From: Toshi MARUYAMA <marutosijp2@yahoo.co.jp>
Date: Tue, 2 Aug 2011 12:57:38 +0000 (+0000)
Subject: HTML escape at app/views/attachments/file.rhtml.
X-Git-Tag: 1.3.0~1581
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=7d2098bc22c7a9ecd12fe517d90f7c7f9c4a21cc;p=redmine.git

HTML escape at app/views/attachments/file.rhtml.

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@6362 e93f8b46-1217-0410-a6f0-8f06a7374b81
---

diff --git a/app/views/attachments/file.rhtml b/app/views/attachments/file.rhtml
index c7e7a7573..fde551f8b 100644
--- a/app/views/attachments/file.rhtml
+++ b/app/views/attachments/file.rhtml
@@ -2,7 +2,7 @@
 
 <div class="attachments">
 <p><%= h("#{@attachment.description} - ") unless @attachment.description.blank? %>
-   <span class="author"><%= @attachment.author %>, <%= format_time(@attachment.created_on) %></span></p>
+   <span class="author"><%= link_to_user(@attachment.author) %>, <%= format_time(@attachment.created_on) %></span></p>
 <p><%= link_to_attachment @attachment, :text => l(:button_download), :download => true -%>
    <span class="size">(<%= number_to_human_size @attachment.filesize %>)</span></p>
 
@@ -10,7 +10,7 @@
 &nbsp;
 <%= render :partial => 'common/file', :locals => {:content => @content, :filename => @attachment.filename} %>
 
-<% html_title @attachment.filename %>
+<% html_title h(@attachment.filename) %>
 
 <% content_for :header_tags do -%>
     <%= stylesheet_link_tag "scm" -%>