diff options
Diffstat (limited to 'app')
| -rw-r--r-- | app/controllers/admin_request_controller.rb | 2 | ||||
| -rw-r--r-- | app/controllers/application_controller.rb | 2 | ||||
| -rw-r--r-- | app/controllers/request_controller.rb | 2 | ||||
| -rw-r--r-- | app/models/track_thing.rb | 9 | ||||
| -rw-r--r-- | app/models/user.rb | 3 | ||||
| -rw-r--r-- | app/views/admin_general/debug.rhtml | 2 | ||||
| -rw-r--r-- | app/views/public_body/view_email.rhtml | 4 | ||||
| -rw-r--r-- | app/views/request/_followup.rhtml | 4 | ||||
| -rw-r--r-- | app/views/request/_sidebar.rhtml | 2 | ||||
| -rw-r--r-- | app/views/request/_wall_listing.rhtml | 10 | ||||
| -rw-r--r-- | app/views/request/upload_response.rhtml | 6 |
11 files changed, 23 insertions, 23 deletions
diff --git a/app/controllers/admin_request_controller.rb b/app/controllers/admin_request_controller.rb index c7c8d4972..e39d55c7c 100644 --- a/app/controllers/admin_request_controller.rb +++ b/app/controllers/admin_request_controller.rb @@ -304,7 +304,7 @@ class AdminRequestController < AdminController post_redirect.save! url = main_url(confirm_url(:email_token => post_redirect.email_token, :only_path => true)) - flash[:notice] = 'Send "' + name + '" <<a href="mailto:' + email + '">' + email + '</a>> this URL: <a href="' + url + '">' + url + "</a> - it will log them in and let them upload a response to this request." + flash[:notice] = 'Send "' + name + '" <<a href="mailto:' + email + '">' + email + '</a>> this URL: <a href="' + url + '">' + url + "</a> - it will log them in and let them upload a response to this request.".html_safe redirect_to request_admin_url(info_request) end diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index a946526b8..ed1523f75 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -564,7 +564,7 @@ class ApplicationController < ActionController::Base end def set_popup_banner - @popup_banner = render_to_string(:partial => "general/popup_banner").strip + @popup_banner = render_to_string(:partial => "general/popup_banner").strip.html_safe end # URL generating functions are needed by all controllers (for redirects), # views (for links) and mailers (for use in emails), so include them into diff --git a/app/controllers/request_controller.rb b/app/controllers/request_controller.rb index 49d2f35f3..dfa3a4834 100644 --- a/app/controllers/request_controller.rb +++ b/app/controllers/request_controller.rb @@ -333,7 +333,7 @@ class RequestController < ApplicationController message += _("<p>Your request contains a <strong>postcode</strong>. Unless it directly relates to the subject of your request, please remove any address as it will <strong>appear publicly on the Internet</strong>.</p>"); end if not message.empty? - flash.now[:error] = message + flash.now[:error] = message.html_safe end render :action => 'preview' return diff --git a/app/models/track_thing.rb b/app/models/track_thing.rb index 81800f0ae..dfe92b7fe 100644 --- a/app/models/track_thing.rb +++ b/app/models/track_thing.rb @@ -199,7 +199,8 @@ class TrackThing < ActiveRecord::Base if self.track_type == 'request_updates' @params = { # Website - :list_description => _("'{{link_to_request}}', a request", :link_to_request => "<a href=\"/request/" + CGI.escapeHTML(self.info_request.url_title) + "\">" + CGI.escapeHTML(self.info_request.title) + "</a>"), # XXX yeuch, sometimes I just want to call view helpers from the model, sorry! can't work out how + :list_description => _("'{{link_to_request}}', a request", + :link_to_request => ("<a href=\"/request/" + CGI.escapeHTML(self.info_request.url_title) + "\">" + CGI.escapeHTML(self.info_request.title) + "</a>").html_safe), # XXX yeuch, sometimes I just want to call view helpers from the model, sorry! can't work out how :verb_on_page => _("Follow this request"), :verb_on_page_already => _("You are already following this request"), # Email @@ -250,7 +251,7 @@ class TrackThing < ActiveRecord::Base elsif self.track_type == 'public_body_updates' @params = { # Website - :list_description => _("'{{link_to_authority}}', a public authority", :link_to_authority => "<a href=\"/body/" + CGI.escapeHTML(self.public_body.url_name) + "\">" + CGI.escapeHTML(self.public_body.name) + "</a>"), # XXX yeuch, sometimes I just want to call view helpers from the model, sorry! can't work out how + :list_description => _("'{{link_to_authority}}', a public authority", :link_to_authority => ("<a href=\"/body/" + CGI.escapeHTML(self.public_body.url_name) + "\">" + CGI.escapeHTML(self.public_body.name) + "</a>").html_safe), # XXX yeuch, sometimes I just want to call view helpers from the model, sorry! can't work out how :verb_on_page => _("Follow requests to {{public_body_name}}",:public_body_name=>CGI.escapeHTML(self.public_body.name)), :verb_on_page_already => _("You are already following requests to {{public_body_name}}", :public_body_name=>CGI.escapeHTML(self.public_body.name)), # Email @@ -266,7 +267,7 @@ class TrackThing < ActiveRecord::Base elsif self.track_type == 'user_updates' @params = { # Website - :list_description => _("'{{link_to_user}}', a person", :link_to_user => "<a href=\"/user/" + CGI.escapeHTML(self.tracked_user.url_name) + "\">" + CGI.escapeHTML(self.tracked_user.name) + "</a>"), # XXX yeuch, sometimes I just want to call view helpers from the model, sorry! can't work out how + :list_description => _("'{{link_to_user}}', a person", :link_to_user => ("<a href=\"/user/" + CGI.escapeHTML(self.tracked_user.url_name) + "\">" + CGI.escapeHTML(self.tracked_user.name) + "</a>").html_safe), # XXX yeuch, sometimes I just want to call view helpers from the model, sorry! can't work out how :verb_on_page => _("Follow this person"), :verb_on_page_already => _("You are already following this person"), # Email @@ -282,7 +283,7 @@ class TrackThing < ActiveRecord::Base elsif self.track_type == 'search_query' @params = { # Website - :list_description => "<a href=\"/search/" + CGI.escapeHTML(self.track_query) + "/newest/advanced\">" + self.track_query_description + "</a>", # XXX yeuch, sometimes I just want to call view helpers from the model, sorry! can't work out how + :list_description => ("<a href=\"/search/" + CGI.escapeHTML(self.track_query) + "/newest/advanced\">" + CGI.escapeHTML(self.track_query_description) + "</a>").html_safe, # XXX yeuch, sometimes I just want to call view helpers from the model, sorry! can't work out how :verb_on_page => _("Follow things matching this search"), :verb_on_page_already => _("You are already following things matching this search"), # Email diff --git a/app/models/user.rb b/app/models/user.rb index 617b51c60..e6c666e47 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -354,12 +354,13 @@ class User < ActiveRecord::Base end # Return about me text for display as HTML + # TODO: Move this to a view helper def get_about_me_for_html_display text = self.about_me.strip text = CGI.escapeHTML(text) text = MySociety::Format.make_clickable(text, :contract => 1) text = text.gsub(/\n/, '<br>') - return text + return text.html_safe end def json_for_api diff --git a/app/views/admin_general/debug.rhtml b/app/views/admin_general/debug.rhtml index 99488ba0c..b0749bedb 100644 --- a/app/views/admin_general/debug.rhtml +++ b/app/views/admin_general/debug.rhtml @@ -20,8 +20,6 @@ Rails::VERSION::STRING <%=h Rails::VERSION::STRING%> TMail::VERSION::STRING <%=h TMail::VERSION::STRING%> <br> Xapian::version_string <%=h Xapian::version_string%> -<br> -Spec::VERSION::STRING <%=h Spec::VERSION::STRING%> </p> <h2>Configuration</h2> diff --git a/app/views/public_body/view_email.rhtml b/app/views/public_body/view_email.rhtml index 50601069f..79d7f7f4c 100644 --- a/app/views/public_body/view_email.rhtml +++ b/app/views/public_body/view_email.rhtml @@ -25,9 +25,9 @@ <p> <% if @public_body.is_requestable? || @public_body.not_requestable_reason != 'bad_contact' %> - <%= _('If the address is wrong, or you know a better address, please <a href="%s">contact us</a>.')% [help_contact_path]%> + <%= raw _('If the address is wrong, or you know a better address, please <a href="%s">contact us</a>.')% [help_contact_path]%> <% else %> - <%= _(' If you know the address to use, then please <a href="%s">send it to us</a>. + <%= raw _(' If you know the address to use, then please <a href="%s">send it to us</a>. You may be able to find the address on their website, or by phoning them up and asking.')% [help_contact_path] %> <% end %> </p> diff --git a/app/views/request/_followup.rhtml b/app/views/request/_followup.rhtml index c329cea97..045bcd9ba 100644 --- a/app/views/request/_followup.rhtml +++ b/app/views/request/_followup.rhtml @@ -61,7 +61,7 @@ <% status = @info_request.calculate_status %> <% if status == 'waiting_response_overdue' %> - <p><%= _('The response to your request has been <strong>delayed</strong>. You can say that, + <p><%= _('The response to your request has been <strong>delayed</strong>. You can say that, by law, the authority should normally have responded <strong>promptly</strong> and') %> <% if @info_request.public_body.is_school? %> @@ -73,7 +73,7 @@ </p> <% elsif status == 'waiting_response_very_overdue' %> <p> - <%= _('The response to your request is <strong>long overdue</strong>. You can say that, by + <%= _('The response to your request is <strong>long overdue</strong>. You can say that, by law, under all circumstances, the authority should have responded by now') %> (<%= raw(_('<a href="%s">details</a>') % ["#{help_requesting_path}#quickly_response"]) %>). </p> diff --git a/app/views/request/_sidebar.rhtml b/app/views/request/_sidebar.rhtml index 5e0c6fd2d..884d4b2b1 100644 --- a/app/views/request/_sidebar.rhtml +++ b/app/views/request/_sidebar.rhtml @@ -4,7 +4,7 @@ <% follower_count = TrackThing.count(:all, :conditions => ["info_request_id = ?", @info_request.id]) + 1 %> <p><%= n_("There is %d person following this request", "There are %d people following this request", follower_count) % follower_count %></p> - <%= render :partial => 'track/tracking_links', :locals => { :track_thing => @track_thing, :own_request => @info_request.user == @user, :location => 'sidebar' } %> + <%= render :partial => 'track/tracking_links', :locals => { :track_thing => @track_thing, :own_request => @info_request.user && @info_request.user == @user, :location => 'sidebar' } %> </div> <% if @info_request.described_state != "attention_requested" %> <h2><%= _('Offensive? Unsuitable?') %></h2> diff --git a/app/views/request/_wall_listing.rhtml b/app/views/request/_wall_listing.rhtml index 9cde234c0..26d34e1a1 100644 --- a/app/views/request/_wall_listing.rhtml +++ b/app/views/request/_wall_listing.rhtml @@ -6,13 +6,13 @@ end %> <div class="request_left"> <div class="requester"> <% if event.event_type == 'sent' %> - <%= _('A new request, <em><a href="{{request_url}}">{{request_title}}</a></em>, was sent to {{public_body_name}} by {{info_request_user}} on {{date}}.',:public_body_name=>public_body_link_absolute(info_request.public_body),:info_request_user=>user_link_absolute(info_request.user),:date=>simple_date(event.created_at),:request_url=>request_url(info_request),:request_title=>info_request.title) %> + <%= _('A new request, <em><a href="{{request_url}}">{{request_title}}</a></em>, was sent to {{public_body_name}} by {{info_request_user}} on {{date}}.',:public_body_name=>public_body_link_absolute(info_request.public_body),:info_request_user=>request_user_link_absolute(info_request),:date=>simple_date(event.created_at),:request_url=>request_url(info_request),:request_title=>info_request.title) %> <% elsif event.event_type == 'followup_sent' %> - <%= _('A <a href="{{request_url}}">follow up</a> to <em>{{request_title}}</em> was sent to {{public_body_name}} by {{info_request_user}} on {{date}}.',:public_body_name=>public_body_link_absolute(info_request.public_body),:info_request_user=>user_link_absolute(info_request.user),:date=>simple_date(event.created_at),:request_url=>outgoing_message_url(event.outgoing_message),:request_title=>info_request.title) %> + <%= _('A <a href="{{request_url}}">follow up</a> to <em>{{request_title}}</em> was sent to {{public_body_name}} by {{info_request_user}} on {{date}}.',:public_body_name=>public_body_link_absolute(info_request.public_body),:info_request_user=>request_user_link_absolute(info_request),:date=>simple_date(event.created_at),:request_url=>outgoing_message_url(event.outgoing_message),:request_title=>info_request.title) %> <% elsif event.event_type == 'response' %> - <%= _('A <a href="{{request_url}}">response</a> to <em>{{request_title}}</em> was sent by {{public_body_name}} to {{info_request_user}} on {{date}}. The request status is: {{request_status}}',:public_body_name=>public_body_link_absolute(info_request.public_body),:info_request_user=>user_link_absolute(info_request.user),:date=>simple_date(event.created_at),:request_url=>incoming_message_url(event.incoming_message_selective_columns("incoming_messages.id")),:request_title=>info_request.title,:request_status=>info_request.display_status) %> + <%= _('A <a href="{{request_url}}">response</a> to <em>{{request_title}}</em> was sent by {{public_body_name}} to {{info_request_user}} on {{date}}. The request status is: {{request_status}}',:public_body_name=>public_body_link_absolute(info_request.public_body),:info_request_user=>request_user_link_absolute(info_request),:date=>simple_date(event.created_at),:request_url=>incoming_message_url(event.incoming_message_selective_columns("incoming_messages.id")),:request_title=>info_request.title,:request_status=>info_request.display_status) %> <% elsif event.event_type == 'comment' %> - <%= _('An <a href="{{request_url}}">annotation</a> to <em>{{request_title}}</em> was made by {{event_comment_user}} on {{date}}',:public_body_name=>public_body_link_absolute(info_request.public_body),:info_request_user=>user_link_absolute(info_request.user),:event_comment_user=>user_link_absolute(event.comment.user),:date=>simple_date(event.created_at),:request_url=>comment_url(event.comment),:request_title=>info_request.title) %> + <%= _('An <a href="{{request_url}}">annotation</a> to <em>{{request_title}}</em> was made by {{event_comment_user}} on {{date}}',:public_body_name=>public_body_link_absolute(info_request.public_body),:info_request_user=>request_user_link_absolute(info_request),:event_comment_user=>user_link_absolute(event.comment.user),:date=>simple_date(event.created_at),:request_url=>comment_url(event.comment),:request_title=>info_request.title) %> <% else %> <%# Events of other types will not be indexed: see InfoRequestEvent#indexed_by_search? However, it can happen that we see other types of event transiently here in the period @@ -22,7 +22,7 @@ end %> </div> </div> <div class="request_right"> - <span class="desc"> + <span class="desc"> <%= highlight_and_excerpt(event.search_text_main(true), @highlight_words, 150) %> </span> </div> diff --git a/app/views/request/upload_response.rhtml b/app/views/request/upload_response.rhtml index bc129426d..675951595 100644 --- a/app/views/request/upload_response.rhtml +++ b/app/views/request/upload_response.rhtml @@ -12,7 +12,7 @@ <h1><%= _('Respond to the FOI request')%> '<%=request_link(@info_request)%>'<% _(' made by ')%><%=user_link(@info_request.user) %></h1> <p> - <%= _('Your response will <strong>appear on the Internet</strong>, <a href="%s">read why</a> and answers to other questions.')% [help_officers_path] %> + <%= raw(_('Your response will <strong>appear on the Internet</strong>, <a href="%s">read why</a> and answers to other questions.') % [help_officers_path]) %> </p> <h2><%= _('Respond by email')%></h2> @@ -27,8 +27,8 @@ <h2><%= _('Respond using the web')%></h2> - <p><%= _('Enter your response below. You may attach one file (use email, or - <a href="%s">contact us</a> if you need more).')% [help_contact_path] %></p> + <p><%= raw(_('Enter your response below. You may attach one file (use email, or + <a href="%s">contact us</a> if you need more).')% [help_contact_path]) %></p> <% form_tag '', :id => 'upload_response_form', :multipart => true do %> <p> |