1 files changed, 13 insertions, 8 deletions

diff --git a/app/controllers/request_controller.rb b/app/controllers/request_controller.rb
index cad5d5597..e8547f72f 100644
--- a/app/controllers/request_controller.rb
+++ b/app/controllers/request_controller.rb
@@ -1,10 +1,10 @@
+# encoding: UTF-8
 # app/controllers/request_controller.rb:
 # Show information about one particular request.
 #
 # Copyright (c) 2007 UK Citizens Online Democracy. All rights reserved.
-# Email: francis@mysociety.org; WWW: http://www.mysociety.org/
+# Email: hello@mysociety.org; WWW: http://www.mysociety.org/
 
-require 'alaveteli_file_types'
 require 'zip/zip'
 require 'open-uri'
 
@@ -324,9 +324,9 @@ class RequestController < ApplicationController
             message = ""
             if @outgoing_message.contains_email?
                 if @user.nil?
-                    message += (_("<p>You do not need to include your email in the request in order to get a reply, as we will ask for it on the next screen (<a href=\"%s\">details</a>).</p>") % [help_privacy_path+"#email_address"]).html_safe;
+                    message += _("<p>You do not need to include your email in the request in order to get a reply, as we will ask for it on the next screen (<a href=\"{{url}}\">details</a>).</p>", :url => (help_privacy_path+"#email_address").html_safe);
                 else
-                    message += (_("<p>You do not need to include your email in the request in order to get a reply (<a href=\"%s\">details</a>).</p>") % [help_privacy_path+"#email_address"]).html_safe;
+                    message += _("<p>You do not need to include your email in the request in order to get a reply (<a href=\"{{url}}\">details</a>).</p>", :url => (help_privacy_path+"#email_address").html_safe);
                 end
                 message += _("<p>We recommend that you edit your request and remove the email address.
                 If you leave it, the email address will be sent to the authority, but will not be displayed on the site.</p>")
@@ -625,7 +625,7 @@ class RequestController < ApplicationController
 
         if !params[:submitted_followup].nil? && !params[:reedit]
             if @info_request.allow_new_responses_from == 'nobody'
-                flash[:error] = (_('Your follow up has not been sent because this request has been stopped to prevent spam. Please <a href="%s">contact us</a> if you really want to send a follow up message.') % [help_contact_path]).html_safe
+                flash[:error] = _('Your follow up has not been sent because this request has been stopped to prevent spam. Please <a href="{{url}}">contact us</a> if you really want to send a follow up message.', :url => help_contact_path.html_safe)
             else
                 if @info_request.find_existing_outgoing_message(params[:outgoing_message][:body])
                     flash[:error] = _('You previously submitted that exact follow up message for this request.')
@@ -721,7 +721,7 @@ class RequestController < ApplicationController
 
             yield
 
-            if params[:skip_cache].nil?
+            if params[:skip_cache].nil? && response.status == 200
                 # write it to the fileystem ourselves, so is just a plain file. (The
                 # various fragment cache functions using Ruby Marshall to write the file
                 # which adds a header, so isnt compatible with images that have been
@@ -736,6 +736,7 @@ class RequestController < ApplicationController
 
     def get_attachment
         get_attachment_internal(false)
+        return unless @attachment
 
         # Prevent spam to magic request address. Note that the binary
         # subsitution method used depends on the content type
@@ -755,6 +756,7 @@ class RequestController < ApplicationController
             raise ActiveRecord::RecordNotFound.new("Attachment HTML not found.")
         end
         get_attachment_internal(true)
+        return unless @attachment
 
         # images made during conversion (e.g. images in PDF files) are put in the cache directory, so
         # the same cache code in cache_attachments above will display them.
@@ -801,8 +803,11 @@ class RequestController < ApplicationController
 
         # check permissions
         raise "internal error, pre-auth filter should have caught this" if !@info_request.user_can_view?(authenticated_user)
-        @attachment = IncomingMessage.get_attachment_by_url_part_number(@incoming_message.get_attachments_for_display, @part_number)
-        raise ActiveRecord::RecordNotFound.new("attachment not found part number " + @part_number.to_s + " incoming_message " + @incoming_message.id.to_s) if @attachment.nil?
+        @attachment = IncomingMessage.get_attachment_by_url_part_number_and_filename(@incoming_message.get_attachments_for_display, @part_number, @original_filename)
+        # If we can't find the right attachment, redirect to the incoming message:
+        unless @attachment
+            return redirect_to incoming_message_url(@incoming_message), :status => 303
+        end
 
         # check filename in URL matches that in database (use a censor rule if you want to change a filename)
         raise ActiveRecord::RecordNotFound.new("please use same filename as original file has, display: '" + @attachment.display_filename + "' old_display: '" + @attachment.old_display_filename + "' original: '" + @original_filename + "'") if @attachment.display_filename != @original_filename && @attachment.old_display_filename != @original_filename