<% @this_user = User.find_by_display_name(@this_user.display_name) %>
-<h2><%= @this_user.display_name %></h2>
+<h2><%= h(@this_user.display_name) %></h2>
<div id="userinformation">
<% if @user and @this_user.id == @user.id %>
<%= link_to 'my diary', :controller => 'diary_entry', :action => 'list', :display_name => @user.display_name %>
-| <%= link_to 'new diary post', :controller => 'diary_entry', :action => 'new', :display_name => @user.display_name %>
+| <%= link_to 'new diary entry', :controller => 'diary_entry', :action => 'new', :display_name => @user.display_name %>
| <%= link_to 'my traces', :controller => 'trace', :action=>'mine' %>
| <%= link_to 'my settings', :controller => 'user', :action => 'account', :display_name => @user.display_name %>
<% else %>
<h3>User image</h3>
<% if @this_user.image %>
- <%= image_tag url_for_file_column(@this_user, "image") %>
+ <%= image_tag url_for_file_column(@this_user, "image") %>
+ <% if @user and @this_user.id == @user.id %>
+ <%= button_to 'Delete Image', :action => 'delete_image' %>
+ <% end %>
<% end %>
<br />
Upload an image<br />
<%= form_tag({:action=>'upload_image'}, :multipart => true)%>
<%= file_column_field 'user', 'image' %>
- <input type="submit" name="Upload" />
+ <%= submit_tag 'Add Image' %>
</form>
<% end %>
-<h3>Description</h3?
-<div id="description"><%= simple_format(@this_user.description) %></div>
+<h3>Description</h3>
+<div id="description"><%= htmlize(@this_user.description) %></div>
<% if @this_user.home_lat.nil? or @this_user.home_lon.nil? %>
<h3>User location</h3>
<%= image_tag url_for_file_column(@friend, "image") %>
<% end %>
</td>
- <td class="username"><%= link_to @friend.display_name, :controller => 'user', :action => 'view', :display_name => @friend.display_name %></td>
+ <td class="username"><%= link_to h(@friend.display_name), :controller => 'user', :action => 'view', :display_name => @friend.display_name %></td>
<td><% if @friend.home_lon and @friend.home_lat %><%= @this_user.distance(@friend).round %>km away<% end %></td>
<td class="message">(<%= link_to 'send message', :controller => 'message', :action => 'new', :user_id => @friend.id %>)</td>
</tr>
<table id="nearbyusers">
<% @this_user.nearby.each do |nearby| %>
<tr>
- <td class="username"><%= link_to nearby.display_name, :controller => 'user', :action => 'view', :display_name => nearby.display_name %></td>
+ <td class="username"><%= link_to h(nearby.display_name), :controller => 'user', :action => 'view', :display_name => nearby.display_name %></td>
<td><%= @this_user.distance(nearby).round %>km away</td>
<td class="message">(<%= link_to 'send message', :controller => 'message', :action => 'new', :user_id => nearby.id %>)</td>
</tr>
projects / rails.git / blobdiff