diff options
| author | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2015-02-17 17:47:36 +0000 |
|---|---|---|
| committer | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2015-02-17 17:47:36 +0000 |
| commit | 2a7795ab525a47aee4484708acde409e6c4e6737 (patch) | |
| tree | 2e33c454b586f8946c5b60a1598769399fc930a7 | |
| parent | 177dd7bff13c3f41a0e4a4455ff628dbbf9e44ca (diff) | |
| download | redmine-2a7795ab525a47aee4484708acde409e6c4e6737.tar.gz redmine-2a7795ab525a47aee4484708acde409e6c4e6737.zip | |
Escape flash messages (#19117).
git-svn-id: http://svn.redmine.org/redmine/trunk@14016 e93f8b46-1217-0410-a6f0-8f06a7374b81
| -rw-r--r-- | app/controllers/account_controller.rb | 2 | ||||
| -rw-r--r-- | app/controllers/admin_controller.rb | 6 |
2 files changed, 4 insertions, 4 deletions
diff --git a/app/controllers/account_controller.rb b/app/controllers/account_controller.rb index 2ad7af610..57e08c348 100644 --- a/app/controllers/account_controller.rb +++ b/app/controllers/account_controller.rb @@ -293,7 +293,7 @@ class AccountController < ApplicationController token = Token.new(:user => user, :action => "register") if user.save and token.save Mailer.register(token).deliver - flash[:notice] = l(:notice_account_register_done, :email => user.mail) + flash[:notice] = l(:notice_account_register_done, :email => ERB::Util.h(user.mail)) redirect_to signin_path else yield if block_given? diff --git a/app/controllers/admin_controller.rb b/app/controllers/admin_controller.rb index f3d0222e0..d7a40f9e7 100644 --- a/app/controllers/admin_controller.rb +++ b/app/controllers/admin_controller.rb @@ -51,7 +51,7 @@ class AdminController < ApplicationController Redmine::DefaultData::Loader::load(params[:lang]) flash[:notice] = l(:notice_default_data_loaded) rescue Exception => e - flash[:error] = l(:error_can_t_load_default_data, e.message) + flash[:error] = l(:error_can_t_load_default_data, ERB::Util.h(e.message)) end end redirect_to admin_path @@ -63,9 +63,9 @@ class AdminController < ApplicationController ActionMailer::Base.raise_delivery_errors = true begin @test = Mailer.test_email(User.current).deliver - flash[:notice] = l(:notice_email_sent, User.current.mail) + flash[:notice] = l(:notice_email_sent, ERB::Util.h(User.current.mail)) rescue Exception => e - flash[:error] = l(:notice_email_error, Redmine::CodesetUtil.replace_invalid_utf8(e.message.dup)) + flash[:error] = l(:notice_email_error, ERB::Util.h(Redmine::CodesetUtil.replace_invalid_utf8(e.message.dup))) end ActionMailer::Base.raise_delivery_errors = raise_delivery_errors redirect_to settings_path(:tab => 'notifications') |