diff options
Diffstat (limited to 'app/controllers')
| -rw-r--r-- | app/controllers/application_controller.rb | 6 | ||||
| -rw-r--r-- | app/controllers/general_controller.rb | 2 | ||||
| -rw-r--r-- | app/controllers/request_controller.rb | 5 |
3 files changed, 7 insertions, 6 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 7aa522389..2633aca4d 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -371,7 +371,7 @@ class ApplicationController < ActionController::Base # XXX this is a result of the OR hack below -- should fix by # allowing a parameter to perform_search to control the # default operator! - query = query.strip.gsub(/(\s-\s|&)/, "") + query = query.strip.gsub(/(\s-\s|&|\(|\))/, "") query = query.split(/ +(?![-+]+)/) if query.last.nil? || query.last.strip.length < 3 xapian_requests = nil @@ -435,7 +435,7 @@ class ApplicationController < ActionController::Base params[:latest_status] = [params[:latest_status]] end if params[:latest_status].include?("recent") || params[:latest_status].include?("all") - query += " variety:sent" + query += " (variety:sent OR variety:followup_sent OR variety:response OR variety:comment)" end if params[:latest_status].include? "successful" statuses << ['latest_status:successful', 'latest_status:partially_successful'] @@ -444,7 +444,7 @@ class ApplicationController < ActionController::Base statuses << ['latest_status:rejected', 'latest_status:not_held'] end if params[:latest_status].include? "awaiting" - statuses << ['latest_status:waiting_response', 'latest_status:waiting_clarification', 'waiting_classification:true'] + statuses << ['latest_status:waiting_response', 'latest_status:waiting_clarification', 'waiting_classification:true', 'latest_status:internal_review','latest_status:gone_postal', 'latest_status:error_message', 'latest_status:requires_admin'] end if params[:latest_status].include? "internal_review" statuses << ['status:internal_review'] diff --git a/app/controllers/general_controller.rb b/app/controllers/general_controller.rb index 194a1cec0..6cdfb9d5f 100644 --- a/app/controllers/general_controller.rb +++ b/app/controllers/general_controller.rb @@ -99,7 +99,7 @@ class GeneralController < ApplicationController @variety_postfix = path.pop end @variety_postfix = "bodies" if @variety_postfix.nil? && !params[:bodies].nil? - @variety_postfix = "requests" if @variety_postfix.nil? + @variety_postfix = "all" if @variety_postfix.nil? if @variety_postfix != "users" @common_query = get_tags_from_params end diff --git a/app/controllers/request_controller.rb b/app/controllers/request_controller.rb index 99aa3c7ea..af0ac4a46 100644 --- a/app/controllers/request_controller.rb +++ b/app/controllers/request_controller.rb @@ -601,12 +601,13 @@ class RequestController < ApplicationController before_filter :authenticate_attachment, :only => [ :get_attachment, :get_attachment_as_html ] def authenticate_attachment - # Test for hidden - if request.path =~ /\/$/ + if request.path =~ /\/$/ || !(params[:part] =~ /^\d+$/) raise PermissionDenied.new("Directory listing not allowed") else + # Test for hidden incoming_message = IncomingMessage.find(params[:incoming_message_id]) if !incoming_message.info_request.user_can_view?(authenticated_user) + @info_request = incoming_message.info_request # used by view render :template => 'request/hidden', :status => 410 # gone end end |