]> git.openstreetmap.org Git - rails.git/blobdiff - app/views/diary_entries/_diary_entry.html.erb
Fix the CrossSiteScripting warnings from Brakeman
[rails.git] / app / views / diary_entries / _diary_entry.html.erb
index 0aff1b113ef3c8c2c4b959eae74d00ff2d953356..48df5d18e06a974c4cfc6d124b353161d4f25799 100644 (file)
@@ -1,13 +1,13 @@
-<div class='diary_post'>
+<div class='diary_post<%= " text-muted px-3 deleted" unless diary_entry.visible %> user_<%= diary_entry.user.id %>'>
   <div class='post_heading clearfix'>
     <% if !@user %>
       <%= user_thumbnail diary_entry.user %>
     <% end %>
 
-    <h2><%= link_to h(diary_entry.title), diary_entry_path(diary_entry.user, diary_entry) %></h2>
+    <h2><%= link_to diary_entry.title, diary_entry_path(diary_entry.user, diary_entry) %></h2>
 
-    <small class='deemphasize'>
-      <%= raw(t(".posted_by", :link_user => (link_to h(diary_entry.user.display_name), user_path(diary_entry.user)), :created => l(diary_entry.created_at, :format => :blog), :language_link => (link_to h(diary_entry.language.name), :controller => "diary_entries", :action => "index", :display_name => nil, :language => diary_entry.language_code))) %>
+    <small class='text-muted'>
+      <%= t(".posted_by_html", :link_user => (link_to diary_entry.user.display_name, user_path(diary_entry.user)), :created => l(diary_entry.created_at, :format => :blog), :language_link => (link_to diary_entry.language.name, :controller => "diary_entries", :action => "index", :display_name => nil, :language => diary_entry.language_code)) %>
     </small>
 
   </div>
 
     <% if can? :hide, DiaryEntry %>
       <li>
-        <%= link_to t(".hide_link"), hide_diary_entry_path(:display_name => diary_entry.user.display_name, :id => diary_entry.id), :method => :post, :data => { :confirm => t(".confirm") } %>
+        <% if diary_entry.visible %>
+          <%= link_to t(".hide_link"), hide_diary_entry_path(:display_name => diary_entry.user.display_name, :id => diary_entry.id), :method => :post, :data => { :confirm => t(".confirm") } %>
+        <% else %>
+          <%= link_to t(".unhide_link"), unhide_diary_entry_path(:display_name => diary_entry.user.display_name, :id => diary_entry.id), :method => :post, :data => { :confirm => t(".confirm") } %>
+        <% end %>
       </li>
     <% end %>
   </ul>