]> git.openstreetmap.org Git - rails.git/blobdiff - app/models/changeset.rb
Prevent CSRF bypass with password reset form
[rails.git] / app / models / changeset.rb
index 47f03c79544111eff476896c076d2cae2b6c31fb..aa674ea7fc5391ec781119e20f07d5bcef478332 100644 (file)
@@ -25,7 +25,7 @@
 #  changesets_user_id_fkey  (user_id => users.id)
 #
 
-class Changeset < ActiveRecord::Base
+class Changeset < ApplicationRecord
   require "xml/libxml"
 
   belongs_to :user, :counter_cache => true
@@ -80,19 +80,21 @@ class Changeset < ActiveRecord::Base
     self.closed_at = Time.now.getutc if is_open?
   end
 
-  def self.from_xml(xml, create = false)
+  def self.from_xml(xml, create: false)
     p = XML::Parser.string(xml, :options => XML::Parser::Options::NOERROR)
     doc = p.parse
+    pt = doc.find_first("//osm/changeset")
 
-    doc.find("//osm/changeset").each do |pt|
-      return Changeset.from_xml_node(pt, create)
+    if pt
+      Changeset.from_xml_node(pt, :create => create)
+    else
+      raise OSM::APIBadXMLError.new("changeset", xml, "XML doesn't contain an osm/changeset element.")
     end
-    raise OSM::APIBadXMLError.new("changeset", xml, "XML doesn't contain an osm/changeset element.")
   rescue LibXML::XML::Error, ArgumentError => e
     raise OSM::APIBadXMLError.new("changeset", xml, e.message)
   end
 
-  def self.from_xml_node(pt, create = false)
+  def self.from_xml_node(pt, create: false)
     cs = Changeset.new
     if create
       cs.created_at = Time.now.getutc