]> git.openstreetmap.org Git - rails.git/blobdiff - app/views/browse/note.html.erb
Prevent CSRF bypass unblocking users
[rails.git] / app / views / browse / note.html.erb
index c72730a762b21fca08f1cae0904b378f4176d76f..1a792e873952ce3dc98b5d6b7ced79e6f27cdeb2 100644 (file)
@@ -1,9 +1,6 @@
 <% set_title(t(".title", :id => @note.id)) %>
 
 <% set_title(t(".title", :id => @note.id)) %>
 
-<h2>
-  <a class="geolink" href="<%= root_path %>"><span class="icon close"></span></a>
-  <%= t ".#{@note.status}_title", :note_name => @note.id %>
-</h2>
+<%= render "sidebar_header", :title => t(".#{@note.status}_title", :note_name => @note.id) %>
 
 <div class="browse-section">
   <h4><%= t(".description") %></h4>
 
 <div class="browse-section">
   <h4><%= t(".description") %></h4>
       <% end %>
       <li>
         <%= t "browse.location" %>
       <% end %>
       <li>
         <%= t "browse.location" %>
-        <%= link_to(tag.span(number_with_delimiter(@note.lat), :class => "latitude") + ", " + tag.span(number_with_delimiter(@note.lon), :class => "longitude"), root_path(:anchor => "map=18/#{@note.lat}/#{@note.lon}")) %>
+        <%= link_to(t(".coordinates_html",
+                      :latitude => tag.span(number_with_delimiter(@note.lat), :class => "latitude"),
+                      :longitude => tag.span(number_with_delimiter(@note.lon), :class => "longitude")),
+                    root_path(:anchor => "map=18/#{@note.lat}/#{@note.lon}")) %>
       </li>
     </ul>
   </div>
       </li>
     </ul>
   </div>
@@ -35,7 +35,7 @@
   <% if @note_comments.length > 1 %>
     <div class='note-comments'>
       <ul class="list-unstyled">
   <% if @note_comments.length > 1 %>
     <div class='note-comments'>
       <ul class="list-unstyled">
-        <% @note_comments[1..-1].each do |comment| %>
+        <% @note_comments.drop(1).each do |comment| %>
           <li id="c<%= comment.id %>">
             <small class='text-muted'><%= note_event(comment.event, comment.created_at, comment.author) %></small>
             <%= comment.body.to_html %>
           <li id="c<%= comment.id %>">
             <small class='text-muted'><%= note_event(comment.event, comment.created_at, comment.author) %></small>
             <%= comment.body.to_html %>
   <% if @note.status == "open" %>
     <% if current_user -%>
       <form action="#">
   <% if @note.status == "open" %>
     <% if current_user -%>
       <form action="#">
-        <textarea class="comment" name="text" cols="40" rows="5" maxlength="2000"></textarea>
-        <div class="buttons clearfix">
+        <div class="form-group">
+          <textarea class="form-control" name="text" cols="40" rows="5" maxlength="2000"></textarea>
+        </div>
+        <div>
           <% if current_user.moderator? -%>
           <% if current_user.moderator? -%>
-            <input type="submit" name="hide" value="<%= t("javascripts.notes.show.hide") %>" class="deemphasize" data-note-id="<%= @note.id %>" data-method="DELETE" data-url="<%= note_url(@note, "json") %>">
+            <input type="submit" name="hide" value="<%= t("javascripts.notes.show.hide") %>" class="btn btn-light" data-note-id="<%= @note.id %>" data-method="DELETE" data-url="<%= note_url(@note, "json") %>">
           <% end -%>
           <% end -%>
-          <input type="submit" name="close" value="<%= t("javascripts.notes.show.resolve") %>" data-note-id="<%= @note.id %>" data-method="POST" data-url="<%= close_note_url(@note, "json") %>">
-          <input type="submit" name="comment" value="<%= t("javascripts.notes.show.comment") %>" data-note-id="<%= @note.id %>" data-method="POST" data-url="<%= comment_note_url(@note, "json") %>" disabled="1">
+          <input type="submit" name="close" value="<%= t("javascripts.notes.show.resolve") %>" class="btn btn-primary" data-note-id="<%= @note.id %>" data-method="POST" data-url="<%= close_note_url(@note, "json") %>">
+          <input type="submit" name="comment" value="<%= t("javascripts.notes.show.comment") %>" class="btn btn-primary" data-note-id="<%= @note.id %>" data-method="POST" data-url="<%= comment_note_url(@note, "json") %>" disabled="1">
         </div>
       </form>
     <% end -%>
   <% else %>
     <form action="#">
       <input type="hidden" name="text" value="">
         </div>
       </form>
     <% end -%>
   <% else %>
     <form action="#">
       <input type="hidden" name="text" value="">
-      <div class="buttons clearfix">
+      <div>
         <% if current_user and current_user.moderator? -%>
         <% if current_user and current_user.moderator? -%>
-          <input type="submit" name="hide" value="<%= t("javascripts.notes.show.hide") %>" class="deemphasize" data-note-id="<%= @note.id %>" data-method="DELETE" data-url="<%= note_url(@note, "json") %>">
+          <input type="submit" name="hide" value="<%= t("javascripts.notes.show.hide") %>" class="btn btn-light" data-note-id="<%= @note.id %>" data-method="DELETE" data-url="<%= note_url(@note, "json") %>">
         <% end -%>
         <% if current_user -%>
         <% end -%>
         <% if current_user -%>
-          <input type="submit" name="reopen" value="<%= t("javascripts.notes.show.reactivate") %>" data-note-id="<%= @note.id %>" data-method="POST" data-url="<%= reopen_note_url(@note, "json") %>">
+          <input type="submit" name="reopen" value="<%= t("javascripts.notes.show.reactivate") %>" class="btn btn-primary" data-note-id="<%= @note.id %>" data-method="POST" data-url="<%= reopen_note_url(@note, "json") %>">
         <% end -%>
       </div>
     </form>
         <% end -%>
       </div>
     </form>