diff options
| author | Louise Crow <louise.crow@gmail.com> | 2013-02-19 12:59:24 +0000 |
|---|---|---|
| committer | Louise Crow <louise.crow@gmail.com> | 2013-02-19 12:59:24 +0000 |
| commit | 59e3aa6f0b24df25e525eeec12aefc04e0e61e5d (patch) | |
| tree | 14d8a2694424ef2546a93a89d32a21956343d4d6 | |
| parent | e7067b87777b5f2dd301a852ca6f8f5af1f135b4 (diff) | |
Mark the info request name as safe - hidden_user_explanation's content will be escaped in the parent template. Strip content in the controller and mark as HTML safe.
| -rw-r--r-- | app/controllers/admin_request_controller.rb | 2 | ||||
| -rw-r--r-- | app/views/admin_request/hidden_user_explanation.rhtml | 3 | ||||
| -rw-r--r-- | app/views/contact_mailer/from_admin_message.rhtml | 2 |
3 files changed, 4 insertions, 3 deletions
diff --git a/app/controllers/admin_request_controller.rb b/app/controllers/admin_request_controller.rb index e39d55c7c..ed8de7755 100644 --- a/app/controllers/admin_request_controller.rb +++ b/app/controllers/admin_request_controller.rb @@ -379,7 +379,7 @@ class AdminRequestController < AdminController ContactMailer.deliver_from_admin_message( info_request.user, subject, - params[:explanation] + params[:explanation].strip.html_safe ) flash[:notice] = _("Your message to {{recipient_user_name}} has been sent",:recipient_user_name=>CGI.escapeHTML(info_request.user.name)) else diff --git a/app/views/admin_request/hidden_user_explanation.rhtml b/app/views/admin_request/hidden_user_explanation.rhtml index 64387ffee..7084e986f 100644 --- a/app/views/admin_request/hidden_user_explanation.rhtml +++ b/app/views/admin_request/hidden_user_explanation.rhtml @@ -1,9 +1,10 @@ Dear <%= name_to %>, -Your request '<%= info_request.title %>' at <%= info_request_url %> has been reviewed by moderators. +Your request '<%= info_request.title.html_safe %>' at <%= info_request_url %> has been reviewed by moderators. We consider it <% if reason == 'not_foi' %>is not a valid FOI request<% else %>to be vexatious<% end%>, and have therefore hidden it from other users. You will still be able to view it while logged in to the site. Please reply to this email if you would like to discuss this decision further. Yours, The <%= site_name %> team. + diff --git a/app/views/contact_mailer/from_admin_message.rhtml b/app/views/contact_mailer/from_admin_message.rhtml index bdb48d580..43938e0dd 100644 --- a/app/views/contact_mailer/from_admin_message.rhtml +++ b/app/views/contact_mailer/from_admin_message.rhtml @@ -1,2 +1,2 @@ -<%= @message.strip %> +<%= @message %> |