HTML escape at app/helpers/repositories_helper.rb.

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@6355 e93f8b46-1217-0410-a6f0-8f06a7374b81
author: Toshi MARUYAMA <marutosijp2@yahoo.co.jp> 2011-08-02 12:51:49 +0000
committer: Toshi MARUYAMA <marutosijp2@yahoo.co.jp> 2011-08-02 12:51:49 +0000
commit: 5cd6aa0a09d8f3c4b65612227d0f3c150e1a87e0 (patch)
tree: 315ccb56e8d74efefc353f9254a8a97e276e325a /app/helpers
parent: 17d788b7a29284312f964356960511f464b85769 (diff)
download: redmine-5cd6aa0a09d8f3c4b65612227d0f3c150e1a87e0.tar.gz
redmine-5cd6aa0a09d8f3c4b65612227d0f3c150e1a87e0.zip
1 files changed, 4 insertions, 4 deletions
diff --git a/app/helpers/repositories_helper.rb b/app/helpers/repositories_helper.rb
index fbfb0feea..7b2d65c14 100644
--- a/app/helpers/repositories_helper.rb
+++ b/app/helpers/repositories_helper.rb
@@ -87,7 +87,7 @@ module RepositoriesHelper
       if s = tree[file][:s]
         style << ' folder'
         path_param = to_path_param(@repository.relative_path(file))
-        text = link_to(text, :controller => 'repositories',
+        text = link_to(h(text), :controller => 'repositories',
                              :action => 'show',
                              :id => @project,
                              :path => path_param,
@@ -97,18 +97,18 @@ module RepositoriesHelper
       elsif c = tree[file][:c]
         style << " change-#{c.action}"
         path_param = to_path_param(@repository.relative_path(c.path))
-        text = link_to(text, :controller => 'repositories',
+        text = link_to(h(text), :controller => 'repositories',
                              :action => 'entry',
                              :id => @project,
                              :path => path_param,
                              :rev => @changeset.identifier) unless c.action == 'D'
-        text << " - #{c.revision}" unless c.revision.blank?
+        text << " - #{h(c.revision)}" unless c.revision.blank?
         text << ' (' + link_to('diff', :controller => 'repositories',
                                        :action => 'diff',
                                        :id => @project,
                                        :path => path_param,
                                        :rev => @changeset.identifier) + ') ' if c.action == 'M'
-        text << ' ' + content_tag('span', c.from_path, :class => 'copied-from') unless c.from_path.blank?
+        text << ' ' + content_tag('span', h(c.from_path), :class => 'copied-from') unless c.from_path.blank?
         output << "<li class='#{style}'>#{text}</li>"
       end
     end
author	Toshi MARUYAMA <marutosijp2@yahoo.co.jp>	2011-08-02 12:51:49 +0000
committer	Toshi MARUYAMA <marutosijp2@yahoo.co.jp>	2011-08-02 12:51:49 +0000
commit	5cd6aa0a09d8f3c4b65612227d0f3c150e1a87e0 (patch)
tree	315ccb56e8d74efefc353f9254a8a97e276e325a /app/helpers
parent	17d788b7a29284312f964356960511f464b85769 (diff)
download	redmine-5cd6aa0a09d8f3c4b65612227d0f3c150e1a87e0.tar.gz redmine-5cd6aa0a09d8f3c4b65612227d0f3c150e1a87e0.zip