>) </div> </div> - + <div id="typeahead_response"> </div> </div> - + <div id="request_advice"> <ul> <li><%= _('Write your request in <strong>simple, precise language</strong>.') %></li> @@ -102,35 +102,35 @@ </ul> </div> - <div id="request_form"> + <div id="request_form"> <% fields_for :outgoing_message do |o| %> <p> - <label class="form_label" for="outgoing_message_body"><%= _('Your request:') %></label> + <label class="form_label" for="outgoing_message_body"><%= _('Your request:') %></label> <%= o.text_area :body, :rows => 20, :cols => 60 %> </p> <% end %> - + <% if !@user %> <p class="form_note"> - <%= raw(_('Everything that you enter on this page, including <strong>your name</strong>, + <%= raw(_('Everything that you enter on this page, including <strong>your name</strong>, will be <strong>displayed publicly</strong> on - this website forever (<a href="%s">why?</a>).') % [help_privacy_path+"#public_request"]) %> + this website forever (<a href="%s">why?</a>).') % [help_privacy_path+"#public_request"]) %> <%= raw(_('If you are thinking of using a pseudonym, please <a href="%s">read this first</a>.') % [help_privacy_path+"#real_name"]) %> </p> <% else %> <p class="form_note"> - <%= raw(_('Everything that you enter on this page + <%= raw(_('Everything that you enter on this page will be <strong>displayed publicly</strong> on - this website forever (<a href="%s">why?</a>).') % [help_privacy_path+"#public_request"]) %> + this website forever (<a href="%s">why?</a>).') % [help_privacy_path+"#public_request"]) %> </p> <% end %> - + <p class="form_note"> <%= raw(_("<strong> Can I request information about myself?</strong>\n" + - "\t\t\t<a href=\"%s\">No! (Click here for details)</a>") % [help_requesting_path+"#data_protection"]) %> + "\t\t\t<a href=\"%s\">No! (Click here for details)</a>") % [help_requesting_path+"#data_protection"]) %> </p> - + <div class="form_button"> <%= f.hidden_field(:public_body_id, { :value => @info_request.public_body_id } ) %> <%= hidden_field_tag(:submitted_new_request, 1 ) %> @@ -140,14 +140,14 @@ <% if !@info_request.tag_string.empty? %> <p class="form_note"> - <!-- <label class="form_label" for="info_request_tag_string">Tags:</label> + <!-- <label class="form_label" for="info_request_tag_string">Tags:</label> <%= f.text_field :tag_string, :size => 50 %> --> <%= f.hidden_field(:tag_string) %> <strong>Tags:</strong> <%=h @info_request.tag_string %> </p> <% end %> - + </div> <% end %> diff --git a/app/views/request/show.rhtml b/app/views/request/show.rhtml index 0cae3a9aa..8cadce3cc 100644 --- a/app/views/request/show.rhtml +++ b/app/views/request/show.rhtml @@ -25,6 +25,7 @@ <div id="left_column"> <h1><%=h(@info_request.title)%></h1> + <% if !@info_request.is_external? && @info_request.user.profile_photo %> <p class="user_photo_on_request"> <img src="<%= get_profile_photo_url(:url_name => @info_request.user.url_name) %>" alt=""> diff --git a/app/views/request_mailer/external_response.rhtml b/app/views/request_mailer/external_response.rhtml index e9858f03f..896054a43 100644 --- a/app/views/request_mailer/external_response.rhtml +++ b/app/views/request_mailer/external_response.rhtml @@ -1 +1 @@ -<%=@body%> +<%= raw @body %> diff --git a/app/views/request_mailer/fake_response.rhtml b/app/views/request_mailer/fake_response.rhtml index e9858f03f..896054a43 100644 --- a/app/views/request_mailer/fake_response.rhtml +++ b/app/views/request_mailer/fake_response.rhtml @@ -1 +1 @@ -<%=@body%> +<%= raw @body %> diff --git a/app/views/request_mailer/new_response.rhtml b/app/views/request_mailer/new_response.rhtml index 083f873b4..672212f20 100644 --- a/app/views/request_mailer/new_response.rhtml +++ b/app/views/request_mailer/new_response.rhtml @@ -1,6 +1,6 @@ <%= _('You have a new response to the {{law_used_full}} request ',:law_used_full=>@info_request.law_used_full)%> -'<%= @info_request.title %>' <%=_('that you made to')%> -<%= @info_request.public_body.name %>. +'<%= raw @info_request.title %>' <%=_('that you made to')%> +<%= raw @info_request.public_body.name %>. <%= _('To view the response, click on the link below.')%> diff --git a/app/views/request_mailer/new_response_reminder_alert.rhtml b/app/views/request_mailer/new_response_reminder_alert.rhtml index 86fc71de7..c196dafe6 100644 --- a/app/views/request_mailer/new_response_reminder_alert.rhtml +++ b/app/views/request_mailer/new_response_reminder_alert.rhtml @@ -3,7 +3,7 @@ <%=@url%> <%= _('Your request was called {{info_request}}. Letting everyone know whether you got the information will help us keep tabs on',:info_request=>@info_request.title)%> -<%= @info_request.public_body.name %>. +<%= raw @info_request.public_body.name %>. -- <%= _('the {{site_name}} team', :site_name=>site_name) %> diff --git a/app/views/request_mailer/overdue_alert.rhtml b/app/views/request_mailer/overdue_alert.rhtml index b8a9ba525..249bf6bb8 100644 --- a/app/views/request_mailer/overdue_alert.rhtml +++ b/app/views/request_mailer/overdue_alert.rhtml @@ -1,4 +1,4 @@ -<%= @info_request.public_body.name %> <%= _('have delayed.')%> +<%= raw @info_request.public_body.name %> <%= _('have delayed.')%> <%= _('They have not replied to your {{law_used_short}} request {{title}} promptly, as normally required by law',:law_used_short=>@info_request.law_used_short,:title=>@info_request.title)%><% if @info_request.public_body.is_school? %> <%=_('during term time')%> <% end %>. diff --git a/app/views/request_mailer/requires_admin.rhtml b/app/views/request_mailer/requires_admin.rhtml index 06a798792..e7ab53c59 100644 --- a/app/views/request_mailer/requires_admin.rhtml +++ b/app/views/request_mailer/requires_admin.rhtml @@ -1,9 +1,9 @@ --------------------------------------------------------------------- -<%=@reported_by.name%> <%= _('has reported an')%> <%=@info_request.law_used_short%> +<%= raw @reported_by.name %> <%= _('has reported an')%> <%= raw @info_request.law_used_short %> <%= _('response as needing administrator attention. Take a look, and reply to this email to let them know what you are going to do about it.')%> -Request '<%=@info_request.title%>': +Request '<%= raw @info_request.title %>': <%= @url %> <%= _('Administration URL:') %> diff --git a/app/views/request_mailer/very_overdue_alert.rhtml b/app/views/request_mailer/very_overdue_alert.rhtml index 6abd198a0..80597473c 100644 --- a/app/views/request_mailer/very_overdue_alert.rhtml +++ b/app/views/request_mailer/very_overdue_alert.rhtml @@ -1,4 +1,4 @@ -<%= @info_request.public_body.name %> <%= _('are long overdue.')%> +<%= raw @info_request.public_body.name %> <%= _('are long overdue.')%> <%= _('They have not replied to your {{law_used_short}} request {{title}}, as required by law',:law_used_short=>@info_request.law_used_short,:title=>@info_request.title)%><% if @info_request.public_body.is_school? %> <%= _('even during holidays')%><% end %>. diff --git a/app/views/user_mailer/already_registered.rhtml b/app/views/user_mailer/already_registered.rhtml index 59ffcbf94..32c2c7e63 100644 --- a/app/views/user_mailer/already_registered.rhtml +++ b/app/views/user_mailer/already_registered.rhtml @@ -1,10 +1,10 @@ -<%= @name %>, +<%= raw @name %>, <%= _('You just tried to sign up to {{site_name}}, when you already have an account. Your name and password have been left as they previously were. -Please click on the link below.', :site_name=>site_name)%> <%=@reasons[:email]%> +Please click on the link below.', :site_name=>site_name)%> <%=raw @reasons[:email] %> <%=@url%> diff --git a/app/views/user_mailer/changeemail_confirm.rhtml b/app/views/user_mailer/changeemail_confirm.rhtml index ffb9737f7..c73e9486b 100644 --- a/app/views/user_mailer/changeemail_confirm.rhtml +++ b/app/views/user_mailer/changeemail_confirm.rhtml @@ -1,4 +1,4 @@ -<%= @name %>, +<%= raw @name %>, <%= _('Please click on the link below to confirm that you want to change the email address that you use for {{site_name}} diff --git a/app/views/user_mailer/confirm_login.rhtml b/app/views/user_mailer/confirm_login.rhtml index 6f4feff00..fa86dc2b1 100644 --- a/app/views/user_mailer/confirm_login.rhtml +++ b/app/views/user_mailer/confirm_login.rhtml @@ -1,7 +1,7 @@ -<%= @name %>, +<%= raw @name %>, <%= _('Please click on the link below to confirm your email address.')%> -<%=@reasons[:email]%> +<%= raw @reasons[:email] %> <%=@url%> diff --git a/config/general.yml-example b/config/general.yml-example index bfe289541..30221bac4 100644 --- a/config/general.yml-example +++ b/config/general.yml-example @@ -180,6 +180,11 @@ VARNISH_HOST: localhost # Adding a value here will enable Google Analytics on all non-admin pages for non-admin users. GA_CODE: '' +# We need to add the WDTK survey variables here, or else the deployment +# system will cry. +SURVEY_SECRET: '' +SURVEY_URL: '' + # If you want to override *all* the public body request emails with your own # email so that request emails that would normally go to the public body # go to you, then uncomment below and fill in your email. diff --git a/lib/tasks/temp.rake b/lib/tasks/temp.rake index e49a84ecb..e50ee2cb8 100644 --- a/lib/tasks/temp.rake +++ b/lib/tasks/temp.rake @@ -40,6 +40,26 @@ namespace :temp do if ! dryrun FileUtils.rm_rf(request_subdir) end + else + Dir.glob(File.join(request_subdir, 'response', '*')) do |response_subdir| + incoming_message_id = File.basename(response_subdir) + puts "Looking for IncomingMessage with id #{incoming_message_id}" if verbose + begin + incoming_message = IncomingMessage.find(incoming_message_id) + puts "Got IncomingMessage #{incoming_message_id}" if verbose + if incoming_message.info_request != info_request + puts "Deleting cache at #{response_subdir}: IncomingMessage #{incoming_message_id} has been moved from InfoRequest #{info_request_id}" + if ! dryrun + FileUtils.rm_rf(response_subdir) + end + end + rescue ActiveRecord::RecordNotFound + puts "Deleting cache at #{response_subdir} for deleted IncomingMessage #{incoming_message_id}" + if ! dryrun + FileUtils.rm_rf(response_subdir) + end + end + end end rescue ActiveRecord::RecordNotFound puts "Deleting cache at #{request_subdir} for deleted InfoRequest #{info_request_id}" diff --git a/spec/models/info_request_spec.rb b/spec/models/info_request_spec.rb index 544852f91..4112a2baa 100644 --- a/spec/models/info_request_spec.rb +++ b/spec/models/info_request_spec.rb @@ -454,6 +454,33 @@ describe InfoRequest do end + describe 'when an instance is asked if all can view it' do + + before do + @info_request = InfoRequest.new + end + + it 'should return true if its prominence is normal' do + @info_request.prominence = 'normal' + @info_request.all_can_view?.should == true + end + + it 'should return true if its prominence is backpage' do + @info_request.prominence = 'backpage' + @info_request.all_can_view?.should == true + end + + it 'should return false if its prominence is hidden' do + @info_request.prominence = 'hidden' + @info_request.all_can_view?.should == false + end + + it 'should return false if its prominence is requester_only' do + @info_request.prominence = 'requester_only' + @info_request.all_can_view?.should == false + end + end + describe 'when applying censor rules' do before do @@ -537,32 +564,5 @@ describe InfoRequest do end - describe 'when an instance is asked if all can view it' do - - before do - @info_request = InfoRequest.new - end - - it 'should return true if its prominence is normal' do - @info_request.prominence = 'normal' - @info_request.all_can_view?.should == true - end - - it 'should return true if its prominence is backpage' do - @info_request.prominence = 'backpage' - @info_request.all_can_view?.should == true - end - - it 'should return false if its prominence is hidden' do - @info_request.prominence = 'hidden' - @info_request.all_can_view?.should == false - end - - it 'should return false if its prominence is requester_only' do - @info_request.prominence = 'requester_only' - @info_request.all_can_view?.should == false - end - - end end |