X-Git-Url: https://git.openstreetmap.org/rails.git/blobdiff_plain/78e6578daaa8171c86c67d1046095fcaa1f6e919..f5c9a41e8729ab9bfc54fff6be9c1a9b6e0f4d56:/app/views/site/edit.rhtml?ds=sidebyside

diff --git a/app/views/site/edit.rhtml b/app/views/site/edit.rhtml
index 8ff98a3b1..4cd01dcc9 100644
--- a/app/views/site/edit.rhtml
+++ b/app/views/site/edit.rhtml
@@ -6,6 +6,11 @@
 <p>The OpenStreetMap database is currently in read-only mode while
    essential database maintenance work is carried out.
 </p>
+<% elsif !@user.data_public? %>
+<p>You haven't set your edits to be public.</p>
+<p>You can't use the online editor unless you do so. You can set your edits as public from your 
+<%= link_to 'user page', {:controller => 'user', :action => 'account', :display_name => @user.display_name}%>.</p>
+<p>(<a href="http://wiki.openstreetmap.org/index.php/Disabling_anonymous_edits">Find out why this is the case.</a>)</p>
 <% else %>
 <% content_for :greeting do %>
 <% if @user and !@user.home_lon.nil? and !@user.home_lat.nil? %>
@@ -19,17 +24,17 @@
 <% session[:token] = @user.tokens.create.token unless session[:token] %>
 
 <% if params['mlon'] and params['mlat'] %>
-<% lon =  params['mlon'] %>
-<% lat =  params['mlat']  %>
-<% zoom =  params['zoom'] || '12' %>
+<% lon =  h(params['mlon']) %>
+<% lat =  h(params['mlat'])  %>
+<% zoom =  h(params['zoom'] || '12') %>
 <% elsif @user and params['lon'].nil? and params['lat'].nil? %> 
 <% lon =  @user.home_lon %>
 <% lat =  @user.home_lat %>
 <% zoom = '12' %>
 <%else%>
-<% lon =  params['lon'] || '-0.1' %>
-<% lat =  params['lat'] || '51.5' %>
-<% zoom =  params['zoom'] || '12' %>
+<% lon =  h(params['lon'] || '-0.1') %>
+<% lat =  h(params['lat'] || '51.5') %>
+<% zoom =  h(params['zoom'] || '12') %>
 <% end %>
 
 <div id="map">You need a Flash player to use Potlatch, the
@@ -49,7 +54,9 @@
     fo.addVariable('long',lon);
     fo.addVariable('scale',sc);
     fo.addVariable('token','<%= session[:token] %>');
-<% if params['gpx'] %>    fo.addVariable('gpx','<%= params['gpx']+"/data" %>'); <% end %>
+    <% if params['gpx'] %>
+    fo.addVariable('gpx','<%= h(params['gpx']) + "/data" %>');
+    <% end %>
     fo.write("map");
   }
 
@@ -91,15 +98,5 @@
   window.onresize = handleResize;
   window.onload = handleResize;
 
-
-<% unless @user.data_public? %>
-    var warningtext ="<div style='padding-left:8px;padding-right:8px;'><p>You haven't set your edits to be public.</p><p><b>From mid-November, you will no longer be able to use the online editor unless you do so.</b> You can set your edits as public from your ";
-	var warningtext=warningtext+'<%= link_to 'user page', {:controller => 'user', :action => 'account', :display_name => @user.display_name}%>.</p>';
-	var warningtext=warningtext+'<p>(<a href="http://wiki.openstreetmap.org/index.php/Disabling_anonymous_edits">Find out why this is changing.</a>)</p></div>';
-	updateSidebar("Warning",warningtext);
-	openSidebar();
-<% end %>
-
-
 </script>
 <% end %>