]> git.openstreetmap.org Git - rails.git/blobdiff - app/controllers/notes_controller.rb
projects / rails.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Guard against non-numeric lat and lons in nodes and notes
[rails.git] / app / controllers / notes_controller.rb
diff --git a/app/controllers/notes_controller.rb b/app/controllers/notes_controller.rb
index 1b28cae6e64bbed2aa6c81fb12007a75c4ef4e35..9c6eb94572488e75e5a99e6ddeb3b8a3c2617491 100644 (file)
--- a/app/controllers/notes_controller.rb
+++ b/app/controllers/notes_controller.rb
@@ -59,8 +59,16 @@ class NotesController < ApplicationController
     raise OSM::APIBadUserInput.new("No text was given") if params[:text].blank?
 
     # Extract the arguments
-    lon = params[:lon].to_f
-    lat = params[:lat].to_f
+    begin
+      lon = Float(params[:lon])
+    rescue
+      raise OSM::APIBadUserInput.new("lon was not a number")
+    end
+    begin
+      lat = Float(params[:lat])
+    rescue
+      raise OSM::APIBadUserInput.new("lat was not a number")
+    end
     comment = params[:text]
 
     # Include in a transaction to ensure that there is always a note_comment for every note
The OpenStreetMap web site