X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/c780a3f453f96e8849e56e585cddbf5bbaaad240..c24c2e481cc6d27e76274ed4e32668a4690a7788:/app/controllers/application_controller.rb diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 009984594..f1e847e10 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -3,6 +3,8 @@ class ApplicationController < ActionController::Base protect_from_forgery :with => :exception + add_flash_types :warning, :error + rescue_from CanCan::AccessDenied, :with => :deny_access check_authorization @@ -10,8 +12,11 @@ class ApplicationController < ActionController::Base around_action :better_errors_allow_inline, :if => proc { Rails.env.development? } attr_accessor :current_user + attr_accessor :oauth_token helper_method :current_user + helper_method :oauth_token + helper_method :preferred_langauges private @@ -55,7 +60,7 @@ class ApplicationController < ActionController::Base end def require_oauth - @oauth = current_user.access_token(Settings.oauth_key) if current_user && Settings.key?(:oauth_key) + @oauth_token = current_user.access_token(Settings.oauth_key) if current_user && Settings.key?(:oauth_key) end ## @@ -64,7 +69,7 @@ class ApplicationController < ActionController::Base if request.cookies["_osm_session"].to_s == "" if params[:cookie_test].nil? session[:cookie_test] = true - redirect_to params.to_unsafe_h.merge(:cookie_test => "true") + redirect_to params.to_unsafe_h.merge(:only_path => true, :cookie_test => "true") false else flash.now[:warning] = t "application.require_cookies.cookies_needed" @@ -234,7 +239,7 @@ class ApplicationController < ActionController::Base e = e.cause if e.is_a?(Timeout::Error) || - (e.is_a?(ActiveRecord::StatementInvalid) && e.message =~ /execution expired/) + (e.is_a?(ActiveRecord::StatementInvalid) && e.message.include?("execution expired")) render :action => "timeout" else raise @@ -371,4 +376,19 @@ class ApplicationController < ActionController::Base # override to stop oauth plugin sending errors def invalid_oauth_response; end + + # clean any referer parameter + def safe_referer(referer) + referer = URI.parse(referer) + + if referer.scheme == "http" || referer.scheme == "https" + referer.scheme = nil + referer.host = nil + referer.port = nil + elsif referer.scheme || referer.host || referer.port + referer = nil + end + + referer.to_s + end end