]> source.dussan.org Git - redmine.git/commitdiff
projects / redmine.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 4313b5f)
HTML escape at parse_redmine_links() of app/helpers/application_helper.rb (#9252)
authorToshi MARUYAMA <marutosijp2@yahoo.co.jp>
Fri, 16 Sep 2011 01:52:30 +0000 (01:52 +0000)
committerToshi MARUYAMA <marutosijp2@yahoo.co.jp>
Fri, 16 Sep 2011 01:52:30 +0000 (01:52 +0000)
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@7249 e93f8b46-1217-0410-a6f0-8f06a7374b81

app/helpers/application_helper.rb patch | blob | history

diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb
index cd8c439fc44cddca41776fc9c462c010737ab8c0..d58461a5f2746dee0cf659f7790ed1274e7d188d 100644 (file)
--- a/app/helpers/application_helper.rb
+++ b/app/helpers/application_helper.rb
@@ -633,7 +633,7 @@ module ApplicationHelper
         if prefix.nil? && sep == 'r'
           # project.changesets.visible raises an SQL error because of a double join on repositories
           if project && project.repository && (changeset = Changeset.visible.find_by_repository_id_and_revision(project.repository.id, identifier))
-            link = link_to("#{project_prefix}r#{identifier}", {:only_path => only_path, :controller => 'repositories', :action => 'revision', :id => project, :rev => changeset.revision},
+            link = link_to(h("#{project_prefix}r#{identifier}"), {:only_path => only_path, :controller => 'repositories', :action => 'revision', :id => project, :rev => changeset.revision},
                                       :class => 'changeset',
                                       :title => truncate_single_line(changeset.comments, :length => 100))
           end
@@ -683,7 +683,7 @@ module ApplicationHelper
             if project && project.repository && (changeset = Changeset.visible.find(:first, :conditions => ["repository_id = ? AND scmid LIKE ?", project.repository.id, "#{name}%"]))
               link = link_to h("#{project_prefix}#{name}"), {:only_path => only_path, :controller => 'repositories', :action => 'revision', :id => project, :rev => changeset.identifier},
                                            :class => 'changeset',
-                                           :title => truncate_single_line(changeset.comments, :length => 100)
+                                           :title => truncate_single_line(h(changeset.comments), :length => 100)
             end
           when 'source', 'export'
             if project && project.repository && User.current.allowed_to?(:browse_repository, project)
Mirror of redmine code source: https://github.com/redmine/redmine