From cf6f99f7167d271c4b84f8beebcd4a5d8a666a72 Mon Sep 17 00:00:00 2001 From: Matthew Landauer Date: Thu, 3 Jan 2013 13:23:03 +1100 Subject: Escaping fixes involving the unpleasant mix of translations, html and string interpolation --- app/controllers/request_controller.rb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'app/controllers/request_controller.rb') diff --git a/app/controllers/request_controller.rb b/app/controllers/request_controller.rb index c732a4b32..e82491bbe 100644 --- a/app/controllers/request_controller.rb +++ b/app/controllers/request_controller.rb @@ -320,9 +320,9 @@ class RequestController < ApplicationController message = "" if @outgoing_message.contains_email? if @user.nil? - message += _("

You do not need to include your email in the request in order to get a reply, as we will ask for it on the next screen (details).

") % [help_privacy_path+"#email_address"]; + message += (_("

You do not need to include your email in the request in order to get a reply, as we will ask for it on the next screen (details).

") % [help_privacy_path+"#email_address"]).html_safe; else - message += _("

You do not need to include your email in the request in order to get a reply (details).

") % [help_privacy_path+"#email_address"]; + message += (_("

You do not need to include your email in the request in order to get a reply (details).

") % [help_privacy_path+"#email_address"]).html_safe; end message += _("

We recommend that you edit your request and remove the email address. If you leave it, the email address will be sent to the authority, but will not be displayed on the site.

") @@ -623,7 +623,7 @@ class RequestController < ApplicationController if !params[:submitted_followup].nil? && !params[:reedit] if @info_request.allow_new_responses_from == 'nobody' - flash[:error] = _('Your follow up has not been sent because this request has been stopped to prevent spam. Please contact us if you really want to send a follow up message.') % [help_contact_path] + flash[:error] = (_('Your follow up has not been sent because this request has been stopped to prevent spam. Please contact us if you really want to send a follow up message.') % [help_contact_path]).html_safe else if @info_request.find_existing_outgoing_message(params[:outgoing_message][:body]) flash[:error] = _('You previously submitted that exact follow up message for this request.') -- cgit v1.2.3 From a92d95908bdc8b1f2a5111a6d36b6de210ab5c55 Mon Sep 17 00:00:00 2001 From: Henare Degan Date: Sun, 9 Dec 2012 19:08:59 +1100 Subject: Remove interlock as it's not compatible with Rails 3 and is unmaintained --- app/controllers/request_controller.rb | 27 +++++++++++---------------- 1 file changed, 11 insertions(+), 16 deletions(-) (limited to 'app/controllers/request_controller.rb') diff --git a/app/controllers/request_controller.rb b/app/controllers/request_controller.rb index 3e8c0a5f6..49d2f35f3 100644 --- a/app/controllers/request_controller.rb +++ b/app/controllers/request_controller.rb @@ -99,15 +99,13 @@ class RequestController < ApplicationController # Sidebar stuff # ... requests that have similar imporant terms - behavior_cache :tag => ['similar', @info_request.id] do - begin - limit = 10 - @xapian_similar = ::ActsAsXapian::Similar.new([InfoRequestEvent], @info_request.info_request_events, - :limit => limit, :collapse_by_prefix => 'request_collapse') - @xapian_similar_more = (@xapian_similar.matches_estimated > limit) - rescue - @xapian_similar = nil - end + begin + limit = 10 + @xapian_similar = ::ActsAsXapian::Similar.new([InfoRequestEvent], @info_request.info_request_events, + :limit => limit, :collapse_by_prefix => 'request_collapse') + @xapian_similar_more = (@xapian_similar.matches_estimated > limit) + rescue + @xapian_similar = nil end # Track corresponding to this page @@ -180,13 +178,10 @@ class RequestController < ApplicationController query = make_query_from_params @title = _("View and search requests") sortby = "newest" - @cache_tag = Digest::MD5.hexdigest(query + @page.to_s + I18n.locale.to_s) - behavior_cache :tag => [@cache_tag] do - xapian_object = perform_search([InfoRequestEvent], query, sortby, 'request_collapse') - @list_results = xapian_object.results.map { |r| r[:model] } - @matches_estimated = xapian_object.matches_estimated - @show_no_more_than = (@matches_estimated > MAX_RESULTS) ? MAX_RESULTS : @matches_estimated - end + xapian_object = perform_search([InfoRequestEvent], query, sortby, 'request_collapse') + @list_results = xapian_object.results.map { |r| r[:model] } + @matches_estimated = xapian_object.matches_estimated + @show_no_more_than = (@matches_estimated > MAX_RESULTS) ? MAX_RESULTS : @matches_estimated @title = @title + " (page " + @page.to_s + ")" if (@page > 1) @track_thing = TrackThing.create_track_for_search_query(query) -- cgit v1.2.3 From 8686fbdb9ccee126e92dbe7ee15ebb227599d715 Mon Sep 17 00:00:00 2001 From: Louise Crow Date: Fri, 8 Feb 2013 11:38:38 +0000 Subject: Mark flash string with markup in it as html safe. --- app/controllers/request_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'app/controllers/request_controller.rb') diff --git a/app/controllers/request_controller.rb b/app/controllers/request_controller.rb index 49d2f35f3..dfa3a4834 100644 --- a/app/controllers/request_controller.rb +++ b/app/controllers/request_controller.rb @@ -333,7 +333,7 @@ class RequestController < ApplicationController message += _("

Your request contains a postcode. Unless it directly relates to the subject of your request, please remove any address as it will appear publicly on the Internet.

"); end if not message.empty? - flash.now[:error] = message + flash.now[:error] = message.html_safe end render :action => 'preview' return -- cgit v1.2.3