| Commit message (Collapse) | Author | Age | Lines |
|---|
| |\ |
|
| | |
| |
| |
| | |
Taken from https://github.com/mikel/mail/pull/602
|
| |\ \ |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
TODO: We really should be testing the full output of RTF#body, but we currently
want to remain consistent with Adapters::PDF as many methods are shared between
the Adapters.
A more correct spec might be:
expected = %Q(<font size=3><font color="#000000">thisisthebody</font></font>)
adapter.body.should == expected
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
TODO: We really should be testing the full output of PDF#body, but
inconsistencies between pdftohtml prevent sensible means of doing this.
For example:
adapter.body.should == %Q(\n<A name=1></a>thisisthebody<br/>\n<hr>\n)
Fails because some versions (correctly!) use lower case tag names.
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Extracts the attachment processing from FoiAttachment#body_to_html
AttachmentToHTML contains adapters which convert
- text/plain
- application/pdf
- application/rtf
Results are returned as an AttachmentHTML::HTML instance which contains
the raw HTML and other metadata about the conversion.
|
| |\ \ \ |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Specifically using save! so that anything other than an
ActiveRecord::RecordInvalid doesn't get missed
Note that ActiveModel::Errors#full_messages includes the attribute key
in the message. This is by design, so we should consider whether we can
improve the way that we use translated validation messages.
|
| | | | |
| | | |
| | | |
| | | |
| | | | |
There's a unique index on public_bodies url_name, so we should have a
validation for that.
|
| | | | |
| | | |
| | | |
| | | |
| | | | |
Should have been run after related migrations.
Could automate this to always run after migrations.
|
| |\ \ \ \ |
|
| | |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Some proxies seem to be setting the Client-IP HTTP header to 127.0.0.1.
Rails checks that Client-IP is contained in X-Forwarded-For and raises
the error.
We decided to rescue in this individual case rather than adding a
middleware to strip Client-IP
(http://writeheavy.com/2011/07/31/when-its-ok-to-turn-of-rails-ip-spoof-checking.html#well_thats_stupid_can_we_turn_it_off)
so that we don't introduce unexpected behaviour. If we start to do anything
more with request.remote_ip, then we should look at doing so.
See
http://blog.gingerlime.com/2012/rails-ip-spoofing-vulnerabilities-and-protection
for an in-depth look at this issue.
|
| |/ / /
| | |
| | |
| | |
| | |
| | | |
will_paginate intentionally throws an ArgumentError when a non-numeric page
parameter is used. Conveniently, they tag it with WillPaginate::InvalidPage,
so here we rescue with a 404.
|
| |\ \ \ |
|
| | | | | |
|
| | | | | |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The volume of spam in the holding pen in WDTK has increased.
Over a few weeks in January 2014 the pattern was roughly:
- 8 were sent "To" the same address, which was a nearly valid old request
address - correct hash, but missing the second hyphen.
- 1 was sent "To" an invalid request address (nearly correct hash)
- 1 was sent "BCC" a valid request address
- 1 was sent "BCC" request@whatdotheyknow.com
If a spam was sent "To" an old valid request address then it would be
rejected.
It's not entirely safe to just reject mails to old requests with any
hash, because sometimes authorities miss out a digit in the request
number, though perhaps simply getting a failure bounce would cause them
to check.
In any case that wouldn't trivially catch the most frequent case above
as it doesn't have an obvious request number.
---
We looked at greylisting and configuring the MTA with an RBL.
Greylisting was rejected as it would slow down the responsiveness of the
application when people email in. This could be revisited if/when emails
are parsed through a queue system depending on how we find the
performance there.
An RBL is already configured, but this ticket refers more to where the
email is sent rather than who it came from.
---
We elected to:
- Create spam_address model
- Add code to RequestMailer.receive to check the list of spam addresses
and silently discard an incoming mail if it's addressed to one of them
- Add page to admin interface for adding/removing spam addresses
---
Thanks to Ganesh Sittampalam for the research and Louise Crow for the
implementation strategy.
|
| |\ \ \ \
| | | | |
| | | | |
| | | | | |
ssh://git.mysociety.org/data/git/public/alaveteli into rails-3-develop
|
| | |\ \ \ \ |
|
| | | | |/ /
| | |/| |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
If a request is made and path is something like /%d3 we rescue this with
a custom 404 template.
This gets unescaped as {"path"=>"\323"}.
In the case of a RouteNotFound, ApplicationController#render_exception
renders the general/exception_caught template in to the default layout,
which renders the general/_locale_switcher partial.
This partial calls url_for – sending the full params hash as the
argument – so that a user may return to the existing page in their
chosen locale.
The problem is that url_for tries to construct the url with the hash
{:action=>"not_found", :controller=>"general",
:path=>"\323"}.
ApplicationController#sanitize_params re-encodes the path parameter so
that it can be passed through to url_for without trouble.
|
| |\ \ \ \ \
| |/ / / /
|/| | | |
| | | | |
| | | | | |
Conflicts:
spec/factories.rb
|
| | | | | |
| | | | |
| | | | |
| | | | | |
We can access url generation methods more easily here.
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
These are full sentences, not composed on the fly, so should be easier
to translate.
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
These notices are complete sentences, not composed on the fly, so should
be easier to translate.
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
These notices are full sentences, rather than being composed of phrases,
which should make them easier to translate.
|
| | | | | | |
|
| | | |_|/
| |/| |
| | | |
| | | |
| | | |
| | | | |
In the largest Alaveteli instance, WDTK, only a fraction of tracks use
filters and these specs represent those that have actually been used
commonly.
|
| |\ \ \ \
| |_|/ /
|/| | | |
|
| | | | |
| | | |
| | | |
| | | |
| | | | |
Intercepts the request and redirects to the homepage if the comment
field is filled in on the contact form.
|
| | | | |
| | | |
| | | |
| | | |
| | | | |
- Actually assert something when getting the pages
- Use named route
|
| | | | | |
|
| | | |/
| |/| |
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Factories are loaded automatically from:
- test/factories.rb
- spec/factories.rb
- test/factories/*.rb
- spec/factories/*.rb
Keeping factories per-model helps navigation, especially when they get
more complex with traits and inheritance.
|
| | |
| |
| |
| | |
Get the canonical human-readable status of a comment
|
| | | |
|
| |\ \ |
|
| | |/
| |
| |
| | |
Closes #1313 and #365.
|
| | | |
|
| | | |
|
| |\ \
| | |
| | |
| | | |
'opennewzealand_github/feature/handle-undefined-conversion' into rails-3-develop
|
| | | | |
|
