Check that the token is valid before using it.

[rails.git] / app / views / site / edit.html.erb

diff --git a/app/views/site/edit.html.erb b/app/views/site/edit.html.erb
index 948b1fad5122b1a3adc6394537ef995f79cee49f..779abd352b659324992a20c4efd53fc924180066 100644 (file)
--- a/app/views/site/edit.html.erb
+++ b/app/views/site/edit.html.erb
@@ -20,7 +20,7 @@
 <%= render :partial => 'search' %>
 
 <%
-session[:token] = @user.tokens.create.token unless session[:token]
+session[:token] = @user.tokens.create.token unless session[:token] and UserToken.find_by_token(session[:token])
 
 # Decide on a lat lon to initialise potlatch with. Various ways of doing this
 if params['lon'] and params['lat']
@@ -65,7 +65,7 @@ zoom='14' if zoom.nil?
   
   window.onbeforeunload=function() {
     if (!changesaved) {
-      return "<%= t 'site.edit.potlatch_unsaved_changes' %>";
+      return '<%= escape_javascript(t('site.edit.potlatch_unsaved_changes')) %>';
     }
   }
 
@@ -88,7 +88,7 @@ zoom='14' if zoom.nil?
   doSWF(<%= lat || 'null' %>,<%= lon || 'null' %>,<%= zoom %>);
 
   function setPosition(lat, lon, zoom) {
-    doSWF(lat, lon, zoom);
+    doSWF(lat, lon, zoom || 15);
   }
 
   function resizeContent() {