From: Julien Lancelot <julien.lancelot@gmail.com>
Date: Mon, 12 Aug 2013 11:25:44 +0000 (+0200)
Subject: SONAR-4269 Remove display of resource name to prevent XSS issue
X-Git-Tag: 3.7.1-RC1-~127
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=0ec76fc3d51c4e229d9bd4070df086b4e7eafa04;p=sonarqube.git

SONAR-4269 Remove display of resource name to prevent XSS issue
---

diff --git a/sonar-server/src/main/webapp/WEB-INF/app/controllers/api/sources_controller.rb b/sonar-server/src/main/webapp/WEB-INF/app/controllers/api/sources_controller.rb
index 186cfc54c20..4b20259238b 100644
--- a/sonar-server/src/main/webapp/WEB-INF/app/controllers/api/sources_controller.rb
+++ b/sonar-server/src/main/webapp/WEB-INF/app/controllers/api/sources_controller.rb
@@ -27,7 +27,7 @@ class Api::SourcesController < Api::RestController
     if resource_id
       @resource=Project.by_key(resource_id)
       if @resource.nil?
-        rest_status_ko("Resource [#{resource_id}] not found", 404)
+        rest_status_ko('Resource not found', 404)
         return
       end
     end
@@ -35,7 +35,7 @@ class Api::SourcesController < Api::RestController
 
     source = @resource.last_snapshot.source
     if !source
-      rest_status_ko("Resource [#{@resource.id}] has no sources", 404)
+      rest_status_ko('Resource has no sources', 404)
     else
       #optimization
       #source.snapshot.project=@resource