Add validation for maximum ID passed to changesets#index

[rails.git] / app / controllers / changesets_controller.rb

diff --git a/app/controllers/changesets_controller.rb b/app/controllers/changesets_controller.rb
index 3ea5fb64e96288551aac8169b5dfaaecc5630087..757664b580e61c78306b689f7c0f7fd614d2df6b 100644 (file)
--- a/app/controllers/changesets_controller.rb
+++ b/app/controllers/changesets_controller.rb
@@ -18,6 +18,8 @@ class ChangesetsController < ApplicationController
   ##
   # list non-empty changesets in reverse chronological order
   def index
+    param! :max_id, Integer, :min => 1
+
     @params = params.permit(:display_name, :bbox, :friends, :nearby, :max_id, :list)
 
     if request.format == :atom && @params[:max_id]