<table>
<tr>
<th align="right">From</th>
- <td><%= link_to @message.sender.display_name, :controller => 'user', :action => 'view', :display_name => @message.sender.display_name %></td>
+ <td>
+ <% if @message.sender.image %>
+ <%= image_tag url_for_file_column(@message.sender, "image") %>
+ <% end %>
+
+<%= link_to h(@message.sender.display_name), :controller => 'user', :action => 'view', :display_name => @message.sender.display_name %></td>
</tr>
<tr>
<th align="right">Subject</th>
- <td><%= @message.title %></td>
+ <td><%= h(@message.title) %></td>
</tr>
<tr>
<th align="right">Date</th>
</tr>
<tr>
<th></th>
- <td><%= @message.body %></td>
+ <td><%= htmlize(@message.body) %></td>
</tr>
</table>
<table>
<tr>
- <td><%= button_to 'Reply', :controller => 'message', :action => 'new', :user_id => @message.from_user_id %></td>
+ <td><%= button_to 'Reply', :controller => 'message', :action => 'reply', :message_id => @message.id %></td>
<td><%= button_to 'Mark as unread', :controller => 'message', :action => 'mark', :message_id => @message.id, :mark => 'unread' %></td>
<td><%= link_to 'Back to inbox', :controller => 'message', :action => 'inbox', :display_name => @user.display_name %></td>
</tr>
<table>
<tr>
<th align="right">To</th>
- <td><%= link_to @message.recipient.display_name, :controller => 'user', :action => 'view', :display_name => @message.recipient.display_name %></td>
+ <td><%= link_to h(@message.recipient.display_name), :controller => 'user', :action => 'view', :display_name => @message.recipient.display_name %></td>
</tr>
<tr>
<th align="right">Subject</th>
- <td><%= @message.title %></td>
+ <td><%= h(@message.title) %></td>
</tr>
<tr>
<th align="right">Date</th>
</tr>
<tr>
<th></th>
- <td><%= @message.body %></td>
+ <td><%= htmlize(@message.body) %></td>
</tr>
</table>