From 5cd6aa0a09d8f3c4b65612227d0f3c150e1a87e0 Mon Sep 17 00:00:00 2001 From: Toshi MARUYAMA Date: Tue, 2 Aug 2011 12:51:49 +0000 Subject: [PATCH] HTML escape at app/helpers/repositories_helper.rb. git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@6355 e93f8b46-1217-0410-a6f0-8f06a7374b81 --- app/helpers/repositories_helper.rb | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/app/helpers/repositories_helper.rb b/app/helpers/repositories_helper.rb index fbfb0feea..7b2d65c14 100644 --- a/app/helpers/repositories_helper.rb +++ b/app/helpers/repositories_helper.rb @@ -87,7 +87,7 @@ module RepositoriesHelper if s = tree[file][:s] style << ' folder' path_param = to_path_param(@repository.relative_path(file)) - text = link_to(text, :controller => 'repositories', + text = link_to(h(text), :controller => 'repositories', :action => 'show', :id => @project, :path => path_param, @@ -97,18 +97,18 @@ module RepositoriesHelper elsif c = tree[file][:c] style << " change-#{c.action}" path_param = to_path_param(@repository.relative_path(c.path)) - text = link_to(text, :controller => 'repositories', + text = link_to(h(text), :controller => 'repositories', :action => 'entry', :id => @project, :path => path_param, :rev => @changeset.identifier) unless c.action == 'D' - text << " - #{c.revision}" unless c.revision.blank? + text << " - #{h(c.revision)}" unless c.revision.blank? text << ' (' + link_to('diff', :controller => 'repositories', :action => 'diff', :id => @project, :path => path_param, :rev => @changeset.identifier) + ') ' if c.action == 'M' - text << ' ' + content_tag('span', c.from_path, :class => 'copied-from') unless c.from_path.blank? + text << ' ' + content_tag('span', h(c.from_path), :class => 'copied-from') unless c.from_path.blank? output << "
  • #{text}
  • " end end -- 2.39.5