Please login or <%= link_to 'create an account', :controller => 'user', :action => 'new' %>.<br />
<% form_tag :action => 'login' do %>
-<%= hidden_field_tag('referer', params[:referer]) %>
+<%= hidden_field_tag('referer', h(params[:referer])) %>
<table>
- <tr><td>email address:</td><td><%= text_field('user', 'email',{:size => 50, :maxlength => 255}) %></td></tr>
- <tr><td>password:</td><td><%= password_field('user', 'password',{:size => 50, :maxlength => 255}) %></td></tr>
+ <tr><td>Email Address or username:</td><td><%= text_field('user', 'email',{:size => 50, :maxlength => 255}) %></td></tr>
+ <tr><td>Password:</td><td><%= password_field('user', 'password',{:size => 50, :maxlength => 255}) %></td></tr>
</table>
<br />