From: Toshi MARUYAMA Date: Tue, 2 Aug 2011 12:55:06 +0000 (+0000) Subject: HTML escape at app/helpers/search_helper.rb. X-Git-Tag: 1.3.0~1584 X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=07baff465f4ce95598cf1ec5bf3ff1356a0cb685;p=redmine.git HTML escape at app/helpers/search_helper.rb. git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@6359 e93f8b46-1217-0410-a6f0-8f06a7374b81 --- diff --git a/app/helpers/search_helper.rb b/app/helpers/search_helper.rb index da3610e95..0384e79d2 100644 --- a/app/helpers/search_helper.rb +++ b/app/helpers/search_helper.rb @@ -5,12 +5,12 @@ # modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; either version 2 # of the License, or (at your option) any later version. -# +# # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. -# +# # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. @@ -37,11 +37,11 @@ module SearchHelper end result end - + def type_label(t) l("label_#{t.singularize}_plural", :default => t.to_s.humanize) end - + def project_select_tag options = [[l(:label_project_all), 'all']] options << [l(:label_my_projects), 'my_projects'] unless User.current.memberships.empty? @@ -49,7 +49,7 @@ module SearchHelper options << [@project.name, ''] unless @project.nil? select_tag('scope', options_for_select(options, params[:scope].to_s)) if options.size > 1 end - + def render_results_by_type(results_by_type) links = [] # Sorts types by results count @@ -57,7 +57,8 @@ module SearchHelper c = results_by_type[t] next if c == 0 text = "#{type_label(t)} (#{c})" - links << link_to(text, :q => params[:q], :titles_only => params[:titles_only], :all_words => params[:all_words], :scope => params[:scope], t => 1) + links << link_to(h(text), :q => params[:q], :titles_only => params[:titles_only], + :all_words => params[:all_words], :scope => params[:scope], t => 1) end ('') unless links.empty? end