summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJean-Philippe Lang <jp_lang@yahoo.fr>2012-05-15 19:33:42 +0000
committerJean-Philippe Lang <jp_lang@yahoo.fr>2012-05-15 19:33:42 +0000
commit1996af104d959dfaad40c366a8a9df36c2df1d66 (patch)
tree8b2de1925d1ab1b4a6753fca7f1ccbaae15ec537
parente68043e13c42ad56bda7c6a54a6c386d1ce8243d (diff)
downloadredmine-1996af104d959dfaad40c366a8a9df36c2df1d66.tar.gz
redmine-1996af104d959dfaad40c366a8a9df36c2df1d66.zip
Fixed that watchers delete links are escaped on the issue view (#10932).
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@9700 e93f8b46-1217-0410-a6f0-8f06a7374b81
-rw-r--r--app/helpers/watchers_helper.rb12
-rw-r--r--test/functional/issues_controller_test.rb30
2 files changed, 38 insertions, 4 deletions
diff --git a/app/helpers/watchers_helper.rb b/app/helpers/watchers_helper.rb
index 075708586..e13075533 100644
--- a/app/helpers/watchers_helper.rb
+++ b/app/helpers/watchers_helper.rb
@@ -45,23 +45,27 @@ module WatchersHelper
# Returns a comma separated list of users watching the given object
def watchers_list(object)
remove_allowed = User.current.allowed_to?("delete_#{object.class.name.underscore}_watchers".to_sym, object.project)
+ content = ''.html_safe
lis = object.watcher_users.collect do |user|
- s = avatar(user, :size => "16").to_s + link_to_user(user, :class => 'user').to_s
+ s = ''.html_safe
+ s << avatar(user, :size => "16").to_s
+ s << link_to_user(user, :class => 'user')
if remove_allowed
url = {:controller => 'watchers',
:action => 'destroy',
:object_type => object.class.to_s.underscore,
:object_id => object.id,
:user_id => user}
- s += ' ' + link_to_remote(image_tag('delete.png'),
+ s << ' '
+ s << link_to_remote(image_tag('delete.png'),
{:url => url},
:href => url_for(url),
:style => "vertical-align: middle",
:class => "delete")
end
- content_tag :li, s.html_safe
+ content << content_tag('li', s)
end
- (lis.empty? ? "" : "<ul>#{ lis.join("\n") }</ul>").html_safe
+ content.present? ? content_tag('ul', content) : content
end
def watchers_checkboxes(object, users, checked=nil)
diff --git a/test/functional/issues_controller_test.rb b/test/functional/issues_controller_test.rb
index d719137f1..9e7836f0e 100644
--- a/test/functional/issues_controller_test.rb
+++ b/test/functional/issues_controller_test.rb
@@ -1126,6 +1126,36 @@ class IssuesControllerTest < ActionController::TestCase
assert_tag 'a', :attributes => {:href => "/projects/ecookbook/repository/revisions/3"}
end
+ def test_show_should_display_watchers
+ @request.session[:user_id] = 2
+ Issue.find(1).add_watcher User.find(2)
+
+ get :show, :id => 1
+ assert_select 'div#watchers ul' do
+ assert_select 'li' do
+ assert_select 'a[href=/users/2]'
+ assert_select 'a img[alt=Delete]'
+ end
+ end
+ end
+
+ def test_show_should_display_watchers_with_gravatars
+ @request.session[:user_id] = 2
+ Issue.find(1).add_watcher User.find(2)
+
+ with_settings :gravatar_enabled => '1' do
+ get :show, :id => 1
+ end
+
+ assert_select 'div#watchers ul' do
+ assert_select 'li' do
+ assert_select 'img.gravatar'
+ assert_select 'a[href=/users/2]'
+ assert_select 'a img[alt=Delete]'
+ end
+ end
+ end
+
def test_show_with_multi_custom_field
field = CustomField.find(1)
field.update_attribute :multiple, true