diff options
Diffstat (limited to 'app/controllers')
| -rw-r--r-- | app/controllers/application_controller.rb | 40 | ||||
| -rw-r--r-- | app/controllers/general_controller.rb | 15 | ||||
| -rw-r--r-- | app/controllers/request_controller.rb | 17 |
3 files changed, 44 insertions, 28 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 2633aca4d..0c8544932 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -366,23 +366,31 @@ class ApplicationController < ActionController::Base return (params[:page] || "1").to_i end def perform_search_typeahead(query, model) - # strip out unintended search operators - see - # https://github.com/sebbacon/alaveteli/issues/328 - # XXX this is a result of the OR hack below -- should fix by - # allowing a parameter to perform_search to control the - # default operator! - query = query.strip.gsub(/(\s-\s|&|\(|\))/, "") - query = query.split(/ +(?![-+]+)/) - if query.last.nil? || query.last.strip.length < 3 + query_words = query.split(/ +(?![-+]+)/) + if query_words.last.nil? || query_words.last.strip.length < 3 xapian_requests = nil else - query = query.join(' OR ') # XXX: HACK for OR instead of default AND! if model == PublicBody collapse = nil elsif model == InfoRequestEvent collapse = 'request_collapse' end - xapian_requests = perform_search([model], query, 'relevant', collapse, 5) + options = { + :offset => 0, + :limit => 5, + :sort_by_prefix => nil, + :sort_by_ascending => true, + :collapse_by_prefix => collapse, + } + ActsAsXapian.readable_init + old_default_op = ActsAsXapian.query_parser.default_op + ActsAsXapian.query_parser.default_op = Xapian::Query::OP_OR + user_query = ActsAsXapian.query_parser.parse_query( + query, + Xapian::QueryParser::FLAG_LOVEHATE | Xapian::QueryParser::FLAG_PARTIAL | + Xapian::QueryParser::FLAG_SPELLING_CORRECTION) + xapian_requests = ActsAsXapian::Search.new([model], query, options, user_query) + ActsAsXapian.query_parser.default_op = old_default_op end return xapian_requests end @@ -504,12 +512,22 @@ class ApplicationController < ActionController::Base default = MySociety::Config.get('ISO_COUNTRY_CODE', '') country = "" if !gaze.empty? - country = open("#{gaze}/gaze-rest?f=get_country_from_ip;ip=#{request.remote_ip}").read.strip + country = quietly_try_to_open("#{gaze}/gaze-rest?f=get_country_from_ip;ip=#{request.remote_ip}") end country = default if country.empty? return country end + def quietly_try_to_open(url) + begin + result = open(url).read.strip + rescue OpenURI::HTTPError, SocketError + logger.warn("Unable to open third-party URL #{url}") + result = "" + end + return result + end + # URL generating functions are needed by all controllers (for redirects), # views (for links) and mailers (for use in emails), so include them into # all of all. diff --git a/app/controllers/general_controller.rb b/app/controllers/general_controller.rb index 6cdfb9d5f..d28f4deec 100644 --- a/app/controllers/general_controller.rb +++ b/app/controllers/general_controller.rb @@ -71,14 +71,15 @@ class GeneralController < ApplicationController medium_cache @feed_autodetect = [] @feed_url = "#{MySociety::Config.get('BLOG_FEED', '')}?lang=#{self.locale_from_params()}" + @blog_items = [] if not @feed_url.empty? - content = open(@feed_url).read - @data = XmlSimple.xml_in(content) - @channel = @data['channel'][0] - @blog_items = @channel['item'] - @feed_autodetect = [{:url => @feed_url, :title => "#{site_name} blog"}] - else - @blog_items = [] + content = quietly_try_to_open(@feed_url) + if !content.empty? + @data = XmlSimple.xml_in(content) + @channel = @data['channel'][0] + @blog_items = @channel['item'] + @feed_autodetect = [{:url => @feed_url, :title => "#{site_name} blog"}] + end end @twitter_user = MySociety::Config.get('TWITTER_USERNAME', '') end diff --git a/app/controllers/request_controller.rb b/app/controllers/request_controller.rb index 8714f03cf..1c7aeedcc 100644 --- a/app/controllers/request_controller.rb +++ b/app/controllers/request_controller.rb @@ -604,15 +604,12 @@ class RequestController < ApplicationController before_filter :authenticate_attachment, :only => [ :get_attachment, :get_attachment_as_html ] def authenticate_attachment - if request.path =~ /\/$/ || !(params[:part] =~ /^\d+$/) - raise PermissionDenied.new("Directory listing not allowed") - else - # Test for hidden - incoming_message = IncomingMessage.find(params[:incoming_message_id]) - if !incoming_message.info_request.user_can_view?(authenticated_user) - @info_request = incoming_message.info_request # used by view - render :template => 'request/hidden', :status => 410 # gone - end + # Test for hidden + incoming_message = IncomingMessage.find(params[:incoming_message_id]) + raise ActiveRecord::RecordNotFound.new("Message not found") if incoming_message.nil? + if !incoming_message.info_request.user_can_view?(authenticated_user) + @info_request = incoming_message.info_request # used by view + render :template => 'request/hidden', :status => 410 # gone end end @@ -624,8 +621,8 @@ class RequestController < ApplicationController else key = params.merge(:only_path => true) key_path = foi_fragment_cache_path(key) - if foi_fragment_cache_exists?(key_path) + raise PermissionDenied.new("Directory listing not allowed") if File.directory?(key_path) cached = foi_fragment_cache_read(key_path) response.content_type = AlaveteliFileTypes.filename_to_mimetype(params[:file_name].join("/")) || 'application/octet-stream' render_for_text(cached) |