diff options
Diffstat (limited to 'app/controllers')
| -rw-r--r-- | app/controllers/application_controller.rb | 59 | ||||
| -rw-r--r-- | app/controllers/general_controller.rb | 19 | ||||
| -rw-r--r-- | app/controllers/request_controller.rb | 19 | ||||
| -rw-r--r-- | app/controllers/track_controller.rb | 2 | ||||
| -rw-r--r-- | app/controllers/user_controller.rb | 4 |
5 files changed, 43 insertions, 60 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 029b536ec..2615b61f2 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -12,6 +12,11 @@ require 'open-uri' class ApplicationController < ActionController::Base class PermissionDenied < StandardError end + class RouteNotFound < StandardError + end + # assign our own handler method for non-local exceptions + rescue_from Exception, :with => :render_exception + # Standard headers, footers and navigation for whole site layout "default" include FastGettext::Translation # make functions like _, n_, N_ etc available) @@ -111,55 +116,35 @@ class ApplicationController < ActionController::Base end end - # Override default error handler, for production sites. - def rescue_action_in_public(exception) - # Looks for before_filters called something like `set_view_paths_{themename}`. These - # are set by the themes. - # Normally, this is called by the theme itself in a - # :before_filter, but when there's an error, this doesn't - # happen. By calling it here, we can ensure error pages are - # still styled according to the theme. - ActionController::Base.before_filters.select{|f| f.to_s =~ /set_view_paths/}.each do |f| - self.send(f) - end - # Make sure expiry time for session is set (before_filters are - # otherwise missed by this override) - session_remember_me + def render_exception(exception) - # Make sure the locale is set correctly too - set_gettext_locale + # In development, or the admin interface, or for a local request, let Rails handle the exception + # with its stack trace templates. Local requests in testing are a special case so that we can + # test this method - there we use consider_all_requests_local to control behaviour. + if Rails.application.config.consider_all_requests_local || local_request? || + (request.local? && !Rails.env.test?) + raise exception + end + @exception_backtrace = exception.backtrace.join("\n") + @exception_class = exception.class.to_s + @exception_message = exception.message case exception - when ActiveRecord::RecordNotFound, ActionController::UnknownAction, ActionController::RoutingError + when ActiveRecord::RecordNotFound, RouteNotFound @status = 404 when PermissionDenied @status = 403 else + message = "\n#{@exception_class} (#{@exception_message}):\n" + backtrace = Rails.backtrace_cleaner.clean(exception.backtrace, :silent) + message << " " << backtrace.join("\n ") + Rails.logger.fatal("#{message}\n\n") + ExceptionNotifier::Notifier.exception_notification(request.env, exception).deliver @status = 500 - notify_about_exception exception end - # Display user appropriate error message - @exception_backtrace = exception.backtrace.join("\n") - @exception_class = exception.class.to_s - @exception_message = exception.message render :template => "general/exception_caught", :status => @status end - # FIXME: This was disabled during the Rails 3 upgrade as this is now handled by Rack - # # For development sites. - # alias original_rescue_action_locally rescue_action_locally - # def rescue_action_locally(exception) - # # Make sure expiry time for session is set (before_filters are - # # otherwise missed by this override) - # session_remember_me - - # # Make sure the locale is set correctly too - # set_gettext_locale - - # # Display default, detailed error for developers - # original_rescue_action_locally(exception) - # end - def local_request? false end diff --git a/app/controllers/general_controller.rb b/app/controllers/general_controller.rb index 075d35ba0..4fd0c3deb 100644 --- a/app/controllers/general_controller.rb +++ b/app/controllers/general_controller.rb @@ -5,13 +5,6 @@ # Copyright (c) 2008 UK Citizens Online Democracy. All rights reserved. # Email: hello@mysociety.org; WWW: http://www.mysociety.org/ -begin - require 'xmlsimple' -rescue LoadError - # Debian maintainers put their xmlsimple in a different location :( - require 'lib/xmlsimple' -end - require 'open-uri' class GeneralController < ApplicationController @@ -218,16 +211,16 @@ class GeneralController < ApplicationController @feed_autodetect = [ { :url => do_track_url(@track_thing, 'feed'), :title => @track_thing.params[:title_in_rss], :has_json => true } ] end - # Jump to a random request - def random_request - info_request = InfoRequest.random - redirect_to request_url(info_request) - end - def custom_css long_cache @locale = self.locale_from_params() render(:layout => false, :content_type => 'text/css') end + + # Handle requests for non-existent URLs - will be handled by ApplicationController::render_exception + def not_found + raise RouteNotFound + end + end diff --git a/app/controllers/request_controller.rb b/app/controllers/request_controller.rb index ea84d3b10..b8ccdf926 100644 --- a/app/controllers/request_controller.rb +++ b/app/controllers/request_controller.rb @@ -1,10 +1,10 @@ +# encoding: UTF-8 # app/controllers/request_controller.rb: # Show information about one particular request. # # Copyright (c) 2007 UK Citizens Online Democracy. All rights reserved. # Email: hello@mysociety.org; WWW: http://www.mysociety.org/ -require 'alaveteli_file_types' require 'zip/zip' require 'open-uri' @@ -324,9 +324,9 @@ class RequestController < ApplicationController message = "" if @outgoing_message.contains_email? if @user.nil? - message += (_("<p>You do not need to include your email in the request in order to get a reply, as we will ask for it on the next screen (<a href=\"%s\">details</a>).</p>") % [help_privacy_path+"#email_address"]).html_safe; + message += _("<p>You do not need to include your email in the request in order to get a reply, as we will ask for it on the next screen (<a href=\"{{url}}\">details</a>).</p>", :url => (help_privacy_path+"#email_address").html_safe); else - message += (_("<p>You do not need to include your email in the request in order to get a reply (<a href=\"%s\">details</a>).</p>") % [help_privacy_path+"#email_address"]).html_safe; + message += _("<p>You do not need to include your email in the request in order to get a reply (<a href=\"{{url}}\">details</a>).</p>", :url => (help_privacy_path+"#email_address").html_safe); end message += _("<p>We recommend that you edit your request and remove the email address. If you leave it, the email address will be sent to the authority, but will not be displayed on the site.</p>") @@ -625,7 +625,7 @@ class RequestController < ApplicationController if !params[:submitted_followup].nil? && !params[:reedit] if @info_request.allow_new_responses_from == 'nobody' - flash[:error] = (_('Your follow up has not been sent because this request has been stopped to prevent spam. Please <a href="%s">contact us</a> if you really want to send a follow up message.') % [help_contact_path]).html_safe + flash[:error] = _('Your follow up has not been sent because this request has been stopped to prevent spam. Please <a href="{{url}}">contact us</a> if you really want to send a follow up message.', :url => help_contact_path.html_safe) else if @info_request.find_existing_outgoing_message(params[:outgoing_message][:body]) flash[:error] = _('You previously submitted that exact follow up message for this request.') @@ -721,7 +721,7 @@ class RequestController < ApplicationController yield - if params[:skip_cache].nil? + if params[:skip_cache].nil? && response.status == 200 # write it to the fileystem ourselves, so is just a plain file. (The # various fragment cache functions using Ruby Marshall to write the file # which adds a header, so isnt compatible with images that have been @@ -736,6 +736,7 @@ class RequestController < ApplicationController def get_attachment get_attachment_internal(false) + return unless @attachment # Prevent spam to magic request address. Note that the binary # subsitution method used depends on the content type @@ -755,6 +756,7 @@ class RequestController < ApplicationController raise ActiveRecord::RecordNotFound.new("Attachment HTML not found.") end get_attachment_internal(true) + return unless @attachment # images made during conversion (e.g. images in PDF files) are put in the cache directory, so # the same cache code in cache_attachments above will display them. @@ -801,8 +803,11 @@ class RequestController < ApplicationController # check permissions raise "internal error, pre-auth filter should have caught this" if !@info_request.user_can_view?(authenticated_user) - @attachment = IncomingMessage.get_attachment_by_url_part_number(@incoming_message.get_attachments_for_display, @part_number) - raise ActiveRecord::RecordNotFound.new("attachment not found part number " + @part_number.to_s + " incoming_message " + @incoming_message.id.to_s) if @attachment.nil? + @attachment = IncomingMessage.get_attachment_by_url_part_number_and_filename(@incoming_message.get_attachments_for_display, @part_number, @original_filename) + # If we can't find the right attachment, redirect to the incoming message: + unless @attachment + return redirect_to incoming_message_url(@incoming_message), :status => 303 + end # check filename in URL matches that in database (use a censor rule if you want to change a filename) raise ActiveRecord::RecordNotFound.new("please use same filename as original file has, display: '" + @attachment.display_filename + "' old_display: '" + @attachment.old_display_filename + "' original: '" + @original_filename + "'") if @attachment.display_filename != @original_filename && @attachment.old_display_filename != @original_filename diff --git a/app/controllers/track_controller.rb b/app/controllers/track_controller.rb index 9076148c4..40e82e7a4 100644 --- a/app/controllers/track_controller.rb +++ b/app/controllers/track_controller.rb @@ -157,7 +157,7 @@ class TrackController < ApplicationController format.json { render :json => @xapian_object.results.map { |r| r[:model].json_for_api(true, lambda { |t| view_context.highlight_and_excerpt(t, @xapian_object.words_to_highlight, 150) } ) } } - format.any { render :template => 'track/atom_feed.atom', :layout => false, :content_type => :atom } + format.any { render :template => 'track/atom_feed.atom', :layout => false, :content_type => 'application/atom+xml' } end end diff --git a/app/controllers/user_controller.rb b/app/controllers/user_controller.rb index dca3cda17..b7912b528 100644 --- a/app/controllers/user_controller.rb +++ b/app/controllers/user_controller.rb @@ -527,7 +527,7 @@ class UserController < ApplicationController def get_draft_profile_photo profile_photo = ProfilePhoto.find(params[:id]) response.content_type = "image/png" - render_for_text(profile_photo.data) + render :text => profile_photo.data end # actual profile photo of a user @@ -542,7 +542,7 @@ class UserController < ApplicationController end response.content_type = "image/png" - render_for_text(@display_user.profile_photo.data) + render :text => @display_user.profile_photo.data end # Change about me text on your profile page |