X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/c8ee1351049ef1bb4d7b50d071b2a96154266d1d..d0f228879741a8d35ae7d9e98d3fe3c9e227a1fa:/app/controllers/user_preference_controller.rb diff --git a/app/controllers/user_preference_controller.rb b/app/controllers/user_preference_controller.rb index 68ea88eea..d02313497 100644 --- a/app/controllers/user_preference_controller.rb +++ b/app/controllers/user_preference_controller.rb @@ -1,6 +1,8 @@ # Update and read user preferences, which are arbitrayr key/val pairs class UserPreferenceController < ApplicationController before_filter :authorize + before_filter :require_allow_read_prefs, :only => [:read_one, :read] + before_filter :require_allow_write_prefs, :except => [:read_one, :read] def read_one pref = UserPreference.find(@user.id, params[:preference_key]) @@ -52,7 +54,11 @@ class UserPreferenceController < ApplicationController # update the entire set of preferences def update - p = XML::Parser.string(request.raw_post) + begin + p = XML::Parser.string(request.raw_post) + rescue LibXML::XML::Error, ArgumentError => ex + raise OSM::APIBadXMLError.new("preferences", xml, ex.message) + end doc = p.parse prefs = []