X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/dcad29dad0d29e22ffa0c34a8d9b43cbf5d64f12..285d61bf4cd6cd93e6ae0f4905db9faf4a6f71f5:/app/controllers/swf_controller.rb diff --git a/app/controllers/swf_controller.rb b/app/controllers/swf_controller.rb index a58e899e0..b8208050c 100644 --- a/app/controllers/swf_controller.rb +++ b/app/controllers/swf_controller.rb @@ -1,4 +1,6 @@ class SwfController < ApplicationController + session :off + before_filter :check_availability # to log: # RAILS_DEFAULT_LOGGER.error("Args: #{args[0]}, #{args[1]}, #{args[2]}, #{args[3]}") @@ -44,12 +46,11 @@ class SwfController < ApplicationController lastfile='-1' if params['token'] - token=sqlescape(params['token']) + user=User.authenticate(:token => params[:token]) sql="SELECT gps_points.latitude*0.000001 AS lat,gps_points.longitude*0.000001 AS lon,gpx_files.id AS fileid,UNIX_TIMESTAMP(gps_points.timestamp) AS ts "+ - " FROM gpx_files,gps_points,users "+ + " FROM gpx_files,gps_points "+ "WHERE gpx_files.id=gpx_id "+ - " AND gpx_files.user_id=users.id "+ - " AND token='#{token}' "+ + " AND gpx_files.user_id=#{user.id} "+ " AND (gps_points.longitude BETWEEN #{xminr} AND #{xmaxr}) "+ " AND (gps_points.latitude BETWEEN #{yminr} AND #{ymaxr}) "+ " AND (gps_points.timestamp IS NOT NULL) "+