X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/6599fe05863769affec40b65f0447a5524f67290..e890528aacd74420e445793b532271996e700577:/app/controllers/amf_controller.rb?ds=sidebyside diff --git a/app/controllers/amf_controller.rb b/app/controllers/amf_controller.rb index 5a8ac49c3..aa030ca92 100644 --- a/app/controllers/amf_controller.rb +++ b/app/controllers/amf_controller.rb @@ -214,27 +214,26 @@ class AmfController < ApplicationController # uses POTLATCH_PRESETS global, set up in OSM::Potlatch. def getpresets(usertoken,lang) #:doc: + user = getuser(usertoken) + + if user && !user.languages.empty? + request.user_preferred_languages = user.languages + end + + lang = request.compatible_language_from(getlocales) + begin - # first, try the user setting - localised = YAML::load(File.open("#{RAILS_ROOT}/config/potlatch/localised/#{I18n.locale}/localised.yaml")) + # if not, try the browser language + localised = YAML::load(File.open("#{RAILS_ROOT}/config/potlatch/localised/#{lang}/localised.yaml")) rescue - begin - # if not, try the browser language - localised = YAML::load(File.open("#{RAILS_ROOT}/config/potlatch/localised/#{lang}/localised.yaml")) - rescue - # fall back to hardcoded English text - localised = "" - end + # fall back to hardcoded English text + localised = "" end begin - help = File.read("#{RAILS_ROOT}/config/potlatch/localised/#{I18n.locale}/help.html") + help = File.read("#{RAILS_ROOT}/config/potlatch/localised/#{lang}/help.html") rescue - begin - help = File.read("#{RAILS_ROOT}/config/potlatch/localised/#{lang}/help.html") - rescue - help = File.read("#{RAILS_ROOT}/config/potlatch/localised/en/help.html") - end + help = File.read("#{RAILS_ROOT}/config/potlatch/localised/en/help.html") end return POTLATCH_PRESETS+[localised,help] end @@ -527,6 +526,8 @@ class AmfController < ApplicationController amf_handle_error("'putrelation' #{relid}") do user = getuser(usertoken) if !user then return -1,"You are not logged in, so the relation could not be saved." end + if !tags_ok(tags) then return -1,"One of the tags is invalid. Please pester Adobe to fix Flash on Linux." end + tags = strip_non_xml_chars tags relid = relid.to_i visible = (visible.to_i != 0) @@ -613,6 +614,8 @@ class AmfController < ApplicationController user = getuser(usertoken) if !user then return -1,"You are not logged in, so the way could not be saved." end if pointlist.length < 2 then return -2,"Server error - way is only #{points.length} points long." end + if !tags_ok(attributes) then return -1,"One of the tags is invalid. Please pester Adobe to fix Flash on Linux." end + attributes = strip_non_xml_chars attributes originalway = originalway.to_i pointlist.collect! {|a| a.to_i } @@ -637,6 +640,11 @@ class AmfController < ApplicationController node.lat = lat node.lon = lon node.tags = a[4] + + # fixup node tags in a way as well + if !tags_ok(node.tags) then return -1,"One of the tags is invalid. Please pester Adobe to fix Flash on Linux." end + node.tags = strip_non_xml_chars node.tags + node.tags.delete('created_by') node.version = version if id <= 0 @@ -709,6 +717,8 @@ class AmfController < ApplicationController amf_handle_error("'putpoi' #{id}") do user = getuser(usertoken) if !user then return -1,"You are not logged in, so the point could not be saved." end + if !tags_ok(tags) then return -1,"One of the tags is invalid. Please pester Adobe to fix Flash on Linux." end + tags = strip_non_xml_chars tags id = id.to_i visible = (visible.to_i == 1) @@ -860,6 +870,34 @@ class AmfController < ApplicationController } end + def getlocales + Dir.glob("#{RAILS_ROOT}/config/potlatch/localised/*").collect { |f| File.basename(f) } + end + + ## + # check that all key-value pairs are valid UTF-8. + def tags_ok(tags) + tags.each do |k, v| + return false unless UTF8.valid? k + return false unless UTF8.valid? v + end + return true + end + + ## + # strip characters which are invalid in XML documents from the strings + # in the +tags+ hash. + def strip_non_xml_chars(tags) + new_tags = Hash.new + unless tags.nil? + tags.each do |k, v| + new_k = k.delete "\000-\037", "^\011\012\015" + new_v = v.delete "\000-\037", "^\011\012\015" + new_tags[new_k] = new_v + end + end + return new_tags + end # ==================================================================== # Alternative SQL queries for getway/whichways