diff options
| -rw-r--r-- | app/controllers/request_controller.rb | 11 | ||||
| -rw-r--r-- | app/models/info_request.rb | 4 | ||||
| -rw-r--r-- | app/models/info_request_event.rb | 6 | ||||
| -rw-r--r-- | app/models/outgoing_message.rb | 29 | ||||
| -rw-r--r-- | app/views/track_mailer/event_digest.rhtml | 2 | ||||
| -rw-r--r-- | spec/models/outgoing_message_spec.rb | 21 |
6 files changed, 53 insertions, 20 deletions
diff --git a/app/controllers/request_controller.rb b/app/controllers/request_controller.rb index c8828c191..e2b57b90d 100644 --- a/app/controllers/request_controller.rb +++ b/app/controllers/request_controller.rb @@ -4,7 +4,7 @@ # Copyright (c) 2007 UK Citizens Online Democracy. All rights reserved. # Email: francis@mysociety.org; WWW: http://www.mysociety.org/ # -# $Id: request_controller.rb,v 1.149 2009-03-07 00:38:26 francis Exp $ +# $Id: request_controller.rb,v 1.150 2009-03-07 01:16:18 francis Exp $ class RequestController < ApplicationController @@ -181,14 +181,13 @@ class RequestController < ApplicationController if params[:preview].to_i == 1 message = "" if @outgoing_message.contains_email? - message += "<p>You've put an <strong>email address</strong> in your request. - This is a warning that it will <strong>appear - publicly on the Internet</strong>.</p>" if @user.nil? - message += "<p>You do not need to include your own email in order to get a reply, as we will ask for it on the next screen (<a href=\"/help/about#email_address\">details</a>).</p>"; + message += "<p>You do not need to include your email in the request in order to get a reply, as we will ask for it on the next screen (<a href=\"/help/about#email_address\">details</a>).</p>"; else - message += "<p>You do not need to include your own email in order to get a reply (<a href=\"/help/about#email_address\">details</a>).</p>"; + message += "<p>You do not need to include your email in the request in order to get a reply (<a href=\"/help/about#email_address\">details</a>).</p>"; end + message += "<p>We recommend that you edit your request and remove the email address. + If you leave it, the email address will be sent to the authority, but will not be displayed on the site.</p>" end if @outgoing_message.contains_postcode? message += "<p>Your request contains a <strong>postcode</strong>. Unless it directly relates to the subject of your request, please remove any address as it will <strong>appear publicly on the Internet</strong>.</p>"; diff --git a/app/models/info_request.rb b/app/models/info_request.rb index 60b921e69..e553c9700 100644 --- a/app/models/info_request.rb +++ b/app/models/info_request.rb @@ -23,7 +23,7 @@ # Copyright (c) 2007 UK Citizens Online Democracy. All rights reserved. # Email: francis@mysociety.org; WWW: http://www.mysociety.org/ # -# $Id: info_request.rb,v 1.171 2009-03-06 13:06:20 tony Exp $ +# $Id: info_request.rb,v 1.172 2009-03-07 01:16:18 francis Exp $ require 'digest/sha1' require File.join(File.dirname(__FILE__),'../../vendor/plugins/acts_as_xapian/lib/acts_as_xapian') @@ -573,7 +573,7 @@ public if outgoing_messages.empty? # mainly for use with incomplete fixtures return "" end - excerpt = self.outgoing_messages[0].body_without_salutation + excerpt = self.outgoing_messages[0].get_text_for_indexing return excerpt end diff --git a/app/models/info_request_event.rb b/app/models/info_request_event.rb index 938b5313a..bd6a565dc 100644 --- a/app/models/info_request_event.rb +++ b/app/models/info_request_event.rb @@ -21,7 +21,7 @@ # Copyright (c) 2007 UK Citizens Online Democracy. All rights reserved. # Email: francis@mysociety.org; WWW: http://www.mysociety.org/ # -# $Id: info_request_event.rb,v 1.74 2009-03-04 11:26:35 tony Exp $ +# $Id: info_request_event.rb,v 1.75 2009-03-07 01:16:18 francis Exp $ class InfoRequestEvent < ActiveRecord::Base belongs_to :info_request @@ -127,9 +127,9 @@ class InfoRequestEvent < ActiveRecord::Base def search_text_main text = '' if self.event_type == 'sent' - text = text + self.outgoing_message.body_without_salutation + "\n\n" + text = text + self.outgoing_message.get_text_for_indexing + "\n\n" elsif self.event_type == 'followup_sent' - text = text + self.outgoing_message.body_without_salutation + "\n\n" + text = text + self.outgoing_message.get_text_for_indexing + "\n\n" elsif self.event_type == 'response' text = text + self.incoming_message.get_text_for_indexing + "\n\n" elsif self.event_type == 'comment' diff --git a/app/models/outgoing_message.rb b/app/models/outgoing_message.rb index 3c114cd25..4c2a2db59 100644 --- a/app/models/outgoing_message.rb +++ b/app/models/outgoing_message.rb @@ -22,7 +22,7 @@ # Copyright (c) 2007 UK Citizens Online Democracy. All rights reserved. # Email: francis@mysociety.org; WWW: http://www.mysociety.org/ # -# $Id: outgoing_message.rb,v 1.79 2009-03-04 11:26:35 tony Exp $ +# $Id: outgoing_message.rb,v 1.80 2009-03-07 01:16:18 francis Exp $ class OutgoingMessage < ActiveRecord::Base strip_attributes! @@ -100,12 +100,6 @@ class OutgoingMessage < ActiveRecord::Base read_attribute(:body) end - def body_without_salutation - ret = self.body - ret.sub!(/Dear .+,/, "") - return ret - end - # Used to give warnings when writing new messages def contains_email? MySociety::Validate.email_find_regexp.match(self.body) @@ -194,9 +188,30 @@ class OutgoingMessage < ActiveRecord::Base end end + # We hide emails from display in outgoing messages. + def remove_privacy_sensitive_things(text) + text = text.dup + text.gsub!(MySociety::Validate.email_find_regexp, "[email address]") + return text + end + + # Returns text for indexing / text display + def get_text_for_indexing + text = self.body.strip + + # Remove salutation + text.sub!(/Dear .+,/, "") + + # Remove email addresses from display/index etc. + text = self.remove_privacy_sensitive_things(text) + + return text + end + # Return body for display as HTML def get_body_for_html_display text = self.body.strip + text = self.remove_privacy_sensitive_things(text) text = MySociety::Format.wrap_email_body(text) # reparagraph and wrap it so is good preview of emails text = CGI.escapeHTML(text) text = MySociety::Format.make_clickable(text, :contract => 1) diff --git a/app/views/track_mailer/event_digest.rhtml b/app/views/track_mailer/event_digest.rhtml index 3778a8903..4f112f257 100644 --- a/app/views/track_mailer/event_digest.rhtml +++ b/app/views/track_mailer/event_digest.rhtml @@ -36,7 +36,7 @@ # Main text, wrapped, words highlighted with * and indented. if not event.outgoing_message.nil? - extract = highlight_and_excerpt(event.outgoing_message.body_without_salutation, @highlight_words, 150, false) + extract = highlight_and_excerpt(event.outgoing_message.get_text_for_indexing, @highlight_words, 150, false) elsif not event.incoming_message.nil? extract = highlight_and_excerpt(event.incoming_message.get_text_for_indexing, @highlight_words, 150, false) elsif not event.comment.nil? diff --git a/spec/models/outgoing_message_spec.rb b/spec/models/outgoing_message_spec.rb index 35c330e92..83348e690 100644 --- a/spec/models/outgoing_message_spec.rb +++ b/spec/models/outgoing_message_spec.rb @@ -1,8 +1,27 @@ require File.dirname(__FILE__) + '/../spec_helper' -describe OutgoingMessage, " when blah" do +describe OutgoingMessage, " when making an outgoing message" do before do end + + it "should not show email addresses for outgoing messages, except when mailing" do + outgoing_message = OutgoingMessage.new({ + :status => 'ready', + :message_type => 'initial_request', + :body => 'This request contains a foo@bar.com email address', + :last_sent_at => Time.now(), + :what_doing => 'normal_sort' + }) + + # used for index, but also for track emails + outgoing_message.get_text_for_indexing.should_not include("foo@bar.com") + + # used for normal display on page + outgoing_message.get_body_for_html_display.should_not include("foo@bar.com") + + # called from the request sending email templates + outgoing_message.body.should include("foo@bar.com") + end end |