class ApplicationController < ActionController::Base
include SessionPersistence
- protect_from_forgery
+ protect_from_forgery :with => :exception
before_action :fetch_body
if request.get?
redirect_to :controller => "user", :action => "login", :referer => request.fullpath
else
- render :text => "", :status => :forbidden
+ head :forbidden
end
end
end
if request.cookies["_osm_session"].to_s == ""
if params[:cookie_test].nil?
session[:cookie_test] = true
- redirect_to Hash[params].merge(:cookie_test => "true")
+ redirect_to params.to_unsafe_h.merge(:cookie_test => "true")
false
else
flash.now[:warning] = t "application.require_cookies.cookies_needed"
flash[:error] = t("application.require_moderator.not_a_moderator")
redirect_to :action => "index"
else
- render :text => "", :status => :forbidden
+ head :forbidden
end
end
end
unless @user
# no auth, the user does not exist or the password was wrong
response.headers["WWW-Authenticate"] = "Basic realm=\"#{realm}\""
- render :text => errormessage, :status => :unauthorized
+ render :plain => errormessage, :status => :unauthorized
return false
end
end
def authorize_moderator(errormessage = "Access restricted to moderators")
# check user is a moderator
unless @user.moderator?
- render :text => errormessage, :status => :forbidden
+ render :plain => errormessage, :status => :forbidden
false
end
end
result.root << (XML::Node.new("status") << "#{Rack::Utils.status_code(status)} #{Rack::Utils::HTTP_STATUS_CODES[status]}")
result.root << (XML::Node.new("message") << message)
- render :text => result.to_s, :content_type => "text/xml"
+ render :xml => result.to_s
else
- render :text => message, :status => status, :content_type => "text/plain"
+ render :plain => message, :status => status
end
end
def api_call_handle_error
yield
rescue ActiveRecord::RecordNotFound => ex
- render :text => "", :status => :not_found
+ head :not_found
rescue LibXML::XML::Error, ArgumentError => ex
report_error ex.message, :bad_request
rescue ActiveRecord::RecordInvalid => ex
respond_to do |format|
format.html { render :template => "user/no_such_user", :status => :not_found }
- format.all { render :text => "", :status => :not_found }
+ format.all { head :not_found }
end
end