diff options
| -rw-r--r-- | app/views/admin_public_body/list.rhtml | 2 | ||||
| -rw-r--r-- | app/views/list/index.rhtml | 4 | ||||
| -rw-r--r-- | app/views/new/create.rhtml | 3 | ||||
| -rw-r--r-- | app/views/request/index.rhtml | 6 | ||||
| -rw-r--r-- | app/views/user/index.rhtml | 4 | ||||
| -rw-r--r-- | todo.txt | 8 |
6 files changed, 16 insertions, 11 deletions
diff --git a/app/views/admin_public_body/list.rhtml b/app/views/admin_public_body/list.rhtml index f932c2236..f5c6f6eec 100644 --- a/app/views/admin_public_body/list.rhtml +++ b/app/views/admin_public_body/list.rhtml @@ -9,7 +9,7 @@ <% for public_body in @public_bodies %> <tr class="<%= cycle('odd', 'even') %>"> - <td><%= link_to public_body.name, :action => 'show', :id => public_body %></td> + <td><%= link_to h(public_body.name), :action => 'show', :id => public_body %></td> <% for column in PublicBody.content_columns.map { |c| c.name } - [ "name" ] %> <td><%=h public_body.send(column) %></td> <% end %> diff --git a/app/views/list/index.rhtml b/app/views/list/index.rhtml index 59c156833..7161ff10d 100644 --- a/app/views/list/index.rhtml +++ b/app/views/list/index.rhtml @@ -13,8 +13,8 @@ <% for info_request in @info_requests %> <tr class="<%= cycle('odd', 'even') %>"> - <td><%= link_to info_request.title, :controller => 'request', :action => 'index', :id => info_request %></td> - <td><%= link_to info_request.user.name, :controller => 'user', :action => 'index', :name => info_request.user.name %></td> + <td><%= link_to h(info_request.title), :controller => 'request', :action => 'index', :id => info_request %></td> + <td><%= link_to h(info_request.user.name), :controller => 'user', :action => 'index', :name => info_request.user.name %></td> <td><%= info_request.created_at %></td> </tr> <% end %> diff --git a/app/views/new/create.rhtml b/app/views/new/create.rhtml index 8220705ca..00685d69f 100644 --- a/app/views/new/create.rhtml +++ b/app/views/new/create.rhtml @@ -2,4 +2,7 @@ <p>Your Freedom of Information request has been created. +<p><%= link_to h(@info_request.title), :controller => 'request', :id => @info_request %> + +<p> diff --git a/app/views/request/index.rhtml b/app/views/request/index.rhtml index 8c6f9d9b4..3c61ce179 100644 --- a/app/views/request/index.rhtml +++ b/app/views/request/index.rhtml @@ -1,14 +1,14 @@ -<% @title = @info_request.title %> +<% @title = h(@info_request.title) %> <h2><%=@title%></h2> <p> -Request to <%=@info_request.public_body.name%> +Request to <%=h @info_request.public_body.name%> </p> <p> Created by -<%= link_to @info_request.user.name, :controller => 'user', :action => 'index', :name => @info_request.user.name %> +<%= link_to h(@info_request.user.name), :controller => 'user', :action => 'index', :name => @info_request.user.name %> on <%= @info_request.created_at %> </p> diff --git a/app/views/user/index.rhtml b/app/views/user/index.rhtml index 77f443463..5e7b8a67e 100644 --- a/app/views/user/index.rhtml +++ b/app/views/user/index.rhtml @@ -1,4 +1,4 @@ -<% @title = @display_users[0].name %> +<% @title = h(@display_users[0].name) %> <% if (@display_users.size > 1) %> <p>There is more than one user with this name. @@ -11,7 +11,7 @@ <p>Freedom of Information requests made by this person:</p> <ul> <% for info_request in display_user.info_requests %> - <li><%= link_to info_request.title, :controller => 'request', :action => 'index', :id => info_request %></td> + <li><%= link_to h(info_request.title), :controller => 'request', :action => 'index', :id => info_request %></td> <% end %> </ul> <% end %> @@ -10,16 +10,18 @@ Make it say "dear" as default letter Write some tests (try it their way, at every level) -Link to user pages - Check all controllers to be sure non-action functions are private -You have a zillion CSS holes - run h() more Format dates nicely +Rename back links in admin interface + Tidying ======= +Links to user pages with <sup> etc. in don't work +Check that when on such a page <title> etc. is right + Prevent double posting of same request If summary is blank, says "title must be filled in" grrrr |