From: Tom Hughes <tom@compton.nu>
Date: Tue, 20 Apr 2010 10:05:55 +0000 (+0100)
Subject: Check that the token is valid before using it.
X-Git-Tag: live~6369^2~3
X-Git-Url: https://git.openstreetmap.org/rails.git/commitdiff_plain/2e202460e606e079fe422eb477c863e95e532687

Check that the token is valid before using it.
---

diff --git a/app/views/site/edit.html.erb b/app/views/site/edit.html.erb
index 3565b0468..779abd352 100644
--- a/app/views/site/edit.html.erb
+++ b/app/views/site/edit.html.erb
@@ -20,7 +20,7 @@
 <%= render :partial => 'search' %>
 
 <%
-session[:token] = @user.tokens.create.token unless session[:token]
+session[:token] = @user.tokens.create.token unless session[:token] and UserToken.find_by_token(session[:token])
 
 # Decide on a lat lon to initialise potlatch with. Various ways of doing this
 if params['lon'] and params['lat']