From 972249ce9d1d818e7ae2f0b433af1b4f51b3f508 Mon Sep 17 00:00:00 2001 From: Andy Allan Date: Thu, 17 Nov 2022 12:01:45 +0000 Subject: [PATCH] Reconfigure the suspended flash message to avoid html_safe This also avoids having raw html in the translation strings --- app/controllers/sessions_controller.rb | 2 +- app/controllers/users_controller.rb | 2 +- app/views/sessions/_suspended_flash.html.erb | 2 ++ config/locales/en.yml | 5 ++++- 4 files changed, 8 insertions(+), 3 deletions(-) create mode 100644 app/views/sessions/_suspended_flash.html.erb diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb index 9489553a8..2e2233939 100644 --- a/app/controllers/sessions_controller.rb +++ b/app/controllers/sessions_controller.rb @@ -52,7 +52,7 @@ class SessionsController < ApplicationController elsif (user = User.authenticate(:username => username, :password => password, :pending => true)) unconfirmed_login(user) elsif User.authenticate(:username => username, :password => password, :suspended => true) - failed_login t("sessions.new.account is suspended", :webmaster => "mailto:#{Settings.support_email}").html_safe, username + failed_login({ :partial => "sessions/suspended_flash" }, username) else failed_login t("sessions.new.auth failure"), username end diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index 603feb4db..1e927aa01 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -290,7 +290,7 @@ class UsersController < ApplicationController when "active", "confirmed" successful_login(user, request.env["omniauth.params"]["referer"]) when "suspended" - failed_login t("sessions.new.account is suspended", :webmaster => "mailto:#{Settings.support_email}").html_safe + failed_login({ :partial => "sessions/suspended_flash" }) else failed_login t("sessions.new.auth failure") end diff --git a/app/views/sessions/_suspended_flash.html.erb b/app/views/sessions/_suspended_flash.html.erb new file mode 100644 index 000000000..b8ca5504b --- /dev/null +++ b/app/views/sessions/_suspended_flash.html.erb @@ -0,0 +1,2 @@ +

<%= t ".suspended" %>

+

<%= t ".contact_support_html", :support_link => mail_to(Settings.support_email, t(".support")) %>

diff --git a/config/locales/en.yml b/config/locales/en.yml index c560ded1c..6b072bd1e 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -1782,7 +1782,6 @@ en: create account minute: Create an account. It only takes a minute. no account: Don't have an account? account not active: "Sorry, your account is not active yet.
Please use the link in the account confirmation email to activate your account, or request a new confirmation email." - account is suspended: Sorry, your account has been suspended due to suspicious activity.
Please contact support if you wish to discuss this. auth failure: "Sorry, could not log in with those details." openid_logo_alt: "Log in with an OpenID" auth_providers: @@ -1814,6 +1813,10 @@ en: title: "Logout" heading: "Logout from OpenStreetMap" logout_button: "Logout" + suspended_flash: + suspended: Sorry, your account has been suspended due to suspicious activity. + contact_support_html: Please contact %{support_link} if you wish to discuss this. + support: support shared: markdown_help: title_html: Parsed with kramdown -- 2.43.2