X-Git-Url: https://git.openstreetmap.org/rails.git/blobdiff_plain/d6f518f6279ddd8e07d8f78577b1414567fc6a5c..1a3e1ab7bc406f5f51f528980339f53d112bada7:/app/controllers/application_controller.rb?ds=sidebyside diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 045e93eb7..68baa3115 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -3,15 +3,18 @@ class ApplicationController < ActionController::Base protect_from_forgery :with => :exception + add_flash_types :warning, :error + rescue_from CanCan::AccessDenied, :with => :deny_access check_authorization before_action :fetch_body around_action :better_errors_allow_inline, :if => proc { Rails.env.development? } - attr_accessor :current_user + attr_accessor :current_user, :oauth_token helper_method :current_user + helper_method :oauth_token helper_method :preferred_langauges private @@ -56,7 +59,7 @@ class ApplicationController < ActionController::Base end def require_oauth - @oauth = current_user.access_token(Settings.oauth_key) if current_user && Settings.key?(:oauth_key) + @oauth_token = current_user.access_token(Settings.oauth_key) if current_user && Settings.key?(:oauth_key) end ## @@ -65,7 +68,7 @@ class ApplicationController < ActionController::Base if request.cookies["_osm_session"].to_s == "" if params[:cookie_test].nil? session[:cookie_test] = true - redirect_to params.to_unsafe_h.merge(:cookie_test => "true") + redirect_to params.to_unsafe_h.merge(:only_path => true, :cookie_test => "true") false else flash.now[:warning] = t "application.require_cookies.cookies_needed" @@ -111,9 +114,10 @@ class ApplicationController < ActionController::Base end def database_status - if Settings.status == "database_offline" + case Settings.status + when "database_offline" "offline" - elsif Settings.status == "database_readonly" + when "database_readonly" "readonly" else "online" @@ -123,9 +127,10 @@ class ApplicationController < ActionController::Base def api_status status = database_status if status == "online" - if Settings.status == "api_offline" + case Settings.status + when "api_offline" status = "offline" - elsif Settings.status == "api_readonly" + when "api_readonly" status = "readonly" end end @@ -235,7 +240,7 @@ class ApplicationController < ActionController::Base e = e.cause if e.is_a?(Timeout::Error) || - (e.is_a?(ActiveRecord::StatementInvalid) && e.message =~ /execution expired/) + (e.is_a?(ActiveRecord::StatementInvalid) && e.message.include?("execution expired")) render :action => "timeout" else raise @@ -284,9 +289,10 @@ class ApplicationController < ActionController::Base :style_src => %w['unsafe-inline'] ) - if Settings.status == "database_offline" || Settings.status == "api_offline" + case Settings.status + when "database_offline", "api_offline" flash.now[:warning] = t("layouts.osm_offline") - elsif Settings.status == "database_readonly" || Settings.status == "api_readonly" + when "database_readonly", "api_readonly" flash.now[:warning] = t("layouts.osm_read_only") end @@ -298,15 +304,13 @@ class ApplicationController < ActionController::Base end def preferred_editor - editor = if params[:editor] - params[:editor] - elsif current_user&.preferred_editor - current_user.preferred_editor - else - Settings.default_editor - end - - editor + if params[:editor] + params[:editor] + elsif current_user&.preferred_editor + current_user.preferred_editor + else + Settings.default_editor + end end helper_method :preferred_editor @@ -372,4 +376,19 @@ class ApplicationController < ActionController::Base # override to stop oauth plugin sending errors def invalid_oauth_response; end + + # clean any referer parameter + def safe_referer(referer) + referer = URI.parse(referer) + + if referer.scheme == "http" || referer.scheme == "https" + referer.scheme = nil + referer.host = nil + referer.port = nil + elsif referer.scheme || referer.host || referer.port + referer = nil + end + + referer.to_s + end end