diff options
Diffstat (limited to 'app')
| -rw-r--r-- | app/controllers/request_controller.rb | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/app/controllers/request_controller.rb b/app/controllers/request_controller.rb index c35e1688e..513c3716a 100644 --- a/app/controllers/request_controller.rb +++ b/app/controllers/request_controller.rb @@ -4,7 +4,7 @@ # Copyright (c) 2007 UK Citizens Online Democracy. All rights reserved. # Email: francis@mysociety.org; WWW: http://www.mysociety.org/ # -# $Id: request_controller.rb,v 1.172 2009-09-02 17:00:51 francis Exp $ +# $Id: request_controller.rb,v 1.173 2009-09-02 23:21:27 francis Exp $ class RequestController < ApplicationController @@ -577,8 +577,11 @@ class RequestController < ApplicationController @attachment = IncomingMessage.get_attachment_by_url_part_number(@incoming_message.get_attachments_for_display, @part_number) - # Prevent spam to magic request address. - # It's a bit dodgy modifying a binary like this but hey. Some mime types are excluded for that reason. + # check filename in URL matches that in database (use a censor rule if you want to change a filename) + raise "please use same filename as original file has" if @attachment.display_filename != @original_filename + + # Prevent spam to magic request address. Note that the binary + # subsitution method used depends on the content type @attachment.body = @incoming_message.binary_mask_stuff(@attachment.body, @attachment.content_type) @attachment_url = get_attachment_url(:id => @incoming_message.info_request_id, |