From 39d7c598161b6b1577ef6d18de7d13e68fa5706f Mon Sep 17 00:00:00 2001 From: Louise Crow Date: Mon, 3 Nov 2014 10:24:40 +0000 Subject: Only mark email_subject_request as HTML safe when used in email subject. It's also used in the web interface and needs to be escaped there. --- app/models/info_request.rb | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) (limited to 'app/models/info_request.rb') diff --git a/app/models/info_request.rb b/app/models/info_request.rb index d0052603a..dcd16878b 100644 --- a/app/models/info_request.rb +++ b/app/models/info_request.rb @@ -292,13 +292,18 @@ public end # Subject lines for emails about the request - def email_subject_request - _('{{law_used_full}} request - {{title}}',:law_used_full=>self.law_used_full,:title=>self.title.html_safe) + def email_subject_request(opts = {}) + html = opts.fetch(:html, true) + _('{{law_used_full}} request - {{title}}', + :law_used_full => self.law_used_full, + :title => (html ? title : title.html_safe)) end - def email_subject_followup(incoming_message = nil) + def email_subject_followup(opts = {}) + incoming_message = opts.fetch(:incoming_message, nil) + html = opts.fetch(:html, true) if incoming_message.nil? || !incoming_message.valid_to_reply_to? || !incoming_message.subject - 'Re: ' + self.email_subject_request + 'Re: ' + self.email_subject_request(:html => html) else if incoming_message.subject.match(/^Re:/i) incoming_message.subject -- cgit v1.2.3 From 224725e202d581d956e8958c521abb00de9935b1 Mon Sep 17 00:00:00 2001 From: Louise Crow Date: Thu, 27 Nov 2014 10:20:37 +0000 Subject: Refactor the application of masks and censor rules to messages. Seems more logical to make this one method that figures out what to do based on file type. Plus, incoming message does so many things, it seemed like having these related methods be separate would make them easier to read and understand. Also, email, mobile and login substitution texts weren't being translated. Finally, I think passing the censor rules and masks as arguments is a first step in some more decoupling of models. --- app/models/info_request.rb | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) (limited to 'app/models/info_request.rb') diff --git a/app/models/info_request.rb b/app/models/info_request.rb index dcd16878b..20b7ef9af 100644 --- a/app/models/info_request.rb +++ b/app/models/info_request.rb @@ -1153,6 +1153,22 @@ public return binary end + # Masks we apply to text associated with this request convert email addresses + # we know about into textual descriptions of them + def masks + masks = [{ :to_replace => incoming_email, + :replacement => _('[FOI #{{request}} email]', + :request => id.to_s) }, + { :to_replace => AlaveteliConfiguration::contact_email, + :replacement => _("[{{site_name}} contact email]", + :site_name => AlaveteliConfiguration::site_name)} ] + if public_body.is_followupable? + masks << { :to_replace => public_body.request_email, + :replacement => _("[{{public_body}} request email]", + :public_body => public_body.short_or_long_name) } + end + end + def is_owning_user?(user) !user.nil? && (user.id == user_id || user.owns_every_request?) end -- cgit v1.2.3