X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/3159c3c3f715250ef97e468eb155b868322b0426..0e2a66e8de55b3719bd307261058b7f898598994:/app/controllers/application_controller.rb diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index f419460ee..68baa3115 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -3,14 +3,19 @@ class ApplicationController < ActionController::Base protect_from_forgery :with => :exception + add_flash_types :warning, :error + rescue_from CanCan::AccessDenied, :with => :deny_access check_authorization before_action :fetch_body around_action :better_errors_allow_inline, :if => proc { Rails.env.development? } - attr_accessor :current_user + attr_accessor :current_user, :oauth_token + helper_method :current_user + helper_method :oauth_token + helper_method :preferred_langauges private @@ -54,7 +59,7 @@ class ApplicationController < ActionController::Base end def require_oauth - @oauth = current_user.access_token(Settings.oauth_key) if current_user && Settings.key?(:oauth_key) + @oauth_token = current_user.access_token(Settings.oauth_key) if current_user && Settings.key?(:oauth_key) end ## @@ -63,7 +68,7 @@ class ApplicationController < ActionController::Base if request.cookies["_osm_session"].to_s == "" if params[:cookie_test].nil? session[:cookie_test] = true - redirect_to params.to_unsafe_h.merge(:cookie_test => "true") + redirect_to params.to_unsafe_h.merge(:only_path => true, :cookie_test => "true") false else flash.now[:warning] = t "application.require_cookies.cookies_needed" @@ -109,9 +114,10 @@ class ApplicationController < ActionController::Base end def database_status - if Settings.status == "database_offline" + case Settings.status + when "database_offline" "offline" - elsif Settings.status == "database_readonly" + when "database_readonly" "readonly" else "online" @@ -121,9 +127,10 @@ class ApplicationController < ActionController::Base def api_status status = database_status if status == "online" - if Settings.status == "api_offline" + case Settings.status + when "api_offline" status = "offline" - elsif Settings.status == "api_readonly" + when "api_readonly" status = "readonly" end end @@ -233,7 +240,7 @@ class ApplicationController < ActionController::Base e = e.cause if e.is_a?(Timeout::Error) || - (e.is_a?(ActiveRecord::StatementInvalid) && e.message =~ /execution expired/) + (e.is_a?(ActiveRecord::StatementInvalid) && e.message.include?("execution expired")) render :action => "timeout" else raise @@ -282,9 +289,10 @@ class ApplicationController < ActionController::Base :style_src => %w['unsafe-inline'] ) - if Settings.status == "database_offline" || Settings.status == "api_offline" + case Settings.status + when "database_offline", "api_offline" flash.now[:warning] = t("layouts.osm_offline") - elsif Settings.status == "database_readonly" || Settings.status == "api_readonly" + when "database_readonly", "api_readonly" flash.now[:warning] = t("layouts.osm_read_only") end @@ -296,15 +304,13 @@ class ApplicationController < ActionController::Base end def preferred_editor - editor = if params[:editor] - params[:editor] - elsif current_user&.preferred_editor - current_user.preferred_editor - else - Settings.default_editor - end - - editor + if params[:editor] + params[:editor] + elsif current_user&.preferred_editor + current_user.preferred_editor + else + Settings.default_editor + end end helper_method :preferred_editor @@ -370,4 +376,19 @@ class ApplicationController < ActionController::Base # override to stop oauth plugin sending errors def invalid_oauth_response; end + + # clean any referer parameter + def safe_referer(referer) + referer = URI.parse(referer) + + if referer.scheme == "http" || referer.scheme == "https" + referer.scheme = nil + referer.host = nil + referer.port = nil + elsif referer.scheme || referer.host || referer.port + referer = nil + end + + referer.to_s + end end