From 18250aff4820ee09415870f0b9b95debe445de39 Mon Sep 17 00:00:00 2001 From: Julien Lancelot Date: Fri, 30 Aug 2013 11:43:21 +0200 Subject: [PATCH] SSF-5 Fix security flaw --- .../WEB-INF/app/views/dashboards/_my_dashboards.html.erb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/sonar-server/src/main/webapp/WEB-INF/app/views/dashboards/_my_dashboards.html.erb b/sonar-server/src/main/webapp/WEB-INF/app/views/dashboards/_my_dashboards.html.erb index cbfad4250d7..076b4ff4964 100644 --- a/sonar-server/src/main/webapp/WEB-INF/app/views/dashboards/_my_dashboards.html.erb +++ b/sonar-server/src/main/webapp/WEB-INF/app/views/dashboards/_my_dashboards.html.erb @@ -17,7 +17,7 @@ <% @actives.map(&:dashboard).each_with_index do |dashboard, index| %> - <%= link_to h(dashboard.name(true)), {:controller => :dashboard, :action => :index, :did => dashboard.id, :id => (params[:resource] unless dashboard.global?)}, + <%= link_to h(dashboard.name(true)), {:controller => :dashboard, :action => :index, :did => dashboard.id, :id => (h(params[:resource]) unless dashboard.global?)}, :id => "view-#{u dashboard.name}" %>
<%= h dashboard.description -%>
@@ -29,12 +29,12 @@ <% if index > 0 %> - <%= link_to image_tag('blue-up.png'), {:action => :up, :id => dashboard.id, :resource => params[:resource]}, :method => :post, :id => "up-#{u dashboard.name}" %> + <%= link_to image_tag('blue-up.png'), {:action => :up, :id => dashboard.id, :resource => h(params[:resource])}, :method => :post, :id => "up-#{u dashboard.name}" %> <% else %> <%= image_tag('transparent_16.gif') %> <% end %> <% if index < @actives.size-1 %> - <%= link_to image_tag('blue-down.png'), {:action => :down, :id => dashboard.id, :resource => params[:resource]}, :method => :post, :id => "down-#{u dashboard.name}" %> + <%= link_to image_tag('blue-down.png'), {:action => :down, :id => dashboard.id, :resource => h(params[:resource])}, :method => :post, :id => "down-#{u dashboard.name}" %> <% else %> <%= image_tag('transparent_16.gif') %> <% end %> -- 2.39.5