From 5afd12b8638a2e9f1c2565dd7093b3883c2b3788 Mon Sep 17 00:00:00 2001 From: Stas Vilchik Date: Wed, 9 Mar 2016 15:54:38 +0100 Subject: [PATCH] SONAR-7424 Fix SSF-40 & SSF-41 --- .../components/MeasureDetailsHeader.js | 2 +- .../app/controllers/project_controller.rb | 16 ++++++++-------- .../WEB-INF/app/views/overview/index.html.erb | 6 +++--- 3 files changed, 12 insertions(+), 12 deletions(-) diff --git a/server/sonar-web/src/main/js/apps/component-measures/components/MeasureDetailsHeader.js b/server/sonar-web/src/main/js/apps/component-measures/components/MeasureDetailsHeader.js index a0af07f2e61..12a2a24a595 100644 --- a/server/sonar-web/src/main/js/apps/component-measures/components/MeasureDetailsHeader.js +++ b/server/sonar-web/src/main/js/apps/component-measures/components/MeasureDetailsHeader.js @@ -55,7 +55,7 @@ export default function MeasureDetailsHeader ( - +
{measure.value != null && (
diff --git a/server/sonar-web/src/main/webapp/WEB-INF/app/controllers/project_controller.rb b/server/sonar-web/src/main/webapp/WEB-INF/app/controllers/project_controller.rb index 08d49de7b9c..169e153b56a 100644 --- a/server/sonar-web/src/main/webapp/WEB-INF/app/controllers/project_controller.rb +++ b/server/sonar-web/src/main/webapp/WEB-INF/app/controllers/project_controller.rb @@ -294,7 +294,7 @@ class ProjectController < ApplicationController unless params[:version_name].blank? if Event.already_exists(snapshot.id, params[:version_name], EventCategory::KEY_VERSION) - flash[:error] = message('project_history.version_already_exists', :params => params[:version_name]) + flash[:error] = message('project_history.version_already_exists', :params => h(params[:version_name])) else snapshots = find_project_snapshots(snapshot.id) # We update all the related snapshots to have a version attribute in sync with the new name @@ -307,7 +307,7 @@ class ProjectController < ApplicationController # This is an update: we update all the related events Event.update_all({:name => params[:version_name]}, ["category = ? AND snapshot_id IN (?)", EventCategory::KEY_VERSION, snapshots.map { |s| s.id }]) - flash[:notice] = message('project_history.version_updated', :params => params[:version_name]) + flash[:notice] = message('project_history.version_updated', :params => h(params[:version_name])) else # We create an event for every concerned snapshot snapshots.each do |snapshot| @@ -315,7 +315,7 @@ class ProjectController < ApplicationController :component_uuid => snapshot.project.uuid, :category => EventCategory::KEY_VERSION, :event_date => snapshot.created_at) end - flash[:notice] = message('project_history.version_created', :params => params[:version_name]) + flash[:notice] = message('project_history.version_created', :params => h(params[:version_name])) end end end @@ -347,7 +347,7 @@ class ProjectController < ApplicationController end end - flash[:notice] = message('project_history.version_removed', :params => old_version_name) + flash[:notice] = message('project_history.version_removed', :params => h(old_version_name)) redirect_to :action => 'history', :id => parent_snapshot.root_project_id end @@ -357,7 +357,7 @@ class ProjectController < ApplicationController access_denied unless is_admin?(snapshot) if Event.already_exists(snapshot.id, params[:event_name], EventCategory::KEY_OTHER) - flash[:error] = message('project_history.event_already_exists', :params => params[:event_name]) + flash[:error] = message('project_history.event_already_exists', :params => h(params[:event_name])) else snapshots = find_project_snapshots(snapshot.id) snapshots.each do |s| @@ -368,7 +368,7 @@ class ProjectController < ApplicationController :event_date => s.created_at}) e.save! end - flash[:notice] = message('project_history.event_created', :params => params[:event_name]) + flash[:notice] = message('project_history.event_created', :params => h(params[:event_name])) end redirect_to :action => 'history', :id => snapshot.project_id @@ -380,7 +380,7 @@ class ProjectController < ApplicationController access_denied unless is_admin?(event.resource) if Event.already_exists(event.snapshot_id, params[:event_name], EventCategory::KEY_OTHER) - flash[:error] = message('project_history.event_already_exists', :params => event.name) + flash[:error] = message('project_history.event_already_exists', :params => h(event.name)) else events = find_events(event) events.each do |e| @@ -407,7 +407,7 @@ class ProjectController < ApplicationController end end - flash[:notice] = message('project_history.event_deleted', :params => name) + flash[:notice] = message('project_history.event_deleted', :params => h(name)) redirect_to :action => 'history', :id => resource_id end diff --git a/server/sonar-web/src/main/webapp/WEB-INF/app/views/overview/index.html.erb b/server/sonar-web/src/main/webapp/WEB-INF/app/views/overview/index.html.erb index b3823ee05e0..3990afdce08 100644 --- a/server/sonar-web/src/main/webapp/WEB-INF/app/views/overview/index.html.erb +++ b/server/sonar-web/src/main/webapp/WEB-INF/app/views/overview/index.html.erb @@ -57,9 +57,9 @@ %> { index: '<%= index -%>', - mode: '<%= @snapshot.period_mode(index) -%>', - modeParam: '<%= @snapshot.period_param(index) -%>', - date: '<%= @snapshot.period_datetime(index) ? @snapshot.period_datetime(index).strftime('%FT%T%z') : "" -%>' + mode: '<%= escape_javascript @snapshot.period_mode(index) -%>', + modeParam: '<%= escape_javascript @snapshot.period_param(index) -%>', + date: '<%= escape_javascript @snapshot.period_datetime(index) ? @snapshot.period_datetime(index).strftime('%FT%T%z') : "" -%>' }, <% end %> <% end %> -- 2.39.5