From ef6a98642f5fd100a3604d09059b2710f4a696b6 Mon Sep 17 00:00:00 2001 From: Toshi MARUYAMA Date: Tue, 2 Aug 2011 12:49:18 +0000 Subject: [PATCH] HTML escape at app/helpers/app/helpers/issues_helper.rb. git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@6352 e93f8b46-1217-0410-a6f0-8f06a7374b81 --- app/helpers/issues_helper.rb | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/app/helpers/issues_helper.rb b/app/helpers/issues_helper.rb index 23d5d38c2..c1fb9d7e8 100644 --- a/app/helpers/issues_helper.rb +++ b/app/helpers/issues_helper.rb @@ -48,11 +48,11 @@ module IssuesHelper link_to_issue(issue) + "

" + "#{@cached_label_project}: #{link_to_project(issue.project)}
" + - "#{@cached_label_status}: #{issue.status.name}
" + + "#{@cached_label_status}: #{h(issue.status.name)}
" + "#{@cached_label_start_date}: #{format_date(issue.start_date)}
" + "#{@cached_label_due_date}: #{format_date(issue.due_date)}
" + - "#{@cached_label_assigned_to}: #{issue.assigned_to}
" + - "#{@cached_label_priority}: #{issue.priority.name}" + "#{@cached_label_assigned_to}: #{h(issue.assigned_to)}
" + + "#{@cached_label_priority}: #{h(issue.priority.name)}" end def issue_heading(issue) @@ -145,7 +145,7 @@ module IssuesHelper # links to #index on issues/show url_params = controller_name == 'issues' ? {:controller => 'issues', :action => 'index', :project_id => @project} : params - content_tag('h3', title) + + content_tag('h3', h(title)) + queries.collect {|query| link_to(h(query.name), url_params.merge(:query_id => query)) }.join('
') -- 2.39.5