cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge branch 'master' into moderation

Browse source
This commit is contained in:
Andy Allan 2017-11-29 12:18:39 +00:00
commit effb1b7f41
438 changed files with 83811 additions and 57285 deletions
Download patch file Download diff file Expand all files Collapse all files

64
app/controllers/amf_controller.rb
View file

@ -151,7 +151,7 @@ class AmfController < ApplicationController
cs = Changeset.find(closeid.to_i)
cs.set_closed_time_now
if cs.user_id != user.id
raise OSM::APIUserChangesetMismatchError.new
raise OSM::APIUserChangesetMismatchError
elsif closecomment.empty?
cs.save!
else
@ -186,7 +186,7 @@ class AmfController < ApplicationController
# Return presets (default tags, localisation etc.):
# uses POTLATCH_PRESETS global, set up in OSM::Potlatch.
def getpresets(usertoken, lang) #:doc:
def getpresets(usertoken, _lang)
user = getuser(usertoken)
langs = if user && !user.languages.empty?
@ -229,7 +229,7 @@ class AmfController < ApplicationController
begin
other = YAML.safe_load(File.open(Rails.root.join("config", "potlatch", "locales", "#{lang}.yml")))[lang]
loaded_lang = lang
rescue
rescue StandardError
other = en
end
@ -253,7 +253,7 @@ class AmfController < ApplicationController
# nodes in the bbox, nodes are any visible nodes in the bbox but not
# used in any way, rel is any relation which refers to either a way
# or node that we're returning.
def whichways(xmin, ymin, xmax, ymax) #:doc:
def whichways(xmin, ymin, xmax, ymax)
amf_handle_error_with_timeout("'whichways'", nil, nil) do
enlarge = [(xmax - xmin) / 8, 0.01].min
xmin -= enlarge
@ -297,7 +297,7 @@ class AmfController < ApplicationController
# Find deleted ways in current bounding box (similar to whichways, but ways
# with a deleted node only - not POIs or relations).
def whichways_deleted(xmin, ymin, xmax, ymax) #:doc:
def whichways_deleted(xmin, ymin, xmax, ymax)
amf_handle_error_with_timeout("'whichways_deleted'", nil, nil) do
enlarge = [(xmax - xmin) / 8, 0.01].min
xmin -= enlarge
@ -321,7 +321,7 @@ class AmfController < ApplicationController
# Get a way including nodes and tags.
# Returns the way id, a Potlatch-style array of points, a hash of tags, the version number, and the user ID.
def getway(wayid) #:doc:
def getway(wayid)
amf_handle_error_with_timeout("'getway' #{wayid}", "way", wayid) do
if POTLATCH_USE_SQL
points = sql_get_nodes_in_way(wayid)
@ -366,7 +366,7 @@ class AmfController < ApplicationController
# 4. version,
# 5. is this the current, visible version? (boolean)
def getway_old(id, timestamp) #:doc:
def getway_old(id, timestamp)
amf_handle_error_with_timeout("'getway_old' #{id}, #{timestamp}", "way", id) do
if timestamp == ""
# undelete
@ -375,7 +375,7 @@ class AmfController < ApplicationController
else
begin
# revert
timestamp = DateTime.strptime(timestamp.to_s, "%d %b %Y, %H:%M:%S")
timestamp = Time.strptime(timestamp.to_s, "%d %b %Y, %H:%M:%S")
old_way = OldWay.where("way_id = ? AND timestamp <= ?", id, timestamp).unredacted.order("timestamp DESC").first
unless old_way.nil?
if old_way.visible
@ -411,7 +411,7 @@ class AmfController < ApplicationController
# sort and collapse list (to within 2 seconds); trim all dates before the
# start date of the way.
def getway_history(wayid) #:doc:
def getway_history(wayid)
revdates = []
revusers = {}
Way.find(wayid).old_ways.unredacted.collect do |a|
@ -444,7 +444,7 @@ class AmfController < ApplicationController
# Find history of a node. Returns 'node', id, and an array of previous versions as above.
def getnode_history(nodeid) #:doc:
def getnode_history(nodeid)
history = Node.find(nodeid).old_nodes.unredacted.reverse.collect do |old_node|
[(old_node.timestamp + 1).strftime("%d %b %Y, %H:%M:%S")] + change_user(old_node)
end
@ -492,7 +492,7 @@ class AmfController < ApplicationController
# 4. list of members,
# 5. version.
def getrelation(relid) #:doc:
def getrelation(relid)
amf_handle_error("'getrelation' #{relid}", "relation", relid) do
rel = Relation.where(:id => relid).first
@ -528,7 +528,7 @@ class AmfController < ApplicationController
# 2. new relation id,
# 3. version.
def putrelation(renumberednodes, renumberedways, usertoken, changeset_id, version, relid, tags, members, visible) #:doc:
def putrelation(renumberednodes, renumberedways, usertoken, changeset_id, version, relid, tags, members, visible)
amf_handle_error("'putrelation' #{relid}", "relation", relid) do
user = getuser(usertoken)
@ -582,7 +582,7 @@ class AmfController < ApplicationController
new_relation.id = relid
relation.delete_with_history!(new_relation, user)
end
end # transaction
end
if relid <= 0
return [0, "", relid, new_relation.id, new_relation.version]
@ -616,7 +616,7 @@ class AmfController < ApplicationController
# 6. hash of changed node versions (node=>version)
# 7. hash of deleted node versions (node=>version)
def putway(renumberednodes, usertoken, changeset_id, wayversion, originalway, pointlist, attributes, nodes, deletednodes) #:doc:
def putway(renumberednodes, usertoken, changeset_id, wayversion, originalway, pointlist, attributes, nodes, deletednodes)
amf_handle_error("'putway' #{originalway}", "way", originalway) do
# -- Initialise
@ -679,7 +679,7 @@ class AmfController < ApplicationController
pointlist.collect! do |a|
renumberednodes[a] ? renumberednodes[a] : a
end # renumber nodes
end
new_way = Way.new
new_way.tags = attributes
new_way.nds = pointlist
@ -711,7 +711,7 @@ class AmfController < ApplicationController
# and we don't want to delete it
end
end
end # transaction
end
[0, "", originalway, way.id, renumberednodes, way.version, nodeversions, deletednodes]
end
@ -726,7 +726,7 @@ class AmfController < ApplicationController
# 3. new node id,
# 4. version.
def putpoi(usertoken, changeset_id, version, id, lon, lat, tags, visible) #:doc:
def putpoi(usertoken, changeset_id, version, id, lon, lat, tags, visible)
amf_handle_error("'putpoi' #{id}", "node", id) do
user = getuser(usertoken)
return -1, "You are not logged in, so the point could not be saved." unless user
@ -772,7 +772,7 @@ class AmfController < ApplicationController
new_node.id = id
node.delete_with_history!(new_node, user)
end
end # transaction
end
if id <= 0
return [0, "", id, new_node.id, new_node.version]
@ -787,7 +787,7 @@ class AmfController < ApplicationController
#
# Returns array of id, long, lat, hash of tags, (current) version.
def getpoi(id, timestamp) #:doc:
def getpoi(id, timestamp)
amf_handle_error("'getpoi' #{id}", "node", id) do
id = id.to_i
n = Node.where(:id => id).first
@ -816,7 +816,7 @@ class AmfController < ApplicationController
# of the nodes have been changed by someone else then, there is a problem!
# Returns 0 (success), unchanged way id, new way version, new node versions.
def deleteway(usertoken, changeset_id, way_id, way_version, deletednodes) #:doc:
def deleteway(usertoken, changeset_id, way_id, way_version, deletednodes)
amf_handle_error("'deleteway' #{way_id}", "way", way_id) do
user = getuser(usertoken)
return -1, "You are not logged in, so the way could not be deleted." unless user
@ -853,7 +853,7 @@ class AmfController < ApplicationController
# elsewhere and we don't want to delete it
end
end
end # transaction
end
[0, "", way_id, old_way.version, nodeversions]
end
end
@ -866,7 +866,7 @@ class AmfController < ApplicationController
# When we are writing to the api, we need the actual user model,
# not just the id, hence this abstraction
def getuser(token) #:doc:
def getuser(token)
if token =~ /^(.+)\:(.+)$/
User.authenticate(:username => Regexp.last_match(1), :password => Regexp.last_match(2))
else
@ -907,7 +907,7 @@ class AmfController < ApplicationController
# Alternative SQL queries for getway/whichways
def sql_find_ways_in_area(bbox)
sql = <<-EOF
sql = <<-SQL
SELECT DISTINCT current_ways.id AS wayid,current_ways.version AS version
FROM current_way_nodes
INNER JOIN current_nodes ON current_nodes.id=current_way_nodes.node_id
@ -915,20 +915,20 @@ class AmfController < ApplicationController
WHERE current_nodes.visible=TRUE
AND current_ways.visible=TRUE
AND #{OSM.sql_for_area(bbox, 'current_nodes.')}
EOF
SQL
ActiveRecord::Base.connection.select_all(sql).collect { |a| [a["wayid"].to_i, a["version"].to_i] }
end
def sql_find_pois_in_area(bbox)
pois = []
sql = <<-EOF
sql = <<-SQL
SELECT current_nodes.id,current_nodes.latitude*0.0000001 AS lat,current_nodes.longitude*0.0000001 AS lon,current_nodes.version
FROM current_nodes
LEFT OUTER JOIN current_way_nodes cwn ON cwn.node_id=current_nodes.id
WHERE current_nodes.visible=TRUE
AND cwn.id IS NULL
AND #{OSM.sql_for_area(bbox, 'current_nodes.')}
EOF
SQL
ActiveRecord::Base.connection.select_all(sql).each do |row|
poitags = {}
ActiveRecord::Base.connection.select_all("SELECT k,v FROM current_node_tags WHERE id=#{row['id']}").each do |n|
@ -942,36 +942,36 @@ class AmfController < ApplicationController
def sql_find_relations_in_area_and_ways(bbox, way_ids)
# ** It would be more Potlatchy to get relations for nodes within ways
# during 'getway', not here
sql = <<-EOF
sql = <<-SQL
SELECT DISTINCT cr.id AS relid,cr.version AS version
FROM current_relations cr
INNER JOIN current_relation_members crm ON crm.id=cr.id
INNER JOIN current_nodes cn ON crm.member_id=cn.id AND crm.member_type='Node'
WHERE #{OSM.sql_for_area(bbox, 'cn.')}
EOF
SQL
unless way_ids.empty?
sql += <<-EOF
sql += <<-SQL
UNION
SELECT DISTINCT cr.id AS relid,cr.version AS version
FROM current_relations cr
INNER JOIN current_relation_members crm ON crm.id=cr.id
WHERE crm.member_type='Way'
AND crm.member_id IN (#{way_ids.join(',')})
EOF
SQL
end
ActiveRecord::Base.connection.select_all(sql).collect { |a| [a["relid"].to_i, a["version"].to_i] }
end
def sql_get_nodes_in_way(wayid)
points = []
sql = <<-EOF
sql = <<-SQL
SELECT latitude*0.0000001 AS lat,longitude*0.0000001 AS lon,current_nodes.id,current_nodes.version
FROM current_way_nodes,current_nodes
WHERE current_way_nodes.id=#{wayid.to_i}
AND current_way_nodes.node_id=current_nodes.id
AND current_nodes.visible=TRUE
ORDER BY sequence_id
EOF
SQL
ActiveRecord::Base.connection.select_all(sql).each do |row|
nodetags = {}
ActiveRecord::Base.connection.select_all("SELECT k,v FROM current_node_tags WHERE id=#{row['id']}").each do |n|

2
app/controllers/api_controller.rb
View file

@ -193,7 +193,7 @@ class ApiController < ApplicationController
# this "uniq" may be slightly inefficient; it may be better to first collect and output
# all node-related relations, then find the *not yet covered* way-related ones etc.
relations.uniq.each do |relation|
doc.root << relation.to_xml_node(nil, changeset_cache, user_display_name_cache)
doc.root << relation.to_xml_node(changeset_cache, user_display_name_cache)
end
response.headers["Content-Disposition"] = "attachment; filename=\"map.osm\""

10
app/controllers/application_controller.rb
View file

@ -346,7 +346,7 @@ class ApplicationController < ActionController::Base
# or raises a suitable error. +method+ should be a symbol, e.g: :put or :get.
def assert_method(method)
ok = request.send((method.to_s.downcase + "?").to_sym)
raise OSM::APIBadMethodError.new(method) unless ok
raise OSM::APIBadMethodError, method unless ok
end
##
@ -366,7 +366,7 @@ class ApplicationController < ActionController::Base
yield
end
rescue ActionView::Template::Error => ex
ex = ex.original_exception
ex = ex.cause
if ex.is_a?(Timeout::Error) ||
(ex.is_a?(ActiveRecord::StatementInvalid) && ex.message =~ /execution expired/)
@ -413,7 +413,9 @@ class ApplicationController < ActionController::Base
def map_layout
append_content_security_policy_directives(
:child_src => %w[127.0.0.1:8111 127.0.0.1:8112],
:connect_src => %w[nominatim.openstreetmap.org overpass-api.de router.project-osrm.org valhalla.mapzen.com],
:form_action => %w[render.openstreetmap.org],
:script_src => %w[graphhopper.com open.mapquestapi.com],
:img_src => %w[developer.mapquest.com]
)
@ -427,6 +429,10 @@ class ApplicationController < ActionController::Base
request.xhr? ? "xhr" : "map"
end
def allow_thirdparty_images
append_content_security_policy_directives(:img_src => %w[*])
end
def preferred_editor
editor = if params[:editor]
params[:editor]

50
app/controllers/changeset_controller.rb
View file

@ -28,7 +28,7 @@ class ChangesetController < ApplicationController
cs = Changeset.from_xml(request.raw_post, true)
# Assume that Changeset.from_xml has thrown an exception if there is an error parsing the xml
cs.user_id = current_user.id
cs.user = current_user
cs.save_with_tags!
# Subscribe user to changeset comments
@ -310,8 +310,8 @@ class ChangesetController < ApplicationController
# Add a comment to a changeset
def comment
# Check the arguments are sane
raise OSM::APIBadUserInput.new("No id was given") unless params[:id]
raise OSM::APIBadUserInput.new("No text was given") if params[:text].blank?
raise OSM::APIBadUserInput, "No id was given" unless params[:id]
raise OSM::APIBadUserInput, "No text was given" if params[:text].blank?
# Extract the arguments
id = params[:id].to_i
@ -319,7 +319,7 @@ class ChangesetController < ApplicationController
# Find the changeset and check it is valid
changeset = Changeset.find(id)
raise OSM::APIChangesetNotYetClosedError.new(changeset) if changeset.is_open?
raise OSM::APIChangesetNotYetClosedError, changeset if changeset.is_open?
# Add a comment to the changeset
comment = changeset.comments.create(:changeset => changeset,
@ -344,15 +344,15 @@ class ChangesetController < ApplicationController
# Adds a subscriber to the changeset
def subscribe
# Check the arguments are sane
raise OSM::APIBadUserInput.new("No id was given") unless params[:id]
raise OSM::APIBadUserInput, "No id was given" unless params[:id]
# Extract the arguments
id = params[:id].to_i
# Find the changeset and check it is valid
changeset = Changeset.find(id)
raise OSM::APIChangesetNotYetClosedError.new(changeset) if changeset.is_open?
raise OSM::APIChangesetAlreadySubscribedError.new(changeset) if changeset.subscribers.exists?(current_user.id)
raise OSM::APIChangesetNotYetClosedError, changeset if changeset.is_open?
raise OSM::APIChangesetAlreadySubscribedError, changeset if changeset.subscribers.exists?(current_user.id)
# Add the subscriber
changeset.subscribers << current_user
@ -365,15 +365,15 @@ class ChangesetController < ApplicationController
# Removes a subscriber from the changeset
def unsubscribe
# Check the arguments are sane
raise OSM::APIBadUserInput.new("No id was given") unless params[:id]
raise OSM::APIBadUserInput, "No id was given" unless params[:id]
# Extract the arguments
id = params[:id].to_i
# Find the changeset and check it is valid
changeset = Changeset.find(id)
raise OSM::APIChangesetNotYetClosedError.new(changeset) if changeset.is_open?
raise OSM::APIChangesetNotSubscribedError.new(changeset) unless changeset.subscribers.exists?(current_user.id)
raise OSM::APIChangesetNotYetClosedError, changeset if changeset.is_open?
raise OSM::APIChangesetNotSubscribedError, changeset unless changeset.subscribers.exists?(current_user.id)
# Remove the subscriber
changeset.subscribers.delete(current_user)
@ -386,7 +386,7 @@ class ChangesetController < ApplicationController
# Sets visible flag on comment to false
def hide_comment
# Check the arguments are sane
raise OSM::APIBadUserInput.new("No id was given") unless params[:id]
raise OSM::APIBadUserInput, "No id was given" unless params[:id]
# Extract the arguments
id = params[:id].to_i
@ -405,7 +405,7 @@ class ChangesetController < ApplicationController
# Sets visible flag on comment to true
def unhide_comment
# Check the arguments are sane
raise OSM::APIBadUserInput.new("No id was given") unless params[:id]
raise OSM::APIBadUserInput, "No id was given" unless params[:id]
# Extract the arguments
id = params[:id].to_i
@ -434,7 +434,7 @@ class ChangesetController < ApplicationController
@comments = changeset.comments.includes(:author, :changeset).limit(comments_limit)
else
# Return comments
@comments = ChangesetComment.includes(:author, :changeset).where(:visible => :true).order("created_at DESC").limit(comments_limit).preload(:changeset)
@comments = ChangesetComment.includes(:author, :changeset).where(:visible => true).order("created_at DESC").limit(comments_limit).preload(:changeset)
end
# Render the result
@ -475,19 +475,19 @@ class ChangesetController < ApplicationController
changesets
else
# shouldn't provide both name and UID
raise OSM::APIBadUserInput.new("provide either the user ID or display name, but not both") if user && name
raise OSM::APIBadUserInput, "provide either the user ID or display name, but not both" if user && name
# use either the name or the UID to find the user which we're selecting on.
u = if name.nil?
# user input checking, we don't have any UIDs < 1
raise OSM::APIBadUserInput.new("invalid user ID") if user.to_i < 1
raise OSM::APIBadUserInput, "invalid user ID" if user.to_i < 1
u = User.find(user.to_i)
else
u = User.find_by(:display_name => name)
end
# make sure we found a user
raise OSM::APINotFoundError.new if u.nil?
raise OSM::APINotFoundError if u.nil?
# should be able to get changesets of public users only, or
# our own changesets regardless of public-ness.
@ -496,7 +496,7 @@ class ChangesetController < ApplicationController
# changesets if they're non-public
setup_user_auth
raise OSM::APINotFoundError if current_user.nil? || current_user.id != u.id
raise OSM::APINotFoundError if current_user.nil? || current_user != u
end
changesets.where(:user_id => u.id)
@ -514,20 +514,20 @@ class ChangesetController < ApplicationController
# check that we actually have 2 elements in the array
times = time.split(/,/)
raise OSM::APIBadUserInput.new("bad time range") if times.size != 2
raise OSM::APIBadUserInput, "bad time range" if times.size != 2
from, to = times.collect { |t| DateTime.parse(t) }
from, to = times.collect { |t| Time.parse(t) }
return changesets.where("closed_at >= ? and created_at <= ?", from, to)
else
# if there is no comma, assume its a lower limit on time
return changesets.where("closed_at >= ?", DateTime.parse(time))
return changesets.where("closed_at >= ?", Time.parse(time))
end
# stupid DateTime seems to throw both of these for bad parsing, so
# stupid Time seems to throw both of these for bad parsing, so
# we have to catch both and ensure the correct code path is taken.
rescue ArgumentError => ex
raise OSM::APIBadUserInput.new(ex.message.to_s)
raise OSM::APIBadUserInput, ex.message.to_s
rescue RuntimeError => ex
raise OSM::APIBadUserInput.new(ex.message.to_s)
raise OSM::APIBadUserInput, ex.message.to_s
end
##
@ -563,7 +563,7 @@ class ChangesetController < ApplicationController
if ids.nil?
changesets
elsif ids.empty?
raise OSM::APIBadUserInput.new("No changesets were given to search for")
raise OSM::APIBadUserInput, "No changesets were given to search for"
else
ids = ids.split(",").collect(&:to_i)
changesets.where(:id => ids)
@ -584,7 +584,7 @@ class ChangesetController < ApplicationController
if params[:limit].to_i > 0 && params[:limit].to_i <= 10000
params[:limit].to_i
else
raise OSM::APIBadUserInput.new("Comments limit must be between 1 and 10000")
raise OSM::APIBadUserInput, "Comments limit must be between 1 and 10000"
end
else
100

1
app/controllers/diary_entry_controller.rb
View file

@ -8,6 +8,7 @@ class DiaryEntryController < ApplicationController
before_action :check_database_readable
before_action :check_database_writable, :only => [:new, :edit, :comment, :hide, :hidecomment, :subscribe, :unsubscribe]
before_action :require_administrator, :only => [:hide, :hidecomment]
before_action :allow_thirdparty_images, :only => [:new, :edit, :list, :view, :comments]
def new
@title = t "diary_entry.new.title"

36
app/controllers/geocoder_controller.rb
View file

@ -1,5 +1,3 @@
# coding: utf-8
class GeocoderController < ApplicationController
require "cgi"
require "uri"
@ -19,7 +17,6 @@ class GeocoderController < ApplicationController
@sources.push "geonames_reverse" if defined?(GEONAMES_USERNAME)
elsif @params[:query]
if @params[:query] =~ /^\d{5}(-\d{4})?$/
@sources.push "us_postcode"
@sources.push "osm_nominatim"
elsif @params[:query] =~ /^(GIR 0AA|[A-PR-UWYZ]([0-9]{1,2}|([A-HK-Y][0-9]|[A-HK-Y][0-9]([0-9]|[ABEHMNPRV-Y]))|[0-9][A-HJKS-UW])\s*[0-9][ABD-HJLNP-UW-Z]{2})$/i
@sources.push "uk_postcode"
@ -58,31 +55,6 @@ class GeocoderController < ApplicationController
end
end
def search_us_postcode
# get query parameters
query = params[:query]
# create result array
@results = []
# ask geocoder.us (they have a non-commercial use api)
response = fetch_text("http://rpc.geocoder.us/service/csv?zip=#{escape_query(query)}")
# parse the response
unless response =~ /couldn't find this zip/
data = response.split(/\s*,\s+/) # lat,long,town,state,zip
@results.push(:lat => data[0], :lon => data[1],
:zoom => POSTCODE_ZOOM,
:prefix => "#{data[2]}, #{data[3]},",
:name => data[4])
end
render :action => "results"
rescue StandardError => ex
@error = "Error contacting rpc.geocoder.us: #{ex}"
render :action => "error"
end
def search_uk_postcode
# get query parameters
query = params[:query]
@ -313,7 +285,7 @@ class GeocoderController < ApplicationController
end
def escape_query(query)
URI.escape(query, Regexp.new("[^#{URI::PATTERN::UNRESERVED}]", false, "N"))
CGI.escape(query)
end
def normalize_params
@ -348,7 +320,7 @@ class GeocoderController < ApplicationController
Float(captures[0])
lat = !captures[2].casecmp("s").zero? ? captures[0].to_f : -captures[0].to_f
lon = !captures[5].casecmp("w").zero? ? captures[3].to_f : -captures[3].to_f
rescue
rescue StandardError
lat = !captures[0].casecmp("s").zero? ? captures[1].to_f : -captures[1].to_f
lon = !captures[3].casecmp("w").zero? ? captures[4].to_f : -captures[4].to_f
end
@ -360,7 +332,7 @@ class GeocoderController < ApplicationController
Float(captures[0])
lat = !captures[3].casecmp("s").zero? ? captures[0].to_f + captures[1].to_f / 60 : -(captures[0].to_f + captures[1].to_f / 60)
lon = !captures[7].casecmp("w").zero? ? captures[4].to_f + captures[5].to_f / 60 : -(captures[4].to_f + captures[5].to_f / 60)
rescue
rescue StandardError
lat = !captures[0].casecmp("s").zero? ? captures[1].to_f + captures[2].to_f / 60 : -(captures[1].to_f + captures[2].to_f / 60)
lon = !captures[4].casecmp("w").zero? ? captures[5].to_f + captures[6].to_f / 60 : -(captures[5].to_f + captures[6].to_f / 60)
end
@ -372,7 +344,7 @@ class GeocoderController < ApplicationController
Float(captures[0])
lat = !captures[4].casecmp("s").zero? ? captures[0].to_f + (captures[1].to_f + captures[2].to_f / 60) / 60 : -(captures[0].to_f + (captures[1].to_f + captures[2].to_f / 60) / 60)
lon = !captures[9].casecmp("w").zero? ? captures[5].to_f + (captures[6].to_f + captures[7].to_f / 60) / 60 : -(captures[5].to_f + (captures[6].to_f + captures[7].to_f / 60) / 60)
rescue
rescue StandardError
lat = !captures[0].casecmp("s").zero? ? captures[1].to_f + (captures[2].to_f + captures[3].to_f / 60) / 60 : -(captures[1].to_f + (captures[2].to_f + captures[3].to_f / 60) / 60)
lon = !captures[5].casecmp("w").zero? ? captures[6].to_f + (captures[7].to_f + captures[8].to_f / 60) / 60 : -(captures[6].to_f + (captures[7].to_f + captures[8].to_f / 60) / 60)
end

11
app/controllers/message_controller.rb
View file

@ -7,6 +7,7 @@ class MessageController < ApplicationController
before_action :lookup_this_user, :only => [:new]
before_action :check_database_readable
before_action :check_database_writable, :only => [:new, :reply, :mark]
before_action :allow_thirdparty_images, :only => [:new, :read]
# Allow the user to write a new message to another user. This action also
# deals with the sending of that message to the other user when the user
@ -18,8 +19,8 @@ class MessageController < ApplicationController
flash[:error] = t "message.new.limit_exceeded"
else
@message = Message.new(message_params)
@message.to_user_id = @this_user.id
@message.from_user_id = current_user.id
@message.recipient = @this_user
@message.sender = current_user
@message.sent_on = Time.now.getutc
if @message.save
@ -38,7 +39,7 @@ class MessageController < ApplicationController
def reply
message = Message.find(params[:message_id])
if message.to_user_id == current_user.id
if message.recipient == current_user
message.update(:message_read => true)
@message = Message.new(
@ -64,8 +65,8 @@ class MessageController < ApplicationController
@title = t "message.read.title"
@message = Message.find(params[:message_id])
if @message.to_user_id == current_user.id || @message.from_user_id == current_user.id
@message.message_read = true if @message.to_user_id == current_user.id
if @message.recipient == current_user || @message.sender == current_user
@message.message_read = true if @message.recipient == current_user
@message.save
else
flash[:notice] = t "message.read.wrong_user", :user => current_user.display_name

8
app/controllers/node_controller.rb
View file

@ -41,7 +41,7 @@ class NodeController < ApplicationController
new_node = Node.from_xml(request.raw_post)
unless new_node && new_node.id == node.id
raise OSM::APIBadUserInput.new("The id in the url (#{node.id}) is not the same as provided in the xml (#{new_node.id})")
raise OSM::APIBadUserInput, "The id in the url (#{node.id}) is not the same as provided in the xml (#{new_node.id})"
end
node.update_from(new_node, current_user)
@ -56,7 +56,7 @@ class NodeController < ApplicationController
new_node = Node.from_xml(request.raw_post)
unless new_node && new_node.id == node.id
raise OSM::APIBadUserInput.new("The id in the url (#{node.id}) is not the same as provided in the xml (#{new_node.id})")
raise OSM::APIBadUserInput, "The id in the url (#{node.id}) is not the same as provided in the xml (#{new_node.id})"
end
node.delete_with_history!(new_node, current_user)
render :plain => node.version.to_s
@ -65,13 +65,13 @@ class NodeController < ApplicationController
# Dump the details on many nodes whose ids are given in the "nodes" parameter.
def nodes
unless params["nodes"]
raise OSM::APIBadUserInput.new("The parameter nodes is required, and must be of the form nodes=id[,id[,id...]]")
raise OSM::APIBadUserInput, "The parameter nodes is required, and must be of the form nodes=id[,id[,id...]]"
end
ids = params["nodes"].split(",").collect(&:to_i)
if ids.empty?
raise OSM::APIBadUserInput.new("No nodes were given to search for")
raise OSM::APIBadUserInput, "No nodes were given to search for"
end
doc = OSM::API.new.get_xml_doc

38
app/controllers/notes_controller.rb
View file

@ -20,10 +20,10 @@ class NotesController < ApplicationController
if params[:bbox]
bbox = BoundingBox.from_bbox_params(params)
else
raise OSM::APIBadUserInput.new("No l was given") unless params[:l]
raise OSM::APIBadUserInput.new("No r was given") unless params[:r]
raise OSM::APIBadUserInput.new("No b was given") unless params[:b]
raise OSM::APIBadUserInput.new("No t was given") unless params[:t]
raise OSM::APIBadUserInput, "No l was given" unless params[:l]
raise OSM::APIBadUserInput, "No r was given" unless params[:r]
raise OSM::APIBadUserInput, "No b was given" unless params[:b]
raise OSM::APIBadUserInput, "No t was given" unless params[:t]
bbox = BoundingBox.from_lrbt_params(params)
end
@ -56,9 +56,9 @@ class NotesController < ApplicationController
raise OSM::APIAccessDenied if Acl.no_note_comment(request.remote_ip)
# Check the arguments are sane
raise OSM::APIBadUserInput.new("No lat was given") unless params[:lat]
raise OSM::APIBadUserInput.new("No lon was given") unless params[:lon]
raise OSM::APIBadUserInput.new("No text was given") if params[:text].blank?
raise OSM::APIBadUserInput, "No lat was given" unless params[:lat]
raise OSM::APIBadUserInput, "No lon was given" unless params[:lon]
raise OSM::APIBadUserInput, "No text was given" if params[:text].blank?
# Extract the arguments
lon = OSM.parse_float(params[:lon], OSM::APIBadUserInput, "lon was not a number")
@ -69,7 +69,7 @@ class NotesController < ApplicationController
Note.transaction do
# Create the note
@note = Note.create(:lat => lat, :lon => lon)
raise OSM::APIBadUserInput.new("The note is outside this world") unless @note.in_world?
raise OSM::APIBadUserInput, "The note is outside this world" unless @note.in_world?
# Save the note
@note.save!
@ -92,8 +92,8 @@ class NotesController < ApplicationController
raise OSM::APIAccessDenied if Acl.no_note_comment(request.remote_ip)
# Check the arguments are sane
raise OSM::APIBadUserInput.new("No id was given") unless params[:id]
raise OSM::APIBadUserInput.new("No text was given") if params[:text].blank?
raise OSM::APIBadUserInput, "No id was given" unless params[:id]
raise OSM::APIBadUserInput, "No text was given" if params[:text].blank?
# Extract the arguments
id = params[:id].to_i
@ -103,7 +103,7 @@ class NotesController < ApplicationController
@note = Note.find(id)
raise OSM::APINotFoundError unless @note
raise OSM::APIAlreadyDeletedError.new("note", @note.id) unless @note.visible?
raise OSM::APINoteAlreadyClosedError.new(@note) if @note.closed?
raise OSM::APINoteAlreadyClosedError, @note if @note.closed?
# Add a comment to the note
Note.transaction do
@ -121,7 +121,7 @@ class NotesController < ApplicationController
# Close a note
def close
# Check the arguments are sane
raise OSM::APIBadUserInput.new("No id was given") unless params[:id]
raise OSM::APIBadUserInput, "No id was given" unless params[:id]
# Extract the arguments
id = params[:id].to_i
@ -131,7 +131,7 @@ class NotesController < ApplicationController
@note = Note.find_by(:id => id)
raise OSM::APINotFoundError unless @note
raise OSM::APIAlreadyDeletedError.new("note", @note.id) unless @note.visible?
raise OSM::APINoteAlreadyClosedError.new(@note) if @note.closed?
raise OSM::APINoteAlreadyClosedError, @note if @note.closed?
# Close the note and add a comment
Note.transaction do
@ -151,7 +151,7 @@ class NotesController < ApplicationController
# Reopen a note
def reopen
# Check the arguments are sane
raise OSM::APIBadUserInput.new("No id was given") unless params[:id]
raise OSM::APIBadUserInput, "No id was given" unless params[:id]
# Extract the arguments
id = params[:id].to_i
@ -161,7 +161,7 @@ class NotesController < ApplicationController
@note = Note.find_by(:id => id)
raise OSM::APINotFoundError unless @note
raise OSM::APIAlreadyDeletedError.new("note", @note.id) unless @note.visible? || current_user.moderator?
raise OSM::APINoteAlreadyOpenError.new(@note) unless @note.closed? || !@note.visible?
raise OSM::APINoteAlreadyOpenError, @note unless @note.closed? || !@note.visible?
# Reopen the note and add a comment
Note.transaction do
@ -206,7 +206,7 @@ class NotesController < ApplicationController
# Read a note
def show
# Check the arguments are sane
raise OSM::APIBadUserInput.new("No id was given") unless params[:id]
raise OSM::APIBadUserInput, "No id was given" unless params[:id]
# Find the note and check it is valid
@note = Note.find(params[:id])
@ -226,7 +226,7 @@ class NotesController < ApplicationController
# Delete (hide) a note
def destroy
# Check the arguments are sane
raise OSM::APIBadUserInput.new("No id was given") unless params[:id]
raise OSM::APIBadUserInput, "No id was given" unless params[:id]
# Extract the arguments
id = params[:id].to_i
@ -256,7 +256,7 @@ class NotesController < ApplicationController
# Return a list of notes matching a given string
def search
# Check the arguments are sane
raise OSM::APIBadUserInput.new("No query string was given") unless params[:q]
raise OSM::APIBadUserInput, "No query string was given" unless params[:q]
# Get any conditions that need to be applied
@notes = closed_condition(Note.all)
@ -310,7 +310,7 @@ class NotesController < ApplicationController
if params[:limit].to_i > 0 && params[:limit].to_i <= 10000
params[:limit].to_i
else
raise OSM::APIBadUserInput.new("Note limit must be between 1 and 10000")
raise OSM::APIBadUserInput, "Note limit must be between 1 and 10000"
end
else
100

2
app/controllers/oauth_controller.rb
View file

@ -38,6 +38,8 @@ class OauthController < ApplicationController
protected
def oauth1_authorize
append_content_security_policy_directives(:form_action => %w[*])
if @token.invalidated?
@message = t "oauth.oauthorize_failure.invalid"
render :action => "authorize_failure"

2
app/controllers/old_controller.rb
View file

@ -19,7 +19,7 @@ class OldController < ApplicationController
# the .where() method used in the lookup_old_element_versions
# call won't throw an error if no records are found, so we have
# to do that ourselves.
raise OSM::APINotFoundError.new if @elements.empty?
raise OSM::APINotFoundError if @elements.empty?
doc = OSM::API.new.get_xml_doc

14
app/controllers/relation_controller.rb
View file

@ -36,7 +36,7 @@ class RelationController < ApplicationController
new_relation = Relation.from_xml(request.raw_post)
unless new_relation && new_relation.id == relation.id
raise OSM::APIBadUserInput.new("The id in the url (#{relation.id}) is not the same as provided in the xml (#{new_relation.id})")
raise OSM::APIBadUserInput, "The id in the url (#{relation.id}) is not the same as provided in the xml (#{new_relation.id})"
end
relation.update_from new_relation, current_user
@ -91,7 +91,6 @@ class RelationController < ApplicationController
# create XML.
doc = OSM::API.new.get_xml_doc
visible_nodes = {}
visible_members = { "Node" => {}, "Way" => {}, "Relation" => {} }
changeset_cache = {}
user_display_name_cache = {}
@ -100,25 +99,22 @@ class RelationController < ApplicationController
doc.root << node.to_xml_node(changeset_cache, user_display_name_cache)
visible_nodes[node.id] = node
visible_members["Node"][node.id] = true
end
ways.each do |way|
next unless way.visible? # should be unnecessary if data is consistent.
doc.root << way.to_xml_node(visible_nodes, changeset_cache, user_display_name_cache)
visible_members["Way"][way.id] = true
end
relations.each do |rel|
next unless rel.visible? # should be unnecessary if data is consistent.
doc.root << rel.to_xml_node(nil, changeset_cache, user_display_name_cache)
visible_members["Relation"][rel.id] = true
doc.root << rel.to_xml_node(changeset_cache, user_display_name_cache)
end
# finally add self and output
doc.root << relation.to_xml_node(visible_members, changeset_cache, user_display_name_cache)
doc.root << relation.to_xml_node(changeset_cache, user_display_name_cache)
render :xml => doc.to_s
else
@ -128,13 +124,13 @@ class RelationController < ApplicationController
def relations
unless params["relations"]
raise OSM::APIBadUserInput.new("The parameter relations is required, and must be of the form relations=id[,id[,id...]]")
raise OSM::APIBadUserInput, "The parameter relations is required, and must be of the form relations=id[,id[,id...]]"
end
ids = params["relations"].split(",").collect(&:to_i)
if ids.empty?
raise OSM::APIBadUserInput.new("No relations were given to search for")
raise OSM::APIBadUserInput, "No relations were given to search for"
end
doc = OSM::API.new.get_xml_doc

2
app/controllers/search_controller.rb
View file

@ -91,7 +91,7 @@ class SearchController < ApplicationController
end
relations.each do |rel|
doc.root << rel.to_xml_node(nil, changeset_cache, user_display_name_cache)
doc.root << rel.to_xml_node(changeset_cache, user_display_name_cache)
end
render :xml => doc.to_s

6
app/controllers/site_controller.rb
View file

@ -120,9 +120,9 @@ class SiteController < ApplicationController
def id
append_content_security_policy_directives(
:connect_src => %w[taginfo.openstreetmap.org *.mapillary.com],
:img_src => %w[*],
:script_src => %w[dev.virtualearth.net]
:connect_src => %w[*],
:img_src => %w[* blob:],
:script_src => %w[dev.virtualearth.net 'unsafe-eval']
)
render "id", :layout => false

20
app/controllers/trace_controller.rb
View file

@ -112,7 +112,7 @@ class TraceController < ApplicationController
begin
do_create(params[:trace][:gpx_file], params[:trace][:tagstring],
params[:trace][:description], params[:trace][:visibility])
rescue => ex
rescue StandardError => ex
logger.debug ex
end
@ -149,9 +149,9 @@ class TraceController < ApplicationController
if Acl.no_trace_download(request.remote_ip)
head :forbidden
elsif request.format == Mime[:xml]
send_file(trace.xml_file, :filename => "#{trace.id}.xml", :type => request.format.to_s, :disposition => "attachment")
send_data(trace.xml_file.read, :filename => "#{trace.id}.xml", :type => request.format.to_s, :disposition => "attachment")
elsif request.format == Mime[:gpx]
send_file(trace.xml_file, :filename => "#{trace.id}.gpx", :type => request.format.to_s, :disposition => "attachment")
send_data(trace.xml_file.read, :filename => "#{trace.id}.gpx", :type => request.format.to_s, :disposition => "attachment")
else
send_file(trace.trace_name, :filename => "#{trace.id}#{trace.extension_name}", :type => trace.mime_type, :disposition => "attachment")
end
@ -263,15 +263,7 @@ class TraceController < ApplicationController
trace = Trace.visible.find(params[:id])
if trace.user == current_user
new_trace = Trace.from_xml(request.raw_post)
unless new_trace && new_trace.id == trace.id
raise OSM::APIBadUserInput.new("The id in the url (#{trace.id}) is not the same as provided in the xml (#{new_trace.id})")
end
trace.description = new_trace.description
trace.tags = new_trace.tags
trace.visibility = new_trace.visibility
trace.update_from_xml(request.raw_post)
trace.save!
head :ok
@ -298,9 +290,9 @@ class TraceController < ApplicationController
if trace.public? || trace.user == current_user
if request.format == Mime[:xml]
send_file(trace.xml_file, :filename => "#{trace.id}.xml", :type => request.format.to_s, :disposition => "attachment")
send_data(trace.xml_file.read, :filename => "#{trace.id}.xml", :type => request.format.to_s, :disposition => "attachment")
elsif request.format == Mime[:gpx]
send_file(trace.xml_file, :filename => "#{trace.id}.gpx", :type => request.format.to_s, :disposition => "attachment")
send_data(trace.xml_file.read, :filename => "#{trace.id}.gpx", :type => request.format.to_s, :disposition => "attachment")
else
send_file(trace.trace_name, :filename => "#{trace.id}#{trace.extension_name}", :type => trace.mime_type, :disposition => "attachment")
end

8
app/controllers/user_blocks_controller.rb
View file

@ -20,7 +20,7 @@ class UserBlocksController < ApplicationController
end
def show
if current_user && current_user.id == @user_block.user_id
if current_user && current_user == @user_block.user
@user_block.needs_view = false
@user_block.save!
end
@ -37,8 +37,8 @@ class UserBlocksController < ApplicationController
def create
if @valid_params
@user_block = UserBlock.new(
:user_id => @this_user.id,
:creator_id => current_user.id,
:user => @this_user,
:creator => current_user,
:reason => params[:user_block][:reason],
:ends_at => Time.now.getutc + @block_period.hours,
:needs_view => params[:user_block][:needs_view]
@ -57,7 +57,7 @@ class UserBlocksController < ApplicationController
def update
if @valid_params
if @user_block.creator_id != current_user.id
if @user_block.creator != current_user
flash[:error] = t("user_block.update.only_creator_can_edit")
redirect_to :action => "edit"
elsif @user_block.update_attributes(

13
app/controllers/user_controller.rb
View file

@ -18,6 +18,7 @@ class UserController < ApplicationController
around_action :api_call_handle_error, :only => [:api_read, :api_details, :api_gpx_files]
before_action :lookup_user_by_id, :only => [:api_read]
before_action :lookup_user_by_name, :only => [:set_status, :delete]
before_action :allow_thirdparty_images, :only => [:view, :account]
def terms
@legale = params[:legale] || OSM.ip_to_country(request.remote_ip) || DEFAULT_LEGALE
@ -99,7 +100,7 @@ class UserController < ApplicationController
"lat" => m[2],
"lon" => m[3] }.merge(editor))
end
rescue
rescue StandardError
# Use default
end
@ -202,6 +203,10 @@ class UserController < ApplicationController
@title = t "user.new.title"
@referer = params[:referer] || session[:referer]
append_content_security_policy_directives(
:form_action => %w[accounts.google.com *.facebook.com login.live.com github.com meta.wikimedia.org]
)
if current_user
# The user is logged in already, so don't show them the signup
# page, instead send them to the home page
@ -411,8 +416,8 @@ class UserController < ApplicationController
if @new_friend
if request.post?
friend = Friend.new
friend.user_id = current_user.id
friend.friend_user_id = @new_friend.id
friend.befriender = current_user
friend.befriendee = @new_friend
if current_user.is_friends_with?(@new_friend)
flash[:warning] = t "user.make_friend.already_a_friend", :name => @new_friend.display_name
elsif friend.save
@ -723,7 +728,7 @@ class UserController < ApplicationController
begin
Notifier.email_confirm(user, user.tokens.create).deliver_now
rescue
rescue StandardError
# Ignore errors sending email
end
else

2
app/controllers/user_preference_controller.rb
View file

@ -45,7 +45,7 @@ class UserPreferenceController < ApplicationController
if preference = old_preferences.delete(pt["k"])
preference.v = pt["v"]
elsif new_preferences.include?(pt["k"])
raise OSM::APIDuplicatePreferenceError.new(pt["k"])
raise OSM::APIDuplicatePreferenceError, pt["k"]
else
preference = current_user.preferences.build(:k => pt["k"], :v => pt["v"])
end

2
app/controllers/user_roles_controller.rb
View file

@ -10,7 +10,7 @@ class UserRolesController < ApplicationController
before_action :in_role, :only => [:revoke]
def grant
@this_user.roles.create(:role => @role, :granter_id => current_user.id)
@this_user.roles.create(:role => @role, :granter => current_user)
redirect_to :controller => "user", :action => "view", :display_name => @this_user.display_name
end

8
app/controllers/way_controller.rb
View file

@ -36,7 +36,7 @@ class WayController < ApplicationController
new_way = Way.from_xml(request.raw_post)
unless new_way && new_way.id == way.id
raise OSM::APIBadUserInput.new("The id in the url (#{way.id}) is not the same as provided in the xml (#{new_way.id})")
raise OSM::APIBadUserInput, "The id in the url (#{way.id}) is not the same as provided in the xml (#{new_way.id})"
end
way.update_from(new_way, current_user)
@ -81,14 +81,12 @@ class WayController < ApplicationController
def ways
unless params["ways"]
raise OSM::APIBadUserInput.new("The parameter ways is required, and must be of the form ways=id[,id[,id...]]")
raise OSM::APIBadUserInput, "The parameter ways is required, and must be of the form ways=id[,id[,id...]]"
end
ids = params["ways"].split(",").collect(&:to_i)
if ids.empty?
raise OSM::APIBadUserInput.new("No ways were given to search for")
end
raise OSM::APIBadUserInput, "No ways were given to search for" if ids.empty?
doc = OSM::API.new.get_xml_doc