14 files changed, 54 insertions, 36 deletions

diff --git a/app/controllers/admin_general_controller.rb b/app/controllers/admin_general_controller.rb
index c83ae0f37..2c961dfc5 100644
--- a/app/controllers/admin_general_controller.rb
+++ b/app/controllers/admin_general_controller.rb
@@ -79,11 +79,12 @@ class AdminGeneralController < AdminController
     end
 
     def debug
+        @http_auth_user = admin_http_auth_user
         @current_commit = `git log -1 --format="%H"`
-        @current_branch = `git branch | grep "\*" | awk '{print $2}'`
+        @current_branch = `git branch | perl -ne 'print $1 if /^\\* (.*)/'`
         @current_version = `git describe --always --tags`
-        repo = `git remote show origin -n | grep Fetch | awk '{print $3}' | sed -re 's/.*:(.*).git/\\1/'`
-        @github_origin = "https://github.com/#{repo.strip}/tree/"
+        repo = `git remote show origin -n | perl -ne 'print $1 if m{Fetch URL: .*github\\.com[:/](.*)\\.git}'`
+        @github_origin = "https://github.com/#{repo}/tree/"
         @request_env = request.env
     end
 end
diff --git a/app/controllers/admin_request_controller.rb b/app/controllers/admin_request_controller.rb
index 522e1cd39..fd1405319 100644
--- a/app/controllers/admin_request_controller.rb
+++ b/app/controllers/admin_request_controller.rb
@@ -340,15 +340,24 @@ class AdminRequestController < AdminController
 
     def hide_request
         ActiveRecord::Base.transaction do
+            subject = params[:subject]
             explanation = params[:explanation]
             info_request = InfoRequest.find(params[:id])
-            info_request.set_described_state(params[:reason])
             info_request.prominence = "requester_only"
+            
+            info_request.log_event("hide", {
+                    :editor => admin_http_auth_user(),
+                    :reason => params[:reason],
+                    :subject => subject,
+                    :explanation => explanation
+            })
+            
+            info_request.set_described_state(params[:reason])
             info_request.save!
 
             ContactMailer.deliver_from_admin_message(
                     info_request.user,
-                    "hello",
+                    subject,
                     params[:explanation]
                 )
             flash[:notice] = _("Your message to {{recipient_user_name}} has been sent",:recipient_user_name=>CGI.escapeHTML(info_request.user.name))
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index e305e90f4..41adf1848 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -202,7 +202,7 @@ class ApplicationController < ActionController::Base
         # return stub path so admin can expire it
         first_three_digits = info_request.id.to_s()[0..2]
         path = "views/request/#{first_three_digits}/#{info_request.id}"
-        foi_cache_path = File.join(File.dirname(__FILE__), '../../cache')
+        foi_cache_path = File.expand_path(File.join(File.dirname(__FILE__), '../../cache'))
         return File.join(foi_cache_path, path)
     end
     def foi_fragment_cache_exists?(key_path)
@@ -345,9 +345,6 @@ class ApplicationController < ActionController::Base
             return "*unknown*";
         end
     end
-    def assign_http_auth_user
-        @http_auth_user = admin_http_auth_user
-    end
 
     # Convert URL name for sort by order, to Xapian query
     def order_to_sort_by(sortby)
diff --git a/app/controllers/request_controller.rb b/app/controllers/request_controller.rb
index 94fbcde29..bd2bfc974 100644
--- a/app/controllers/request_controller.rb
+++ b/app/controllers/request_controller.rb
@@ -656,6 +656,12 @@ class RequestController < ApplicationController
 
     def report_request
         info_request = InfoRequest.find_by_url_title(params[:url_title])
+        return if !authenticated?(
+                :web => _("To report this FOI request"),
+                :email => _("Then you can report the request '{{title}}'", :title => info_request.title),
+                :email_subject => _("Report an offensive or unsuitable request")
+            )
+        
         if !info_request.attention_requested
             info_request.set_described_state('attention_requested')
             info_request.attention_requested = true # tells us if attention has ever been requested
@@ -839,7 +845,7 @@ class RequestController < ApplicationController
                               )
                 updated = Digest::SHA1.hexdigest(info_request.get_last_event.created_at.to_i.to_s + info_request.updated_at.to_i.to_s)
                 @url_path = "/download/#{updated[0..1]}/#{updated}/#{params[:url_title]}.zip"
-                file_path = File.join(File.dirname(__FILE__), '../../cache/zips', @url_path)
+                file_path = File.expand_path(File.join(File.dirname(__FILE__), '../../cache/zips', @url_path))
                 if !File.exists?(file_path)
                     FileUtils.mkdir_p(File.dirname(file_path))
                     Zip::ZipFile.open(file_path, Zip::ZipFile::CREATE) { |zipfile|
diff --git a/app/models/contact_mailer.rb b/app/models/contact_mailer.rb
index 800fe54e4..6e781d48c 100644
--- a/app/models/contact_mailer.rb
+++ b/app/models/contact_mailer.rb
@@ -52,6 +52,7 @@ class ContactMailer < ApplicationMailer
             :from_user => @from,
             :recipient_user => recipient_user,
         }
+        bcc MySociety::Config::get("CONTACT_EMAIL")
     end
 
 end
diff --git a/app/models/foi_attachment.rb b/app/models/foi_attachment.rb
index f3e3d7e00..9bbf0988f 100644
--- a/app/models/foi_attachment.rb
+++ b/app/models/foi_attachment.rb
@@ -42,7 +42,7 @@ class FoiAttachment < ActiveRecord::Base
         if rails_env.nil? || rails_env.empty?
             raise "$RAILS_ENV is not set"
         end
-        base_dir = File.join(File.dirname(__FILE__), "../../cache", "attachments_#{rails_env}")
+        base_dir = File.expand_path(File.join(File.dirname(__FILE__), "../../cache", "attachments_#{rails_env}"))
         return File.join(base_dir, self.hexdigest[0..2])
     end
 
diff --git a/app/models/info_request_event.rb b/app/models/info_request_event.rb
index a410328b0..9a4f6d9fe 100644
--- a/app/models/info_request_event.rb
+++ b/app/models/info_request_event.rb
@@ -51,6 +51,7 @@ class InfoRequestEvent < ActiveRecord::Base
          'destroy_outgoing', # deleted an outgoing message (in admin interface)
          'redeliver_incoming', # redelivered an incoming message elsewhere (in admin interface)
          'move_request', # changed user or public body (in admin interface)
+         'hide', # hid a request (in admin interface)
          'manual', # you did something in the db by hand
          
          'response',
diff --git a/app/views/admin_general/timeline.rhtml b/app/views/admin_general/timeline.rhtml
index 39a4b3e36..eecab4823 100644
--- a/app/views/admin_general/timeline.rhtml
+++ b/app/views/admin_general/timeline.rhtml
@@ -65,6 +65,8 @@
             had incoming message deleted by administrator <strong><%=h event.params[:editor] %></strong>.
         <% elsif event.event_type == 'destroy_outgoing' %>
             had outgoing message deleted by administrator <strong><%=h event.params[:editor] %></strong>.
+        <% elsif event.event_type == 'hide' %>
+            was hidden by administrator <strong><%=h event.params[:editor] %></strong>.
         <% elsif event.event_type == 'redeliver_outgoing' %>
             had incoming message redelivered to another request by administrator <strong><%=h event.params[:editor] %></strong>.
          <% elsif event.event_type == 'response' %>
diff --git a/app/views/admin_request/hidden_user_explanation.rhtml b/app/views/admin_request/hidden_user_explanation.rhtml
index aaea49fb6..64387ffee 100644
--- a/app/views/admin_request/hidden_user_explanation.rhtml
+++ b/app/views/admin_request/hidden_user_explanation.rhtml
@@ -2,7 +2,7 @@ Dear <%= name_to %>,
 
 Your request '<%= info_request.title %>' at <%= info_request_url %> has been reviewed by moderators.  
 
-We consider it <% if reason == 'not_foi' %>is not a valid FOI request<% else %>to be vexatious<% end%>, and have therefore hidden it from other users.  Please reply to this email if you would like to discuss this decision further.
+We consider it <% if reason == 'not_foi' %>is not a valid FOI request<% else %>to be vexatious<% end%>, and have therefore hidden it from other users. You will still be able to view it while logged in to the site. Please reply to this email if you would like to discuss this decision further.
 
 Yours,
 
diff --git a/app/views/general/_orglink.rhtml b/app/views/general/_orglink.rhtml
index 7d74dbaac..fbe688d85 100644
--- a/app/views/general/_orglink.rhtml
+++ b/app/views/general/_orglink.rhtml
@@ -1,2 +1,2 @@
-<%-# Put the link to your organisation here, or leave blank -%>
-<%= link_to image_tag('logo.png'), frontpage_url, :id=>'logo' %> 
+<%# Put the link to your organisation here, or leave blank %>
+<%= link_to image_tag('logo.png'), frontpage_url, :id=>'logo' %>
diff --git a/app/views/layouts/admin.rhtml b/app/views/layouts/admin.rhtml
index 65670538d..d85eecbf2 100644
--- a/app/views/layouts/admin.rhtml
+++ b/app/views/layouts/admin.rhtml
@@ -13,15 +13,15 @@
 
     <p>
     <strong><%= link_to 'Alaveteli', main_url('/') %> admin:</strong> 
-    <%= link_to 'Summary', admin_general_index_path %>
-    | <%= link_to 'Timeline', admin_timeline_path %>
-    | <%= link_to 'Stats', admin_stats_path %>
-    | <%= link_to 'Debug', admin_debug_path %>
+    <%= link_to 'Summary', admin_url("") %>
+    | <%= link_to 'Timeline', admin_url("timeline") %>
+    | <%= link_to 'Stats', admin_url("stats") %>
+    | <%= link_to 'Debug', admin_url("debug") %>
     <strong>View:</strong>
-    <%= link_to 'Authorities', admin_body_list_path %>
-    | <%= link_to 'Requests', admin_request_list_path %>
-    | <%= link_to 'Users', admin_user_list_path %>
-    | <%= link_to 'Tracks', admin_track_list_path %>
+    <%= link_to 'Authorities', admin_url("body/list") %>
+    | <%= link_to 'Requests', admin_url("request/list") %>
+    | <%= link_to 'Users', admin_url("user/list") %>
+    | <%= link_to 'Tracks', admin_url("track/list") %>
     </p>
     <%= render :partial => 'general/locale_switcher' %>
 
diff --git a/app/views/layouts/default.rhtml b/app/views/layouts/default.rhtml
index bc9dfb02d..ed0a52e85 100644
--- a/app/views/layouts/default.rhtml
+++ b/app/views/layouts/default.rhtml
@@ -147,7 +147,6 @@
 
     <%= render :partial => 'general/footer' %>
 
-    <%= render :partial => 'general/before_body_end' %>
 </div>
 <div id="other-country-notice"></div>
 <div id="link_box"><span class="close-button">X</span>
@@ -157,18 +156,20 @@
 </div>
     <%
       ga_code = MySociety::Config.get('GA_CODE', '')
-      unless ga_code.empty?
-    %>
-    <script>
-      var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");
-      document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));
-    </script>
-    <script>
-      var pageTracker = _gat._getTracker("<%=ga_code%>");
-      pageTracker._trackPageview();
-    </script>
-    <% end %>
+      
+      unless ga_code.empty? %>
+        <script>
+          var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");
+          document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));
+        </script>
+        <script>
+          var pageTracker = _gat._getTracker("<%=ga_code%>");
+          pageTracker._trackPageview();
+        </script>
+        
+      <% end %>
 
+      <%= render :partial => 'general/before_body_end' %>
     </body>
 </html>
 
diff --git a/app/views/request/_bubble.rhtml b/app/views/request/_bubble.rhtml
index 87079e9ea..331c2163e 100644
--- a/app/views/request/_bubble.rhtml
+++ b/app/views/request/_bubble.rhtml
@@ -13,7 +13,7 @@
                                     :file_name => a.display_filename + '.html') 
                         %>
                         <% img_filename = "icon_" + a.content_type.sub('/', '_') + "_large.png"
-                        full_filename = File.join(File.dirname(__FILE__), "../../../public/images", img_filename)
+                        full_filename = File.expand_path(File.join(File.dirname(__FILE__), "../../../public/images", img_filename))
                         if File.exist?(full_filename) %>
                             <a href="<%=attachment_url%>"><img class="attachment_image" alt="Attachment" src="/images/<%=img_filename%>"></a>
                         <% else %>
diff --git a/app/views/request/_sidebar.rhtml b/app/views/request/_sidebar.rhtml
index bca142fa9..956b3988b 100644
--- a/app/views/request/_sidebar.rhtml
+++ b/app/views/request/_sidebar.rhtml
@@ -13,7 +13,7 @@
      <% else %>
       <p><%= _('Requests for personal information and vexatious requests are not considered valid for FOI purposes (<a href="/help/about">read more</a>).') %>
        <p><%= ('If you believe this request is not suitable, you can report it for attention by the site administrators') %></p>
-       <%= link_to _("Report this request"), report_path, :class => "link_button_green" %>
+       <%= link_to _("Report this request"), report_path, :class => "link_button_green", :method => "POST" %>
       <% end %>
     <% end %>
     <h2><%= _("Act on what you've learnt") %></h2>