4 files changed, 23 insertions, 10 deletions

diff --git a/app/controllers/admin_general_controller.rb b/app/controllers/admin_general_controller.rb
index c83ae0f37..2c961dfc5 100644
--- a/app/controllers/admin_general_controller.rb
+++ b/app/controllers/admin_general_controller.rb
@@ -79,11 +79,12 @@ class AdminGeneralController < AdminController
     end
 
     def debug
+        @http_auth_user = admin_http_auth_user
         @current_commit = `git log -1 --format="%H"`
-        @current_branch = `git branch | grep "\*" | awk '{print $2}'`
+        @current_branch = `git branch | perl -ne 'print $1 if /^\\* (.*)/'`
         @current_version = `git describe --always --tags`
-        repo = `git remote show origin -n | grep Fetch | awk '{print $3}' | sed -re 's/.*:(.*).git/\\1/'`
-        @github_origin = "https://github.com/#{repo.strip}/tree/"
+        repo = `git remote show origin -n | perl -ne 'print $1 if m{Fetch URL: .*github\\.com[:/](.*)\\.git}'`
+        @github_origin = "https://github.com/#{repo}/tree/"
         @request_env = request.env
     end
 end
diff --git a/app/controllers/admin_request_controller.rb b/app/controllers/admin_request_controller.rb
index 522e1cd39..fd1405319 100644
--- a/app/controllers/admin_request_controller.rb
+++ b/app/controllers/admin_request_controller.rb
@@ -340,15 +340,24 @@ class AdminRequestController < AdminController
 
     def hide_request
         ActiveRecord::Base.transaction do
+            subject = params[:subject]
             explanation = params[:explanation]
             info_request = InfoRequest.find(params[:id])
-            info_request.set_described_state(params[:reason])
             info_request.prominence = "requester_only"
+            
+            info_request.log_event("hide", {
+                    :editor => admin_http_auth_user(),
+                    :reason => params[:reason],
+                    :subject => subject,
+                    :explanation => explanation
+            })
+            
+            info_request.set_described_state(params[:reason])
             info_request.save!
 
             ContactMailer.deliver_from_admin_message(
                     info_request.user,
-                    "hello",
+                    subject,
                     params[:explanation]
                 )
             flash[:notice] = _("Your message to {{recipient_user_name}} has been sent",:recipient_user_name=>CGI.escapeHTML(info_request.user.name))
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index e305e90f4..41adf1848 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -202,7 +202,7 @@ class ApplicationController < ActionController::Base
         # return stub path so admin can expire it
         first_three_digits = info_request.id.to_s()[0..2]
         path = "views/request/#{first_three_digits}/#{info_request.id}"
-        foi_cache_path = File.join(File.dirname(__FILE__), '../../cache')
+        foi_cache_path = File.expand_path(File.join(File.dirname(__FILE__), '../../cache'))
         return File.join(foi_cache_path, path)
     end
     def foi_fragment_cache_exists?(key_path)
@@ -345,9 +345,6 @@ class ApplicationController < ActionController::Base
             return "*unknown*";
         end
     end
-    def assign_http_auth_user
-        @http_auth_user = admin_http_auth_user
-    end
 
     # Convert URL name for sort by order, to Xapian query
     def order_to_sort_by(sortby)
diff --git a/app/controllers/request_controller.rb b/app/controllers/request_controller.rb
index 94fbcde29..bd2bfc974 100644
--- a/app/controllers/request_controller.rb
+++ b/app/controllers/request_controller.rb
@@ -656,6 +656,12 @@ class RequestController < ApplicationController
 
     def report_request
         info_request = InfoRequest.find_by_url_title(params[:url_title])
+        return if !authenticated?(
+                :web => _("To report this FOI request"),
+                :email => _("Then you can report the request '{{title}}'", :title => info_request.title),
+                :email_subject => _("Report an offensive or unsuitable request")
+            )
+        
         if !info_request.attention_requested
             info_request.set_described_state('attention_requested')
             info_request.attention_requested = true # tells us if attention has ever been requested
@@ -839,7 +845,7 @@ class RequestController < ApplicationController
                               )
                 updated = Digest::SHA1.hexdigest(info_request.get_last_event.created_at.to_i.to_s + info_request.updated_at.to_i.to_s)
                 @url_path = "/download/#{updated[0..1]}/#{updated}/#{params[:url_title]}.zip"
-                file_path = File.join(File.dirname(__FILE__), '../../cache/zips', @url_path)
+                file_path = File.expand_path(File.join(File.dirname(__FILE__), '../../cache/zips', @url_path))
                 if !File.exists?(file_path)
                     FileUtils.mkdir_p(File.dirname(file_path))
                     Zip::ZipFile.open(file_path, Zip::ZipFile::CREATE) { |zipfile|