From daf39e2287067b0fde275f674a5503dde7349b06 Mon Sep 17 00:00:00 2001
From: Seb Bacon <seb@mysociety.org>
Date: Mon, 9 Jan 2012 11:13:47 +0000
Subject: Send email notifications on exceptions

---
 app/controllers/application_controller.rb | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'app/controllers/application_controller.rb')

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index b7457c48e..e30a7330e 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -14,7 +14,10 @@ class ApplicationController < ActionController::Base
     # Standard headers, footers and navigation for whole site
     layout "default"
     include FastGettext::Translation # make functions like _, n_, N_ etc available)
-        
+
+    # Send notification email on exceptions
+    include ExceptionNotification::Notifiable
+    
     # Note: a filter stops the chain if it redirects or renders something
     before_filter :authentication_check
     before_filter :set_gettext_locale
@@ -119,6 +122,7 @@ class ApplicationController < ActionController::Base
             @status = 404
         else
             @status = 500
+            notify_about_exception exception
         end
         # Display user appropriate error message
         @exception_backtrace = exception.backtrace.join("\n")
-- 
cgit v1.2.3


From 7610f8316a841a81b3c55cda3ac39610b3a0c267 Mon Sep 17 00:00:00 2001
From: Seb Bacon <seb.bacon@gmail.com>
Date: Mon, 9 Jan 2012 13:06:25 +0000
Subject: Ignore last-seen-item variables for the purposes of varnish caching. 
 Fixes issue #324.

---
 app/controllers/application_controller.rb | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'app/controllers/application_controller.rb')

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index e30a7330e..b0351f7d1 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -365,14 +365,14 @@ class ApplicationController < ActionController::Base
     # Store last visited pages, for contact form; but only for logged in users, as otherwise this breaks caching
     def set_last_request(info_request)
         if !session[:user_id].nil?
-            session[:last_request_id] = info_request.id
-            session[:last_body_id] = nil
+            cookies["last_request_id"] = info_request.id
+            cookies["last_body_id"] = nil
         end
     end
     def set_last_body(public_body)
         if !session[:user_id].nil?
-            session[:last_request_id] = nil
-            session[:last_body_id] = public_body.id
+            cookies["last_request_id"] = nil
+            cookies["last_body_id"] = public_body.id
         end
     end
 
-- 
cgit v1.2.3


From ba07a044614a1648eaa176436346a3aed7f4ac74 Mon Sep 17 00:00:00 2001
From: Seb Bacon <seb.bacon@gmail.com>
Date: Wed, 11 Jan 2012 11:53:40 +0000
Subject: Fix problem with typeahead searches containing " - " characters and
 similar.  Closes #328

---
 app/controllers/application_controller.rb | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

(limited to 'app/controllers/application_controller.rb')

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index b0351f7d1..8fd2da54a 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -361,6 +361,27 @@ class ApplicationController < ActionController::Base
     def get_search_page_from_params
         return (params[:page] || "1").to_i
     end
+    def perform_search_typeahead(query, model)
+        # strip out unintended search operators - see
+        # https://github.com/sebbacon/alaveteli/issues/328 
+        # XXX this is a result of the OR hack below -- should fix by
+        # allowing a parameter to perform_search to control the
+        # default operator!
+        query = query.gsub(/(\s-\s|&)/, "")
+        query = query.split(/ +(?!-)/)
+        if query.last.nil? || query.last.strip.length < 3
+            xapian_requests = nil
+        else
+            query = query.join(' OR ')       # XXX: HACK for OR instead of default AND!
+            if model == PublicBody
+                collapse = nil
+            elsif model == InfoRequestEvent
+                collapse = 'request_collapse'
+            end
+            xapian_requests = perform_search([model], query, 'relevant', collapse, 5)
+        end
+        return xapian_requests
+    end
 
     # Store last visited pages, for contact form; but only for logged in users, as otherwise this breaks caching
     def set_last_request(info_request)
-- 
cgit v1.2.3


From 43bd77a1ad43d7cb24117bf3973f841221fd2c6e Mon Sep 17 00:00:00 2001
From: Seb Bacon <seb.bacon@gmail.com>
Date: Thu, 12 Jan 2012 07:47:16 +0000
Subject: Return 403 when attachment "folders" are spidered.  Fixes #340

---
 app/controllers/application_controller.rb | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'app/controllers/application_controller.rb')

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 8fd2da54a..05f88a6b2 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -11,6 +11,8 @@
 require 'open-uri'
 
 class ApplicationController < ActionController::Base
+    class PermissionDenied < StandardError
+    end
     # Standard headers, footers and navigation for whole site
     layout "default"
     include FastGettext::Translation # make functions like _, n_, N_ etc available)
@@ -120,6 +122,8 @@ class ApplicationController < ActionController::Base
         case exception
         when ActiveRecord::RecordNotFound, ActionController::UnknownAction, ActionController::RoutingError
             @status = 404
+        when PermissionDenied
+            @status = 403
         else
             @status = 500
             notify_about_exception exception
@@ -189,7 +193,7 @@ class ApplicationController < ActionController::Base
         return File.exists?(key_path)
     end
     def foi_fragment_cache_read(key_path)
-        cached = File.read(key_path)
+        return File.read(key_path)
     end
     def foi_fragment_cache_write(key_path, content)
         FileUtils.mkdir_p(File.dirname(key_path))
-- 
cgit v1.2.3


From 21ee1ca03faa722119a3c7e587a843b960783096 Mon Sep 17 00:00:00 2001
From: Seb Bacon <seb.bacon@gmail.com>
Date: Thu, 12 Jan 2012 11:20:40 +0000
Subject: Further fix for issue #328.

---
 app/controllers/application_controller.rb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'app/controllers/application_controller.rb')

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 05f88a6b2..7aa522389 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -371,8 +371,8 @@ class ApplicationController < ActionController::Base
         # XXX this is a result of the OR hack below -- should fix by
         # allowing a parameter to perform_search to control the
         # default operator!
-        query = query.gsub(/(\s-\s|&)/, "")
-        query = query.split(/ +(?!-)/)
+        query = query.strip.gsub(/(\s-\s|&)/, "")
+        query = query.split(/ +(?![-+]+)/)
         if query.last.nil? || query.last.strip.length < 3
             xapian_requests = nil
         else
-- 
cgit v1.2.3