1 files changed, 16 insertions, 2 deletions

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 370e8e15c..78a82316a 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -129,8 +129,9 @@ class ApplicationController < ActionController::Base
         @exception_class = exception.class.to_s
         @exception_message = exception.message
         case exception
-        when ActiveRecord::RecordNotFound, RouteNotFound
+        when ActiveRecord::RecordNotFound, RouteNotFound, WillPaginate::InvalidPage
             @status = 404
+            sanitize_path(params)
         when PermissionDenied
             @status = 403
         else
@@ -431,7 +432,11 @@ class ApplicationController < ActionController::Base
     def country_from_ip
         country = ""
         if !AlaveteliConfiguration::gaze_url.empty?
-            country = quietly_try_to_open("#{AlaveteliConfiguration::gaze_url}/gaze-rest?f=get_country_from_ip;ip=#{request.remote_ip}")
+            begin
+                country = quietly_try_to_open("#{AlaveteliConfiguration::gaze_url}/gaze-rest?f=get_country_from_ip;ip=#{request.remote_ip}")
+            rescue ActionDispatch::RemoteIp::IpSpoofAttackError
+                country = AlaveteliConfiguration::iso_country_code
+            end
         end
         country = AlaveteliConfiguration::iso_country_code if country.empty?
         return country
@@ -441,6 +446,15 @@ class ApplicationController < ActionController::Base
       `git log -1 --format="%H"`.strip
     end
 
+    # URL Encode the path parameter for use in render_exception
+    #
+    # params - the params Hash
+    #
+    # Returns a Hash
+    def sanitize_path(params)
+        params.merge!(:path => Rack::Utils.escape(params[:path])) if params.key?(:path)
+    end
+
     # URL generating functions are needed by all controllers (for redirects),
     # views (for links) and mailers (for use in emails), so include them into
     # all of all.