From: Jean-Philippe Lang <jp_lang@yahoo.fr>
Date: Fri, 27 Mar 2009 18:27:06 +0000 (+0000)
Subject: Escape member name.
X-Git-Tag: 0.9.0~546
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=3557e767e0b0c1e9fd7f97414a92f3d9dc00d98e;p=redmine.git

Escape member name.

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@2636 e93f8b46-1217-0410-a6f0-8f06a7374b81
---

diff --git a/app/views/projects/settings/_members.rhtml b/app/views/projects/settings/_members.rhtml
index 79ddeded5..f70cef5a8 100644
--- a/app/views/projects/settings/_members.rhtml
+++ b/app/views/projects/settings/_members.rhtml
@@ -17,7 +17,7 @@
 	<% members.each do |member| %>
 	<% next if member.new_record? %>
 	<tr id="member-<%= member.id %>" class="<%= cycle 'odd', 'even' %>">
-	<td><%= member.name %></td>
+	<td><%=h member.name %></td>
     <td align="center">
     <% if authorize_for('members', 'edit') %>
       <% remote_form_for(:member, member, :url => {:controller => 'members', :action => 'edit', :id => member}, :method => :post) do |f| %>