Commit 585fee1bea6efd3715647101fc71776cb3d25d3f
1 parent
fcfcc7be
Exists in
staging
and in
29 other branches
should not escape activity information in wall
Showing
1 changed file
with
1 additions
and
1 deletions
Show diff stats
app/views/profile/_upload_image.html.erb
| @@ -3,7 +3,7 @@ | @@ -3,7 +3,7 @@ | ||
| 3 | <%= link_to(profile_image(activity.user, :minor), activity.user.url) %> | 3 | <%= link_to(profile_image(activity.user, :minor), activity.user.url) %> |
| 4 | </div> | 4 | </div> |
| 5 | <div class='profile-activity-description'> | 5 | <div class='profile-activity-description'> |
| 6 | - <p class='profile-activity-text'><%= link_to activity.user.name, activity.user.url %> <%= describe activity %></p> | 6 | + <p class='profile-activity-text'><%= link_to activity.user.name, activity.user.url %> <%= describe(activity).html_safe %></p> |
| 7 | <p class='profile-activity-time'><%= time_ago_in_words(activity.created_at) %></p> | 7 | <p class='profile-activity-time'><%= time_ago_in_words(activity.created_at) %></p> |
| 8 | <div class='profile-wall-actions'> | 8 | <div class='profile-wall-actions'> |
| 9 | <%= link_to_function(_('Remove'), 'remove_item_wall(this, \'%s\', \'%s\', \'%s\'); return false ;' % [".profile-activity-item", url_for(:profile => params[:profile], :action => :remove_activity, :activity_id => activity.id, :view => params[:view]), _('Are you sure you want to remove this activity and all its replies?')]) if logged_in? && current_person == @profile %> | 9 | <%= link_to_function(_('Remove'), 'remove_item_wall(this, \'%s\', \'%s\', \'%s\'); return false ;' % [".profile-activity-item", url_for(:profile => params[:profile], :action => :remove_activity, :activity_id => activity.id, :view => params[:view]), _('Are you sure you want to remove this activity and all its replies?')]) if logged_in? && current_person == @profile %> |