Browse Source
Fix mentioning users with certain characters renders incorrectly (#37755).
Patch Mizuki ISHIKAWA. git-svn-id: https://svn.redmine.org/redmine/trunk@21986 e93f8b46-1217-0410-a6f0-8f06a7374b81tags/5.1.0
Marius Balteanu
1 year ago
2 changed files with 11 additions and 1 deletions
+ 1
- 1
app/helpers/application_helper.rb
View File
| @@ -60,7 +60,7 @@ module ApplicationHelper | |||
| case principal | |||
| when User | |||
| name = h(principal.name(options[:format])) | |||
| name = "@" + name if options[:mention] | |||
| name = "@".html_safe + name if options[:mention] | |||
| css_classes = '' | |||
| if principal.active? || (User.current.admin? && principal.logged?) | |||
| url = user_url(principal, :only_path => only_path) | |||
+ 10
- 0
test/helpers/application_helper_test.rb
View File
| @@ -1841,6 +1841,16 @@ class ApplicationHelperTest < Redmine::HelperTest | |||
| assert_equal result, link_to_principal(unknown_principal, :class => 'bar') | |||
| end | |||
| def test_link_to_principal_should_escape_principal_name | |||
| user = User.generate!(firstname: "firstname<>'", lastname: 'lastname&"') | |||
| group = Group.generate!(lastname: "group<>'&") | |||
| assert_include "firstname<>' lastname&"", link_to_principal(user) | |||
| assert_include "@firstname<>' lastname&"", link_to_principal(user, { mention: true }) | |||
| assert_include "group<>'&", link_to_principal(group) | |||
| assert_include "<>'&", link_to_principal("<>'&") | |||
| end | |||
| def test_link_to_group_should_return_only_group_name_for_non_admin_users | |||
| User.current = nil | |||
| group = Group.find(10) | |||
Loading…