Require POST for make_friend and remove_friend

[rails.git] / app / views / user / _contact.html.erb

diff --git a/app/views/user/_contact.html.erb b/app/views/user/_contact.html.erb
index bcab838ba76405bc60609f6c4b43fdffaa71731a..2418ed24cdc10d18581f51747395eb4d7b419eaa 100644 (file)
--- a/app/views/user/_contact.html.erb
+++ b/app/views/user/_contact.html.erb
@@ -19,7 +19,7 @@
     <% changeset = contact.changesets.first %>
     <% if changeset %>
       <%= t('user.view.latest edit', :ago => t('user.view.ago', :time_in_words_ago => time_ago_in_words(changeset.created_at))) %>
-      <% comment = changeset.tags['comment'] ? changeset.tags['comment'] : t('changeset.changeset.no_comment') %>
+      <% comment = changeset.tags['comment'].to_s != '' ? changeset.tags['comment'] : t('changeset.changeset.no_comment') %>
       "<%= link_to(comment,
                           {:controller => 'browse', :action => 'changeset', :id => changeset.id},
                           {:title => t('changeset.changeset.view_changeset_details')})
@@ -33,9 +33,9 @@
     <%= link_to t('user.view.send message'), :controller => 'message', :action => 'new', :display_name => contact.display_name %>
     |
     <% if @user.is_friends_with?(contact) %>
-      <%= link_to t('user.view.remove as friend'), :controller => 'user', :action => 'remove_friend', :display_name => contact.display_name, :referer => request.request_uri %>
+      <%= link_to t('user.view.remove as friend'), :controller => 'user', :action => 'remove_friend', :display_name => contact.display_name, :referer => request.fullpath, :method => :post %>
     <% else %>
-      <%= link_to t('user.view.add as friend'), :controller => 'user', :action => 'make_friend', :display_name => contact.display_name, :referer => request.request_uri %>
+      <%= link_to t('user.view.add as friend'), :controller => 'user', :action => 'make_friend', :display_name => contact.display_name, :referer => request.fullpath, :method => :post %>
     <% end %>
   </td>
 </tr>