HTML escape at app/views/attachments/diff.rhtml.

author Toshi MARUYAMA <marutosijp2@yahoo.co.jp>

Tue, 2 Aug 2011 12:56:45 +0000 (12:56 +0000)

committer Toshi MARUYAMA <marutosijp2@yahoo.co.jp>

Tue, 2 Aug 2011 12:56:45 +0000 (12:56 +0000)
author Toshi MARUYAMA <marutosijp2@yahoo.co.jp>
Tue, 2 Aug 2011 12:56:45 +0000 (12:56 +0000)
committer Toshi MARUYAMA <marutosijp2@yahoo.co.jp>
Tue, 2 Aug 2011 12:56:45 +0000 (12:56 +0000)
diff --git a/app/views/attachments/diff.rhtml b/app/views/attachments/diff.rhtml

index 36db0af52877e59577b1a3380da3fa9e274bebb2..36e47217ba875761acba9fef0fd4597e682d12e1 100644 (file)
--- a/app/views/attachments/diff.rhtml
+++ b/app/views/attachments/diff.rhtml
@@ -2,7 +2,7 @@
  
  <div class="attachments">
  <p><%= h("#{@attachment.description} - ") unless @attachment.description.blank? %>
-   <span class="author"><%= @attachment.author %>, <%= format_time(@attachment.created_on) %></span></p>
+   <span class="author"><%= link_to_user(@attachment.author) %>, <%= format_time(@attachment.created_on) %></span></p>
  <p><%= link_to_attachment @attachment, :text => l(:button_download), :download => true -%>
     <span class="size">(<%= number_to_human_size @attachment.filesize %>)</span></p>
  
@@ -10,7 +10,7 @@
  &nbsp;
  <%= render :partial => 'common/diff', :locals => {:diff => @diff, :diff_type => @diff_type} %>
  
-<% html_title @attachment.filename %>
+<% html_title h(@attachment.filename) %>
  
  <% content_for :header_tags do -%>
      <%= stylesheet_link_tag "scm" -%>
author	Toshi MARUYAMA <marutosijp2@yahoo.co.jp>
	Tue, 2 Aug 2011 12:56:45 +0000 (12:56 +0000)
committer	Toshi MARUYAMA <marutosijp2@yahoo.co.jp>
	Tue, 2 Aug 2011 12:56:45 +0000 (12:56 +0000)