1 files changed, 23 insertions, 5 deletions

diff --git a/app/controllers/request_controller.rb b/app/controllers/request_controller.rb
index fc1ffdd75..2295d6718 100644
--- a/app/controllers/request_controller.rb
+++ b/app/controllers/request_controller.rb
@@ -207,18 +207,28 @@ class RequestController < ApplicationController
         end
 
         # Banned from making new requests?
+        user_exceeded_limit = false
         if !authenticated_user.nil? && !authenticated_user.can_file_requests?
-            if authenticated_user.exceeded_limit?
-                render :template => 'user/rate_limited'
-            else
+            # If the reason the user cannot make new requests is that they are
+            # rate-limited, it’s possible they composed a request before they
+            # logged in and we want to include the text of the request so they
+            # can squirrel it away for tomorrow, so we detect this later after
+            # we have constructed the InfoRequest.
+            user_exceeded_limit = authenticated_user.exceeded_limit?
+            if !user_exceeded_limit
                 @details = authenticated_user.can_fail_html
                 render :template => 'user/banned'
+                return
             end
-            return
         end
 
         # First time we get to the page, just display it
         if params[:submitted_new_request].nil? || params[:reedit]
+            if user_exceeded_limit
+                render :template => 'user/rate_limited'
+                return
+            end
+
             params[:info_request] = { } if !params[:info_request]
 
             # Read parameters in - first the public body (by URL name or id)
@@ -318,6 +328,11 @@ class RequestController < ApplicationController
             return
         end
 
+        if user_exceeded_limit
+            render :template => 'user/rate_limited'
+            return
+        end
+
         if !authenticated?(
                 :web => _("To send your FOI request"),
                 :email => _("Then your FOI request to {{public_body_name}} will be sent.",:public_body_name=>@info_request.public_body.name),
@@ -701,7 +716,10 @@ class RequestController < ApplicationController
         @incoming_message.parse_raw_email!
         @info_request = @incoming_message.info_request
         if @incoming_message.info_request_id != params[:id].to_i
-            message = "Incoming message %d does not belong to request %d" % [@incoming_message.info_request_id, params[:id]]
+            # Note that params[:id] might not be an integer, though
+            # if we’ve got this far then it must begin with an integer
+            # and that integer must be the id number of an actual request.
+            message = "Incoming message %d does not belong to request '%s'" % [@incoming_message.info_request_id, params[:id]]
             raise ActiveRecord::RecordNotFound.new(message)
         end
         @part_number = params[:part].to_i