From 02bdc8f1ad98edf38d99e95c997d607a0ed291bd Mon Sep 17 00:00:00 2001 From: John Firebaugh Date: Fri, 21 Sep 2012 15:20:15 -0700 Subject: [PATCH 1/1] Don't expose lat/lon of private traces --- app/controllers/site_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/controllers/site_controller.rb b/app/controllers/site_controller.rb index 72fe3b241..606143f4f 100644 --- a/app/controllers/site_controller.rb +++ b/app/controllers/site_controller.rb @@ -51,7 +51,7 @@ class SiteController < ApplicationController @lat = bbox.centre_lat @lon = bbox.centre_lon elsif params[:gpx] - trace = Trace.find(params[:gpx]) + trace = Trace.visible_to(@user).find(params[:gpx]) @lat = trace.latitude @lon = trace.longitude end -- 2.39.5