6 files changed, 11 insertions, 14 deletions
diff --git a/app/controllers/admin_controller.rb b/app/controllers/admin_controller.rb
index 3bf40b8f9..7760c372b 100644
--- a/app/controllers/admin_controller.rb
+++ b/app/controllers/admin_controller.rb
@@ -9,7 +9,6 @@ require 'fileutils'
 class AdminController < ApplicationController
     layout "admin"
     before_filter :authenticate
-    protect_from_forgery # See ActionController::RequestForgeryProtection for details
 
     # action to take if expecting an authenticity token and one isn't received
     def handle_unverified_request
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index a06fa7098..dbd879a1c 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -14,6 +14,8 @@ class ApplicationController < ActionController::Base
     end
     class RouteNotFound < StandardError
     end
+    protect_from_forgery
+
     # assign our own handler method for non-local exceptions
     rescue_from Exception, :with => :render_exception
 
diff --git a/app/controllers/comment_controller.rb b/app/controllers/comment_controller.rb
index 2c0037577..890e9faaa 100644
--- a/app/controllers/comment_controller.rb
+++ b/app/controllers/comment_controller.rb
@@ -10,7 +10,6 @@ class CommentController < ApplicationController
     before_filter :create_track_thing, :only => [ :new ]
     before_filter :reject_unless_comments_allowed, :only => [ :new ]
     before_filter :reject_if_user_banned, :only => [ :new ]
-    protect_from_forgery :only => [ :new ]
 
     def new
         if params[:comment]
diff --git a/app/controllers/request_controller.rb b/app/controllers/request_controller.rb
index d529f8dbb..413b74cea 100644
--- a/app/controllers/request_controller.rb
+++ b/app/controllers/request_controller.rb
@@ -10,7 +10,6 @@ require 'open-uri'
 
 class RequestController < ApplicationController
     before_filter :check_read_only, :only => [ :new, :show_response, :describe_state, :upload_response ]
-    protect_from_forgery :only => [ :new, :show_response, :describe_state, :upload_response ] # See ActionController::RequestForgeryProtection for details
     before_filter :check_batch_requests_and_user_allowed, :only => [ :select_authorities, :new_batch ]
     MAX_RESULTS = 500
     PER_PAGE = 25
@@ -841,7 +840,15 @@ class RequestController < ApplicationController
         end
 
         # check filename in URL matches that in database (use a censor rule if you want to change a filename)
-        raise ActiveRecord::RecordNotFound.new("please use same filename as original file has, display: '" + @attachment.display_filename + "' old_display: '" + @attachment.old_display_filename + "' original: '" + @original_filename + "'") if @attachment.display_filename != @original_filename && @attachment.old_display_filename != @original_filename
+        if @attachment.display_filename != @original_filename && @attachment.old_display_filename != @original_filename
+            msg = 'please use same filename as original file has, display: '
+            msg += "'#{ @attachment.display_filename }' "
+            msg += 'old_display: '
+            msg += "'#{ @attachment.old_display_filename }' "
+            msg += 'original: '
+            msg += "'#{ @original_filename }'"
+            raise ActiveRecord::RecordNotFound.new(msg)
+        end
 
         @attachment_url = get_attachment_url(:id => @incoming_message.info_request_id,
                 :incoming_message_id => @incoming_message.id, :part => @part_number,
diff --git a/app/controllers/track_controller.rb b/app/controllers/track_controller.rb
index 83700a55b..7018af03c 100644
--- a/app/controllers/track_controller.rb
+++ b/app/controllers/track_controller.rb
@@ -6,9 +6,6 @@
 # Email: hello@mysociety.org; WWW: http://www.mysociety.org/
 
 class TrackController < ApplicationController
-
-    protect_from_forgery # See ActionController::RequestForgeryProtection for details
-
     before_filter :medium_cache
 
     # Track all updates to a particular request
diff --git a/app/controllers/user_controller.rb b/app/controllers/user_controller.rb
index 9798ff8e2..b7c8252f5 100644
--- a/app/controllers/user_controller.rb
+++ b/app/controllers/user_controller.rb
@@ -7,15 +7,8 @@
 require 'set'
 
 class UserController < ApplicationController
-
     layout :select_layout
 
-    protect_from_forgery :only => [ :contact,
-                                    :set_profile_photo,
-                                    :signchangeemail,
-                                    :clear_profile_photo,
-                                    :set_profile_about_me ] # See ActionController::RequestForgeryProtection for details
-
     # Show page about a user
     def show
         long_cache