summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGo MAEDA <maeda@farend.jp>2023-09-21 00:38:55 +0000
committerGo MAEDA <maeda@farend.jp>2023-09-21 00:38:55 +0000
commit5cd49ac2f423c8504e574df42c705ab4141f0a6e (patch)
treeaeae7360ceceb9506821effc3919eff5741f7e4d
parent19edb7df96a8384bca22ba2f223c0324be5a67e5 (diff)
downloadredmine-5cd49ac2f423c8504e574df42c705ab4141f0a6e.tar.gz
redmine-5cd49ac2f423c8504e574df42c705ab4141f0a6e.zip
Merged r22314 from trunk to 5.0-stable (#38728).
git-svn-id: https://svn.redmine.org/redmine/branches/5.0-stable@22315 e93f8b46-1217-0410-a6f0-8f06a7374b81
-rw-r--r--lib/redmine/helpers/gantt.rb14
-rw-r--r--test/unit/lib/redmine/helpers/gantt_test.rb5
2 files changed, 15 insertions, 4 deletions
diff --git a/lib/redmine/helpers/gantt.rb b/lib/redmine/helpers/gantt.rb
index ade37a33e..e70482d04 100644
--- a/lib/redmine/helpers/gantt.rb
+++ b/lib/redmine/helpers/gantt.rb
@@ -420,7 +420,7 @@ module Redmine
gc.stroke('transparent')
gc.strokewidth(1)
gc.draw('text %d,%d %s' % [
- left.round + 8, 14, Redmine::Utils::Shell.shell_quote("#{month_f.year}-#{month_f.month}")
+ left.round + 8, 14, magick_text("#{month_f.year}-#{month_f.month}")
])
left = left + width
month_f = month_f >> 1
@@ -456,7 +456,7 @@ module Redmine
gc.stroke('transparent')
gc.strokewidth(1)
gc.draw('text %d,%d %s' % [
- left.round + 2, header_height + 14, Redmine::Utils::Shell.shell_quote(week_f.cweek.to_s)
+ left.round + 2, header_height + 14, magick_text(week_f.cweek.to_s)
])
left = left + width
week_f = week_f + 7
@@ -822,7 +822,7 @@ module Redmine
params[:image].stroke('transparent')
params[:image].strokewidth(1)
params[:image].draw('text %d,%d %s' % [
- params[:indent], params[:top] + 2, Redmine::Utils::Shell.shell_quote(subject)
+ params[:indent], params[:top] + 2, magick_text(subject)
])
end
@@ -1072,10 +1072,16 @@ module Redmine
params[:image].draw('text %d,%d %s' % [
params[:subject_width] + (coords[:bar_end] || 0) + 5,
params[:top] + 1,
- Redmine::Utils::Shell.shell_quote(label)
+ magick_text(label)
])
end
end
+
+ # Escape the passed string as a text argument in a draw rule for
+ # mini_magick. Note that the returned string is not shell-safe on its own.
+ def magick_text(str)
+ "'#{str.to_s.gsub(/['\\]/, '\\\\\0')}'"
+ end
end
end
end
diff --git a/test/unit/lib/redmine/helpers/gantt_test.rb b/test/unit/lib/redmine/helpers/gantt_test.rb
index a3cfead37..f0eff476a 100644
--- a/test/unit/lib/redmine/helpers/gantt_test.rb
+++ b/test/unit/lib/redmine/helpers/gantt_test.rb
@@ -574,4 +574,9 @@ class Redmine::Helpers::GanttHelperTest < Redmine::HelperTest
assert_equal versions.sort, Redmine::Helpers::Gantt.sort_versions!(versions.dup)
end
+
+ def test_magick_text
+ create_gantt
+ assert_equal "'foo\\'bar\\\\baz'", @gantt.send(:magick_text, "foo'bar\\baz")
+ end
end