]> git.openstreetmap.org Git - rails.git/blobdiff - app/views/user_blocks/edit.html.erb
projects / rails.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
title/heading & XSS fix for /edit
[rails.git] / app / views / user_blocks / edit.html.erb
diff --git a/app/views/user_blocks/edit.html.erb b/app/views/user_blocks/edit.html.erb
index 3ca0b903137c373536ea84c8cd1d52849ea741fa..66123e717959d2f64434e295c042f69b5ea78d0a 100644 (file)
--- a/app/views/user_blocks/edit.html.erb
+++ b/app/views/user_blocks/edit.html.erb
@@ -1,4 +1,8 @@
-<h1><%= t('user_block.edit.title', :name => @user_block.user.display_name) %></h1>
+<% @title = t 'user_block.edit.title', :name => h(@user_block.user.display_name) %>
+<h1><%= t('user_block.edit.title',
+          :name => link_to(
+                           h(@user_block.user.display_name),
+                           {:controller => 'user', :action => 'view', :display_name => @user_block.user.display_name})) %></h1>
 
 <% form_for(@user_block) do |f| %>
   <%= f.error_messages %>
@@ -9,7 +13,6 @@
   </p>
   <p>
     <%= label_tag 'user_block_period', t('user_block.edit.period') %><br />
-    <%= hidden_field_tag 'what is the period', params[:user_block_period] %>
     <%= select_tag('user_block_period', options_for_select(UserBlock::PERIODS.collect { |h| [t('user_block.period', :count => h), h.to_s] }, params[:user_block_period])) %>
   </p>
   <p>
The OpenStreetMap web site