# Return custom field label tag
def custom_field_label_tag(name, custom_value)
- content_tag "label", custom_value.custom_field.name +
+ content_tag "label", h(custom_value.custom_field.name) +
(custom_value.custom_field.is_required? ? " <span class=\"required\">*</span>" : ""),
:for => "#{name}_custom_field_values_#{custom_value.custom_field.id}",
:class => (custom_value.errors.empty? ? nil : "error" )
def column_header(column)
column.sortable ? sort_header_tag(column.name.to_s, :caption => column.caption,
:default_order => column.default_order) :
- content_tag('th', column.caption)
+ content_tag('th', h(column.caption))
end
def column_content(column, issue)
# Add project_id to url_options
url_options = url_options.merge(:project_id => params[:project_id]) if params.has_key?(:project_id)
- link_to_content_update(caption, url_options, :class => css)
+ link_to_content_update(h(caption), url_options, :class => css)
end
# Returns a table header <th> tag with a sort link for the named column
<a href="#" class="submenu" onclick="return false;"><%= l(:field_status) %></a>
<ul>
<% @statuses.each do |s| -%>
- <li><%= context_menu_link s.name, {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), :issue => {:status_id => s}, :back_url => @back}, :method => :post,
+ <li><%= context_menu_link h(s.name), {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), :issue => {:status_id => s}, :back_url => @back}, :method => :post,
:selected => (@issue && s == @issue.status), :disabled => !(@can[:update] && @allowed_statuses.include?(s)) %></li>
<% end -%>
</ul>
<a href="#" class="submenu"><%= l(:field_tracker) %></a>
<ul>
<% @trackers.each do |t| -%>
- <li><%= context_menu_link t.name, {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), :issue => {'tracker_id' => t}, :back_url => @back}, :method => :post,
+ <li><%= context_menu_link h(t.name), {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), :issue => {'tracker_id' => t}, :back_url => @back}, :method => :post,
:selected => (@issue && t == @issue.tracker), :disabled => !@can[:edit] %></li>
<% end -%>
</ul>
<a href="#" class="submenu"><%= l(:field_priority) %></a>
<ul>
<% @priorities.each do |p| -%>
- <li><%= context_menu_link p.name, {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), :issue => {'priority_id' => p}, :back_url => @back}, :method => :post,
+ <li><%= context_menu_link h(p.name), {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), :issue => {'priority_id' => p}, :back_url => @back}, :method => :post,
:selected => (@issue && p == @issue.priority), :disabled => (!@can[:edit] || @issues.detect {|i| !i.leaf?}) %></li>
<% end -%>
</ul>
<a href="#" class="submenu"><%= l(:field_assigned_to) %></a>
<ul>
<% @assignables.each do |u| -%>
- <li><%= context_menu_link u.name, {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), :issue => {'assigned_to_id' => u}, :back_url => @back}, :method => :post,
+ <li><%= context_menu_link h(u.name), {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), :issue => {'assigned_to_id' => u}, :back_url => @back}, :method => :post,
:selected => (@issue && u == @issue.assigned_to), :disabled => !@can[:update] %></li>
<% end -%>
<li><%= context_menu_link l(:label_nobody), {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), :issue => {'assigned_to_id' => 'none'}, :back_url => @back}, :method => :post,
<a href="#" class="submenu"><%= l(:field_category) %></a>
<ul>
<% @project.issue_categories.each do |u| -%>
- <li><%= context_menu_link u.name, {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), :issue => {'category_id' => u}, :back_url => @back}, :method => :post,
+ <li><%= context_menu_link h(u.name), {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), :issue => {'category_id' => u}, :back_url => @back}, :method => :post,
:selected => (@issue && u == @issue.category), :disabled => !@can[:update] %></li>
<% end -%>
<li><%= context_menu_link l(:label_none), {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), :issue => {'category_id' => 'none'}, :back_url => @back}, :method => :post,
<fieldset><legend><%=l(:label_tracker_plural)%></legend>
<% for tracker in @trackers %>
- <%= check_box_tag "custom_field[tracker_ids][]", tracker.id, (@custom_field.trackers.include? tracker) %> <%= tracker.name %>
+ <%= check_box_tag "custom_field[tracker_ids][]", tracker.id, (@custom_field.trackers.include? tracker) %> <%=h tracker.name %>
<% end %>
<%= hidden_field_tag "custom_field[tracker_ids][]", '' %>
</fieldset>
<tbody>
<% (@custom_fields_by_type[tab[:name]] || []).sort.each do |custom_field| -%>
<tr class="<%= cycle("odd", "even") %>">
- <td><%= link_to custom_field.name, :action => 'edit', :id => custom_field %></td>
+ <td><%= link_to h(custom_field.name), :action => 'edit', :id => custom_field %></td>
<td align="center"><%= l(Redmine::CustomFieldFormat.label_for(custom_field.field_format)) %></td>
<td align="center"><%= checked_image custom_field.is_required? %></td>
<% if tab[:name] == 'IssueCustomField' %>
<tbody>
<% for status in @issue_statuses %>
<tr class="<%= cycle("odd", "even") %>">
- <td><%= link_to status.name, :action => 'edit', :id => status %></td>
+ <td><%= link_to h(status.name), :action => 'edit', :id => status %></td>
<% if Issue.use_status_for_done_ratio? %>
<td align="center"><%= h status.default_done_ratio %></td>
<% end %>
<%= h(relation.other_issue(@issue).project) + ' - ' if Setting.cross_project_issue_relations? %>
<%= link_to_issue(relation.other_issue(@issue), :truncate => 60) %>
</td>
-<td class="status"><%= relation.other_issue(@issue).status.name %></td>
+<td class="status"><%=h relation.other_issue(@issue).status.name %></td>
<td class="start_date"><%= format_date(relation.other_issue(@issue).start_date) %></td>
<td class="due_date"><%= format_date(relation.other_issue(@issue).due_date) %></td>
<td class="buttons"><%= link_to_remote(image_tag('link_break.png'), { :url => {:controller => 'issue_relations', :action => 'destroy', :id => relation},
<% @trackers.each do |tracker| %>
<label class="floating">
<%= check_box_tag 'project[tracker_ids][]', tracker.id, @project.trackers.include?(tracker) %>
- <%= tracker %>
+ <%=h tracker %>
</label>
<% end %>
<%= hidden_field_tag 'project[tracker_ids][]', '' %>
<% @issue_custom_fields.each do |custom_field| %>
<label class="floating">
<%= check_box_tag 'project[issue_custom_field_ids][]', custom_field.id, (@project.all_issue_custom_fields.include? custom_field), (custom_field.is_for_all? ? {:disabled => "disabled"} : {}) %>
- <%= custom_field.name %>
+ <%=h custom_field.name %>
</label>
<% end %>
<%= hidden_field_tag 'project[issue_custom_field_ids][]', '' %>
<thead><tr>
<th style="width:25%"></th>
<% for status in @statuses %>
-<th style="width:<%= col_width %>%"><%= status.name %></th>
+<th style="width:<%= col_width %>%"><%=h status.name %></th>
<% end %>
<th align="center" style="width:<%= col_width %>%"><strong><%=l(:label_open_issues_plural)%></strong></th>
<th align="center" style="width:<%= col_width %>%"><strong><%=l(:label_closed_issues_plural)%></strong></th>
<tbody>
<% for row in rows %>
<tr class="<%= cycle("odd", "even") %>">
- <td><%= link_to row.name, :controller => 'issues', :action => 'index', :project_id => ((row.is_a?(Project) ? row : @project)),
+ <td><%= link_to h(row.name), :controller => 'issues', :action => 'index', :project_id => ((row.is_a?(Project) ? row : @project)),
:set_filter => 1,
:subproject_id => '!*',
"#{field_name}" => row.id %></td>
<tbody>
<% for row in rows %>
<tr class="<%= cycle("odd", "even") %>">
- <td><%= link_to row.name, :controller => 'issues', :action => 'index', :project_id => ((row.is_a?(Project) ? row : @project)),
+ <td><%= link_to h(row.name), :controller => 'issues', :action => 'index', :project_id => ((row.is_a?(Project) ? row : @project)),
:set_filter => 1,
:subproject_id => '!*',
"#{field_name}" => row.id %></td>
<tbody>
<% for role in @roles %>
<tr class="<%= cycle("odd", "even") %>">
- <td><%= content_tag(role.builtin? ? 'em' : 'span', link_to(role.name, :action => 'edit', :id => role)) %></td>
+ <td><%= content_tag(role.builtin? ? 'em' : 'span', link_to(h(role.name), :action => 'edit', :id => role)) %></td>
<td align="center" style="width:15%;">
<% unless role.builtin? %>
<%= reorder_links('role', {:action => 'edit', :id => role}) %>
<tbody>
<% for tracker in @trackers %>
<tr class="<%= cycle("odd", "even") %>">
- <td><%= link_to tracker.name, :action => 'edit', :id => tracker %></td>
+ <td><%= link_to h(tracker.name), :action => 'edit', :id => tracker %></td>
<td align="center"><% unless tracker.workflows.count > 0 %><span class="icon icon-warning"><%= l(:text_tracker_no_workflow) %> (<%= link_to l(:button_edit), {:controller => 'workflows', :action => 'edit', :tracker_id => tracker} %>)</span><% end %></td>
<td align="center" style="width:15%;"><%= reorder_links('tracker', {:action => 'edit', :id => tracker}) %></td>
<td class="buttons">
projects / redmine.git / commitdiff