From 1cea0df3d8ca8c900b7e23b90ef90ea7dda4f320 Mon Sep 17 00:00:00 2001 From: =?utf8?q?=C3=86var=20Arnfj=C3=B6r=C3=B0=20Bjarmason?= Date: Thu, 1 Oct 2009 19:45:36 +0000 Subject: [PATCH] title/heading & XSS fix for /edit --- app/views/user_blocks/edit.html.erb | 6 +++++- config/locales/en.yml | 3 ++- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/app/views/user_blocks/edit.html.erb b/app/views/user_blocks/edit.html.erb index c3111367d..66123e717 100644 --- a/app/views/user_blocks/edit.html.erb +++ b/app/views/user_blocks/edit.html.erb @@ -1,4 +1,8 @@ -

<%= t('user_block.edit.title', :name => @user_block.user.display_name) %>

+<% @title = t 'user_block.edit.title', :name => h(@user_block.user.display_name) %> +

<%= t('user_block.edit.title', + :name => link_to( + h(@user_block.user.display_name), + {:controller => 'user', :action => 'view', :display_name => @user_block.user.display_name})) %>

<% form_for(@user_block) do |f| %> <%= f.error_messages %> diff --git a/config/locales/en.yml b/config/locales/en.yml index 6d038a252..10e372bf2 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -1042,12 +1042,13 @@ en: title: "Creating block on {{name}}" needs_view: "Does the user need to log in before this block will be cleared?" edit: + title: "Editing block on {{name}}" + heading: "Editing block on {{name}}" reason: "The reason why {{name}} is being blocked. Please be as calm and as reasonable as possible, giving as much detail as you can about the situation. Bear in mind that not all users understand the community jargon, so please try to use laymans terms." period: "How long, starting now, the user will be blocked from the API for." submit: "Update block" show: "Show" back: "Back" - title: "Editing block on {{name}}" needs_view: "Does the user need to log in before this block will be cleared?" filter: not_a_moderator: "You need to be a moderator to perform that action." -- 2.43.2