-<h2><%= @title %></h2>
+<h2><%= h(@title) %></h2>
<img src="<%= url_for :controller => 'trace', :action => 'picture', :id => @trace.id, :display_name => @trace.user.display_name %>">
<td><%= @trace.size.to_s.gsub(/(\d)(?=(\d{3})+$)/,'\1,') %></td></tr>
<tr>
<td>Start coordinate:</td>
- <td><div class="geo" style="display: inline"><span class="latitude"><%= @trace.latitude %></span>; <span class="longitude"><%= @trace.longitude %></span></div> (<%=link_to 'map', :controller => 'site', :action => 'index', :lat => @trace.latitude, :lon => @trace.longitude, :zoom => 14 %> / <%=link_to 'edit', :controller => 'site', :action => 'edit', :lat => @trace.latitude, :lon => @trace.longitude, :zoom => 14 %>)</td>
+ <td><div class="geo" style="display: inline"><span class="latitude"><%= @trace.latitude %></span>; <span class="longitude"><%= @trace.longitude %></span></div> (<%=link_to 'map', :controller => 'site', :action => 'index', :lat => @trace.latitude, :lon => @trace.longitude, :zoom => 14 %> / <%=link_to 'edit', :controller => 'site', :action => 'edit', :lat => @trace.latitude, :lon => @trace.longitude, :gpx=> @trace.id, :zoom => 14 %>)</td>
</tr>
<% end %>
<tr>
<td>Owner:</td>
- <td><%= link_to @trace.user.display_name, {:controller => 'user', :action => 'view', :display_name => @trace.user.display_name} %></td>
+ <td><%= link_to h(@trace.user.display_name), {:controller => 'user', :action => 'view', :display_name => @trace.user.display_name} %></td>
</tr>
<tr>
<td>Description:</td>
- <td><%= @trace.description %></td>
+ <td><%= h(@trace.description) %></td>
</tr>
<tr>
<td>Tags:</td>
<td><%= button_to 'Make this track public permanently', :controller => 'trace', :action => 'make_public', :id => @trace.id %></td>
<% end %>
<% if @trace.user.id == @user.id %>
+ <td><%= button_to 'Edit this track', :controller => 'trace', :action => 'edit', :id => @trace.id %></td>
+ <% end %>
+ <% if @trace.user.id == @user.id %>
<td><%= button_to 'Delete this track', :controller => 'trace', :action => 'delete', :id => @trace.id %></td>
<% end %>
</tr>