diff options
| author | Josh Frye <joshfng@gmail.com> | 2016-01-12 14:15:59 -0500 |
|---|---|---|
| committer | Josh Frye <joshfng@gmail.com> | 2016-01-16 10:49:51 -0500 |
| commit | 2d3655cd1403d354717ee4cb704c35a061e4b561 (patch) | |
| tree | 89d15f067e1edb81e4cba3332a38287376329d00 | |
| parent | c70ed7f2cdc0fbecea739a08332529b71325938c (diff) | |
| download | gitlab-ce-2d3655cd1403d354717ee4cb704c35a061e4b561.tar.gz | |
sanitize user supplied input.
| -rw-r--r-- | app/views/abuse_reports/new.html.haml | 2 | ||||
| -rw-r--r-- | app/views/users/show.html.haml | 25 |
2 files changed, 2 insertions, 25 deletions
diff --git a/app/views/abuse_reports/new.html.haml b/app/views/abuse_reports/new.html.haml index 8d31182a3e6..f125ecf7be5 100644 --- a/app/views/abuse_reports/new.html.haml +++ b/app/views/abuse_reports/new.html.haml @@ -16,7 +16,7 @@ .form-group = f.label :message, class: 'control-label' .col-sm-10 - = f.text_area :message, class: "form-control js-quick-submit", rows: 2, required: true, value: @ref_url + = f.text_area :message, class: "form-control js-quick-submit", rows: 2, required: true, value: sanitize(@ref_url) .help-block Explain the problem with this user. If appropriate, provide a link to the relevant issue or comment. diff --git a/app/views/users/show.html.haml b/app/views/users/show.html.haml index 7125b01c3ff..3bfd781e51d 100644 --- a/app/views/users/show.html.haml +++ b/app/views/users/show.html.haml @@ -20,7 +20,7 @@ data: { toggle: 'tooltip', placement: 'left', container: 'body' }} = icon('exclamation-circle') - else - = link_to new_abuse_report_path(user_id: @user.id), class: 'btn btn-gray', + = link_to new_abuse_report_path(user_id: @user.id, ref_url: request.referrer), class: 'btn btn-gray', title: 'Report abuse', data: {toggle: 'tooltip', placement: 'left', container: 'body'} do = icon('exclamation-circle') - if current_user @@ -93,30 +93,7 @@ %h4.center.light %i.fa.fa-spinner.fa-spin .user-calendar-activities - .cover-controls - - if @user == current_user - = link_to profile_path, class: 'btn btn-gray' do - = icon('pencil') - - elsif current_user - %span.report-abuse - - if @user.abuse_report - %button.btn.btn-danger{ title: 'Already reported for abuse', - data: { toggle: 'tooltip', placement: 'left', container: 'body' }} - = icon('exclamation-circle') - - else - = link_to new_abuse_report_path(user_id: @user.id, ref_url: request.referrer), class: 'btn btn-gray', - title: 'Report abuse', data: {toggle: 'tooltip', placement: 'left', container: 'body'} do - = icon('exclamation-circle') - - if current_user - - = link_to user_path(@user, :atom, { private_token: current_user.private_token }), class: 'btn btn-gray' do - = icon('rss') -.gray-content-block.second-block - .user-calendar - %h4.center.light - %i.fa.fa-spinner.fa-spin - .user-calendar-activities .content_list = spinner |