Merged r2979 and r2980 from trunk.

author Jean-Philippe Lang <jp_lang@yahoo.fr>

Wed, 4 Nov 2009 10:11:47 +0000 (10:11 +0000)

committer Jean-Philippe Lang <jp_lang@yahoo.fr>

Wed, 4 Nov 2009 10:11:47 +0000 (10:11 +0000)
author Jean-Philippe Lang <jp_lang@yahoo.fr>
Wed, 4 Nov 2009 10:11:47 +0000 (10:11 +0000)
committer Jean-Philippe Lang <jp_lang@yahoo.fr>
Wed, 4 Nov 2009 10:11:47 +0000 (10:11 +0000)
diff --git a/app/controllers/issues_controller.rb b/app/controllers/issues_controller.rb

index 7f19fdf871b173acedc416d121036eeda501f77c..569d0c4615064c80f228933b626a4ea5731239f6 100644 (file)
--- a/app/controllers/issues_controller.rb
+++ b/app/controllers/issues_controller.rb
@@ -43,6 +43,10 @@ class IssuesController < ApplicationController
    helper :timelog
    include Redmine::Export::PDF
  
+  verify :method => :post,
+         :only => :destroy,
+         :render => { :nothing => true, :status => :method_not_allowed }
+           
    def index
      retrieve_query
      sort_init 'id', 'desc'
diff --git a/app/views/projects/settings/_versions.rhtml b/app/views/projects/settings/_versions.rhtml

index 79d92d81e364d5313771c795042da2e065b10ac4..1f66dec43e2747b81cb6f0cc8d8cc09420222d4a 100644 (file)
--- a/app/views/projects/settings/_versions.rhtml
+++ b/app/views/projects/settings/_versions.rhtml
@@ -14,7 +14,7 @@
      <td><%= link_to h(version.name), :controller => 'versions', :action => 'show', :id => version %></td>
      <td align="center"><%= format_date(version.effective_date) %></td>
      <td><%=h version.description %></td>
-    <td><%= link_to(version.wiki_page_title, :controller => 'wiki', :page => Wiki.titleize(version.wiki_page_title)) unless version.wiki_page_title.blank? || @project.wiki.nil? %></td>
+    <td><%= link_to(h(version.wiki_page_title), :controller => 'wiki', :page => Wiki.titleize(version.wiki_page_title)) unless version.wiki_page_title.blank? || @project.wiki.nil? %></td>
      <td align="center"><%= link_to_if_authorized l(:button_edit), { :controller => 'versions', :action => 'edit', :id => version }, :class => 'icon icon-edit' %></td>
      <td align="center"><%= link_to_if_authorized l(:button_delete), {:controller => 'versions', :action => 'destroy', :id => version}, :confirm => l(:text_are_you_sure), :method => :post, :class => 'icon icon-del' %></td>
      </tr>
diff --git a/app/views/roles/edit.rhtml b/app/views/roles/edit.rhtml

index e53a0f545fb3f35a1e83380b71fa15b79013bf6f..b357cc9858f9112602771ae042debb0ad04baab5 100644 (file)
--- a/app/views/roles/edit.rhtml
+++ b/app/views/roles/edit.rhtml
@@ -1,4 +1,4 @@
-<h2><%=l(:label_role)%>: <%= @role.name %></h2> 
+<h2><%=l(:label_role)%>: <%=h @role.name %></h2> 
  
  <% labelled_tabular_form_for :role, @role, :url => { :action => 'edit' }, :html => {:id => 'role_form'} do |f| %>
  <%= render :partial => 'form', :locals => { :f => f } %>
author	Jean-Philippe Lang <jp_lang@yahoo.fr>
	Wed, 4 Nov 2009 10:11:47 +0000 (10:11 +0000)
committer	Jean-Philippe Lang <jp_lang@yahoo.fr>
	Wed, 4 Nov 2009 10:11:47 +0000 (10:11 +0000)
app/controllers/issues_controller.rb		patch \| blob \| history
app/views/projects/settings/_versions.rhtml		patch \| blob \| history
app/views/roles/edit.rhtml		patch \| blob \| history