From 59e3aa6f0b24df25e525eeec12aefc04e0e61e5d Mon Sep 17 00:00:00 2001 From: Louise Crow Date: Tue, 19 Feb 2013 12:59:24 +0000 Subject: Mark the info request name as safe - hidden_user_explanation's content will be escaped in the parent template. Strip content in the controller and mark as HTML safe. --- app/controllers/admin_request_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'app/controllers/admin_request_controller.rb') diff --git a/app/controllers/admin_request_controller.rb b/app/controllers/admin_request_controller.rb index e39d55c7c..ed8de7755 100644 --- a/app/controllers/admin_request_controller.rb +++ b/app/controllers/admin_request_controller.rb @@ -379,7 +379,7 @@ class AdminRequestController < AdminController ContactMailer.deliver_from_admin_message( info_request.user, subject, - params[:explanation] + params[:explanation].strip.html_safe ) flash[:notice] = _("Your message to {{recipient_user_name}} has been sent",:recipient_user_name=>CGI.escapeHTML(info_request.user.name)) else -- cgit v1.2.3