X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/bbf30e76e4bfcd70e62fc84ecd32c5e494506e9e..18883b59c88940b9bd323756e60603302f185dfd:/app/controllers/amf_controller.rb diff --git a/app/controllers/amf_controller.rb b/app/controllers/amf_controller.rb index 7c6a140bd..078823cbb 100644 --- a/app/controllers/amf_controller.rb +++ b/app/controllers/amf_controller.rb @@ -172,7 +172,7 @@ class AmfController < ApplicationController def amf_handle_error_with_timeout(call,rootobj,rootid) amf_handle_error(call,rootobj,rootid) do - Timeout::timeout(APP_CONFIG['api_timeout'], OSM::APITimeoutError) do + Timeout::timeout(API_TIMEOUT, OSM::APITimeoutError) do yield end end @@ -186,6 +186,12 @@ class AmfController < ApplicationController user = getuser(usertoken) if !user then return -1,"You are not logged in, so Potlatch can't write any changes to the database." end unless user.active_blocks.empty? then return -1,t('application.setup_user_auth.blocked') end + if REQUIRE_TERMS_AGREED and user.terms_agreed.nil? then return -1,"You must accept the contributor terms before you can edit." end + + if cstags + if !tags_ok(cstags) then return -1,"One of the tags is invalid. Linux users may need to upgrade to Flash Player 10.1." end + cstags = strip_non_xml_chars cstags + end # close previous changeset and add comment if closeid @@ -197,6 +203,8 @@ class AmfController < ApplicationController cs.save! else cs.tags['comment']=closecomment + # in case closecomment has chars not allowed in xml + cs.tags = strip_non_xml_chars cs.tags cs.save_with_tags! end end @@ -206,7 +214,11 @@ class AmfController < ApplicationController cs = Changeset.new cs.tags = cstags cs.user_id = user.id - if !closecomment.empty? then cs.tags['comment']=closecomment end + if !closecomment.empty? + cs.tags['comment']=closecomment + # in case closecomment has chars not allowed in xml + cs.tags = strip_non_xml_chars cs.tags + end # smsm1 doesn't like the next two lines and thinks they need to be abstracted to the model more/better cs.created_at = Time.now.getutc cs.closed_at = cs.created_at + Changeset::IDLE_TIMEOUT @@ -562,6 +574,8 @@ class AmfController < ApplicationController user = getuser(usertoken) if !user then return -1,"You are not logged in, so the relation could not be saved." end unless user.active_blocks.empty? then return -1,t('application.setup_user_auth.blocked') end + if REQUIRE_TERMS_AGREED and user.terms_agreed.nil? then return -1,"You must accept the contributor terms before you can edit." end + if !tags_ok(tags) then return -1,"One of the tags is invalid. Linux users may need to upgrade to Flash Player 10.1." end tags = strip_non_xml_chars tags @@ -650,7 +664,10 @@ class AmfController < ApplicationController user = getuser(usertoken) if !user then return -1,"You are not logged in, so the way could not be saved." end unless user.active_blocks.empty? then return -1,t('application.setup_user_auth.blocked') end + if REQUIRE_TERMS_AGREED and user.terms_agreed.nil? then return -1,"You must accept the contributor terms before you can edit." end + if pointlist.length < 2 then return -2,"Server error - way is only #{points.length} points long." end + if !tags_ok(attributes) then return -1,"One of the tags is invalid. Linux users may need to upgrade to Flash Player 10.1." end attributes = strip_non_xml_chars attributes @@ -756,6 +773,8 @@ class AmfController < ApplicationController user = getuser(usertoken) if !user then return -1,"You are not logged in, so the point could not be saved." end unless user.active_blocks.empty? then return -1,t('application.setup_user_auth.blocked') end + if REQUIRE_TERMS_AGREED and user.terms_agreed.nil? then return -1,"You must accept the contributor terms before you can edit." end + if !tags_ok(tags) then return -1,"One of the tags is invalid. Linux users may need to upgrade to Flash Player 10.1." end tags = strip_non_xml_chars tags @@ -839,6 +858,7 @@ class AmfController < ApplicationController user = getuser(usertoken) unless user then return -1,"You are not logged in, so the way could not be deleted." end unless user.active_blocks.empty? then return -1,t('application.setup_user_auth.blocked') end + if REQUIRE_TERMS_AGREED and user.terms_agreed.nil? then return -1,"You must accept the contributor terms before you can edit." end way_id = way_id.to_i nodeversions = {}