X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/071c3581e94552e5da08a2eed14e9a69e4f87e4f..4c51a3035cfec42bf96eeb0e601bf24e5906ad54:/app/controllers/trace_controller.rb

diff --git a/app/controllers/trace_controller.rb b/app/controllers/trace_controller.rb
index cdfa5e3cb..d709b5cf1 100644
--- a/app/controllers/trace_controller.rb
+++ b/app/controllers/trace_controller.rb
@@ -163,7 +163,9 @@ class TraceController < ApplicationController
     trace = Trace.find(params[:id])
 
     if trace.visible? and (trace.public? or (@user and @user == trace.user))
-      if request.format == Mime::XML
+      if Acl.no_trace_download(request.remote_ip)
+        render :nothing => true, :status => :forbidden
+      elsif request.format == Mime::XML
         send_file(trace.xml_file, :filename => "#{trace.id}.xml", :type => Mime::XML.to_s, :disposition => 'attachment')
       else
         send_file(trace.trace_name, :filename => "#{trace.id}#{trace.extension_name}", :type => trace.mime_type, :disposition => 'attachment')
@@ -222,7 +224,7 @@ class TraceController < ApplicationController
     end
 
     if params[:tag]
-      traces = traces.where("EXISTS (SELECT * FROM gpx_file_tags AS gft WHERE gft.gpx_id = gpx_files.id AND gft.tag = ?)")
+      traces = traces.where("EXISTS (SELECT * FROM gpx_file_tags AS gft WHERE gft.gpx_id = gpx_files.id AND gft.tag = ?)", params[:tag])
     end
 
     traces = traces.order("timestamp DESC")