diff options
| author | Toshi MARUYAMA <marutosijp2@yahoo.co.jp> | 2011-09-16 01:52:30 +0000 |
|---|---|---|
| committer | Toshi MARUYAMA <marutosijp2@yahoo.co.jp> | 2011-09-16 01:52:30 +0000 |
| commit | 950d600f22600932ff43cab00fe4167271745950 (patch) | |
| tree | be65fde4100ceb532ec9b70fdd19e5a8c6445d48 /app/helpers | |
| parent | 4313b5ffc612f770aa283c55e87660d6bb90b41c (diff) | |
| download | redmine-950d600f22600932ff43cab00fe4167271745950.tar.gz redmine-950d600f22600932ff43cab00fe4167271745950.zip | |
HTML escape at parse_redmine_links() of app/helpers/application_helper.rb (#9252)
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@7249 e93f8b46-1217-0410-a6f0-8f06a7374b81
Diffstat (limited to 'app/helpers')
| -rw-r--r-- | app/helpers/application_helper.rb | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb index cd8c439fc..d58461a5f 100644 --- a/app/helpers/application_helper.rb +++ b/app/helpers/application_helper.rb @@ -633,7 +633,7 @@ module ApplicationHelper if prefix.nil? && sep == 'r' # project.changesets.visible raises an SQL error because of a double join on repositories if project && project.repository && (changeset = Changeset.visible.find_by_repository_id_and_revision(project.repository.id, identifier)) - link = link_to("#{project_prefix}r#{identifier}", {:only_path => only_path, :controller => 'repositories', :action => 'revision', :id => project, :rev => changeset.revision}, + link = link_to(h("#{project_prefix}r#{identifier}"), {:only_path => only_path, :controller => 'repositories', :action => 'revision', :id => project, :rev => changeset.revision}, :class => 'changeset', :title => truncate_single_line(changeset.comments, :length => 100)) end @@ -683,7 +683,7 @@ module ApplicationHelper if project && project.repository && (changeset = Changeset.visible.find(:first, :conditions => ["repository_id = ? AND scmid LIKE ?", project.repository.id, "#{name}%"])) link = link_to h("#{project_prefix}#{name}"), {:only_path => only_path, :controller => 'repositories', :action => 'revision', :id => project, :rev => changeset.identifier}, :class => 'changeset', - :title => truncate_single_line(changeset.comments, :length => 100) + :title => truncate_single_line(h(changeset.comments), :length => 100) end when 'source', 'export' if project && project.repository && User.current.allowed_to?(:browse_repository, project) |