Replace attr_accessible with strong parameters

[rails.git] / app / controllers / notes_controller.rb

diff --git a/app/controllers/notes_controller.rb b/app/controllers/notes_controller.rb
index 1b28cae6e64bbed2aa6c81fb12007a75c4ef4e35..cab04a0b921a845dd647a8a99bd75f725b074173 100644 (file)
--- a/app/controllers/notes_controller.rb
+++ b/app/controllers/notes_controller.rb
@@ -59,8 +59,8 @@ class NotesController < ApplicationController
     raise OSM::APIBadUserInput.new("No text was given") if params[:text].blank?
 
     # Extract the arguments
-    lon = params[:lon].to_f
-    lat = params[:lat].to_f
+    lon = OSM.parse_float(params[:lon], OSM::APIBadUserInput, "lon was not a number")
+    lat = OSM.parse_float(params[:lat], OSM::APIBadUserInput, "lat was not a number")
     comment = params[:text]
 
     # Include in a transaction to ensure that there is always a note_comment for every note
@@ -347,7 +347,7 @@ private
       attributes[:author_ip] = request.remote_ip
     end
 
-    comment = note.comments.create(attributes, :without_protection => true)
+    comment = note.comments.create(attributes)
 
     note.comments.map { |c| c.author }.uniq.each do |user|
       if notify and user and user != @user