diff options
| author | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2008-07-02 17:27:16 +0000 |
|---|---|---|
| committer | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2008-07-02 17:27:16 +0000 |
| commit | 9703f576d96c113f9c73a87f85ad7da3241525b2 (patch) | |
| tree | 76da99c256b3b788106acc55afc18a366e57f7bd | |
| parent | be57c20cd8392e8454f2e68d3ab2ce9d044c12e9 (diff) | |
| download | redmine-9703f576d96c113f9c73a87f85ad7da3241525b2.tar.gz redmine-9703f576d96c113f9c73a87f85ad7da3241525b2.zip | |
Escapes HTML tags.
git-svn-id: http://redmine.rubyforge.org/svn/trunk@1612 e93f8b46-1217-0410-a6f0-8f06a7374b81
| -rw-r--r-- | app/views/account/show.rhtml | 6 | ||||
| -rw-r--r-- | app/views/projects/show.rhtml | 2 | ||||
| -rw-r--r-- | app/views/users/list.rhtml | 8 | ||||
| -rw-r--r-- | app/views/welcome/index.rhtml | 2 |
4 files changed, 9 insertions, 9 deletions
diff --git a/app/views/account/show.rhtml b/app/views/account/show.rhtml index 97212b377..2d0731b42 100644 --- a/app/views/account/show.rhtml +++ b/app/views/account/show.rhtml @@ -1,7 +1,7 @@ <h2><%=h @user.name %></h2> <p> -<%= mail_to @user.mail unless @user.pref.hide_mail %> +<%= mail_to(h(@user.mail)) unless @user.pref.hide_mail %> <ul> <li><%=l(:label_registered_on)%>: <%= format_date(@user.created_on) %></li> <% for custom_value in @custom_values %> @@ -16,8 +16,8 @@ <h3><%=l(:label_project_plural)%></h3> <ul> <% for membership in @memberships %> - <li><%= link_to membership.project.name, :controller => 'projects', :action => 'show', :id => membership.project %> - (<%= membership.role.name %>, <%= format_date(membership.created_on) %>)</li> + <li><%= link_to(h(membership.project.name), :controller => 'projects', :action => 'show', :id => membership.project) %> + (<%=h membership.role.name %>, <%= format_date(membership.created_on) %>)</li> <% end %> </ul> <% end %> diff --git a/app/views/projects/show.rhtml b/app/views/projects/show.rhtml index 6c82c80b4..d058ecf0f 100644 --- a/app/views/projects/show.rhtml +++ b/app/views/projects/show.rhtml @@ -3,7 +3,7 @@ <div class="splitcontentleft"> <%= textilizable @project.description %> <ul> - <% unless @project.homepage.blank? %><li><%=l(:field_homepage)%>: <%= auto_link @project.homepage %></li><% end %> + <% unless @project.homepage.blank? %><li><%=l(:field_homepage)%>: <%= auto_link(h(@project.homepage)) %></li><% end %> <% if @subprojects.any? %> <li><%=l(:label_subproject_plural)%>: <%= @subprojects.collect{|p| link_to(h(p.name), :action => 'show', :id => p)}.join(", ") %></li> <% end %> diff --git a/app/views/users/list.rhtml b/app/views/users/list.rhtml index d89672d19..a6b0e5429 100644 --- a/app/views/users/list.rhtml +++ b/app/views/users/list.rhtml @@ -26,10 +26,10 @@ <tbody> <% for user in @users -%> <tr class="user <%= cycle("odd", "even") %> <%= %w(anon active registered locked)[user.status] %>"> - <td class="username"><%= link_to user.login, :action => 'edit', :id => user %></td> - <td class="firstname"><%= user.firstname %></td> - <td class="lastname"><%= user.lastname %></td> - <td class="email"><%= user.mail %></td> + <td class="username"><%= link_to h(user.login), :action => 'edit', :id => user %></td> + <td class="firstname"><%= h(user.firstname) %></td> + <td class="lastname"><%= h(user.lastname) %></td> + <td class="email"><%= h(user.mail) %></td> <td align="center"><%= image_tag('true.png') if user.admin? %></td> <td class="created_on" align="center"><%= format_time(user.created_on) %></td> <td class="last_login_on" align="center"><%= format_time(user.last_login_on) unless user.last_login_on.nil? %></td> diff --git a/app/views/welcome/index.rhtml b/app/views/welcome/index.rhtml index 8c25897bd..855248c5e 100644 --- a/app/views/welcome/index.rhtml +++ b/app/views/welcome/index.rhtml @@ -18,7 +18,7 @@ <ul> <% for project in @projects %> <li> - <%= link_to project.name, :controller => 'projects', :action => 'show', :id => project %> (<%= format_time(project.created_on) %>) + <%= link_to h(project.name), :controller => 'projects', :action => 'show', :id => project %> (<%= format_time(project.created_on) %>) <%= textilizable project.short_description, :project => project %> </li> <% end %> |