Escape user-supplied JavaScript. Fixes http://lists.openstreetmap.org/pipermail/talk...

[rails.git] / app / views / user / view.html.erb

diff --git a/app/views/user/view.html.erb b/app/views/user/view.html.erb
index e50610037e7bde0d4f9ab4b17deedba56c1484e9..7769ffaa697e66e641c97811e755e50b813fec21 100644 (file)
--- a/app/views/user/view.html.erb
+++ b/app/views/user/view.html.erb
@@ -23,7 +23,7 @@
 
 <% if @this_user != nil %>
 <P>
-<b><%= t 'user.view.mapper since' %></b><%= l @this_user.creation_time %> <%= t 'user.view.ago', :time_in_words_ago => time_ago_in_words(@this_user.creation_time) %>
+<b><%= t 'user.view.mapper since' %></b> <%= l @this_user.creation_time %> <%= t 'user.view.ago', :time_in_words_ago => time_ago_in_words(@this_user.creation_time) %>
 </P>
 <% end %>
   
@@ -81,7 +81,7 @@
           <% end %>
         <% end %>
       </td>
-      <td class="message">(<%= link_to t('user.view.send message'), :controller => 'message', :action => 'new', :user_id => @friend.id %>)</td>
+      <td class="message">(<%= link_to t('user.view.send message'), :controller => 'message', :action => 'new', :display_name => @friend.display_name %>)</td>
       </tr>
       <%end%>
       </table>
@@ -110,7 +110,7 @@
           <%= t 'user.view.km away', :count => distance.round %>
         <% end %>
       </td>
-      <td class="message">(<%= link_to t('user.view.send message'), :controller => 'message', :action => 'new', :user_id => nearby.id %>)</td>
+      <td class="message">(<%= link_to t('user.view.send message'), :controller => 'message', :action => 'new', :display_name => nearby.display_name %>)</td>
       </tr>
       <% end %>
       </table>
@@ -122,4 +122,6 @@
 <br/>
 <% if @user and @this_user.id == @user.id %>
 <%= link_to t('user.view.change your settings'), :controller => 'user', :action => 'account', :display_name => @user.display_name %>
+<br/><br/>
+<%= link_to t('user.view.my_oauth_details'), :controller => 'oauth_clients', :action => 'index' %>
 <% end %>