diff options
| author | Toshi MARUYAMA <marutosijp2@yahoo.co.jp> | 2011-08-02 12:49:18 +0000 |
|---|---|---|
| committer | Toshi MARUYAMA <marutosijp2@yahoo.co.jp> | 2011-08-02 12:49:18 +0000 |
| commit | ef6a98642f5fd100a3604d09059b2710f4a696b6 (patch) | |
| tree | c22731fc9ca878a4dc12c0d97bf90b6ce9c184be | |
| parent | 44eabad2d75203fd782d81b01468237074482010 (diff) | |
| download | redmine-ef6a98642f5fd100a3604d09059b2710f4a696b6.tar.gz redmine-ef6a98642f5fd100a3604d09059b2710f4a696b6.zip | |
HTML escape at app/helpers/app/helpers/issues_helper.rb.
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@6352 e93f8b46-1217-0410-a6f0-8f06a7374b81
| -rw-r--r-- | app/helpers/issues_helper.rb | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/app/helpers/issues_helper.rb b/app/helpers/issues_helper.rb index 23d5d38c2..c1fb9d7e8 100644 --- a/app/helpers/issues_helper.rb +++ b/app/helpers/issues_helper.rb @@ -48,11 +48,11 @@ module IssuesHelper link_to_issue(issue) + "<br /><br />" + "<strong>#{@cached_label_project}</strong>: #{link_to_project(issue.project)}<br />" + - "<strong>#{@cached_label_status}</strong>: #{issue.status.name}<br />" + + "<strong>#{@cached_label_status}</strong>: #{h(issue.status.name)}<br />" + "<strong>#{@cached_label_start_date}</strong>: #{format_date(issue.start_date)}<br />" + "<strong>#{@cached_label_due_date}</strong>: #{format_date(issue.due_date)}<br />" + - "<strong>#{@cached_label_assigned_to}</strong>: #{issue.assigned_to}<br />" + - "<strong>#{@cached_label_priority}</strong>: #{issue.priority.name}" + "<strong>#{@cached_label_assigned_to}</strong>: #{h(issue.assigned_to)}<br />" + + "<strong>#{@cached_label_priority}</strong>: #{h(issue.priority.name)}" end def issue_heading(issue) @@ -145,7 +145,7 @@ module IssuesHelper # links to #index on issues/show url_params = controller_name == 'issues' ? {:controller => 'issues', :action => 'index', :project_id => @project} : params - content_tag('h3', title) + + content_tag('h3', h(title)) + queries.collect {|query| link_to(h(query.name), url_params.merge(:query_id => query)) }.join('<br />') |