17 files changed, 60 insertions, 77 deletions

diff --git a/app/controllers/admin_censor_rule_controller.rb b/app/controllers/admin_censor_rule_controller.rb
index d3e9e47d2..6f79b5ba1 100644
--- a/app/controllers/admin_censor_rule_controller.rb
+++ b/app/controllers/admin_censor_rule_controller.rb
@@ -2,7 +2,7 @@
 # For modifying requests.
 #
 # Copyright (c) 2008 UK Citizens Online Democracy. All rights reserved.
-# Email: francis@mysociety.org; WWW: http://www.mysociety.org/
+# Email: hello@mysociety.org; WWW: http://www.mysociety.org/
 
 class AdminCensorRuleController < AdminController
     def new
diff --git a/app/controllers/admin_controller.rb b/app/controllers/admin_controller.rb
index c4d96eb78..0bccd3358 100644
--- a/app/controllers/admin_controller.rb
+++ b/app/controllers/admin_controller.rb
@@ -2,7 +2,7 @@
 # All admin controllers are dervied from this.
 #
 # Copyright (c) 2009 UK Citizens Online Democracy. All rights reserved.
-# Email: francis@mysociety.org; WWW: http://www.mysociety.org/
+# Email: hello@mysociety.org; WWW: http://www.mysociety.org/
 
 require 'fileutils'
 
diff --git a/app/controllers/admin_general_controller.rb b/app/controllers/admin_general_controller.rb
index 800678787..b64fcac3e 100644
--- a/app/controllers/admin_general_controller.rb
+++ b/app/controllers/admin_general_controller.rb
@@ -2,7 +2,7 @@
 # Controller for main admin pages.
 #
 # Copyright (c) 2007 UK Citizens Online Democracy. All rights reserved.
-# Email: francis@mysociety.org; WWW: http://www.mysociety.org/
+# Email: hello@mysociety.org; WWW: http://www.mysociety.org/
 
 class AdminGeneralController < AdminController
     skip_before_filter :authenticate, :only => :admin_js
diff --git a/app/controllers/admin_public_body_controller.rb b/app/controllers/admin_public_body_controller.rb
index ec1848fd3..52b56eda2 100644
--- a/app/controllers/admin_public_body_controller.rb
+++ b/app/controllers/admin_public_body_controller.rb
@@ -2,7 +2,7 @@
 # Controller for editing public bodies from the admin interface.
 #
 # Copyright (c) 2007 UK Citizens Online Democracy. All rights reserved.
-# Email: francis@mysociety.org; WWW: http://www.mysociety.org/
+# Email: hello@mysociety.org; WWW: http://www.mysociety.org/
 
 require "public_body_categories"
 
diff --git a/app/controllers/admin_request_controller.rb b/app/controllers/admin_request_controller.rb
index 699c79b47..66989ea93 100644
--- a/app/controllers/admin_request_controller.rb
+++ b/app/controllers/admin_request_controller.rb
@@ -2,7 +2,7 @@
 # Controller for viewing FOI requests from the admin interface.
 #
 # Copyright (c) 2007 UK Citizens Online Democracy. All rights reserved.
-# Email: francis@mysociety.org; WWW: http://www.mysociety.org/
+# Email: hello@mysociety.org; WWW: http://www.mysociety.org/
 
 require 'ostruct'
 
diff --git a/app/controllers/admin_track_controller.rb b/app/controllers/admin_track_controller.rb
index bd0eee27b..085c9c6cc 100644
--- a/app/controllers/admin_track_controller.rb
+++ b/app/controllers/admin_track_controller.rb
@@ -2,7 +2,7 @@
 # Show email alerts / RSS feeds from admin interface.
 #
 # Copyright (c) 2008 UK Citizens Online Democracy. All rights reserved.
-# Email: francis@mysociety.org; WWW: http://www.mysociety.org/
+# Email: hello@mysociety.org; WWW: http://www.mysociety.org/
 
 class AdminTrackController < AdminController
     def list
diff --git a/app/controllers/admin_user_controller.rb b/app/controllers/admin_user_controller.rb
index e6a167de8..929b93e0e 100644
--- a/app/controllers/admin_user_controller.rb
+++ b/app/controllers/admin_user_controller.rb
@@ -2,7 +2,7 @@
 # Controller for viewing user accounts from the admin interface.
 #
 # Copyright (c) 2008 UK Citizens Online Democracy. All rights reserved.
-# Email: francis@mysociety.org; WWW: http://www.mysociety.org/
+# Email: hello@mysociety.org; WWW: http://www.mysociety.org/
 
 class AdminUserController < AdminController
     def index
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index a2951bb42..3a1ec95cc 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -5,13 +5,18 @@
 # will be available for all controllers.
 #
 # Copyright (c) 2007 UK Citizens Online Democracy. All rights reserved.
-# Email: francis@mysociety.org; WWW: http://www.mysociety.org/
+# Email: hello@mysociety.org; WWW: http://www.mysociety.org/
 
 require 'open-uri'
 
 class ApplicationController < ActionController::Base
     class PermissionDenied < StandardError
     end
+    class RouteNotFound < StandardError
+    end
+    # assign our own handler method for non-local exceptions
+    rescue_from Exception, :with => :render_exception
+
     # Standard headers, footers and navigation for whole site
     layout "default"
     include FastGettext::Translation # make functions like _, n_, N_ etc available)
@@ -111,55 +116,35 @@ class ApplicationController < ActionController::Base
         end
     end
 
-    # Override default error handler, for production sites.
-    def rescue_action_in_public(exception)
-        # Looks for before_filters called something like `set_view_paths_{themename}`. These
-        # are set by the themes.
-        # Normally, this is called by the theme itself in a
-        # :before_filter, but when there's an error, this doesn't
-        # happen.  By calling it here, we can ensure error pages are
-        # still styled according to the theme.
-        ActionController::Base.before_filters.select{|f| f.to_s =~ /set_view_paths/}.each do |f|
-            self.send(f)
-        end
-        # Make sure expiry time for session is set (before_filters are
-        # otherwise missed by this override)
-        session_remember_me
+    def render_exception(exception)
 
-        # Make sure the locale is set correctly too
-        set_gettext_locale
+        # In development, or the admin interface, or for a local request, let Rails handle the exception
+        # with its stack trace templates. Local requests in testing are a special case so that we can
+        # test this method - there we use consider_all_requests_local to control behaviour.
+        if Rails.application.config.consider_all_requests_local || local_request? ||
+        (request.local? && !Rails.env.test?)
+            raise exception
+        end
 
+        @exception_backtrace = exception.backtrace.join("\n")
+        @exception_class = exception.class.to_s
+        @exception_message = exception.message
         case exception
-        when ActiveRecord::RecordNotFound, ActionController::UnknownAction, ActionController::RoutingError
+        when ActiveRecord::RecordNotFound, RouteNotFound
             @status = 404
         when PermissionDenied
             @status = 403
         else
+            message = "\n#{@exception_class} (#{@exception_message}):\n"
+            backtrace = Rails.backtrace_cleaner.clean(exception.backtrace, :silent)
+            message << "  " << backtrace.join("\n  ")
+            Rails.logger.fatal("#{message}\n\n")
+            ExceptionNotifier::Notifier.exception_notification(request.env, exception).deliver
             @status = 500
-            notify_about_exception exception
         end
-        # Display user appropriate error message
-        @exception_backtrace = exception.backtrace.join("\n")
-        @exception_class = exception.class.to_s
-        @exception_message = exception.message
         render :template => "general/exception_caught", :status => @status
     end
 
-    # FIXME: This was disabled during the Rails 3 upgrade as this is now handled by Rack
-    # # For development sites.
-    # alias original_rescue_action_locally rescue_action_locally
-    # def rescue_action_locally(exception)
-    #     # Make sure expiry time for session is set (before_filters are
-    #     # otherwise missed by this override)
-    #     session_remember_me
-
-    #     # Make sure the locale is set correctly too
-    #     set_gettext_locale
-
-    #     # Display default, detailed error for developers
-    #     original_rescue_action_locally(exception)
-    # end
-
     def local_request?
         false
     end
diff --git a/app/controllers/comment_controller.rb b/app/controllers/comment_controller.rb
index ed249d6cc..d4b17e9d2 100644
--- a/app/controllers/comment_controller.rb
+++ b/app/controllers/comment_controller.rb
@@ -2,7 +2,7 @@
 # Show annotations upon a request or other object.
 #
 # Copyright (c) 2008 UK Citizens Online Democracy. All rights reserved.
-# Email: francis@mysociety.org; WWW: http://www.mysociety.org/
+# Email: hello@mysociety.org; WWW: http://www.mysociety.org/
 
 class CommentController < ApplicationController
     before_filter :check_read_only, :only => [ :new ]
diff --git a/app/controllers/general_controller.rb b/app/controllers/general_controller.rb
index 53cf58170..52b4b3e0e 100644
--- a/app/controllers/general_controller.rb
+++ b/app/controllers/general_controller.rb
@@ -3,14 +3,7 @@
 # particular model.
 #
 # Copyright (c) 2008 UK Citizens Online Democracy. All rights reserved.
-# Email: francis@mysociety.org; WWW: http://www.mysociety.org/
-
-begin
-  require 'xmlsimple'
-rescue LoadError
-  # Debian maintainers put their xmlsimple in a different location :(
-  require 'lib/xmlsimple'
-end
+# Email: hello@mysociety.org; WWW: http://www.mysociety.org/
 
 require 'open-uri'
 
@@ -216,16 +209,16 @@ class GeneralController < ApplicationController
         @feed_autodetect = [ { :url => do_track_url(@track_thing, 'feed'), :title => @track_thing.params[:title_in_rss], :has_json => true } ]
     end
 
-    # Jump to a random request
-    def random_request
-        info_request = InfoRequest.random
-        redirect_to request_url(info_request)
-    end
-
     def custom_css
         long_cache
         @locale = self.locale_from_params()
         render(:layout => false, :content_type => 'text/css')
     end
+
+    # Handle requests for non-existent URLs - will be handled by ApplicationController::render_exception
+    def not_found
+        raise RouteNotFound
+    end
+
 end
 
diff --git a/app/controllers/help_controller.rb b/app/controllers/help_controller.rb
index 5ab44fe1a..9959df6d8 100644
--- a/app/controllers/help_controller.rb
+++ b/app/controllers/help_controller.rb
@@ -2,7 +2,7 @@
 # Show information about one particular request.
 #
 # Copyright (c) 2008 UK Citizens Online Democracy. All rights reserved.
-# Email: francis@mysociety.org; WWW: http://www.mysociety.org/
+# Email: hello@mysociety.org; WWW: http://www.mysociety.org/
 
 class HelpController < ApplicationController
 
diff --git a/app/controllers/holiday_controller.rb b/app/controllers/holiday_controller.rb
index 939f26776..efc20701d 100644
--- a/app/controllers/holiday_controller.rb
+++ b/app/controllers/holiday_controller.rb
@@ -2,7 +2,7 @@
 # Calculate dates
 #
 # Copyright (c) 2008 UK Citizens Online Democracy. All rights reserved.
-# Email: francis@mysociety.org; WWW: http://www.mysociety.org/
+# Email: hello@mysociety.org; WWW: http://www.mysociety.org/
 
 class HolidayController < ApplicationController
 
diff --git a/app/controllers/public_body_controller.rb b/app/controllers/public_body_controller.rb
index 8d4883938..74ea043bb 100644
--- a/app/controllers/public_body_controller.rb
+++ b/app/controllers/public_body_controller.rb
@@ -3,7 +3,7 @@
 # Show information about a public body.
 #
 # Copyright (c) 2007 UK Citizens Online Democracy. All rights reserved.
-# Email: francis@mysociety.org; WWW: http://www.mysociety.org/
+# Email: hello@mysociety.org; WWW: http://www.mysociety.org/
 
 require 'fastercsv'
 
diff --git a/app/controllers/request_controller.rb b/app/controllers/request_controller.rb
index cad5d5597..e8547f72f 100644
--- a/app/controllers/request_controller.rb
+++ b/app/controllers/request_controller.rb
@@ -1,10 +1,10 @@
+# encoding: UTF-8
 # app/controllers/request_controller.rb:
 # Show information about one particular request.
 #
 # Copyright (c) 2007 UK Citizens Online Democracy. All rights reserved.
-# Email: francis@mysociety.org; WWW: http://www.mysociety.org/
+# Email: hello@mysociety.org; WWW: http://www.mysociety.org/
 
-require 'alaveteli_file_types'
 require 'zip/zip'
 require 'open-uri'
 
@@ -324,9 +324,9 @@ class RequestController < ApplicationController
             message = ""
             if @outgoing_message.contains_email?
                 if @user.nil?
-                    message += (_("<p>You do not need to include your email in the request in order to get a reply, as we will ask for it on the next screen (<a href=\"%s\">details</a>).</p>") % [help_privacy_path+"#email_address"]).html_safe;
+                    message += _("<p>You do not need to include your email in the request in order to get a reply, as we will ask for it on the next screen (<a href=\"{{url}}\">details</a>).</p>", :url => (help_privacy_path+"#email_address").html_safe);
                 else
-                    message += (_("<p>You do not need to include your email in the request in order to get a reply (<a href=\"%s\">details</a>).</p>") % [help_privacy_path+"#email_address"]).html_safe;
+                    message += _("<p>You do not need to include your email in the request in order to get a reply (<a href=\"{{url}}\">details</a>).</p>", :url => (help_privacy_path+"#email_address").html_safe);
                 end
                 message += _("<p>We recommend that you edit your request and remove the email address.
                 If you leave it, the email address will be sent to the authority, but will not be displayed on the site.</p>")
@@ -625,7 +625,7 @@ class RequestController < ApplicationController
 
         if !params[:submitted_followup].nil? && !params[:reedit]
             if @info_request.allow_new_responses_from == 'nobody'
-                flash[:error] = (_('Your follow up has not been sent because this request has been stopped to prevent spam. Please <a href="%s">contact us</a> if you really want to send a follow up message.') % [help_contact_path]).html_safe
+                flash[:error] = _('Your follow up has not been sent because this request has been stopped to prevent spam. Please <a href="{{url}}">contact us</a> if you really want to send a follow up message.', :url => help_contact_path.html_safe)
             else
                 if @info_request.find_existing_outgoing_message(params[:outgoing_message][:body])
                     flash[:error] = _('You previously submitted that exact follow up message for this request.')
@@ -721,7 +721,7 @@ class RequestController < ApplicationController
 
             yield
 
-            if params[:skip_cache].nil?
+            if params[:skip_cache].nil? && response.status == 200
                 # write it to the fileystem ourselves, so is just a plain file. (The
                 # various fragment cache functions using Ruby Marshall to write the file
                 # which adds a header, so isnt compatible with images that have been
@@ -736,6 +736,7 @@ class RequestController < ApplicationController
 
     def get_attachment
         get_attachment_internal(false)
+        return unless @attachment
 
         # Prevent spam to magic request address. Note that the binary
         # subsitution method used depends on the content type
@@ -755,6 +756,7 @@ class RequestController < ApplicationController
             raise ActiveRecord::RecordNotFound.new("Attachment HTML not found.")
         end
         get_attachment_internal(true)
+        return unless @attachment
 
         # images made during conversion (e.g. images in PDF files) are put in the cache directory, so
         # the same cache code in cache_attachments above will display them.
@@ -801,8 +803,11 @@ class RequestController < ApplicationController
 
         # check permissions
         raise "internal error, pre-auth filter should have caught this" if !@info_request.user_can_view?(authenticated_user)
-        @attachment = IncomingMessage.get_attachment_by_url_part_number(@incoming_message.get_attachments_for_display, @part_number)
-        raise ActiveRecord::RecordNotFound.new("attachment not found part number " + @part_number.to_s + " incoming_message " + @incoming_message.id.to_s) if @attachment.nil?
+        @attachment = IncomingMessage.get_attachment_by_url_part_number_and_filename(@incoming_message.get_attachments_for_display, @part_number, @original_filename)
+        # If we can't find the right attachment, redirect to the incoming message:
+        unless @attachment
+            return redirect_to incoming_message_url(@incoming_message), :status => 303
+        end
 
         # check filename in URL matches that in database (use a censor rule if you want to change a filename)
         raise ActiveRecord::RecordNotFound.new("please use same filename as original file has, display: '" + @attachment.display_filename + "' old_display: '" + @attachment.old_display_filename + "' original: '" + @original_filename + "'") if @attachment.display_filename != @original_filename && @attachment.old_display_filename != @original_filename
diff --git a/app/controllers/request_game_controller.rb b/app/controllers/request_game_controller.rb
index 4b6f02970..6eac399ac 100644
--- a/app/controllers/request_game_controller.rb
+++ b/app/controllers/request_game_controller.rb
@@ -2,7 +2,7 @@
 # The 'categorise old requests' game
 #
 # Copyright (c) 2009 UK Citizens Online Democracy. All rights reserved.
-# Email: francis@mysociety.org; WWW: http://www.mysociety.org/
+# Email: hello@mysociety.org; WWW: http://www.mysociety.org/
 
 class RequestGameController < ApplicationController
 
diff --git a/app/controllers/track_controller.rb b/app/controllers/track_controller.rb
index 2679cacc9..40e82e7a4 100644
--- a/app/controllers/track_controller.rb
+++ b/app/controllers/track_controller.rb
@@ -3,7 +3,7 @@
 # social bookmarking.
 #
 # Copyright (c) 2008 UK Citizens Online Democracy. All rights reserved.
-# Email: francis@mysociety.org; WWW: http://www.mysociety.org/
+# Email: hello@mysociety.org; WWW: http://www.mysociety.org/
 
 class TrackController < ApplicationController
 
@@ -157,7 +157,7 @@ class TrackController < ApplicationController
             format.json { render :json => @xapian_object.results.map { |r| r[:model].json_for_api(true,
                     lambda { |t| view_context.highlight_and_excerpt(t, @xapian_object.words_to_highlight, 150) }
                 ) } }
-            format.any { render :template => 'track/atom_feed.atom', :layout => false, :content_type => :atom }
+            format.any { render :template => 'track/atom_feed.atom', :layout => false, :content_type => 'application/atom+xml' }
         end
     end
 
diff --git a/app/controllers/user_controller.rb b/app/controllers/user_controller.rb
index ed05b750b..1ccab3003 100644
--- a/app/controllers/user_controller.rb
+++ b/app/controllers/user_controller.rb
@@ -2,7 +2,7 @@
 # Show information about a user.
 #
 # Copyright (c) 2007 UK Citizens Online Democracy. All rights reserved.
-# Email: francis@mysociety.org; WWW: http://www.mysociety.org/
+# Email: hello@mysociety.org; WWW: http://www.mysociety.org/
 
 require 'set'
 
@@ -531,7 +531,7 @@ class UserController < ApplicationController
     def get_draft_profile_photo
         profile_photo = ProfilePhoto.find(params[:id])
         response.content_type = "image/png"
-        render_for_text(profile_photo.data)
+        render :text => profile_photo.data
     end
 
     # actual profile photo of a user
@@ -546,7 +546,7 @@ class UserController < ApplicationController
         end
 
         response.content_type = "image/png"
-        render_for_text(@display_user.profile_photo.data)
+        render :text => @display_user.profile_photo.data
     end
 
     # Change about me text on your profile page