HTML escape at parse_wiki_links() of app/helpers/application_helper.rb (#9252)

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@7248 e93f8b46-1217-0410-a6f0-8f06a7374b81

diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb
index 93f40e7f1e555d672ee7186967f02ff41ce6d47b..cd8c439fc44cddca41776fc9c462c010737ab8c0 100644 (file)
--- a/app/helpers/application_helper.rb
+++ b/app/helpers/application_helper.rb
@@ -579,7 +579,7 @@ module ApplicationHelper
               wiki_page_id = page.present? ? Wiki.titleize(page) : nil
               url_for(:only_path => only_path, :controller => 'wiki', :action => 'show', :project_id => link_project, :id => wiki_page_id, :anchor => anchor)
             end
-          link_to((title || page), url, :class => ('wiki-page' + (wiki_page ? '' : ' new')))
+          link_to(h(title || page), url, :class => ('wiki-page' + (wiki_page ? '' : ' new')))
         else
           # project or wiki doesn't exist
           all.html_safe