diff options
| author | Go MAEDA <maeda@farend.jp> | 2023-09-21 00:43:10 +0000 |
|---|---|---|
| committer | Go MAEDA <maeda@farend.jp> | 2023-09-21 00:43:10 +0000 |
| commit | 51f6c75e7d29008743a4b916a3548aa3391636da (patch) | |
| tree | 519bf3fd4b3287847dba91490e53744341b1f14e | |
| parent | 50e9c2e10b7124d37dc995eeb55ee62d887ab696 (diff) | |
| download | redmine-51f6c75e7d29008743a4b916a3548aa3391636da.tar.gz redmine-51f6c75e7d29008743a4b916a3548aa3391636da.zip | |
Merged r22314 from trunk to 4.2-stable (#38728).
git-svn-id: https://svn.redmine.org/redmine/branches/4.2-stable@22316 e93f8b46-1217-0410-a6f0-8f06a7374b81
| -rw-r--r-- | lib/redmine/helpers/gantt.rb | 14 | ||||
| -rw-r--r-- | test/unit/lib/redmine/helpers/gantt_test.rb | 5 |
2 files changed, 15 insertions, 4 deletions
diff --git a/lib/redmine/helpers/gantt.rb b/lib/redmine/helpers/gantt.rb index bbcd50124..0c9efe3c0 100644 --- a/lib/redmine/helpers/gantt.rb +++ b/lib/redmine/helpers/gantt.rb @@ -421,7 +421,7 @@ module Redmine gc.stroke('transparent') gc.strokewidth(1) gc.draw('text %d,%d %s' % [ - left.round + 8, 14, Redmine::Utils::Shell.shell_quote("#{month_f.year}-#{month_f.month}") + left.round + 8, 14, magick_text("#{month_f.year}-#{month_f.month}") ]) left = left + width month_f = month_f >> 1 @@ -457,7 +457,7 @@ module Redmine gc.stroke('transparent') gc.strokewidth(1) gc.draw('text %d,%d %s' % [ - left.round + 2, header_height + 14, Redmine::Utils::Shell.shell_quote(week_f.cweek.to_s) + left.round + 2, header_height + 14, magick_text(week_f.cweek.to_s) ]) left = left + width week_f = week_f + 7 @@ -823,7 +823,7 @@ module Redmine params[:image].stroke('transparent') params[:image].strokewidth(1) params[:image].draw('text %d,%d %s' % [ - params[:indent], params[:top] + 2, Redmine::Utils::Shell.shell_quote(subject) + params[:indent], params[:top] + 2, magick_text(subject) ]) end @@ -1073,10 +1073,16 @@ module Redmine params[:image].draw('text %d,%d %s' % [ params[:subject_width] + (coords[:bar_end] || 0) + 5, params[:top] + 1, - Redmine::Utils::Shell.shell_quote(label) + magick_text(label) ]) end end + + # Escape the passed string as a text argument in a draw rule for + # mini_magick. Note that the returned string is not shell-safe on its own. + def magick_text(str) + "'#{str.to_s.gsub(/['\\]/, '\\\\\0')}'" + end end end end diff --git a/test/unit/lib/redmine/helpers/gantt_test.rb b/test/unit/lib/redmine/helpers/gantt_test.rb index 61b72d859..d3e7cd8c9 100644 --- a/test/unit/lib/redmine/helpers/gantt_test.rb +++ b/test/unit/lib/redmine/helpers/gantt_test.rb @@ -574,4 +574,9 @@ class Redmine::Helpers::GanttHelperTest < Redmine::HelperTest assert_equal versions.sort, Redmine::Helpers::Gantt.sort_versions!(versions.dup) end + + def test_magick_text + create_gantt + assert_equal "'foo\\'bar\\\\baz'", @gantt.send(:magick_text, "foo'bar\\baz") + end end |