diff options
Diffstat (limited to 'app')
61 files changed, 334 insertions, 310 deletions
diff --git a/app/controllers/admin_request_controller.rb b/app/controllers/admin_request_controller.rb index c7c8d4972..e39d55c7c 100644 --- a/app/controllers/admin_request_controller.rb +++ b/app/controllers/admin_request_controller.rb @@ -304,7 +304,7 @@ class AdminRequestController < AdminController post_redirect.save! url = main_url(confirm_url(:email_token => post_redirect.email_token, :only_path => true)) - flash[:notice] = 'Send "' + name + '" <<a href="mailto:' + email + '">' + email + '</a>> this URL: <a href="' + url + '">' + url + "</a> - it will log them in and let them upload a response to this request." + flash[:notice] = 'Send "' + name + '" <<a href="mailto:' + email + '">' + email + '</a>> this URL: <a href="' + url + '">' + url + "</a> - it will log them in and let them upload a response to this request.".html_safe redirect_to request_admin_url(info_request) end diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index a946526b8..ed1523f75 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -564,7 +564,7 @@ class ApplicationController < ActionController::Base end def set_popup_banner - @popup_banner = render_to_string(:partial => "general/popup_banner").strip + @popup_banner = render_to_string(:partial => "general/popup_banner").strip.html_safe end # URL generating functions are needed by all controllers (for redirects), # views (for links) and mailers (for use in emails), so include them into diff --git a/app/controllers/general_controller.rb b/app/controllers/general_controller.rb index 3ba636e29..875e39494 100644 --- a/app/controllers/general_controller.rb +++ b/app/controllers/general_controller.rb @@ -19,53 +19,51 @@ class GeneralController < ApplicationController # New, improved front page! def frontpage medium_cache - behavior_cache :tag => [session[:user_id], request.url] do - # get some example searches and public bodies to display - # either from config, or based on a (slow!) query if not set - body_short_names = Configuration::frontpage_publicbody_examples.split(/\s*;\s*/).map{|s| "'%s'" % s.gsub(/'/, "''") }.join(", ") - @locale = self.locale_from_params() - locale_condition = 'public_body_translations.locale = ?' - conditions = [locale_condition, @locale] - PublicBody.with_locale(@locale) do - if body_short_names.empty? - # This is too slow - @popular_bodies = PublicBody.visible.find(:all, - :order => "info_requests_count desc", - :limit => 32, - :conditions => conditions, - :joins => :translations - ) - else - conditions[0] += " and public_bodies.url_name in (" + body_short_names + ")" - @popular_bodies = PublicBody.find(:all, - :conditions => conditions, - :joins => :translations) - end + # get some example searches and public bodies to display + # either from config, or based on a (slow!) query if not set + body_short_names = Configuration::frontpage_publicbody_examples.split(/\s*;\s*/).map{|s| "'%s'" % s.gsub(/'/, "''") }.join(", ") + @locale = self.locale_from_params() + locale_condition = 'public_body_translations.locale = ?' + conditions = [locale_condition, @locale] + PublicBody.with_locale(@locale) do + if body_short_names.empty? + # This is too slow + @popular_bodies = PublicBody.visible.find(:all, + :order => "info_requests_count desc", + :limit => 32, + :conditions => conditions, + :joins => :translations + ) + else + conditions[0] += " and public_bodies.url_name in (" + body_short_names + ")" + @popular_bodies = PublicBody.find(:all, + :conditions => conditions, + :joins => :translations) end - # Get some successful requests - begin - query = 'variety:response (status:successful OR status:partially_successful)' - sortby = "newest" - max_count = 5 - xapian_object = perform_search([InfoRequestEvent], query, sortby, 'request_title_collapse', max_count) - @request_events = xapian_object.results.map { |r| r[:model] } - - # If there are not yet enough successful requests, fill out the list with - # other requests - if @request_events.count < max_count - @request_events_all_successful = false - query = 'variety:sent' - xapian_object = perform_search([InfoRequestEvent], query, sortby, 'request_title_collapse', max_count-@request_events.count) - more_events = xapian_object.results.map { |r| r[:model] } - @request_events += more_events - # Overall we still want the list sorted with the newest first - @request_events.sort!{|e1,e2| e2.created_at <=> e1.created_at} - else - @request_events_all_successful = true - end - rescue - @request_events = [] + end + # Get some successful requests + begin + query = 'variety:response (status:successful OR status:partially_successful)' + sortby = "newest" + max_count = 5 + xapian_object = perform_search([InfoRequestEvent], query, sortby, 'request_title_collapse', max_count) + @request_events = xapian_object.results.map { |r| r[:model] } + + # If there are not yet enough successful requests, fill out the list with + # other requests + if @request_events.count < max_count + @request_events_all_successful = false + query = 'variety:sent' + xapian_object = perform_search([InfoRequestEvent], query, sortby, 'request_title_collapse', max_count-@request_events.count) + more_events = xapian_object.results.map { |r| r[:model] } + @request_events += more_events + # Overall we still want the list sorted with the newest first + @request_events.sort!{|e1,e2| e2.created_at <=> e1.created_at} + else + @request_events_all_successful = true end + rescue + @request_events = [] end end diff --git a/app/controllers/help_controller.rb b/app/controllers/help_controller.rb index cf90f45bb..573abac63 100644 --- a/app/controllers/help_controller.rb +++ b/app/controllers/help_controller.rb @@ -19,7 +19,6 @@ class HelpController < ApplicationController def contact @contact_email = Configuration::contact_email - @contact_email = @contact_email.gsub(/@/, "@") # if they clicked remove for link to request/body, remove it if params[:remove] @@ -50,7 +49,7 @@ class HelpController < ApplicationController end @contact = ContactValidator.new(params[:contact]) if @contact.valid? && !params[:remove] - ContactMailer.deliver_message( + ContactMailer.deliver_to_admin_message( params[:contact][:name], params[:contact][:email], params[:contact][:subject], diff --git a/app/controllers/request_controller.rb b/app/controllers/request_controller.rb index 970dfca45..dfa3a4834 100644 --- a/app/controllers/request_controller.rb +++ b/app/controllers/request_controller.rb @@ -99,15 +99,13 @@ class RequestController < ApplicationController # Sidebar stuff # ... requests that have similar imporant terms - behavior_cache :tag => ['similar', @info_request.id] do - begin - limit = 10 - @xapian_similar = ::ActsAsXapian::Similar.new([InfoRequestEvent], @info_request.info_request_events, - :limit => limit, :collapse_by_prefix => 'request_collapse') - @xapian_similar_more = (@xapian_similar.matches_estimated > limit) - rescue - @xapian_similar = nil - end + begin + limit = 10 + @xapian_similar = ::ActsAsXapian::Similar.new([InfoRequestEvent], @info_request.info_request_events, + :limit => limit, :collapse_by_prefix => 'request_collapse') + @xapian_similar_more = (@xapian_similar.matches_estimated > limit) + rescue + @xapian_similar = nil end # Track corresponding to this page @@ -180,13 +178,10 @@ class RequestController < ApplicationController query = make_query_from_params @title = _("View and search requests") sortby = "newest" - @cache_tag = Digest::MD5.hexdigest(query + @page.to_s + I18n.locale.to_s) - behavior_cache :tag => [@cache_tag] do - xapian_object = perform_search([InfoRequestEvent], query, sortby, 'request_collapse') - @list_results = xapian_object.results.map { |r| r[:model] } - @matches_estimated = xapian_object.matches_estimated - @show_no_more_than = (@matches_estimated > MAX_RESULTS) ? MAX_RESULTS : @matches_estimated - end + xapian_object = perform_search([InfoRequestEvent], query, sortby, 'request_collapse') + @list_results = xapian_object.results.map { |r| r[:model] } + @matches_estimated = xapian_object.matches_estimated + @show_no_more_than = (@matches_estimated > MAX_RESULTS) ? MAX_RESULTS : @matches_estimated @title = @title + " (page " + @page.to_s + ")" if (@page > 1) @track_thing = TrackThing.create_track_for_search_query(query) @@ -327,9 +322,9 @@ class RequestController < ApplicationController message = "" if @outgoing_message.contains_email? if @user.nil? - message += _("<p>You do not need to include your email in the request in order to get a reply, as we will ask for it on the next screen (<a href=\"%s\">details</a>).</p>") % [help_privacy_path+"#email_address"]; + message += (_("<p>You do not need to include your email in the request in order to get a reply, as we will ask for it on the next screen (<a href=\"%s\">details</a>).</p>") % [help_privacy_path+"#email_address"]).html_safe; else - message += _("<p>You do not need to include your email in the request in order to get a reply (<a href=\"%s\">details</a>).</p>") % [help_privacy_path+"#email_address"]; + message += (_("<p>You do not need to include your email in the request in order to get a reply (<a href=\"%s\">details</a>).</p>") % [help_privacy_path+"#email_address"]).html_safe; end message += _("<p>We recommend that you edit your request and remove the email address. If you leave it, the email address will be sent to the authority, but will not be displayed on the site.</p>") @@ -338,7 +333,7 @@ class RequestController < ApplicationController message += _("<p>Your request contains a <strong>postcode</strong>. Unless it directly relates to the subject of your request, please remove any address as it will <strong>appear publicly on the Internet</strong>.</p>"); end if not message.empty? - flash.now[:error] = message + flash.now[:error] = message.html_safe end render :action => 'preview' return @@ -630,7 +625,7 @@ class RequestController < ApplicationController if !params[:submitted_followup].nil? && !params[:reedit] if @info_request.allow_new_responses_from == 'nobody' - flash[:error] = _('Your follow up has not been sent because this request has been stopped to prevent spam. Please <a href="%s">contact us</a> if you really want to send a follow up message.') % [help_contact_path] + flash[:error] = (_('Your follow up has not been sent because this request has been stopped to prevent spam. Please <a href="%s">contact us</a> if you really want to send a follow up message.') % [help_contact_path]).html_safe else if @info_request.find_existing_outgoing_message(params[:outgoing_message][:body]) flash[:error] = _('You previously submitted that exact follow up message for this request.') diff --git a/app/controllers/services_controller.rb b/app/controllers/services_controller.rb index 38bf51772..1db5348c7 100644 --- a/app/controllers/services_controller.rb +++ b/app/controllers/services_controller.rb @@ -25,7 +25,7 @@ class ServicesController < ApplicationController end end if !text.empty? - text += ' <span class="close-button">X</span>' + text += ' <span class="close-button">X</span>'.html_safe end render :text => text, :content_type => "text/plain" # XXX workaround the HTML validation in test suite end diff --git a/app/controllers/track_controller.rb b/app/controllers/track_controller.rb index 51e081c88..15da7f327 100644 --- a/app/controllers/track_controller.rb +++ b/app/controllers/track_controller.rb @@ -157,7 +157,7 @@ class TrackController < ApplicationController def atom_feed_internal @xapian_object = perform_search([InfoRequestEvent], @track_thing.track_query, @track_thing.params[:feed_sortby], nil, 25, 1) respond_to do |format| - format.atom { render :template => 'track/atom_feed' } + format.atom { render :template => 'track/atom_feed', :content_type => "application/atom+xml" } format.json { render :json => @xapian_object.results.map { |r| r[:model].json_for_api(true, lambda { |t| @template.highlight_and_excerpt(t, @xapian_object.words_to_highlight, 150) } ) } } diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb index 6411cf27e..42f9d30f1 100644 --- a/app/helpers/application_helper.rb +++ b/app/helpers/application_helper.rb @@ -35,15 +35,15 @@ module ApplicationHelper end end - error_messages = [] + error_messages = "".html_safe for object in objects object.errors.each do |attr, message| - error_messages << content_tag(:li, message) + error_messages << content_tag(:li, h(message)) end end content_tag(:div, - content_tag(:ul, error_messages.join), + content_tag(:ul, error_messages), html ) else @@ -54,15 +54,12 @@ module ApplicationHelper # Highlight words, also escapes HTML (other than spans that we add) def highlight_words(t, words, html = true) if html - t = h(t) - end - if html - t = highlight(t, words, '<span class="highlight">\1</span>') + highlight(h(t), words, '<span class="highlight">\1</span>').html_safe else - t = highlight(t, words, '*\1*') + highlight(t, words, '*\1*') end - return t end + def highlight_and_excerpt(t, words, excount, html = true) newt = excerpt(t, words[0], excount) if not newt diff --git a/app/models/about_me_validator.rb b/app/models/about_me_validator.rb index 5e04c2761..8ee505ac8 100644 --- a/app/models/about_me_validator.rb +++ b/app/models/about_me_validator.rb @@ -17,10 +17,14 @@ class AboutMeValidator < ActiveRecord::BaseWithoutTable column :about_me, :text, "I...", false - def validate + # TODO: Switch to built in validations + validate :length_of_about_me + + private + + def length_of_about_me if !self.about_me.blank? && self.about_me.size > 500 errors.add(:about_me, _("Please keep it shorter than 500 characters")) end end - end diff --git a/app/models/change_email_validator.rb b/app/models/change_email_validator.rb index 9ef25217d..2ddebb177 100644 --- a/app/models/change_email_validator.rb +++ b/app/models/change_email_validator.rb @@ -28,12 +28,15 @@ class ChangeEmailValidator < ActiveRecord::BaseWithoutTable validates_presence_of :old_email, :message => N_("Please enter your old email address") validates_presence_of :new_email, :message => N_("Please enter your new email address") validates_presence_of :password, :message => N_("Please enter your password"), :unless => :changing_email + validate :password_and_format_of_email def changing_email() self.user_circumstance == 'change_email' end - def validate + private + + def password_and_format_of_email if !self.old_email.blank? && !MySociety::Validate.is_valid_email(self.old_email) errors.add(:old_email, _("Old email doesn't look like a valid address")) end diff --git a/app/models/comment.rb b/app/models/comment.rb index 5507910e2..70f3ba00d 100644 --- a/app/models/comment.rb +++ b/app/models/comment.rb @@ -24,13 +24,13 @@ class Comment < ActiveRecord::Base strip_attributes! belongs_to :user - #validates_presence_of :user # breaks during construction of new ones :( - - validates_inclusion_of :comment_type, :in => [ 'request' ] belongs_to :info_request - has_many :info_request_events # in practice only ever has one + #validates_presence_of :user # breaks during construction of new ones :( + validates_inclusion_of :comment_type, :in => [ 'request' ] + validate :body_of_comment + def body ret = read_attribute(:body) if ret.nil? @@ -40,6 +40,7 @@ class Comment < ActiveRecord::Base ret = ret.gsub(/(?:\n\s*){2,}/, "\n\n") # remove excess linebreaks that unnecessarily space it out ret end + def raw_body read_attribute(:body) end @@ -52,23 +53,13 @@ class Comment < ActiveRecord::Base end end - # Check have edited comment - def validate - if self.body.empty? || self.body =~ /^\s+$/ - errors.add(:body, _("Please enter your annotation")) - end - if !MySociety::Validate.uses_mixed_capitals(self.body) - errors.add(:body, _('Please write your annotation using a mixture of capital and lower case letters. This makes it easier for others to read.')) - end - end - # Return body for display as HTML def get_body_for_html_display text = self.body.strip text = CGI.escapeHTML(text) text = MySociety::Format.make_clickable(text, :contract => 1) text = text.gsub(/\n/, '<br>') - return text + return text.html_safe end # When posting a new comment, use this to check user hasn't double submitted. @@ -82,9 +73,21 @@ class Comment < ActiveRecord::Base return Comment.find(:first, :conditions => [ "info_request_id = ? and body = ?", info_request_id, body ]) end end - def for_admin_column - self.class.content_columns.each do |column| - yield(column.human_name, self.send(column.name), column.type.to_s, column.name) + + def for_admin_column + self.class.content_columns.each do |column| + yield(column.human_name, self.send(column.name), column.type.to_s, column.name) + end + end + + private + + def body_of_comment + if self.body.empty? || self.body =~ /^\s+$/ + errors.add(:body, _("Please enter your annotation")) + end + if !MySociety::Validate.uses_mixed_capitals(self.body) + errors.add(:body, _('Please write your annotation using a mixture of capital and lower case letters. This makes it easier for others to read.')) + end end - end end diff --git a/app/models/contact_mailer.rb b/app/models/contact_mailer.rb index 16aae2f15..abde64928 100644 --- a/app/models/contact_mailer.rb +++ b/app/models/contact_mailer.rb @@ -7,7 +7,7 @@ class ContactMailer < ApplicationMailer # Send message to administrator - def message(name, email, subject, message, logged_in_user, last_request, last_body) + def to_admin_message(name, email, subject, message, logged_in_user, last_request, last_body) @from = name + " <" + email + ">" @recipients = contact_from_name_and_email @subject = subject diff --git a/app/models/foi_attachment.rb b/app/models/foi_attachment.rb index 2f8a9ab04..723bc4abb 100644 --- a/app/models/foi_attachment.rb +++ b/app/models/foi_attachment.rb @@ -219,7 +219,7 @@ class FoiAttachment < ActiveRecord::Base def ensure_filename! - if self.filename.nil? + if self.filename.blank? calc_ext = AlaveteliFileTypes.mimetype_to_extension(self.content_type) if !calc_ext calc_ext = "bin" diff --git a/app/models/incoming_message.rb b/app/models/incoming_message.rb index a02d2456a..5c845ead3 100644 --- a/app/models/incoming_message.rb +++ b/app/models/incoming_message.rb @@ -284,6 +284,7 @@ class IncomingMessage < ActiveRecord::Base # Lotus notes quoting yeuch! def remove_lotus_quoting(text, replacement = "FOLDED_QUOTED_SECTION") text = text.dup + return text if self.info_request.user_name.nil? name = Regexp.escape(self.info_request.user_name) # To end of message sections @@ -534,7 +535,7 @@ class IncomingMessage < ActiveRecord::Base text = Iconv.conv('utf-8//IGNORE', source_charset, text) + _("\n\n[ {{site_name}} note: The above text was badly encoded, and has had strange characters removed. ]", :site_name => Configuration::site_name) - rescue Iconv::InvalidEncoding, Iconv::IllegalSequence + rescue Iconv::InvalidEncoding, Iconv::IllegalSequence, Iconv::InvalidCharacter if source_charset != "utf-8" source_charset = "utf-8" retry @@ -694,7 +695,7 @@ class IncomingMessage < ActiveRecord::Base text = text.gsub(/\n/, '<br>') text = text.gsub(/(?:<br>\s*){2,}/, '<br><br>') # remove excess linebreaks that unnecessarily space it out - return text + return text.html_safe end diff --git a/app/models/info_request.rb b/app/models/info_request.rb index 3355b9443..cee9eb959 100644 --- a/app/models/info_request.rb +++ b/app/models/info_request.rb @@ -284,9 +284,9 @@ public # into some sort of separate jurisdiction dependent file if self.public_body.url_name == 'general_register_office' # without GQ in the subject, you just get an auto response - _('{{law_used_full}} request GQ - {{title}}',:law_used_full=>self.law_used_full,:title=>self.title) + _('{{law_used_full}} request GQ - {{title}}',:law_used_full=>self.law_used_full,:title=>self.title.html_safe) else - _('{{law_used_full}} request - {{title}}',:law_used_full=>self.law_used_full,:title=>self.title) + _('{{law_used_full}} request - {{title}}',:law_used_full=>self.law_used_full,:title=>self.title.html_safe) end end def email_subject_followup(incoming_message = nil) diff --git a/app/models/outgoing_message.rb b/app/models/outgoing_message.rb index 2e98e1021..c75894e6a 100644 --- a/app/models/outgoing_message.rb +++ b/app/models/outgoing_message.rb @@ -30,6 +30,7 @@ class OutgoingMessage < ActiveRecord::Base validates_inclusion_of :status, :in => ['ready', 'sent', 'failed'] validates_inclusion_of :message_type, :in => ['initial_request', 'followup' ] #, 'complaint'] + validate :format_of_body belongs_to :incoming_message_followup, :foreign_key => 'incoming_message_followup_id', :class_name => 'IncomingMessage' @@ -136,32 +137,6 @@ class OutgoingMessage < ActiveRecord::Base end end - # Check have edited letter - def validate - if self.body.empty? || self.body =~ /\A#{get_salutation}\s+#{get_signoff}/ || self.body =~ /#{get_internal_review_insert_here_note}/ - if self.message_type == 'followup' - if self.what_doing == 'internal_review' - errors.add(:body, _("Please give details explaining why you want a review")) - else - errors.add(:body, _("Please enter your follow up message")) - end - elsif - errors.add(:body, _("Please enter your letter requesting information")) - else - raise "Message id #{self.id} has type '#{self.message_type}' which validate can't handle" - end - end - if self.body =~ /#{get_signoff}\s*\Z/m - errors.add(:body, _("Please sign at the bottom with your name, or alter the \"%{signoff}\" signature" % { :signoff => get_signoff })) - end - if !MySociety::Validate.uses_mixed_capitals(self.body) - errors.add(:body, _('Please write your message using a mixture of capital and lower case letters. This makes it easier for others to read.')) - end - if self.what_doing.nil? || !['new_information', 'internal_review', 'normal_sort'].include?(self.what_doing) - errors.add(:what_doing_dummy, _('Please choose what sort of reply you are making.')) - end - end - # Deliver outgoing message # Note: You can test this from script/console with, say: # InfoRequest.find(1).outgoing_messages[0].send_message @@ -252,7 +227,7 @@ class OutgoingMessage < ActiveRecord::Base text = MySociety::Format.make_clickable(text, :contract => 1) text.gsub!(/\[(email address|mobile number)\]/, '[<a href="/help/officers#mobiles">\1</a>]') text = text.gsub(/\n/, '<br>') - return text + return text.html_safe end def fully_destroy @@ -275,6 +250,33 @@ class OutgoingMessage < ActiveRecord::Base yield(column.human_name, self.send(column.name), column.type.to_s, column.name) end end + + private + + def format_of_body + if self.body.empty? || self.body =~ /\A#{get_salutation}\s+#{get_signoff}/ || self.body =~ /#{get_internal_review_insert_here_note}/ + if self.message_type == 'followup' + if self.what_doing == 'internal_review' + errors.add(:body, _("Please give details explaining why you want a review")) + else + errors.add(:body, _("Please enter your follow up message")) + end + elsif + errors.add(:body, _("Please enter your letter requesting information")) + else + raise "Message id #{self.id} has type '#{self.message_type}' which validate can't handle" + end + end + if self.body =~ /#{get_signoff}\s*\Z/m + errors.add(:body, _("Please sign at the bottom with your name, or alter the \"%{signoff}\" signature" % { :signoff => get_signoff })) + end + if !MySociety::Validate.uses_mixed_capitals(self.body) + errors.add(:body, _('Please write your message using a mixture of capital and lower case letters. This makes it easier for others to read.')) + end + if self.what_doing.nil? || !['new_information', 'internal_review', 'normal_sort'].include?(self.what_doing) + errors.add(:what_doing_dummy, _('Please choose what sort of reply you are making.')) + end + end end diff --git a/app/models/profile_photo.rb b/app/models/profile_photo.rb index 6e605651d..73d7ca12b 100644 --- a/app/models/profile_photo.rb +++ b/app/models/profile_photo.rb @@ -23,6 +23,8 @@ class ProfilePhoto < ActiveRecord::Base belongs_to :user + validate :data_and_draft_checks + # deliberately don't strip_attributes, so keeps raw photo properly attr_accessor :x, :y, :w, :h @@ -81,7 +83,9 @@ class ProfilePhoto < ActiveRecord::Base end end - def validate + private + + def data_and_draft_checks if self.data.nil? errors.add(:data, N_("Please choose a file containing your photo.")) return diff --git a/app/models/public_body.rb b/app/models/public_body.rb index 57fe27767..168b9f4c7 100644 --- a/app/models/public_body.rb +++ b/app/models/public_body.rb @@ -35,6 +35,8 @@ class PublicBody < ActiveRecord::Base validates_uniqueness_of :short_name, :message => N_("Short name is already taken"), :if => Proc.new { |pb| pb.short_name != "" } validates_uniqueness_of :name, :message => N_("Name is already taken") + validate :request_email_if_requestable + has_many :info_requests, :order => 'created_at desc' has_many :track_things, :order => 'created_at desc' has_many :censor_rules, :order => 'created_at desc' @@ -135,15 +137,6 @@ class PublicBody < ActiveRecord::Base self.first_letter = self.name.scan(/./mu)[0].upcase end - def validate - # Request_email can be blank, meaning we don't have details - if self.is_requestable? - unless MySociety::Validate.is_valid_email(self.request_email) - errors.add(:request_email, "Request email doesn't look like a valid email address") - end - end - end - # If tagged "not_apply", then FOI/EIR no longer applies to authority at all def not_apply? return self.has_tag?('not_apply') @@ -301,7 +294,7 @@ class PublicBody < ActiveRecord::Base ret = ret + " and " end ret = ret + types[-1] - return ret + return ret.html_safe else return _("A public authority") end @@ -520,6 +513,8 @@ class PublicBody < ActiveRecord::Base 'Version', ] public_bodies.each do |public_body| + # Skip bodies we use only for site admin + next if public_body.has_tag?('site_administration') csv << [ public_body.name, public_body.short_name, @@ -640,4 +635,12 @@ class PublicBody < ActiveRecord::Base end end + def request_email_if_requestable + # Request_email can be blank, meaning we don't have details + if self.is_requestable? + unless MySociety::Validate.is_valid_email(self.request_email) + errors.add(:request_email, "Request email doesn't look like a valid email address") + end + end + end end diff --git a/app/models/track_thing.rb b/app/models/track_thing.rb index 2a61eb858..dfe92b7fe 100644 --- a/app/models/track_thing.rb +++ b/app/models/track_thing.rb @@ -199,11 +199,12 @@ class TrackThing < ActiveRecord::Base if self.track_type == 'request_updates' @params = { # Website - :list_description => _("'{{link_to_request}}', a request", :link_to_request => "<a href=\"/request/" + CGI.escapeHTML(self.info_request.url_title) + "\">" + CGI.escapeHTML(self.info_request.title) + "</a>"), # XXX yeuch, sometimes I just want to call view helpers from the model, sorry! can't work out how + :list_description => _("'{{link_to_request}}', a request", + :link_to_request => ("<a href=\"/request/" + CGI.escapeHTML(self.info_request.url_title) + "\">" + CGI.escapeHTML(self.info_request.title) + "</a>").html_safe), # XXX yeuch, sometimes I just want to call view helpers from the model, sorry! can't work out how :verb_on_page => _("Follow this request"), :verb_on_page_already => _("You are already following this request"), # Email - :title_in_email => _("New updates for the request '{{request_title}}'", :request_title => self.info_request.title), + :title_in_email => _("New updates for the request '{{request_title}}'", :request_title => self.info_request.title.html_safe), :title_in_rss => _("New updates for the request '{{request_title}}'", :request_title => self.info_request.title), # Authentication :web => _("To follow the request '{{request_title}}'", :request_title => CGI.escapeHTML(self.info_request.title)), @@ -250,7 +251,7 @@ class TrackThing < ActiveRecord::Base elsif self.track_type == 'public_body_updates' @params = { # Website - :list_description => _("'{{link_to_authority}}', a public authority", :link_to_authority => "<a href=\"/body/" + CGI.escapeHTML(self.public_body.url_name) + "\">" + CGI.escapeHTML(self.public_body.name) + "</a>"), # XXX yeuch, sometimes I just want to call view helpers from the model, sorry! can't work out how + :list_description => _("'{{link_to_authority}}', a public authority", :link_to_authority => ("<a href=\"/body/" + CGI.escapeHTML(self.public_body.url_name) + "\">" + CGI.escapeHTML(self.public_body.name) + "</a>").html_safe), # XXX yeuch, sometimes I just want to call view helpers from the model, sorry! can't work out how :verb_on_page => _("Follow requests to {{public_body_name}}",:public_body_name=>CGI.escapeHTML(self.public_body.name)), :verb_on_page_already => _("You are already following requests to {{public_body_name}}", :public_body_name=>CGI.escapeHTML(self.public_body.name)), # Email @@ -266,11 +267,11 @@ class TrackThing < ActiveRecord::Base elsif self.track_type == 'user_updates' @params = { # Website - :list_description => _("'{{link_to_user}}', a person", :link_to_user => "<a href=\"/user/" + CGI.escapeHTML(self.tracked_user.url_name) + "\">" + CGI.escapeHTML(self.tracked_user.name) + "</a>"), # XXX yeuch, sometimes I just want to call view helpers from the model, sorry! can't work out how + :list_description => _("'{{link_to_user}}', a person", :link_to_user => ("<a href=\"/user/" + CGI.escapeHTML(self.tracked_user.url_name) + "\">" + CGI.escapeHTML(self.tracked_user.name) + "</a>").html_safe), # XXX yeuch, sometimes I just want to call view helpers from the model, sorry! can't work out how :verb_on_page => _("Follow this person"), :verb_on_page_already => _("You are already following this person"), # Email - :title_in_email => _("FOI requests by '{{user_name}}'", :user_name=>self.tracked_user.name), + :title_in_email => _("FOI requests by '{{user_name}}'", :user_name=>self.tracked_user.name.html_safe), :title_in_rss => _("FOI requests by '{{user_name}}'", :user_name=>self.tracked_user.name), # Authentication :web => _("To follow requests by '{{user_name}}'", :user_name=>CGI.escapeHTML(self.tracked_user.name)), @@ -282,7 +283,7 @@ class TrackThing < ActiveRecord::Base elsif self.track_type == 'search_query' @params = { # Website - :list_description => "<a href=\"/search/" + CGI.escapeHTML(self.track_query) + "/newest/advanced\">" + self.track_query_description + "</a>", # XXX yeuch, sometimes I just want to call view helpers from the model, sorry! can't work out how + :list_description => ("<a href=\"/search/" + CGI.escapeHTML(self.track_query) + "/newest/advanced\">" + CGI.escapeHTML(self.track_query_description) + "</a>").html_safe, # XXX yeuch, sometimes I just want to call view helpers from the model, sorry! can't work out how :verb_on_page => _("Follow things matching this search"), :verb_on_page_already => _("You are already following things matching this search"), # Email diff --git a/app/models/user.rb b/app/models/user.rb index 6e1e21481..e6c666e47 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -50,6 +50,8 @@ class User < ActiveRecord::Base 'super', ], :message => N_('Admin level is not included in list') + validate :email_and_name_are_valid + acts_as_xapian :texts => [ :name, :about_me ], :values => [ [ :created_at_numeric, 1, "created_at", :number ] # for sorting @@ -108,15 +110,6 @@ class User < ActiveRecord::Base self.comments.find(:all, :conditions => 'visible') end - def validate - if self.email != "" && !MySociety::Validate.is_valid_email(self.email) - errors.add(:email, _("Please enter a valid email address")) - end - if MySociety::Validate.is_valid_email(self.name) - errors.add(:name, _("Please enter your name, not your email address, in the name field.")) - end - end - # Don't display any leading/trailing spaces # XXX we have strip_attributes! now, so perhaps this can be removed (might # be still needed for existing cases) @@ -361,12 +354,13 @@ class User < ActiveRecord::Base end # Return about me text for display as HTML + # TODO: Move this to a view helper def get_about_me_for_html_display text = self.about_me.strip text = CGI.escapeHTML(text) text = MySociety::Format.make_clickable(text, :contract => 1) text = text.gsub(/\n/, '<br>') - return text + return text.html_safe end def json_for_api @@ -413,6 +407,15 @@ class User < ActiveRecord::Base self.salt = self.object_id.to_s + rand.to_s end + def email_and_name_are_valid + if self.email != "" && !MySociety::Validate.is_valid_email(self.email) + errors.add(:email, _("Please enter a valid email address")) + end + if MySociety::Validate.is_valid_email(self.name) + errors.add(:name, _("Please enter your name, not your email address, in the name field.")) + end + end + ## Class methods def User.encrypted_password(password, salt) string_to_hash = password + salt # XXX need to add a secret here too? diff --git a/app/views/admin_public_body/import_csv.rhtml b/app/views/admin_public_body/import_csv.rhtml index 62908ba52..1c6100838 100644 --- a/app/views/admin_public_body/import_csv.rhtml +++ b/app/views/admin_public_body/import_csv.rhtml @@ -32,7 +32,7 @@ <label for="tag_behaviour">What to do with existing tags?</label> <%= select_tag 'tag_behaviour', "<option value='add' selected>Add new tags to existing ones</option> - <option value='replace'>Replace existing tags with new ones</option>" + <option value='replace'>Replace existing tags with new ones</option>".html_safe %> </p> diff --git a/app/views/admin_public_body/show.rhtml b/app/views/admin_public_body/show.rhtml index 094007c02..cee306988 100644 --- a/app/views/admin_public_body/show.rhtml +++ b/app/views/admin_public_body/show.rhtml @@ -66,7 +66,7 @@ end # Highlight entries which have changed since previous version changed = (!['version', 'last_edit_editor', 'last_edit_comment'].include?(column.name)) && ((historic_public_body.send(column.name) != @public_body.sorted_versions[historic_public_body.version - 2].send(column.name)) || (historic_public_body.version == 1)) %> - <td <%= changed ? ' class="entry_changed" ': '' %> > + <td <%= changed ? ' class="entry_changed" '.html_safe: '' %> > <%=value%> </td> <% end %> diff --git a/app/views/admin_request/show_raw_email.rhtml b/app/views/admin_request/show_raw_email.rhtml index fa1470e77..ea0d6017e 100644 --- a/app/views/admin_request/show_raw_email.rhtml +++ b/app/views/admin_request/show_raw_email.rhtml @@ -33,5 +33,5 @@ <p><%= link_to "Download", "../download_raw_email/" + @raw_email.id.to_s %></p> -<pre><%=h(@raw_email.data).gsub(/\n/, '<br>') %></pre> +<pre><%= h(@raw_email.data).gsub(/\n/, '<br>').html_safe %></pre> diff --git a/app/views/comment/_comment_form.rhtml b/app/views/comment/_comment_form.rhtml index d430f25c8..120929643 100644 --- a/app/views/comment/_comment_form.rhtml +++ b/app/views/comment/_comment_form.rhtml @@ -13,7 +13,7 @@ <%= hidden_field_tag 'submitted_comment', 1 %> <%= hidden_field_tag 'preview', 1 %> <%= submit_tag _('Preview your annotation') %> - <%= _(' (<strong>no ranty</strong> politics, read our <a href="%s">moderation policy</a>)') % [help_requesting_path+'#moderation'] %> + <%= raw(_(' (<strong>no ranty</strong> politics, read our <a href="%s">moderation policy</a>)') % [help_requesting_path+'#moderation']) %> </p> <% end %> diff --git a/app/views/contact_mailer/message.rhtml b/app/views/contact_mailer/to_admin_message.rhtml index 9c0a74c02..9c0a74c02 100644 --- a/app/views/contact_mailer/message.rhtml +++ b/app/views/contact_mailer/to_admin_message.rhtml diff --git a/app/views/general/_localised_datepicker.rhtml b/app/views/general/_localised_datepicker.rhtml index 5fdd63644..ec6593ea0 100644 --- a/app/views/general/_localised_datepicker.rhtml +++ b/app/views/general/_localised_datepicker.rhtml @@ -5,11 +5,11 @@ prevText: '<%= _("Prev") %>', nextText: '<%= _("Next") %>', currentText: '<%= _("Today") %>', - monthNames: <%= I18n.translate('date.month_names')[1..-1].to_json %>, - monthNamesShort: <%= I18n.translate('date.abbr_month_names')[1..-1].to_json %>, - dayNames: <%= I18n.translate('date.day_names').to_json %>, - dayNamesShort: <%= I18n.translate('date.abbr_day_names').to_json %>, - dayNamesMin: <%= I18n.translate('date.abbr_day_names').collect{|x| x[0..0]}.to_json %>, + monthNames: <%= raw I18n.translate('date.month_names')[1..-1].to_json %>, + monthNamesShort: <%= raw I18n.translate('date.abbr_month_names')[1..-1].to_json %>, + dayNames: <%= raw I18n.translate('date.day_names').to_json %>, + dayNamesShort: <%= raw I18n.translate('date.abbr_day_names').to_json %>, + dayNamesMin: <%= raw I18n.translate('date.abbr_day_names').collect{|x| x[0..0]}.to_json %>, weekHeader: '<%= _("Wk") %>', dateFormat: '<%= I18n.translate('date.formats.default').sub("%Y", "yy").sub("%m", "mm").sub("%d", "dd").gsub("-", "/") %>'} ); diff --git a/app/views/general/blog.rhtml b/app/views/general/blog.rhtml index 5258e9bbd..07d6d2f14 100644 --- a/app/views/general/blog.rhtml +++ b/app/views/general/blog.rhtml @@ -26,9 +26,9 @@ <p class="subtitle"><%= _("Posted on {{date}} by {{author}}", :date=>simple_date(Time.parse(item['pubDate'][0])), :author=>item['creator']) %></p> <div> <% if item['encoded'] %> - <%= item['encoded'] %> + <%= raw item['encoded'] %> <% elsif item['description'] %> - <%= item['description'] %> + <%= raw item['description'] %> <% end %> </div> <p><em> diff --git a/app/views/general/frontpage.rhtml b/app/views/general/frontpage.rhtml index acc7f4095..6eceb3b28 100644 --- a/app/views/general/frontpage.rhtml +++ b/app/views/general/frontpage.rhtml @@ -1,4 +1,4 @@ -<% view_cache :ttl => 5.minutes.to_i, :tag => I18n.locale do %> +<%# TODO: Cache for 5 minutes %> <div id="frontpage_splash"> <div id="left_column"> <%= render :partial => "frontpage_new_request" %> @@ -17,4 +17,3 @@ <%= render :partial => "frontpage_bodies_list" %> <%= render :partial => "frontpage_requests_list" %> </div> -<% end %> diff --git a/app/views/general/search.rhtml b/app/views/general/search.rhtml index a1f8c8f04..6df12d980 100644 --- a/app/views/general/search.rhtml +++ b/app/views/general/search.rhtml @@ -164,7 +164,7 @@ <% if @spelling_correction %> <p id="did_you_mean"><%= _('Did you mean: {{correction}}', :correction => search_link(@spelling_correction, @postfix)) %></p> <% end %> - <p><%= _('<a href="%s">Browse all</a> or <a href="%s">ask us to add one</a>.') % [list_public_bodies_default, help_requesting_path + '#missing_body'] %></p> + <p><%= raw(_('<a href="%s">Browse all</a> or <a href="%s">ask us to add one</a>.') % [list_public_bodies_default, help_requesting_path + '#missing_body']) %></p> <% end %> </div> diff --git a/app/views/layouts/contact_mailer.rhtml b/app/views/layouts/contact_mailer.rhtml index 5b8b44402..3cdc75009 100644 --- a/app/views/layouts/contact_mailer.rhtml +++ b/app/views/layouts/contact_mailer.rhtml @@ -1 +1 @@ -<%= MySociety::Format.wrap_email_body_by_paragraphs(yield) %> +<%= raw MySociety::Format.wrap_email_body_by_paragraphs(yield) %> diff --git a/app/views/layouts/outgoing_mailer.rhtml b/app/views/layouts/outgoing_mailer.rhtml index dbb18483f..8bf8ef216 100644 --- a/app/views/layouts/outgoing_mailer.rhtml +++ b/app/views/layouts/outgoing_mailer.rhtml @@ -1 +1 @@ -<%= MySociety::Format.wrap_email_body_by_lines(yield) %> +<%= raw MySociety::Format.wrap_email_body_by_lines(yield) %> diff --git a/app/views/layouts/request_mailer.rhtml b/app/views/layouts/request_mailer.rhtml index 5b8b44402..3cdc75009 100644 --- a/app/views/layouts/request_mailer.rhtml +++ b/app/views/layouts/request_mailer.rhtml @@ -1 +1 @@ -<%= MySociety::Format.wrap_email_body_by_paragraphs(yield) %> +<%= raw MySociety::Format.wrap_email_body_by_paragraphs(yield) %> diff --git a/app/views/layouts/user_mailer.rhtml b/app/views/layouts/user_mailer.rhtml index 5b8b44402..3cdc75009 100644 --- a/app/views/layouts/user_mailer.rhtml +++ b/app/views/layouts/user_mailer.rhtml @@ -1 +1 @@ -<%= MySociety::Format.wrap_email_body_by_paragraphs(yield) %> +<%= raw MySociety::Format.wrap_email_body_by_paragraphs(yield) %> diff --git a/app/views/public_body/_list_sidebar_extra.rhtml b/app/views/public_body/_list_sidebar_extra.rhtml index 6857a7eb5..54f20a736 100644 --- a/app/views/public_body/_list_sidebar_extra.rhtml +++ b/app/views/public_body/_list_sidebar_extra.rhtml @@ -1,5 +1,5 @@ <p> - <%= _('<a href="%s">Are we missing a public authority?</a>') % [help_requesting_path + '#missing_body'] %> + <%= raw(_('<a href="%s">Are we missing a public authority?</a>') % [help_requesting_path + '#missing_body']) %> </p> <p> <%= link_to _('List of all authorities (CSV)'), all_public_bodies_csv_url() %> diff --git a/app/views/public_body/list.rhtml b/app/views/public_body/list.rhtml index 3a64de1f7..94fbb759c 100644 --- a/app/views/public_body/list.rhtml +++ b/app/views/public_body/list.rhtml @@ -43,5 +43,5 @@ <%= render :partial => 'body_listing', :locals => { :public_bodies => @public_bodies } %> <%= will_paginate(@public_bodies) %><br/> - <%= _('<a href="%s">Can\'t find the one you want?</a>') % [help_requesting_path + '#missing_body'] %> + <%= raw _('<a href="%s">Can\'t find the one you want?</a>') % [help_requesting_path + '#missing_body'] %> </div> diff --git a/app/views/public_body/show.rhtml b/app/views/public_body/show.rhtml index e13f9d1c0..6431b4742 100644 --- a/app/views/public_body/show.rhtml +++ b/app/views/public_body/show.rhtml @@ -4,7 +4,7 @@ <h2><%= _('Follow this authority')%></h2> <% follower_count = TrackThing.count(:all, :conditions => ["public_body_id = ?", @public_body.id]) %> - <p><%= n_("<span id='follow_count'>%d</span> person is following this authority", "<span id='follow_count'>%d</span> people are following this authority", follower_count) % follower_count %></p> + <p><%= raw(n_("<span id='follow_count'>%d</span> person is following this authority", "<span id='follow_count'>%d</span> people are following this authority", follower_count) % follower_count) %></p> <%= render :partial => 'track/tracking_links', :locals => { :track_thing => @track_thing, :own_request => false, :location => 'sidebar' } %> <h2><%= _('More about this authority')%></h2> diff --git a/app/views/public_body/view_email.rhtml b/app/views/public_body/view_email.rhtml index 50601069f..79d7f7f4c 100644 --- a/app/views/public_body/view_email.rhtml +++ b/app/views/public_body/view_email.rhtml @@ -25,9 +25,9 @@ <p> <% if @public_body.is_requestable? || @public_body.not_requestable_reason != 'bad_contact' %> - <%= _('If the address is wrong, or you know a better address, please <a href="%s">contact us</a>.')% [help_contact_path]%> + <%= raw _('If the address is wrong, or you know a better address, please <a href="%s">contact us</a>.')% [help_contact_path]%> <% else %> - <%= _(' If you know the address to use, then please <a href="%s">send it to us</a>. + <%= raw _(' If you know the address to use, then please <a href="%s">send it to us</a>. You may be able to find the address on their website, or by phoning them up and asking.')% [help_contact_path] %> <% end %> </p> diff --git a/app/views/request/_after_actions.rhtml b/app/views/request/_after_actions.rhtml index 221634549..3d74cf42d 100644 --- a/app/views/request/_after_actions.rhtml +++ b/app/views/request/_after_actions.rhtml @@ -7,7 +7,7 @@ <ul> <% if @info_request.comments_allowed? %> <li> - <%= _('<a href="%s">Add an annotation</a> (to help the requester or others)') % [new_comment_url(:url_title => @info_request.url_title)] %> + <%= raw(_('<a href="%s">Add an annotation</a> (to help the requester or others)') % [new_comment_url(:url_title => @info_request.url_title)]) %> </li> <% end %> <% if @old_unclassified %> diff --git a/app/views/request/_followup.rhtml b/app/views/request/_followup.rhtml index be57ac9ef..045bcd9ba 100644 --- a/app/views/request/_followup.rhtml +++ b/app/views/request/_followup.rhtml @@ -1,5 +1,10 @@ <div id="followup"> <% if (incoming_message.nil? || !incoming_message.valid_to_reply_to?) + # TRANSLATORS: This phrase completes the following sentences: + # Request an internal review from... + # Send a public follow up message to... + # Send a public reply to... + # Don't want to address your message to... ? name_for_followup = _("the main FOI contact at {{public_body}}", :public_body => h(OutgoingMailer.name_for_followup(@info_request, nil))) else name_for_followup = h(OutgoingMailer.name_for_followup(@info_request, incoming_message)) @@ -8,16 +13,16 @@ <h1><%= _('Request an internal review from {{person_or_body}}', :person_or_body => name_for_followup) %> </h1> <% elsif incoming_message.nil? || !incoming_message.valid_to_reply_to? %> - <h2><%= _('Send a public follow up message to {{person_or_body}}', :person_or_body => name_for_followup) %> + <h2><%= _('Send a public follow up message to {{person_or_body}}', :person_or_body => name_for_followup) %> </h2> <% else %> - <h2><%= _('Send a public reply to {{person_or_body}}', :person_or_body => name_for_followup) %> + <h2><%= _('Send a public reply to {{person_or_body}}', :person_or_body => name_for_followup) %> </h2> <% end %> <% if @info_request.who_can_followup_to(incoming_message).count > 0 %> <div id="other_recipients"> - <%= _("Don't want to address your message to {{person_or_body}}? You can also write to:", :person_or_body => name_for_followup) %> - <ul> + <%= _("Don't want to address your message to {{person_or_body}}? You can also write to:", :person_or_body => name_for_followup) %> + <ul> <% @info_request.who_can_followup_to(incoming_message).each do |name, email, id| %> <% if id.nil? && !incoming_message.nil? && incoming_message.valid_to_reply_to? %> <li><%= link_to(_("the main FOI contact address for {{public_body}}", :public_body => name), show_response_no_followup_url(:id => @info_request.id, :incoming_message_id => nil)) %></li> @@ -44,14 +49,14 @@ <% else %> <% if @internal_review %> <p> - <%= _('If you are dissatisfied by the response you got from + <%= raw(_('If you are dissatisfied by the response you got from the public authority, you have the right to - complain (<a href="%s">details</a>).') % "http://foiwiki.com/foiwiki/index.php/Internal_reviews" %> + complain (<a href="%s">details</a>).') % "http://foiwiki.com/foiwiki/index.php/Internal_reviews") %> </p> <% end %> <p> - <%= _('Please <strong>only</strong> write messages directly relating to your request {{request_link}}. If you would like to ask for information that was not in your original request, then <a href="{{new_request_link}}">file a new request</a>.', :request_link=>request_link(@info_request), :new_request_link => new_request_to_body_url(:url_name => @info_request.public_body.url_name)) %> + <%= _('Please <strong>only</strong> write messages directly relating to your request {{request_link}}. If you would like to ask for information that was not in your original request, then <a href="{{new_request_link}}">file a new request</a>.', :request_link=>request_link(@info_request), :new_request_link => new_request_to_body_url(:url_name => @info_request.public_body.url_name)) %> </p> <% status = @info_request.calculate_status %> @@ -60,17 +65,17 @@ by law, the authority should normally have responded <strong>promptly</strong> and') %> <% if @info_request.public_body.is_school? %> - <%= _('in term time') %> + <%= _('in term time') %> <% end %> <%= _('by <strong>{{date}}</strong>',:date=>simple_date(@info_request.date_response_required_by)) %> - (<%= _('<a href="%s">details</a>') % ["#{help_requesting_path}#quickly_response"] %>). - + (<%= raw(_('<a href="%s">details</a>') % ["#{help_requesting_path}#quickly_response"]) %>). + </p> <% elsif status == 'waiting_response_very_overdue' %> <p> <%= _('The response to your request is <strong>long overdue</strong>. You can say that, by law, under all circumstances, the authority should have responded - by now') %> (<%= _('<a href="%s">details</a>') % ["#{help_requesting_path}#quickly_response"] %>). + by now') %> (<%= raw(_('<a href="%s">details</a>') % ["#{help_requesting_path}#quickly_response"]) %>). </p> <% end %> @@ -97,8 +102,8 @@ --> <div> <%= radio_button "outgoing_message", "what_doing", "internal_review", :id => "internal_review" %> - <label for="internal_review"><%= _('I am requesting an <strong>internal review</strong>') %> - <%= _('<a href="%s">what\'s that?</a>') % ["/help/unhappy"] %> + <label for="internal_review"><%= _('I am requesting an <strong>internal review</strong>') %> + <%= raw(_('<a href="%s">what\'s that?</a>') % ["/help/unhappy"]) %> </label> </div> <div> diff --git a/app/views/request/_hidden_correspondence.rhtml b/app/views/request/_hidden_correspondence.rhtml index 0ea6fcddd..0873b312f 100644 --- a/app/views/request/_hidden_correspondence.rhtml +++ b/app/views/request/_hidden_correspondence.rhtml @@ -7,21 +7,21 @@ %> <div class="correspondence" id="incoming-<%=incoming_message.id.to_s%>"> <p> - <%= _('This response has been hidden. See annotations to find out why. - If you are the requester, then you may <a href="%s">sign in</a> to view the response.') % [signin_url(:r => request.request_uri)] %> + <%= raw(_('This response has been hidden. See annotations to find out why. + If you are the requester, then you may <a href="%s">sign in</a> to view the response.') % [signin_url(:r => request.request_uri)]) %> </p> </div> <% elsif [ 'sent', 'followup_sent', 'resent', 'followup_resent' ].include?(info_request_event.event_type) %> <div class="correspondence" id="outgoing-<%=outgoing_message.id.to_s%>"> <p> - <%= _('This outgoing message has been hidden. See annotations to - find out why. If you are the requester, then you may <a href="%s">sign in</a> to view the response.') % [signin_url(:r => request.request_uri)] %> + <%= raw(_('This outgoing message has been hidden. See annotations to + find out why. If you are the requester, then you may <a href="%s">sign in</a> to view the response.') % [signin_url(:r => request.request_uri)]) %> </p> </div> <% elsif info_request_event.event_type == 'comment' %> <div class="comment_in_request" id="comment-<%=comment.id.to_s%>"> - <p><%= _('This comment has been hidden. See annotations to - find out why. If you are the requester, then you may <a href="%s">sign in</a> to view the response.') % [signin_url(:r => request.request_uri)]%> + <p><%= raw(_('This comment has been hidden. See annotations to + find out why. If you are the requester, then you may <a href="%s">sign in</a> to view the response.') % [signin_url(:r => request.request_uri)]) %> </p> </div> <% end %> diff --git a/app/views/request/_request_listing_via_event.rhtml b/app/views/request/_request_listing_via_event.rhtml index ee1cc079a..2ba9613e5 100644 --- a/app/views/request/_request_listing_via_event.rhtml +++ b/app/views/request/_request_listing_via_event.rhtml @@ -25,7 +25,7 @@ end %> <%=event.display_status %> <%= _('by {{public_body_name}} to {{info_request_user}} on {{date}}.',:public_body_name=>public_body_link_absolute(info_request.public_body),:info_request_user=>request_user_link_absolute(info_request),:date=>simple_date(event.created_at )) %> <% elsif event.event_type == 'comment' %> - <%= _('Request to {{public_body_name}} by {{info_request_user}}. Annotated by {{event_comment_user}} on {{date}}.',:public_body_name=>public_body_link_absolute(info_request.public_body),:info_request_user=>user_link_absolute(info_request.user),:event_comment_user=>user_link_absolute(event.comment.user),:date=>simple_date(event.created_at)) %> + <%= _('Request to {{public_body_name}} by {{info_request_user}}. Annotated by {{event_comment_user}} on {{date}}.',:public_body_name=>public_body_link_absolute(info_request.public_body),:info_request_user=>request_user_link_absolute(info_request),:event_comment_user=>user_link_absolute(event.comment.user),:date=>simple_date(event.created_at)) %> <% else %> <%# Events of other types will not be indexed: see InfoRequestEvent#indexed_by_search? However, it can happen that we see other types of event transiently here in the period diff --git a/app/views/request/_sidebar.rhtml b/app/views/request/_sidebar.rhtml index 18684943a..5e0c6fd2d 100644 --- a/app/views/request/_sidebar.rhtml +++ b/app/views/request/_sidebar.rhtml @@ -17,33 +17,37 @@ <% elsif @info_request.prominence == 'requester_only' %> <%# The eccentric formatting of the following string is in order that it be identical to the corresponding string in request/show.rhtml %> - <p><%= _('This request is hidden, so that only you the requester can see it. Please - <a href="%s">contact us</a> if you are not sure why.') % [help_requesting_path] %></p> + <p><%= raw(_('This request is hidden, so that only you the requester can see it. Please + <a href="%s">contact us</a> if you are not sure why.') % [help_requesting_path]) %></p> <% else %> - <p><%= _('This request has been marked for review by the site administrators, who have not hidden it at this time. If you believe it should be hidden, please <a href="%s">contact us</a>.') % [help_requesting_path] %></p> + <p><%= raw(_('This request has been marked for review by the site administrators, who have not hidden it at this time. If you believe it should be hidden, please <a href="%s">contact us</a>.') % [help_requesting_path]) %></p> <% end %> <% else %> <p><%= _('Requests for personal information and vexatious requests are not considered valid for FOI purposes (<a href="/help/about">read more</a>).') %></p> <p><%= _('If you believe this request is not suitable, you can report it for attention by the site administrators') %></p> - <%= link_to _("Report this request"), report_path, :class => "link_button_green", :method => "POST" %> + <%= button_to _("Report this request"), report_path, :class => "link_button_green" %> <% end %> <% end %> <h2><%= _("Act on what you've learnt") %></h2> <div class="act_link"> <% tweet_link = "https://twitter.com/share?url=#{h(request.url)}&via=#{h(Configuration::twitter_username)}&text='#{h(@info_request.title)}'&related=#{_('alaveteli_foi:The software that runs {{site_name}}', :site_name => h(site_name))}" %> - <%= link_to '<img src="/images/twitter-16.png" alt="twitter icon">', tweet_link %> + <% link_to tweet_link do %> + <%= image_tag "twitter-16.png", :alt => "twitter icon" %> + <% end %> <%= link_to _("Tweet this request"), tweet_link %> </div> <div class="act_link"> - <%= link_to '<img src="/images/wordpress.png" alt="" class="rss">', "http://wordpress.com/"%> + <% link_to "http://wordpress.com/" do %> + <%= image_tag "wordpress.png", :class => "rss" %> + <% end %> <%= link_to _("Start your own blog"), "http://wordpress.com/"%> </div> <%= render :partial => 'request/next_actions' %> - <% view_cache :ttl => 1.day.to_i, :tag => ['similar', @info_request.id, I18n.locale] do %> - <% if !@xapian_similar.nil? && @xapian_similar.results.size > 0 %> + <% # TODO: Cache for 1 day %> + <% if !@xapian_similar.nil? && @xapian_similar.results.size > 0 %> <h2><%= _('Similar requests')%></h2> <% for result in @xapian_similar.results %> <%= render :partial => 'request/request_listing_short_via_event', :locals => { :event => result[:model], :info_request => result[:model].info_request } %> @@ -52,14 +56,13 @@ <p><%= link_to _("More similar requests"), request_similar_url(@info_request) %></p> <% end %> <!-- Important terms: <%= @xapian_similar.important_terms.join(" ") %> --> - <% end %> - <% end %> + <% end %> <p><%= link_to _('Event history details'), request_details_url(@info_request) %></p> <!-- this link with this wording is here for legal reasons, discuss with board and our lawyer before changing or removing it --> - <p><small><%= _('<a href="%s">Are you the owner of - any commercial copyright on this page?</a>') % [help_officers_path+"#copyright"] %></small></p> + <p><small><%= raw(_('<a href="%s">Are you the owner of + any commercial copyright on this page?</a>') % [help_officers_path+"#copyright"]) %></small></p> </div> diff --git a/app/views/request/_wall_listing.rhtml b/app/views/request/_wall_listing.rhtml index 9cde234c0..26d34e1a1 100644 --- a/app/views/request/_wall_listing.rhtml +++ b/app/views/request/_wall_listing.rhtml @@ -6,13 +6,13 @@ end %> <div class="request_left"> <div class="requester"> <% if event.event_type == 'sent' %> - <%= _('A new request, <em><a href="{{request_url}}">{{request_title}}</a></em>, was sent to {{public_body_name}} by {{info_request_user}} on {{date}}.',:public_body_name=>public_body_link_absolute(info_request.public_body),:info_request_user=>user_link_absolute(info_request.user),:date=>simple_date(event.created_at),:request_url=>request_url(info_request),:request_title=>info_request.title) %> + <%= _('A new request, <em><a href="{{request_url}}">{{request_title}}</a></em>, was sent to {{public_body_name}} by {{info_request_user}} on {{date}}.',:public_body_name=>public_body_link_absolute(info_request.public_body),:info_request_user=>request_user_link_absolute(info_request),:date=>simple_date(event.created_at),:request_url=>request_url(info_request),:request_title=>info_request.title) %> <% elsif event.event_type == 'followup_sent' %> - <%= _('A <a href="{{request_url}}">follow up</a> to <em>{{request_title}}</em> was sent to {{public_body_name}} by {{info_request_user}} on {{date}}.',:public_body_name=>public_body_link_absolute(info_request.public_body),:info_request_user=>user_link_absolute(info_request.user),:date=>simple_date(event.created_at),:request_url=>outgoing_message_url(event.outgoing_message),:request_title=>info_request.title) %> + <%= _('A <a href="{{request_url}}">follow up</a> to <em>{{request_title}}</em> was sent to {{public_body_name}} by {{info_request_user}} on {{date}}.',:public_body_name=>public_body_link_absolute(info_request.public_body),:info_request_user=>request_user_link_absolute(info_request),:date=>simple_date(event.created_at),:request_url=>outgoing_message_url(event.outgoing_message),:request_title=>info_request.title) %> <% elsif event.event_type == 'response' %> - <%= _('A <a href="{{request_url}}">response</a> to <em>{{request_title}}</em> was sent by {{public_body_name}} to {{info_request_user}} on {{date}}. The request status is: {{request_status}}',:public_body_name=>public_body_link_absolute(info_request.public_body),:info_request_user=>user_link_absolute(info_request.user),:date=>simple_date(event.created_at),:request_url=>incoming_message_url(event.incoming_message_selective_columns("incoming_messages.id")),:request_title=>info_request.title,:request_status=>info_request.display_status) %> + <%= _('A <a href="{{request_url}}">response</a> to <em>{{request_title}}</em> was sent by {{public_body_name}} to {{info_request_user}} on {{date}}. The request status is: {{request_status}}',:public_body_name=>public_body_link_absolute(info_request.public_body),:info_request_user=>request_user_link_absolute(info_request),:date=>simple_date(event.created_at),:request_url=>incoming_message_url(event.incoming_message_selective_columns("incoming_messages.id")),:request_title=>info_request.title,:request_status=>info_request.display_status) %> <% elsif event.event_type == 'comment' %> - <%= _('An <a href="{{request_url}}">annotation</a> to <em>{{request_title}}</em> was made by {{event_comment_user}} on {{date}}',:public_body_name=>public_body_link_absolute(info_request.public_body),:info_request_user=>user_link_absolute(info_request.user),:event_comment_user=>user_link_absolute(event.comment.user),:date=>simple_date(event.created_at),:request_url=>comment_url(event.comment),:request_title=>info_request.title) %> + <%= _('An <a href="{{request_url}}">annotation</a> to <em>{{request_title}}</em> was made by {{event_comment_user}} on {{date}}',:public_body_name=>public_body_link_absolute(info_request.public_body),:info_request_user=>request_user_link_absolute(info_request),:event_comment_user=>user_link_absolute(event.comment.user),:date=>simple_date(event.created_at),:request_url=>comment_url(event.comment),:request_title=>info_request.title) %> <% else %> <%# Events of other types will not be indexed: see InfoRequestEvent#indexed_by_search? However, it can happen that we see other types of event transiently here in the period @@ -22,7 +22,7 @@ end %> </div> </div> <div class="request_right"> - <span class="desc"> + <span class="desc"> <%= highlight_and_excerpt(event.search_text_main(true), @highlight_words, 150) %> </span> </div> diff --git a/app/views/request/followup_bad.rhtml b/app/views/request/followup_bad.rhtml index 7efa3f826..c892263e6 100644 --- a/app/views/request/followup_bad.rhtml +++ b/app/views/request/followup_bad.rhtml @@ -9,21 +9,21 @@ <% if @reason == 'not_apply' %> <!-- we should never get here, but just in case give a sensible message --> <p><%= _('Freedom of Information law no longer applies to') %> <%=h @info_request.public_body.name %>. - <%= _('From the request page, try replying to a particular message, rather than sending + <%= raw(_('From the request page, try replying to a particular message, rather than sending a general followup. If you need to make a general followup, and know - an email which will go to the right place, please <a href="%s">send it to us</a>.') % [help_contact_path] %> + an email which will go to the right place, please <a href="%s">send it to us</a>.') % [help_contact_path]) %> </p> <% elsif @reason == 'defunct' %> <!-- we should never get here, but just in case give a sensible message --> - <p><%=h @info_request.public_body.name %> <%= _('no longer exists. If you are trying to make + <p><%=h @info_request.public_body.name %> <%= raw(_('no longer exists. If you are trying to make From the request page, try replying to a particular message, rather than sending a general followup. If you need to make a general followup, and know - an email which will go to the right place, please <a href="%s">send it to us</a>.') % [help_contact_path] %> + an email which will go to the right place, please <a href="%s">send it to us</a>.') % [help_contact_path]) %> </p> <% elsif @reason == 'bad_contact' %> - <p><%= _('We do not have a working {{law_used_full}} address for {{public_body_name}}.',:law_used_full=>h(@info_request.law_used_full),:public_body_name=>h(@info_request.public_body.name)) %> <%= _('You may be able to find + <p><%= _('We do not have a working {{law_used_full}} address for {{public_body_name}}.',:law_used_full=>h(@info_request.law_used_full),:public_body_name=>h(@info_request.public_body.name)) %> <%= raw(_('You may be able to find one on their website, or by phoning them up and asking. If you manage - to find one, then please <a href="%s">send it to us</a>.') % [help_contact_path] %> + to find one, then please <a href="%s">send it to us</a>.') % [help_contact_path]) %> </p> <% elsif @reason == 'external' %> <p><%= _("Followups cannot be sent for this request, as it was made externally, and published here by {{public_body_name}} on the requester's behalf.", :public_body_name => h(@info_request.public_body.name)) %> diff --git a/app/views/request/hidden.rhtml b/app/views/request/hidden.rhtml index a4afb63c6..2d038a663 100644 --- a/app/views/request/hidden.rhtml +++ b/app/views/request/hidden.rhtml @@ -6,13 +6,13 @@ <%=@details%> </p> -<p><%= _('The request you have tried to view has been removed. There are +<p><%= raw(_('The request you have tried to view has been removed. There are various reasons why we might have done this, sorry we can\'t be more specific here. Please <a - href="%s">contact us</a> if you have any questions.') % [help_contact_path] %> + href="%s">contact us</a> if you have any questions.') % [help_contact_path]) %> </p> <% if @info_request.prominence == 'requester_only' %> <p> - <%= _('If you are the requester, then you may <a href="%s">sign in</a> to view the request.') % [signin_url(:r => request.request_uri)] %> + <%= raw(_('If you are the requester, then you may <a href="%s">sign in</a> to view the request.') % [signin_url(:r => request.request_uri)]) %> </p> <% end %> diff --git a/app/views/request/list.rhtml b/app/views/request/list.rhtml index 7cbd982f1..062b77c3e 100644 --- a/app/views/request/list.rhtml +++ b/app/views/request/list.rhtml @@ -14,22 +14,21 @@ <div style="clear:both"></div> <div class="results_section"> - <% view_cache :ttl => 5.minutes.to_i, :tag => [@cache_tag] do %> - <% if @list_results.empty? %> - <p> <%= _('No requests of this sort yet.')%></p> - <% else %> - <h2 class="foi_results"><%= _('{{count}} FOI requests found', :count => @matches_estimated) %></h2> - <div class="results_block"> - <% for result in @list_results%> - <% if result.class.to_s == 'InfoRequestEvent' %> - <%= render :partial => 'request/request_listing_via_event', :locals => { :event => result, :info_request => result.info_request } %> - <% else %> - <p><strong><%= _('Unexpected search result type') %> <%=result.class.to_s%></strong></p> - <% end %> - <% end %> - </div> - <% end %> + <% # TODO: Cache for 5 minutes %> + <% if @list_results.empty? %> + <p> <%= _('No requests of this sort yet.')%></p> + <% else %> + <h2 class="foi_results"><%= _('{{count}} FOI requests found', :count => @matches_estimated) %></h2> + <div class="results_block"> + <% for result in @list_results%> + <% if result.class.to_s == 'InfoRequestEvent' %> + <%= render :partial => 'request/request_listing_via_event', :locals => { :event => result, :info_request => result.info_request } %> + <% else %> + <p><strong><%= _('Unexpected search result type') %> <%=result.class.to_s%></strong></p> + <% end %> + <% end %> + </div> + <% end %> - <%= will_paginate WillPaginate::Collection.new(@page, @per_page, @show_no_more_than) %> - <% end %> + <%= will_paginate WillPaginate::Collection.new(@page, @per_page, @show_no_more_than) %> </div> diff --git a/app/views/request/new.rhtml b/app/views/request/new.rhtml index fe4c2067d..f396ea9ec 100644 --- a/app/views/request/new.rhtml +++ b/app/views/request/new.rhtml @@ -98,7 +98,7 @@ <ul> <li><%= _('Write your request in <strong>simple, precise language</strong>.') %></li> <li><%= _('Ask for <strong>specific</strong> documents or information, this site is not suitable for general enquiries.') %></li> - <li><%= _('Keep it <strong>focused</strong>, you\'ll be more likely to get what you want (<a href="%s">why?</a>).') % [help_requesting_path + '#focused'] %></li> + <li><%= raw(_('Keep it <strong>focused</strong>, you\'ll be more likely to get what you want (<a href="%s">why?</a>).') % [help_requesting_path + '#focused']) %></li> </ul> </div> @@ -112,23 +112,23 @@ <% if !@user %> <p class="form_note"> - <%= _('Everything that you enter on this page, including <strong>your name</strong>, + <%= raw(_('Everything that you enter on this page, including <strong>your name</strong>, will be <strong>displayed publicly</strong> on - this website forever (<a href="%s">why?</a>).') % [help_privacy_path+"#public_request"] %> - <%= _('If you are thinking of using a pseudonym, - please <a href="%s">read this first</a>.') % [help_privacy_path+"#real_name"] %> + this website forever (<a href="%s">why?</a>).') % [help_privacy_path+"#public_request"]) %> + <%= raw(_('If you are thinking of using a pseudonym, + please <a href="%s">read this first</a>.') % [help_privacy_path+"#real_name"]) %> </p> <% else %> <p class="form_note"> - <%= _('Everything that you enter on this page + <%= raw(_('Everything that you enter on this page will be <strong>displayed publicly</strong> on - this website forever (<a href="%s">why?</a>).') % [help_privacy_path+"#public_request"] %> + this website forever (<a href="%s">why?</a>).') % [help_privacy_path+"#public_request"]) %> </p> <% end %> <p class="form_note"> - <%= _("<strong> Can I request information about myself?</strong>\n" + - "\t\t\t<a href=\"%s\">No! (Click here for details)</a>") % [help_requesting_path+"#data_protection"] %> + <%= raw(_("<strong> Can I request information about myself?</strong>\n" + + "\t\t\t<a href=\"%s\">No! (Click here for details)</a>") % [help_requesting_path+"#data_protection"]) %> </p> <div class="form_button"> diff --git a/app/views/request/new_please_describe.rhtml b/app/views/request/new_please_describe.rhtml index ce80f51f0..ff27405b8 100644 --- a/app/views/request/new_please_describe.rhtml +++ b/app/views/request/new_please_describe.rhtml @@ -13,7 +13,7 @@ if they are successful yet or not.') %> </ul> <p> - <%= _('When you\'re done, <strong>come back here</strong>, <a href="%s">reload this page</a> and file your new request.') % [request.request_uri] %> + <%= raw(_('When you\'re done, <strong>come back here</strong>, <a href="%s">reload this page</a> and file your new request.') % [request.request_uri]) %> </p> <p> diff --git a/app/views/request/preview.rhtml b/app/views/request/preview.rhtml index 45b6a3dc1..8d1fd753e 100644 --- a/app/views/request/preview.rhtml +++ b/app/views/request/preview.rhtml @@ -5,8 +5,8 @@ <h1><%= _('3. Now check your request') %></h1> <ul> <li><%= _('Check you haven\'t included any <strong>personal information</strong>.') %></li> - <li><%= _('Your name, request and any responses will appear in <strong>search engines</strong> - (<a href="%s">details</a>).') % [help_privacy_path+"#public_request"] %> + <li><%= raw(_('Your name, request and any responses will appear in <strong>search engines</strong> + (<a href="%s">details</a>).') % [help_privacy_path+"#public_request"]) %> </li> </ul> @@ -28,8 +28,8 @@ </div> <% end %> - <p><%= _('<strong>Privacy note:</strong> If you want to request private information about - yourself then <a href="%s">click here</a>.') % [help_requesting_path+"#data_protection"] %> + <p><%= raw(_('<strong>Privacy note:</strong> If you want to request private information about + yourself then <a href="%s">click here</a>.') % [help_requesting_path+"#data_protection"]) %> <p> <%= f.hidden_field(:title) %> diff --git a/app/views/request/select_authority.rhtml b/app/views/request/select_authority.rhtml index 1166c3ff9..652c24da9 100644 --- a/app/views/request/select_authority.rhtml +++ b/app/views/request/select_authority.rhtml @@ -33,9 +33,9 @@ <% form_tag({:controller => "request", :action => "select_authority"}, {:id => "search_form", :method => "get"}) do %> <div> <p> - <%= _('First, type in the <strong>name of the UK public authority</strong> you\'d + <%= raw(_('First, type in the <strong>name of the UK public authority</strong> you\'d like information from. <strong>By law, they have to respond</strong> - (<a href="%s#%s">why?</a>).') % [help_about_url, "whybother_them"] %> + (<a href="%s#%s">why?</a>).') % [help_about_url, "whybother_them"]) %> </p> <%= text_field_tag 'query', params[:query], { :size => 30 } %> <%= hidden_field_tag 'bodies', 1 %> diff --git a/app/views/request/show.rhtml b/app/views/request/show.rhtml index 7aff1aeab..0cae3a9aa 100644 --- a/app/views/request/show.rhtml +++ b/app/views/request/show.rhtml @@ -10,8 +10,8 @@ <% end %> <% if @info_request.prominence == 'requester_only' %> <p id="hidden_request"> - <%= _('This request is hidden, so that only you the requester can see it. Please - <a href="%s">contact us</a> if you are not sure why.') % [help_requesting_path] %> + <%= raw(_('This request is hidden, so that only you the requester can see it. Please + <a href="%s">contact us</a> if you are not sure why.') % [help_requesting_path]) %> </p> <% end %> @@ -80,11 +80,11 @@ <%= _('in term time') %> <% end %> <%= _('by') %> <strong><%= simple_date(@info_request.date_response_required_by) %></strong> - (<%= _('<a href="%s">details</a>') % [help_requesting_path + '#quickly_response'] %>) + (<%= raw(_('<a href="%s">details</a>') % [help_requesting_path + '#quickly_response']) %>) <% elsif @status == 'waiting_response_very_overdue' %> <%= _('Response to this request is <strong>long overdue</strong>.') %> <%= _('By law, under all circumstances, {{public_body_link}} should have responded by now',:public_body_link => public_body_link(@info_request.public_body)) %> - (<%= _('<a href="%s">details</a>') % [help_requesting_path + '#quickly_response'] %>). + (<%= raw(_('<a href="%s">details</a>') % [help_requesting_path + '#quickly_response']) %>). <% if !@info_request.is_external? %> <%= _('You can <strong>complain</strong> by') %> <%= link_to _("requesting an internal review"), show_response_no_followup_url(:id => @info_request.id, :incoming_message_id => nil) + "?internal_review=1#followup" %>. diff --git a/app/views/request/show_response.rhtml b/app/views/request/show_response.rhtml index c40b37c3b..ac1f04227 100644 --- a/app/views/request/show_response.rhtml +++ b/app/views/request/show_response.rhtml @@ -26,8 +26,8 @@ <%= _('The authority only has a <strong>paper copy</strong> of the information.') %> </dt> <dd> - <%= _('At the bottom of this page, write a reply to them trying to persuade them to scan it in - (<a href="%s">more details</a>).') % [help_privacy_path + '#postal_answer'] %> + <%= raw(_('At the bottom of this page, write a reply to them trying to persuade them to scan it in + (<a href="%s">more details</a>).') % [help_privacy_path + '#postal_answer']) %> </dd> <dt> diff --git a/app/views/request/upload_response.rhtml b/app/views/request/upload_response.rhtml index bc129426d..675951595 100644 --- a/app/views/request/upload_response.rhtml +++ b/app/views/request/upload_response.rhtml @@ -12,7 +12,7 @@ <h1><%= _('Respond to the FOI request')%> '<%=request_link(@info_request)%>'<% _(' made by ')%><%=user_link(@info_request.user) %></h1> <p> - <%= _('Your response will <strong>appear on the Internet</strong>, <a href="%s">read why</a> and answers to other questions.')% [help_officers_path] %> + <%= raw(_('Your response will <strong>appear on the Internet</strong>, <a href="%s">read why</a> and answers to other questions.') % [help_officers_path]) %> </p> <h2><%= _('Respond by email')%></h2> @@ -27,8 +27,8 @@ <h2><%= _('Respond using the web')%></h2> - <p><%= _('Enter your response below. You may attach one file (use email, or - <a href="%s">contact us</a> if you need more).')% [help_contact_path] %></p> + <p><%= raw(_('Enter your response below. You may attach one file (use email, or + <a href="%s">contact us</a> if you need more).')% [help_contact_path]) %></p> <% form_tag '', :id => 'upload_response_form', :multipart => true do %> <p> diff --git a/app/views/track/_tracking_links.rhtml b/app/views/track/_tracking_links.rhtml index 3ba9d15e2..06e87ac74 100644 --- a/app/views/track/_tracking_links.rhtml +++ b/app/views/track/_tracking_links.rhtml @@ -21,7 +21,7 @@ </div> <div class="feed_link feed_link_<%=location%>"> - <%= link_to '<img src="/images/feed-16.png" alt="">', do_track_url(track_thing, 'feed') %> + <%= link_to '<img src="/images/feed-16.png" alt="">'.html_safe, do_track_url(track_thing, 'feed') %> <%= link_to (location == 'sidebar' ? _('RSS feed of updates') : _('RSS feed')), do_track_url(track_thing, 'feed') %> </div> <% end %> diff --git a/app/views/track/atom_feed.atom.builder b/app/views/track/atom_feed.atom.builder deleted file mode 100644 index d1e9310b8..000000000 --- a/app/views/track/atom_feed.atom.builder +++ /dev/null @@ -1,25 +0,0 @@ -atom_feed do |feed| - feed.title(@track_thing.params[:title_in_rss]) - @highlight_words = @xapian_object.words_to_highlight - - for result in @xapian_object.results - feed.entry(result[:model]) do |entry| - # Get the HTML content from the same partial template as website search does - content = '' - if result[:model].class.to_s == 'InfoRequestEvent' - content += render :partial => 'request/request_listing_via_event', :locals => { :event => result[:model], :info_request => result[:model].info_request } - else - content = "<p><strong>Unknown search result type " + result[:model].class.to_s + "</strong></p>" - end - # Pull out the heading as separate item, from the partial template - content.match(/(<span class="head">\s+<a href="[^>]*">(.*)<\/a>\s+<\/span>)/) - heading = $1 - heading_text = $2 - content.sub!(heading, "") - # Render the atom - entry.title(heading_text, :type => 'html') - entry.content(content, :type => 'html') - end - end -end - diff --git a/app/views/track/atom_feed.atom.erb b/app/views/track/atom_feed.atom.erb new file mode 100644 index 000000000..23c932308 --- /dev/null +++ b/app/views/track/atom_feed.atom.erb @@ -0,0 +1,30 @@ +<?xml version="1.0" encoding="UTF-8"?> +<feed xml:lang="en-US" xmlns="http://www.w3.org/2005/Atom"> + <id>tag:<%= request.host %>,2005:<%= request.fullpath.split(".")[0] %></id> + <link type="text/html" rel="alternate" href="<%= request.protocol + request.host_with_port %>"/> + <link type="application/atom+xml" rel="self" href="<%= request.url %>"/> + <title><%= @track_thing.params[:title_in_rss] %></title> + <% @xapian_object.results.each do |result| %> + <% + # Get the HTML content from the same partial template as website search does + content = '' + if result[:model].class.to_s == 'InfoRequestEvent' + content += render :partial => 'request/request_listing_via_event', :locals => { :event => result[:model], :info_request => result[:model].info_request } + else + content = "<p><strong>Unknown search result type " + result[:model].class.to_s + "</strong></p>" + end + # Pull out the heading as separate item, from the partial template + content.match(/(<span class="head">\s+<a href="[^>]*">(.*)<\/a>\s+<\/span>)/) + heading = $1 + heading_text = $2 + content.sub!(heading, "") + %> + <entry> + <id>tag:<%= request.host %>,2005:<%= result[:model].class %>/<%= result[:model].id %></id> + <published><%= result[:model].created_at.xmlschema %></published> + <link type="text/html" rel="alternate" href="<%= polymorphic_url(result[:model]) %>"/> + <title type="html"><%= heading_text %></title> + <content type="html"><%= content %></content> + </entry> + <% end %> +</feed> diff --git a/app/views/track_mailer/event_digest.rhtml b/app/views/track_mailer/event_digest.rhtml index 2c2e3c957..dc8132b99 100644 --- a/app/views/track_mailer/event_digest.rhtml +++ b/app/views/track_mailer/event_digest.rhtml @@ -57,7 +57,7 @@ main_text += "\n" end -%><%=main_text%><%= _("Alter your subscription")%> +%><%=raw main_text%><%= _("Alter your subscription")%> ======================= <% _("Please click on the link below to cancel or alter these emails.") %> diff --git a/app/views/user/_signup.rhtml b/app/views/user/_signup.rhtml index bb93b9617..913423ffa 100644 --- a/app/views/user/_signup.rhtml +++ b/app/views/user/_signup.rhtml @@ -10,8 +10,8 @@ <%= text_field 'user_signup', 'email', { :size => 20, :tabindex => 60 } %> </p> <div class="form_item_note"> - <%= _('We will not reveal your email address to anybody unless you or - the law tell us to (<a href="%s">details</a>). ') %[help_privacy_path] %> + <%= raw(_('We will not reveal your email address to anybody unless you or + the law tell us to (<a href="%s">details</a>). ') %[help_privacy_path]) %> </div> <p> @@ -19,11 +19,11 @@ <%= text_field 'user_signup', 'name', { :size => 20, :tabindex => 70 } %> </p> <div class="form_item_note"> - <%= _('Your <strong>name will appear publicly</strong> + <%= raw(_('Your <strong>name will appear publicly</strong> (<a href="%s">why?</a>) on this website and in search engines. If you are thinking of using a pseudonym, please - <a href="%s">read this first</a>.') % [help_privacy_path+"#public_request", help_privacy_path+"#real_name"] %> + <a href="%s">read this first</a>.') % [help_privacy_path+"#public_request", help_privacy_path+"#real_name"]) %> </div> <p> diff --git a/app/views/user/no_cookies.rhtml b/app/views/user/no_cookies.rhtml index b5c36b57e..c291367f2 100644 --- a/app/views/user/no_cookies.rhtml +++ b/app/views/user/no_cookies.rhtml @@ -12,11 +12,11 @@ browser. Then press refresh to have another go.')%></p> <p><%= _('If your browser is set to accept cookies and you are seeing this message, then there is probably a fault with our server.')%> -<%= _('Please <a href="%s">get in touch</a> with us so we can fix it.') % [help_contact_path] %> +<%= raw(_('Please <a href="%s">get in touch</a> with us so we can fix it.') % [help_contact_path]) %> <%= _('Let us know what you were doing when this message appeared and your browser and operating system type and version.')%></p> -<p><%= _('If you are still having trouble, please <a href="%s">contact us</a>.') % [help_contact_path] %> +<p><%= raw(_('If you are still having trouble, please <a href="%s">contact us</a>.') % [help_contact_path]) %> </p> diff --git a/app/views/user/show.rhtml b/app/views/user/show.rhtml index 12a9d3f74..31ea2a70b 100644 --- a/app/views/user/show.rhtml +++ b/app/views/user/show.rhtml @@ -97,7 +97,7 @@ <% if not @is_you %> <p id="user_not_logged_in"> - <%= _('<a href="%s">Sign in</a> to change password, subscriptions and more ({{user_name}} only)',:user_name=>h(@display_user.name)) % [signin_url(:r => request.request_uri)]%> + <%= raw(_('<a href="%s">Sign in</a> to change password, subscriptions and more ({{user_name}} only)',:user_name=>h(@display_user.name)) % [signin_url(:r => request.request_uri)]) %> </p> <% end %> </div> diff --git a/app/views/user/wrong_user_unknown_email.rhtml b/app/views/user/wrong_user_unknown_email.rhtml index 77a2ca001..c59c56941 100644 --- a/app/views/user/wrong_user_unknown_email.rhtml +++ b/app/views/user/wrong_user_unknown_email.rhtml @@ -1,8 +1,8 @@ <p id="sign_in_reason"> -<%= @reason_params[:web] %>. <%= _('Unfortunately we don\'t know the FOI +<%= @reason_params[:web] %>. <%= raw(_('Unfortunately we don\'t know the FOI email address for that authority, so we can\'t validate this. -Please <a href="%s">contact us</a> to sort it out.') % [help_contact_path] %> +Please <a href="%s">contact us</a> to sort it out.') % [help_contact_path]) %> </p> |