More fixes to the changeset viewer, including logged-in-ness on per-user edit lists, fix XSS potential on usernames here, and general tidyups.

2009-03-23 19:40:33 +00:00 · 2009-03-23 19:40:33 +00:00 · 7d3a5899c9
commit 7d3a5899c9
parent 677f391ec1
3 changed files with 32 additions and 27 deletions
--- a/app/views/changeset/_changeset.rhtml
+++ b/app/views/changeset/_changeset.rhtml
@ -9,13 +9,13 @@
    <% else %><%= changeset.closed_at.strftime("%d %b %Y %H:%M") %><% end %>

    
-  <%if showusername==true %>  
-	  <td class="<%= cl %>">
-	  <% if changeset.user.data_public? %>
-	  	<%= link_to h(changeset.user.display_name), :controller => "user", :action => "view", :display_name => changeset.user.display_name %>
-	  <% else %>
-	  	<i>annon</i>
-	  <% end %>
+  <%if showusername %>  
+    <td class="<%= cl %>">
+    <% if changeset.user.data_public? %>
+      <%= link_to h(changeset.user.display_name), :controller => "user", :action => "view", :display_name => changeset.user.display_name %>
+    <% else %>
+      <i>Anonymous</i>
+    <% end %>
  <% end %>
    
  <td class="<%= cl %>">