diff options
| author | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2017-10-15 11:06:20 +0000 |
|---|---|---|
| committer | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2017-10-15 11:06:20 +0000 |
| commit | 1a0976417975a128b0a932ba1552c37e9414953b (patch) | |
| tree | 2c5ad55024ee91c2cf77eb32c9cb74cad164f5c7 | |
| parent | 8d4330171e8d58da3b355ecd6b2acd4b5df9542a (diff) | |
| download | redmine-1a0976417975a128b0a932ba1552c37e9414953b.tar.gz redmine-1a0976417975a128b0a932ba1552c37e9414953b.zip | |
Don't use raw output in timelog (#27186).
git-svn-id: http://svn.redmine.org/redmine/trunk@16983 e93f8b46-1217-0410-a6f0-8f06a7374b81
| -rw-r--r-- | app/views/timelog/_list.html.erb | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/app/views/timelog/_list.html.erb b/app/views/timelog/_list.html.erb index 21115dfde..6f126b0f7 100644 --- a/app/views/timelog/_list.html.erb +++ b/app/views/timelog/_list.html.erb @@ -33,7 +33,9 @@ <% end %> <tr id="time-entry-<%= entry.id %>" class="time-entry <%= cycle("odd", "even") %> hascontextmenu"> <td class="checkbox hide-when-print"><%= check_box_tag("ids[]", entry.id, false, :id => nil) %></td> - <%= raw @query.inline_columns.map {|column| "<td class=\"#{column.css_classes}\">#{column_content(column, entry)}</td>"}.join %> + <% @query.inline_columns.each do |column| %> + <%= content_tag('td', column_content(column, entry), :class => column.css_classes) %> + <% end %> <td class="buttons"> <% if entry.editable_by?(User.current) -%> <%= link_to l(:button_edit), edit_time_entry_path(entry), |