From 9ddfdfff9366793516bc09289a1da6156dfd12ca Mon Sep 17 00:00:00 2001 From: Gareth Rees Date: Thu, 2 Oct 2014 10:17:07 +0100 Subject: Add global protect_from_forgery MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Grepping the git logs didn’t bring up a good reason for this to be excluded. Seems like it came along after the app was initially created so it never got fully added for fear of regressions. The specs pass for this commit. --- app/controllers/request_controller.rb | 1 - 1 file changed, 1 deletion(-) (limited to 'app/controllers/request_controller.rb') diff --git a/app/controllers/request_controller.rb b/app/controllers/request_controller.rb index 9e2c291dc..43404574d 100644 --- a/app/controllers/request_controller.rb +++ b/app/controllers/request_controller.rb @@ -10,7 +10,6 @@ require 'open-uri' class RequestController < ApplicationController before_filter :check_read_only, :only => [ :new, :show_response, :describe_state, :upload_response ] - protect_from_forgery :only => [ :new, :show_response, :describe_state, :upload_response ] # See ActionController::RequestForgeryProtection for details before_filter :check_batch_requests_and_user_allowed, :only => [ :select_authorities, :new_batch ] MAX_RESULTS = 500 PER_PAGE = 25 -- cgit v1.2.3 From 56a849eeb4dd8fbd968bb987ba7dacc353557c14 Mon Sep 17 00:00:00 2001 From: Gareth Rees Date: Thu, 2 Oct 2014 13:08:42 +0100 Subject: Line length --- app/controllers/request_controller.rb | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'app/controllers/request_controller.rb') diff --git a/app/controllers/request_controller.rb b/app/controllers/request_controller.rb index 43404574d..1c01b8dc0 100644 --- a/app/controllers/request_controller.rb +++ b/app/controllers/request_controller.rb @@ -840,7 +840,15 @@ class RequestController < ApplicationController end # check filename in URL matches that in database (use a censor rule if you want to change a filename) - raise ActiveRecord::RecordNotFound.new("please use same filename as original file has, display: '" + @attachment.display_filename + "' old_display: '" + @attachment.old_display_filename + "' original: '" + @original_filename + "'") if @attachment.display_filename != @original_filename && @attachment.old_display_filename != @original_filename + if @attachment.display_filename != @original_filename && @attachment.old_display_filename != @original_filename + msg = 'please use same filename as original file has, display: ' + msg += "'#{ @attachment.display_filename }' " + msg += 'old_display: ' + msg += "'#{ @attachment.old_display_filename }' " + msg += 'original: ' + msg += "'#{ @original_filename }'" + raise ActiveRecord::RecordNotFound.new(msg) + end @attachment_url = get_attachment_url(:id => @incoming_message.info_request_id, :incoming_message_id => @incoming_message.id, :part => @part_number, -- cgit v1.2.3