[Surrey] Disallow email addresses in problem title/detail

perllib/FixMyStreet/Cobrand/Surrey.pm

@@ -86,6 +86,24 @@ sub reopening_disallowed { 1 }
 
 sub allow_anonymous_reports { 'button' }
 
+=item * Do not allow email addresses in title or detail
+
+=back
+
+=cut
+
+sub report_validation {
+    my ($self, $report, $errors) = @_;
+
+    my $regex = Utils::email_regex;
+
+    if ($report->detail =~ /$regex/ || $report->title =~ /$regex/) {
+        $errors->{detail} = 'Please remove any email addresses and other personal information from your report';
+    }
+
+    return $errors;
+}
+
 =item * Anyone with a surreycc.gov.uk email shows up in the admin
 
 =cut

t/cobrand/surrey.t

@@ -92,6 +92,20 @@ FixMyStreet::override_config {
             $json = $mech->get_ok_json('/around?ajax=1&bbox=-0.45869262976076,51.28481314324,-0.42367370886232,51.302390882532');
             is_deeply($json->{pins}, [], 'Borough problem is excluded from Surrey cobrand');
         };
+
+    subtest 'Get error when email included in report' => sub {
+        $mech->get_ok('/report/new?longitude=-0.441269&latitude=51.293415');
+        $mech->submit_form_ok({ with_fields => { category => 'Potholes', title => 'Potholes', detail => 'On main road', name => 'Bob Betts', username_register => '[email protected]' } });
+        $mech->content_contains('Click the link in our confirmation email to publish your problem', 'Detail field without email proceeds normally');
+        $mech->get_ok('/report/new?longitude=-0.441269&latitude=51.293415');
+        $mech->submit_form_ok({ with_fields => { category => 'Potholes', title => 'Potholes', detail => 'On main road. Contact me at [email protected]', name => 'Bob Betts', username_register => '[email protected]' } });
+        $mech->content_contains("<p class='form-error'>Please remove any email addresses and other personal information from your report", "Report detail with email gives error");
+        $mech->get_ok('/report/new?longitude=-0.441269&latitude=51.293415');
+        $mech->submit_form_ok({ with_fields => { category => 'Potholes', title => 'Potholes contact me [email protected]', detail => 'On main road', name => 'Bob Betts', username_register => '[email protected]' } });
+        $mech->content_contains("<p class='form-error'>Please remove any email addresses and other personal information from your report", "Report title with email gives error");
+        $mech->clear_emails_ok;
+    };
+
 };
 
 

templates/web/base/js/translation_strings.html

@@ -10,6 +10,7 @@
         detail: {
             required: '[% loc('Please enter some details', "JS") %]',
             maxlength: '[% loc('Reports are limited to {0} characters in length. Please shorten your report', "JS") %]',
+            notEmail: '[% loc('Please make sure you are not including an email address', "JS") %]'
         },
         name: {
             required: '[% loc('Please enter your name', "JS") %]',

templates/web/surrey/footer_extra_js.html

@@ -1 +1,4 @@
 [% PROCESS 'footer_extra_js_base.html' highways=1 validation=1 %]
+[% scripts.push(
+    version('/cobrands/surrey/js.js'),
+) %]

web/cobrands/fixmystreet-uk-councils/council_validation_rules.js

@@ -106,5 +106,15 @@ body_validation_rules = {
             maxlength: 20
         }
     },
-    'Southwark Council': confirm_validation_rules
+    'Southwark Council': confirm_validation_rules,
+    'Surrey County Council': {
+      title: {
+          required: true,
+          notEmail: true
+      },
+      detail: {
+          required: true,
+          notEmail: true
+      }
+  }
 };

web/cobrands/surrey/js.js

@@ -0,0 +1,10 @@
+(function(){
+    if (!window.translation_strings) {
+        return;
+    }
+
+    // Surrey want custom error messages when an email address is present
+    translation_strings.detail.notEmail = 'Report cannot contain an email address or personal information';
+    translation_strings.title.notEmail = 'Report cannot contain an email address or personal information';
+
+})();