Commit f9fbb63e authored by Raphael's avatar Raphael

Make 'not sharing' a button, eliminate xss in alert

parent 7399caa0
......@@ -71,7 +71,7 @@ class Person < ActiveRecord::Base
).order("contacts.user_id DESC", "requests.recipient_id DESC", "profiles.last_name ASC", "profiles.first_name ASC")
end
def name
def name(opts = {})
@name ||= if profile.first_name.nil? || profile.first_name.blank?
self.diaspora_handle
else
......
......@@ -25,7 +25,12 @@
.aspects
- if !contact
%h4
= t('people.show.not_connected', :name => person.first_name)
= link_to truncate(t('people.show.not_connected', :name => person.name), :length => 49, :separator => ' ', :omission => ''),
{:controller => "people",
:action => "share_with",
:id => @person.id},
:class => 'share_with button',
:rel => 'facebox'
- elsif contact.pending
%h4
= t('people.person.pending_request')
......
......@@ -9,7 +9,7 @@
$(this).closest('li').fadeOut(200);
});
$('.delete').bind('ajax:failure', function() {
alert(h("#{t('.cannot_remove', :name => person.name)}"));
alert("#{h(t('.cannot_remove', :name => person.name))}");
});
});
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment