<% end %>
<% if @user.home_lat.nil? or @user.home_lon.nil? %>
- <% lon = params['lon'] || '-0.1' %>
- <% lat = params['lat'] || '51.5' %>
- <% zoom = params['zoom'] || '4' %>
+ <% lon = h(params['lon']) || '-0.1' %>
+ <% lat = h(params['lat']) || '51.5' %>
+ <% zoom = h(params['zoom']) || '4' %>
<% else %>
- <% lon = @user.home_lon %>
- <% lat = @user.home_lat %>
- <% zoom = '12' %>
+ <% lon = @user.home_lon %>
+ <% lat = @user.home_lat %>
+ <% zoom = '12' %>
<% end %>
<script type="text/javascript" src="/openlayers/OpenLayers.js"></script>
window.onload = init;
// -->
-</script>
\ No newline at end of file
+</script>
<h2>Send a new message to <%= display_name %></h2>
<% if params[:display_name] %>
-<p>Writing a new message to <%= params[:display_name] %></p>
+<p>Writing a new message to <%= h(params[:display_name]) %></p>
<p>TODO: drop down box of your friends</p>
<%end%>
<% if params[:query] %>
<%= remote_function(:loading => "startSearch()",
:complete => "endSearch()",
- :url => { :controller => :geocoder, :action => :search, :query => params[:query] }) %>
+ :url => { :controller => :geocoder, :action => :search, :query => h(params[:query]) }) %>
<% end %>
// -->
</script>
<% form_remote_tag(:loading => "startSearch()",
:complete => "endSearch()",
:url => { :controller => :geocoder, :action => :search }) do %>
- <%= text_field_tag :query, params[:query] %>
+ <%= text_field_tag :query, h(params[:query]) %>
<% end %>
</span>
<p id="search_active">Searching...</p>
<% session[:token] = @user.tokens.create.token unless session[:token] %>
<% if params['mlon'] and params['mlat'] %>
-<% lon = params['mlon'] %>
-<% lat = params['mlat'] %>
-<% zoom = params['zoom'] || '12' %>
+<% lon = h(params['mlon']) %>
+<% lat = h(params['mlat']) %>
+<% zoom = h(params['zoom']) || '12' %>
<% elsif @user and params['lon'].nil? and params['lat'].nil? %>
<% lon = @user.home_lon %>
<% lat = @user.home_lat %>
<% zoom = '12' %>
<%else%>
-<% lon = params['lon'] || '-0.1' %>
-<% lat = params['lat'] || '51.5' %>
-<% zoom = params['zoom'] || '12' %>
+<% lon = h(params['lon']) || '-0.1' %>
+<% lat = h(params['lat']) || '51.5' %>
+<% zoom = h(params['zoom']) || '12' %>
<% end %>
<div id="map">You need a Flash player to use Potlatch, the
fo.addVariable('long',lon);
fo.addVariable('scale',sc);
fo.addVariable('token','<%= session[:token] %>');
-<% if params['gpx'] %> fo.addVariable('gpx','<%= params['gpx']+"/data" %>'); <% end %>
+ <% if params['gpx'] %>
+ fo.addVariable('gpx','<%= h(params['gpx']) + "/data" %>');
+ <% end %>
fo.write("map");
}
<% if params['mlon'] and params['mlat'] %>
<% marker = true %>
-<% mlon = params['mlon'] %>
-<% mlat = params['mlat'] %>
+<% mlon = h(params['mlon']) %>
+<% mlat = h(params['mlat']) %>
<% end %>
<% if params['minlon'] and params['minlat'] and params['maxlon'] and params['maxlat'] %>
<% bbox = true %>
-<% minlon = params['minlon'] %>
-<% minlat = params['minlat'] %>
-<% maxlon = params['maxlon'] %>
-<% maxlat = params['maxlat'] %>
+<% minlon = h(params['minlon']) %>
+<% minlat = h(params['minlat']) %>
+<% maxlon = h(params['maxlon']) %>
+<% maxlat = h(params['maxlat']) %>
<% end %>
<% if params['lon'] and params['lat'] %>
-<% lon = params['lon'] %>
-<% lat = params['lat'] %>
-<% zoom = params['zoom'] || '5' %>
-<% layers = params['layers'] %>
+<% lon = h(params['lon']) %>
+<% lat = h(params['lat']) %>
+<% zoom = h(params['zoom']) || '5' %>
+<% layers = h(params['layers']) %>
<% elsif params['mlon'] and params['mlat'] %>
-<% lon = params['mlon'] %>
-<% lat = params['mlat'] %>
-<% zoom = params['zoom'] || '12' %>
-<% layers = params['layers'] %>
+<% lon = h(params['mlon']) %>
+<% lat = h(params['mlat']) %>
+<% zoom = h(params['zoom']) || '12' %>
+<% layers = h(params['layers']) %>
<% elsif cookies.key?("location") %>
<% lon,lat,zoom,layers = cookies["location"].value.first.split(",") %>
<% elsif @user and !@user.home_lon.nil? and !@user.home_lat.nil? %>
<% else %>
<% lon = '-0.1' %>
<% lat = '51.5' %>
-<% zoom = params['zoom'] || '5' %>
-<% layers = params['layers'] %>
+<% zoom = h(params['zoom']) || '5' %>
+<% layers = h(params['layers']) %>
<% end %>
<% end %>
</script>
<% if @user.home_lat.nil? or @user.home_lon.nil? %>
- <% lon = params['lon'] || '-0.1' %>
- <% lat = params['lat'] || '51.5' %>
- <% zoom = params['zoom'] || '4' %>
+ <% lon = h(params['lon']) || '-0.1' %>
+ <% lat = h(params['lat']) || '51.5' %>
+ <% zoom = h(params['zoom']) || '4' %>
<% else %>
<% marker = true %>
<% mlon = @user.home_lon %>
Please login or <%= link_to 'create an account', :controller => 'user', :action => 'new' %>.<br />
<% form_tag :action => 'login' do %>
-<%= hidden_field_tag('referer', params[:referer]) %>
+<%= hidden_field_tag('referer', h(params[:referer])) %>
<table>
<tr><td>Email Address:</td><td><%= text_field('user', 'email',{:size => 50, :maxlength => 255}) %></td></tr>
<tr><td>Password:</td><td><%= password_field('user', 'password',{:size => 50, :maxlength => 255}) %></td></tr>
projects / rails.git / commitdiff