8 files changed, 72 insertions, 21 deletions
diff --git a/config/environment.rb b/config/environment.rb
index b958c6475..f788845a9 100644
--- a/config/environment.rb
+++ b/config/environment.rb
@@ -1,7 +1,7 @@
 # Be sure to restart your web server when you modify this file.
 
 
-# Uncomment below to force Rails into production mode when 
+# Uncomment below to force Rails into production mode when
 # you don't control web/app server and can't set it the proper way
 # ENV['RAILS_ENV'] ||= 'production'
 
@@ -31,9 +31,12 @@ load "util.rb"
 require File.join(File.dirname(__FILE__), '../lib/old_rubygems_patch')
 
 
+# Application version
+ALAVETELI_VERSION = '0.6.5'
+
 Rails::Initializer.run do |config|
   # Load intial mySociety config
-  if ENV["RAILS_ENV"] == "test" 
+  if ENV["RAILS_ENV"] == "test"
       MySociety::Config.set_file(File.join(config.root_path, 'config', 'test'), true)
   else
       MySociety::Config.set_file(File.join(config.root_path, 'config', 'general'), true)
@@ -41,7 +44,7 @@ Rails::Initializer.run do |config|
   MySociety::Config.load_default
 
   # Settings in config/environments/* take precedence over those specified here
-  
+
   # Skip frameworks you're not going to use (only works if using vendor/rails)
   # config.frameworks -= [ :action_web_service, :action_mailer ]
 
@@ -51,7 +54,7 @@ Rails::Initializer.run do |config|
   # Add additional load paths for your own custom dirs
   # config.load_paths += %W( #{Rails.root}/extras )
 
-  # Force all environments to use the same logger level 
+  # Force all environments to use the same logger level
   # (by default production uses :info, the others :debug)
   # TEMP: uncomment this to turn on logging in production environments
   # config.log_level = :debug
@@ -60,7 +63,7 @@ Rails::Initializer.run do |config|
   #GettextI18nRails.translations_are_html_safe = true
 
   # Use SQL instead of Active Record's schema dumper when creating the test database.
-  # This is necessary if your schema can't be completely dumped by the schema dumper, 
+  # This is necessary if your schema can't be completely dumped by the schema dumper,
   # like if you have constraints or database-specific column types
   config.active_record.schema_format = :sql
 
@@ -69,8 +72,8 @@ Rails::Initializer.run do |config|
 
   # Make Active Record use UTC-base instead of local time
   config.active_record.default_timezone = :utc
-  
-  config.after_initialize do    
+
+  config.after_initialize do
      require 'routing_filters.rb'
   end
 
@@ -79,7 +82,7 @@ Rails::Initializer.run do |config|
   ENV['RECAPTCHA_PRIVATE_KEY'] = MySociety::Config::get("RECAPTCHA_PRIVATE_KEY", 'x');
 end
 
-# Add new inflection rules using the following format 
+# Add new inflection rules using the following format
 # (all these examples are active by default):
 # Inflector.inflections do |inflect|
 #   inflect.plural /^(ox)$/i, '\1en'
diff --git a/config/general.yml-example b/config/general.yml-example
index 019eb7ada..a6f657d96 100644
--- a/config/general.yml-example
+++ b/config/general.yml-example
@@ -37,9 +37,9 @@ FRONTPAGE_PUBLICBODY_EXAMPLES: 'tgq'
 # URLs of themes to download and use (when running rails-post-deploy
 # script). Earlier in the list means the templates have a higher
 # priority.
-THEME_URLS: 
- - 'git://github.com/sebbacon/adminbootstraptheme.git'
- - 'git://github.com/sebbacon/alavetelitheme.git'
+THEME_URLS:
+ - 'git://github.com/mysociety/adminbootstraptheme.git'
+ - 'git://github.com/mysociety/alavetelitheme.git'
 
 # Whether a user needs to sign in to start the New Request process
 FORCE_REGISTRATION_ON_NEW_REQUEST: false
diff --git a/config/httpd.conf b/config/httpd.conf
index 3bbe50fb3..129b1577b 100644
--- a/config/httpd.conf
+++ b/config/httpd.conf
@@ -5,7 +5,7 @@
 #
 # Copyright (c) 2007 UK Citizens Online Democracy. All rights reserved.
 # Email: francis@mysociety.org; WWW: http://www.mysociety.org
-# 
+#
 # $Id: httpd.conf,v 1.31 2009-09-02 13:05:48 matthew Exp $
 
 # This is needed for the PHP spell checker
@@ -25,13 +25,27 @@ RewriteEngine On
 # it.
 RewriteCond %{LA-U:REMOTE_USER} (.+)
 RewriteRule . - [E=RU:%1]
-RequestHeader add X-Forwarded-User %{RU}e 
+RequestHeader add X-Forwarded-User %{RU}e
 
 # Old /files URL to new subdomain (as can't use Alias with passenger,
 # so we do it on its own domain). This is for custom admin upload
 # files for archiving.
 RewriteRule /files/(.+) http://files.whatdotheyknow.com/$1
 
+# Serve attachments directly from the cache, if possible.
+#
+# The file names are URL-encoded on disk, and sharded by the first
+# three digits of the request id, which is why this is as complicated
+# as it is. The RewriteMap directive makes the URL-escaping function
+# available to use in the other directives.
+#
+# The condition means that the rule will fire only if the cached
+# file exists.
+RewriteMap escape int:escape
+RewriteCond %{DOCUMENT_ROOT}/views_cache/request/$2/$1/${escape:$3} -f
+RewriteRule ^/request/((\d{1,3})\d*)/(response/\d+/attach/(html/)?\d+/.+) /views_cache/request/$2/$1/${escape:$3} [L]
+
+
 <IfModule mod_passenger.c>
  # Set this to something like 100 if you have memory leak issues
  PassengerMaxRequests 20
diff --git a/config/initializers/session_store.rb b/config/initializers/session_store.rb
index bf40e99c1..a05d2c7d1 100644
--- a/config/initializers/session_store.rb
+++ b/config/initializers/session_store.rb
@@ -2,7 +2,7 @@
 
 # Your secret key for verifying cookie session data integrity.
 # If you change this key, all old sessions will become invalid!
-# Make sure the secret is at least 30 characters and all random, 
+# Make sure the secret is at least 30 characters and all random,
 # no regular words or you'll be exposed to dictionary attacks.
 
 ActionController::Base.session = {
diff --git a/config/initializers/single_quote_escape_workaround.rb b/config/initializers/single_quote_escape_workaround.rb
new file mode 100644
index 000000000..2e713b982
--- /dev/null
+++ b/config/initializers/single_quote_escape_workaround.rb
@@ -0,0 +1,31 @@
+class ERB
+  module Util
+
+    if "html_safe exists".respond_to?(:html_safe)
+      def html_escape(s)
+        s = s.to_s
+        if s.html_safe?
+          s
+        else
+          Rack::Utils.escape_html(s).html_safe
+        end
+      end
+    else
+      def html_escape(s)
+        s = s.to_s
+        Rack::Utils.escape_html(s).html_safe
+      end
+    end
+
+    remove_method :h
+    alias h html_escape
+
+    class << self
+      remove_method :html_escape
+      remove_method :h
+    end
+
+    module_function :html_escape
+    module_function :h
+  end
+end
diff --git a/config/packages b/config/packages
index dcf1dc5b4..d059d2906 100644
--- a/config/packages
+++ b/config/packages
@@ -33,5 +33,6 @@ libpq-dev
 uuid-dev
 ruby1.8-dev
 rubygems
+rake
 build-essential
 bundler
diff --git a/config/routes.rb b/config/routes.rb
index 13ab6669e..34232b55b 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -80,7 +80,7 @@ ActionController::Routing::Routes.draw do |map|
 
     # Use /profile for things to do with the currently signed in user.
     # Use /user/XXXX for things that anyone can see about that user.
-    # Note that /profile isn't indexe by search (see robots.txt)
+    # Note that /profile isn't indexed by search (see robots.txt)
     map.with_options :controller => 'user' do |user|
         user.signin '/profile/sign_in',        :action => 'signin'
         user.signup '/profile/sign_up',        :action => 'signup'
@@ -244,8 +244,10 @@ ActionController::Routing::Routes.draw do |map|
     map.with_options :controller => 'api' do |api|
         api.api_create_request '/api/v2/request.json', :action => 'create_request', :conditions => { :method => :post }
         
-        api.api_show_request '/api/v2/request/:id.json', :action => 'show_request',  :conditions => { :method => :get }
-        api.api_add_correspondence '/api/v2/request/:id.json', :action => 'add_correspondence',  :conditions => { :method => :post }
+        api.api_show_request '/api/v2/request/:id.json', :action => 'show_request', :conditions => { :method => :get }
+        api.api_add_correspondence '/api/v2/request/:id.json', :action => 'add_correspondence', :conditions => { :method => :post }
+        
+        api.api_body_request_events '/api/v2/body/:id/request_events.:feed_type', :action => 'body_request_events', :feed_type => '^(json|atom)$'
     end
     
     map.filter('conditionallyprependlocale')
diff --git a/config/test.yml b/config/test.yml
index 6e34340ff..5811b1785 100644
--- a/config/test.yml
+++ b/config/test.yml
@@ -1,7 +1,7 @@
 # test.yml
 # Test values for the "general" config file.
 #
-# Configuration parameters, in YAML syntax. 
+# Configuration parameters, in YAML syntax.
 #
 # These may be values expected by the test suite; changing them may
 # break tests.
@@ -12,7 +12,7 @@ SITE_NAME: 'Alaveteli'
 # Domain used in URLs generated by scripts (e.g. for going in some emails)
 # It makes things simpler if this is the same as the Rails test domain test.host
 DOMAIN: 'test.host'
- 
+
 # ISO country code of country currrently deployed in
 # (http://en.wikipedia.org/wiki/ISO_3166-1_alpha-2)
 ISO_COUNTRY_CODE: DE
@@ -34,14 +34,14 @@ REPLY_VERY_LATE_AFTER_DAYS: 40
 # We give some types of authority like schools a bit longer than everyone else
 SPECIAL_REPLY_VERY_LATE_AFTER_DAYS: 60
 
-# example searches for the home page, semicolon delimited.  
+# example searches for the home page, semicolon delimited.
 FRONTPAGE_SEARCH_EXAMPLES: 'Geraldine Quango; Department for Humpadinking'
 
 # example public bodies for the home page, semicolon delimited - short_names
 FRONTPAGE_PUBLICBODY_EXAMPLES: 'tgq'
 
 # URL of theme to install (when running rails-post-deploy script)
-THEME_URL: 'git://github.com/sebbacon/alavetelitheme.git'
+THEME_URL: 'git://github.com/mysociety/alavetelitheme.git'
 
 
 ## Incoming email