X-Git-Url: https://git.openstreetmap.org/rails.git/blobdiff_plain/4de68be3034411cbb21a14f51611d204c2efd1af..3e8f20fbed1573def1261d67003a761acf5aa803:/app/controllers/amf_controller.rb

diff --git a/app/controllers/amf_controller.rb b/app/controllers/amf_controller.rb
index 7c6a140bd..078823cbb 100644
--- a/app/controllers/amf_controller.rb
+++ b/app/controllers/amf_controller.rb
@@ -172,7 +172,7 @@ class AmfController < ApplicationController
 
   def amf_handle_error_with_timeout(call,rootobj,rootid)
     amf_handle_error(call,rootobj,rootid) do
-      Timeout::timeout(APP_CONFIG['api_timeout'], OSM::APITimeoutError) do
+      Timeout::timeout(API_TIMEOUT, OSM::APITimeoutError) do
         yield
       end
     end
@@ -186,6 +186,12 @@ class AmfController < ApplicationController
       user = getuser(usertoken)
       if !user then return -1,"You are not logged in, so Potlatch can't write any changes to the database." end
       unless user.active_blocks.empty? then return -1,t('application.setup_user_auth.blocked') end
+      if REQUIRE_TERMS_AGREED and user.terms_agreed.nil? then return -1,"You must accept the contributor terms before you can edit." end
+
+      if cstags
+        if !tags_ok(cstags) then return -1,"One of the tags is invalid. Linux users may need to upgrade to Flash Player 10.1." end
+        cstags = strip_non_xml_chars cstags
+      end
 
       # close previous changeset and add comment
       if closeid
@@ -197,6 +203,8 @@ class AmfController < ApplicationController
           cs.save!
         else
           cs.tags['comment']=closecomment
+          # in case closecomment has chars not allowed in xml
+          cs.tags = strip_non_xml_chars cs.tags
           cs.save_with_tags!
         end
       end
@@ -206,7 +214,11 @@ class AmfController < ApplicationController
         cs = Changeset.new
         cs.tags = cstags
         cs.user_id = user.id
-        if !closecomment.empty? then cs.tags['comment']=closecomment end
+        if !closecomment.empty? 
+          cs.tags['comment']=closecomment 
+          # in case closecomment has chars not allowed in xml
+          cs.tags = strip_non_xml_chars cs.tags
+        end
         # smsm1 doesn't like the next two lines and thinks they need to be abstracted to the model more/better
         cs.created_at = Time.now.getutc
         cs.closed_at = cs.created_at + Changeset::IDLE_TIMEOUT
@@ -562,6 +574,8 @@ class AmfController < ApplicationController
       user = getuser(usertoken)
       if !user then return -1,"You are not logged in, so the relation could not be saved." end
       unless user.active_blocks.empty? then return -1,t('application.setup_user_auth.blocked') end
+      if REQUIRE_TERMS_AGREED and user.terms_agreed.nil? then return -1,"You must accept the contributor terms before you can edit." end
+
       if !tags_ok(tags) then return -1,"One of the tags is invalid. Linux users may need to upgrade to Flash Player 10.1." end
       tags = strip_non_xml_chars tags
 
@@ -650,7 +664,10 @@ class AmfController < ApplicationController
       user = getuser(usertoken)
       if !user then return -1,"You are not logged in, so the way could not be saved." end
       unless user.active_blocks.empty? then return -1,t('application.setup_user_auth.blocked') end
+      if REQUIRE_TERMS_AGREED and user.terms_agreed.nil? then return -1,"You must accept the contributor terms before you can edit." end
+
       if pointlist.length < 2 then return -2,"Server error - way is only #{points.length} points long." end
+
       if !tags_ok(attributes) then return -1,"One of the tags is invalid. Linux users may need to upgrade to Flash Player 10.1." end
       attributes = strip_non_xml_chars attributes
 
@@ -756,6 +773,8 @@ class AmfController < ApplicationController
       user = getuser(usertoken)
       if !user then return -1,"You are not logged in, so the point could not be saved." end
       unless user.active_blocks.empty? then return -1,t('application.setup_user_auth.blocked') end
+      if REQUIRE_TERMS_AGREED and user.terms_agreed.nil? then return -1,"You must accept the contributor terms before you can edit." end
+
       if !tags_ok(tags) then return -1,"One of the tags is invalid. Linux users may need to upgrade to Flash Player 10.1." end
       tags = strip_non_xml_chars tags
 
@@ -839,6 +858,7 @@ class AmfController < ApplicationController
       user = getuser(usertoken)
       unless user then return -1,"You are not logged in, so the way could not be deleted." end
       unless user.active_blocks.empty? then return -1,t('application.setup_user_auth.blocked') end
+      if REQUIRE_TERMS_AGREED and user.terms_agreed.nil? then return -1,"You must accept the contributor terms before you can edit." end
       
       way_id = way_id.to_i
       nodeversions = {}