Don't log the contents of the changeset.

[rails.git] / app / controllers / changeset_controller.rb

diff --git a/app/controllers/changeset_controller.rb b/app/controllers/changeset_controller.rb
index b905ae6632852127f773965a242d2ebfbfeef753..ea28675c8e454bf96b7f389a83a0f0f83250d57b 100644 (file)
--- a/app/controllers/changeset_controller.rb
+++ b/app/controllers/changeset_controller.rb
@@ -7,10 +7,13 @@ class ChangesetController < ApplicationController
   session :off, :except => [:list, :list_user, :list_bbox]
   before_filter :authorize_web, :only => [:list, :list_user, :list_bbox]
   before_filter :authorize, :only => [:create, :update, :delete, :upload, :include, :close]
-  before_filter :check_write_availability, :only => [:create, :update, :delete, :upload, :include]
-  before_filter :check_read_availability, :except => [:create, :update, :delete, :upload, :download, :query]
+  before_filter :require_public_data, :only => [:create, :update, :delete, :upload, :include, :close]
+  before_filter :check_api_writable, :only => [:create, :update, :delete, :upload, :include]
+  before_filter :check_api_readable, :except => [:create, :update, :delete, :upload, :download, :query]
   after_filter :compress_output
 
+  filter_parameter_logging "<osmChange version"
+
   # Help methods for checking boundary sanity and area size
   include MapBoundary
 
@@ -114,6 +117,8 @@ class ChangesetController < ApplicationController
       render :nothing => true, :status => :method_not_allowed
     end
 
+  rescue LibXML::XML::Error, ArgumentError => ex
+    raise OSM::APIBadXMLError.new("osm", xml, ex.message)
   rescue ActiveRecord::RecordNotFound
     render :nothing => true, :status => :not_found
   rescue OSM::APIError => ex
@@ -348,8 +353,15 @@ class ChangesetController < ApplicationController
     # support 'bbox' param or alternatively 'minlon', 'minlat' etc       
     if params['bbox']
        bbox = params['bbox']
-    elsif params['minlon'] and params['minlat'] and params['maxlon'] and params['maxlat']          
-       bbox = params['minlon'] + ',' + params['minlat'] + ',' + params['maxlon'] + ',' + params['maxlat']
+    elsif params['minlon'] and params['minlat'] and params['maxlon'] and params['maxlat']
+       bbox = h(params['minlon']) + ',' + h(params['minlat']) + ',' + h(params['maxlon']) + ',' + h(params['maxlat'])
+    else
+      #TODO: fix bugs in location determination for history tab (and other tabs) then uncomment this redirect
+      #redirect_to :action => 'list'
+      
+      # For now just render immediately, and skip the db
+      render
+      return
     end
        
     conditions = conditions_bbox(bbox);
@@ -458,7 +470,7 @@ private
   # if parameter 'open' is nill then open and closed changsets are returned
   def conditions_open(open)
     return open.nil? ? nil : ['closed_at >= ? and num_changes <= ?', 
-                              DateTime.now, Changeset::MAX_ELEMENTS]
+                              Time.now.getutc, Changeset::MAX_ELEMENTS]
   end
   
   ##
@@ -466,7 +478,7 @@ private
   # ('closed at' time has passed or changes limit is hit)
   def conditions_closed(closed)
     return closed.nil? ? nil : ['closed_at < ? and num_changes > ?', 
-                              DateTime.now, Changeset::MAX_ELEMENTS]
+                                Time.now.getutc, Changeset::MAX_ELEMENTS]
   end
 
   ##