From cc1d9592dfeed000be9e5ff2cce4ef4e5fd929eb Mon Sep 17 00:00:00 2001
From: Andy Allan <git@gravitystorm.co.uk>
Date: Wed, 25 Nov 2020 14:37:38 +0000
Subject: [PATCH] Avoid calling raw in plain text email templates

Rails doesn't escape text in text/plain outputs, since before Rails 4.

See https://github.com/rails/rails/pull/8235
---
 app/views/user_mailer/diary_comment_notification.text.erb | 2 +-
 app/views/user_mailer/message_notification.text.erb       | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/app/views/user_mailer/diary_comment_notification.text.erb b/app/views/user_mailer/diary_comment_notification.text.erb
index b86c303ae..cbf9ddaa0 100644
--- a/app/views/user_mailer/diary_comment_notification.text.erb
+++ b/app/views/user_mailer/diary_comment_notification.text.erb
@@ -3,7 +3,7 @@
 <%= t '.header', :from_user => @from_user, :subject => @title %>
 
 ==
-<%= raw @text.to_text %>
+<%= @text.to_text %>
 ==
 
 <%= t '.footer', :readurl => @readurl, :commenturl => @commenturl, :replyurl => @replyurl %>
diff --git a/app/views/user_mailer/message_notification.text.erb b/app/views/user_mailer/message_notification.text.erb
index b3a74bb88..6bd7393d7 100644
--- a/app/views/user_mailer/message_notification.text.erb
+++ b/app/views/user_mailer/message_notification.text.erb
@@ -1,9 +1,9 @@
-<%= raw t '.hi', :to_user => @to_user %>
+<%= t '.hi', :to_user => @to_user %>
 
-<%= raw t '.header', :from_user => @from_user, :subject => @title %>
+<%= t '.header', :from_user => @from_user, :subject => @title %>
 
 ==
-<%= raw @text.to_text %>
+<%= @text.to_text %>
 ==
 
 <%= word_wrap(t '.footer_html', :readurl => @readurl, :replyurl => @replyurl) %>
-- 
2.39.5