-<% this_colour = cycle('lightgrey', 'white') # can only call once for some dumb reason %>
+<% this_colour = cycle('lightgrey', 'white') # can only call once for some dumb reason
+%>
<tr class="inbox-row<%= "-unread" if not message_summary.message_read? %>">
- <td class="inbox-sender" bgcolor='<%= this_colour %>'><%= link_to message_summary.sender.display_name , :controller => 'user', :action => message_summary.sender.display_name %></td>
- <td class="inbox-subject" bgcolor='<%= this_colour %>'><%= link_to message_summary.title , :controller => 'message', :action => 'read', :message_id => message_summary.id %></td>
- <td class="inbox-sent" bgcolor='<%= this_colour %>'><%= message_summary.sent_on %></td>
+ <td class="inbox-sender" bgcolor="<%= this_colour %>"><%= link_to h(message_summary.sender.display_name), :controller => 'user', :action => message_summary.sender.display_name %></td>
+ <td class="inbox-subject" bgcolor="<%= this_colour %>"><%= link_to h(message_summary.title), :controller => 'message', :action => 'read', :message_id => message_summary.id %></td>
+ <td class="inbox-sent" bgcolor="<%= this_colour %>"><%= message_summary.sent_on %></td>
<% if message_summary.message_read? %>
<td><%= button_to 'Mark as unread', :controller => 'message', :action => 'mark', :message_id => message_summary.id, :mark => 'unread' %></td>
<% else %>
<td><%= button_to 'Mark as read', :controller => 'message', :action => 'mark', :message_id => message_summary.id, :mark => 'read' %></td>
<% end %>
- <td><%= button_to 'Reply', :controller => 'message', :action => 'new', :user_id => message_summary.from_user_id %></td>
+ <td><%= button_to 'Reply', :controller => 'message', :action => 'reply', :message_id => message_summary.id %></td>
</tr>