X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/1fcd5f559324d9f00cf1f71618c8f723506b2026..4168e0963ee19e05c07b40d30e868fd652fd3757:/app/views/trace/view.rhtml
diff --git a/app/views/trace/view.rhtml b/app/views/trace/view.rhtml
index 60f71b7c7..d4bdb9745 100644
--- a/app/views/trace/view.rhtml
+++ b/app/views/trace/view.rhtml
@@ -1,4 +1,4 @@
-
<%= @title %>
+<%= h(@title) %>
@@ -22,11 +22,11 @@
<% end %>
Owner: |
- <%= link_to @trace.user.display_name, {:controller => 'user', :action => 'view', :display_name => @trace.user.display_name} %> |
+ <%= link_to h(@trace.user.display_name), {:controller => 'user', :action => 'view', :display_name => @trace.user.display_name} %> |
Description: |
- <%= @trace.description %> |
+ <%= h(@trace.description) %> |
Tags: |
@@ -50,6 +50,9 @@
<%= button_to 'Make this track public permanently', :controller => 'trace', :action => 'make_public', :id => @trace.id %> |
<% end %>
<% if @trace.user.id == @user.id %>
+ <%= button_to 'Edit this track', :controller => 'trace', :action => 'edit', :id => @trace.id %> |
+ <% end %>
+ <% if @trace.user.id == @user.id %>
<%= button_to 'Delete this track', :controller => 'trace', :action => 'delete', :id => @trace.id %> |
<% end %>