diff options
| author | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2012-09-30 08:33:25 +0000 |
|---|---|---|
| committer | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2012-09-30 08:33:25 +0000 |
| commit | 2df7c0ff3a60f2c7265ac9aa39b410318aca1a87 (patch) | |
| tree | e2c041d8b039419bccb9e71f3b85573410d145a1 | |
| parent | f5d5077d2bc13e16b64e425fb9ec272d56bdcafb (diff) | |
| download | redmine-2df7c0ff3a60f2c7265ac9aa39b410318aca1a87.tar.gz redmine-2df7c0ff3a60f2c7265ac9aa39b410318aca1a87.zip | |
Merged r10465 from trunk.
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/branches/2.1-stable@10534 e93f8b46-1217-0410-a6f0-8f06a7374b81
| -rw-r--r-- | app/helpers/application_helper.rb | 5 | ||||
| -rw-r--r-- | app/views/queries/_filters.html.erb | 10 | ||||
| -rw-r--r-- | public/javascripts/application.js | 12 | ||||
| -rw-r--r-- | test/functional/queries_controller_test.rb | 8 |
4 files changed, 24 insertions, 11 deletions
diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb index dc65edabd..bcccfd29b 100644 --- a/app/helpers/application_helper.rb +++ b/app/helpers/application_helper.rb @@ -1029,6 +1029,11 @@ module ApplicationHelper content_tag(:a, name, {:href => '#', :onclick => "#{function}; return false;"}.merge(html_options)) end + # Helper to render JSON in views + def raw_json(arg) + arg.to_json.to_s.gsub('/', '\/').html_safe + end + def back_url url = params[:back_url] if url.nil? && referer = request.env['HTTP_REFERER'] diff --git a/app/views/queries/_filters.html.erb b/app/views/queries/_filters.html.erb index 80b06c10a..f9e371b7e 100644 --- a/app/views/queries/_filters.html.erb +++ b/app/views/queries/_filters.html.erb @@ -1,12 +1,12 @@ <%= javascript_tag do %> -var operatorLabels = <%= raw Query.operators_labels.to_json %>; -var operatorByType = <%= raw Query.operators_by_filter_type.to_json %>; -var availableFilters = <%= raw query.available_filters_as_json.to_json %>; -var labelDayPlural = "<%= raw escape_javascript(l(:label_day_plural)) %>"; +var operatorLabels = <%= raw_json Query.operators_labels %>; +var operatorByType = <%= raw_json Query.operators_by_filter_type %>; +var availableFilters = <%= raw_json query.available_filters_as_json %>; +var labelDayPlural = <%= raw_json l(:label_day_plural) %>; $(document).ready(function(){ initFilters(); <% query.filters.each do |field, options| %> - addFilter("<%= field %>", <%= raw query.operator_for(field).to_json %>, <%= raw query.values_for(field).to_json %>); + addFilter("<%= field %>", <%= raw_json query.operator_for(field) %>, <%= raw_json query.values_for(field) %>); <% end %> }); <% end %> diff --git a/public/javascripts/application.js b/public/javascripts/application.js index 78dc1e3ab..edbd81cd4 100644 --- a/public/javascripts/application.js +++ b/public/javascripts/application.js @@ -163,9 +163,9 @@ function buildFilterRow(field, operator, values) { case "date": case "date_past": tr.find('td.values').append( - '<span style="display:none;"><input type="text" name="v['+field+'][]" id="values_'+fieldId+'_1" size="10" class="value date_value" value="'+values[0]+'" /></span>' + - ' <span style="display:none;"><input type="text" name="v['+field+'][]" id="values_'+fieldId+'_2" size="10" class="value date_value" value="'+values[1]+'" /></span>' + - ' <span style="display:none;"><input type="text" name="v['+field+'][]" id="values_'+fieldId+'" size="3" class="value" value="'+values[0]+'" /> '+labelDayPlural+'</span>' + '<span style="display:none;"><input type="text" name="v['+field+'][]" id="values_'+fieldId+'_1" size="10" class="value date_value" /></span>' + + ' <span style="display:none;"><input type="text" name="v['+field+'][]" id="values_'+fieldId+'_2" size="10" class="value date_value" /></span>' + + ' <span style="display:none;"><input type="text" name="v['+field+'][]" id="values_'+fieldId+'" size="3" class="value" /> '+labelDayPlural+'</span>' ); $('#values_'+fieldId+'_1').val(values[0]).datepicker(datepickerOptions); $('#values_'+fieldId+'_2').val(values[1]).datepicker(datepickerOptions); @@ -174,15 +174,15 @@ function buildFilterRow(field, operator, values) { case "string": case "text": tr.find('td.values').append( - '<span style="display:none;"><input type="text" name="v['+field+'][]" id="values_'+fieldId+'" size="30" class="value" value="'+values[0]+'" /></span>' + '<span style="display:none;"><input type="text" name="v['+field+'][]" id="values_'+fieldId+'" size="30" class="value" /></span>' ); $('#values_'+fieldId).val(values[0]); break; case "integer": case "float": tr.find('td.values').append( - '<span style="display:none;"><input type="text" name="v['+field+'][]" id="values_'+fieldId+'_1" size="6" class="value" value="'+values[0]+'" /></span>' + - ' <span style="display:none;"><input type="text" name="v['+field+'][]" id="values_'+fieldId+'_2" size="6" class="value" value="'+values[1]+'" /></span>' + '<span style="display:none;"><input type="text" name="v['+field+'][]" id="values_'+fieldId+'_1" size="6" class="value" /></span>' + + ' <span style="display:none;"><input type="text" name="v['+field+'][]" id="values_'+fieldId+'_2" size="6" class="value" /></span>' ); $('#values_'+fieldId+'_1').val(values[0]); $('#values_'+fieldId+'_2').val(values[1]); diff --git a/test/functional/queries_controller_test.rb b/test/functional/queries_controller_test.rb index 5ffc31f8a..aae7e93bc 100644 --- a/test/functional/queries_controller_test.rb +++ b/test/functional/queries_controller_test.rb @@ -273,4 +273,12 @@ class QueriesControllerTest < ActionController::TestCase assert_redirected_to :controller => 'issues', :action => 'index', :project_id => 'ecookbook', :set_filter => 1, :query_id => nil assert_nil Query.find_by_id(1) end + + def test_backslash_should_be_escaped_in_filters + @request.session[:user_id] = 2 + get :new, :subject => 'foo/bar' + assert_response :success + assert_template 'new' + assert_include 'addFilter("subject", "=", ["foo\/bar"]);', response.body + end end |