From 268a2cd47470f5cb140258500a94d4cd033e1412 Mon Sep 17 00:00:00 2001
From: =?utf8?q?=C3=86var=20Arnfj=C3=B6r=C3=B0=20Bjarmason?=
 <avarab@gmail.com>
Date: Thu, 1 Oct 2009 18:49:38 +0000
Subject: [PATCH 1/1]  * use h() on username to avoid XSS  * Link to username
 in <h1>  * Set <title> on /blocks and /blocks_by

---
 app/views/user_blocks/blocks_by.html.erb | 3 ++-
 app/views/user_blocks/blocks_on.html.erb | 3 ++-
 config/locales/en.yml                    | 6 ++++--
 3 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/app/views/user_blocks/blocks_by.html.erb b/app/views/user_blocks/blocks_by.html.erb
index d49a74c0a..0140534c4 100644
--- a/app/views/user_blocks/blocks_by.html.erb
+++ b/app/views/user_blocks/blocks_by.html.erb
@@ -1,3 +1,4 @@
-<h1><%= t('user_block.blocks_by.heading', :name => @this_user.display_name) %></h1>
+<% @title = t('user_block.blocks_by.title', :name => h(@this_user.display_name)) %>
+<h1><%= t('user_block.blocks_by.heading', :name => link_to(h(@this_user.display_name), {:controller => 'user', :action => 'view', :display_name => @this_user.display_name})) %></h1>
 
 <%= render :partial => 'blocks', :locals => { :show_revoke_link => (@user and @user.moderator?), :show_user_name => true, :show_creator_name => false } %>
diff --git a/app/views/user_blocks/blocks_on.html.erb b/app/views/user_blocks/blocks_on.html.erb
index 8d4684339..f4632e998 100644
--- a/app/views/user_blocks/blocks_on.html.erb
+++ b/app/views/user_blocks/blocks_on.html.erb
@@ -1,3 +1,4 @@
-<h1><%= t('user_block.blocks_on.heading', :name => @this_user.display_name) %></h1>
+<% @title = t('user_block.blocks_on.title', :name => h(@this_user.display_name)) %>
+<h1><%= t('user_block.blocks_on.heading', :name => link_to(h(@this_user.display_name), {:controller => 'user', :action => 'view', :display_name => @this_user.display_name})) %></h1>
 
 <%= render :partial => 'blocks', :locals => { :show_revoke_link => (@user and @user.moderator?), :show_user_name => false, :show_creator_name => true } %>
diff --git a/config/locales/en.yml b/config/locales/en.yml
index 529b66ea5..412d9259f 100644
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -1088,9 +1088,11 @@ en:
       until_login: "Active until the user logs in."
       time_past: "Ended {{time}} ago."
     blocks_on:
-      heading: "List blocks on {{name}}"
+      title: "Blocks on {{name}}"
+      heading: "List of blocks on {{name}}"
     blocks_by:
-      heading: "List blocks by {{name}}"
+      title: "Blocks by {{name}}"
+      heading: "List of blocks by {{name}}"
     show:
       heading: "Block on {{block_on}} by {{block_by}}"
       time_future: "Ends in {{time}}"
-- 
2.43.2