From 39d7c598161b6b1577ef6d18de7d13e68fa5706f Mon Sep 17 00:00:00 2001
From: Louise Crow <louise.crow@gmail.com>
Date: Mon, 3 Nov 2014 10:24:40 +0000
Subject: Only mark email_subject_request as HTML safe when used in email
 subject.

It's also used in the web interface and needs to be escaped there.
---
 app/models/info_request.rb | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

(limited to 'app/models/info_request.rb')

diff --git a/app/models/info_request.rb b/app/models/info_request.rb
index d0052603a..dcd16878b 100644
--- a/app/models/info_request.rb
+++ b/app/models/info_request.rb
@@ -292,13 +292,18 @@ public
     end
 
     # Subject lines for emails about the request
-    def email_subject_request
-        _('{{law_used_full}} request - {{title}}',:law_used_full=>self.law_used_full,:title=>self.title.html_safe)
+    def email_subject_request(opts = {})
+        html = opts.fetch(:html, true)
+        _('{{law_used_full}} request - {{title}}',
+            :law_used_full => self.law_used_full,
+            :title => (html ? title : title.html_safe))
     end
 
-    def email_subject_followup(incoming_message = nil)
+    def email_subject_followup(opts = {})
+        incoming_message = opts.fetch(:incoming_message, nil)
+        html = opts.fetch(:html, true)
         if incoming_message.nil? || !incoming_message.valid_to_reply_to? || !incoming_message.subject
-            'Re: ' + self.email_subject_request
+            'Re: ' + self.email_subject_request(:html => html)
         else
             if incoming_message.subject.match(/^Re:/i)
                 incoming_message.subject
-- 
cgit v1.2.3