From: John Firebaugh <john.firebaugh@gmail.com>
Date: Fri, 21 Sep 2012 22:20:15 +0000 (-0700)
Subject: Don't expose lat/lon of private traces
X-Git-Tag: live~5368
X-Git-Url: https://git.openstreetmap.org/rails.git/commitdiff_plain/02bdc8f1ad98edf38d99e95c997d607a0ed291bd?hp=20e5f756be74c8adf31d7ec3a6406a2b4bdb22c1;ds=sidebyside

Don't expose lat/lon of private traces
---

diff --git a/app/controllers/site_controller.rb b/app/controllers/site_controller.rb
index 72fe3b241..606143f4f 100644
--- a/app/controllers/site_controller.rb
+++ b/app/controllers/site_controller.rb
@@ -51,7 +51,7 @@ class SiteController < ApplicationController
       @lat = bbox.centre_lat
       @lon = bbox.centre_lon
     elsif params[:gpx]
-      trace = Trace.find(params[:gpx])
+      trace = Trace.visible_to(@user).find(params[:gpx])
       @lat = trace.latitude
       @lon = trace.longitude
     end