14 files changed, 150 insertions, 108 deletions
diff --git a/config/initializers/acts_as_xapian.rb b/config/initializers/acts_as_xapian.rb
new file mode 100644
index 000000000..f82193c85
--- /dev/null
+++ b/config/initializers/acts_as_xapian.rb
@@ -0,0 +1,25 @@
+# acts_as_xapian/init.rb:
+#
+# Copyright (c) 2008 UK Citizens Online Democracy. All rights reserved.
+# Email: hello@mysociety.org; WWW: http://www.mysociety.org/
+
+# We're moving plugins out of vendor/plugins, since keeping them there
+# is deprecated as of Rails 3.2, and the xapiandbs directory should be
+# moved out of there along with the plugin itself.
+
+old_xapiandbs_path = Rails.root.join('vendor',
+                                     'plugins',
+                                     'acts_as_xapian',
+                                     'xapiandbs')
+
+current_xapiandbs_path = Rails.root.join('lib',
+                                         'acts_as_xapian',
+                                         'xapiandbs')
+
+if File.exists? old_xapiandbs_path
+    unless File.exists? current_xapiandbs_path
+        File.rename old_xapiandbs_path, current_xapiandbs_path
+    end
+end
+
+require 'acts_as_xapian/acts_as_xapian'
diff --git a/config/initializers/alaveteli.rb b/config/initializers/alaveteli.rb
new file mode 100644
index 000000000..c7672d05b
--- /dev/null
+++ b/config/initializers/alaveteli.rb
@@ -0,0 +1,62 @@
+# MySociety specific helper functions
+$:.push(File.join(File.dirname(__FILE__), '../../commonlib/rblib'))
+# ... if these fail to include, you need the commonlib submodule from git
+# (type "git submodule update --init" in the whatdotheyknow directory)
+
+load "validate.rb"
+load "config.rb"
+load "format.rb"
+load "debug_helpers.rb"
+load "util.rb"
+
+# Application version
+ALAVETELI_VERSION = '0.17'
+
+# Add new inflection rules using the following format
+# (all these examples are active by default):
+# Inflector.inflections do |inflect|
+#   inflect.plural /^(ox)$/i, '\1en'
+#   inflect.singular /^(ox)en/i, '\1'
+#   inflect.irregular 'person', 'people'
+#   inflect.uncountable %w( fish sheep )
+# end
+
+# Add new mime types for use in respond_to blocks:
+# Mime::Type.register "text/richtext", :rtf
+# Mime::Type.register "application/x-mobile", :mobile
+
+
+# Domain for URLs (so can work for scripts, not just web pages)
+ActionMailer::Base.default_url_options[:host] = AlaveteliConfiguration::domain
+# https links in emails if forcing SSL
+if AlaveteliConfiguration::force_ssl
+  ActionMailer::Base.default_url_options[:protocol] = "https"
+end
+
+
+# Load monkey patches and other things from lib/
+require 'ruby19.rb'
+require 'activesupport_cache_extensions.rb'
+require 'use_spans_for_errors.rb'
+require 'activerecord_errors_extensions.rb'
+require 'i18n_fixes.rb'
+require 'world_foi_websites.rb'
+require 'alaveteli_external_command.rb'
+require 'quiet_opener.rb'
+require 'mail_handler'
+require 'public_body_categories'
+require 'ability'
+require 'normalize_string'
+require 'alaveteli_file_types'
+require 'alaveteli_localization'
+require 'message_prominence'
+require 'theme'
+require 'xapian_queries'
+
+AlaveteliLocalization.set_locales(AlaveteliConfiguration::available_locales,
+                                  AlaveteliConfiguration::default_locale)
+
+# Allow tests to be run under a non-superuser database account if required
+if Rails.env == 'test' and ActiveRecord::Base.configurations['test']['constraint_disabling'] == false
+  require 'no_constraint_disabling'
+end
diff --git a/config/initializers/backtrace_silencers.rb b/config/initializers/backtrace_silencers.rb
new file mode 100644
index 000000000..59385cdf3
--- /dev/null
+++ b/config/initializers/backtrace_silencers.rb
@@ -0,0 +1,7 @@
+# Be sure to restart your server when you modify this file.
+
+# You can add backtrace silencers for libraries that you're using but don't wish to see in your backtraces.
+# Rails.backtrace_cleaner.add_silencer { |line| line =~ /my_noisy_library/ }
+
+# You can also remove all the silencers if you're trying to debug a problem that might stem from framework code.
+# Rails.backtrace_cleaner.remove_silencers!
diff --git a/config/initializers/fast_gettext.rb b/config/initializers/fast_gettext.rb
index 1cd6440e4..b00524993 100644
--- a/config/initializers/fast_gettext.rb
+++ b/config/initializers/fast_gettext.rb
@@ -1,6 +1,5 @@
-FastGettext.add_text_domain 'app', :path => File.join(Rails.root, 'locale'), :type => :po
-FastGettext.default_text_domain = 'app'
+AlaveteliLocalization.set_default_text_domain('app', File.join(Rails.root, 'locale'))
 
 I18n::Backend::Simple.send(:include, I18n::Backend::Fallbacks)
 
-RoutingFilter::Locale.include_default_locale = Configuration::include_default_locale_in_urls
-\ No newline at end of file
+AlaveteliLocalization.set_default_locale_urls(AlaveteliConfiguration::include_default_locale_in_urls)
diff --git a/config/initializers/gettext_i18n_rails.rb b/config/initializers/gettext_i18n_rails.rb
new file mode 100644
index 000000000..ef306682b
--- /dev/null
+++ b/config/initializers/gettext_i18n_rails.rb
@@ -0,0 +1,3 @@
+# FIXME: Audit the translations for XSS opportunities. Ultimately it would be
+# good to get rid of this and explicitly mark strings as html_safe
+GettextI18nRails.translations_are_html_safe = true
diff --git a/config/initializers/has_tag_string.rb b/config/initializers/has_tag_string.rb
new file mode 100644
index 000000000..5fa33cc70
--- /dev/null
+++ b/config/initializers/has_tag_string.rb
@@ -0,0 +1,2 @@
+require 'has_tag_string/has_tag_string'
+
diff --git a/config/initializers/inflections.rb b/config/initializers/inflections.rb
new file mode 100644
index 000000000..9e8b0131f
--- /dev/null
+++ b/config/initializers/inflections.rb
@@ -0,0 +1,10 @@
+# Be sure to restart your server when you modify this file.
+
+# Add new inflection rules using the following format
+# (all these examples are active by default):
+# ActiveSupport::Inflector.inflections do |inflect|
+#   inflect.plural /^(ox)$/i, '\1en'
+#   inflect.singular /^(ox)en/i, '\1'
+#   inflect.irregular 'person', 'people'
+#   inflect.uncountable %w( fish sheep )
+# end
diff --git a/config/initializers/mime_types.rb b/config/initializers/mime_types.rb
new file mode 100644
index 000000000..72aca7e44
--- /dev/null
+++ b/config/initializers/mime_types.rb
@@ -0,0 +1,5 @@
+# Be sure to restart your server when you modify this file.
+
+# Add new mime types for use in respond_to blocks:
+# Mime::Type.register "text/richtext", :rtf
+# Mime::Type.register_alias "text/html", :iphone
diff --git a/config/initializers/secret_token.rb b/config/initializers/secret_token.rb
new file mode 100644
index 000000000..d120b94ae
--- /dev/null
+++ b/config/initializers/secret_token.rb
@@ -0,0 +1,12 @@
+# Be sure to restart your server when you modify this file.
+
+# Your secret key for verifying the integrity of signed cookies.
+# If you change this key, all old signed cookies will become invalid!
+# Make sure the secret is at least 30 characters and all random,
+# no regular words or you'll be exposed to dictionary attacks.
+
+# Just plopping an extra character on the secret_token so that any sessions on upgrading from
+# Rails 2 to Rails 3 version of Alaveteli are invalidated.
+# See http://blog.carbonfive.com/2011/03/19/rails-3-upgrade-tip-invalidate-session-cookies/
+
+Alaveteli::Application.config.secret_token = "3" + AlaveteliConfiguration::cookie_store_session_secret
diff --git a/config/initializers/session_store.rb b/config/initializers/session_store.rb
index 8cfa333f2..ca283d4e0 100644
--- a/config/initializers/session_store.rb
+++ b/config/initializers/session_store.rb
@@ -1,17 +1,2 @@
 # Be sure to restart your server when you modify this file.
-
-# Your secret key for verifying cookie session data integrity.
-# If you change this key, all old sessions will become invalid!
-# Make sure the secret is at least 30 characters and all random,
-# no regular words or you'll be exposed to dictionary attacks.
-
-ActionController::Base.session = {
-  :key => '_wdtk_cookie_session',
-  :secret => Configuration::cookie_store_session_secret
-}
-ActionController::Base.session_store = :cookie_store
-
-# Insert a bit of middleware code to prevent uneeded cookie setting.
-require "#{Rails.root}/lib/whatdotheyknow/strip_empty_sessions"
-ActionController::Dispatcher.middleware.insert_before ActionController::Base.session_store, WhatDoTheyKnow::StripEmptySessions, :key => '_wdtk_cookie_session', :path => "/", :httponly => true
-
+Rails.application.config.session_store :cookie_store, :key => '_wdtk_cookie_session'
diff --git a/config/initializers/single_quote_escape_workaround.rb b/config/initializers/single_quote_escape_workaround.rb
deleted file mode 100644
index 2e713b982..000000000
--- a/config/initializers/single_quote_escape_workaround.rb
+++ /dev/null
@@ -1,31 +0,0 @@
-class ERB
-  module Util
-
-    if "html_safe exists".respond_to?(:html_safe)
-      def html_escape(s)
-        s = s.to_s
-        if s.html_safe?
-          s
-        else
-          Rack::Utils.escape_html(s).html_safe
-        end
-      end
-    else
-      def html_escape(s)
-        s = s.to_s
-        Rack::Utils.escape_html(s).html_safe
-      end
-    end
-
-    remove_method :h
-    alias h html_escape
-
-    class << self
-      remove_method :html_escape
-      remove_method :h
-    end
-
-    module_function :html_escape
-    module_function :h
-  end
-end
diff --git a/config/initializers/strip_attributes.rb b/config/initializers/strip_attributes.rb
new file mode 100644
index 000000000..25f70b2f3
--- /dev/null
+++ b/config/initializers/strip_attributes.rb
@@ -0,0 +1,2 @@
+require 'strip_attributes/strip_attributes'
+ActiveRecord::Base.extend(StripAttributes)
diff --git a/config/initializers/strip_nil_parameters_patch.rb b/config/initializers/strip_nil_parameters_patch.rb
deleted file mode 100644
index 35d0a28c5..000000000
--- a/config/initializers/strip_nil_parameters_patch.rb
+++ /dev/null
@@ -1,51 +0,0 @@
-# Stolen from https://raw.github.com/mysociety/fixmytransport/fa9b014eb2628c300693e055f129cb8959772082/config/initializers/strip_nil_parameters_patch.rb
-
-# Monkey patch for CVE-2012-2660 on Rails 2.3.14
-
-# Strip [nil] from parameters hash
-# based on a pull request from @sebbacon
-# https://github.com/rails/rails/pull/6580
-
-module ActionController
-  class Request < Rack::Request
-    protected
-      def deep_munge(hash)
-        hash.each_value do |v|
-          case v
-          when Array
-            v.grep(Hash) { |x| deep_munge(x) }
-          when Hash
-            deep_munge(v)
-          end
-        end
-
-        keys = hash.keys.find_all { |k| hash[k] == [nil] }
-        keys.each { |k| hash[k] = nil }
-        hash
-      end
-
-    private
-
-      def normalize_parameters(value)
-        case value
-        when Hash
-          if value.has_key?(:tempfile)
-            upload = value[:tempfile]
-            upload.extend(UploadedFile)
-            upload.original_path = value[:filename]
-            upload.content_type = value[:type]
-            upload
-          else
-            h = {}
-            value.each { |k, v| h[k] = normalize_parameters(v) }
-            deep_munge(h.with_indifferent_access)
-          end
-        when Array
-          value.map { |e| normalize_parameters(e) }
-        else
-          value
-        end
-      end
-
-  end
-end
diff --git a/config/initializers/theme_loader.rb b/config/initializers/theme_loader.rb
index 877149e9d..9c79e513c 100644
--- a/config/initializers/theme_loader.rb
+++ b/config/initializers/theme_loader.rb
@@ -2,12 +2,24 @@
 # It is used by our config/routes.rb to decide which route extension files to load.
 $alaveteli_route_extensions = []
 
-if ENV["RAILS_ENV"] != "test" # Don't let the themes interfere with Alaveteli specs
-    for url in Configuration::theme_urls.reverse
-        theme_name = url.sub(/.*\/(.*).git/, "\\1")
-        theme_main_include = File.expand_path "../../../vendor/plugins/#{theme_name}/lib/alavetelitheme.rb", __FILE__
-        if File.exists? theme_main_include
-            require theme_main_include
-        end
+def require_theme(theme_name)
+    theme_lib = Rails.root.join 'lib', 'themes', theme_name, 'lib'
+    $LOAD_PATH.unshift theme_lib.to_s
+    theme_main_include = Rails.root.join theme_lib, "alavetelitheme.rb"
+    if File.exists? theme_main_include
+        require theme_main_include
+    end
+end
+
+if Rails.env == "test"
+    # By setting this ALAVETELI_TEST_THEME to a theme name, theme tests can run in the Rails
+    # context with the theme loaded. Otherwise the themes from the config aren't loaded in testing
+    # so they don't interfere with core Alaveteli tests
+    if defined? ALAVETELI_TEST_THEME
+        require_theme(ALAVETELI_TEST_THEME)
+    end
+else
+    for url in AlaveteliConfiguration::theme_urls.reverse
+        require_theme theme_url_to_theme_name(url)
     end
 end