diff options
author | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2012-05-15 19:33:42 +0000 |
---|---|---|
committer | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2012-05-15 19:33:42 +0000 |
commit | 1996af104d959dfaad40c366a8a9df36c2df1d66 (patch) | |
tree | 8b2de1925d1ab1b4a6753fca7f1ccbaae15ec537 | |
parent | e68043e13c42ad56bda7c6a54a6c386d1ce8243d (diff) | |
download | redmine-1996af104d959dfaad40c366a8a9df36c2df1d66.tar.gz redmine-1996af104d959dfaad40c366a8a9df36c2df1d66.zip |
Fixed that watchers delete links are escaped on the issue view (#10932).
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@9700 e93f8b46-1217-0410-a6f0-8f06a7374b81
-rw-r--r-- | app/helpers/watchers_helper.rb | 12 | ||||
-rw-r--r-- | test/functional/issues_controller_test.rb | 30 |
2 files changed, 38 insertions, 4 deletions
diff --git a/app/helpers/watchers_helper.rb b/app/helpers/watchers_helper.rb index 075708586..e13075533 100644 --- a/app/helpers/watchers_helper.rb +++ b/app/helpers/watchers_helper.rb @@ -45,23 +45,27 @@ module WatchersHelper # Returns a comma separated list of users watching the given object def watchers_list(object) remove_allowed = User.current.allowed_to?("delete_#{object.class.name.underscore}_watchers".to_sym, object.project) + content = ''.html_safe lis = object.watcher_users.collect do |user| - s = avatar(user, :size => "16").to_s + link_to_user(user, :class => 'user').to_s + s = ''.html_safe + s << avatar(user, :size => "16").to_s + s << link_to_user(user, :class => 'user') if remove_allowed url = {:controller => 'watchers', :action => 'destroy', :object_type => object.class.to_s.underscore, :object_id => object.id, :user_id => user} - s += ' ' + link_to_remote(image_tag('delete.png'), + s << ' ' + s << link_to_remote(image_tag('delete.png'), {:url => url}, :href => url_for(url), :style => "vertical-align: middle", :class => "delete") end - content_tag :li, s.html_safe + content << content_tag('li', s) end - (lis.empty? ? "" : "<ul>#{ lis.join("\n") }</ul>").html_safe + content.present? ? content_tag('ul', content) : content end def watchers_checkboxes(object, users, checked=nil) diff --git a/test/functional/issues_controller_test.rb b/test/functional/issues_controller_test.rb index d719137f1..9e7836f0e 100644 --- a/test/functional/issues_controller_test.rb +++ b/test/functional/issues_controller_test.rb @@ -1126,6 +1126,36 @@ class IssuesControllerTest < ActionController::TestCase assert_tag 'a', :attributes => {:href => "/projects/ecookbook/repository/revisions/3"} end + def test_show_should_display_watchers + @request.session[:user_id] = 2 + Issue.find(1).add_watcher User.find(2) + + get :show, :id => 1 + assert_select 'div#watchers ul' do + assert_select 'li' do + assert_select 'a[href=/users/2]' + assert_select 'a img[alt=Delete]' + end + end + end + + def test_show_should_display_watchers_with_gravatars + @request.session[:user_id] = 2 + Issue.find(1).add_watcher User.find(2) + + with_settings :gravatar_enabled => '1' do + get :show, :id => 1 + end + + assert_select 'div#watchers ul' do + assert_select 'li' do + assert_select 'img.gravatar' + assert_select 'a[href=/users/2]' + assert_select 'a img[alt=Delete]' + end + end + end + def test_show_with_multi_custom_field field = CustomField.find(1) field.update_attribute :multiple, true |