]> source.dussan.org Git - redmine.git/commitdiff
Fixed that watchers delete links are escaped on the issue view (#10932).
authorJean-Philippe Lang <jp_lang@yahoo.fr>
Tue, 15 May 2012 19:33:42 +0000 (19:33 +0000)
committerJean-Philippe Lang <jp_lang@yahoo.fr>
Tue, 15 May 2012 19:33:42 +0000 (19:33 +0000)
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@9700 e93f8b46-1217-0410-a6f0-8f06a7374b81

app/helpers/watchers_helper.rb
test/functional/issues_controller_test.rb

index 0757085867fea79f1f1d59b45cdd560b68e377f0..e13075533a9151ef42b056fc182e7a85530f6d54 100644 (file)
@@ -45,23 +45,27 @@ module WatchersHelper
   # Returns a comma separated list of users watching the given object
   def watchers_list(object)
     remove_allowed = User.current.allowed_to?("delete_#{object.class.name.underscore}_watchers".to_sym, object.project)
+    content = ''.html_safe
     lis = object.watcher_users.collect do |user|
-      s = avatar(user, :size => "16").to_s + link_to_user(user, :class => 'user').to_s
+      s = ''.html_safe
+      s << avatar(user, :size => "16").to_s
+      s << link_to_user(user, :class => 'user')
       if remove_allowed
         url = {:controller => 'watchers',
                :action => 'destroy',
                :object_type => object.class.to_s.underscore,
                :object_id => object.id,
                :user_id => user}
-        s += ' ' + link_to_remote(image_tag('delete.png'),
+        s << ' '
+        s << link_to_remote(image_tag('delete.png'),
                                   {:url => url},
                                   :href => url_for(url),
                                   :style => "vertical-align: middle",
                                   :class => "delete")
       end
-      content_tag :li, s.html_safe
+      content << content_tag('li', s)
     end
-    (lis.empty? ? "" : "<ul>#{ lis.join("\n") }</ul>").html_safe
+    content.present? ? content_tag('ul', content) : content
   end
 
   def watchers_checkboxes(object, users, checked=nil)
index d719137f12e5fdd922fc54433770bbdb672b7c30..9e7836f0e0ea05eddc3aaaca2953140082f8f86b 100644 (file)
@@ -1126,6 +1126,36 @@ class IssuesControllerTest < ActionController::TestCase
     assert_tag 'a', :attributes => {:href => "/projects/ecookbook/repository/revisions/3"}
   end
 
+  def test_show_should_display_watchers
+    @request.session[:user_id] = 2
+    Issue.find(1).add_watcher User.find(2)
+
+    get :show, :id => 1
+    assert_select 'div#watchers ul' do
+      assert_select 'li' do
+        assert_select 'a[href=/users/2]'
+        assert_select 'a img[alt=Delete]'
+      end
+    end
+  end
+
+  def test_show_should_display_watchers_with_gravatars
+    @request.session[:user_id] = 2
+    Issue.find(1).add_watcher User.find(2)
+
+    with_settings :gravatar_enabled => '1' do
+      get :show, :id => 1
+    end
+
+    assert_select 'div#watchers ul' do
+      assert_select 'li' do
+        assert_select 'img.gravatar'
+        assert_select 'a[href=/users/2]'
+        assert_select 'a img[alt=Delete]'
+      end
+    end
+  end
+  
   def test_show_with_multi_custom_field
     field = CustomField.find(1)
     field.update_attribute :multiple, true