3 files changed, 22 insertions, 16 deletions

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 370e8e15c..410778d9a 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -131,6 +131,7 @@ class ApplicationController < ActionController::Base
         case exception
         when ActiveRecord::RecordNotFound, RouteNotFound
             @status = 404
+            sanitize_path(params)
         when PermissionDenied
             @status = 403
         else
@@ -441,6 +442,15 @@ class ApplicationController < ActionController::Base
       `git log -1 --format="%H"`.strip
     end
 
+    # URL Encode the path parameter for use in render_exception
+    #
+    # params - the params Hash
+    #
+    # Returns a Hash
+    def sanitize_path(params)
+        params.merge!(:path => Rack::Utils.escape(params[:path])) if params.key?(:path)
+    end
+
     # URL generating functions are needed by all controllers (for redirects),
     # views (for links) and mailers (for use in emails), so include them into
     # all of all.
diff --git a/app/controllers/help_controller.rb b/app/controllers/help_controller.rb
index 9959df6d8..9033198a0 100644
--- a/app/controllers/help_controller.rb
+++ b/app/controllers/help_controller.rb
@@ -9,6 +9,7 @@ class HelpController < ApplicationController
     # we don't even have a control subroutine for most help pages, just see their templates
 
     before_filter :long_cache
+    before_filter :catch_spam, :only => [:contact]
 
     def unhappy
         @info_request = nil
@@ -69,4 +70,12 @@ class HelpController < ApplicationController
 
     end
 
+    private
+
+    def catch_spam
+        if request.post? && !params[:contact][:comment].empty?
+            redirect_to frontpage_url
+        end
+    end
+
 end
diff --git a/app/controllers/track_controller.rb b/app/controllers/track_controller.rb
index 83e05ebbc..dccc52efc 100644
--- a/app/controllers/track_controller.rb
+++ b/app/controllers/track_controller.rb
@@ -118,7 +118,7 @@ class TrackController < ApplicationController
         if @user
             @existing_track = TrackThing.find_existing(@user, @track_thing)
             if @existing_track
-                flash[:notice] = _("You are already following updates about {{track_description}}", :track_description => @track_thing.params[:list_description])
+                flash[:notice] = view_context.already_subscribed_notice(@track_thing)
                 return true
             end
         end
@@ -130,11 +130,7 @@ class TrackController < ApplicationController
         @track_thing.track_medium = 'email_daily'
         @track_thing.tracking_user_id = @user.id
         @track_thing.save!
-        if @user.receive_email_alerts
-            flash[:notice] = _('You will now be emailed updates about {{track_description}}. <a href="{{change_email_alerts_url}}">Prefer not to receive emails?</a>', :track_description =>  @track_thing.params[:list_description], :change_email_alerts_url => url_for(:controller => "user", :action => "wall", :url_name => @user.url_name))
-        else
-            flash[:notice] = _('You are now <a href="{{wall_url_user}}">following</a> updates about {{track_description}}', :track_description => @track_thing.params[:list_description], :wall_url_user => url_for(:controller => "user", :action => "wall", :url_name => @user.url_name))
-        end
+        flash[:notice] = render_to_string(:partial => 'track_set').html_safe
         return true
     end
 
@@ -183,16 +179,8 @@ class TrackController < ApplicationController
         new_medium = params[:track_medium]
         if new_medium == 'delete'
             track_thing.destroy
-            flash[:notice] = _("You are no longer following {{track_description}}.", :track_description => track_thing.params[:list_description])
+            flash[:notice] = view_context.unsubscribe_notice(track_thing)
             redirect_to URI.parse(params[:r]).path
-
-        # Reuse code like this if we let medium change again.
-        #elsif new_medium == 'email_daily'
-        #    track_thing.track_medium = new_medium
-        #    track_thing.created_at = Time.now() # as created_at is used to limit the alerts to start with
-        #    track_thing.save!
-        #    flash[:notice] = "You are now tracking " + track_thing.params[:list_description] + " by email daily"
-        #    redirect_to user_url(track_thing.tracking_user)
         else
             raise "new medium not handled " + new_medium
         end
@@ -217,7 +205,6 @@ class TrackController < ApplicationController
         for track_thing in TrackThing.find(:all, :conditions => [ "track_type = ? and tracking_user_id = ?", track_type, user_id ])
             track_thing.destroy
         end
-        flash[:notice] += "</ul>"
 
         redirect_to params[:r]
     end